Cleaned up AI executions with shuffle creds

Author: frikky

ai.go

@@ -7514,16 +7514,17 @@ You are the Action Execution Agent for the Shuffle platform. You receive tools (
 
 	}
 
-<<<<<<< llm-auth-fix
 	// Set model based on environment
 	aiModel := "gpt-5-mini"
-	if project.Environment != "cloud" {
-		aiModel = os.Getenv("AI_MODEL")
-		if aiModel == "" {
-			aiModel = os.Getenv("OPENAI_MODEL")
-		}
+	newAiModel := os.Getenv("AI_MODEL")
+	if newAiModel == "" {
+		newAiModel = os.Getenv("OPENAI_MODEL")
 	}
-=======
+
+	if len(newAiModel) > 0 {
+		aiModel = newAiModel
+	}
+
 	// Escape relevant... weird data 
 	//In case of previous escapes
 	metadata = strings.ReplaceAll(metadata, "${", "{")
@@ -7533,7 +7534,6 @@ You are the Action Execution Agent for the Shuffle platform. You receive tools (
 	userMessage = strings.ReplaceAll(userMessage, "${", "{")
 	userMessage = strings.ReplaceAll(userMessage, "\\$", "$")
 	userMessage = strings.ReplaceAll(userMessage, "$", "\\$")
->>>>>>> main
 
 	completionRequest := openai.ChatCompletionRequest{
 		Model: aiModel,

shared.go

@@ -21110,54 +21110,6 @@ func PrepareSingleAction(ctx context.Context, user User, appId string, body []by
 		}
 	}
 
-	// Fallback to inject AI creds if the user don't have any
-	if strings.ToLower(app.Name) == "openai" && len(action.AuthenticationId) == 0 {
-		apiKey := os.Getenv("AI_API_KEY")
-		if apiKey == "" {
-			apiKey = os.Getenv("OPENAI_API_KEY")
-		}
-
-		apiUrl := os.Getenv("AI_API_URL")
-		if apiUrl == "" {
-			apiUrl = os.Getenv("OPENAI_API_URL")
-		}
-		if apiUrl == "" {
-			apiUrl = "https://api.openai.com"
-		}
-
-		if len(apiKey) > 0 {
-			// TODO: Track actual token usage from response	
-
-			urlFound := false
-			apikeyFound := false
-			for i, param := range action.Parameters {
-				if param.Name == "url" {
-					action.Parameters[i].Value = apiUrl // Don't trust the user provided url, use the one from the env
-					urlFound = true
-				}
-				if param.Name == "apikey" {
-					action.Parameters[i].Value = apiKey
-					action.Parameters[i].Configuration = true
-					apikeyFound = true
-				}
-			}
-			if !urlFound {
-				action.Parameters = append(action.Parameters, WorkflowAppActionParameter{
-					Name:  "url",
-					Value: apiUrl,
-				})
-			}
-			if !apikeyFound {
-				action.Parameters = append(action.Parameters, WorkflowAppActionParameter{
-					Name:          "apikey",
-					Value:         apiKey,
-					Configuration: true,
-				})
-			}
-			log.Printf("[AUDIT] Injected system OpenAI credentials (fallback) for org %s", user.ActiveOrg.Id)
-		}
-	}
-
 	if runValidationAction {
 		log.Printf("\n\n[INFO] SHOULD BE Running validation action for %s for org %s (%s)\n\n", app.Name, user.ActiveOrg.Name, user.ActiveOrg.Id)
 
@@ -21216,9 +21168,6 @@ func PrepareSingleAction(ctx context.Context, user User, appId string, body []by
 
 	action.AppID = appId
 	workflow := Workflow{
-		Actions: []Action{
-			action,
-		},
 		Start:     action.ID,
 		ID:        uuid.NewV4().String(),
 		Generated: true,
@@ -21234,6 +21183,74 @@ func PrepareSingleAction(ctx context.Context, user User, appId string, body []by
 		workflowExecution.OrgId = user.ActiveOrg.Id
 	}
 
+	// Fallback to inject AI creds if the user don't have any
+	if strings.ToLower(app.Name) == "openai" && len(action.AuthenticationId) == 0 {
+		apiKey := os.Getenv("AI_API_KEY")
+		if apiKey == "" {
+			apiKey = os.Getenv("OPENAI_API_KEY")
+		}
+
+		apiUrl := os.Getenv("AI_API_URL")
+		if apiUrl == "" {
+			apiUrl = os.Getenv("OPENAI_API_URL")
+		}
+
+		if apiUrl == "" {
+			apiUrl = "https://api.openai.com"
+		}
+
+		if len(apiKey) > 0 {
+			IncrementCache(ctx, user.ActiveOrg.Id, "ai_executions", 1)
+
+			urlFound := false
+			apikeyFound := false
+			for i, param := range action.Parameters {
+				if param.Name == "url" {
+					action.Parameters[i].Value = apiUrl 
+					urlFound = true
+				}
+
+				if param.Name == "apikey" {
+					action.Parameters[i].Value = apiKey
+					action.Parameters[i].Configuration = true
+					apikeyFound = true
+				}
+			}
+
+			if !urlFound {
+				action.Parameters = append(action.Parameters, WorkflowAppActionParameter{
+					Name:  "url",
+					Value: apiUrl,
+				})
+			}
+
+			if !apikeyFound {
+				action.Parameters = append(action.Parameters, WorkflowAppActionParameter{
+					Name:          "apikey",
+					Value:         apiKey,
+					Configuration: true,
+				})
+			}
+
+			log.Printf("[AUDIT] Injected system AI credentials (fallback) for org %s", user.ActiveOrg.Id)
+
+			// Mapping to internal so the execution itself is not referencable
+			if project.Environment == "cloud" {
+				workflowExecution.ExecutionOrg = "INTERNAL"
+				workflowExecution.Workflow.OrgId = "INTERNAL"
+				workflow.OrgId = "INTERNAL"
+				workflow.ExecutingOrg = OrgMini{
+					Name: "INTERNAL",
+					Id: "INTERNAL",
+				}
+			}
+		}
+	}
+
+	workflow.Actions = []Action{
+		action,
+	}
+
 	// Add fake queries to it. Doesn't matter what is here.
 	// This is just to ensure that _something_ is sent
 	badRequest := &http.Request{}

stats.go

@@ -891,7 +891,7 @@ func IncrementCache(ctx context.Context, orgId, dataType string, amount ...int)
 		return
 	}
 
-	if len(orgId) != 36 && orgId != "public" {
+	if len(orgId) != 36 && orgId != "public" && orgId != "INTERNAL" {
 		log.Printf("[ERROR] Increment Stats with bad OrgId '%s' for type '%s'", orgId, dataType)
 		return
 	}

structs.go

@@ -4926,6 +4926,7 @@ type TestResult struct {
 	Error    string `json:"error,omitempty"`
 }
 
+// Standard used for MCP
 type MCPRequest struct {
 	Jsonrpc string `json:"jsonrpc"`
 	ID      string `json:"id"`