mirror of
https://github.com/we-promise/sure.git
synced 2026-07-12 21:05:20 +00:00
* feat(ai): add Anthropic provider with chat parity (1/5)
Introduces Provider::Anthropic alongside Provider::Openai, implementing
the LlmConcept chat_response contract over the official anthropic Ruby
SDK. Batch ops, PDF, and RAG land in follow-up PRs.
- Provider::Anthropic uses Messages API for sync and streaming responses
- ChatConfig builds requests with ephemeral prompt-cache markers on the
system prompt and the last tool definition
- MessageFormatter reconstructs multi-turn history (text + tool_use +
tool_result blocks) from raw Message records, including the paired
user-role tool_result turn Anthropic requires after every tool_use
- ChatParser maps Anthropic Message into the shared ChatResponse Data
- Registry, Setting, User, Chat default model wired for ANTHROPIC_*
envs and Setting.anthropic_*; LLM_PROVIDER selects between providers
- Responder forwards raw conversation_history (Array<Message>) so
providers without hosted conversation state can rebuild context
- OpenAI provider accepts and ignores the new kwarg (no behavior change)
Tests cover provider init, model gating, MessageFormatter for all turn
shapes, ChatConfig request building (max_tokens, system cache, tool
conversion), ChatParser for text / tool_use / mixed blocks, Registry
discovery, and mocked chat_response success / error / function_request
paths. Live VCR cassettes recorded in a follow-up with a real key.
Stacked PRs: 2/5 batch ops + cost ledger, 3/5 PDF, 4/5 pgvector RAG,
5/5 settings UI + disclosure.
* fix(ai): address PR review on Anthropic provider foundation
Surface fixes raised by Codex + CodeRabbit on PR 1/5:
- Provider::Anthropic#chat_response now accepts (and ignores) a
`messages:` kwarg. Assistant::Responder passes both `messages:`
(OpenAI-shape) and `conversation_history:` (raw Message records) for
cross-provider parity, so the previous signature raised
ArgumentError on the first chat turn through the Anthropic provider.
- Provider::Anthropic#supports_model? bypasses the `claude` prefix
gate when a custom base_url is configured, mirroring the OpenAI
provider. Bedrock-shaped IDs like
`anthropic.claude-sonnet-4-5-20250929-v1:0` and
`claude-opus-4@20250514` are otherwise rejected by
Assistant::Provided#get_model_provider and the chat dies.
- Setting.anthropic_access_token is now in
EncryptedSettingFields::ENCRYPTED_FIELDS so the Anthropic API key
is encrypted at rest like every other provider secret. Previously
plaintext while siblings (openai_access_token, twelve_data_api_key,
external_assistant_token) were ciphertext.
- Chat.default_model falls back to whichever provider is actually
configured. Previously, with LLM_PROVIDER=anthropic but no
Anthropic credentials, the default model resolved to a Claude ID
that no registered provider supported, so chats failed even when
OpenAI was fully configured. Adds Provider::{Anthropic,Openai}#configured?
class methods for the readable callsite.
- Provider::Anthropic.effective_model uses
`ENV["ANTHROPIC_MODEL"].presence || Setting.anthropic_model` so the
Setting lookup is only performed when the env var is absent — the
previous `ENV.fetch(KEY, default)` evaluated the default arg
eagerly on every call.
- Provider::Anthropic::ChatConfig#anthropic_input_schema strips both
`:strict` and `"strict"` keys so JSON-decoded schemas with string
keys cannot leak the OpenAI-only flag through to Anthropic.
Test coverage added: supports_model? bypass on custom endpoints,
chat_response messages: kwarg compatibility, default_model fallback
in the three credential combinations, configured? against ENV +
Setting, strict-flag stripping for both key types, and a
`Setting.expects(:anthropic_model).never` assertion proving the
ENV-precedence test now exercises the lazy path.
All 4365 tests pass (1 pre-existing libvips env error unrelated).
* test(chat): make default_model tests resilient to ENV model overrides
CodeRabbit flagged on PR review: the new default_model tests asserted
against Provider::*::DEFAULT_MODEL, but Chat.default_model actually
returns Provider::*.effective_model.presence (which reads
OPENAI_MODEL / ANTHROPIC_MODEL from the environment). With either env
var set, the tests would fail intermittently even though routing was
correct.
- New default_model tests now assert against the provider's
effective_model directly, so they verify the routing decision
(which provider's value wins) without coupling to the constant.
- Pre-existing "creates with default model" assertions had the same
brittleness; switch them to compare against Chat.default_model so
the chosen model is whatever the env / Setting cascade resolves to.
Verified by running `ANTHROPIC_MODEL=claude-haiku-4-5 OPENAI_MODEL=gpt-4o
bin/rails test test/models/chat_test.rb` — 16 runs, 0 failures
(previously 2 pre-existing failures + 0 from the new tests).
