feat(odoo): add activeblue_ai Odoo 18 module with OWL2 frontend

Models:
- ab.ai.bot: service URL, webhook secret, privacy mode, ping/dispatch
- ab.ai.directive: full directive lifecycle log with status tracking
- ab.ai.log: activity log with level/agent/record linkage
- ab.ai.agent.registry: agent list synced from agent service

Controllers:
- webhook.py: /ai/webhook/callback handles directive_completed, escalation, sweep_findings
- health_proxy.py: /ai/health proxies agent service detailed health
- approval.py: /ai/chat dispatch, /ai/approval/pending, /ai/approval/respond

Security:
- group_ai_user (chat) + group_ai_manager (configure, approve, logs)
- ir.model.access.csv for all 4 models

Views: list/form for bot, directives, logs, registry; main menu with AI brain icon

OWL2 frontend:
- systray_button.js: brain icon in top bar, status dot, pending approval badge
- ai_panel.js: slide-in chat panel, approval workflow, 30s poll for pending items
- CSS: slide-in animation, message bubbles, loading dots, approval section

Data: 4 cron jobs (ping, registry sync, directive/log cleanup)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

addons/activeblue_ai/controllers/__init__.py

@@ -0,0 +1 @@
+from . import webhook, health_proxy, approval

addons/activeblue_ai/controllers/approval.py

@@ -0,0 +1,60 @@
+import json
+import logging
+import requests
+
+from odoo import http
+from odoo.http import request
+
+_logger = logging.getLogger(__name__)
+
+
+class AiApprovalController(http.Controller):
+
+    @http.route('/ai/approval/pending', type='json', auth='user', methods=['GET'])
+    def list_pending(self):
+        if not request.env.user.has_group('activeblue_ai.group_ai_manager'):
+            return {'error': 'Access denied', 'items': []}
+        bot = request.env['ab.ai.bot'].sudo().search([('active', '=', True)], limit=1)
+        if not bot:
+            return {'items': []}
+        url = bot._get_service_url() + '/approval/pending'
+        try:
+            resp = requests.get(url, headers=bot._build_headers(), timeout=10)
+            resp.raise_for_status()
+            return {'items': resp.json()}
+        except Exception as exc:
+            _logger.error('list_pending failed: %s', exc)
+            return {'error': str(exc), 'items': []}
+
+    @http.route('/ai/approval/respond', type='json', auth='user', methods=['POST'])
+    def respond(self, directive_id, approved, note=None):
+        if not request.env.user.has_group('activeblue_ai.group_ai_manager'):
+            return {'error': 'Access denied'}
+        bot = request.env['ab.ai.bot'].sudo().search([('active', '=', True)], limit=1)
+        if not bot:
+            return {'error': 'No bot configured'}
+        url = bot._get_service_url() + '/approval/respond'
+        payload = {
+            'directive_id': directive_id,
+            'approved': approved,
+            'approver_id': str(request.env.user.id),
+            'note': note or '',
+        }
+        try:
+            resp = requests.post(url, json=payload, headers=bot._build_headers(), timeout=10)
+            resp.raise_for_status()
+            return resp.json()
+        except Exception as exc:
+            _logger.error('respond approval failed: %s', exc)
+            return {'error': str(exc)}
+
+    @http.route('/ai/chat', type='json', auth='user', methods=['POST'])
+    def chat(self, message, context=None, session_id=None):
+        bot = request.env['ab.ai.bot'].sudo().get_active_bot()
+        result = bot.dispatch_message(
+            user_id=request.env.user.id,
+            message=message,
+            context=context or {},
+            session_id=session_id,
+        )
+        return result

