Update src/streamlit_app.py

src/streamlit_app.py

@@ -146,9 +146,25 @@ def _is_escalation_intent(message: str) -> bool:
         "urgent",
         "not resolved",
         "what is happening",
+        "followed multiple times",
+        "followed up multiple times",
+        "follow up multiple times",
+        "multiple follow ups",
+        "multiple follow-ups",
+        "i have followed multiple times",
+        "i have followed up multiple times",
     ]
     return any(k in t for k in escalation_keywords)
 
+def _is_payment_refund_intent(message: str) -> bool:
+    t = (message or "").lower().strip()
+    keywords = [
+        "payment", "refund", "money back", "charged", "chargeback",
+        "transaction", "payment failed", "payment issue", "payment problem",
+        "upi", "card", "debit", "credit", "wallet"
+    ]
+    return any(k in t for k in keywords)
+
 # ================== DB CONFIG (ALIGNED WITH YOUR NOTEBOOK) ==================
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 CLEAN_DB_PATH = os.path.join(BASE_DIR, "orders_clean.db")  # must match your notebook output
@@ -209,22 +225,23 @@ Columns:
 def is_safe_sql(sql: str) -> bool:
     if not isinstance(sql, str):
         return False
-
     s = sql.lower().strip()
 
-    # Must start with SELECT
     if not s.startswith("select"):
         return False
 
-    # Block stacked queries
+    # block stacked queries like: SELECT ...; DROP ...
     if re.search(r";\s*\S", s):
         return False
 
-    forbidden = [
-        "hack", " drop ", " delete ", " update ", " insert ", " alter ",
-        " truncate ", " create ", "--", "/*", "*/"
-    ]
-    return not any(word in s for word in forbidden)
+    forbidden = ["drop", "delete", "update", "insert", "alter", "truncate", "create"]
+    if any(k in s for k in forbidden):
+        return False
+
+    if any(tok in s for tok in ["--", "/*", "*/"]):
+        return False
+
+    return True
 
 # =====================================================================
 # run_sql_query()
@@ -232,7 +249,6 @@ def is_safe_sql(sql: str) -> bool:
 def run_sql_query(sql: str) -> pd.DataFrame:
     if not isinstance(sql, str):
         return pd.DataFrame([{"message": "🚫 Invalid SQL type (expected string)."}])
-
     sql = sql.strip()
 
     if not is_safe_sql(sql):
@@ -252,50 +268,34 @@ def run_sql_query(sql: str) -> pd.DataFrame:
         return pd.DataFrame([{"message": f"⚠️ SQL execution error: {str(e)}"}])
 
 # =====================================================================
-# llm_to_sql()  (aligned with latest tool behavior)
+# llm_to_sql()
 # =====================================================================
 def llm_to_sql(user_message: str) -> str:
     """
     Convert natural language to a safe SELECT query for orders_clean.
-
-    Key behavior:
-    - If Order ID is present: bypass LLM entirely.
-    - If user intent requires Order ID but it's missing: return NEED_ORDER_ID.
-    - Otherwise: allow LLM to answer general/non-order-specific questions using SELECT only.
+    - Fast-path when Order ID exists.
+    - If order_id required but missing: return NEED_ORDER_ID.
     """
-    text = (user_message or "").lower().strip()
+    msg = user_message or ""
+    text = msg.lower().strip()
 
-    # Fast path: if Order ID exists, bypass LLM completely
-    oid = extract_order_id(user_message or "")
+    oid = extract_order_id(msg)
     if oid:
         sql = f"SELECT * FROM orders_clean WHERE LOWER(order_id) = LOWER('{oid}')"
         return sql if is_safe_sql(sql) else "SELECT 'Unable to answer safely.' AS message;"
 
