DEV: artifact system update (#1096)

### Why

This pull request fundamentally restructures how AI bots create and update web artifacts to address critical limitations in the previous approach:

1.  **Improved Artifact Context for LLMs**: Previously, artifact creation and update tools included the *entire* artifact source code directly in the tool arguments. This overloaded the Language Model (LLM) with raw code, making it difficult for the LLM to maintain a clear understanding of the artifact's current state when applying changes. The LLM would struggle to differentiate between the base artifact and the requested modifications, leading to confusion and less effective updates.
2.  **Reduced Token Usage and History Bloat**: Including the full artifact source code in every tool interaction was extremely token-inefficient.  As conversations progressed, this redundant code in the history consumed a significant number of tokens unnecessarily. This not only increased costs but also diluted the context for the LLM with less relevant historical information.
3.  **Enabling Updates for Large Artifacts**: The lack of a practical diff or targeted update mechanism made it nearly impossible to efficiently update larger web artifacts.  Sending the entire source code for every minor change was both computationally expensive and prone to errors, effectively blocking the use of AI bots for meaningful modifications of complex artifacts.

**This pull request addresses these core issues by**:

*   Introducing methods for the AI bot to explicitly *read* and understand the current state of an artifact.
*   Implementing efficient update strategies that send *targeted* changes rather than the entire artifact source code.
*   Providing options to control the level of artifact context included in LLM prompts, optimizing token usage.

### What

The main changes implemented in this PR to resolve the above issues are:

1.  **`Read Artifact` Tool for Contextual Awareness**:
    - A new `read_artifact` tool is introduced, enabling AI bots to fetch and process the current content of a web artifact from a given URL (local or external).
    - This provides the LLM with a clear and up-to-date representation of the artifact's HTML, CSS, and JavaScript, improving its understanding of the base to be modified.
    - By cloning local artifacts, it allows the bot to work with a fresh copy, further enhancing context and control.

2.  **Refactored `Update Artifact` Tool with Efficient Strategies**:
    - The `update_artifact` tool is redesigned to employ more efficient update strategies, minimizing token usage and improving update precision:
        - **`diff` strategy**:  Utilizes a search-and-replace diff algorithm to apply only the necessary, targeted changes to the artifact's code. This significantly reduces the amount of code sent to the LLM and focuses its attention on the specific modifications.
        - **`full` strategy**:  Provides the option to replace the entire content sections (HTML, CSS, JavaScript) when a complete rewrite is required.
    - Tool options enhance the control over the update process:
        - `editor_llm`:  Allows selection of a specific LLM for artifact updates, potentially optimizing for code editing tasks.
        - `update_algorithm`: Enables choosing between `diff` and `full` update strategies based on the nature of the required changes.
        - `do_not_echo_artifact`:  Defaults to true, and by *not* echoing the artifact in prompts, it further reduces token consumption in scenarios where the LLM might not need the full artifact context for every update step (though effectiveness might be slightly reduced in certain update scenarios).

3.  **System and General Persona Tool Option Visibility and Customization**:
    - Tool options, including those for system personas, are made visible and editable in the admin UI. This allows administrators to fine-tune the behavior of all personas and their tools, including setting specific LLMs or update algorithms. This was previously limited or hidden for system personas.

4.  **Centralized and Improved Content Security Policy (CSP) Management**:
    - The CSP for AI artifacts is consolidated and made more maintainable through the `ALLOWED_CDN_SOURCES` constant. This improves code organization and future updates to the allowed CDN list, while maintaining the existing security posture.

5.  **Codebase Improvements**:
    - Refactoring of diff utilities, introduction of strategy classes, enhanced error handling, new locales, and comprehensive testing all contribute to a more robust, efficient, and maintainable artifact management system.

By addressing the issues of LLM context confusion, token inefficiency, and the limitations of updating large artifacts, this pull request significantly improves the practicality and effectiveness of AI bots in managing web artifacts within Discourse.

