{
"tool_response": {
"filePath": "\/var\/www\/dev.campus.systemische-tools.de\/src\/Controller\/ContentController.php",
"oldString": " 'model' => $_POST['model'] ?? 'claude-sonnet-4-20250514',",
"newString": " 'model' => ModelConfig::validate($_POST['model'] ?? ModelConfig::DEFAULT_MODEL),",
"originalFile": "<?php\n\nnamespace Controller;\n\nuse Framework\\Controller;\nuse Infrastructure\\AI\\AIConfig;\nuse Infrastructure\\AI\\ModelConfig;\nuse Infrastructure\\AI\\QdrantService;\nuse Infrastructure\\Persistence\\ContentRepository;\n\nclass ContentController extends Controller\n{\n private ContentRepository $repository;\n private QdrantService $qdrantService;\n private string $pipelinePath = '\/opt\/scripts\/pipeline';\n private string $pythonPath;\n\n public function __construct()\n {\n $this->repository = new ContentRepository();\n $this->pythonPath = $this->pipelinePath . '\/venv\/bin\/python';\n\n $config = AIConfig::fromCredentialsFile();\n $this->qdrantService = $config->createQdrantService();\n }\n\n \/**\n * GET \/content\n * List all content orders\n *\/\n public function index(): void\n {\n $filters = [];\n if (isset($_GET['status']) && $_GET['status'] !== '') {\n $filters['status'] = $_GET['status'];\n }\n\n $orders = $this->repository->findAllOrders($filters);\n $stats = $this->repository->getStatistics();\n\n $this->view('content.index', [\n 'title' => 'Content Studio',\n 'orders' => $orders,\n 'stats' => $stats,\n 'currentStatus' => $_GET['status'] ?? '',\n ]);\n }\n\n \/**\n * GET \/content\/new\n * Show create form\n *\/\n public function contentNew(): void\n {\n $collections = $this->qdrantService->listCollections();\n if ($collections === []) {\n $collections = ['documents'];\n }\n\n $this->view('content.new', [\n 'title' => 'Neuer Content-Auftrag',\n 'profiles' => $this->repository->findAllProfiles(),\n 'contracts' => $this->repository->findAllContracts(),\n 'structures' => $this->repository->findAllStructures(),\n 'models' => ModelConfig::getAll(),\n 'defaultModel' => ModelConfig::DEFAULT_MODEL,\n 'collections' => $collections,\n ]);\n }\n\n \/**\n * POST \/content\n * Store new order\n *\/\n public function store(): void\n {\n $this->requireCsrf();\n\n $title = trim($_POST['title'] ?? '');\n $briefing = trim($_POST['briefing'] ?? '');\n\n if ($title === '' || $briefing === '') {\n $_SESSION['error'] = 'Titel und Briefing sind erforderlich.';\n header('Location: \/content\/new');\n exit;\n }\n\n \/\/ Auto-apply first active contract if none selected\n $contractId = $_POST['contract_id'] ?? null;\n if ($contractId === null || $contractId === '') {\n $contracts = $this->repository->findAllContracts();\n if ($contracts !== []) {\n $contractId = $contracts[0]['id'];\n }\n }\n\n \/\/ Process collections (multi-select)\n $collections = $_POST['collections'] ?? ['documents'];\n if (!is_array($collections)) {\n $collections = [$collections];\n }\n\n $orderId = $this->repository->createOrder([\n 'title' => $title,\n 'briefing' => $briefing,\n 'author_profile_id' => $_POST['author_profile_id'] ?? null,\n 'contract_id' => $contractId,\n 'structure_id' => $_POST['structure_id'] ?? null,\n 'model' => $_POST['model'] ?? 'claude-sonnet-4-20250514',\n 'collections' => json_encode($collections),\n 'context_limit' => (int) ($_POST['context_limit'] ?? 5),\n ]);\n\n header('Location: \/content\/' . $orderId);\n exit;\n }\n\n \/**\n * GET \/content\/{id}\n * Show order details\n *\/\n public function show(int $id): void\n {\n $order = $this->repository->findOrder($id);\n\n if ($order === null) {\n http_response_code(404);\n echo '404 - Auftrag nicht gefunden';\n\n return;\n }\n\n $versions = $this->repository->findVersionsByOrder($id);\n $latestVersion = $versions[0] ?? null;\n $critiques = $latestVersion ? $this->repository->findCritiquesByVersion($latestVersion['id']) : [];\n $sources = $this->repository->findSourcesByOrder($id);\n\n \/\/ Get available collections for the dropdown\n $availableCollections = $this->qdrantService->listCollections();\n if ($availableCollections === []) {\n $availableCollections = ['documents'];\n }\n\n $this->view('content.show', [\n 'title' => $order['title'],\n 'order' => $order,\n 'versions' => $versions,\n 'latestVersion' => $latestVersion,\n 'critiques' => $critiques,\n 'sources' => $sources,\n 'models' => self::AVAILABLE_MODELS,\n 'availableCollections' => $availableCollections,\n ]);\n }\n\n \/**\n * GET \/content\/{id}\/edit\n * Show edit form\n *\/\n public function edit(int $id): void\n {\n $order = $this->repository->findOrder($id);\n\n if ($order === null) {\n http_response_code(404);\n echo '404 - Auftrag nicht gefunden';\n\n return;\n }\n\n $this->view('content.edit', [\n 'title' => 'Auftrag bearbeiten',\n 'order' => $order,\n 'profiles' => $this->repository->findAllProfiles(),\n 'contracts' => $this->repository->findAllContracts(),\n 'structures' => $this->repository->findAllStructures(),\n ]);\n }\n\n \/**\n * POST \/content\/{id}\/generate\n * Generate content (HTMX)\n *\/\n public function generate(int $id): void\n {\n $this->requireCsrf();\n\n $model = $_POST['model'] ?? 