AI Assistant
Overview
The AI Assistant acts as an in-product operator workspace for the shopkeeper. It can answer business questions, stream summaries back into the dashboard, prepare reviewable AI action cards, and turn uploaded files into structured review drafts.
Why it exists
Shopkeepers should not have to jump across multiple pages just to answer questions like "What were my sales this week?" or "Who still owes me money?". The assistant compresses those steps into a single conversational surface while still keeping write actions explicit and reviewable.
User flow
- User clicks the AI Chat bubble located globally in the bottom right corner of the dashboard.
- The assistant panel warms bootstrap state, including entitlements, AI control, prompt inputs, and recent history.
- The user asks a question such as
Show me how much receivable I have. - The server records a routing label from
classifyFastPath()(for telemetry only) and always streams through the tool-assisted path: the model may call read tools and emit*_suggestioncards; greetings and small talk use the same path with tools available but usually unused. - The response is streamed back to the panel as NDJSON events, and pending action cards are refreshed if a mutation suggestion was created.
UI walkthrough
Backend logic
Bambu uses the Vercel AI SDK with a stricter routing and tool runtime layer.
- The panel sends requests to
app/api/ai/route.ts. - Messages are sanitized and checked against quota and policy.
classifyFastPath()labels the request (mutation vs business-data vs small talk) for logs; execution is always tool-assisted.- Tool-assisted requests use the tool registry in
lib/ai/tools/registry.ts. - Read tools execute immediately; mutation tools create pending confirmation cards instead of writing directly.
- Final responses are validated, sanitized, logged, and saved to conversation history.
Database tables involved
Global AI support tables include:
AiSession: session identity and metadataAiTurn: request/response turn recordsAiPendingAction: approval cards waiting for user decisionAiExecutionLedger: idempotent confirmation/revert execution recordsAiToolCallLedger: tool call result ledger- AI usage and request log tables used for quota tracking and audit reporting
API endpoints
POST /api/ai- Main streaming assistant routeGET /api/ai/bootstrap- Warm assistant runtime stateGET /api/ai/usage- AI usage and quota summaryGET /api/ai/actions/pending- Pending action cardsPOST /api/ai/actions/confirm- Approve or reject AI suggestionsPOST /api/ai/actions/revert- Revert eligible executed AI actionsPOST /api/ai/attachments- Upload assistant attachmentsPOST /api/ai/attachment-turn- Build an attachment review turn
Permissions / roles
ownerandmanagercan use confirmation-based mutation tools such as product and supplier creation suggestions.- Tenant entitlements control whether
autoandagentmodes are available. - Audit visibility is restricted to
ownerandmanager.
Edge cases
- Mutations are never executed directly from model reasoning. They must become confirmation cards first.
- If a provider endpoint does not support tool use, the route falls back to text-only tool-assisted prompting.
- The panel shows a safe fallback message if the stream ends without assistant text.
Validation rules
- Input payloads, tools, and action cards are validated with Zod.
- Tool execution is wrapped with policy checks, rate limits, and 5 second timeouts.
- Responses are sanitized before display and storage.
Error handling
- Quota, policy, and provider failures are converted into user-facing safe messages.
- Confirmation and revert routes are idempotent and version-checked to prevent stale or duplicate execution.
Screenshots placeholders
Troubleshooting
- If
autooragentmode is unavailable, check the tenant entitlements for advanced assistant access. - If a card cannot be confirmed or reverted, check for stale
expectedVersionvalues or policy changes since the card was created.