mirror of
https://github.com/pewdiepie-archdaemon/odysseus.git
synced 2026-07-16 13:08:02 +00:00
Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| bd0c67b6d3 | |||
| ff5bcd9864 |
@@ -15,10 +15,6 @@ build/
|
|||||||
# at runtime — never baked into the image. Mirrored in .gitignore.
|
# at runtime — never baked into the image. Mirrored in .gitignore.
|
||||||
secrets.env
|
secrets.env
|
||||||
secrets.env.*
|
secrets.env.*
|
||||||
secrets.env~
|
|
||||||
.secrets.env.swp
|
|
||||||
.secrets.env.swo
|
|
||||||
**/#secrets.env#
|
|
||||||
!secrets.env.example
|
!secrets.env.example
|
||||||
/data/
|
/data/
|
||||||
/logs/
|
/logs/
|
||||||
|
|||||||
@@ -19,7 +19,7 @@ jobs:
|
|||||||
name: Python syntax (compileall)
|
name: Python syntax (compileall)
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
||||||
with:
|
with:
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
|
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
|
||||||
@@ -32,7 +32,7 @@ jobs:
|
|||||||
name: JS syntax (node --check)
|
name: JS syntax (node --check)
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
||||||
with:
|
with:
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
|
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
|
||||||
@@ -54,7 +54,7 @@ jobs:
|
|||||||
# ROADMAP "fresh install smoke tests" item; make this required once green.
|
# ROADMAP "fresh install smoke tests" item; make this required once green.
|
||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
|
|||||||
@@ -37,7 +37,7 @@ jobs:
|
|||||||
contents: read
|
contents: read
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
||||||
with:
|
with:
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
|
|
||||||
|
|||||||
@@ -52,7 +52,7 @@ jobs:
|
|||||||
contents: read
|
contents: read
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
||||||
with:
|
with:
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
|
|
||||||
@@ -93,7 +93,7 @@ jobs:
|
|||||||
security-events: write # upload SARIF to the Security tab
|
security-events: write # upload SARIF to the Security tab
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
||||||
with:
|
with:
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
|
|
||||||
|
|||||||
@@ -36,7 +36,7 @@ jobs:
|
|||||||
contents: read
|
contents: read
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
||||||
with:
|
with:
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
|
|
||||||
@@ -55,7 +55,7 @@ jobs:
|
|||||||
contents: read
|
contents: read
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
||||||
with:
|
with:
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
|
|
||||||
|
|||||||
@@ -45,7 +45,7 @@ jobs:
|
|||||||
arch: arm64
|
arch: arm64
|
||||||
runner: ubuntu-24.04-arm
|
runner: ubuntu-24.04-arm
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
||||||
with:
|
with:
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
- name: Set up Buildx
|
- name: Set up Buildx
|
||||||
@@ -86,7 +86,7 @@ jobs:
|
|||||||
contents: read
|
contents: read
|
||||||
packages: write
|
packages: write
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
||||||
with:
|
with:
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
- name: Read APP_VERSION + short sha
|
- name: Read APP_VERSION + short sha
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ jobs:
|
|||||||
# Skip bots (Dependabot, release-drafter, etc.)
|
# Skip bots (Dependabot, release-drafter, etc.)
|
||||||
if: ${{ github.event.issue.user.type != 'Bot' }}
|
if: ${{ github.event.issue.user.type != 'Bot' }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
||||||
with:
|
with:
|
||||||
sparse-checkout: .github/scripts
|
sparse-checkout: .github/scripts
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
|
|||||||
@@ -23,7 +23,7 @@ jobs:
|
|||||||
# Skip bots: they open PRs programmatically and have their own process.
|
# Skip bots: they open PRs programmatically and have their own process.
|
||||||
if: github.event.pull_request.user.type != 'Bot'
|
if: github.event.pull_request.user.type != 'Bot'
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
||||||
with:
|
with:
|
||||||
ref: ${{ github.base_ref }}
|
ref: ${{ github.base_ref }}
|
||||||
sparse-checkout: .github/scripts
|
sparse-checkout: .github/scripts
|
||||||
|
|||||||
@@ -35,7 +35,7 @@ jobs:
|
|||||||
contents: read
|
contents: read
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
||||||
with:
|
with:
|
||||||
# Full history so a secret committed in an earlier commit (and later
|
# Full history so a secret committed in an earlier commit (and later
|
||||||
# deleted) is still caught -- deletion does not remove it from Git.
|
# deleted) is still caught -- deletion does not remove it from Git.
|
||||||
|
|||||||
@@ -36,7 +36,7 @@ jobs:
|
|||||||
contents: read
|
contents: read
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
||||||
with:
|
with:
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
|
|
||||||
@@ -61,7 +61,7 @@ jobs:
|
|||||||
contents: read
|
contents: read
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
||||||
with:
|
with:
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
|
|
||||||
|
|||||||
@@ -86,7 +86,6 @@ Bundled in `static/fonts/`:
|
|||||||
| [Fira Code](https://github.com/tonsky/FiraCode) | SIL Open Font License 1.1 | Nikita Prokopov & contributors |
|
| [Fira Code](https://github.com/tonsky/FiraCode) | SIL Open Font License 1.1 | Nikita Prokopov & contributors |
|
||||||
| [Inter](https://github.com/rsms/inter) | SIL Open Font License 1.1 | Rasmus Andersson |
|
| [Inter](https://github.com/rsms/inter) | SIL Open Font License 1.1 | Rasmus Andersson |
|
||||||
| [GohuFont](https://font.gohu.org/) (`fonts/custom/GohuFont.ttf`) | WTFPL | Hugo Chargois |
|
| [GohuFont](https://font.gohu.org/) (`fonts/custom/GohuFont.ttf`) | WTFPL | Hugo Chargois |
|
||||||
| [OpenDyslexic](https://opendyslexic.org/) (`fonts/OpenDyslexic-{Regular,Bold}.woff2`) | SIL Open Font License 1.1 ([`licenses/OpenDyslexic-OFL.txt`](licenses/OpenDyslexic-OFL.txt)) | Abbie Gonzalez |
|
|
||||||
|
|
||||||
## Python dependencies
|
## Python dependencies
|
||||||
|
|
||||||
|
|||||||
+1
-1
@@ -37,7 +37,7 @@ Manual development uses Python 3.11+:
|
|||||||
python3 -m venv venv
|
python3 -m venv venv
|
||||||
source venv/bin/activate
|
source venv/bin/activate
|
||||||
pip install -r requirements.txt
|
pip install -r requirements.txt
|
||||||
python -m uvicorn app:app --host 127.0.0.1 --port 7000
|
python -m uvicorn app:app --host 0.0.0.0 --port 7000
|
||||||
```
|
```
|
||||||
|
|
||||||
Windows is not actively tested. Docker on Linux or a Linux/macOS manual install is the safer path for now.
|
Windows is not actively tested. Docker on Linux or a Linux/macOS manual install is the safer path for now.
|
||||||
|
|||||||
-61
@@ -1,14 +1,3 @@
|
|||||||
# ---- builder: patch + build wheels for Real-ESRGAN's broken-on-3.14 deps ----
|
|
||||||
# basicsr/gfpgan/facexlib read their version via exec()+locals()['__version__'],
|
|
||||||
# which raises KeyError on Python 3.13+ (PEP 667). Build patched wheels here so
|
|
||||||
# the final image / Cookbook never has to compile the broken sdists. See
|
|
||||||
# docker/build-realesrgan-wheels.sh for the full rationale.
|
|
||||||
FROM python:3.14-slim AS realesrgan-wheels
|
|
||||||
RUN apt-get update && apt-get install -y --no-install-recommends curl \
|
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
|
||||||
COPY docker/build-realesrgan-wheels.sh /usr/local/bin/build-realesrgan-wheels.sh
|
|
||||||
RUN bash /usr/local/bin/build-realesrgan-wheels.sh /wheels
|
|
||||||
|
|
||||||
FROM python:3.14-slim
|
FROM python:3.14-slim
|
||||||
|
|
||||||
# System deps. tmux is required by Cookbook for background downloads/serves.
|
# System deps. tmux is required by Cookbook for background downloads/serves.
|
||||||
@@ -29,44 +18,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
|
|||||||
tmux \
|
tmux \
|
||||||
openssh-client \
|
openssh-client \
|
||||||
gosu \
|
gosu \
|
||||||
libgl1 \
|
|
||||||
libglib2.0-0t64 \
|
|
||||||
libxcb1 \
|
|
||||||
libmagic1 \
|
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
# libgl1/libglib2.0-0t64/libxcb1 are runtime shared libs (libGL.so.1,
|
|
||||||
# libglib-2.0/libgthread, libxcb.so.1) that opencv-python (cv2) loads. The
|
|
||||||
# slim base omits them, so the Cookbook "install realesrgan" path imports cv2
|
|
||||||
# and dies with `libxcb.so.1: cannot open shared object file` despite a clean
|
|
||||||
# pip install. Using full opencv-python (not -headless) because basicsr/gfpgan/
|
|
||||||
# facexlib/realesrgan all depend on the `opencv-python` distribution by name.
|
|
||||||
#
|
|
||||||
# libmagic1 is the shared lib (libmagic.so.1) that python-magic dlopens for
|
|
||||||
# content-based MIME sniffing in src/upload_handler.py. We install both here
|
|
||||||
# (libmagic1 + the python-magic wrapper, below) rather than in requirements.txt
|
|
||||||
# because python-magic resolves libmagic at import time: where the lib is
|
|
||||||
# absent the import can block or raise, so keeping it image-only avoids
|
|
||||||
# regressing pip/venv installs on hosts without libmagic. Debian always has the
|
|
||||||
# lib here, so the import is instant and detection actually works.
|
|
||||||
|
|
||||||
# Docker CLI (client only — daemon stays on the host via the
|
|
||||||
# /var/run/docker.sock mount). The Debian `docker.io` package ships
|
|
||||||
# dockerd but not the client binary on slim, so grab the static client
|
|
||||||
# tarball from download.docker.com instead.
|
|
||||||
ARG DOCKER_CLI_VERSION=27.5.1
|
|
||||||
RUN ARCH="$(dpkg --print-architecture)" \
|
|
||||||
&& case "$ARCH" in \
|
|
||||||
amd64) DARCH=x86_64 ;; \
|
|
||||||
arm64) DARCH=aarch64 ;; \
|
|
||||||
*) echo "unsupported arch $ARCH"; exit 1 ;; \
|
|
||||||
esac \
|
|
||||||
&& curl -fsSL "https://download.docker.com/linux/static/stable/${DARCH}/docker-${DOCKER_CLI_VERSION}.tgz" \
|
|
||||||
-o /tmp/docker.tgz \
|
|
||||||
&& tar -xzf /tmp/docker.tgz -C /tmp \
|
|
||||||
&& install -m 0755 /tmp/docker/docker /usr/local/bin/docker \
|
|
||||||
&& rm -rf /tmp/docker /tmp/docker.tgz
|
|
||||||
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
# Install Python deps first (layer cache). Optional extras (PyMuPDF AGPL, etc.)
|
# Install Python deps first (layer cache). Optional extras (PyMuPDF AGPL, etc.)
|
||||||
@@ -76,20 +29,6 @@ COPY requirements.txt requirements-optional.txt ./
|
|||||||
RUN pip install --no-cache-dir -r requirements.txt \
|
RUN pip install --no-cache-dir -r requirements.txt \
|
||||||
&& if [ "$INSTALL_OPTIONAL" = "true" ]; then pip install --no-cache-dir -r requirements-optional.txt; fi
|
&& if [ "$INSTALL_OPTIONAL" = "true" ]; then pip install --no-cache-dir -r requirements-optional.txt; fi
|
||||||
|
|
||||||
# python-magic powers content-based MIME sniffing in src/upload_handler.py.
|
|
||||||
# Image-only (not in requirements.txt) because it needs the libmagic1 system
|
|
||||||
# lib installed above; see the apt note near the top of this stage.
|
|
||||||
RUN pip install --no-cache-dir python-magic==0.4.27
|
|
||||||
|
|
||||||
# Pre-install the patched basicsr/gfpgan/facexlib wheels built in the
|
|
||||||
# realesrgan-wheels stage (--no-deps keeps the image lean — torch & friends are
|
|
||||||
# pulled only when realesrgan is actually installed). With these dists already
|
|
||||||
# satisfied, the Cookbook's plain `pip install realesrgan` resolves them from
|
|
||||||
# wheels instead of rebuilding the sdists that fail on Python 3.14.
|
|
||||||
COPY --from=realesrgan-wheels /wheels/ /tmp/odysseus-wheels/
|
|
||||||
RUN pip install --no-cache-dir --no-deps /tmp/odysseus-wheels/*.whl \
|
|
||||||
&& rm -rf /tmp/odysseus-wheels
|
|
||||||
|
|
||||||
# Copy app code
|
# Copy app code
|
||||||
COPY . .
