Tcoz openai assist

[jasquat]

Created from @tcoz branch in PR #1134 but in the sartography project instead of a fork.

Summary by CodeRabbit

• New Features

  • Introduced new API endpoints for AI-powered script assistance and natural language processing.
  • Added backend configuration options for AI tools, including OpenAI API integration.
  • Implemented AI-driven script assistance functionality in the backend.
  • Added new frontend components and hooks for interacting with script assistance features.
  • Updated the process model editor to support script assistance, including UI enhancements.

• Enhancements

  • Added @carbon/colors for improved color management in the frontend.

• Library Updates

  • Updated backend and frontend dependencies to include AI integration support and database interaction improvements.

• Style

  • Enhanced frontend styling with utility classes for better UI alignment and appearance.

[coderabbitai]

Walkthrough

The recent update integrates AI-driven script assistance into the SpiffWorkflow platform, enhancing both the backend and frontend. It introduces new API endpoints for script processing, configures the backend for AI tool support, and adds necessary dependencies. On the frontend, it implements UI components and hooks to interact with the AI services, enabling dynamic script generation and processing. This update significantly boosts the platform's capabilities in automating and assisting users with script creation.

Changes

File Path	Change Summary
.../api.yml	Added /script-assist/enabled and /script-assist/process-message API endpoints for AI script assistance.
.../config/default.py	Added configuration options for AI tools, including script assistance settings and API keys.
.../routes/script_assist_controller.py	Added functionality for script assistance and processing messages using AI services.
pyproject.toml	Added pymysql and openai dependencies; updated mysqlclient.
.../__init__.py	Updated comments for using pymysql with sqlalchemy and emphasized Python 3 requirement.
.../package-lock.json	Added @carbon/colors and @types/carbon__colors dependencies.
.../package.json	Added @carbon/colors and @types/carbon__colors with specific versions.
.../SpiffTooltip.tsx, .../useProcessScriptAssistQuery.tsx, .../useScriptAssistEnabled.tsx, .../index.css, .../ProcessModelEditDiagram.tsx	Implemented UI components and hooks for script assistance; added styling utility classes.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[coderabbitai]

Review Status

Actionable comments generated: 9

Configuration used: .coderabbit.yaml

Commits

Files that changed from the base of the PR and between 0565e63 and 476f01a.

Files selected for processing (14)

• spiffworkflow-backend/pyproject.toml (2 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/init.py (1 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/api.yml (2 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/config/default.py (2 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/local_development.yml (1 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/routes/script_assist_controller.py (1 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py (1 hunks)
• spiffworkflow-frontend/package-lock.json (4 hunks)
• spiffworkflow-frontend/package.json (2 hunks)
• spiffworkflow-frontend/src/components/SpiffTooltip.tsx (1 hunks)
• spiffworkflow-frontend/src/hooks/useProcessScriptAssistQuery.tsx (1 hunks)
• spiffworkflow-frontend/src/hooks/useScriptAssistEnabled.tsx (1 hunks)
• spiffworkflow-frontend/src/index.css (1 hunks)
• spiffworkflow-frontend/src/routes/ProcessModelEditDiagram.tsx (6 hunks)

Files skipped from review due to trivial changes (1)

• spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/local_development.yml

Additional comments: 17

spiffworkflow-frontend/src/components/SpiffTooltip.tsx (1)

• 14-18: The addition of PopperProps with a zIndex style to the Tooltip component ensures that the tooltip will be displayed above other UI elements. This is a good practice for improving UI visibility and user experience. However, ensure that the zIndex value of 9999 does not conflict with other elements in your application that might also use high zIndex values.

spiffworkflow-backend/src/spiffworkflow_backend/routes/script_assist_controller.py (3)

• 10-13: The TODO comments provide useful context about potential future improvements, such as testing for the existence of the API key to determine if script assist is enabled and considering the use of the async version of the OpenAI library. These comments are helpful for maintaining and evolving the codebase.
• 14-15: The enabled function correctly checks the configuration to determine if script assistance is enabled and returns the status. This is a straightforward and effective implementation.
• 18-56: The process_message function is well-structured and includes important checks, such as verifying the presence of the OpenAI API key and the script query. The use of a prepend and append string to guide the OpenAI model's response is a clever approach to ensure more relevant and secure outputs. However, the static analysis tool's hint about SQL injection is a false positive in this context, as the code is constructing a query for the OpenAI API, not a SQL database. Nonetheless, ensure that the content returned from OpenAI is handled securely, especially since it's dynamically generated code that could be executed.