* fix(ai): address local review on Anthropic foundation
- Provider::Anthropic#supports_pdf_processing? bypasses prefix gate for
custom endpoints, mirroring supports_model?
- Provider::Anthropic#initialize raises Error when custom_endpoint? AND
model.blank?, parity with Provider::Openai
- stream_chat_response captures partial usage on mid-stream errors and
records it via the new on_partial callback so chat_response can skip
the duplicate error row in the outer rescue
- safe_accumulated_message swallows the secondary failure when the SDK
cannot reconstruct a snapshot
- langfuse_client memoizes properly (||= instead of =) so repeated calls
don't churn Langfuse instances
- MessageFormatter sorts tool_calls by created_at then id so the
message array is deterministic across replays; skips tool_calls
missing both provider_call_id and provider_id rather than sending
`id: nil` and getting rejected by Anthropic
- Setting.anthropic_access_token default falls back through
ENV["ANTHROPIC_API_KEY"].presence (was missing .presence, so an
empty-string env value bled through)
- User#openai_configured? / #anthropic_configured? delegate to the
Provider::* class methods — single source of truth
- Assistant::Responder renames the OpenAI-shape history builder
conversation_history → openai_messages_payload so the kwarg name
matches the local method name (messages: openai_messages_payload,
conversation_history: chat_message_records)
- Assistant::Builtin stale-history comment updated to reference both
builders
Adds a streaming chat_response test using ad-hoc subclasses of the
SDK event types so the case/when dispatch matches via is_a? without
stubbing class-level === behavior.
* test(ai): add Anthropic tool_use round-trip + multi-tool turn coverage
Addresses @jjmata's "worth confirming" note on PR #1983: tool-use turns
from prior assistant messages must round-trip correctly when retrieved
from the database.
- New `ChatParser → ToolCall::Function → MessageFormatter` test walks
the full path: Anthropic response with a tool_use block →
ChatFunctionRequest → ToolCall::Function.from_function_request →
persisted on the AssistantMessage → MessageFormatter rebuild on the
next turn. Asserts the original `tool_use.id` is preserved end-to-end
as both `tool_use.id` and the paired `tool_result.tool_use_id`, and
that the original `input` hash and serialized result content survive.
- New multi-tool assistant turn test confirms two tool_use blocks on a
single assistant message render as two tool_use blocks followed by
two paired tool_result blocks in a single user-role follow-up,
matching Anthropic's required alternation.
Both tests exercise the existing PR1 code without behavior changes.
* test(ai): require "ostruct" explicitly in Anthropic provider tests
OpenStruct is moving out of Ruby's default load path (warning in 3.4+,
removed in 3.5+). Tests work today because ActiveSupport transitively
loads it, but that's incidental. Match the existing convention in
test/controllers/settings/hostings_controller_test.rb which explicitly
requires ostruct for the same reason.
* fix(ai): sanitize Langfuse warn logs, normalize tool_use.input, dedup history fetch
Addresses three open CodeRabbit findings on PR #1983.
- Provider::Anthropic Langfuse rescue branches no longer include
`e.full_message` in `Rails.logger.warn`. `full_message` bundles the
backtrace + cause chain and on some SDK error types includes the
serialized request/response payload (prompt, model output). Logs
now report `#{e.class}: #{e.message}` only. Three sites:
create_langfuse_trace, log_langfuse_generation, upsert_langfuse_trace.
Note: Provider::Openai has the same pattern (copy-pasted source) —
harmonization deferred to a follow-up cleanup PR; this commit fixes
only the Anthropic provider to keep PR scope tight.
- MessageFormatter#parse_arguments now coerces any non-Hash parsed
result to `{}`. Anthropic's Messages API requires `tool_use.input`
to be a JSON object (map); a stored ToolCall::Function record whose
arguments parse to a scalar, bool, or array (corrupt row, legacy
data, cross-provider bleed) would otherwise produce a payload the
API rejects. Normal flow stores Hash arguments end-to-end so the
fix is defensive — adds 2 tests covering scalar/array JSON strings
and non-String non-Hash inputs.
- Assistant::Responder dedups the chat-history fetch. The previous
layout fired two near-identical `chat.messages.where(...).includes(
:tool_calls).ordered` queries per LLM turn (one for the OpenAI-shape
payload, one for the raw-records kwarg). A new memoized
`complete_chat_messages` fetches once; `chat_message_records` filters
out the current message via `Array#reject`, `openai_messages_payload`
iterates the cached array unchanged. One SQL query per turn instead
of two. Memoization scope = single Responder instance (per LLM call),
so cache invalidation is not a concern.
All 4370 tests pass (1 pre-existing libvips env error unrelated).
Rubocop + brakeman clean.
* fix(ci): replace sk-ant- prefixed test placeholders
Pipelock secret scanner pattern-matches `sk-ant-*` as a real Anthropic
API key and fails the PR security-scan check. Test stubs and
ClimateControl env values used `sk-ant-test`, `sk-ant-from-setting`,
`sk-ant-x`, `sk-ant-y` as obvious placeholders, but the scanner does
not care about value entropy.
