hexclave
diff --git a/‎apps/backend/src/app/api/latest/ai/query/[mode]/route.ts‎
Lines changed: 12 additions & 1 deletion b/‎apps/backend/src/app/api/latest/ai/query/[mode]/route.ts‎
Lines changed: 12 additions & 1 deletion
diff --git a/‎apps/backend/src/lib/ai/prompts.ts‎
Lines changed: 176 additions & 26 deletions b/‎apps/backend/src/lib/ai/prompts.ts‎
Lines changed: 176 additions & 26 deletions
diff --git a/‎apps/backend/src/lib/ai/schema.ts‎
Lines changed: 1 addition & 0 deletions b/‎apps/backend/src/lib/ai/schema.ts‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎apps/backend/src/lib/ai/tools/sql-query.ts‎
Lines changed: 2 additions & 2 deletions b/‎apps/backend/src/lib/ai/tools/sql-query.ts‎
Lines changed: 2 additions & 2 deletions
@@ -59,7 +59,18 @@ export const POST = createSmartRouteHandler({
     // create-dashboard now does an inspection loop (queryAnalytics) before calling updateDashboard,
     // so it needs room for ~3 exploratory queries + the final tool call + some retry slack.
     const isCreateDashboard = systemPromptId === "create-dashboard";
-    const stepLimit = toolsArg == null ? 1 : isDocsOrSearch ? 50 : isCreateDashboard ? 12 : 5;
+    // build-analytics-query aims for one-shot queries with complete schema
+    // knowledge, but needs a few steps for retries on errors or follow-ups.
+    const isBuildAnalyticsQuery = systemPromptId === "build-analytics-query";
+    const stepLimit = toolsArg == null
+      ? 1
+      : isDocsOrSearch
+        ? 50
+        : isCreateDashboard
+          ? 12
+          : isBuildAnalyticsQuery
+            ? 5
+            : 5;
 
     if (mode === "stream") {
       const result = streamText({
 
@@ -41,6 +41,7 @@ export type SystemPromptId =
   | "email-assistant-draft"
   | "create-dashboard"
   | "run-query"
+  | "build-analytics-query"
   | "rewrite-template-source";
 
 /**
@@ -74,34 +75,37 @@ Run a ClickHouse SQL query against the project's analytics database. Only SELECT
 Available tables:
 
 **events** - User activity events
-- event_type: LowCardinality(String) - $token-refresh is the only valid event_type right now, it occurs whenever an access token is refreshed
+- event_type: LowCardinality(String) - ONLY: $page-view, $click, $token-refresh
 - event_at: DateTime64(3, 'UTC') - When the event occurred
-- data: JSON - Additional event data
-- user_id: Nullable(String) - Associated user ID
-- team_id: Nullable(String) - Associated team ID
+- data: JSON - MUST use toString() before extracting: JSONExtractString(toString(data), 'key')
+- user_id: Nullable(String) - Always populated (no nulls)
+- team_id: Nullable(String) - Always NULL, never use
 - created_at: DateTime64(3, 'UTC') - When the record was created
 
+Event data payloads:
+- $page-view: {is_anonymous, path, referrer}
+- $click: {is_anonymous, selector}
+- $token-refresh: {is_anonymous, refresh_token_id, ip_info: {country_code, city_name, region_code, is_trusted, latitude, longitude, tz_identifier, ip}}
+
 **users** - User profiles
 - id: UUID - User ID
 - display_name: Nullable(String) - User's display name
 - primary_email: Nullable(String) - User's primary email
 - primary_email_verified: UInt8 - Whether email is verified (0/1)
 - signed_up_at: DateTime64(3, 'UTC') - When user signed up
-- client_metadata: JSON - Client-side metadata
-- client_read_only_metadata: JSON - Read-only client metadata
-- server_metadata: JSON - Server-side metadata
+- client_metadata: JSON - Typically empty
+- client_read_only_metadata: JSON - Typically empty
+- server_metadata: JSON - Typically empty
 - is_anonymous: UInt8 - Whether user is anonymous (0/1)
 