spiffworkflow-frontend/package.json (2)

• 9-9: Adding @carbon/colors as a dependency is a good choice for enhancing UI styling with a consistent color palette. Ensure that the version ^11.20.0 is compatible with other UI components and libraries you are using.
• 99-99: The addition of @types/carbon__colors as a dev dependency is appropriate for TypeScript projects, providing type definitions for @carbon/colors. This facilitates better development experience and type checking.

spiffworkflow-backend/pyproject.toml (2)

• 36-37: The addition of pymysql and openai dependencies is aligned with the PR's objectives to enhance the project with AI and script assistance features. Ensure that these versions are compatible with the project's Python version and other dependencies.
• 79-79: Updating mysqlclient to version ^2.2.3 is a good practice to keep dependencies up-to-date. Verify that this version is compatible with the project's database version and SQLAlchemy.

spiffworkflow-frontend/src/routes/ProcessModelEditDiagram.tsx (7)

• 20-22: The addition of Stack, TextArea, and InlineLoading components from @carbon/react is appropriate for the new UI elements related to script assistance. Ensure these components are used in a way that aligns with the Carbon Design System guidelines.
• 30-30: The addition of the Information icon from @carbon/icons-react is suitable for providing informational tooltips or guidance within the UI. It's a good practice to use such visual cues to enhance user experience.
• 32-32: Importing gray from @carbon/colors is a good practice for maintaining consistency in UI color schemes. Ensure that the gray color variable is used appropriately across the UI components to maintain a cohesive design.
• 57-58: The introduction of custom hooks useScriptAssistEnabled and useProcessScriptAssistMessage is a good practice for encapsulating the logic related to fetching script assistance settings and processing script assistance messages. This enhances modularity and maintainability of the code.
• 99-103: The addition of new state variables scriptAssistValue, scriptAssistError, and the destructuring of scriptAssistEnabled, setScriptAssistQuery, scriptAssistLoading, scriptAssistResult from custom hooks indicates a significant enhancement in handling script assistance functionality. Ensure that these state variables and hook results are used correctly throughout the component to manage the script assistance feature effectively.
• 522-526: The use of useEffect to manually trigger handleEditorScriptChange when scriptAssistResult is updated is a practical workaround for the issue where dynamic updates to the editor's value do not trigger an onChange event. This ensures that the script editor's content is kept in sync with the script assistance results.
• 978-978: The conditional rendering of the Script Assist tab based on scriptAssistEnabled is a good practice, ensuring that UI elements are only shown when the relevant feature is enabled. This enhances the user experience by avoiding confusion with unavailable features.

spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py (1)

• 555-556: The addition of the permission read for /script-assist/enabled and create for /script-assist/process-message is correctly implemented. These permissions align with the intended functionality of checking if script assistance is enabled and processing messages through the script assistance feature, respectively. However, ensure that the broader security implications of these permissions are considered, especially for the create permission on /script-assist/process-message, which allows for data submission. It's crucial to validate and sanitize inputs to prevent potential security vulnerabilities.

spiffworkflow-backend/src/spiffworkflow_backend/api.yml (1)

• 177-189: The new API endpoint /script-assist/enabled is well-defined, with a clear operationId, summary, and response schema. It adheres to RESTful principles by using the appropriate HTTP method (GET) for retrieving information. The summary and description provide clear information about the endpoint's purpose, which is to return the value of SCRIPT_ASSIST_ENABLED, indicating whether AI script assistance should be enabled in the UI.

[coderabbitai]

Review Status

Actionable comments generated: 3

Configuration used: .coderabbit.yaml

Commits

Files that changed from the base of the PR and between 476f01a and 12166da.

Files selected for processing (6)

• spiffworkflow-backend/src/spiffworkflow_backend/init.py (1 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/config/default.py (2 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/models/reference_cache.py (2 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/routes/script_assist_controller.py (1 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py (3 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/services/workflow_service.py (1 hunks)

Files skipped from review as they are similar to previous changes (2)

• spiffworkflow-backend/src/spiffworkflow_backend/init.py
• spiffworkflow-backend/src/spiffworkflow_backend/config/default.py

Additional comments: 3

spiffworkflow-backend/src/spiffworkflow_backend/models/reference_cache.py (2)

• 5-5: Removing the type: ignore comment for the flask_marshmallow.Schema import indicates an improvement in type checking compliance. It's good practice to ensure that the codebase adheres to static type checking as much as possible, as it enhances code quality and maintainability.
• 145-145: Similarly, removing the type: ignore comment for the ReferenceSchema class declaration is a positive change, suggesting that the type checking issues have been resolved. Continue to ensure that the codebase remains compliant with static type checking to maintain high code quality.

spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py (1)

• 206-219: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [183-216]

The changes made to the parse_jwt_token method, including assigning the result of jwt.decode to parsed_token and using cast to ensure the return type is dict, are commendable. These improvements enhance code clarity and type safety, making the method more robust and easier to understand. Good job on making these enhancements.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: .coderabbit.yaml

Commits

Files that changed from the base of the PR and between 12166da and d604a18.