Author: SamSaffron

app/controllers/discourse_ai/ai_bot/artifacts_controller.rb

@@ -12,7 +12,7 @@ def show
         artifact = AiArtifact.find(params[:id])
 
         post = Post.find_by(id: artifact.post_id)
-        if artifact.metadata&.dig("public")
+        if artifact.public?
           # no guardian needed
         else
           raise Discourse::NotFound if !post&.topic&.private_message?
@@ -81,7 +81,7 @@ def show
         response.headers.delete("X-Frame-Options")
         response.headers[
           "Content-Security-Policy"
-        ] = "script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://unpkg.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://cdn.jsdelivr.net;"
+        ] = "script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' #{AiArtifact::ALLOWED_CDN_SOURCES.join(" ")};"
         response.headers["X-Robots-Tag"] = "noindex"
 
         # Render the content

app/models/ai_artifact.rb

@@ -8,6 +8,15 @@ class AiArtifact < ActiveRecord::Base
   validates :css, length: { maximum: 65_535 }
   validates :js, length: { maximum: 65_535 }
 
+  ALLOWED_CDN_SOURCES = %w[
+    https://cdn.jsdelivr.net
+    https://cdnjs.cloudflare.com
+    https://unpkg.com
+    https://ajax.googleapis.com
+    https://d3js.org
+    https://code.jquery.com
+  ]
+
   def self.iframe_for(id, version = nil)
     <<~HTML
       <div class='ai-artifact'>
@@ -70,6 +79,10 @@ def create_new_version(html: nil, css: nil, js: nil, change_description: nil)
 
     version
   end
+
+  def public?
+    !!metadata&.dig("public")
+  end
 end
 
 # == Schema Information

app/models/ai_persona.rb

@@ -130,8 +130,6 @@ def class_instance
       tool_details
     ]
 
-    persona_class = DiscourseAi::AiBot::Personas::Persona.system_personas_by_id[self.id]
-
     instance_attributes = {}
     attributes.each do |attr|
       value = self.read_attribute(attr)
@@ -140,14 +138,6 @@ def class_instance
 
     instance_attributes[:username] = user&.username_lower
 
-    if persona_class
-      instance_attributes.each do |key, value|
-        # description/name are localized
-        persona_class.define_singleton_method(key) { value } if key != :description && key != :name
-      end
-      return persona_class
-    end
-
     options = {}
     force_tool_use = []
 
@@ -180,6 +170,16 @@ def class_instance
         klass
       end
 
+    persona_class = DiscourseAi::AiBot::Personas::Persona.system_personas_by_id[self.id]
+    if persona_class
+      instance_attributes.each do |key, value|
+        # description/name are localized
+        persona_class.define_singleton_method(key) { value } if key != :description && key != :name
+      end
+      persona_class.define_method(:options) { options }
+      return persona_class
+    end
+
     ai_persona_id = self.id
 
     Class.new(DiscourseAi::AiBot::Personas::Persona) do
@@ -264,9 +264,19 @@ def chat_preconditions
   end
 
   def system_persona_unchangeable
-    if top_p_changed? || temperature_changed? || system_prompt_changed? || tools_changed? ||
-         name_changed? || description_changed?
+    if top_p_changed? || temperature_changed? || system_prompt_changed? || name_changed? ||
+         description_changed?
       errors.add(:base, I18n.t("discourse_ai.ai_bot.personas.cannot_edit_system_persona"))
+    elsif tools_changed?
+      old_tools = tools_change[0]
+      new_tools = tools_change[1]
+
+      old_tool_names = old_tools.map { |t| t.is_a?(Array) ? t[0] : t }.to_set
+      new_tool_names = new_tools.map { |t| t.is_a?(Array) ? t[0] : t }.to_set
+
+      if old_tool_names != new_tool_names
+        errors.add(:base, I18n.t("discourse_ai.ai_bot.personas.cannot_edit_system_persona"))
+      end
     end
   end
 

app/serializers/ai_tool_serializer.rb

@@ -22,11 +22,14 @@ def help
   def options
     options = {}
     object.accepted_options.each do |option|
-      options[option.name] = {
+      processed_option = {
         name: option.localized_name,
         description: option.localized_description,
         type: option.type,
       }
+      processed_option[:values] = option.values if option.values.present?
+      processed_option[:default] = option.default if option.default.present?
+      options[option.name] = processed_option
     end
     options
   end

assets/javascripts/discourse/admin/models/ai-persona.js

@@ -41,6 +41,7 @@ const SYSTEM_ATTRIBUTES = [
   "enabled",
   "system",
   "priority",
+  "tools",
   "user_id",
   "default_llm",
   "force_default_llm",