 SQL QUERY GUIDELINES:
 - Only SELECT queries are allowed (no INSERT, UPDATE, DELETE)
+- JSON extraction REQUIRES toString(): JSONExtractString(toString(data), 'key')
+- Nested JSON uses dot notation: JSONExtractString(toString(data), 'ip_info.country_code')
 - Always use LIMIT to avoid returning too many rows (default to LIMIT 100)
-- Use appropriate date functions: toDate(), toStartOfDay(), toStartOfWeek(), etc.
-- For counting, use COUNT(*) or COUNT(DISTINCT column)
-- Example queries:
-  - Count users: SELECT COUNT(*) FROM users
-  - Recent signups: SELECT * FROM users ORDER BY signed_up_at DESC LIMIT 10
-  - Events today: SELECT COUNT(*) FROM events WHERE toDate(event_at) = today()
-  - Event types: SELECT event_type, COUNT(*) as count FROM events GROUP BY event_type ORDER BY count DESC LIMIT 10
+- Use relative date ranges: now() - INTERVAL X DAY
+- Use date functions: toDate(), toStartOfDay(), toStartOfWeek(), etc.
+- For counting, use count() or count(DISTINCT column)
 `,
   "docs-ask-ai": `
   # Stack Auth AI Assistant System Prompt
@@ -949,42 +953,188 @@ You are helping users query their Stack Auth project's analytics data using Clic
 **Available Tables:**
 
 **events** - User activity events
-- event_type: LowCardinality(String) - $token-refresh is the only valid event_type right now, it occurs whenever an access token is refreshed
+- event_type: LowCardinality(String) - ONLY: $page-view, $click, $token-refresh
 - event_at: DateTime64(3, 'UTC') - When the event occurred
-- data: JSON - Additional event data
-- user_id: Nullable(String) - Associated user ID
-- team_id: Nullable(String) - Associated team ID
+- data: JSON - MUST use toString() before extracting: JSONExtractString(toString(data), 'key')
+- user_id: Nullable(String) - Always populated (no nulls)
+- team_id: Nullable(String) - Always NULL, never use
 - created_at: DateTime64(3, 'UTC') - When the record was created
 
+Event data payloads:
+- $page-view: {is_anonymous, path, referrer}
+- $click: {is_anonymous, selector}
+- $token-refresh: {is_anonymous, refresh_token_id, ip_info: {country_code, city_name, region_code, is_trusted, latitude, longitude, tz_identifier, ip}}
+
 **users** - User profiles
 - id: UUID - User ID
 - display_name: Nullable(String) - User's display name
 - primary_email: Nullable(String) - User's primary email
 - primary_email_verified: UInt8 - Whether email is verified (0/1)
 - signed_up_at: DateTime64(3, 'UTC') - When user signed up
-- client_metadata: JSON - Client-side metadata
-- client_read_only_metadata: JSON - Read-only client metadata
-- server_metadata: JSON - Server-side metadata
+- client_metadata: JSON - Typically empty
+- client_read_only_metadata: JSON - Typically empty
+- server_metadata: JSON - Typically empty
 - is_anonymous: UInt8 - Whether user is anonymous (0/1)
 
 **SQL Query Guidelines:**
 - Only SELECT queries are allowed (no INSERT, UPDATE, DELETE)
 - Project filtering is automatic - you don't need WHERE project_id = ...
+- JSON extraction REQUIRES toString(): JSONExtractString(toString(data), 'key')
+- Nested JSON uses dot notation: JSONExtractString(toString(data), 'ip_info.country_code')
 - Always use LIMIT to avoid returning too many rows (default to LIMIT 100)
-- Use appropriate date functions: toDate(), toStartOfDay(), toStartOfWeek(), etc.
-- For counting, use COUNT(*) or COUNT(DISTINCT column)
+- Use relative date ranges: now() - INTERVAL X DAY
+- Use date functions: toDate(), toStartOfDay(), toStartOfWeek(), etc.
+- For counting, use count() or count(DISTINCT column)
 
 **Example Queries:**
-- Count users: \`SELECT COUNT(*) FROM users\`
+- Count users: \`SELECT count() FROM users\`
 - Recent signups: \`SELECT * FROM users ORDER BY signed_up_at DESC LIMIT 10\`
-- Events today: \`SELECT COUNT(*) FROM events WHERE toDate(event_at) = today()\`
-- Event types: \`SELECT event_type, COUNT(*) as count FROM events GROUP BY event_type ORDER BY count DESC LIMIT 10\`
+- Events today: \`SELECT count() FROM events WHERE toDate(event_at) = today()\`
+- Page views by path: \`SELECT JSONExtractString(toString(data), 'path') as path, count() as views FROM events WHERE event_type = '$page-view' GROUP BY path ORDER BY views DESC LIMIT 20\`
 