-    # If intent requires Order ID, do NOT hallucinate placeholders
+    # If the message is order-specific without Order ID, force NEED_ORDER_ID
     must_have_order_id_intents = [
-        "where is my order",
-        "track my order",
-        "track order",
-        "order status",
-        "delivery status",
-        "when will my order arrive",
-        "order details",
-        "show me the details",
-        "my order is delayed",
-        "order delayed",
-        "order is late",
-        "refund",
-        "payment",
-        "cancel my order",
-        "cancel order",
-        "modify my order",
-        "change my order",
-        "postpone my order",
-        "deliver at different address",
-        "change address",
-        "reschedule delivery",
+        "where is my order", "track my order", "track order", "order status", "delivery status",
+        "when will my order arrive", "when will it arrive", "eta",
+        "order delayed", "delay in delivery", "order not delivered", "late delivery",
+        "order details", "show me the details", "details of my order", "details for my order",
+        "cancel my order", "cancel order",
+        "refund", "payment",
+        "modify my order", "change my order", "postpone my order",
+        "deliver at different address", "change address", "reschedule delivery",
     ]
-    if any(p in text for p in must_have_order_id_intents) or needs_order_id(user_message or ""):
+    if any(p in text for p in must_have_order_id_intents) or needs_order_id(msg):
         return "SELECT 'NEED_ORDER_ID' AS message;"
 
     system_prompt = f"""
@@ -321,7 +321,7 @@ RULES:
         temperature=0.1,
         messages=[
             {"role": "system", "content": system_prompt},
-            {"role": "user", "content": user_message or ""},
+            {"role": "user", "content": msg},
         ],
     )
 
@@ -333,10 +333,10 @@ RULES:
         sql = re.sub(r"^```", "", sql).strip()
         sql = sql.replace("```", "").strip()
 
-    # Force FROM orders_clean (first FROM only)
+    # Force FROM orders_clean
     sql = re.sub(r"\bfrom\s+\w+\b", "FROM orders_clean", sql, flags=re.IGNORECASE)
 
-    # Normalize order_id filter if produced
+    # Normalize order_id filter
     sql = re.sub(
         r"where\s+order_id\s*=\s*'([^']+)'",
         r"WHERE LOWER(order_id) = LOWER('\1')",
@@ -393,54 +393,23 @@ If uncertain: {"sentiment":"neutral","escalate":false}
 # is_misuse_or_hacker_attempt()
 # =====================================================================
 def is_misuse_or_hacker_attempt(user_message: str) -> bool:
-    text = (user_message or "").lower().strip()
+    t = (user_message or "").lower().strip()
 
-    hacker_keywords = [
-        r"\bhack\b", r"\bhacking\b", r"\bhacked\b",
-        "breach", "exploit", "bypass security",
-        "disable firewall", "root access", "admin access",
-        "reverse engineer"
-    ]
-    bulk_keywords = [
-        "full database", "entire database",
-        "all customers", "customer list",
-        "download database", "dump data", "export all",
-        "all orders", "every order", "order history", "export everything", "show everything"
-    ]
-    jailbreak_keywords = [
-        "ignore previous instructions",
-        "override rules", "forget rules",
-        "developer mode", "you are no longer restricted",
-        "pretend you are", "act like"
-    ]
-    sql_injection_keywords = [
-        "1=1", "union select",
-        "drop table", "delete from", "insert into",
-        "alter table", "truncate"
-    ]
+    hacker = ["hack", "hacker", "hacking", "breach", "exploit", "bypass security", "root access", "admin access"]
+    bulk = ["full database", "entire database", "dump data", "export all", "all customers", "customer list", "all orders", "every order"]
+    jailbreak = ["ignore previous instructions", "override rules", "developer mode", "you are no longer restricted"]
+    inj = ["1=1", "union select", "drop table", "delete from", "insert into", "alter table", "truncate"]
 
-    if ";" in text and any(k in text for k in sql_injection_keywords):
+    if ";" in t and any(x in t for x in inj):
         return True
 
