Mercata: harden Griphook agent chat flow and payload limits

[jamessummerwill]

Context

This PR introduces a first-class Griphook agent experience inside Mercata and hardens the end-to-end chat path so it is usable under real mainnet payload sizes.

Primary goals:

• add an authenticated in-app Assistant panel backed by Griphook MCP + GPT summarization
• support explicit MCP tooling commands for debugging (/tools, /call, /help)
• stop unstable runtime behavior seen in testing (406 MCP proxy failures, GPT timeout surfacing as API error, oversized payload loops causing 413)

Root Cause Summary (Observed in local runtime)

• The chat flow could produce very large assistant outputs (hundreds of KB), then send that text back in subsequent history requests.
• This feedback loop eventually exceeded request body limits and returned 413 request entity too large.
• GPT requests could time out and bubble up as user-visible API failures instead of degrading gracefully.
• External-node mode (NODE_URL) still executed local node sync checks in backend startup, causing unnecessary blocking behavior.

What Changed

Backend API / MCP proxy

• Added dedicated chat routes:
  • POST /api/chat/mcp
  • POST /api/chat/agent
• Registered routes under /api/chat in the main router.
• Added ChatController with:
  • MCP HTTP bridge with support for JSON and SSE payload normalization
  • MCP session propagation via mcp-session-id request/response header passthrough
  • MCP initialize flow (initialize + notifications/initialized)
  • keyword-based read-only tool selection (strato.tokens, strato.rewards, strato.lending, strato.cdp, strato.bridge, strato.swap)
  • GPT summarization pass over MCP tool output

Resilience / payload hardening

• Added bounded input/output guardrails in chat controller:
  • max input chars: 2000
  • history window: 8 items
  • per-history item chars: 1200
  • tool output included in prompt: 16000 chars max
  • final assistant response: 2400 chars max
  • GPT max_tokens: 380
• Added GPT failure fallback:
  • if GPT call fails/times out, return truncated MCP tool output instead of 5xx
• Increased backend JSON parse limit to 1mb to better tolerate legitimate request sizes.

Backend config/runtime wiring

• Added backend config for:
  • GRIPHOOK_MCP_URL
  • GRIPHOOK_MCP_TIMEOUT_MS
  • OPENAI_API_KEY / GPT_TOKEN / GPT_API_KEY
  • OPENAI_MODEL / GPT_MODEL
  • OPENAI_API_BASE
  • OPENAI_TIMEOUT_MS
• Passed relevant env vars into backend service in mercata/docker-compose.yml.
• Updated mercata/backend/docker-run.sh:
  • if NODE_URL is set, skip local STRATO sync polling and start backend immediately.

Frontend Assistant experience

• Added new page: ui/src/pages/Assistant.tsx
  • chat UI with user/assistant message stream
  • command modes:
    • /help
    • /tools
    • /call <tool> <json-args>
  • default prompt path posts to /api/chat/agent
  • Enter-to-send, Shift+Enter newline
  • mcp-session-id continuity across requests
• Added route protection + routing:
  • ProtectedRoute for /dashboard/assistant
• Added navigation entries:
  • desktop sidebar: AI Assistant
  • mobile "More" menu: AI Assistant
• Added frontend-side payload controls:
  • render truncation for very large messages
  • history truncation before /chat/agent submission

File-by-File Summary

• mercata/backend/src/api/controllers/chat.controller.ts
  • New controller implementation for MCP proxy + GPT-backed agent + guardrails.
• mercata/backend/src/api/routes/chat.routes.ts
  • New chat route definitions.
• mercata/backend/src/api/routes.ts
  • Registers /chat router.
• mercata/backend/src/config/config.ts
  • Adds Griphook/GPT env configuration exports.
• mercata/backend/src/app.ts
  • Sets express.json({ limit: "1mb" }).
• mercata/backend/docker-run.sh
  • External-node fast path when NODE_URL is present.
• mercata/docker-compose.yml
  • Passes GPT/Griphook and related env vars to backend.
• mercata/ui/src/pages/Assistant.tsx
  • Adds full assistant panel and command handling.
• mercata/ui/src/App.tsx
  • Adds protected /dashboard/assistant route.
• mercata/ui/src/components/dashboard/DashboardSidebar.tsx
  • Adds assistant nav item.
• mercata/ui/src/components/dashboard/MobileBottomNav.tsx
  • Adds assistant nav item in mobile drawer.

Validation Performed

• Rebuilt images:
  • mercata-backend:latest
  • mercata-ui:latest
• Recreated services:
  • strato-backend-1
  • strato-ui-1
• Smoke tests:
  • normal POST /api/chat/agent => 200 + short answer
  • oversized history request (~180KB body) => 200 (no 413)
• Log verification:
  • prior 413 request entity too large pattern reproduced before hardening
  • no recurrence in post-change test runs

Notes / Non-Goals

• Existing Swagger YAML warnings from creditCard.routes predate this work and are not introduced by this PR.
• This PR does not change core trading/lending business logic; scope is assistant integration and request-path resilience.

Follow-ups (Optional)

• Add structured telemetry for assistant request/response sizes and truncation events.
• Add automated tests for /api/chat/agent payload bounding and timeout fallback behavior.
• Consider stricter server-side schema validation for history payload shape.