Switched to `fake-anthropic-key-*` / `fake-token-*` strings so the
scanner stops flagging them. No production code touched, no behavior
change — Provider::Anthropic still accepts any non-blank token.
* feat(ai): add Anthropic batch ops + LLM cost ledger (2/5)
Implements auto_categorize, auto_detect_merchants, and
enhance_provider_merchants on Provider::Anthropic via forced tool calls,
plus the cost-ledger plumbing they need.
- Provider::Anthropic::AutoCategorizer, AutoMerchantDetector,
ProviderMerchantEnhancer each define a single output tool whose
input_schema mirrors the desired output, then force the model to call
it via tool_choice: { type: "tool", name: ..., disable_parallel_tool_use: true }.
Anthropic guarantees the tool_use.input matches the schema, so there
is no JSON parsing fragility, no <think> tag stripping, and no
json_object/json_schema fallback ladders.
- Concerns::UsageRecorder mirrors the OpenAI sibling but persists
cache_creation_input_tokens / cache_read_input_tokens to dedicated
columns instead of metadata.
- Migration adds cache_creation_tokens, cache_read_tokens (nullable
integers) to llm_usages. OpenAI rows leave them null.
- LlmUsage::PRICING gains Claude 4.x rows (opus-4-7 $15/$75, sonnet-4-6
$3/$15, haiku-4-5 $1/$5 per MTok). infer_provider returns "anthropic"
for claude-* via the existing exact/prefix lookup.
- Provider::Anthropic#chat_response now persists cache columns directly
rather than stashing them in metadata.
- 25-transaction batch cap mirrors the OpenAI provider so the cost
ledger sees the same shape regardless of which provider ran a batch.
Tests cover the forced-tool-call path, null/None normalization,
case-insensitive merchant matching, the missing-tool_use error path,
and Anthropic-specific pricing + provider inference on LlmUsage.
Stacked on #1983 (PR 1/5). 3/5 PDF + vision next.
* fix(ai): attribute Bedrock model IDs to anthropic + clean nil enum
- LlmUsage.infer_provider now returns "anthropic" for Bedrock /
Vertex shaped IDs (anthropic.* and anthropic/*), so cost-ledger
filtering by provider stays correct even when no per-MTok rate is
stored. Previously these IDs fell through to the "openai" default.
- AutoCategorizer drops the redundant nil sentinel from the
category_name enum — the union type [string, null] already permits
null, and some JSON Schema validators reject nil literals inside
enum arrays.
* test(ai): require "ostruct" in Anthropic batch op tests
Same rationale as the PR1 ostruct fix — explicit require so the tests
don't depend on ActiveSupport's transitive load when Ruby 3.5+ removes
OpenStruct from the default load path.
* feat(ai): Anthropic native PDF processing (3/5)
Implements process_pdf and extract_bank_statement on Provider::Anthropic
using the native `document` content block — no rasterization, no text
pre-extraction.
- Provider::Anthropic::PdfProcessor classifies the document, summarizes
it, and extracts statement metadata via a forced report_document_analysis
tool whose input_schema mirrors the existing Provider::Openai output
(document_type from Import::DOCUMENT_TYPES, summary, extracted_data).
- Provider::Anthropic::BankStatementExtractor returns the same
{ transactions, period, account_holder, account_number, bank_name,
opening_balance, closing_balance } shape via report_bank_statement so
downstream pdf_import code is provider-agnostic.
- Both attach the PDF as
{ type: "document", source: { type: "base64", media_type: "application/pdf", data: <b64> } }
— Claude 3.5+ / 4.x accept this natively (up to 32MB / 100 pages).
No pdf-reader, no pdftoppm, no chunking for typical statements.
- supports_pdf_processing? (introduced in PR 1) already returns true for
claude-* models, gating process_pdf with a clear error otherwise.
- Cost ledger rows are persisted via the shared UsageRecorder concern,
including cache_creation/cache_read tokens.
Tests verify the document block shape, tool_choice forcing, normalized
document_type for unknown classifications, transaction normalization
(date / amount / reference → notes), and the missing-tool_use error
path. Blank pdf_content raises before any client call.
Stacked on #1984 (PR 2/5). 4/5 pgvector RAG next.
* fix(ai): guard PDF size + surface bank-statement truncation
- PdfProcessor and BankStatementExtractor raise upfront when
pdf_content.bytesize exceeds MAX_PDF_BYTES (32 MB, matching
Anthropic's hard limit). Previously a 100 MB PDF would be
base64-encoded (~133 MB) and packed into the JSON body before
the API rejected it — peak heap ~270 MB per Sidekiq worker.
- BankStatementExtractor inspects response.stop_reason; when the
model hit max_tokens it logs a warning and flags result[:truncated]
so downstream callers know the transaction list may be incomplete.
