Skip to content

feat: Declare new doctype and schema for assistant ✨ #2349

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
lethemanh wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: Declare new doctype and schema for assistant ✨ #2349

lethemanh wants to merge 1 commit into from

Conversation

@lethemanh
Copy link

@lethemanh lethemanh commented Jan 14, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features
    • Added support for managing AI chat assistants, allowing creation and updates of assistant configurations linked to account providers.
  • Chores
    • UI dependency updated to a newer cozy-ui release.
  • Permissions
    • Updated app permissions to enable remote assistant data operations.

✏️ Tip: You can customize this high-level summary in your review settings.

Related to:

linagora/cozy-libs#2911

linagora/cozy-client#1661

cozy/cozy-store#959

cozy/cozy-stack#4641

@lethemanh lethemanh self-assigned this Jan 14, 2026
@lethemanh lethemanh marked this pull request as draft January 14, 2026 07:42
@coderabbitai
Copy link

coderabbitai bot commented Jan 14, 2026
edited
Loading

Walkthrough

Adds a new permission entry announcements-uploads to manifest.webapp with type io.cozy.ai.chat.assistants, verbs ["ALL"], and a description about fetching/creating/updating assistant data; this appears alongside an existing announcements-uploads permission with a different type. Adds an assistants entry to src/schema.js with doctype io.cozy.ai.chat.assistants, empty attributes, and a has-one provider relationship to io.cozy.accounts. Bumps cozy-ui in package.json from ^135.0.0 to ^135.5.0.

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main changes: declaring a new doctype (io.cozy.ai.chat.assistants) and adding its schema definition across manifest.webapp and src/schema.js.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@bundlemon
Copy link

bundlemon bot commented Jan 14, 2026
edited
Loading

BundleMon

Files updated (2)
Status Path Size Limits
static/js/cozy.(hash).js
 870.57KB (+1.41KB +0.16%) -
static/js/main.(hash).js
 81.95KB (+20B +0.02%) -
Unchanged files (14)
Status Path Size Limits
static/js/(chunkId).(hash).js
 1002.57KB -
services/softDeleteOrRestoreAccounts.js
 467.27KB -
services/updateAccounts.js
 465.92KB -
services/deleteAccounts.js
 316.46KB -
services/sourceAccountIdentifierNormalizer.js
 256.12KB -
services/cliskTimeout.js
 255.58KB -
services/sourceAccountIdentifierNormalizerHel
per.js
 232.95KB -
services/myselfFromIdenties.js
 232.76KB -
services/polyfillFetch.js
 97.16KB -
static/js/lib-react.(hash).js
 43.88KB -
static/css/cozy.(hash).css
 30.6KB -
static/js/lib-router.(hash).js
 26.7KB -
services/attributesHelpers.js
 15.7KB -
static/css/main.(hash).css
 8.62KB -

Total files change +1.42KB +0.03%

Groups updated (1)
Status Path Size Limits
**/*.js
 7.08MB (+2.92KB +0.04%) -
Unchanged groups (2)
Status Path Size Limits
**/*.{png,svg,ico}
 272.78KB -
**/*.css
 86.27KB -

Final result: ✅

View report in BundleMon website ➡️

Current branch size history | Target branch size history

coderabbitai[bot]
coderabbitai bot reviewed Jan 14, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
manifest.webapp (1)

128-137: Critical: Duplicate JSON key will cause permission loss.

The key "announcements-uploads" is used twice (lines 128 and 133). JSON parsers typically keep only the last occurrence, so the original permission for cc.cozycloud.announcements.uploads will be silently overwritten.

Rename the new permission key to something meaningful like "assistants":

🐛 Proposed fix 
     "announcements-uploads": {
       "type": "cc.cozycloud.announcements.uploads",
       "verbs": ["GET"],
       "description": "Remote-doctype required to get announcements images"
     },
-    "announcements-uploads": {
+    "assistants": {
       "type": "io.cozy.ai.chat.assistants",
       "verbs": ["ALL"],
       "description": "Remote-doctype required to fetch, create and update assistant data"
     }
🧹 Nitpick comments (1)
src/schema.js (1)

41-50: Consider using the existing ACCOUNTS_DOCTYPE constant.

For consistency with the rest of the file (see line 13), use the constant instead of the hardcoded string.

♻️ Suggested change 
   assistants: {
     doctype: 'io.cozy.ai.chat.assistants',
     attributes: {},
     relationships: {
       provider: {
         type: 'has-one',
-        doctype: 'io.cozy.accounts'
+        doctype: ACCOUNTS_DOCTYPE
       }
     }
   }
📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3569833 and 53c5cdc.

