mirror of
https://github.com/InvoiceShelf/InvoiceShelf.git
synced 2026-07-17 14:25:21 +00:00
The AI chat assistant scoped tool queries by company but ignored the per-user Bouncer abilities the rest of the app enforces, so any `use ai` holder could read customers, invoices, payments, and company financials their role couldn't otherwise see. Each AiTool now declares a required ability (entity-aligned); the registry hides unauthorized tools from the model and refuses to execute them as a backstop. Separately, admin/owner-supplied URLs were fetched server-side with no guard against private/reserved targets (SSRF): the AI base URL, the CurrencyConverter "DEDICATED" exchange-rate URL, and S3/Spaces file-disk endpoints. A shared PrivateNetworkGuard now backs a PublicHttpUrl validation rule (save-time) and runtime guards in each driver. - AiTool::requiredAbility() + mapping across all 12 tools - AiToolRegistry filters schemas() by ability and re-checks in execute() - PrivateNetworkGuard / BlockedUrlException / PublicHttpUrl rule (new) - Rule wired into AI config (service + 3 controllers), exchange-rate, and file-disk endpoints; runtime guards in OpenRouterDriver, CurrencyConverterDriver, and FileDiskService - Tests for ability filtering, the guard, the rule, and 422 rejections
232 lines
8.1 KiB
PHP
232 lines
8.1 KiB
PHP
<?php
|
|
|
|
use App\Models\AiConversation;
|
|
use App\Models\AiMessage;
|
|
use App\Models\User;
|
|
use App\Services\AiConfigurationService;
|
|
use App\Support\Ai\AiChatResponse;
|
|
use App\Support\Ai\AiDriver;
|
|
use App\Support\Ai\AiDriverFactory;
|
|
use App\Support\Ai\AiException;
|
|
use Illuminate\Support\Facades\Artisan;
|
|
use Laravel\Sanctum\Sanctum;
|
|
use Tests\Support\ScriptedAiDriver;
|
|
|
|
use function Pest\Laravel\getJson;
|
|
use function Pest\Laravel\postJson;
|
|
|
|
beforeEach(function () {
|
|
Artisan::call('db:seed', ['--class' => 'DatabaseSeeder', '--force' => true]);
|
|
Artisan::call('db:seed', ['--class' => 'DemoSeeder', '--force' => true]);
|
|
|
|
$this->user = User::find(1);
|
|
$this->companyId = $this->user->companies()->first()->id;
|
|
|
|
$this->withHeaders(['company' => $this->companyId]);
|
|
Sanctum::actingAs($this->user, ['*']);
|
|
|
|
// Enable AI globally so resolveForCompany returns a config
|
|
app(AiConfigurationService::class)->saveGlobalConfig([
|
|
'ai_enabled' => 'YES',
|
|
'ai_driver' => 'scripted',
|
|
'ai_api_key' => 'test-key',
|
|
'ai_chat_enabled' => 'YES',
|
|
'ai_chat_model' => 'test-model',
|
|
]);
|
|
|
|
// Register the scripted driver so AiDriverFactory returns it for 'scripted'
|
|
AiDriverFactory::register('scripted', ScriptedAiDriver::class);
|
|
ScriptedAiDriver::reset();
|
|
});
|
|
|
|
afterEach(function () {
|
|
ScriptedAiDriver::reset();
|
|
});
|
|
|
|
