mirror of
https://github.com/InvoiceShelf/InvoiceShelf.git
synced 2026-07-16 22:05:20 +00:00
Second phase of the AI feature. Users can now open a slide-in chat drawer from the SiteHeader and ask natural-language questions about their company's invoices, customers, payments, and expenses. The LLM invokes pre-defined read-only tool functions (scoped to the current company at execute time) to fetch data and synthesize answers.
**Database** — new ai_conversations and ai_messages tables. Messages are stored in OpenAI's chat format so AiAssistantService serializes a conversation into an API request with zero translation. Columns: role, content, tool_call_id, tool_calls JSON, model, tokens_in, tokens_out. Conversations are scoped (company_id, user_id) — one user's chats are invisible to everyone else, even inside the same company. Foreign-key cascade deletes.
**Tool infrastructure** — AiTool abstract base + AiToolRegistry singleton (registered in a new AiServiceProvider). The base class enforces the security rule: every tool's execute() receives companyId and userId as injected parameters; tools' JSON schemas NEVER include a company_id field. An LLM physically cannot pass a company_id and escape tenancy. Modules can register their own tools by resolving the registry from their own ServiceProvider::boot().
**Nine built-in tools**: search_invoices, get_invoice, search_customers, get_customer, list_recent_payments, list_overdue_invoices, get_company_stats (aggregates for named periods), search_items, list_expense_categories. All read-only; no mutations. Each returns JSON-encodable data the LLM can parse.
**AiAssistantService orchestration loop** — the heart of Phase 2. Flow: persist user message → build payload from system prompt + recent history (40-message window) + new user message → call driver.chatCompletion with tools → if tool_calls, execute each one via the registry (with injected scope), persist tool result, loop → if plain text, persist and return. Hard cap at 5 iterations to prevent runaway LLMs. System prompt pins the assistant to this company's data and forbids mutation.
**Controllers + policy + rate limit** — POST /api/v1/ai/chat runs the orchestration loop. GET/PATCH/DELETE /api/v1/ai/conversations for CRUD. AiConversationPolicy enforces user_id+company_id match on every action. A new 'ai' RateLimiter in RouteServiceProvider throttles to 30 req/min per (user, company). New 'use ai' Gate defined in AppServiceProvider returns true for any authenticated user — the per-company kill-switch still goes through AiConfigurationService::resolveForCompany.
**Frontend** — new features/company/ai/ folder with a Pinia store (ai-chat.store.ts) holding drawer state, current conversation, messages, and loading flags. AiChatDrawer.vue is a slide-in panel teleported to <body>, mounted globally in CompanyLayout.vue when bootstrap reports ai.enabled && ai.chat_enabled. Sub-components: AiChatMessage (user bubbles vs assistant bubbles), AiChatMessageInput (Enter submits, Shift+Enter newline), AiChatConversationList (sidebar with 'new chat' button, rename, delete). A SparklesIcon button in SiteHeader toggles the drawer.
**Driver test double** — tests use a ScriptedAiDriver registered via AiDriverFactory::register('scripted', ...) that returns pre-queued AiChatResponse objects. Feature tests cover: happy path (new conversation + message persistence), tool-call loop (multi-round-trip with search_invoices), runaway-loop cap, driver-throws path, ai_enabled=NO rejection, chat role disabled rejection, per-user conversation visibility, cross-user policy enforcement, cascade delete.
388 tests pass (was 372, +16 new). Pint clean. npm run build clean. Phase 3 (WYSIWYG text generation popup) is the remaining follow-up.
80 lines
2.5 KiB
PHP
80 lines
2.5 KiB
PHP
<?php
|
|
|
|
namespace App\Services\Ai\Tools;
|
|
|
|
use App\Models\Payment;
|
|
use Carbon\Carbon;
|
|
|
|
class ListRecentPaymentsTool extends AiTool
|
|
{
|
|
private const DEFAULT_DAYS = 30;
|
|
|
|
private const MAX_DAYS = 365;
|
|
|
|
private const DEFAULT_LIMIT = 20;
|
|
|
|
private const MAX_LIMIT = 100;
|
|
|
|
public function name(): string
|
|
{
|
|
return 'list_recent_payments';
|
|
}
|
|
|
|
public function description(): string
|
|
{
|
|
return 'List payments received in the last N days for the current company, sorted most recent first. Returns payment number, customer, amount, payment date, and payment method.';
|
|
}
|
|
|
|
public function parameterSchema(): array
|
|
{
|
|
return [
|
|
'type' => 'object',
|
|
'properties' => [
|
|
'days' => [
|
|
'type' => 'integer',
|
|
'minimum' => 1,
|
|
'maximum' => self::MAX_DAYS,
|
|
'description' => 'How many days back to look (default 30, max 365).',
|
|
],
|
|
'limit' => [
|
|
'type' => 'integer',
|
|
'minimum' => 1,
|
|
'maximum' => self::MAX_LIMIT,
|
|
'description' => 'Max rows to return (default 20, max 100).',
|
|
],
|
|
],
|
|
'required' => [],
|
|
];
|
|
}
|
|
|
|
public function execute(array $arguments, int $companyId, int $userId): mixed
|
|
{
|
|
$days = min((int) ($arguments['days'] ?? self::DEFAULT_DAYS), self::MAX_DAYS);
|
|
$limit = min((int) ($arguments['limit'] ?? self::DEFAULT_LIMIT), self::MAX_LIMIT);
|
|
|
|
$since = Carbon::now()->subDays($days)->startOfDay();
|
|
|
|
$payments = Payment::query()
|
|
->where('company_id', $companyId)
|
|
->where('payment_date', '>=', $since)
|
|
->with(['customer:id,name', 'paymentMethod:id,name'])
|
|
->latest('payment_date')
|
|
->limit($limit)
|
|
->get();
|
|
|
|
return [
|
|
'since' => $since->toDateString(),
|
|
'payments' => $payments->map(fn (Payment $p): array => [
|
|
'id' => $p->id,
|
|
'payment_number' => $p->payment_number,
|
|
'payment_date' => $this->asDate($p->payment_date),
|
|
'amount' => $p->amount,
|
|
'customer_id' => $p->customer_id,
|
|
'customer_name' => $p->customer?->name,
|
|
'invoice_id' => $p->invoice_id,
|
|
'payment_method' => $p->paymentMethod?->name,
|
|
])->all(),
|
|
];
|
|
}
|
|
}
|