Update src/streamlit_app.py

src/streamlit_app.py

@@ -131,6 +131,24 @@ def is_third_party_order_request(message: str) -> bool:
     order_words = ["order", "delivery", "track", "status", "items", "details", "cancel", "refund", "payment", "address", "modify", "postpone"]
     return any(tp in t for tp in third_party) and any(w in t for w in order_words)
 
+def _is_cancel_intent(message: str) -> bool:
+    t = (message or "").lower().strip()
+    return ("cancel" in t and "order" in t) or ("cancellation" in t)
+
+def _is_escalation_intent(message: str) -> bool:
+    t = (message or "").lower().strip()
+    escalation_keywords = [
+        "raised the query multiple times",
+        "asked multiple times",
+        "no resolution",
+        "still not resolved",
+        "immediate response",
+        "urgent",
+        "not resolved",
+        "what is happening",
+    ]
+    return any(k in t for k in escalation_keywords)
+
 # ================== DB CONFIG (ALIGNED WITH YOUR NOTEBOOK) ==================
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 CLEAN_DB_PATH = os.path.join(BASE_DIR, "orders_clean.db")  # must match your notebook output
@@ -191,23 +209,22 @@ Columns:
 def is_safe_sql(sql: str) -> bool:
     if not isinstance(sql, str):
         return False
+
     s = sql.lower().strip()
 
+    # Must start with SELECT
     if not s.startswith("select"):
         return False
 
-    # block stacked queries like: SELECT ...; DROP ...
+    # Block stacked queries
     if re.search(r";\s*\S", s):
         return False
 
-    forbidden = ["drop", "delete", "update", "insert", "alter", "truncate", "create"]
-    if any(k in s for k in forbidden):
-        return False
-
-    if any(tok in s for tok in ["--", "/*", "*/"]):
-        return False
-
-    return True
+    forbidden = [
+        "hack", " drop ", " delete ", " update ", " insert ", " alter ",
+        " truncate ", " create ", "--", "/*", "*/"
+    ]
+    return not any(word in s for word in forbidden)
 
 # =====================================================================
 # run_sql_query()
@@ -215,6 +232,7 @@ def is_safe_sql(sql: str) -> bool:
 def run_sql_query(sql: str) -> pd.DataFrame:
     if not isinstance(sql, str):
         return pd.DataFrame([{"message": "🚫 Invalid SQL type (expected string)."}])
+
     sql = sql.strip()
 
     if not is_safe_sql(sql):
@@ -234,21 +252,52 @@ def run_sql_query(sql: str) -> pd.DataFrame:
         return pd.DataFrame([{"message": f"⚠️ SQL execution error: {str(e)}"}])
 
 # =====================================================================
-# llm_to_sql()
+# llm_to_sql()  (aligned with latest tool behavior)
 # =====================================================================
 def llm_to_sql(user_message: str) -> str:
     """
     Convert natural language to a safe SELECT query for orders_clean.
-    NOTE: This should only be called when Order ID is present OR the question is general analytics.
+
+    Key behavior:
+    - If Order ID is present: bypass LLM entirely.
+    - If user intent requires Order ID but it's missing: return NEED_ORDER_ID.
+    - Otherwise: allow LLM to answer general/non-order-specific questions using SELECT only.
     """
-    msg = user_message or ""
+    text = (user_message or "").lower().strip()
 
     # Fast path: if Order ID exists, bypass LLM completely
-    oid = extract_order_id(msg)
+    oid = extract_order_id(user_message or "")
     if oid:
         sql = f"SELECT * FROM orders_clean WHERE LOWER(order_id) = LOWER('{oid}')"
         return sql if is_safe_sql(sql) else "SELECT 'Unable to answer safely.' AS message;"
 
+    # If intent requires Order ID, do NOT hallucinate placeholders
+    must_have_order_id_intents = [
+        "where is my order",
+        "track my order",
+        "track order",
+        "order status",
+        "delivery status",
+        "when will my order arrive",
+        "order details",
+        "show me the details",
+        "my order is delayed",
+        "order delayed",
+        "order is late",
+        "refund",
+        "payment",
+        "cancel my order",
+        "cancel order",
+        "modify my order",
+        "change my order",
+        "postpone my order",
+        "deliver at different address",
+        "change address",
+        "reschedule delivery",
+    ]
+    if any(p in text for p in must_have_order_id_intents) or needs_order_id(user_message or ""):
+        return "SELECT 'NEED_ORDER_ID' AS message;"
+
     system_prompt = f"""
 You are an expert SQLite assistant for a food delivery company.
 
