In-App Documentation: AI Assistant, Cmd+K Search, and Permission-Aware Navigation (QA)

The in-app Documentation portal gains three capabilities: a conversational AI assistant that answers questions and cites the relevant doc pages, an instant Command+K search palette, and navigation that now hides pages a user is not permitted to see. This makes the help content far faster to navigate and safe to expose to different user roles. Shipped to the QA environment for testing.

The documentation portal previously offered only manual browsing with no search and no way to ask a question in natural language, so users had to hunt through the sidebar to find answers. It also showed every documentation page to every user regardless of role, which risked surfacing content meant for other permission levels. This work addresses discoverability and access control together.

• Faster answers: Users can ask a question in plain language and get a synthesized answer with links to the source pages, rather than reading through the tree.
• Instant search: A Command+K (or Search button) palette fuzzy-matches page titles, descriptions, categories and tags so the right page is one keystroke away.
• Role-correct content: The sidebar and page access are filtered to the logged-in user's permissions, so people only see documentation they are entitled to.
• Smoother reading: Assistant answers render formatted Markdown, internal links keep the assistant open, and the header now stays visible while scrolling.

Grounded in the diff (feature PR #725 merged into QA):

• AI assistant UI + hook: New DocsAIAssistant, DocsAssistantSidebar, DocsAIChatTrigger, and use-docs-chat.ts provide the chat panel, Zustand store (docs-ai-assistant.store.ts), Enter-to-send/Shift+Enter behavior, Markdown rendering via marked + DOMPurify, collapsible source citations, and a conversation-history cap of 8 turns.
• Server proxy route: New POST /api/docs-chat validates the body, fetches the user's permission keys, and forwards query + history + permissions to Strapi /api/ai-search server-side (so the Strapi token never reaches the browser); handles 429/502/503 with user-friendly messages.
• Command+K search: New DocsCommandPalette, use-docs-search-index.ts, FlexSearch index in lib/search.ts (indexes title/description/category/tags, capped at 20 results), backing search-index route, and docs-search-palette.store.ts.
• Permission-aware nav: New permissions.server.ts (reads /api/v1/auth/me), documentation.permissions.ts (extractRequiredPermissions), getNavigationTreeForUser, and DocPageClient access checks; mappers/types updated to read Strapi required_permissions_keys.
• Dependencies / config: Adds flexsearch and openai; large pnpm-lock.yaml churn (~5.4k lines) from transitive deps. devIndicators: false in next.config.ts, sticky header, and DOCS_REVALIDATE_SECONDS set to 0 for immediate doc revalidation. Note: CopilotKit was introduced mid-development and then largely removed/streamlined in later commits.

Moderate, contained to the Documentation portal. The new AI route depends on an external Strapi /api/ai-search service and correct env vars (NEXT_PUBLIC_STRAPI_URL, API token, NEXT_PUBLIC_API_URL); failures are handled gracefully and degrade to public-docs-only rather than throwing. The permission filter defaults to showing only public docs if the /auth/me call fails, so a misconfiguration could under-expose rather than leak content. Assistant output is sanitized with DOMPurify, but answer quality depends on the backend AI pipeline. DOCS_REVALIDATE_SECONDS=0 removes doc caching and may increase backend load. The heavy lockfile change warrants a clean install check.

• AI assistant: Open the assistant, ask several doc questions, confirm answers render formatted and cite working source links; verify internal links keep the assistant open and external links open in a new tab.
• Error handling: Confirm graceful messages when the backend is unreachable or rate-limited (no raw errors); verify history is limited and long conversations stay responsive.
• Cmd+K search: Trigger via Command+K and the Search button; confirm fuzzy matches on title/description/category/tags and that selecting a result navigates correctly.
• Permissions: Log in as different roles (e.g. internal admin vs client admin) and confirm the sidebar and direct page access only show permitted docs; confirm a logged-out/failed-permission state shows public docs only.
• Layout: Verify the sticky header and assistant sidebar positioning across Chrome, Safari, Firefox, and Edge.
• Build: Confirm a clean pnpm install and build succeed after the lockfile changes.