'claude-opus-4-5-20251101';\n $collection = $_POST['collection'] ?? 'documents';\n $limit = (int) ($_POST['context_limit'] ?? 5);\n\n $result = $this->callPython('generate', $id, [$model, $collection, $limit]);\n\n if (isset($result['error'])) {\n echo '<div class=\"alert error\">Fehler: ' . htmlspecialchars($result['error']) . '<\/div>';\n\n return;\n }\n\n \/\/ Return updated content section\n $this->renderVersionPartial($result);\n }\n\n \/**\n * POST \/content\/{id}\/critique\n * Run critique round (HTMX)\n *\/\n public function critique(int $id): void\n {\n $this->requireCsrf();\n\n \/\/ Get latest version\n $version = $this->repository->findLatestVersion($id);\n\n if ($version === null) {\n echo '<div class=\"alert error\">Keine Version vorhanden.<\/div>';\n\n return;\n }\n\n $model = $_POST['model'] ?? 'claude-opus-4-5-20251101';\n $result = $this->callPython('critique', $version['id'], [$model]);\n\n if (isset($result['error'])) {\n echo '<div class=\"alert error\">Fehler: ' . htmlspecialchars($result['error']) . '<\/div>';\n\n return;\n }\n\n \/\/ Return critique results\n $this->renderCritiquePartial($result);\n }\n\n \/**\n * POST \/content\/{id}\/revise\n * Create revision (HTMX)\n *\/\n public function revise(int $id): void\n {\n $this->requireCsrf();\n\n $version = $this->repository->findLatestVersion($id);\n\n if ($version === null) {\n echo '<div class=\"alert error\">Keine Version vorhanden.<\/div>';\n\n return;\n }\n\n $model = $_POST['model'] ?? 'claude-opus-4-5-20251101';\n $result = $this->callPython('revise', $version['id'], [$model]);\n\n if (isset($result['error'])) {\n echo '<div class=\"alert error\">Fehler: ' . htmlspecialchars($result['error']) . '<\/div>';\n\n return;\n }\n\n $this->renderVersionPartial($result);\n }\n\n \/**\n * POST \/content\/{id}\/approve\n * Approve content\n *\/\n public function approve(int $id): void\n {\n $this->requireCsrf();\n\n $this->repository->updateOrderStatus($id, 'approve');\n echo '<div class=\"alert success\">Content genehmigt!<\/div>';\n echo '<script>setTimeout(() => window.location.reload(), 1000);<\/script>';\n }\n\n \/**\n * POST \/content\/{id}\/decline\n * Decline content\n *\/\n public function decline(int $id): void\n {\n $this->requireCsrf();\n\n $this->repository->updateOrderStatus($id, 'draft');\n echo '<div class=\"alert warning\">Content abgelehnt. Zurück zu Entwurf.<\/div>';\n echo '<script>setTimeout(() => window.location.reload(), 1000);<\/script>';\n }\n\n \/**\n * Allowed Python commands (whitelist).\n *\/\n private const ALLOWED_COMMANDS = ['generate', 'critique', 'revise'];\n\n \/**\n * Call Python script\n *\/\n private function callPython(string $command, int $entityId, array $args = []): array\n {\n \/\/ Validate command against whitelist\n if (!in_array($command, self::ALLOWED_COMMANDS, true)) {\n return ['error' => 'Ungültiger Command: ' . $command];\n }\n\n $scriptPath = $this->pipelinePath . '\/web_generate.py';\n\n \/\/ Build command array for proc_open (safer than shell_exec)\n $cmdArray = [\n $this->pythonPath,\n $scriptPath,\n $command,\n (string) $entityId,\n ...$args,\n ];\n\n $descriptors = [\n 0 => ['pipe', 'r'],\n 1 => ['pipe', 'w'],\n 2 => ['pipe', 'w'],\n ];\n\n $process = proc_open($cmdArray, $descriptors, $pipes); \/\/ nosemgrep: exec-use\n\n if (!is_resource($process)) {\n return ['error' => 'Script konnte nicht gestartet werden'];\n }\n\n fclose($pipes[0]);\n $stdout = stream_get_contents($pipes[1]);\n $stderr = stream_get_contents($pipes[2]);\n fclose($pipes[1]);\n fclose($pipes[2]);\n $exitCode = proc_close($process);\n\n $output = $stdout . $stderr;\n\n if ($exitCode !== 0 && $output === '') {\n return ['error' => 'Script fehlgeschlagen (Exit: ' . $exitCode . ')'];\n }\n\n if (preg_match('\/\\{[\\s\\S]*\\}\/', $output, $matches)) {\n... [TRUNCATED-adc5b405865bf59c]",
"structuredPatch": [
{
"oldStart": 106,
"oldLines": 7,
"newStart": 106,
"newLines": 7,
"lines": [
" 'author_profile_id' => $_POST['author_profile_id'] ?? null,",
" 'contract_id' => $contractId,",
" 'structure_id' => $_POST['structure_id'] ?? null,",
"- 'model' => $_POST['model'] ?? 'claude-sonnet-4-20250514',",
"+ 'model' => ModelConfig::validate($_POST['model'] ?? ModelConfig::DEFAULT_MODEL),",
" 'collections' => json_encode($collections),",
" 'context_limit' => (int) ($_POST['context_limit'] ?? 5),",
" ]);"
]
}
],
"userModified": false,
"replaceAll": false
}
}