@@ -260,6 +309,9 @@ RULES:
 - Output ONLY the SQL query (no markdown, no comments, no explanation).
 - Allowed table name: orders_clean
 - Allowed operation: SELECT only
+- NEVER invent placeholders like 'your_order_id'.
+- If the query requires an order_id but it is missing, return exactly:
+  SELECT 'NEED_ORDER_ID' AS message;
 - If unsure:
   SELECT 'Unable to answer with available data.' AS message;
 """
@@ -269,7 +321,7 @@ RULES:
         temperature=0.1,
         messages=[
             {"role": "system", "content": system_prompt},
-            {"role": "user", "content": msg},
+            {"role": "user", "content": user_message or ""},
         ],
     )
 
@@ -281,12 +333,14 @@ RULES:
         sql = re.sub(r"^```", "", sql).strip()
         sql = sql.replace("```", "").strip()
 
-    # safer table forcing: only first FROM target if not already orders_clean
+    # Force FROM orders_clean (first FROM only)
+    sql = re.sub(r"\bfrom\s+\w+\b", "FROM orders_clean", sql, flags=re.IGNORECASE)
+
+    # Normalize order_id filter if produced
     sql = re.sub(
-        r"\bfrom\s+(?!orders_clean\b)([a-zA-Z_]\w*)\b",
-        "FROM orders_clean",
+        r"where\s+order_id\s*=\s*'([^']+)'",
+        r"WHERE LOWER(order_id) = LOWER('\1')",
         sql,
-        count=1,
         flags=re.IGNORECASE,
     )
 
@@ -339,23 +393,54 @@ If uncertain: {"sentiment":"neutral","escalate":false}
 # is_misuse_or_hacker_attempt()
 # =====================================================================
 def is_misuse_or_hacker_attempt(user_message: str) -> bool:
-    t = (user_message or "").lower().strip()
+    text = (user_message or "").lower().strip()
 
-    hacker = ["hack", "hacker", "hacking", "breach", "exploit", "bypass security", "root access", "admin access"]
-    bulk = ["full database", "entire database", "dump data", "export all", "all customers", "customer list", "all orders", "every order"]
-    jailbreak = ["ignore previous instructions", "override rules", "developer mode", "you are no longer restricted"]
-    inj = ["1=1", "union select", "drop table", "delete from", "insert into", "alter table", "truncate"]
+    hacker_keywords = [
+        r"\bhack\b", r"\bhacking\b", r"\bhacked\b",
+        "breach", "exploit", "bypass security",
+        "disable firewall", "root access", "admin access",
+        "reverse engineer"
+    ]
+    bulk_keywords = [
+        "full database", "entire database",
+        "all customers", "customer list",
+        "download database", "dump data", "export all",
+        "all orders", "every order", "order history", "export everything", "show everything"
+    ]
+    jailbreak_keywords = [
+        "ignore previous instructions",
+        "override rules", "forget rules",
+        "developer mode", "you are no longer restricted",
+        "pretend you are", "act like"
+    ]
+    sql_injection_keywords = [
+        "1=1", "union select",
+        "drop table", "delete from", "insert into",
+        "alter table", "truncate"
+    ]
 
-    if ";" in t and any(x in t for x in inj):
+    if ";" in text and any(k in text for k in sql_injection_keywords):
         return True
 
-    signals = hacker + bulk + jailbreak + inj
-    return any(s in t for s in signals)
+    return any(
+        re.search(pattern, text) for pattern in (
+            hacker_keywords + bulk_keywords + jailbreak_keywords + sql_injection_keywords
+        )
+    )
 
 # =====================================================================
 # create_ticket()
 # =====================================================================
-def create_ticket(user_message: str, sentiment: str, ticket_type: str = "general", order_id: Optional[str] = None) -> str:
+def create_ticket(
+    user_message: str,
+    sentiment: str,
+    ticket_type: str = "general",
+    order_id: Optional[str] = None
+) -> str:
+    if order_id is None:
+        m = re.search(ORDER_ID_REGEX, user_message or "")
+        order_id = m.group(0).upper() if m else None
+
     ticket_id = "TKT-" + uuid.uuid4().hex[:8].upper()
     created_at = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
 