-    return any(
-        re.search(pattern, text) for pattern in (
-            hacker_keywords + bulk_keywords + jailbreak_keywords + sql_injection_keywords
-        )
-    )
+    signals = hacker + bulk + jailbreak + inj
+    return any(s in t for s in signals)
 
 # =====================================================================
 # create_ticket()
 # =====================================================================
-def create_ticket(
-    user_message: str,
-    sentiment: str,
-    ticket_type: str = "general",
-    order_id: Optional[str] = None
-) -> str:
-    if order_id is None:
-        m = re.search(ORDER_ID_REGEX, user_message or "")
-        order_id = m.group(0).upper() if m else None
-
+def create_ticket(user_message: str, sentiment: str, ticket_type: str = "general", order_id: Optional[str] = None) -> str:
     ticket_id = "TKT-" + uuid.uuid4().hex[:8].upper()
     created_at = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
 
@@ -466,26 +435,20 @@ def create_ticket(
     return ticket_id
 
 # =====================================================================
-# sql_result_to_response()  (aligned with latest “NEED_ORDER_ID” behavior)
+# sql_result_to_response()
 # =====================================================================
-def sql_result_to_response(
-    user_message: str,
-    df: pd.DataFrame,
-    max_rows_to_list: int = 5
-) -> str:
+def sql_result_to_response(user_message: str, df: pd.DataFrame, max_rows_to_list: int = 5) -> str:
     # handle firewall/SQL execution errors and special messages
     if isinstance(df, pd.DataFrame) and "message" in df.columns and len(df) == 1:
         msg = str(df.iloc[0]["message"])
-
         if msg.strip().upper() == "NEED_ORDER_ID":
             return f"{WELCOME_LINE}\n{ASK_ORDER_ID_LINE}"
-
         return msg
 
     if df.empty:
         return (
             f"{WELCOME_LINE}\n"
-            "I couldn’t find any matching order details for the information provided.\n"
+            "I couldn’t find a matching order for the details provided.\n"
             f"{ASK_ORDER_ID_LINE}"
         )
 
@@ -505,7 +468,7 @@ VERY IMPORTANT POLICY:
   when there is at least one matching record.
 - Instead, confidently acknowledge the order and use available data.
 
-CRITICAL DATA RULES:
+CRITICAL RULES:
 - NEVER invent or guess items, ETA, status, payment, or any order details.
 - Use ONLY the data provided in "Matching order data".
 - If information is missing, say it's unavailable in tracking.
@@ -516,10 +479,11 @@ DELIVERED TEMPLATE (use when order_status_std indicates delivered OR is_delivere
    If you have any further concerns or issues, please let me know. If you need anything else, I’m here to help! 💛"
 
 If NOT delivered:
-- Provide the latest known status clearly.
+- Provide the latest known status.
 - If delivery_time is missing but delivery_eta exists: share ETA.
 - If both delivery_time and delivery_eta missing: apologize for limited tracking.
-- Keep it concise, warm, and helpful.
+
+Keep it concise and helpful.
 """
 
     content = f"User question: {user_message}\n\nMatching order data (up to {max_rows_to_list} rows):\n{result_data}"
@@ -535,26 +499,19 @@ If NOT delivered:
     return (resp.choices[0].message.content or "").strip()
 
 # =====================================================================
-# TOOL LAYER (aligned with your latest notebook structure)
+# answer_user_question()
 # =====================================================================
-def order_query_tool(user_message: str) -> pd.DataFrame:
+def answer_user_question(user_message: str) -> str:
+    # Safety net: never answer order intents without Order ID
+    if needs_order_id(user_message) and not extract_order_id(user_message):
+        return f"{WELCOME_LINE}\n{ASK_ORDER_ID_LINE}"
+
     sql = llm_to_sql(user_message)
-    print("[OrderQueryTool] Generated SQL:", sql)
     df = run_sql_query(sql)
-    print(f"[OrderQueryTool] Rows fetched: {len(df)}")
-    return df
-
-def answer_tool(user_message: str, df: pd.DataFrame) -> str:
-    reply = sql_result_to_response(user_message, df, max_rows_to_list=5)
-    print("[AnswerTool] Generated reply length:", len(reply))
-    return reply
-
-def order_support_tool(user_message: str) -> str:
-    df = order_query_tool(user_message)
-    return answer_tool(user_message, df)
+    return sql_result_to_response(user_message, df, max_rows_to_list=5)
 