|
COPY . .
|
||||||
|
|
||||||
|
|||||||
@@ -1,45 +0,0 @@
|
|||||||
# -*- mode: python ; coding: utf-8 -*-
|
|
||||||
|
|
||||||
|
|
||||||
a = Analysis(
|
|
||||||
['launcher.py'],
|
|
||||||
pathex=[],
|
|
||||||
binaries=[],
|
|
||||||
datas=[('static', 'static'), ('scripts', 'scripts'), ('mcp_servers', 'mcp_servers'), ('services/hwfit/data', 'services/hwfit/data'), ('config', 'config'), ('.env.example', '.env.example')],
|
|
||||||
hiddenimports=[],
|
|
||||||
hookspath=[],
|
|
||||||
hooksconfig={},
|
|
||||||
runtime_hooks=[],
|
|
||||||
excludes=[],
|
|
||||||
noarchive=False,
|
|
||||||
optimize=0,
|
|
||||||
)
|
|
||||||
pyz = PYZ(a.pure)
|
|
||||||
|
|
||||||
exe = EXE(
|
|
||||||
pyz,
|
|
||||||
a.scripts,
|
|
||||||
[],
|
|
||||||
exclude_binaries=True,
|
|
||||||
name='Odysseus',
|
|
||||||
debug=False,
|
|
||||||
bootloader_ignore_signals=False,
|
|
||||||
strip=False,
|
|
||||||
upx=True,
|
|
||||||
console=False,
|
|
||||||
disable_windowed_traceback=False,
|
|
||||||
argv_emulation=False,
|
|
||||||
target_arch=None,
|
|
||||||
codesign_identity=None,
|
|
||||||
entitlements_file=None,
|
|
||||||
icon=['static\\icon.ico'],
|
|
||||||
)
|
|
||||||
coll = COLLECT(
|
|
||||||
exe,
|
|
||||||
a.binaries,
|
|
||||||
a.datas,
|
|
||||||
strip=False,
|
|
||||||
upx=True,
|
|
||||||
upx_exclude=[],
|
|
||||||
name='Odysseus',
|
|
||||||
)
|
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
<p align="center">
|
<p align="center">
|
||||||
<img src="docs/odysseus-wordmark.png" alt="Odysseus" width="238">
|
<img src="docs/odysseus-wordmark.png" alt="Odysseus" width="280">
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p align="center">
|
<p align="center">
|
||||||
@@ -18,7 +18,7 @@
|
|||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p align="center">
|
<p align="center">
|
||||||
<img src="docs/odysseus-browser.jpg" alt="Odysseus interface">
|
<img src="docs/odysseus.jpg" alt="Odysseus interface">
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|||||||
@@ -1,17 +1,6 @@
|
|||||||
# app.py — slim orchestrator
|
# app.py — slim orchestrator
|
||||||
import mimetypes
|
import mimetypes
|
||||||
import os
|
import os
|
||||||
import sys
|
|
||||||
import asyncio
|
|
||||||
|
|
||||||
# On Windows, asyncio.create_subprocess_exec/shell require the ProactorEventLoop.
|
|
||||||
# When started via `python -m uvicorn` from a terminal, uvicorn sets this
|
|
||||||
# automatically. But the VS Code debugger (and other non-uvicorn entrypoints)
|
|
||||||
# use the default SelectorEventLoop, which raises NotImplementedError on any
|
|
||||||
# subprocess call. Force ProactorEventLoop here so the right loop is always
|
|
||||||
# used, regardless of how the process is launched.
|
|
||||||
if sys.platform == "win32":
|
|
||||||
asyncio.set_event_loop_policy(asyncio.WindowsProactorEventLoopPolicy())
|
|
||||||
|
|
||||||
|
|
||||||
def register_static_mime_types() -> None:
|
def register_static_mime_types() -> None:
|
||||||
@@ -49,12 +38,12 @@ load_dotenv(encoding="utf-8-sig")
|
|||||||
import asyncio
|
import asyncio
|
||||||
import logging
|
import logging
|
||||||
import secrets
|
import secrets
|
||||||
from datetime import datetime, timezone
|
from datetime import datetime
|
||||||
from typing import Dict
|
from typing import Dict
|
||||||
|
|
||||||
from contextlib import asynccontextmanager
|
from contextlib import asynccontextmanager
|
||||||
from fastapi import FastAPI, Request, HTTPException
|
from fastapi import FastAPI, Request, HTTPException
|
||||||
from fastapi.responses import JSONResponse, FileResponse
|
from fastapi.responses import JSONResponse, FileResponse, HTMLResponse
|
||||||
from fastapi.middleware.cors import CORSMiddleware
|
from fastapi.middleware.cors import CORSMiddleware
|
||||||
from fastapi.staticfiles import StaticFiles
|
from fastapi.staticfiles import StaticFiles
|
||||||
from starlette.middleware.base import BaseHTTPMiddleware
|
from starlette.middleware.base import BaseHTTPMiddleware
|
||||||
@@ -75,7 +64,7 @@ from core.exceptions import (
|
|||||||
|
|
||||||
import bcrypt as _bcrypt
|
import bcrypt as _bcrypt
|
||||||
|
|
||||||
from src.app_helpers import abs_join, serve_html_with_nonce
|
from src.app_helpers import abs_join
|
||||||
from src.generated_images import GENERATED_IMAGE_HEADERS, resolve_generated_image_path
|
from src.generated_images import GENERATED_IMAGE_HEADERS, resolve_generated_image_path
|
||||||
from starlette.responses import RedirectResponse
|
from starlette.responses import RedirectResponse
|
||||||
|
|
||||||
@@ -124,13 +113,12 @@ app = FastAPI(
|
|||||||
)
|
)
|
||||||
|
|
||||||
# ========= CORS =========
|
# ========= CORS =========
|
||||||
CORS_ALLOW_METHODS = ["GET", "POST", "PUT", "PATCH", "DELETE"]
|
|
||||||
allowed_origins = os.getenv("ALLOWED_ORIGINS", "http://localhost,http://127.0.0.1").split(",")
|
allowed_origins = os.getenv("ALLOWED_ORIGINS", "http://localhost,http://127.0.0.1").split(",")
|
||||||
app.add_middleware(
|
app.add_middleware(
|
||||||
CORSMiddleware,
|
CORSMiddleware,
|
||||||
allow_origins=allowed_origins,
|
allow_origins=allowed_origins,
|
||||||
allow_credentials=True,
|
allow_credentials=True,
|
||||||
allow_methods=CORS_ALLOW_METHODS,
|
allow_methods=["GET", "POST", "PUT", "DELETE"],
|
||||||
allow_headers=[
|
allow_headers=[
|
||||||
"Accept",
|
"Accept",
|
||||||
"Authorization",
|
"Authorization",
|
||||||
@@ -328,7 +316,7 @@ if AUTH_ENABLED:
|
|||||||
# (no admin cookie available in that context). Restricted to
|
# (no admin cookie available in that context). Restricted to
|
||||||
# loopback clients + matching token to keep it locked down.
|
# loopback clients + matching token to keep it locked down.
|
||||||
try:
|
try:
|
||||||
from core.middleware import INTERNAL_TOOL_HEADER, INTERNAL_TOOL_TOKEN as _ITT, INTERNAL_TOOL_USER
|
from core.middleware import INTERNAL_TOOL_HEADER, INTERNAL_TOOL_TOKEN as _ITT
|
||||||
_hdr = request.headers.get(INTERNAL_TOOL_HEADER)
|
_hdr = request.headers.get(INTERNAL_TOOL_HEADER)
|
||||||
if _hdr and secrets.compare_digest(_hdr, _ITT) and _is_trusted_loopback(request):
|
if _hdr and secrets.compare_digest(_hdr, _ITT) and _is_trusted_loopback(request):
|
||||||
# Impersonation: when the agent's loopback call sets
|
# Impersonation: when the agent's loopback call sets
|
||||||
@@ -340,11 +328,11 @@ if AUTH_ENABLED:
|
|||||||
if _impersonate and _impersonate in getattr(_auth_mgr, "users", {}):
|
if _impersonate and _impersonate in getattr(_auth_mgr, "users", {}):
|
||||||
request.state.current_user = _impersonate
|
request.state.current_user = _impersonate
|
||||||
else:
|
else:
|
||||||
request.state.current_user = INTERNAL_TOOL_USER
|
request.state.current_user = "internal-tool"
|
||||||
request.state.api_token = False
|
request.state.api_token = False
|
||||||
return await call_next(request)
|
return await call_next(request)
|
||||||
except Exception as _e:
|
except Exception:
|
||||||
logger.warning("Internal tool auth header check failed", exc_info=_e)
|
pass
|
||||||
# Allow DIRECT localhost requests (internal service calls from
|
# Allow DIRECT localhost requests (internal service calls from
|
||||||
# heartbeats etc.). Tunnel/proxy-forwarded requests are excluded by
|
# heartbeats etc.). Tunnel/proxy-forwarded requests are excluded by
|
||||||
# _is_trusted_loopback so LOCALHOST_BYPASS can't be abused over a
|
# _is_trusted_loopback so LOCALHOST_BYPASS can't be abused over a
|
||||||
@@ -397,10 +385,11 @@ if AUTH_ENABLED:
|
|||||||
_db.close()
|
_db.close()
|
||||||
try:
|
try:
|
||||||
await _asyncio.to_thread(_do)
|
await _asyncio.to_thread(_do)
|
||||||
except Exception as _e:
|
except Exception:
|
||||||
logger.debug("Failed to update token last_used_at", exc_info=_e)
|
pass
|
||||||
_asyncio.create_task(_touch_last_used(matched_id))
|
_asyncio.create_task(_touch_last_used(matched_id))