- ISO date pattern added to statement_period_start/end schema in
PdfProcessor so the model can't return "March 2026" — Anthropic
enforces the regex via the tool's input_schema.
Tests cover the size guard (raises before any client.messages call),
truncated-result flagging, and the warning log path.
* test(ai): require "ostruct" in Anthropic PDF tests
Match the explicit ostruct require added in PR1/PR2 — same Ruby 3.5+
load-path reason.
* feat(ai): default Anthropic installs to pgvector RAG (4/5)
The provider-agnostic vector store stack (VectorStore::Pgvector + the
Embeddable concern) already shipped to main. This PR closes the
Anthropic loop:
- VectorStore::Registry.adapter_name now returns :pgvector when
Setting.llm_provider == "anthropic" and no explicit
VECTOR_STORE_PROVIDER override is set. Anthropic has no hosted vector
store, so falling back to the local pgvector adapter is the only
correct default. Explicit VECTOR_STORE_PROVIDER still wins.
- SearchFamilyFiles surfaces a longer message when no adapter is wired
up — calling out pgvector + EMBEDDING_URI_BASE as the supported
Anthropic-only path so the user is not stuck with an "OpenAI required"
hint that is no longer accurate.
The Embeddable concern already pulls embeddings from
EMBEDDING_URI_BASE / EMBEDDING_ACCESS_TOKEN (with OpenAI as fallback),
so Anthropic installs point this at Voyage AI, a local Ollama instance,
or OpenAI embeddings — independent of the chat provider.
Tests cover the new default routing, the existing OpenAI default
staying intact, and explicit VECTOR_STORE_PROVIDER overriding the
Anthropic default.
Stacked on #1985 (PR 3/5). 5/5 settings UI + retention disclosure next.
* feat(ai): self-host settings UI for Anthropic provider (5/5)
Adds the Anthropic panel and the install-wide LLM provider selector to
the self-hosting settings page, plus a shared data-retention
disclosure that covers both OpenAI and Anthropic.
- New _llm_provider_selector partial: select for Setting.llm_provider
(openai | anthropic), respects the LLM_PROVIDER env var (disables the
control + shows the "configured through environment variables" hint
when set, mirroring the existing OpenAI panel behaviour), and renders
a compact data-handling block with one-line retention statements for
each provider.
- New _anthropic_settings partial mirrors _openai_settings exactly:
password-field for the API key with **** redaction, optional
base_url (for AWS Bedrock / GCP Vertex), optional default model. All
three fields disable when their ENV var is set.
- show.html.erb renders provider selector + OpenAI panel + Anthropic
panel under the same "General" section so users can configure either
(or both) without switching pages.
- Settings::HostingsController#update now permits and persists
anthropic_access_token (ignoring the **** placeholder, same pattern
as OpenAI), anthropic_base_url, anthropic_model, and llm_provider
(validated against %w[openai anthropic]). On Setting::ValidationError
the rescue branch preserves anthropic_base_url / anthropic_model
input so the form re-renders with the user's typed values intact —
parity with the issue #1824 fix for OpenAI.
- Locale keys added under settings.hostings.{llm_provider_selector,
anthropic_settings}.
Tests cover token update + placeholder redaction, base_url + model
update, llm_provider switch to anthropic, and rejection of unknown
provider values. The existing GET render test still passes, exercising
all three new partials.
Closes the 5/5 Anthropic series stacked on #1986.
* fix(ai): valid Tailwind token + base_url URL validation
- Data-handling block in _llm_provider_selector swaps the invalid
bg-surface-secondary token for bg-container-inset, matching the
inset-card pattern used elsewhere in sure-design-system/components.css.
bg-surface-secondary is not defined anywhere in the design system —
Tailwind treated it as a no-op, so the block rendered with no
background contrast.
- Settings::HostingsController validates anthropic_base_url as a
URI::HTTP (catches https too) and raises Setting::ValidationError
with a localized message when the input is not parseable.
Previously any string was persisted, surfacing as an opaque
connection error at request time instead of an immediate UX failure.
- Blank base_url now clears the setting (was already the case but
exercised explicitly in tests now).
* fix(ci): replace sk-ant- prefixed token in hostings controller test
Same pipelock secret-scan trigger as PR1 fix on registry/anthropic
tests. The sk-ant-* prefix is matched verbatim by the scanner
regardless of value entropy.
* fix(ai): provision pgvector table when it is the default store
#1986 makes pgvector the default vector store for Anthropic installs, but
CreateVectorStoreChunks only ran when VECTOR_STORE_PROVIDER=pgvector was set
explicitly — so a fresh Anthropic-only install migrated without the
vector_store_chunks table and failed on uploads/searches.
Add VectorStore::Registry.pgvector_effective? as the single source of truth
for "is pgvector active?" (explicit env OR the Anthropic default), and a new
idempotent migration that enables the extension + creates the table whenever
pgvector is effective and the table is missing — covering fresh and
already-migrated installs without drift. Addresses Codex P1.
