Merge branch 'main' into IslandRhythms/task-visualizer

Author: vkarpov15

.github/workflows/lint.yml

@@ -0,0 +1,18 @@
+name: Lint
+on:
+  pull_request:
+  push:
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setting up the node version
+        uses: actions/setup-node@v3
+        with:
+          node-version: 20.19.0
+      - name: setup project
+        run: npm i
+      - name: run lint
+        run: |
+          npm run lint

.gitignore

@@ -114,3 +114,4 @@ zevo.js
 tv.js
 stratos.js
 osogolf.js
+astra.js

backend/actions/ChatMessage/executeScript.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 const mongoose = require('mongoose');
 const vm = require('vm');
 
@@ -12,13 +13,18 @@ const ExecuteScriptParams = new Archetype({
     $type: mongoose.Types.ObjectId
   },
   script: {
-    $type: String
+    $type: 'string'
+  },
+  roles: {
+    $type: ['string']
   }
 }).compile('ExecuteScriptParams');
 
-module.exports = ({ db }) => async function executeScript(params) {
-  const { userId, chatMessageId, script } = new ExecuteScriptParams(params);
-  const ChatMessage = db.model('__Studio_ChatMessage');
+module.exports = ({ db, studioConnection }) => async function executeScript(params) {
+  const { userId, chatMessageId, script, roles } = new ExecuteScriptParams(params);
+  const ChatMessage = studioConnection.model('__Studio_ChatMessage');
+
+  await authorize('ChatMessage.executeScript', roles);
 
   const chatMessage = await ChatMessage.findById(chatMessageId);
   if (!chatMessage) {

backend/actions/ChatThread/createChatMessage.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 const getModelDescriptions = require('../../helpers/getModelDescriptions');
 const mongoose = require('mongoose');
 
@@ -17,6 +18,9 @@ const CreateChatMessageParams = new Archetype({
   authorization: {
     $type: 'string',
     $required: true
+  },
+  roles: {
+    $type: ['string']
   }
 }).compile('CreateChatMessageParams');
 
@@ -55,10 +59,12 @@ return { numUsers: users.length };
 Here is a description of the user's models. Assume these are the only models available in the system unless explicitly instructed otherwise by the user.
 `.trim();
 
-module.exports = ({ db }) => async function createChatMessage(params) {
-  const { chatThreadId, userId, content, script, authorization } = new CreateChatMessageParams(params);
-  const ChatThread = db.model('__Studio_ChatThread');
-  const ChatMessage = db.model('__Studio_ChatMessage');
+module.exports = ({ db, studioConnection, options }) => async function createChatMessage(params) {
+  const { chatThreadId, userId, content, script, authorization, roles } = new CreateChatMessageParams(params);
+  const ChatThread = studioConnection.model('__Studio_ChatThread');
+  const ChatMessage = studioConnection.model('__Studio_ChatMessage');
+
+  await authorize('ChatThread.createChatMessage', roles);
 
   // Check that the user owns the thread
   const chatThread = await ChatThread.findOne({ _id: chatThreadId });
@@ -91,6 +97,12 @@ module.exports = ({ db }) => async function createChatMessage(params) {
     role: 'system',
     content: systemPrompt + getModelDescriptions(db)
   });
+  if (options.context) {
+    llmMessages.unshift({
+      role: 'system',
+      content: options.context
+    });
+  }
 
   // Create the chat message and get OpenAI response in parallel
   const chatMessages = await Promise.all([
@@ -111,7 +123,7 @@ module.exports = ({ db }) => async function createChatMessage(params) {
     })
   ]);
 
-  return { chatMessages };
+  return { chatMessages, chatThread };
 };
 
 async function getChatCompletion(messages, authorization) {

backend/actions/ChatThread/createChatThread.js

@@ -1,17 +1,23 @@
 'use strict';
 
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 const mongoose = require('mongoose');
 
 const CreateChatThreadParams = new Archetype({
   userId: {
     $type: mongoose.Types.ObjectId
+  },
+  roles: {
+    $type: ['string']
   }
 }).compile('CreateChatThreadParams');
 
-module.exports = ({ db }) => async function createChatThread(params) {
-  const { userId } = new CreateChatThreadParams(params);
-  const ChatThread = db.model('__Studio_ChatThread');
+module.exports = ({ studioConnection }) => async function createChatThread(params) {
+  const { userId, roles } = new CreateChatThreadParams(params);
+  const ChatThread = studioConnection.model('__Studio_ChatThread');
+
+  await authorize('ChatThread.createChatThread', roles);
 
   const chatThread = await ChatThread.create({ userId });
 

backend/actions/ChatThread/getChatThread.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 const mongoose = require('mongoose');
 
 const GetChatThreadParams = new Archetype({
@@ -9,20 +10,25 @@ const GetChatThreadParams = new Archetype({
   },
   userId: {
     $type: mongoose.Types.ObjectId
+  },
+  roles: {
+    $type: ['string']
   }
 }).compile('GetChatThreadParams');
 