|
||||||
# Keep bearer-token callers out of normal cookie/user
|
# Keep bearer-token callers out of normal cookie/user
|
||||||
|
# routes. API-aware routes can read api_token_owner.
|
||||||
request.state.current_user = "api"
|
request.state.current_user = "api"
|
||||||
request.state.api_token = True
|
request.state.api_token = True
|
||||||
request.state.api_token_id = matched_id
|
request.state.api_token_id = matched_id
|
||||||
@@ -449,7 +438,7 @@ class _RevalidatingStatic(StaticFiles):
|
|||||||
return resp
|
return resp
|
||||||
|
|
||||||
|
|
||||||
app.mount("/static", _RevalidatingStatic(directory=STATIC_DIR), name="static")
|
app.mount("/static", _RevalidatingStatic(directory="static"), name="static")
|
||||||
|
|
||||||
# ========= GENERATED IMAGES =========
|
# ========= GENERATED IMAGES =========
|
||||||
@app.get("/api/generated-image/{filename}")
|
@app.get("/api/generated-image/{filename}")
|
||||||
@@ -475,8 +464,8 @@ async def serve_generated_image(filename: str, request: Request):
|
|||||||
_db.close()
|
_db.close()
|
||||||
except HTTPException:
|
except HTTPException:
|
||||||
raise
|
raise
|
||||||
except Exception as _e:
|
except Exception:
|
||||||
logger.warning("Image ownership verification failed for %r", filename, exc_info=_e)
|
pass
|
||||||
ext = filename.rsplit('.', 1)[-1].lower()
|
ext = filename.rsplit('.', 1)[-1].lower()
|
||||||
mime = {
|
mime = {
|
||||||
"png": "image/png", "jpg": "image/jpeg", "jpeg": "image/jpeg",
|
"png": "image/png", "jpg": "image/jpeg", "jpeg": "image/jpeg",
|
||||||
@@ -539,7 +528,6 @@ memory_vector = components.get("memory_vector")
|
|||||||
upload_handler = components["upload_handler"]
|
upload_handler = components["upload_handler"]
|
||||||
app.state.upload_handler = upload_handler
|
app.state.upload_handler = upload_handler
|
||||||
personal_docs_mgr = components["personal_docs_manager"]
|
personal_docs_mgr = components["personal_docs_manager"]
|
||||||
app.state.personal_docs_manager = personal_docs_mgr
|
|
||||||
api_key_manager = components["api_key_manager"]
|
api_key_manager = components["api_key_manager"]
|
||||||
preset_manager = components["preset_manager"]
|
preset_manager = components["preset_manager"]
|
||||||
chat_processor = components["chat_processor"]
|
chat_processor = components["chat_processor"]
|
||||||
@@ -685,7 +673,7 @@ from routes.signature_routes import setup_signature_routes
|
|||||||
app.include_router(setup_signature_routes())
|
app.include_router(setup_signature_routes())
|
||||||
|
|
||||||
# Gallery (image library)
|
# Gallery (image library)
|
||||||
from routes.gallery.gallery_routes import setup_gallery_routes
|
from routes.gallery_routes import setup_gallery_routes
|
||||||
app.include_router(setup_gallery_routes())
|
app.include_router(setup_gallery_routes())
|
||||||
|
|
||||||
# Persisted image-editor drafts (server-backed projects)
|
# Persisted image-editor drafts (server-backed projects)
|
||||||
@@ -801,17 +789,23 @@ app.include_router(setup_companion_routes())
|
|||||||
|
|
||||||
# ========= ROUTES (kept in app.py) =========
|
# ========= ROUTES (kept in app.py) =========
|
||||||
|
|
||||||
|
def _serve_html_with_nonce(request: Request, file_path: str) -> HTMLResponse:
|
||||||
|
"""Read an HTML file and inject the CSP nonce into inline <script> tags."""
|
||||||
|
with open(file_path, "r", encoding="utf-8") as f:
|
||||||
|
html = f.read()
|
||||||
|
nonce = getattr(request.state, "csp_nonce", "")
|
||||||
|
html = html.replace("{{CSP_NONCE}}", nonce)
|
||||||
|
return HTMLResponse(html)
|
||||||
|
|
||||||
@app.get("/")
|
@app.get("/")
|
||||||
async def serve_index(request: Request):
|
async def serve_index(request: Request):
|
||||||
static_path = abs_join(BASE_DIR, "static/index.html")
|
static_path = abs_join(BASE_DIR, "static/index.html")
|
||||||
if os.path.exists(static_path):
|
if os.path.exists(static_path):
|
||||||
return serve_html_with_nonce(request, static_path)
|
return _serve_html_with_nonce(request, static_path)
|
||||||
# No static bundle — fall back to a root-level index.html if one is shipped.
|
root_path = abs_join(BASE_DIR, "index.html")
|
||||||
# If neither exists, serve_html_with_nonce logs it and returns a generic 500:
|
if os.path.exists(root_path):
|
||||||
# a missing index.html is a broken deployment (server fault), not a client
|
return _serve_html_with_nonce(request, root_path)
|
||||||
# "not found". This keeps the app-shell route consistent with the other
|
raise HTTPException(404, "index.html not found")
|
||||||
# bundled-template routes instead of mislabelling the fault as a 404.
|
|
||||||
return serve_html_with_nonce(request, abs_join(BASE_DIR, "index.html"))
|
|
||||||
|
|
||||||
@app.get("/notes")
|
@app.get("/notes")
|
||||||
async def serve_notes(request: Request):
|
async def serve_notes(request: Request):
|
||||||
@@ -852,13 +846,13 @@ async def serve_library(request: Request):
|
|||||||
@app.get("/backgrounds")
|
@app.get("/backgrounds")
|
||||||
async def serve_backgrounds(request: Request):
|
async def serve_backgrounds(request: Request):
|
||||||
"""Sandbox page for prototyping background effects. No auth required."""
|
"""Sandbox page for prototyping background effects. No auth required."""
|
||||||
return serve_html_with_nonce(request, abs_join(BASE_DIR, "static/backgrounds.html"))
|
return _serve_html_with_nonce(request, abs_join(BASE_DIR, "static/backgrounds.html"))
|
||||||
|
|
||||||
@app.get("/login")
|
@app.get("/login")
|
||||||
async def serve_login(request: Request):
|
async def serve_login(request: Request):
|
||||||
if not AUTH_ENABLED:
|
if not AUTH_ENABLED:
|
||||||
return RedirectResponse(url="/", status_code=302)
|
return RedirectResponse(url="/", status_code=302)
|
||||||
return serve_html_with_nonce(request, abs_join(BASE_DIR, "static/login.html"))
|
return _serve_html_with_nonce(request, abs_join(BASE_DIR, "static/login.html"))
|
||||||
|
|
||||||
@app.get("/api/version")
|
@app.get("/api/version")
|
||||||
async def get_version():
|
async def get_version():
|
||||||
@@ -867,7 +861,7 @@ async def get_version():
|
|||||||
|
|
||||||
@app.get("/api/health")
|
@app.get("/api/health")
|
||||||
async def health_check() -> Dict[str, str]:
|
async def health_check() -> Dict[str, str]:
|
||||||
return {"status": "healthy", "timestamp": datetime.now(timezone.utc).isoformat()}
|
return {"status": "healthy", "timestamp": datetime.utcnow().isoformat()}
|
||||||
|
|
||||||
@app.get("/api/ready")
|
@app.get("/api/ready")
|
||||||
async def readiness_check() -> JSONResponse:
|
async def readiness_check() -> JSONResponse:
|
||||||
@@ -1177,12 +1171,3 @@ async def _shutdown_event():
|
|||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.warning(f"MCP shutdown error: {e}")
|
logger.warning(f"MCP shutdown error: {e}")
|
||||||
logger.info("Application shutdown complete")
|
logger.info("Application shutdown complete")
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
import uvicorn
|
|
||||||
|
|
||||||
bind_host = os.getenv("APP_BIND", "127.0.0.1")
|
|
||||||
bind_port = int(os.getenv("APP_PORT", "7000"))
|
|
||||||
|
|
||||||
uvicorn.run(app, host=bind_host, port=bind_port, log_level="info")
|
|
||||||
|
|||||||
@@ -1,72 +0,0 @@
|
|||||||
#Requires -Version 5.1
|
|
||||||
<#
|
|
||||||
Build a portable Windows distribution for Odysseus.
|
|
||||||
|
|
||||||
Output layout:
|
|
||||||
dist\Odysseus\Odysseus.exe
|
|
||||||
dist\Odysseus\static\...
|
|
||||||
dist\Odysseus\scripts\...
|
|
||||||
dist\Odysseus\mcp_servers\...
|
|
||||||
dist\Odysseus\services\hwfit\data\...
|
|
||||||
|
|
||||||
The app then keeps using its normal filesystem layout when frozen.
|
|
||||||
|
|
||||||
Usage:
|
|
||||||
powershell -ExecutionPolicy Bypass -File .\build-windows-portable.ps1
|
|
||||||
#>
|
|
||||||
|
|
||||||
$ErrorActionPreference = "Stop"
|
|
||||||
Set-Location -Path $PSScriptRoot
|
|
||||||
|
|
||||||
function Write-Step($msg) { Write-Host ""; Write-Host ("==> " + $msg) -ForegroundColor Cyan }
|
|
||||||
function Fail($msg) {
|
|
||||||
Write-Host ""
|
|
||||||
Write-Host ("ERROR: " + $msg) -ForegroundColor Red
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
Write-Step "Checking for Python"
|
|
||||||
$pyExe = $null
|
|
||||||
if (Test-Path ".\.venv\Scripts\python.exe") {
|
|
||||||
$pyExe = (Resolve-Path ".\.venv\Scripts\python.exe").Path
|
|
||||||
} else {
|
|
||||||
foreach ($c in @("py", "python")) {
|
|
||||||
$cmd = Get-Command $c -ErrorAction SilentlyContinue
|
|
||||||
if ($cmd) { $pyExe = $cmd.Source; break }
|
|
||||||
}
|
|
||||||
if ($pyExe -like "*WindowsApps*python.exe") {
|
|
||||||
$pyCmd = Get-Command py -ErrorAction SilentlyContinue
|
|
||||||
if ($pyCmd) {
|
|
||||||
$pyExe = $pyCmd.Source
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (-not $pyExe) {
|
|
||||||
Fail "Python not found on PATH. Install Python 3.11+ first."
|
|
||||||
}
|
|
||||||
Write-Host ("Using Python: " + $pyExe)
|
|
||||||
|
|
||||||
Write-Step "Installing build dependencies"
|
|
||||||
& $pyExe -m pip install --upgrade pip --quiet
|
|
||||||
& $pyExe -m pip install -r requirements.txt pyinstaller pystray Pillow
|
|
||||||
if ($LASTEXITCODE -ne 0) { Fail "Dependency install failed." }
|
|
||||||
|
|
||||||
Write-Step "Building portable exe bundle"
|
|
||||||
Remove-Item -Recurse -Force build, dist -ErrorAction SilentlyContinue
|
|
||||||
|
|
||||||
$dataArgs = @(
|
|
||||||
"--add-data", "static;static",
|
|
||||||
"--add-data", "scripts;scripts",
|
|
||||||
"--add-data", "mcp_servers;mcp_servers",
|
|
||||||
"--add-data", "services/hwfit/data;services/hwfit/data",
|
|
||||||
"--add-data", "config;config",
|
|
||||||
"--add-data", ".env.example;.env.example"
|
|
||||||
)
|
|
||||||
|
|
||||||
& $pyExe -m PyInstaller --noconfirm --clean --onedir --noconsole --icon=static/icon.ico --name Odysseus @dataArgs launcher.py
|
|
||||||
if ($LASTEXITCODE -ne 0) { Fail "PyInstaller build failed." }
|
|
||||||
|
|
||||||
Write-Host ""
|
|
||||||
Write-Host "Build complete." -ForegroundColor Green
|
|
||||||
Write-Host "Portable app folder: $PSScriptRoot\dist\Odysseus" -ForegroundColor Green
|
|
||||||
Write-Host "Distribute the whole folder (or zip it) so static assets and scripts stay with the exe." -ForegroundColor Green
|
|
||||||
+3
-17
@@ -5,9 +5,8 @@ offers and pair to it, without duplicating any LLM logic.
|
|||||||
|
|
||||||
Auth is enforced globally by AuthMiddleware (app.py), so reaching a handler here
|
Auth is enforced globally by AuthMiddleware (app.py), so reaching a handler here
|
||||||
means the caller is authenticated by either a cookie session or a Bearer `ody_`
|
means the caller is authenticated by either a cookie session or a Bearer `ody_`
|
||||||
API token. Ping/info accept either credential type, models requires a chat-
|
API token. The read endpoints (ping/info/models) accept either; the pairing
|
||||||
scoped API token for bearer callers, and the pairing endpoints are admin-cookie
|
endpoints are admin-cookie only.