Files selected for processing (2)

• spiffworkflow-backend/pyproject.toml (2 hunks)
• spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py (1 hunks)

Files skipped from review as they are similar to previous changes (1)

• spiffworkflow-backend/pyproject.toml

Additional comments: 1

spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py (1)

• 461-462: The addition of permissions for /script-assist/enabled (read) and /script-assist/process-message (create) aligns with the PR objectives to enhance the project with AI and script assistance features. These permissions seem appropriate for enabling script assistance functionality and processing messages through the script assist feature. Ensure that the access control for these endpoints is thoroughly tested, especially considering the potential sensitivity of processing messages through script assistance.

[coderabbitai]

Review Status

Actionable comments generated: 3

Configuration used: .coderabbit.yaml

Commits

Files that changed from the base of the PR and between d604a18 and f9607f0.

Files selected for processing (5)

• spiffworkflow-backend/src/spiffworkflow_backend/api.yml (2 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/config/default.py (1 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/routes/script_assist_controller.py (1 hunks)
• spiffworkflow-frontend/src/hooks/useProcessScriptAssistQuery.tsx (1 hunks)
• spiffworkflow-frontend/src/routes/ProcessModelEditDiagram.tsx (6 hunks)

Files skipped from review as they are similar to previous changes (4)

• spiffworkflow-backend/src/spiffworkflow_backend/api.yml
• spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
• spiffworkflow-frontend/src/hooks/useProcessScriptAssistQuery.tsx
• spiffworkflow-frontend/src/routes/ProcessModelEditDiagram.tsx

Additional comments: 5

spiffworkflow-backend/src/spiffworkflow_backend/routes/script_assist_controller.py (5)

• 12-14: The enabled() function correctly checks the configuration to determine if script assistance is enabled and returns the status. This is a straightforward and effective implementation.
• 18-20: Properly handling the case where the OpenAI API key is not set by returning a response indicating the issue. This is good practice for error handling and user feedback.
• 22-24: Checking if the script query is provided and returning an appropriate message if not. This is a good practice for validating input and providing clear feedback to the user.
• 36-53: The construction of the query and the use of the OpenAI API to process the script assistance request are implemented correctly. However, the static analysis tool's warning about SQL injection is a false positive in this context, as the query is for the OpenAI API, not a SQL database. Still, it's crucial to ensure that user input is sanitized and safely handled.

However, it's worth noting the static analysis tool's warning and ensuring that all user inputs are sanitized and validated to prevent any potential security vulnerabilities.

• 55-55: The function correctly processes the message, interacts with the OpenAI API, and returns the response. This implementation effectively achieves the desired functionality.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: .coderabbit.yaml

Commits

Files that changed from the base of the PR and between f9607f0 and 1e5ae9a.

Files selected for processing (4)

• spiffworkflow-backend/src/spiffworkflow_backend/api.yml (2 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/routes/script_assist_controller.py (1 hunks)
• spiffworkflow-frontend/src/hooks/useProcessScriptAssistQuery.tsx (1 hunks)
• spiffworkflow-frontend/src/routes/ProcessModelEditDiagram.tsx (6 hunks)

Files skipped from review as they are similar to previous changes (4)

• spiffworkflow-backend/src/spiffworkflow_backend/api.yml
• spiffworkflow-backend/src/spiffworkflow_backend/routes/script_assist_controller.py
• spiffworkflow-frontend/src/hooks/useProcessScriptAssistQuery.tsx
• spiffworkflow-frontend/src/routes/ProcessModelEditDiagram.tsx

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: .coderabbit.yaml

Commits

Files that changed from the base of the PR and between 1e5ae9a and 7a878af.

Files selected for processing (2)

• spiffworkflow-backend/pyproject.toml (2 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/init.py (1 hunks)

Files skipped from review as they are similar to previous changes (2)

• spiffworkflow-backend/pyproject.toml
• spiffworkflow-backend/src/spiffworkflow_backend/init.py