📒 Files selected for processing (2)
  • manifest.webapp
  • src/schema.js
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: Build and publish
  • GitHub Check: Analyze (javascript)

✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.

This was referenced Jan 16, 2026
Open
Open
Merged
Open
@lethemanh lethemanh force-pushed the update-for-using-assistant branch from 53c5cdc to 35390de Compare January 24, 2026 17:16
@lethemanh lethemanh closed this Jan 24, 2026
@lethemanh lethemanh reopened this Jan 24, 2026
@lethemanh lethemanh marked this pull request as ready for review January 24, 2026 17:21
coderabbitai[bot]
coderabbitai bot reviewed Jan 24, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
manifest.webapp (1)

123-136: Rename the duplicate permission key to avoid overriding announcements uploads.
JSON object keys must be unique. The second "announcements-uploads" overrides the first, which likely drops the cc.cozycloud.announcements.uploads permission and can break announcements images access.

🐛 Proposed fix 
     "announcements-uploads": {
       "type": "cc.cozycloud.announcements.uploads",
       "verbs": ["GET"],
       "description": "Remote-doctype required to get announcements images"
     },
-    "announcements-uploads": {
+    "chatAssistants": {
       "type": "io.cozy.ai.chat.assistants",
       "verbs": ["ALL"],
       "description": "Remote-doctype required to fetch, create and update assistant data"
     }
🤖 Fix all issues with AI agents 
In `@manifest.webapp`:
- Around line 133-136: The manifest entry for "announcements-uploads" currently
grants overly broad permissions via the verbs array; change the "verbs" value on
the "announcements-uploads" resource from ["ALL"] to the minimal set matching
the description (e.g., ["GET","POST","PUT"]) or alternatively update the
description to explicitly include DELETE if that verb is required; locate the
"announcements-uploads" object and adjust its "verbs" property accordingly to
enforce least privilege.
🧹 Nitpick comments (1)
src/schema.js (1)

41-48: Use ACCOUNTS_DOCTYPE for provider relationship consistency.
Minor maintainability win: avoid hardcoding the same doctype string in multiple places.

♻️ Proposed change 
   assistants: {
     doctype: 'io.cozy.ai.chat.assistants',
     attributes: {},
     relationships: {
       provider: {
         type: 'has-one',
-        doctype: 'io.cozy.accounts'
+        doctype: ACCOUNTS_DOCTYPE
       }
     }
   }

manifest.webapp
Comment on lines +133 to +136
"announcements-uploads": {
"type": "io.cozy.ai.chat.assistants",
"verbs": ["ALL"],
"description": "Remote-doctype required to fetch, create and update assistant data"
Copy link

@coderabbitai coderabbitai bot Jan 24, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Scope verbs to the described operations (least privilege).
The description says fetch/create/update, but ["ALL"] also grants DELETE. If DELETE isn’t required, tighten to GET/POST/PUT or update the description to match intended access.

🔒 Suggested scope (if DELETE isn’t needed) 
-      "verbs": ["ALL"],
+      "verbs": ["GET", "POST", "PUT"],
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"announcements-uploads": {
"type": "io.cozy.ai.chat.assistants",
"verbs": ["ALL"],
"description": "Remote-doctype required to fetch, create and update assistant data"
"announcements-uploads": {
"type": "io.cozy.ai.chat.assistants",
"verbs": ["GET", "POST", "PUT"],
"description": "Remote-doctype required to fetch, create and update assistant data"
🤖 Prompt for AI Agents 
In `@manifest.webapp` around lines 133 - 136, The manifest entry for
"announcements-uploads" currently grants overly broad permissions via the verbs
array; change the "verbs" value on the "announcements-uploads" resource from
["ALL"] to the minimal set matching the description (e.g., ["GET","POST","PUT"])
or alternatively update the description to explicitly include DELETE if that
verb is required; locate the "announcements-uploads" object and adjust its
"verbs" property accordingly to enforce least privilege.

Copy link
Author

@lethemanh lethemanh Jan 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This config has been used before in old part

Copy link

@coderabbitai coderabbitai bot Jan 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lethemanh, understood! If this permission scope follows the existing patterns in your codebase (I can see other permissions like jobs, contacts, triggers, etc. also use ["ALL"]), then maintaining consistency makes sense. Thank you for the clarification.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@JF-Cozy JF-Cozy Awaiting requested review from JF-Cozy JF-Cozy is a code owner

@zatteo zatteo Awaiting requested review from zatteo zatteo is a code owner

@rezk2ll rezk2ll Awaiting requested review from rezk2ll rezk2ll is a code owner

@doubleface doubleface Awaiting requested review from doubleface doubleface is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@lethemanh lethemanh

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lethemanh