|
||||||
only.
|
|
||||||
|
|
||||||
Pairing CSRF posture: minting happens ONLY on POST. The session cookie is
|
Pairing CSRF posture: minting happens ONLY on POST. The session cookie is
|
||||||
SameSite=Lax (routes/auth_routes.py), which a browser does not send on a
|
SameSite=Lax (routes/auth_routes.py), which a browser does not send on a
|
||||||
@@ -19,7 +18,7 @@ on a GET would be unsafe (Lax cookies ride top-level GET navigations), so GET
|
|||||||
|
|
||||||
import html
|
import html
|
||||||
|
|
||||||
from fastapi import APIRouter, HTTPException, Request
|
from fastapi import APIRouter, Request
|
||||||
from fastapi.responses import HTMLResponse
|
from fastapi.responses import HTMLResponse
|
||||||
|
|
||||||
from core.middleware import require_admin
|
from core.middleware import require_admin
|
||||||
@@ -53,18 +52,6 @@ def owner_can_see(row_owner, owner) -> bool:
|
|||||||
return row_owner is None or row_owner == owner
|
return row_owner is None or row_owner == owner
|
||||||
|
|
||||||
|
|
||||||
def require_models_scope(request: Request) -> None:
|
|
||||||
"""Require the companion chat scope for bearer-token model inventory."""
|
|
||||||
if not getattr(request.state, "api_token", False):
|
|
||||||
return
|
|
||||||
scopes = getattr(request.state, "api_token_scopes", None) or []
|
|
||||||
if isinstance(scopes, str):
|
|
||||||
scopes = [scope.strip() for scope in scopes.split(",")]
|
|
||||||
scope_set = {str(scope).strip() for scope in scopes if str(scope).strip()}
|
|
||||||
if _pairing.COMPANION_SCOPE not in scope_set:
|
|
||||||
raise HTTPException(403, "API token requires chat scope")
|
|
||||||
|
|
||||||
|
|
||||||
def mint_pairing_token(owner: str, invalidate=None) -> tuple[str, str]:
|
def mint_pairing_token(owner: str, invalidate=None) -> tuple[str, str]:
|
||||||
"""Mint a pairing token AND invalidate the auth middleware's in-memory token
|
"""Mint a pairing token AND invalidate the auth middleware's in-memory token
|
||||||
cache, so the new token is accepted on the very next request without a server
|
cache, so the new token is accepted on the very next request without a server
|
||||||
@@ -116,7 +103,6 @@ def setup_companion_routes() -> APIRouter:
|
|||||||
rows -- the same rule as owner_filter. Read-only; never returns api_key
|
rows -- the same rule as owner_filter. Read-only; never returns api_key
|
||||||
material.
|
material.
|
||||||
"""
|
"""
|
||||||
require_models_scope(request)
|
|
||||||
import json as _json
|
import json as _json
|
||||||
|
|
||||||
from core.database import SessionLocal, ModelEndpoint
|
from core.database import SessionLocal, ModelEndpoint
|
||||||
|
|||||||
+18
-34
@@ -20,7 +20,6 @@ logger = logging.getLogger(__name__)
|
|||||||
|
|
||||||
|
|
||||||
from core.atomic_io import atomic_write_json as _atomic_write_json # noqa: E402
|
from core.atomic_io import atomic_write_json as _atomic_write_json # noqa: E402
|
||||||
from core.middleware import INTERNAL_TOOL_USER # noqa: E402
|
|
||||||
|
|
||||||
DEFAULT_PRIVILEGES = {
|
DEFAULT_PRIVILEGES = {
|
||||||
"can_use_agent": True,
|
"can_use_agent": True,
|
||||||
@@ -48,7 +47,7 @@ ADMIN_PRIVILEGES["allowed_models_restricted"] = False
|
|||||||
# backwards for this sentinel.
|
# backwards for this sentinel.
|
||||||
ADMIN_PRIVILEGES["block_all_models"] = False
|
ADMIN_PRIVILEGES["block_all_models"] = False
|
||||||
|
|
||||||
from src.constants import AUTH_FILE, PASSWORD_MIN_LENGTH
|
from src.constants import AUTH_FILE
|
||||||
DEFAULT_AUTH_PATH = AUTH_FILE
|
DEFAULT_AUTH_PATH = AUTH_FILE
|
||||||
TOKEN_TTL = 60 * 60 * 24 * 7 # 7 days
|
TOKEN_TTL = 60 * 60 * 24 * 7 # 7 days
|
||||||
|
|
||||||
@@ -66,7 +65,7 @@ TOKEN_TTL = 60 * 60 * 24 * 7 # 7 days
|
|||||||
# of those names would be denied an assistant and inconsistently owner-scoped.
|
# of those names would be denied an assistant and inconsistently owner-scoped.
|
||||||
# Refuse to create or rename into any of them so the sentinels can't be
|
# Refuse to create or rename into any of them so the sentinels can't be
|
||||||
# impersonated. (Keep this in sync with that synthetic-owner set.)
|
# impersonated. (Keep this in sync with that synthetic-owner set.)
|
||||||
RESERVED_USERNAMES = frozenset({INTERNAL_TOOL_USER, "api", "demo", "system"})
|
RESERVED_USERNAMES = frozenset({"internal-tool", "api", "demo", "system"})
|
||||||
|
|
||||||
|
|
||||||
def normalize_known_username(users: Dict[str, Any], username: str | None) -> Optional[str]:
|
def normalize_known_username(users: Dict[str, Any], username: str | None) -> Optional[str]:
|
||||||
@@ -176,17 +175,16 @@ class AuthManager:
|
|||||||
)
|
)
|
||||||
old_user = "admin"
|
old_user = "admin"
|
||||||
old_hash = self._config["password_hash"]
|
old_hash = self._config["password_hash"]
|
||||||
with self._config_lock:
|
self._config = {
|
||||||
self._config = {
|
"users": {
|
||||||
"users": {
|
old_user: {
|
||||||
old_user: {
|
"password_hash": old_hash,
|
||||||
"password_hash": old_hash,
|
"created": time.time(),
|
||||||
"created": time.time(),
|
"is_admin": True,
|
||||||
"is_admin": True,
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
self._save()
|
}
|
||||||
|
self._save()
|
||||||
logger.info(f"Migrated single-user auth to multi-user (admin: {old_user})")
|
logger.info(f"Migrated single-user auth to multi-user (admin: {old_user})")
|
||||||
|
|
||||||
def _drop_reserved_loaded_users(self):
|
def _drop_reserved_loaded_users(self):
|
||||||
@@ -205,9 +203,8 @@ class AuthManager:
|
|||||||
continue
|
continue
|
||||||
normalized[key] = data
|
normalized[key] = data
|
||||||
if removed or normalized != users:
|
if removed or normalized != users:
|
||||||
with self._config_lock:
|
self._config["users"] = normalized
|
||||||
self._config["users"] = normalized
|
self._save()
|
||||||
self._save()
|
|
||||||
if removed:
|
if removed:
|
||||||
logger.warning(
|
logger.warning(
|
||||||
"Removed reserved username(s) from auth config: %s",
|
"Removed reserved username(s) from auth config: %s",
|
||||||
@@ -246,15 +243,6 @@ class AuthManager:
|
|||||||
def is_configured(self) -> bool:
|
def is_configured(self) -> bool:
|
||||||
return len(self.users) > 0
|
return len(self.users) > 0
|
||||||
|
|
||||||
def policy(self) -> dict:
|
|
||||||
"""Return public auth policy constants for the frontend."""
|
|
||||||
return {
|
|
||||||
"password_min_length": PASSWORD_MIN_LENGTH,
|
|
||||||
"reserved_usernames": sorted(RESERVED_USERNAMES),
|
|
||||||
"signup_enabled": self.signup_enabled,
|
|
||||||
"session_days": TOKEN_TTL // 86400,
|
|
||||||
}
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------
|
# ------------------------------------------------------------------
|
||||||
# Account management
|
# Account management
|
||||||
# ------------------------------------------------------------------
|
# ------------------------------------------------------------------
|
||||||
@@ -585,20 +573,16 @@ class AuthManager:
|
|||||||
return None
|
return None
|
||||||
return self.create_session_trusted(username)
|
return self.create_session_trusted(username)
|
||||||
|
|
||||||
def create_session_trusted(self, username: str) -> Optional[str]:
|
def create_session_trusted(self, username: str) -> str:
|
||||||
"""Issue a session token for an already-verified user.
|
"""Issue a session token for an already-verified user.
|
||||||
Call only after verify_password (and TOTP if enabled) have passed."""
|
Call only after verify_password (and TOTP if enabled) have passed."""
|
||||||
username = username.strip().lower()
|
username = username.strip().lower()
|
||||||
token = secrets.token_hex(32)
|
token = secrets.token_hex(32)
|
||||||
with self._config_lock:
|
with self._sessions_lock:
|
||||||
if username not in self.users:
|
self._sessions[token] = {
|
||||||
logger.warning("Refused to issue session for missing user '%s'", username)
|
"username": username,
|
||||||
return None
|
"expiry": time.time() + TOKEN_TTL,
|
||||||
with self._sessions_lock:
|
}
|
||||||
self._sessions[token] = {
|
|
||||||
"username": username,
|
|
||||||
"expiry": time.time() + TOKEN_TTL,
|
|
||||||
}
|
|
||||||
self._save_sessions()
|
self._save_sessions()
|
||||||
return token
|
return token
|
||||||
|
|
||||||
|
|||||||
+2
-22
@@ -2,15 +2,12 @@ import os
|
|||||||
import logging
|
import logging
|
||||||
import sqlite3
|
import sqlite3
|
||||||
from datetime import datetime, timezone
|
from datetime import datetime, timezone
|
||||||
from pathlib import Path
|
|
||||||
from sqlalchemy import event, create_engine, Column, String, Text, Boolean, DateTime, Integer, ForeignKey, JSON, Index, func, text
|
from sqlalchemy import event, create_engine, Column, String, Text, Boolean, DateTime, Integer, ForeignKey, JSON, Index, func, text
|
||||||
from sqlalchemy.engine import Engine
|
from sqlalchemy.engine import Engine
|
||||||
from sqlalchemy.types import TypeDecorator
|
from sqlalchemy.types import TypeDecorator
|
||||||
from sqlalchemy.ext.declarative import declarative_base, declared_attr
|
from sqlalchemy.ext.declarative import declarative_base, declared_attr
|
||||||
from sqlalchemy.orm import relationship, sessionmaker, backref
|
from sqlalchemy.orm import relationship, sessionmaker, backref
|
||||||
|
|
||||||
from src.runtime_paths import get_app_root
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
# Create base class for declarative models
|
# Create base class for declarative models
|
||||||
@@ -32,26 +29,9 @@ class TimestampMixin:
|
|||||||
def updated_at(cls):
|
def updated_at(cls):
|
||||||
return Column(DateTime, default=utcnow_naive, onupdate=utcnow_naive, nullable=False)
|
return Column(DateTime, default=utcnow_naive, onupdate=utcnow_naive, nullable=False)
|
||||||
|
|
||||||
# Ensure the writable data directory exists before SQLite connects.
|
|
||||||
from src.constants import DATA_DIR, AUTH_FILE, MEMORY_FILE, USER_PREFS_FILE, SETTINGS_FILE
|
|
||||||
Path(DATA_DIR).mkdir(parents=True, exist_ok=True)
|
|
||||||
|
|
||||||
|
|
||||||
def _default_database_url() -> str:
|
|
||||||
return f"sqlite:///{Path(DATA_DIR) / 'app.db'}"
|
|
||||||
|
|
||||||
|
|
||||||
def _normalize_sqlite_url(url: str) -> str:
|
|
||||||
if not url.startswith("sqlite:///"):
|
|
||||||
return url
|
|
||||||
db_path = url.replace("sqlite:///", "", 1)
|
|
||||||
if db_path == ":memory:" or os.path.isabs(db_path):
|
|
||||||
return url
|
|
||||||
return f"sqlite:///{(Path(get_app_root()) / db_path).resolve().as_posix()}"
|
|
||||||
|
|
||||||
|
|
||||||
# Get database URL from environment, default to SQLite in DATA_DIR
|
# Get database URL from environment, default to SQLite in DATA_DIR
|
||||||
DATABASE_URL = _normalize_sqlite_url(os.getenv("DATABASE_URL", _default_database_url()))
|
from src.constants import DATA_DIR, AUTH_FILE, MEMORY_FILE, USER_PREFS_FILE, SETTINGS_FILE
|
||||||
|
DATABASE_URL = os.getenv("DATABASE_URL", f"sqlite:///{DATA_DIR}/app.db")
|
||||||
|
|
||||||
# Create engine
|
# Create engine
|
||||||
engine = create_engine(
|
engine = create_engine(
|
||||||
|
|||||||
+1
-1
@@ -1,4 +1,4 @@
|
|||||||
# core/exceptions.py
|
# src/exceptions.py
|
||||||
"""Custom exceptions for the application."""
