Feat/ai sdk migration v2

.github/dependabot.yml

@@ -0,0 +1,170 @@
+---
+# Dependabot Configuration for ChartSmith
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  # Go Modules - Root
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+      - "go"
+    commit-message:
+      prefix: "deps"
+      include: "scope"
+    # Group minor and patch updates together to reduce PR noise
+    groups:
+      go-dependencies:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # Go Modules - Helm Utils
+  - package-ecosystem: "gomod"
+    directory: "/helm-utils"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "go"
+      - "helm-utils"
+    commit-message:
+      prefix: "deps(helm-utils)"
+      include: "scope"
+    groups:
+      helm-utils-dependencies:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # Go Modules - Dagger
+  - package-ecosystem: "gomod"
+    directory: "/dagger"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "go"
+      - "dagger"
+    commit-message:
+      prefix: "deps(dagger)"
+      include: "scope"
+    groups:
+      dagger-dependencies:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # NPM - ChartSmith App
+  - package-ecosystem: "npm"
+    directory: "/chartsmith-app"
+    schedule:
+      interval: "weekly"
+      day: "tuesday"
+      time: "09:00"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+      - "npm"
+      - "chartsmith-app"
+    commit-message:
+      prefix: "deps(app)"
+      include: "scope"
+    # Ignore major version updates for React and Next.js (handle manually)
+    ignore:
+      - dependency-name: "react"
+        update-types: ["version-update:semver-major"]
+      - dependency-name: "react-dom"
+        update-types: ["version-update:semver-major"]
+      - dependency-name: "next"
+        update-types: ["version-update:semver-major"]
+    # Group non-breaking updates to reduce PR noise
+    groups:
+      react-ecosystem:
+        patterns:
+          - "react*"
+          - "@types/react*"
+        update-types:
+          - "minor"
+          - "patch"
+      development-dependencies:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+          - "patch"
+      production-dependencies:
+        dependency-type: "production"
+        update-types:
+          - "patch"
+
+  # NPM - ChartSmith Extension
+  - package-ecosystem: "npm"
+    directory: "/chartsmith-extension"
+    schedule:
+      interval: "weekly"
+      day: "tuesday"
+      time: "09:00"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+      - "npm"
+      - "chartsmith-extension"
+    commit-message:
+      prefix: "deps(extension)"
+      include: "scope"
+    # Ignore major version updates for React (handle manually)
+    ignore:
+      - dependency-name: "react"
+        update-types: ["version-update:semver-major"]
+      - dependency-name: "react-dom"
+        update-types: ["version-update:semver-major"]
+    groups:
+      react-ecosystem:
+        patterns:
+          - "react*"
+          - "@types/react*"
+        update-types:
+          - "minor"
+          - "patch"
+      development-dependencies:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # GitHub Actions (if/when workflows are added)
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "wednesday"
+      time: "09:00"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+    groups:
+      github-actions:
+        patterns:
+          - "*"

.gitignore

@@ -6,3 +6,8 @@ test-results/
 .specstory/
 chart/chartsmith/*.tgz
 .direnv/
+
+# Local setup documentation and scripts (not committed to git)
+docs/
+scripts/
+.env

ARCHITECTURE.md

@@ -24,4 +24,26 @@ It's made for both the developer working on it and for AI models to read and app
 ## Workers
 - The go code is where we put all workers. 
 - Jobs for workers are enqueued and scheduled using postgres notify and a work_queue table.
-- Status from the workers is communicated via Centrifugo messages to the client.
+- Status from the workers is communicated via Centrifugo messages to the client.
+
+## Chat & LLM Integration
+
+Chartsmith uses the Vercel AI SDK for all conversational chat functionality.
+The Go worker outputs AI SDK Data Stream Protocol format, which the frontend
+consumes via the useChat hook.
+
+### Architecture
+- Frontend: useChat hook manages chat state
+- API Route: /api/chat proxies to Go worker
+- Backend: Go worker outputs AI SDK protocol (HTTP SSE)
+- Streaming: Server-Sent Events instead of WebSocket
+
+### Key Components
+- pkg/llm/aisdk.go: Adapter for AI SDK protocol
+- pkg/api/chat.go: HTTP endpoint for chat streaming
+- chartsmith-app/hooks/useAIChat.ts: Frontend hook wrapper
+- chartsmith-app/app/api/chat/route.ts: Next.js API route
+
+### Note on Centrifugo
+Centrifugo is still used for non-chat events (plans, renders, artifacts).
+Chat messages flow exclusively through the AI SDK HTTP SSE protocol.