* fix(ai): provision pgvector table for Anthropic-default installs
Migration gated on raw VECTOR_STORE_PROVIDER==pgvector, so an
Anthropic-default install (which selects pgvector implicitly via
Setting.llm_provider without setting VECTOR_STORE_PROVIDER) skipped
table creation and failed later on a missing vector_store_chunks
relation. Route through VectorStore::Registry.pgvector_effective? —
the single source of truth already shared by the adapter selection.
Addresses Codex P1 review finding.
* fix(ai): provision pgvector chunks table on schema-load installs
The ensure-migration only helps db:migrate upgraders. Fresh installs go
through bin/docker-entrypoint's db:prepare, which loads schema.rb (the
conditional table can't be dumped there — it needs the vector extension)
and marks every migration applied without running it. An Anthropic-only
fresh install therefore selected the pgvector adapter but had no table,
failing with raw PG errors on first upload or search.
Two layers close it:
- VectorStore::Pgvector#ensure_schema! provisions the table idempotently
on first use (mirrors CreateVectorStoreChunks; memoized; failures wrap
in VectorStore::Error, which with_response turns into a clean failed
response).
- VectorStore::Registry#build_pgvector now gates on
VectorStore::Pgvector.available? (table exists, or extension present),
so installs whose Postgres lacks pgvector entirely degrade to the
assistant's provider_not_configured message instead of raising
mid-chat.
Also resolves the schema.rb version conflict against main (keep the
branch's 2026_06_01_120000, on top of main's current tables).
* fix(ai): address review nitpicks on pgvector provisioning
- Registry: update the adapter doc comment to mention the
Anthropic-to-pgvector default alongside the openai fallback.
- ensure_schema!: guard the DDL with if_not_exists instead of a Mutex.
Adapter instances are built per call and never shared across threads,
so the realistic race is two processes (web + Sidekiq) provisioning
concurrently; IF NOT EXISTS makes the loser a no-op where a Mutex
would only serialize threads inside one process.
* fix(ai): address review on Anthropic settings UI
- Require an Anthropic model when a custom base URL is saved, mirroring the
OpenAI branch. Auto-submit-on-blur could persist a base URL with no model,
making Provider::Anthropic raise "Model is required..." on every LLM call.
- Narrow the LLM provider selector copy: only chat honors Setting.llm_provider;
categorization, merchant detection and PDF processing still always use OpenAI.
Stop advertising provider switching for those flows until they are wired.
- Reset global Setting.* in test teardown to prevent state leakage, and add a
test covering the new base-URL-requires-model validation.
* feat(ds): conditional LLM provider settings + merged copy
The self-hosting AI section showed both providers' credential blocks at once
and duplicated near-identical copy. Tidy it:
- Replace the provider <select> with a DS::SegmentedControl driving a new
provider-settings Stimulus controller: only the active provider's panel is
shown; switching reveals the other instantly and persists Setting.llm_provider.
- Merge the two byte-identical data-retention lines into one provider-neutral
Data handling note.
- Scope the token-budget copy to OpenAI-compatible calls (read only by
Provider::Openai) and add an inline 'add a key to activate' hint when the
active provider is unconfigured.
UI-only; no provider behavior change.
* feat(ds): responsive LLM provider picker (tabs >=sm, select on mobile)
The segmented tabs overflow a phone viewport once there are 3+ providers
(measured: 4 labels want ~409px in a 319px column at 390px wide). Below sm,
fall back to a native <select> -- which doubles as the submitted field -- while
keeping the segmented tabs at sm and up.
Both controls bind to the same provider-settings Stimulus controller (the
select reads its value, the tabs read data-provider), so adding a 3rd/4th
provider scales on mobile with no layout math.
* fix(hostings): sanitize llm provider selector
* test(hostings): avoid brittle provider hint assertion
---------
Co-authored-by: sure-admin <sure-admin@splashblot.com>
316 lines
13 KiB
Ruby
316 lines
13 KiB
Ruby
class Settings::HostingsController < ApplicationController
|
|
layout "settings"