|
"""Custom exceptions for the application."""
|
||||||
|
|
||||||
class SessionNotFoundError(Exception):
|
class SessionNotFoundError(Exception):
|
||||||
|
|||||||
@@ -1,27 +0,0 @@
|
|||||||
"""Helpers for keeping sensitive data out of logs.
|
|
||||||
|
|
||||||
Endpoint URLs configured by admins can embed credentials in the userinfo
|
|
||||||
(``https://user:pass@host``) or query string (``?api_key=...``). Logging them
|
|
||||||
raw leaks those secrets, so route/diagnostic logs run URLs through
|
|
||||||
``redact_url`` first. Reconstructing the URL without userinfo/query/fragment
|
|
||||||
also doubles as a sanitizer barrier for CodeQL's clear-text-logging query.
|
|
||||||
"""
|
|
||||||
|
|
||||||
from urllib.parse import urlparse, urlunparse
|
|
||||||
|
|
||||||
|
|
||||||
def redact_url(url: str) -> str:
|
|
||||||
"""Return a URL safe for logs by removing userinfo and query/fragment.
|
|
||||||
|
|
||||||
Keeps scheme, host, port and path so logs stay useful for debugging.
|
|
||||||
"""
|
|
||||||
try:
|
|
||||||
parsed = urlparse(url or "")
|
|
||||||
host = parsed.hostname or ""
|
|
||||||
if ":" in host: # IPv6 literal — re-bracket so host:port stays unambiguous
|
|
||||||
host = f"[{host}]"
|
|
||||||
if parsed.port:
|
|
||||||
host = f"{host}:{parsed.port}"
|
|
||||||
return urlunparse((parsed.scheme, host, parsed.path, "", "", ""))
|
|
||||||
except Exception:
|
|
||||||
return "<endpoint>"
|
|
||||||
+7
-6
@@ -15,8 +15,6 @@ from starlette.responses import Response
|
|||||||
# same value from this module. Never persisted or exposed externally.
|
# same value from this module. Never persisted or exposed externally.
|
||||||
INTERNAL_TOOL_TOKEN = os.environ.get("ODYSSEUS_INTERNAL_TOKEN") or secrets.token_hex(32)
|
INTERNAL_TOOL_TOKEN = os.environ.get("ODYSSEUS_INTERNAL_TOKEN") or secrets.token_hex(32)
|
||||||
INTERNAL_TOOL_HEADER = "X-Odysseus-Internal-Token"
|
INTERNAL_TOOL_HEADER = "X-Odysseus-Internal-Token"
|
||||||
# Pseudo-username on in-process tool-loopback requests; require_admin trusts it and it is reserved.
|
|
||||||
INTERNAL_TOOL_USER = "internal-tool"
|
|
||||||
|
|
||||||
|
|
||||||
def is_cors_preflight(method: str, headers) -> bool:
|
def is_cors_preflight(method: str, headers) -> bool:
|
||||||
@@ -41,7 +39,7 @@ def require_admin(request: Request):
|
|||||||
hdr = request.headers.get(INTERNAL_TOOL_HEADER)
|
hdr = request.headers.get(INTERNAL_TOOL_HEADER)
|
||||||
if hdr and secrets.compare_digest(hdr, INTERNAL_TOOL_TOKEN):
|
if hdr and secrets.compare_digest(hdr, INTERNAL_TOOL_TOKEN):
|
||||||
return
|
return
|
||||||
if getattr(request.state, "current_user", None) == INTERNAL_TOOL_USER:
|
if getattr(request.state, "current_user", None) == "internal-tool":
|
||||||
return
|
return
|
||||||
except Exception:
|
except Exception:
|
||||||
pass
|
pass
|
||||||
@@ -67,9 +65,10 @@ class SecurityHeadersMiddleware(BaseHTTPMiddleware):
|
|||||||
response = await call_next(request)
|
response = await call_next(request)
|
||||||
path = request.url.path
|
path = request.url.path
|
||||||
|
|
||||||
# Tool render endpoints
|
# Tool render endpoints are served inside iframes — allow framing by self
|
||||||
is_tool_render = path.startswith("/api/tools/") and path.endswith("/render")
|
is_tool_render = path.startswith("/api/tools/") and path.endswith("/render")
|
||||||
# Document library PDF preview endpoint
|
# PDF previews are embedded by the in-app document library. Keep the
|
||||||
|
# exception route-scoped so normal app pages remain unframeable.
|
||||||
is_document_pdf_preview = path.startswith("/api/document/") and path.endswith("/render-pdf")
|
is_document_pdf_preview = path.startswith("/api/document/") and path.endswith("/render-pdf")
|
||||||
# Visual report pages are self-contained HTML — need inline scripts + external images
|
# Visual report pages are self-contained HTML — need inline scripts + external images
|
||||||
is_report = path.startswith("/api/research/report/")
|
is_report = path.startswith("/api/research/report/")
|
||||||
@@ -96,7 +95,9 @@ class SecurityHeadersMiddleware(BaseHTTPMiddleware):
|
|||||||
"frame-ancestors 'none'"
|
"frame-ancestors 'none'"
|
||||||
)
|
)
|
||||||
elif is_tool_render:
|
elif is_tool_render:
|
||||||
# Skip framing headers for tools.
|
# Tool iframe content: skip all framing headers — the iframe's
|
||||||
|
# sandbox="allow-scripts" attribute provides isolation.
|
||||||
|
# Don't overwrite the route's own restrictive CSP either.
|
||||||
pass
|
pass
|
||||||
elif is_document_pdf_preview:
|
elif is_document_pdf_preview:
|
||||||
response.headers["X-Frame-Options"] = "SAMEORIGIN"
|
response.headers["X-Frame-Options"] = "SAMEORIGIN"
|
||||||
|
|||||||
+1
-12
@@ -40,18 +40,7 @@ def _parse_msg_content(raw):
|
|||||||
if isinstance(raw, str) and raw.startswith('[{') and '"type"' in raw:
|
if isinstance(raw, str) and raw.startswith('[{') and '"type"' in raw:
|
||||||
try:
|
try:
|
||||||
parsed = json.loads(raw)
|
parsed = json.loads(raw)
|
||||||
# Only treat as serialized multimodal content when EVERY element is
|
if isinstance(parsed, list) and all(isinstance(p, dict) for p in parsed):
|
||||||
# a dict whose "type" is a recognized content-block kind. Otherwise a
|
|
||||||
# plain text message that merely *looks* like a JSON array of objects
|
|
||||||
# (e.g. a user pasting an API schema/sample with a "type" field) was
|
|
||||||
# silently parsed back into a list, destroying the original string.
|
|
||||||
_BLOCK_TYPES = {
|
|
||||||
"text", "image", "image_url", "audio", "input_audio",
|
|
||||||
"input_image", "document", "file",
|
|
||||||
}
|
|
||||||
if (isinstance(parsed, list) and parsed
|
|
||||||
and all(isinstance(p, dict) and p.get("type") in _BLOCK_TYPES
|
|
||||||
for p in parsed)):
|
|
||||||
return parsed
|
return parsed
|
||||||
except (json.JSONDecodeError, ValueError):
|
except (json.JSONDecodeError, ValueError):
|
||||||
pass
|
pass
|
||||||
|
|||||||
@@ -28,14 +28,6 @@ services:
|
|||||||
# land under /app/.local for the odysseus user. Persist them so a
|
# land under /app/.local for the odysseus user. Persist them so a
|
||||||
# container recreate does not silently remove installed serve engines.
|
# container recreate does not silently remove installed serve engines.
|
||||||
- ${APP_DATA_DIR:-./data}/local:/app/.local:z
|
- ${APP_DATA_DIR:-./data}/local:/app/.local:z
|
||||||
# Docker socket — lets Cookbook launch commands like
|
|
||||||
# `docker exec ollama-rocm ollama show <tag>` reach the host's
|
|
||||||
# Docker daemon (and sibling containers like ollama-rocm /
|
|
||||||
# ollama-test). The in-container user needs to be in the
|
|
||||||
# socket's owning group — see `group_add` below; the GID
|
|
||||||
# there must match the host's `docker` group (defaults to 963
|
|
||||||
# on Debian, 999 on Ubuntu — override via env if yours differs).
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
extra_hosts:
|
extra_hosts:
|
||||||
# Lets the container reach local services on the Docker host, including
|
# Lets the container reach local services on the Docker host, including
|
||||||
# Ollama at http://host.docker.internal:11434.
|
# Ollama at http://host.docker.internal:11434.
|
||||||
@@ -68,13 +60,6 @@ services:
|
|||||||
- ODYSSEUS_INPROCESS_TASKS=${ODYSSEUS_INPROCESS_TASKS:-1}
|
- ODYSSEUS_INPROCESS_TASKS=${ODYSSEUS_INPROCESS_TASKS:-1}
|
||||||
- ODYSSEUS_SCRIPT_HOST=${ODYSSEUS_SCRIPT_HOST:-localhost}
|
- ODYSSEUS_SCRIPT_HOST=${ODYSSEUS_SCRIPT_HOST:-localhost}
|
||||||
- ODYSSEUS_CHAT_UPLOAD_MAX_BYTES=${ODYSSEUS_CHAT_UPLOAD_MAX_BYTES:-10485760}
|
- ODYSSEUS_CHAT_UPLOAD_MAX_BYTES=${ODYSSEUS_CHAT_UPLOAD_MAX_BYTES:-10485760}
|
||||||
- ODYSSEUS_GALLERY_UPLOAD_MAX_BYTES=${ODYSSEUS_GALLERY_UPLOAD_MAX_BYTES:-104857600}
|
|
||||||
- ODYSSEUS_GALLERY_TRANSFORM_UPLOAD_MAX_BYTES=${ODYSSEUS_GALLERY_TRANSFORM_UPLOAD_MAX_BYTES:-26214400}
|
|
||||||
- ODYSSEUS_MEMORY_IMPORT_MAX_BYTES=${ODYSSEUS_MEMORY_IMPORT_MAX_BYTES:-10485760}
|
|
||||||
- ODYSSEUS_PERSONAL_UPLOAD_MAX_BYTES=${ODYSSEUS_PERSONAL_UPLOAD_MAX_BYTES:-26214400}
|
|
||||||
- ODYSSEUS_EMAIL_COMPOSE_UPLOAD_MAX_BYTES=${ODYSSEUS_EMAIL_COMPOSE_UPLOAD_MAX_BYTES:-26214400}
|
|
||||||
- ODYSSEUS_STT_MAX_AUDIO_BYTES=${ODYSSEUS_STT_MAX_AUDIO_BYTES:-26214400}
|
|
||||||
- ODYSSEUS_ICS_MAX_BYTES=${ODYSSEUS_ICS_MAX_BYTES:-10485760}
|
|
||||||
- DATA_BRAVE_API_KEY=${DATA_BRAVE_API_KEY:-}
|
- DATA_BRAVE_API_KEY=${DATA_BRAVE_API_KEY:-}
|
||||||
- GOOGLE_API_KEY=${GOOGLE_API_KEY:-}
|
- GOOGLE_API_KEY=${GOOGLE_API_KEY:-}
|
||||||
- GOOGLE_PSE_CX=${GOOGLE_PSE_CX:-}
|
- GOOGLE_PSE_CX=${GOOGLE_PSE_CX:-}
|
||||||
@@ -101,7 +86,6 @@ services:
|
|||||||
- /dev/kfd
|
- /dev/kfd
|
||||||
- /dev/dri
|
- /dev/dri
|
||||||
group_add:
|
group_add:
|
||||||
- "${DOCKER_GID:-963}"
|
|
||||||
- video
|
- video
|
||||||
- ${RENDER_GID:-render}
|
- ${RENDER_GID:-render}
|
||||||
|
|
||||||
|
|||||||
@@ -27,16 +27,6 @@ services:
|
|||||||
# land under /app/.local for the odysseus user. Persist them so a
|
# land under /app/.local for the odysseus user. Persist them so a
|
||||||
# container recreate does not silently remove installed serve engines.
|
# container recreate does not silently remove installed serve engines.
|
||||||
- ${APP_DATA_DIR:-./data}/local:/app/.local:z
|
- ${APP_DATA_DIR:-./data}/local:/app/.local:z
|
||||||
# Docker socket — lets Cookbook launch commands like
|
|
||||||
# `docker exec ollama-rocm ollama show <tag>` reach the host's
|
|
||||||
# Docker daemon (and sibling containers like ollama-rocm /
|
|
||||||
# ollama-test). The in-container user needs to be in the
|
|
||||||
# socket's owning group — see `group_add` below; the GID
|
|
||||||
# there must match the host's `docker` group (defaults to 963
|
|
||||||
# on Debian, 999 on Ubuntu — override via env if yours differs).
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
group_add:
|
|
||||||
- "${DOCKER_GID:-963}"
|
|
||||||
extra_hosts:
|
extra_hosts:
|
||||||
# Lets the container reach local services on the Docker host, including
|
# Lets the container reach local services on the Docker host, including
|
||||||
# Ollama at http://host.docker.internal:11434.
|
# Ollama at http://host.docker.internal:11434.
|
||||||
@@ -69,13 +59,6 @@ services:
|
|||||||
- ODYSSEUS_INPROCESS_TASKS=${ODYSSEUS_INPROCESS_TASKS:-1}
|
- ODYSSEUS_INPROCESS_TASKS=${ODYSSEUS_INPROCESS_TASKS:-1}
|
||||||
- ODYSSEUS_SCRIPT_HOST=${ODYSSEUS_SCRIPT_HOST:-localhost}
|
- ODYSSEUS_SCRIPT_HOST=${ODYSSEUS_SCRIPT_HOST:-localhost}
|
||||||
- ODYSSEUS_CHAT_UPLOAD_MAX_BYTES=${ODYSSEUS_CHAT_UPLOAD_MAX_BYTES:-10485760}
|
- ODYSSEUS_CHAT_UPLOAD_MAX_BYTES=${ODYSSEUS_CHAT_UPLOAD_MAX_BYTES:-10485760}
|
||||||
- ODYSSEUS_GALLERY_UPLOAD_MAX_BYTES=${ODYSSEUS_GALLERY_UPLOAD_MAX_BYTES:-104857600}
|
|
||||||
- ODYSSEUS_GALLERY_TRANSFORM_UPLOAD_MAX_BYTES=${ODYSSEUS_GALLERY_TRANSFORM_UPLOAD_MAX_BYTES:-26214400}
|
|
||||||
- ODYSSEUS_MEMORY_IMPORT_MAX_BYTES=${ODYSSEUS_MEMORY_IMPORT_MAX_BYTES:-10485760}
|
|
||||||
- ODYSSEUS_PERSONAL_UPLOAD_MAX_BYTES=${ODYSSEUS_PERSONAL_UPLOAD_MAX_BYTES:-26214400}
|
|
||||||
- ODYSSEUS_EMAIL_COMPOSE_UPLOAD_MAX_BYTES=${ODYSSEUS_EMAIL_COMPOSE_UPLOAD_MAX_BYTES:-26214400}
|
|
||||||
- ODYSSEUS_STT_MAX_AUDIO_BYTES=${ODYSSEUS_STT_MAX_AUDIO_BYTES:-26214400}
|
|
||||||
- ODYSSEUS_ICS_MAX_BYTES=${ODYSSEUS_ICS_MAX_BYTES:-10485760}
|
|
||||||
- DATA_BRAVE_API_KEY=${DATA_BRAVE_API_KEY:-}
|
- DATA_BRAVE_API_KEY=${DATA_BRAVE_API_KEY:-}
|
||||||
- GOOGLE_API_KEY=${GOOGLE_API_KEY:-}
|
- GOOGLE_API_KEY=${GOOGLE_API_KEY:-}
|
||||||
- GOOGLE_PSE_CX=${GOOGLE_PSE_CX:-}
|
- GOOGLE_PSE_CX=${GOOGLE_PSE_CX:-}
|
||||||
|
|||||||
@@ -16,16 +16,6 @@ services:
|
|||||||
# land under /app/.local for the odysseus user. Persist them so a
|
# land under /app/.local for the odysseus user. Persist them so a
|
||||||
# container recreate does not silently remove installed serve engines.
|
# container recreate does not silently remove installed serve engines.
|
||||||
- ${APP_DATA_DIR:-./data}/local:/app/.local:z
|
- ${APP_DATA_DIR:-./data}/local:/app/.local:z
|
||||||
# Docker socket — lets Cookbook launch commands like
|
|
||||||
# `docker exec ollama-rocm ollama show <tag>` reach the host's
|
|
||||||
# Docker daemon (and sibling containers like ollama-rocm /
|
|
||||||
# ollama-test). The in-container user needs to be in the
|
|
||||||
# socket's owning group — see `group_add` below; the GID
|
|
||||||
# there must match the host's `docker` group (defaults to 963
|
|
||||||
# on Debian, 999 on Ubuntu — override via env if yours differs).
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
group_add:
|
|
||||||
- "${DOCKER_GID:-963}"
|
|
||||||
extra_hosts:
|
extra_hosts:
|
||||||
# Lets the container reach local services on the Docker host, including
|
# Lets the container reach local services on the Docker host, including
|
||||||
# Ollama at http://host.docker.internal:11434.
|
# Ollama at http://host.docker.internal:11434.
|
||||||
@@ -58,13 +48,6 @@ services:
|
|||||||
- ODYSSEUS_INPROCESS_TASKS=${ODYSSEUS_INPROCESS_TASKS:-1}
|
- ODYSSEUS_INPROCESS_TASKS=${ODYSSEUS_INPROCESS_TASKS:-1}
|
||||||
- ODYSSEUS_SCRIPT_HOST=${ODYSSEUS_SCRIPT_HOST:-localhost}
|
- ODYSSEUS_SCRIPT_HOST=${ODYSSEUS_SCRIPT_HOST:-localhost}
|
||||||
- ODYSSEUS_CHAT_UPLOAD_MAX_BYTES=${ODYSSEUS_CHAT_UPLOAD_MAX_BYTES:-10485760}
|
- ODYSSEUS_CHAT_UPLOAD_MAX_BYTES=${ODYSSEUS_CHAT_UPLOAD_MAX_BYTES:-10485760}
|
||||||
- ODYSSEUS_GALLERY_UPLOAD_MAX_BYTES=${ODYSSEUS_GALLERY_UPLOAD_MAX_BYTES:-104857600}
|
|
||||||
- ODYSSEUS_GALLERY_TRANSFORM_UPLOAD_MAX_BYTES=${ODYSSEUS_GALLERY_TRANSFORM_UPLOAD_MAX_BYTES:-26214400}
|
|
||||||
- ODYSSEUS_MEMORY_IMPORT_MAX_BYTES=${ODYSSEUS_MEMORY_IMPORT_MAX_BYTES:-10485760}
|
|
||||||
- ODYSSEUS_PERSONAL_UPLOAD_MAX_BYTES=${ODYSSEUS_PERSONAL_UPLOAD_MAX_BYTES:-26214400}
|
|
||||||
- ODYSSEUS_EMAIL_COMPOSE_UPLOAD_MAX_BYTES=${ODYSSEUS_EMAIL_COMPOSE_UPLOAD_MAX_BYTES:-26214400}
|
|
||||||
- ODYSSEUS_STT_MAX_AUDIO_BYTES=${ODYSSEUS_STT_MAX_AUDIO_BYTES:-26214400}
|
|
||||||
- ODYSSEUS_ICS_MAX_BYTES=${ODYSSEUS_ICS_MAX_BYTES:-10485760}
|
|
||||||
- DATA_BRAVE_API_KEY=${DATA_BRAVE_API_KEY:-}
|
- DATA_BRAVE_API_KEY=${DATA_BRAVE_API_KEY:-}
|
||||||
- GOOGLE_API_KEY=${GOOGLE_API_KEY:-}
|
- GOOGLE_API_KEY=${GOOGLE_API_KEY:-}
|
||||||
- GOOGLE_PSE_CX=${GOOGLE_PSE_CX:-}
|
- GOOGLE_PSE_CX=${GOOGLE_PSE_CX:-}
|
||||||
|
|||||||
@@ -1,70 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
# Build patched wheels for Real-ESRGAN's unmaintained dependencies.
|
|
||||||
#
|
|
||||||
# basicsr / gfpgan / facexlib (xinntao, last released 2022) read their version
|
|
||||||
# in setup.py with:
|
|
||||||
#
|
|
||||||
# exec(compile(f.read(), version_file, 'exec'))
|
|
||||||
# return locals()['__version__']
|
|
||||||
#
|
|
||||||
# Python 3.13+ implements PEP 667: locals() inside a function returns an
|
|
||||||
# independent snapshot that exec() can no longer mutate, so the read raises
|
|
||||||
# `KeyError: '__version__'` and the sdist build fails. That is why the Cookbook
|
|
||||||
# "install realesrgan" button dies on the python:3.14 image. The packages have
|
|
||||||
# no fixed release, so we patch get_version() to exec into an explicit namespace
|
|
||||||
# dict (works on every Python) and build wheels from the patched source.
|
|
||||||
#
|
|
||||||
# Usage: build-realesrgan-wheels.sh [OUTPUT_DIR] (default: /wheels)
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
OUT="${1:-/wheels}"
|
|
||||||
mkdir -p "$OUT"
|
|
||||||
|
|
||||||
work="$(mktemp -d)"
|
|
||||||
trap 'rm -rf "$work"' EXIT
|
|
||||||
cd "$work"
|
|
||||||
|
|
||||||
# Pinned to the versions Real-ESRGAN 0.3.0 resolves to.
|
|
||||||
SPECS="basicsr==1.4.2 gfpgan==1.3.8 facexlib==0.3.0"
|
|
||||||
|
|
||||||
for spec in $SPECS; do
|
|
||||||
name="${spec%%==*}"
|
|
||||||
ver="${spec##*==}"