chartsmith-app/ARCHITECTURE.md

@@ -21,3 +21,28 @@ This is a next.js project that is the front end for chartsmith.
 - We aren't using Next.JS API routes, except when absolutely necessary.
 - Front end should call server actions, which call lib/* functions.
 - Database queries are not allowed in the server action. Server actions are just wrappers for which lib functions we expose.
+
+## Chat & LLM Integration
+
+Chartsmith uses the Vercel AI SDK for all chat functionality:
+
+- **Frontend**: `useChat` hook from `@ai-sdk/react` manages chat state
+- **API Route**: `/api/chat` Next.js route proxies to Go worker
+- **Backend**: Go worker outputs AI SDK Data Stream Protocol (HTTP SSE)
+- **Streaming**: Server-Sent Events (SSE) instead of WebSocket
+- **State**: Managed by AI SDK hook, integrated with Jotai for workspace state
+
+### Flow
+```
+User Input → ChatContainer → useAIChat → /api/chat → Go Worker → AI SDK Protocol → useChat → UI
+```
+
+### Key Components
+- `useAIChat`: Wraps `useChat` with Chartsmith-specific logic
+- `/api/chat`: Next.js API route that proxies to Go worker
+- `pkg/llm/aisdk.go`: Go adapter for AI SDK protocol
+- `pkg/api/chat.go`: HTTP endpoint for chat streaming
+
+### Note on Centrifugo
+Centrifugo is still used for non-chat events (plans, renders, artifacts).
+Chat messages flow exclusively through the AI SDK HTTP SSE protocol.

chartsmith-app/app/api/auth/test-auth/route.ts

@@ -0,0 +1,78 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { validateTestAuth } from '@/lib/auth/actions/test-auth';
+import { logger } from '@/lib/utils/logger';
+
+export async function GET(request: NextRequest) {
+  // Only allow in development/test mode
+  if (process.env.NODE_ENV === 'production') {
+    return NextResponse.json({ error: 'Test auth not allowed in production' }, { status: 403 });
+  }
+
+  if (process.env.ENABLE_TEST_AUTH !== 'true' && process.env.NEXT_PUBLIC_ENABLE_TEST_AUTH !== 'true') {
+    return NextResponse.json({ error: 'Test auth not enabled' }, { status: 403 });
+  }
+
+  try {
+    logger.debug('Test auth API called');
+    const jwt = await validateTestAuth();
+
+    if (!jwt) {
+      return NextResponse.json({ error: 'Failed to generate test token' }, { status: 500 });
+    }
+
+    logger.debug('Test auth successful, setting cookie via API', { jwtLength: jwt.length });
+
+    // Check if this is a programmatic request (e.g., from Playwright) that wants the JWT
+    const wantsJson = request.headers.get('accept')?.includes('application/json') || 
+                      request.nextUrl.searchParams.get('format') === 'json';
+
+    if (wantsJson) {
+      // Return JWT in JSON for programmatic access (e.g., Playwright tests)
+      return NextResponse.json({ 
+        token: jwt,
+        redirect: '/'
+      });
+    }
+
+    // Set cookie expiration
+    const expires = new Date();
+    expires.setDate(expires.getDate() + 7);
+
+    // Create redirect response
+    const redirectUrl = new URL('/', request.url);
+    const response = NextResponse.redirect(redirectUrl);
+
+    // Try both methods: cookies API and manual header
+    // Method 1: Use cookies() API
+    response.cookies.set('session', jwt, {
+      expires,
+      path: '/',
+      sameSite: 'lax',
+      httpOnly: false,
+    });
+
+    // Method 2: Also manually set header as backup
+    const cookieValue = `session=${jwt}; Path=/; SameSite=Lax; Expires=${expires.toUTCString()}`;
+    const existingSetCookie = response.headers.get('Set-Cookie');
+    if (existingSetCookie) {
+      // Append if header already exists
+      response.headers.set('Set-Cookie', `${existingSetCookie}, ${cookieValue}`);
+    } else {
+      response.headers.set('Set-Cookie', cookieValue);
+    }
+
+    logger.debug('Cookie set via both methods', { 
+      jwtLength: jwt.length,
+      jwtPrefix: jwt.substring(0, 30) + '...',
+      setCookieHeader: response.headers.get('Set-Cookie')?.substring(0, 150) || 'none'
+    });
+
+    return response;
+  } catch (error) {
+    logger.error('Test auth API failed', { error });
+    return NextResponse.json({ 
+      error: 'Test authentication failed',
+      details: error instanceof Error ? error.message : String(error)
+    }, { status: 500 });
+  }
+}