 # =====================================================================
-# chatbot_response() – main orchestration (updated)
+# chatbot_response() – main orchestration (FIXED)
 # =====================================================================
 def chatbot_response(user_message: str) -> str:
     text = (user_message or "").strip()
@@ -579,8 +536,7 @@ def chatbot_response(user_message: str) -> str:
         return (
             f"{WELCOME_LINE}\n"
             "😔 Sorry, I can’t assist with that.\n"
-            "For everyone’s safety and privacy, I can only help with your own order using a valid Order ID.\n"
-            "Try asking something like: *Where is my order O12488?* 💛"
+            "For privacy and security reasons, I can only help with your own order using a valid Order ID. 💛"
         )
 
     # Third-party privacy
@@ -591,7 +547,7 @@ def chatbot_response(user_message: str) -> str:
             "Please ask them to contact FoodHub Support directly, or have them share their **Order ID** themselves. 💛"
         )
 
-    # Escalation (ticket)
+    # FIX 1: Escalation intent must be handled BEFORE any generic Order ID gating
     if _is_escalation_intent(text):
         senti = analyze_sentiment_and_escalation(text)
         ticket_id = create_ticket(
@@ -608,32 +564,29 @@ def chatbot_response(user_message: str) -> str:
             f"{ASK_ORDER_ID_LINE if not order_id else 'If you need anything else, I’m here to help! 💛'}"
         )
 
-    # Cancellation (ticket)
-    if _is_cancel_intent(text):
-        if not order_id:
-            return f"{WELCOME_LINE}\n{ASK_ORDER_ID_LINE}"
-
-        senti = analyze_sentiment_and_escalation(text)
-        ticket_id = create_ticket(
-            user_message=f"Cancellation request for {order_id}. Original message: {text}",
-            sentiment=senti.get("sentiment", "neutral"),
-            ticket_type="cancellation",
-            order_id=order_id
+    # FIX: Payment / Refund intent should use empathetic ask (Response 2 style)
+    if _is_payment_refund_intent(text) and not order_id:
+        return (
+            "💛 I’m sorry you’re facing an issue with the payment or refund. I’ll help you with this right away.\n\n"
+            "In order to serve you better, could you please share your **Order ID** "
+            "(for example: `O12488`) so I can check the payment status and update you? "
+            "If the payment was received, the refund will be processed within 48 hours."
         )
+
+    # FIX 2: Cancel intent without Order ID should return the preferred message (not generic welcome+ask)
+    if _is_cancel_intent(text) and not order_id:
         return (
-            f"{WELCOME_LINE}\n"
-            f"🙏 I understand you would like to cancel **Order {order_id}**, and I’m sorry for the inconvenience.\n\n"
-            f"📝 Your cancellation request has been recorded.\n"
-            f"📌 **Ticket Reference ID:** `{ticket_id}`\n\n"
-            "A support specialist will verify and process it as soon as possible. 💛"
+            "💛 I’m sorry to hear you’d like to cancel your order ��� I completely understand and I’m here to help. "
+            "Could you please share your **Order ID** (for example: `O12488`) so I can check the details and help "
+            "process the cancellation for you?"
         )
 
     # Global rule: any order-related request without Order ID → welcome + ask for Order ID
     if needs_order_id(text) and not order_id:
         return f"{WELCOME_LINE}\n{ASK_ORDER_ID_LINE}"
 
-    # Normal order support pipeline (tools)
-    return order_support_tool(text)
+    # Normal path
+    return answer_user_question(text)
 
 def chatbot(msg: str) -> str:
     return chatbot_response(msg)