@@ -381,18 +466,27 @@ def create_ticket(user_message: str, sentiment: str, ticket_type: str = "general
     return ticket_id
 
 # =====================================================================
-# sql_result_to_response()
+# sql_result_to_response()  (aligned with latest “NEED_ORDER_ID” behavior)
 # =====================================================================
-def sql_result_to_response(user_message: str, df: pd.DataFrame, max_rows_to_list: int = 5) -> str:
-    # handle firewall/SQL execution errors
+def sql_result_to_response(
+    user_message: str,
+    df: pd.DataFrame,
+    max_rows_to_list: int = 5
+) -> str:
+    # handle firewall/SQL execution errors and special messages
     if isinstance(df, pd.DataFrame) and "message" in df.columns and len(df) == 1:
-        return str(df.iloc[0]["message"])
+        msg = str(df.iloc[0]["message"])
+
+        if msg.strip().upper() == "NEED_ORDER_ID":
+            return f"{WELCOME_LINE}\n{ASK_ORDER_ID_LINE}"
+
+        return msg
 
     if df.empty:
         return (
             f"{WELCOME_LINE}\n"
-            "I couldn’t find a matching order for that Order ID.\n"
-            "Please double-check the Order ID and try again. 💛"
+            "I couldn’t find any matching order details for the information provided.\n"
+            f"{ASK_ORDER_ID_LINE}"
         )
 
     df_for_llm = df.head(max_rows_to_list).copy()
@@ -401,26 +495,31 @@ def sql_result_to_response(user_message: str, df: pd.DataFrame, max_rows_to_list
     system_prompt = f"""
 You are a polite and professional customer support chatbot for FoodHub.
 
-CRITICAL RULES (must follow):
+Always start with EXACTLY:
+"{WELCOME_LINE}"
+
+VERY IMPORTANT POLICY:
+- If ANY matching record exists in the data I give you → The order is CONFIRMED.
+- NEVER tell the user to re-check their order ID if matching rows exist.
+- NEVER say "order not found", "unable to locate order", or similar messages
+  when there is at least one matching record.
+- Instead, confidently acknowledge the order and use available data.
+
+CRITICAL DATA RULES:
 - NEVER invent or guess items, ETA, status, payment, or any order details.
 - Use ONLY the data provided in "Matching order data".
 - If information is missing, say it's unavailable in tracking.
 
-STYLE REQUIREMENT:
-- Always start with EXACTLY:
-  "{WELCOME_LINE}"
-
 DELIVERED TEMPLATE (use when order_status_std indicates delivered OR is_delivered == 1):
-- You MUST write a message in this exact style (same meaning, you may include the order id if available):
+- Use this meaning and style (you may include the order id if available):
   "I've checked on your order, and I'm happy to inform you that it has been delivered ✅. You should have received your order.
    If you have any further concerns or issues, please let me know. If you need anything else, I’m here to help! 💛"
 
 If NOT delivered:
-- Provide the latest known status.
+- Provide the latest known status clearly.
 - If delivery_time is missing but delivery_eta exists: share ETA.
 - If both delivery_time and delivery_eta missing: apologize for limited tracking.
-
-Keep it concise and helpful.
+- Keep it concise, warm, and helpful.
 """
 
     content = f"User question: {user_message}\n\nMatching order data (up to {max_rows_to_list} rows):\n{result_data}"
@@ -436,19 +535,26 @@ Keep it concise and helpful.
     return (resp.choices[0].message.content or "").strip()
 
 # =====================================================================
-# answer_user_question()
+# TOOL LAYER (aligned with your latest notebook structure)
 # =====================================================================
-def answer_user_question(user_message: str) -> str:
-    # Safety net: never answer order intents without Order ID
-    if needs_order_id(user_message) and not extract_order_id(user_message):
-        return f"{WELCOME_LINE}\n{ASK_ORDER_ID_LINE}"
-
+def order_query_tool(user_message: str) -> pd.DataFrame:
     sql = llm_to_sql(user_message)
+    print("[OrderQueryTool] Generated SQL:", sql)
     df = run_sql_query(sql)
-    return sql_result_to_response(user_message, df, max_rows_to_list=5)
+    print(f"[OrderQueryTool] Rows fetched: {len(df)}")
+    return df
+
+def answer_tool(user_message: str, df: pd.DataFrame) -> str:
+    reply = sql_result_to_response(user_message, df, max_rows_to_list=5)
+    print("[AnswerTool] Generated reply length:", len(reply))
+    return reply
+
+def order_support_tool(user_message: str) -> str:
+    df = order_query_tool(user_message)
+    return answer_tool(user_message, df)
 