|
|
|
|
# Minimum accepted value for each configurable LLM budget field. Mirrors the
|
|
# `min:` attribute on the form inputs in `_openai_settings.html.erb` so the
|
|
# controller rejects what the browser-side validator would reject.
|
|
LLM_BUDGET_MINIMUMS = {
|
|
llm_context_window: 256,
|
|
llm_max_response_tokens: 64,
|
|
llm_max_items_per_call: 1
|
|
}.freeze
|
|
|
|
guard_feature unless: -> { self_hosted? }
|
|
|
|
before_action :ensure_admin, only: [ :update, :clear_cache, :disconnect_external_assistant ]
|
|
before_action :ensure_super_admin_for_onboarding, only: :update
|
|
|
|
def show
|
|
@breadcrumbs = [
|
|
[ t("breadcrumbs.home"), root_path ],
|
|
[ t("breadcrumbs.self_hosting"), nil ]
|
|
]
|
|
|
|
# Determine which providers are currently selected
|
|
exchange_rate_provider = ENV["EXCHANGE_RATE_PROVIDER"].presence || Setting.exchange_rate_provider
|
|
enabled_securities = Setting.enabled_securities_providers
|
|
|
|
# Show provider settings if used for FX or enabled for securities
|
|
@show_twelve_data_settings = exchange_rate_provider == "twelve_data" || enabled_securities.include?("twelve_data")
|
|
@show_yahoo_finance_settings = exchange_rate_provider == "yahoo_finance" || enabled_securities.include?("yahoo_finance")
|
|
@show_tiingo_settings = enabled_securities.include?("tiingo")
|
|
@show_eodhd_settings = enabled_securities.include?("eodhd")
|
|
@show_alpha_vantage_settings = enabled_securities.include?("alpha_vantage")
|
|
|
|
# Only fetch provider data if we're showing the section
|
|
if @show_twelve_data_settings
|
|
twelve_data_provider = Provider::Registry.get_provider(:twelve_data)
|
|
@twelve_data_usage = twelve_data_provider&.usage
|
|
@plan_restricted_securities = Current.family.securities_with_plan_restrictions(provider: "TwelveData")
|
|
end
|
|
|
|
if @show_yahoo_finance_settings
|
|
@yahoo_finance_provider = Provider::Registry.get_provider(:yahoo_finance)
|
|
end
|
|
end
|
|
|
|
def update
|
|
if hosting_params.key?(:onboarding_state)
|
|
onboarding_state = hosting_params[:onboarding_state].to_s
|
|
Setting.onboarding_state = onboarding_state
|
|
end
|
|
|
|
if hosting_params.key?(:require_email_confirmation)
|
|
Setting.require_email_confirmation = hosting_params[:require_email_confirmation]
|
|
end
|
|
|
|
if hosting_params.key?(:invite_only_default_family_id)
|
|
value = hosting_params[:invite_only_default_family_id].presence
|
|
Setting.invite_only_default_family_id = value
|
|
end
|
|
|
|
if hosting_params.key?(:brand_fetch_client_id)
|
|
Setting.brand_fetch_client_id = hosting_params[:brand_fetch_client_id]
|
|
end
|
|
|
|
if hosting_params.key?(:brand_fetch_high_res_logos)
|
|
Setting.brand_fetch_high_res_logos = hosting_params[:brand_fetch_high_res_logos] == "1"
|
|
end
|
|
|
|
update_encrypted_setting(:twelve_data_api_key)
|
|
|
|
if hosting_params.key?(:exchange_rate_provider)
|
|
Setting.exchange_rate_provider = hosting_params[:exchange_rate_provider]
|
|
end
|
|
|
|
if hosting_params.key?(:securities_provider)
|
|
Setting.securities_provider = hosting_params[:securities_provider]
|
|
end
|
|
|
|
if hosting_params.key?(:securities_providers)
|
|
new_providers = Array(hosting_params[:securities_providers]).reject(&:blank?) & Security.valid_price_providers
|
|
old_providers = Setting.enabled_securities_providers
|
|
|
|
Setting.securities_providers = new_providers.join(",")
|
|
|
|
# Clear the legacy singular setting so the fallback in
|
|
# enabled_securities_providers doesn't re-enable a provider
|
|
# the user just unchecked.
|
|
Setting.securities_provider = nil if new_providers.empty?
|
|
|
|
# Mark securities linked to removed providers as offline so they aren't
|
|
# silently queried against an incompatible fallback provider (e.g. MFAPI
|
|
# scheme codes sent to TwelveData). The price_provider is preserved so
|
|
# provider_status can report :provider_unavailable.
|
|
removed = old_providers - new_providers
|
|
removed.each do |removed_provider|
|
|
Security.where(price_provider: removed_provider, offline: false)
|
|
.in_batches.update_all(offline: true, offline_reason: "provider_disabled")