test('chat endpoint creates a new conversation and persists user + assistant messages', function () {
|
|
ScriptedAiDriver::setResponses([
|
|
new AiChatResponse(message: 'Hello back!'),
|
|
]);
|
|
|
|
$response = postJson('/api/v1/ai/chat', [
|
|
'message' => 'Hi assistant',
|
|
])->assertOk();
|
|
|
|
$conversationId = $response->json('conversation.id');
|
|
expect($conversationId)->toBeInt();
|
|
expect($response->json('message.content'))->toBe('Hello back!');
|
|
expect($response->json('message.role'))->toBe('assistant');
|
|
|
|
// Both user and assistant messages should be persisted
|
|
$conversation = AiConversation::find($conversationId);
|
|
expect($conversation->user_id)->toBe($this->user->id);
|
|
expect($conversation->company_id)->toBe($this->companyId);
|
|
|
|
$messages = $conversation->messages()->orderBy('created_at')->get();
|
|
expect($messages->pluck('role')->all())->toBe(['user', 'assistant']);
|
|
expect($messages[0]->content)->toBe('Hi assistant');
|
|
expect($messages[1]->content)->toBe('Hello back!');
|
|
});
|
|
|
|
test('chat endpoint runs a tool-call loop and returns the final answer', function () {
|
|
// Round 1: LLM requests search_invoices
|
|
// Round 2: LLM produces final text
|
|
ScriptedAiDriver::setResponses([
|
|
new AiChatResponse(
|
|
message: null,
|
|
toolCalls: [[
|
|
'id' => 'call_1',
|
|
'name' => 'search_invoices',
|
|
'arguments' => ['limit' => 5],
|
|
]],
|
|
finishReason: 'tool_calls',
|
|
),
|
|
new AiChatResponse(message: 'Here are your invoices.'),
|
|
]);
|
|
|
|
$response = postJson('/api/v1/ai/chat', [
|
|
'message' => 'Show me recent invoices',
|
|
])->assertOk();
|
|
|
|
expect($response->json('message.content'))->toBe('Here are your invoices.');
|
|
expect(ScriptedAiDriver::$callCount)->toBe(2);
|
|
|
|
// Conversation should now contain: user, assistant(tool_calls), tool(result), assistant(final)
|
|
$conversation = AiConversation::find($response->json('conversation.id'));
|
|
$roles = $conversation->messages()->orderBy('id')->pluck('role')->all();
|
|
expect($roles)->toBe(['user', 'assistant', 'tool', 'assistant']);
|
|
});
|
|
|
|
test('chat endpoint caps runaway tool-call loops at MAX_TOOL_ITERATIONS', function () {
|
|
// All responses are tool_calls — simulating a model stuck in a loop
|
|
$loopResponse = new AiChatResponse(
|
|
message: null,
|
|
toolCalls: [[
|
|
'id' => 'call_loop',
|
|
'name' => 'search_invoices',
|
|
'arguments' => [],
|
|
]],
|
|
finishReason: 'tool_calls',
|
|
);
|
|
// Queue 10 of them — way more than the 5-iteration cap
|
|
ScriptedAiDriver::setResponses(array_fill(0, 10, $loopResponse));
|
|
|
|
$response = postJson('/api/v1/ai/chat', [
|
|
'message' => 'Loop forever',
|
|
])->assertOk();
|
|
|
|
// We should hit the cap and the service should return a graceful error message.