 # =====================================================================
-# chatbot_response() – main orchestration
+# chatbot_response() – main orchestration (updated)
 # =====================================================================
 def chatbot_response(user_message: str) -> str:
     text = (user_message or "").strip()
@@ -473,7 +579,8 @@ def chatbot_response(user_message: str) -> str:
         return (
             f"{WELCOME_LINE}\n"
             "😔 Sorry, I can’t assist with that.\n"
-            "For privacy and security reasons, I can only help with your own order using a valid Order ID. 💛"
+            "For everyone’s safety and privacy, I can only help with your own order using a valid Order ID.\n"
+            "Try asking something like: *Where is my order O12488?* 💛"
         )
 
     # Third-party privacy
@@ -484,16 +591,8 @@ def chatbot_response(user_message: str) -> str:
             "Please ask them to contact FoodHub Support directly, or have them share their **Order ID** themselves. 💛"
         )
 
-    # ✅ Your global rule: any order-related request without Order ID → welcome + ask for Order ID
-    if needs_order_id(text) and not order_id:
-        return f"{WELCOME_LINE}\n{ASK_ORDER_ID_LINE}"
-
-    # Escalation path (still asks for Order ID if missing)
-    escalation_keywords = [
-        "raised the query multiple times", "asked multiple times",
-        "no resolution", "still not resolved", "immediate response"
-    ]
-    if any(k in t for k in escalation_keywords):
+    # Escalation (ticket)
+    if _is_escalation_intent(text):
         senti = analyze_sentiment_and_escalation(text)
         ticket_id = create_ticket(
             user_message=text,
@@ -503,14 +602,38 @@ def chatbot_response(user_message: str) -> str:
         )
         return (
             f"{WELCOME_LINE}\n"
-            "💛 I’m sorry you’ve had to follow up multiple times.\n\n"
-            "I’ve escalated this to a senior support agent.\n"
+            "💛 I’m really sorry you’ve had to follow up multiple times.\n\n"
+            "I’ve escalated this to a senior support agent so it gets immediate attention.\n"
             f"📌 Ticket ID: **{ticket_id}**\n\n"
             f"{ASK_ORDER_ID_LINE if not order_id else 'If you need anything else, I’m here to help! 💛'}"
         )
 
-    # Normal path
-    return answer_user_question(text)
+    # Cancellation (ticket)
+    if _is_cancel_intent(text):
+        if not order_id:
+            return f"{WELCOME_LINE}\n{ASK_ORDER_ID_LINE}"
+
+        senti = analyze_sentiment_and_escalation(text)
+        ticket_id = create_ticket(
+            user_message=f"Cancellation request for {order_id}. Original message: {text}",
+            sentiment=senti.get("sentiment", "neutral"),
+            ticket_type="cancellation",
+            order_id=order_id
+        )
+        return (
+            f"{WELCOME_LINE}\n"
+            f"🙏 I understand you would like to cancel **Order {order_id}**, and I’m sorry for the inconvenience.\n\n"
+            f"📝 Your cancellation request has been recorded.\n"
+            f"📌 **Ticket Reference ID:** `{ticket_id}`\n\n"
+            "A support specialist will verify and process it as soon as possible. 💛"
+        )
+
+    # Global rule: any order-related request without Order ID → welcome + ask for Order ID
+    if needs_order_id(text) and not order_id:
+        return f"{WELCOME_LINE}\n{ASK_ORDER_ID_LINE}"
+
+    # Normal order support pipeline (tools)
+    return order_support_tool(text)
 
 def chatbot(msg: str) -> str:
     return chatbot_response(msg)
@@ -581,4 +704,4 @@ if send_clicked:
         st.markdown('<div class="bot-label">FoodHub Assistant</div>', unsafe_allow_html=True)
         st.markdown(f"<div class='bot-bubble'>{bot_html}</div>", unsafe_allow_html=True)
     else:
-        st.warning("Please enter a message to continue.")
+        st.warning("Please enter a message to continue.")