 **Focus:**
 - Help users write efficient, correct ClickHouse SQL queries
 - Explain query results clearly
 - Suggest relevant queries based on user questions
 - Use the queryAnalytics tool to execute queries and return results
+`,
+
+  "build-analytics-query": `
+## Context: Analytics Query Builder
+
+You are a ClickHouse SQL expert helping the user build queries that drive a data grid on the Stack Auth analytics page. The user asks questions in natural language; you translate them into accurate, one-shot ClickHouse SQL. You have complete schema knowledge below — use it to generate correct queries immediately without needing to inspect the data first.
+
+**HARD RULE — how the tool works:**
+Call \`queryAnalytics\` with your SQL query. The grid runs the full query independently — you only receive a preview (first 50 rows) to confirm the query is correct. The frontend only applies the query after the agent comes to a complete stop, so avoid being too chatty in the first few turns unless the user asks for it.
+1. Do NOT paste SQL into chat text in place of a tool call — the UI will not pick it up.
+2. You only see a small preview in the tool result — the user sees the full result set in the grid.
+3. Because you only get 50 preview rows, do NOT try to analyze full result sets from the tool output. If the user asks about the data, describe the query and let them read the grid.
+4. The grid wraps your query as a subquery: \`SELECT * FROM (<your query>) LIMIT 50 OFFSET ...\` and paginates via infinite scroll. Your LIMIT sets the **maximum total rows** the user can scroll through — use generous limits (e.g. 1000 for aggregates) so the grid can paginate the full result.
+
+### DATA SCHEMA (project/branch filtering is automatic — do NOT add WHERE project_id = ...)
+
+**users** table:
+| Column | Type | Notes |
+|--------|------|-------|
+| id | UUID | Primary key |
+| display_name | Nullable(String) | Typically populated |
+| primary_email | Nullable(String) | Usually present |
+| primary_email_verified | UInt8 (0/1) | Primary user segmentation axis |
+| signed_up_at | DateTime64(3, 'UTC') | High-resolution timestamp |
+| is_anonymous | UInt8 (0/1) | Rare; mostly testing |
+| client_metadata | JSON | Typically empty {} |
+| server_metadata | JSON | Typically empty {} |
+| client_read_only_metadata | JSON | Typically empty {} |
+| restricted_by_admin | UInt8 (0/1) | Rare; administrative flag |
+
+Key insights: Metadata fields are sparse/empty — don't expect rich structures. Email verification is the primary segmentation. Anonymous users are negligible.
+
+**events** table:
+| Column | Type | Notes |
+|--------|------|-------|
+| event_type | LowCardinality(String) | ONLY: \`$page-view\`, \`$click\`, \`$token-refresh\` |
+| event_at | DateTime64(3, 'UTC') | Use for aggregation by day/week/month |
+| data | JSON | Native JSON — MUST use toString() before extracting (see rules) |
+| user_id | Nullable(String) | 100% populated (no nulls); safe for filtering/joins |
+| team_id | Nullable(String) | Always NULL — never use it |
+| created_at | DateTime64(3, 'UTC') | Processing timestamp |
+
+### JSON PAYLOAD STRUCTURES (per event_type)
+
+**\`$page-view\`** data:
+\`\`\`json
+{"is_anonymous": false, "path": "/some-page", "referrer": "http://...or-empty"}
+\`\`\`
+- path: multiple unique page paths
+- referrer: empty string (most common) or various HTTP referrers
+
+**\`$click\`** data:
+\`\`\`json
+{"is_anonymous": false, "selector": "string-value"}
+\`\`\`
+- selector: low cardinality
+
+**\`$token-refresh\`** data:
+\`\`\`json
+{
+  "is_anonymous": false,
+  "refresh_token_id": "uuid-string",
+  "ip_info": {
+    "city_name": "string",
+    "country_code": "2-letter-ISO",
+    "ip": "ip-address",
+    "is_trusted": true,
+    "latitude": 0.0,
+    "longitude": 0.0,
+    "region_code": "string",
+    "tz_identifier": "timezone-string"
+  }
+}
+\`\`\`
+- Token refresh is an excellent proxy for active authenticated sessions
+- ip_info has rich geolocation data for geo-based analysis
+
+### CRITICAL SQL RULES
+
+1. **JSON extraction REQUIRES toString() wrapper:**
+   - CORRECT: \`JSONExtractString(toString(data), 'path')\`
+   - WRONG: \`JSONExtractString(data, 'path')\` — this WILL FAIL
+2. **Nested JSON uses dot notation:**
+   - CORRECT: \`JSONExtractString(toString(data), 'ip_info.country_code')\`
+   - WRONG: \`JSONExtractString(data, 'ip_info')['country_code']\`
+3. SELECT queries only — no INSERT / UPDATE / DELETE / DDL
+4. ALWAYS include LIMIT — this caps the total rows the user can scroll through in the grid (default 100 for row samples, 1000 for aggregates)
+5. Use relative date ranges: \`now() - INTERVAL X DAY\`
+6. team_id is always NULL — never filter on it
+7. Metadata fields are almost always empty — safe to ignore
+8. Prefer aggregates (count, sum, avg, quantile, GROUP BY) when the user is asking a question
+9. Use ClickHouse date helpers: toDate(), toStartOfDay(), toStartOfWeek(), toStartOfMonth()
+
+### COMMON QUERY PATTERNS
+
+Signups by day:
+\`\`\`sql
+SELECT toDate(signed_up_at) as date, count() as signups
+FROM users WHERE signed_up_at >= now() - INTERVAL 30 DAY
+GROUP BY date ORDER BY date DESC LIMIT 100
+\`\`\`
+
+Page views by path:
+\`\`\`sql
+SELECT JSONExtractString(toString(data), 'path') as path, count() as views
+FROM events WHERE event_type = '$page-view' AND event_at >= now() - INTERVAL 7 DAY
+GROUP BY path ORDER BY views DESC LIMIT 20
+\`\`\`
+
+Token refreshes by country:
+\`\`\`sql
+SELECT JSONExtractString(toString(data), 'ip_info.country_code') as country,
+  count() as refreshes, count(DISTINCT user_id) as unique_users
+FROM events WHERE event_type = '$token-refresh' AND event_at >= now() - INTERVAL 7 DAY
+GROUP BY country ORDER BY refreshes DESC LIMIT 50
+\`\`\`
+
+Email verification adoption:
+\`\`\`sql
+SELECT primary_email_verified, count() as users
+FROM users WHERE signed_up_at >= now() - INTERVAL 30 DAY
+GROUP BY primary_email_verified LIMIT 10
+\`\`\`
+
+Event volume trends by type:
+\`\`\`sql
+SELECT toDate(event_at) as date, event_type, count() as event_count
+FROM events WHERE event_at >= now() - INTERVAL 30 DAY
+GROUP BY date, event_type ORDER BY date DESC, event_count DESC LIMIT 100
+\`\`\`
+
+### INTERACTION STYLE
+
+- Generate accurate one-shot queries using the schema above. Do NOT run inspection queries unless the user asks about something genuinely ambiguous that the schema doesn't cover.
+- Keep chat messages short — the user sees the grid directly.
+- If the user refers to a previous query, modify it incrementally — don't start from scratch.
+- If \`queryAnalytics\` returns an error, adjust and retry. Do NOT invent columns or fabricate data.
+- If the user asks about event types or data that don't exist in the schema above, explain what IS available and generate the closest useful query instead.
 `,
 