|
|
expect($response->json('message.content'))->toContain('tool-call budget');
|
|
// 5 calls + the "I give up" turn shouldn't exceed the hard cap
|
|
expect(ScriptedAiDriver::$callCount)->toBeLessThanOrEqual(5);
|
|
});
|
|
|
|
test('chat endpoint persists an error message when the driver throws', function () {
|
|
ScriptedAiDriver::setResponses([]); // no responses queued → driver returns default
|
|
|
|
// Inject a failing driver via the factory
|
|
$failingDriver = new class('fake', []) extends AiDriver
|
|
{
|
|
public function chatCompletion(array $messages, string $model, array $tools = [], array $options = []): AiChatResponse
|
|
{
|
|
throw new AiException('test failure', 'server_error');
|
|
}
|
|
|
|
public function textCompletion(string $prompt, string $model, array $options = []): string
|
|
{
|
|
return '';
|
|
}
|
|
|
|
public function validateConnection(): array
|
|
{
|
|
return [];
|
|
}
|
|
};
|
|
AiDriverFactory::register('failing', $failingDriver::class);
|
|
|
|
app(AiConfigurationService::class)->saveGlobalConfig([
|
|
'ai_enabled' => 'YES',
|
|
'ai_driver' => 'failing',
|
|
'ai_api_key' => 'k',
|
|
'ai_chat_enabled' => 'YES',
|
|
'ai_chat_model' => 'test',
|
|
]);
|
|
|
|
$response = postJson('/api/v1/ai/chat', [
|
|
'message' => 'Hello',
|
|
])->assertOk();
|
|
|
|
expect($response->json('message.content'))->toContain('Error:');
|
|
});
|
|
|
|
test('chat endpoint rejects when AI is disabled for the company', function () {
|
|
app(AiConfigurationService::class)->saveGlobalConfig([
|
|
'ai_enabled' => 'NO',
|
|
]);
|
|
|
|
postJson('/api/v1/ai/chat', [
|
|
'message' => 'Hi',
|
|
])->assertStatus(422);
|
|
});
|
|
|
|
test('chat endpoint rejects when chat role is disabled even if AI is enabled', function () {
|
|
app(AiConfigurationService::class)->saveGlobalConfig([
|
|
'ai_enabled' => 'YES',
|
|
'ai_driver' => 'scripted',
|
|
'ai_api_key' => 'k',
|
|
'ai_chat_enabled' => 'NO', // <— off
|
|
'ai_chat_model' => 'test',
|
|
]);
|
|
|
|
postJson('/api/v1/ai/chat', [
|
|
'message' => 'Hi',
|
|
])->assertStatus(422);
|
|
});
|
|
|
|
test('conversation index returns only the current user\'s conversations', function () {
|
|
// Create a conversation for the authenticated user
|
|
ScriptedAiDriver::setResponses([new AiChatResponse(message: 'hi')]);
|
|
postJson('/api/v1/ai/chat', ['message' => 'First message'])->assertOk();
|
|
|
|
// Create a conversation for a different user in the same company — should NOT be visible
|
|
$otherUser = User::factory()->create();
|
|
$otherUser->companies()->attach($this->companyId);
|
|
AiConversation::create([
|
|
'company_id' => $this->companyId,
|
|
'user_id' => $otherUser->id,
|
|
'title' => 'Other users secret chat',
|
|
]);
|
|
|
|
$response = getJson('/api/v1/ai/conversations')->assertOk();
|
|
|
|
$titles = collect($response->json('conversations'))->pluck('title');
|
|
expect($titles)->not->toContain('Other users secret chat');
|
|
});
|
|
|
|
test('conversation show enforces ownership via policy', function () {
|
|
$otherUser = User::factory()->create();
|
|
$otherUser->companies()->attach($this->companyId);
|
|
|
|
$foreignConvo = AiConversation::create([
|
|
'company_id' => $this->companyId,
|
|
'user_id' => $otherUser->id,
|
|
'title' => 'Not yours',
|
|
]);
|
|
|
|
getJson("/api/v1/ai/conversations/{$foreignConvo->id}")->assertForbidden();
|
|
});
|
|
|
|
test('conversation delete cascades messages', function () {
|
|
ScriptedAiDriver::setResponses([new AiChatResponse(message: 'reply')]);
|
|
$sendResponse = postJson('/api/v1/ai/chat', ['message' => 'First'])->assertOk();
|
|
$conversationId = $sendResponse->json('conversation.id');
|
|
|
|
// There should now be 2 messages
|
|
expect(AiMessage::where('conversation_id', $conversationId)->count())->toBe(2);
|
|
|
|
$this->deleteJson("/api/v1/ai/conversations/{$conversationId}")->assertOk();
|
|
|
|
expect(AiConversation::find($conversationId))->toBeNull();
|
|
expect(AiMessage::where('conversation_id', $conversationId)->count())->toBe(0);
|
|
});
|