Skip to content

feat: Declare new doctype and schema for assistant ✨ #2349

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
lethemanh wants to merge 1 commit into
base: master
Choose a base branch
from
+22 −7
Open

feat: Declare new doctype and schema for assistant ✨ #2349

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions manifest.webapp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,11 @@
"type": "cc.cozycloud.announcements.uploads",
"verbs": ["GET"],
"description": "Remote-doctype required to get announcements images"
},
"announcements-uploads": {
Copy link
Member

@zatteo zatteo Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rename this key to "assistants"

"type": "io.cozy.ai.chat.assistants",
"verbs": ["ALL"],
"description": "Remote-doctype required to fetch, create and update assistant data"
Comment on lines +133 to +136
Copy link

@coderabbitai coderabbitai bot Jan 24, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Scope verbs to the described operations (least privilege).
The description says fetch/create/update, but ["ALL"] also grants DELETE. If DELETE isn’t required, tighten to GET/POST/PUT or update the description to match intended access.

🔒 Suggested scope (if DELETE isn’t needed) 
-      "verbs": ["ALL"],
+      "verbs": ["GET", "POST", "PUT"],
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"announcements-uploads": {
"type": "io.cozy.ai.chat.assistants",
"verbs": ["ALL"],
"description": "Remote-doctype required to fetch, create and update assistant data"
"announcements-uploads": {
"type": "io.cozy.ai.chat.assistants",
"verbs": ["GET", "POST", "PUT"],
"description": "Remote-doctype required to fetch, create and update assistant data"
🤖 Prompt for AI Agents 
In `@manifest.webapp` around lines 133 - 136, The manifest entry for
"announcements-uploads" currently grants overly broad permissions via the verbs
array; change the "verbs" value on the "announcements-uploads" resource from
["ALL"] to the minimal set matching the description (e.g., ["GET","POST","PUT"])
or alternatively update the description to explicitly include DELETE if that
verb is required; locate the "announcements-uploads" object and adjust its
"verbs" property accordingly to enforce least privilege.

Copy link
Author

@lethemanh lethemanh Jan 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This config has been used before in old part

Copy link

@coderabbitai coderabbitai bot Jan 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lethemanh, understood! If this permission scope follows the existing patterns in your codebase (I can see other permissions like jobs, contacts, triggers, etc. also use ["ALL"]), then maintaining consistency makes sense. Thank you for the clarification.

}
},
"routes": {
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@
"cozy-sharing": "^28.0.2",
"cozy-stack-client": "^60.6.0",
"cozy-tsconfig": "^1.8.1",
"cozy-ui": "^135.0.0",
"cozy-ui": "^135.5.0",
"cozy-ui-plus": "^4.0.0",
"cozy-viewer": "^26.2.0",
"date-fns": "2.30.0",
Expand Down
10 changes: 10 additions & 0 deletions src/schema.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,16 @@ const schema = {
doctype: 'io.cozy.contacts'
}
}
},
assistants: {
doctype: 'io.cozy.ai.chat.assistants',
attributes: {},
relationships: {
provider: {
type: 'has-one',
doctype: 'io.cozy.accounts'
}
}
}
}

Expand Down
12 changes: 6 additions & 6 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5398,10 +5398,10 @@ cozy-ui-plus@^4.0.0:
react-final-form-arrays "3.1.4"
rooks "7.14.1"

cozy-ui@^135.0.0:
version "135.0.0"
resolved "https://registry.yarnpkg.com/cozy-ui/-/cozy-ui-135.0.0.tgz#e704ce9c8969340190d2219b50574466dd1d2e40"
integrity sha512-JGDRIw2HcqD+N1T0ibONvntcCvAvhXJ1xeTtn0wF5edJSt5HwMuSTcjXrU36Sr2/HLkDYzlAviP8FWgfOecLnA==
cozy-ui@^135.5.0:
version "135.5.0"
resolved "https://registry.yarnpkg.com/cozy-ui/-/cozy-ui-135.5.0.tgz#fe7dbaa4512abe09f590295738bdb706b033e7d2"
integrity sha512-5D9Q7V5BmIbLN8aiQ1hFYsFp3x+u9+5qFexpDX5tnzVBh0cCpYMm7pY95D7q6Jx0K7Tv59fL15OtB6iahui8fQ==
dependencies:
"@babel/runtime" "^7.3.4"
"@date-io/date-fns" "1"
Expand Down Expand Up @@ -10423,9 +10423,9 @@ msgpack5@^4.0.2:
readable-stream "^2.3.6"
safe-buffer "^5.1.2"

"mui-bottom-sheet@https://github.com/cozy/mui-bottom-sheet.git#v1.0.9":
"mui-bottom-sheet@git+https://github.com/cozy/mui-bottom-sheet.git#v1.0.9":
version "1.0.8"
resolved "https://github.com/cozy/mui-bottom-sheet.git#3dc4c2a245ab39079bc2f73546bccf80847be14c"
resolved "git+https://github.com/cozy/mui-bottom-sheet.git#3dc4c2a245ab39079bc2f73546bccf80847be14c"
dependencies:
"@juggle/resize-observer" "^3.1.3"
jest-environment-jsdom-sixteen "^1.0.3"
Expand Down
Loading