-module.exports = ({ db }) => async function getChatThread(params) {
-  const { chatThreadId, userId } = new GetChatThreadParams(params);
-  const ChatThread = db.model('__Studio_ChatThread');
-  const ChatMessage = db.model('__Studio_ChatMessage');
+module.exports = ({ db, studioConnection }) => async function getChatThread(params) {
+  const { chatThreadId, userId, roles } = new GetChatThreadParams(params);
+  const ChatThread = studioConnection.model('__Studio_ChatThread');
+  const ChatMessage = studioConnection.model('__Studio_ChatMessage');
+
+  await authorize('ChatThread.getChatThread', roles);
 
   const chatThread = await ChatThread.findById(chatThreadId);
 
   if (!chatThread) {
     throw new Error('Chat thread not found');
   }
-  if (userId && chatThread.userId.toString() !== userId.toString()) {
+  if (userId && chatThread.userId?.toString() !== userId.toString()) {
     throw new Error('Not authorized');
   }
 

backend/actions/ChatThread/listChatThreads.js

@@ -1,18 +1,24 @@
 'use strict';
 
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 const mongoose = require('mongoose');
 
 const ListChatThreadsParams = new Archetype({
   userId: {
     $type: mongoose.Types.ObjectId
+  },
+  roles: {
+    $type: ['string']
   }
 }).compile('ListChatThreadsParams');
 
-module.exports = ({ db }) => async function listChatThreads(params) {
-  // Just validate the params object, but no actual parameters needed
-  const { userId } = new ListChatThreadsParams(params);
-  const ChatThread = db.model('__Studio_ChatThread');
+module.exports = ({ db, studioConnection }) => async function listChatThreads(params) {
+  // Validate the params object
+  const { userId, roles } = new ListChatThreadsParams(params);
+  const ChatThread = studioConnection.model('__Studio_ChatThread');
+
+  await authorize('ChatThread.listChatThreads', roles);
 
   // Get all chat threads
   const chatThreads = await ChatThread.find(userId ? { userId } : {})

backend/actions/Dashboard/createDashboard.js

@@ -1,5 +1,7 @@
 'use strict';
+
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 
 const CreateDashboardParams = new Archetype({
   title: {
@@ -9,14 +11,19 @@ const CreateDashboardParams = new Archetype({
   code: {
     $type: 'string',
     $required: true
+  },
+  roles: {
+    $type: ['string']
   }
 }).compile('CreateDashboardParams');
 
 module.exports = ({ db }) => async function createDashboard(params) {
-  const { title, code } = new CreateDashboardParams(params);
+  const { title, code, roles } = new CreateDashboardParams(params);
   const Dashboard = db.model('__Studio_Dashboard');
 
+  await authorize('Dashboard.createDashboard', roles);
+
   const dashboard = await Dashboard.create({ title, code });
 
   return { dashboard };
-};
+};

backend/actions/Dashboard/deleteDashboard.js

@@ -1,19 +1,24 @@
 'use strict';
 
 const Archetype = require('archetype');
-const vm = require('vm');
+const authorize = require('../../authorize');
 
 const DeleteDashboardParams = new Archetype({
   dashboardId: {
     $type: 'string',
     $required: true
   },
+  roles: {
+    $type: ['string']
+  }
 }).compile('DeleteDashboardParams');
 
 module.exports = ({ db }) => async function deleteDashboard(params) {
-  const { dashboardId } = new DeleteDashboardParams(params);
+  const { dashboardId, roles } = new DeleteDashboardParams(params);
   const Dashboard = db.model('__Studio_Dashboard');
 
+  await authorize('Dashboard.deleteDashboard', roles);
+
   const result = await Dashboard.deleteOne({ _id: dashboardId }).orFail();
   return { result };
-};
+};

backend/actions/Dashboard/getDashboard.js

@@ -2,6 +2,7 @@
 
 const Archetype = require('archetype');
 const vm = require('vm');
+const authorize = require('../../authorize');
 
 const GetDashboardParams = new Archetype({
   dashboardId: {
@@ -10,13 +11,18 @@ const GetDashboardParams = new Archetype({
   },
   evaluate: {
     $type: 'boolean'
+  },
+  roles: {
+    $type: ['string']
   }
 }).compile('GetDashboardParams');
 
 module.exports = ({ db }) => async function getDashboard(params) {
-  const { dashboardId, evaluate } = new GetDashboardParams(params);
+  const { dashboardId, evaluate, roles } = new GetDashboardParams(params);
   const Dashboard = db.model('__Studio_Dashboard');
 
+  await authorize('Dashboard.getDashboard', roles);
+
   const dashboard = await Dashboard.findOne({ _id: dashboardId });
   if (evaluate) {
     let result = null;
@@ -25,9 +31,9 @@ module.exports = ({ db }) => async function getDashboard(params) {
     } catch (error) {
       return { dashboard, error: { message: error.message } };
     }
-    
+
     return { dashboard, result };
   }
 
   return { dashboard };
-};
+};