|
|
end
|
|
|
|
# Bring securities back online when their provider is re-enabled — but only
|
|
# those that were taken offline by a provider toggle, not by health checks.
|
|
added = new_providers - old_providers
|
|
added.each do |added_provider|
|
|
Security.where(price_provider: added_provider, offline: true, offline_reason: "provider_disabled")
|
|
.in_batches.update_all(offline: false, offline_reason: nil, failed_fetch_count: 0, failed_fetch_at: nil)
|
|
end
|
|
end
|
|
|
|
update_encrypted_setting(:tiingo_api_key)
|
|
update_encrypted_setting(:eodhd_api_key)
|
|
update_encrypted_setting(:alpha_vantage_api_key)
|
|
|
|
if hosting_params.key?(:syncs_include_pending)
|
|
Setting.syncs_include_pending = hosting_params[:syncs_include_pending] == "1"
|
|
end
|
|
|
|
sync_settings_changed = false
|
|
|
|
if hosting_params.key?(:auto_sync_enabled)
|
|
Setting.auto_sync_enabled = hosting_params[:auto_sync_enabled] == "1"
|
|
sync_settings_changed = true
|
|
end
|
|
|
|
if hosting_params.key?(:auto_sync_time)
|
|
time_value = hosting_params[:auto_sync_time]
|
|
unless Setting.valid_auto_sync_time?(time_value)
|
|
flash[:alert] = t(".invalid_sync_time")
|
|
return redirect_to settings_hosting_path
|
|
end
|
|
|
|
Setting.auto_sync_time = time_value
|
|
Setting.auto_sync_timezone = current_user_timezone
|
|
sync_settings_changed = true
|
|
end
|
|
|
|
if sync_settings_changed
|
|
sync_auto_sync_scheduler!
|
|
end
|
|
|
|
if hosting_params.key?(:openai_access_token)
|
|
token_param = hosting_params[:openai_access_token].to_s.strip
|
|
# Ignore blanks and redaction placeholders to prevent accidental overwrite
|
|
unless token_param.blank? || token_param == "********"
|
|
Setting.openai_access_token = token_param
|
|
end
|
|
end
|
|
|
|
# Validate OpenAI configuration before updating
|
|
if hosting_params.key?(:openai_uri_base) || hosting_params.key?(:openai_model)
|
|
Setting.validate_openai_config!(
|
|
uri_base: hosting_params[:openai_uri_base],
|
|
model: hosting_params[:openai_model]
|
|
)
|
|
end
|
|
|
|
if hosting_params.key?(:openai_uri_base)
|
|
Setting.openai_uri_base = hosting_params[:openai_uri_base]
|
|
end
|
|
|
|
if hosting_params.key?(:openai_model)
|
|
Setting.openai_model = hosting_params[:openai_model]
|
|
end
|
|
|
|
if hosting_params.key?(:openai_json_mode)
|
|
Setting.openai_json_mode = hosting_params[:openai_json_mode].presence
|
|
end
|
|
|
|
if hosting_params.key?(:anthropic_access_token)
|
|
token_param = hosting_params[:anthropic_access_token].to_s.strip
|
|
unless token_param.blank? || token_param == "********"
|
|
Setting.anthropic_access_token = token_param
|
|
end
|
|
end
|
|
|
|
if hosting_params.key?(:anthropic_base_url)
|
|
raw_base_url = hosting_params[:anthropic_base_url].to_s.strip
|
|
if raw_base_url.blank?
|
|
Setting.anthropic_base_url = nil
|
|
else
|
|
parsed = URI.parse(raw_base_url) rescue nil
|
|
unless parsed.is_a?(URI::HTTP)
|
|
raise Setting::ValidationError, t(".invalid_anthropic_base_url")
|
|
end
|
|
# A custom Anthropic-compatible endpoint requires a model — Provider::Anthropic
|
|
# raises without one. Validate the pair together (mirrors the OpenAI branch), using
|
|
# the submitted model when present so a blanked model field is caught too.
|
|
effective_model =
|
|
if hosting_params.key?(:anthropic_model)
|
|
hosting_params[:anthropic_model].to_s.strip
|
|
else
|
|
Setting.anthropic_model.to_s.strip
|
|
end
|
|
if effective_model.blank?
|
|
raise Setting::ValidationError, t(".anthropic_model_required_for_base_url")
|
|
end
|
|
Setting.anthropic_base_url = raw_base_url
|
|
end
|
|
end
|
|
|
|
if hosting_params.key?(:anthropic_model)
|
|
Setting.anthropic_model = hosting_params[:anthropic_model].presence
|
|
end
|
|
|
|
if hosting_params.key?(:llm_provider)
|
|
provider = hosting_params[:llm_provider].to_s
|
|
if %w[openai anthropic].include?(provider)
|
|
Setting.llm_provider = provider
|
|
end
|
|
end
|
|
|
|
LLM_BUDGET_MINIMUMS.each do |key, minimum|
|
|
next unless hosting_params.key?(key)
|
|
raw = hosting_params[key].to_s.strip
|
|
if raw.blank?
