Zero-Shot App Provisioning

Tell Molly what you want — get it running. The first instalment of Phase Б (AI as operational plane) turns Molly from a chat surface into the operating plane of your server. You describe a goal in plain English or Russian; Molly recommends templates from the 115+ catalogue, you confirm, and the install + glue (proxy route, Drive folder, user invites) all happen as a chain of tool-call cards with per-step Apply buttons.

What you get

• apps.recommend Molly tool — natural-language goal in, top-3 ranked templates out. Cosine ranking on local embeddings, no cloud roundtrip required (Ollama default; cloud if configured).
• Install orchestrator — on confirm, Molly chains apps.install + proxy.add_route + drive.create_folder + users.invite based on what makes sense for the chosen template.
• Tool-call cards in chat — every Molly tool call renders as an expandable card: tool name, JSON arguments preview, result panel, and a primary Apply button per destructive action.
• Auto-confirm read-only tools — Settings → Molly toggle. Off by default. When on, calls like apps.recommend or list_apps fire without an Apply prompt.
• Rate limits — 5 tool calls per user message, 1 install per minute per user. Visible in chat as a friendly limiter message.

How it works

1. Embedding backfill

On first boot after the upgrade, Quazzar embeds every template’s name + display_name + description + tags into a local vector and stores them in the new app_template_embeddings SQLite table. Backfill runs in the background — does not block startup.

The embedding model defaults to mxbai-embed-large via Ollama. With a cloud key configured, it can fall back to OpenAI’s text-embedding-3-small. Switch models in Settings → AI → Embedding model; the next boot re-embeds anything stale.

Ranking is pure cosine similarity in Go — sub-millisecond after the cache loads.

2. Install intent

When you type a message like “Поставь медиа-сервер для семьи” or “set up a calendar server”, Molly’s intent classifier recognises the install verb and invokes apps.recommend(goal=…) automatically. You’ll see a recommendation list with the top-3 templates, each with a one-line reason.

3. Confirm + chain

Click Install on the template you want. Molly emits an orchestrator chain — typically:

apps.install(template=plex)
  └── proxy.add_route(domain=media.<your-domain>, target=plex:32400)
  └── drive.create_folder(path=/Media)
  └── users.invite(emails=[...])

Each step is a separate tool-call card in chat with its own Apply button. You confirm each destructive action. If your node doesn’t have a glue dependency wired (e.g. no Drive on this build), that step is silently omitted — the chain doesn’t fail, it just shrinks.

4. Safety rails

• All tool execution flows through the existing internal/sysctl chokepoint — Molly cannot exec arbitrary shell, only the whitelisted operations sysctl already enforces.
• 5 tool calls per user message and 1 install per minute prevent runaway tool storms.
• The users.invite step can only invite emails the asking user already has visibility on, gated by tier.

Auto-confirm read-only

Settings → Molly → Auto-confirm read-only tool calls flips behaviour for safe tools:

The toggle is off by default — flip it on once you’ve watched Molly behave on a few sessions and decided to trust the read paths.

API surface

No new HTTP endpoints in this release. Tool calls flow through the existing Molly chat SSE stream.

Limitations & roadmap

• Direct programmatic chain-emit — the recommendation card currently sends a /install <template> slash-command nudge back through the chat stream to trigger the orchestrator. A fully programmatic chain-emit through the SSE stream lands in 0.7.6.
• No saga rollback — if step 3 of a 4-step chain fails (e.g. proxy route fails after the app installed), you retry the failing leg manually. No automatic undo.
• Free tier uses local Ollama only — cloud LLMs gate behind Pro+ for big models. Embedding remains local on every tier.