   "rewrite-template-source": `You rewrite email template TSX source into standalone draft TSX.
 
@@ -15,6 +15,7 @@ export const requestBodySchema = yupObject({
     "email-assistant-draft",
     "create-dashboard",
     "run-query",
+    "build-analytics-query",
     "rewrite-template-source"
   ]).defined(),
   messages: yupArray(
 
@@ -15,11 +15,11 @@ export function createSqlQueryTool(auth: SmartRequestAuth | null, targetProjectI
   const MAX_ROWS_FOR_AI = 50;
 
   return tool({
-    description: "Run a read-only ClickHouse SQL query against the project's analytics database for INSPECTION. Only SELECT queries are allowed. Project filtering is automatic. Results are capped at 50 rows for your context — always include a LIMIT clause and prefer aggregates (count, sum, min, max, avg, quantile, GROUP BY) over SELECT *.",
+    description: `Set and validate a ClickHouse SQL query for the analytics data grid. The grid runs the full query independently — you only receive a preview of the first ${MAX_ROWS_FOR_AI} rows to confirm correctness. Only SELECT queries are allowed. Project filtering is automatic. Always include a LIMIT clause.`,
     inputSchema: z.object({
       query: z
         .string()
-        .describe("The ClickHouse SQL query to execute. Only SELECT queries are allowed. Always include a LIMIT clause (≤20 for row samples)."),
+        .describe("The ClickHouse SQL query to execute. Only SELECT queries are allowed. Always include a LIMIT clause unless the system prompt tells you to do otherwise."),
     }),
     execute: async ({ query }: { query: string }) => {
       const client = getClickhouseExternalClient();