|
|
||||||
# pip download builds metadata (and trips the same bug), so fetch the raw
|
|
||||||
# sdist URL from the PyPI JSON API instead.
|
|
||||||
url="$(python - "$name" "$ver" <<'PY'
|
|
||||||
import json, sys, urllib.request
|
|
||||||
name, ver = sys.argv[1], sys.argv[2]
|
|
||||||
data = json.load(urllib.request.urlopen(f"https://pypi.org/pypi/{name}/{ver}/json"))
|
|
||||||
for f in data["urls"]:
|
|
||||||
if f["packagetype"] == "sdist":
|
|
||||||
print(f["url"]); break
|
|
||||||
else:
|
|
||||||
sys.exit(f"no sdist found for {name}=={ver}")
|
|
||||||
PY
|
|
||||||
)"
|
|
||||||
echo ">> fetching ${name} ${ver}: ${url}"
|
|
||||||
curl -fsSL "$url" -o "${name}.tar.gz"
|
|
||||||
tar xzf "${name}.tar.gz"
|
|
||||||
done
|
|
||||||
|
|
||||||
echo ">> patching get_version()"
|
|
||||||
python - <<'PY'
|
|
||||||
import pathlib
|
|
||||||
old_exec = "exec(compile(f.read(), version_file, 'exec'))"
|
|
||||||
new_exec = "_ver_ns = {}\n exec(compile(f.read(), version_file, 'exec'), _ver_ns)"
|
|
||||||
old_ret = "return locals()['__version__']"
|
|
||||||
new_ret = "return _ver_ns['__version__']"
|
|
||||||
patched = 0
|
|
||||||
for setup in pathlib.Path(".").glob("*/setup.py"):
|
|
||||||
s = setup.read_text()
|
|
||||||
if old_exec in s and old_ret in s:
|
|
||||||
setup.write_text(s.replace(old_exec, new_exec).replace(old_ret, new_ret))
|
|
||||||
print(" patched", setup)
|
|
||||||
patched += 1
|
|
||||||
assert patched == 3, f"expected to patch 3 setup.py files, patched {patched}"
|
|
||||||
PY
|
|
||||||
|
|
||||||
echo ">> building wheels into ${OUT}"
|
|
||||||
pip wheel --no-deps -w "$OUT" ./basicsr-* ./gfpgan-* ./facexlib-*
|
|
||||||
ls -l "$OUT"
|
|
||||||
+19
-74
@@ -13,8 +13,6 @@ set -e
|
|||||||
|
|
||||||
PUID="${PUID:-1000}"
|
PUID="${PUID:-1000}"
|
||||||
PGID="${PGID:-1000}"
|
PGID="${PGID:-1000}"
|
||||||
GOSU_BIN="$(command -v gosu)"
|
|
||||||
PYTHON_BIN="$(command -v python)"
|
|
||||||
|
|
||||||
# Reuse an existing matching group/user if the host's UID/GID already
|
# Reuse an existing matching group/user if the host's UID/GID already
|
||||||
# corresponds to one in /etc/passwd (e.g. when the image is rebuilt
|
# corresponds to one in /etc/passwd (e.g. when the image is rebuilt
|
||||||
@@ -26,78 +24,26 @@ if ! getent passwd "$PUID" >/dev/null 2>&1; then
|
|||||||
useradd -u "$PUID" -g "$PGID" -M -s /bin/sh -d /app odysseus
|
useradd -u "$PUID" -g "$PGID" -M -s /bin/sh -d /app odysseus
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ODY_USER="$(getent passwd "$PUID" | cut -d: -f1)"
|
# Repair ownership on every writable path the app touches at runtime.
|
||||||
[ -z "$ODY_USER" ] && ODY_USER=odysseus
|
#
|
||||||
|
# Bind-mounted dirs (/app/data, /app/logs) are the obvious ones, but
|
||||||
# Docker-socket group plumbing. When /var/run/docker.sock is bind-mounted
|
# the app ALSO writes inside the image's own source tree at runtime:
|
||||||
# (Cookbook uses docker exec to reach sibling containers), the socket is
|
# - services/cache/{search,content}/* (search cache LRU)
|
||||||
# owned by root:<host docker gid>. Add the app user to that group and later
|
# - services/search_analytics.json
|
||||||
# call gosu by username so supplementary groups are retained.
|
# - services/search_engine_error.log
|
||||||
DOCKER_SOCK="${DOCKER_SOCK:-/var/run/docker.sock}"
|
# - services/tts cache, etc.
|
||||||
if [ -S "$DOCKER_SOCK" ]; then
|
# These dirs were created as root during `docker build`, so dropping
|
||||||
SOCK_GID="$(stat -c '%g' "$DOCKER_SOCK" 2>/dev/null || echo '')"
|
# to PUID:PGID would otherwise crash on the first import that tries
|
||||||
if [ -n "$SOCK_GID" ] && [ "$SOCK_GID" != "0" ]; then
|
# to mkdir them. Chown the whole /app tree — fast (<1s on this size)
|
||||||
if ! getent group "$SOCK_GID" >/dev/null 2>&1; then
|
# and idempotent via the `-not -uid` filter so we only touch files
|
||||||
groupadd -g "$SOCK_GID" docker_host || true
|
# that need fixing.
|
||||||
fi
|
for dir in /app /app/data /app/logs; do
|
||||||
SOCK_GROUP="$(getent group "$SOCK_GID" | cut -d: -f1)"
|
|
||||||
if [ -n "$SOCK_GROUP" ]; then
|
|
||||||
usermod -aG "$SOCK_GROUP" "$ODY_USER" 2>/dev/null || true
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
mount_root_for() {
|
|
||||||
awk -v target="$1" '$5 == target { print $4; exit }' /proc/self/mountinfo 2>/dev/null || true
|
|
||||||
}
|
|
||||||
|
|
||||||
is_broad_mount_root() {
|
|
||||||
case "$1" in
|
|
||||||
/|/home|/srv|/var|/usr|/opt|/tmp|/mnt|/media)
|
|
||||||
return 0
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
return 1
|
|
||||||
}
|
|
||||||
|
|
||||||
repair_tree_ownership() {
|
|
||||||
dir="$1"
|
|
||||||
if [ -d "$dir" ]; then
|
if [ -d "$dir" ]; then
|
||||||
find "$dir" -xdev -not -uid "$PUID" -print0 2>/dev/null \
|
# `find ... -not -uid` keeps this O(touched-files), not
|
||||||
|
# O(everything), so terabyte-sized maildirs don't slow startup.
|
||||||
|
find "$dir" -not -uid "$PUID" -print0 2>/dev/null \
|
||||||
| xargs -0 -r chown "$PUID:$PGID" 2>/dev/null || true
|
| xargs -0 -r chown "$PUID:$PGID" 2>/dev/null || true
|
||||||
fi
|
fi
|
||||||
}
|
|
||||||
|
|
||||||
repair_app_tree_ownership() {
|
|
||||||
if [ -d /app ]; then
|
|
||||||
find /app -xdev \
|
|
||||||
\( -path /app/data -o -path /app/logs -o -path /app/.ssh -o -path /app/.cache -o -path /app/.local \) -prune \
|
|
||||||
-o -not -uid "$PUID" -print0 2>/dev/null \
|
|
||||||
| xargs -0 -r chown "$PUID:$PGID" 2>/dev/null || true
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
repair_bind_mount_ownership() {
|
|
||||||
dir="$1"
|
|
||||||
if [ ! -d "$dir" ]; then
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
mount_root="$(mount_root_for "$dir")"
|
|
||||||
if is_broad_mount_root "$mount_root"; then
|
|
||||||
echo "Skipping recursive ownership repair for $dir because it maps to broad host path $mount_root" >&2
|
|
||||||
chown "$PUID:$PGID" "$dir" 2>/dev/null || true
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
repair_tree_ownership "$dir"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Repair image-owned writable paths without walking into bind-mounted host
|
|
||||||
# trees, then repair the app-owned mount roots separately.
|
|
||||||
repair_app_tree_ownership
|
|
||||||
for dir in /app/data /app/logs /app/.ssh /app/.cache/huggingface /app/.local; do
|
|
||||||
repair_bind_mount_ownership "$dir"
|
|
||||||
done
|
done
|
||||||
|
|
||||||
# Cookbook installs vllm/etc. via `pip install --user`, which pulls
|
# Cookbook installs vllm/etc. via `pip install --user`, which pulls
|
||||||
@@ -124,7 +70,6 @@ for cu in \
|
|||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
# Disable the FlashInfer JIT sampler unconditionally — it is sampler-only
|
# Disable the FlashInfer JIT sampler unconditionally — it is sampler-only
|
||||||
# and has no impact on the attention path, but requires nvcc + matching
|
# and has no impact on the attention path, but requires nvcc + matching
|
||||||
# CUDA headers at startup. Without this, vLLM crashes with "Could not find
|
# CUDA headers at startup. Without this, vLLM crashes with "Could not find
|
||||||
@@ -138,9 +83,9 @@ export PATH="/app/.local/bin:$PATH"
|
|||||||
# Run first-time setup as the app user so data/ files get the right ownership.
|
# Run first-time setup as the app user so data/ files get the right ownership.
|
||||||
# setup.py is idempotent — skips auth.json / .env if they already exist.
|
# setup.py is idempotent — skips auth.json / .env if they already exist.
|
||||||
# || true so a setup failure never prevents the container from starting.
|
# || true so a setup failure never prevents the container from starting.
|
||||||
"$GOSU_BIN" "$ODY_USER" "$PYTHON_BIN" /app/setup.py || true
|
gosu "$PUID:$PGID" python /app/setup.py || true
|
||||||
|
|
||||||
# Drop root and run the actual app. `gosu` is preferred over `su` /
|
# Drop root and run the actual app. `gosu` is preferred over `su` /
|
||||||
# `sudo` because it cleans up the process tree (no extra shell layer)
|
# `sudo` because it cleans up the process tree (no extra shell layer)
|
||||||
# so signals (SIGTERM from `docker stop`) reach uvicorn directly.
|
# so signals (SIGTERM from `docker stop`) reach uvicorn directly.
|
||||||
exec "$GOSU_BIN" "$ODY_USER" "$@"
|
exec gosu "$PUID:$PGID" "$@"
|
||||||
|
|||||||
Binary file not shown.
|
Before Width: | Height: | Size: 185 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 79 KiB After Width: | Height: | Size: 52 KiB |
+1
-24
@@ -15,7 +15,7 @@ On first setup, Odysseus creates an admin account (`admin` unless
|
|||||||
For Docker installs, the same line is in `docker compose logs odysseus`.
|
For Docker installs, the same line is in `docker compose logs odysseus`.
|
||||||
Use that for the first login, then change it in **Settings**.
|
Use that for the first login, then change it in **Settings**.
|
||||||
|
|
||||||
Contributing? See [CONTRIBUTING.md](../CONTRIBUTING.md) for setup, testing, and
|
Contributing? See [CONTRIBUTING.md](CONTRIBUTING.md) for setup, testing, and
|
||||||
pull request guidelines.
|
pull request guidelines.
|
||||||
|
|
||||||
### Docker (recommended)
|
### Docker (recommended)
|
||||||
@@ -250,19 +250,6 @@ python -m uvicorn app:app --host 127.0.0.1 --port 7000
|
|||||||
If `python` points at an older interpreter, use `py -3.12` (or another installed
|
If `python` points at an older interpreter, use `py -3.12` (or another installed
|
||||||
3.11+ version) for the venv step.
|
3.11+ version) for the venv step.
|
||||||
|
|
||||||
**Exposing on a LAN/Tailscale (Windows):** the launcher binds to `127.0.0.1` and
|
|
||||||
does **not** read `APP_BIND` / `ODYSSEUS_HOST` from `.env`, so editing `.env`
|
|
||||||
alone leaves the native Windows server on loopback. Pass the launcher's
|
|
||||||
`-BindHost` flag instead:
|
|
||||||
|
|
||||||
```powershell
|
|
||||||
powershell -ExecutionPolicy Bypass -File .\launch-windows.ps1 -BindHost 0.0.0.0
|
|
||||||
```
|
|
||||||
|
|
||||||
The manual `uvicorn` command takes the same address as `--host 0.0.0.0`. Bind
|
|
||||||
outside loopback only for a trusted LAN/VPN such as Tailscale: keep
|
|
||||||
`AUTH_ENABLED=true` and do not expose the port directly to the public internet.