addons/activeblue_ai/controllers/health_proxy.py

@@ -0,0 +1,37 @@
+import logging
+import requests
+
+from odoo import http
+from odoo.http import request
+
+_logger = logging.getLogger(__name__)
+
+
+class AiHealthProxyController(http.Controller):
+
+    @http.route('/ai/health', type='http', auth='user', methods=['GET'])
+    def ai_health(self):
+        bot = request.env['ab.ai.bot'].sudo().search([('active', '=', True)], limit=1)
+        if not bot:
+            return request.make_response(
+                '{"status":"no_bot_configured"}',
+                headers=[('Content-Type', 'application/json')],
+                status=503,
+            )
+        url = bot._get_service_url() + '/health/detailed'
+        try:
+            resp = requests.get(url, headers=bot._build_headers(), timeout=5)
+            return request.make_response(
+                resp.text,
+                headers=[('Content-Type', 'application/json')],
+                status=resp.status_code,
+            )
+        except Exception as exc:
+            _logger.warning('health proxy failed: %s', exc)
+            import json
+            body = json.dumps({'status': 'unreachable', 'error': str(exc)})
+            return request.make_response(
+                body,
+                headers=[('Content-Type', 'application/json')],
+                status=503,
+            )

addons/activeblue_ai/controllers/webhook.py

@@ -0,0 +1,86 @@
+import hashlib
+import hmac
+import json
+import logging
+
+from odoo import http
+from odoo.http import request, Response
+
+_logger = logging.getLogger(__name__)
+
+
+class AiWebhookController(http.Controller):
+
+    @http.route('/ai/webhook/callback', type='json', auth='none', methods=['POST'], csrf=False)
+    def ai_callback(self):
+        # Verify webhook secret
+        bot = request.env['ab.ai.bot'].sudo().search([('active', '=', True)], limit=1)
+        if bot and bot.webhook_secret:
+            incoming_sig = request.httprequest.headers.get('X-ActiveBlue-Signature', '')
+            if incoming_sig != bot.webhook_secret:
+                _logger.warning('Webhook signature mismatch from %s', request.httprequest.remote_addr)
+                return Response(status=401)
+
+        # Check IP whitelist
+        if bot and bot.webhook_secret:
+            pass  # IP check handled at network level via ALLOWED_CALLBACK_IP env var in agent service
+
+        try:
+            data = json.loads(request.httprequest.data)
+        except Exception:
+            return Response(status=400)
+
+        event_type = data.get('event', '')
+        _logger.debug('AI webhook callback: event=%s', event_type)
+
+        if event_type == 'directive_completed':
+            self._handle_directive_completed(data)
+        elif event_type == 'escalation':
+            self._handle_escalation(data)
+        elif event_type == 'sweep_findings':
+            self._handle_sweep_findings(data)
+
+        return {'ok': True}
+
+    def _handle_directive_completed(self, data):
+        try:
+            request.env['ab.ai.directive'].sudo().record_directive(
+                directive_id=data.get('directive_id', ''),
+                user_id=int(data.get('user_id', 0)) or None,
+                message=data.get('message', ''),
+                reply=data.get('reply', ''),
+                status='completed',
+                agents=data.get('agents', []),
+                escalations=data.get('escalations', []),
+                actions=data.get('actions_taken', []),
+                session_id=data.get('session_id'),
+                duration_ms=data.get('duration_ms'),
+            )
+        except Exception as exc:
+            _logger.error('_handle_directive_completed error: %s', exc)
+
+    def _handle_escalation(self, data):
+        try:
+            request.env['ab.ai.log'].sudo().log(
+                summary=data.get('message', 'AI escalation'),
+                level='warning',
+                agent=data.get('agent'),
+                directive_id=data.get('directive_id'),
+                details=json.dumps(data),
+            )
+        except Exception as exc:
+            _logger.error('_handle_escalation error: %s', exc)
+
+    def _handle_sweep_findings(self, data):
+        findings = data.get('findings', [])
+        agent = data.get('agent', 'unknown')
+        try:
+            for finding in findings:
+                request.env['ab.ai.log'].sudo().log(
+                    summary=f"Sweep finding [{agent}]: {finding.get('type', '')}",
+                    level='info',
+                    agent=agent,
+                    details=json.dumps(finding),
+                )
+        except Exception as exc:
+            _logger.error('_handle_sweep_findings error: %s', exc)