assets/javascripts/discourse/components/ai-llm-selector.js

@@ -15,10 +15,12 @@ export default class AiLlmSelector extends ComboBox {
 
   @computed
   get content() {
+    const blankName =
+      this.attrs.blankName || i18n("discourse_ai.ai_persona.no_llm_selected");
     return [
       {
         id: "blank",
-        name: i18n("discourse_ai.ai_persona.no_llm_selected"),
+        name: blankName,
       },
     ].concat(this.llms);
   }

assets/javascripts/discourse/components/ai-persona-editor.gjs

@@ -420,13 +420,12 @@ export default class PersonaEditor extends Component {
           </div>
         {{/if}}
       {{/if}}
-      {{#unless this.editingModel.system}}
-        <AiPersonaToolOptions
-          @persona={{this.editingModel}}
-          @tools={{this.selectedToolNames}}
-          @allTools={{@personas.resultSetMeta.tools}}
-        />
-      {{/unless}}
+      <AiPersonaToolOptions
+        @persona={{this.editingModel}}
+        @tools={{this.selectedToolNames}}
+        @llms={{@personas.resultSetMeta.llms}}
+        @allTools={{@personas.resultSetMeta.tools}}
+      />
       <div class="control-group">
         <label>{{i18n "discourse_ai.ai_persona.allowed_groups"}}</label>
         <GroupChooser

assets/javascripts/discourse/components/ai-persona-tool-option-editor.gjs

@@ -2,28 +2,75 @@ import Component from "@glimmer/component";
 import { Input } from "@ember/component";
 import { on } from "@ember/modifier";
 import { action } from "@ember/object";
+import { eq } from "truth-helpers";
+import { i18n } from "discourse-i18n";
+import AiLlmSelector from "./ai-llm-selector";
 
 export default class AiPersonaToolOptionEditor extends Component {
   get isBoolean() {
     return this.args.option.type === "boolean";
   }
 
+  get isEnum() {
+    return this.args.option.type === "enum";
+  }
+
+  get isLlm() {
+    return this.args.option.type === "llm";
+  }
+
   get selectedValue() {
     return this.args.option.value.value === "true";
   }
 
+  get selectedLlm() {
+    if (this.args.option.value.value) {
+      return `custom:${this.args.option.value.value}`;
+    } else {
+      return "blank";
+    }
+  }
+
+  set selectedLlm(value) {
+    if (value === "blank") {
+      this.args.option.value.value = null;
+    } else {
+      this.args.option.value.value = value.replace("custom:", "");
+    }
+  }
+
   @action
   onCheckboxChange(event) {
     this.args.option.value.value = event.target.checked ? "true" : "false";
   }
 
+  @action
+  onSelectOption(event) {
+    this.args.option.value.value = event.target.value;
+  }
+
   <template>
     <div class="control-group ai-persona-tool-option-editor">
       <label>
         {{@option.name}}
       </label>
       <div class="">
-        {{#if this.isBoolean}}
+        {{#if this.isEnum}}
+          <select name="input" {{on "change" this.onSelectOption}}>
+            {{#each @option.values as |value|}}
+              <option value={{value}} selected={{eq value @option.value.value}}>
+                {{value}}
+              </option>
+            {{/each}}
+          </select>
+        {{else if this.isLlm}}
+          <AiLlmSelector
+            class="ai-persona-tool-option-editor__llms"
+            @value={{this.selectedLlm}}
+            @llms={{@llms}}
+            @blankName={{i18n "discourse_ai.ai_persona.use_parent_llm"}}
+          />
+        {{else if this.isBoolean}}
           <input
             type="checkbox"
             checked={{this.selectedValue}}

assets/javascripts/discourse/components/ai-persona-tool-options.gjs

@@ -67,7 +67,10 @@ export default class AiPersonaToolOptions extends Component {
               </div>
               <div class="ai-persona-editor__tool-option-options">
                 {{#each toolOption.options as |option|}}
-                  <AiPersonaToolOptionEditor @option={{option}} />
+                  <AiPersonaToolOptionEditor
+                    @option={{option}}
+                    @llms={{@llms}}
+                  />
                 {{/each}}
               </div>
             </div>

config/locales/client.en.yml

@@ -213,6 +213,7 @@ en:
         edit: "Edit"
         description: "Description"
         no_llm_selected: "No language model selected"
+        use_parent_llm: "Use personas language model"
         max_context_posts: "Max context posts"
         max_context_posts_help: "The maximum number of posts to use as context for the AI when responding to a user. (empty for default)"
         vision_enabled: Vision enabled