|
|
Setting.public_send("#{key}=", nil)
|
|
next
|
|
end
|
|
parsed = Integer(raw, 10) rescue nil
|
|
if parsed.nil? || parsed < minimum
|
|
label = t("settings.hostings.openai_settings.#{key}_label")
|
|
raise Setting::ValidationError, t(".invalid_llm_budget", field: label, minimum: minimum)
|
|
end
|
|
Setting.public_send("#{key}=", parsed)
|
|
end
|
|
|
|
if hosting_params.key?(:external_assistant_url)
|
|
Setting.external_assistant_url = hosting_params[:external_assistant_url]
|
|
end
|
|
|
|
if hosting_params.key?(:external_assistant_token)
|
|
token_param = hosting_params[:external_assistant_token].to_s.strip
|
|
unless token_param.blank? || token_param == "********"
|
|
Setting.external_assistant_token = token_param
|
|
end
|
|
end
|
|
|
|
if hosting_params.key?(:external_assistant_agent_id)
|
|
Setting.external_assistant_agent_id = hosting_params[:external_assistant_agent_id]
|
|
end
|
|
|
|
update_assistant_type
|
|
|
|
redirect_to settings_hosting_path, notice: t(".success")
|
|
rescue Setting::ValidationError => error
|
|
# Preserve user-submitted OpenAI config so the form re-renders with their
|
|
# input intact (issue #1824). The form auto-submits on blur, so a partial
|
|
# entry (e.g. URI base before model) hits validation and would otherwise
|
|
# be wiped because the view reads from the unchanged Setting.* values.
|
|
@openai_uri_base_input = hosting_params[:openai_uri_base] if hosting_params.key?(:openai_uri_base)
|
|
@openai_model_input = hosting_params[:openai_model] if hosting_params.key?(:openai_model)
|
|
@anthropic_base_url_input = hosting_params[:anthropic_base_url] if hosting_params.key?(:anthropic_base_url)
|
|
@anthropic_model_input = hosting_params[:anthropic_model] if hosting_params.key?(:anthropic_model)
|
|
flash.now[:alert] = error.message
|
|
render :show, status: :unprocessable_entity
|
|
end
|
|
|
|
def clear_cache
|
|
DataCacheClearJob.perform_later(Current.family)
|
|
redirect_to settings_hosting_path, notice: t(".cache_cleared")
|
|
end
|
|
|
|
def disconnect_external_assistant
|
|
Setting.external_assistant_url = nil
|
|
Setting.external_assistant_token = nil
|
|
Setting.external_assistant_agent_id = nil
|
|
Current.family.update!(assistant_type: "builtin") unless ENV["ASSISTANT_TYPE"].present?
|
|
redirect_to settings_hosting_path, notice: t(".external_assistant_disconnected")
|
|
rescue => e
|
|
Rails.logger.error("[External Assistant] Disconnect failed: #{e.message}")
|
|
redirect_to settings_hosting_path, alert: t("settings.hostings.update.failure")
|
|
end
|
|
|
|
private
|
|
def hosting_params
|
|
return ActionController::Parameters.new unless params.key?(:setting)
|
|
params.require(:setting).permit(:onboarding_state, :require_email_confirmation, :invite_only_default_family_id, :brand_fetch_client_id, :brand_fetch_high_res_logos, :twelve_data_api_key, :tiingo_api_key, :eodhd_api_key, :alpha_vantage_api_key, :openai_access_token, :openai_uri_base, :openai_model, :openai_json_mode, :anthropic_access_token, :anthropic_base_url, :anthropic_model, :llm_provider, :llm_context_window, :llm_max_response_tokens, :llm_max_items_per_call, :exchange_rate_provider, :securities_provider, :syncs_include_pending, :auto_sync_enabled, :auto_sync_time, :external_assistant_url, :external_assistant_token, :external_assistant_agent_id, securities_providers: [])
|
|
end
|
|
|
|
def update_assistant_type
|
|
return unless params[:family].present? && params[:family][:assistant_type].present?
|
|
return if ENV["ASSISTANT_TYPE"].present?
|
|
|
|
assistant_type = params[:family][:assistant_type]
|
|
Current.family.update!(assistant_type: assistant_type) if Family::ASSISTANT_TYPES.include?(assistant_type)
|
|
end
|
|
|
|
def ensure_admin
|
|
redirect_to settings_hosting_path, alert: t(".not_authorized") unless Current.user.admin?
|
|
end
|
|
|
|
def ensure_super_admin_for_onboarding
|
|
onboarding_params = %i[onboarding_state invite_only_default_family_id]
|
|
return unless onboarding_params.any? { |p| hosting_params.key?(p) }
|
|
redirect_to settings_hosting_path, alert: t(".not_authorized") unless Current.user.super_admin?
|
|
end
|
|
|
|
def sync_auto_sync_scheduler!
|
|
AutoSyncScheduler.sync!
|
|
rescue StandardError => error
|
|
Rails.logger.error("[AutoSyncScheduler] Failed to sync scheduler: #{error.message}")
|
|
Rails.logger.error(error.backtrace.join("\n"))
|
|
flash[:alert] = t(".scheduler_sync_failed")
|
|
end
|
|
|
|
def update_encrypted_setting(param_key)
|
|
return unless hosting_params.key?(param_key)
|
|
value = hosting_params[param_key].to_s.strip
|
|
Setting.public_send(:"#{param_key}=", value) unless value.blank? || value == "********"
|
|
end
|
|
|
|
def current_user_timezone
|
|
Current.family&.timezone.presence || "UTC"
|
|
end
|
|
end
|