|
|
||||||
|
|
||||||
**Requirements:** Python 3.11+. The core app (chat, agent, memory, documents,
|
**Requirements:** Python 3.11+. The core app (chat, agent, memory, documents,
|
||||||
email, calendar, deep research) runs fully native. For full **Cookbook** background
|
email, calendar, deep research) runs fully native. For full **Cookbook** background
|
||||||
model downloads and the agent shell tool, also install
|
model downloads and the agent shell tool, also install
|
||||||
@@ -299,16 +286,6 @@ To expose Odysseus on a local network or Tailscale with HTTPS:
|
|||||||
```
|
```
|
||||||
4. Install the `mkcert` CA on any other device you want to access Odysseus from (e.g., for iOS, email the `rootCA.pem` to yourself, install the profile, and trust it in Certificate Trust Settings).
|
4. Install the `mkcert` CA on any other device you want to access Odysseus from (e.g., for iOS, email the `rootCA.pem` to yourself, install the profile, and trust it in Certificate Trust Settings).
|
||||||
|
|
||||||
### Common self-host traps (30-second fixes)
|
|
||||||
A grab-bag of small gotchas that otherwise turn into long debugging sessions.
|
|
||||||
|
|
||||||
- **`AUTH_ENABLED=false` is ignored / you're still forced to log in (Windows).** If you edited `.env` in Notepad it may have saved a UTF-8 **BOM**, turning the first key into `AUTH_ENABLED` so it is never matched. Odysseus loads `.env` with `encoding="utf-8-sig"` to tolerate a leading BOM, but the safe fix is to re-save `.env` as **UTF-8 without BOM** (VS Code: *Save with Encoding → UTF-8*).
|
|
||||||
- **macOS: the app isn't at `http://localhost:7000`.** macOS AirPlay Receiver usually holds port `7000`, so the macOS start script serves on **`7860`** instead — open `http://localhost:7860`. To use `7000`, free it (System Settings → General → AirDrop & Handoff → turn off *AirPlay Receiver*) and set `APP_PORT=7000`.
|
|
||||||
- **Copy buttons do nothing over a plain-HTTP Tailscale/LAN URL.** Browsers only expose the clipboard API (`navigator.clipboard`) on **secure origins** — HTTPS, or `localhost`. Over `http://100.x.y.z:7860` it is blocked. Serve over HTTPS (see *HTTPS + LAN/Tailscale exposure* above); `localhost` is exempt, so copy still works on the host itself.
|
|
||||||
- **Self-hosted ntfy reminders don't reach your phone.** Two things: (1) the bundled ntfy binds to loopback by default — to reach it from your phone set `NTFY_BIND` to your host/Tailscale IP and `NTFY_BASE_URL` to the same server URL in `.env`, then recreate the ntfy container (see the `NTFY_*` block in `.env.example`); (2) in the ntfy **Android** app, subscribe to the topic with **Instant delivery** enabled — non-`ntfy.sh` servers don't get instant push otherwise.
|
|
||||||
- **Local mail (Dovecot) login fails: "Plaintext authentication disallowed on non-encrypted connections."** Your IMAP/SMTP server is refusing cleartext auth over an unencrypted link. Prefer enabling TLS on the mail server; on a trusted LAN only, you can allow cleartext (Dovecot: `disable_plaintext_auth = no`).
|
|
||||||
- **Calendar/contacts (Radicale) won't sync.** Point Odysseus at the **full collection URL** with its trailing slash — e.g. `http://host:5232/<user>/<collection-id>/` — not just the server root. Radicale shows this address for each calendar/address book in its web UI.
|
|
||||||
|
|
||||||
### Optional Dependencies
|
### Optional Dependencies
|
||||||
`requirements-optional.txt` contains packages that unlock extra features. It is not installed by default.
|
`requirements-optional.txt` contains packages that unlock extra features. It is not installed by default.
|
||||||
|
|
||||||
|
|||||||
@@ -105,14 +105,6 @@ if (-not $pyExe) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($pyExe -like "*WindowsApps*python.exe") {
|
|
||||||
$pyCmd = Get-Command py -ErrorAction SilentlyContinue
|
|
||||||
if ($pyCmd) {
|
|
||||||
$pyExe = $pyCmd.Source
|
|
||||||
$pyArgs = @("-3.11")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (-not $pyExe) {
|
if (-not $pyExe) {
|
||||||
Fail "Couldn't find Python 3.11+ for Windows setup. Install Python 3.11+ (or open the Python launcher with 'py -3.11') from https://www.python.org/downloads/, then re-run this script."
|
Fail "Couldn't find Python 3.11+ for Windows setup. Install Python 3.11+ (or open the Python launcher with 'py -3.11') from https://www.python.org/downloads/, then re-run this script."
|
||||||
}
|
}
|
||||||
|
|||||||
-142
@@ -1,142 +0,0 @@
|
|||||||
# launcher.py
|
|
||||||
"""Dedicated entrypoint for the standalone Windows portable launcher.
|
|
||||||
|
|
||||||
Handles:
|
|
||||||
- Immediate GUI splash screen creation using tkinter.
|
|
||||||
- Suppressing console stream crashes in windowed GUI mode via NullWriter.
|
|
||||||
- Spawning system tray icon via pystray and Pillow (lazy-loaded).
|
|
||||||
- Auto-opening default browser pointing to the running backend.
|
|
||||||
- Launching the FastAPI server (importing and running app.py).
|
|
||||||
"""
|
|
||||||
import os
|
|
||||||
import sys
|
|
||||||
import threading
|
|
||||||
import time
|
|
||||||
import webbrowser
|
|
||||||
|
|
||||||
# Define a dummy NullWriter to suppress standard stream crashes (isatty etc.) in GUI mode
|
|
||||||
class NullWriter:
|
|
||||||
def write(self, text):
|
|
||||||
pass
|
|
||||||
def flush(self):
|
|
||||||
pass
|
|
||||||
def isatty(self):
|
|
||||||
return False
|
|
||||||
|
|
||||||
if sys.stdout is None:
|
|
||||||
sys.stdout = NullWriter()
|
|
||||||
if sys.stderr is None:
|
|
||||||
sys.stderr = NullWriter()
|
|
||||||
|
|
||||||
|
|
||||||
splash_root = None
|
|
||||||
|
|
||||||
# If running from a frozen PyInstaller bundle, launch the splash screen IMMEDIATELY
|
|
||||||
if getattr(sys, 'frozen', False):
|
|
||||||
import tkinter as tk
|
|
||||||
|
|
||||||
def show_splash_instantly():
|
|
||||||
global splash_root
|
|
||||||
try:
|
|
||||||
splash_root = tk.Tk()
|
|
||||||
splash_root.title("Odysseus")
|
|
||||||
splash_root.overrideredirect(True)
|
|
||||||
splash_root.configure(bg="#1a1c23")
|
|
||||||
|
|
||||||
# Accented borders
|
|
||||||
splash_root.config(highlightbackground="#e06c75", highlightcolor="#e06c75", highlightthickness=1)
|
|
||||||
|
|
||||||
w, h = 360, 160
|
|
||||||
ws = splash_root.winfo_screenwidth()
|
|
||||||
hs = splash_root.winfo_screenheight()
|
|
||||||
x = (ws - w) // 2
|
|
||||||
y = (hs - h) // 2
|
|
||||||
splash_root.geometry(f"{w}x{h}+{x}+{y}")
|
|
||||||
|
|
||||||
tk.Label(splash_root, text="⛵ Odysseus", font=("Segoe UI", 22, "bold"), bg="#1a1c23", fg="#e06c75").pack(pady=(22, 2))
|
|
||||||
tk.Label(splash_root, text="Launching background services...", font=("Segoe UI", 10), bg="#1a1c23", fg="#d1d4e0").pack(pady=2)
|
|
||||||
tk.Label(splash_root, text="Please wait, this will take a few seconds.", font=("Segoe UI", 8, "italic"), bg="#1a1c23", fg="#5c6370").pack(pady=(12, 0))
|
|
||||||
|
|
||||||
splash_root.attributes("-topmost", True)
|
|
||||||
splash_root.mainloop()
|
|
||||||
except Exception:
|
|
||||||
pass
|
|
||||||
|
|
||||||
# Launch the GUI splash screen immediately on a background thread
|
|
||||||
threading.Thread(target=show_splash_instantly, daemon=True).start()
|
|
||||||
|
|
||||||
|
|
||||||
def create_tray_image():
|
|
||||||
# Generate a beautiful 64x64 icon matching Odysseus brand red accent (#e06c75)
|
|
||||||
from PIL import Image, ImageDraw
|
|
||||||
image = Image.new('RGBA', (64, 64), (0, 0, 0, 0))
|
|
||||||
dc = ImageDraw.Draw(image)
|
|
||||||
accent_red = (224, 108, 117, 255)
|
|
||||||
light_red = (224, 108, 117, 150)
|
|
||||||
|
|
||||||
# Draw premium sailing boat
|
|
||||||
dc.polygon([(32, 10), (32, 45), (12, 45)], fill=accent_red)
|
|
||||||
dc.polygon([(32, 18), (32, 45), (48, 45)], fill=light_red)
|
|
||||||
dc.polygon([(8, 48), (56, 48), (44, 56), (20, 56)], fill=accent_red)
|
|
||||||
return image
|
|
||||||
|
|
||||||
|
|
||||||
def on_open_browser(icon, item, url):
|
|
||||||
webbrowser.open(url)
|
|
||||||
|
|
||||||
|
|
||||||
def on_exit(icon, item):
|
|
||||||
icon.stop()
|
|
||||||
os._exit(0)
|
|
||||||
|
|
||||||
|
|
||||||
def setup_system_tray(url):
|
|
||||||
try:
|
|
||||||
import pystray
|
|
||||||
icon_img = create_tray_image()
|
|
||||||
menu = (
|
|
||||||
pystray.MenuItem('Open Odysseus', lambda icon, item: on_open_browser(icon, item, url), default=True),
|
|
||||||
pystray.MenuItem('Exit', on_exit)
|
|
||||||
)
|
|
||||||
tray_icon = pystray.Icon(
|
|
||||||
"Odysseus",
|
|
||||||
icon_img,
|
|
||||||
"Odysseus",
|
|
||||||
menu
|
|
||||||
)
|
|
||||||
tray_icon.run()
|
|
||||||
except Exception:
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
def open_browser(url):
|
|
||||||
# Allow uvicorn and app lifecycles to complete warmups
|
|
||||||
time.sleep(3.5)
|
|
||||||
|
|
||||||
# Safely close the splash screen
|
|
||||||
try:
|
|
||||||
global splash_root
|
|
||||||
if splash_root:
|
|
||||||
splash_root.after(0, splash_root.destroy)
|
|
||||||
except Exception:
|
|
||||||
pass
|
|
||||||
|
|
||||||
webbrowser.open(url)
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
import uvicorn
|
|
||||||
# Import the FastAPI app from app.py
|
|
||||||
from app import app
|
|
||||||
|
|
||||||
bind_host = os.getenv("APP_BIND", "127.0.0.1")
|
|
||||||
bind_port = int(os.getenv("APP_PORT", "7000"))
|
|
||||||
url = f"http://{bind_host}:{bind_port}"
|
|
||||||
|
|
||||||
if getattr(sys, 'frozen', False):
|
|
||||||
# Start browser manager thread
|
|
||||||
threading.Thread(target=open_browser, args=(url,), daemon=True).start()
|
|
||||||
# Start system tray manager thread
|
|
||||||
threading.Thread(target=setup_system_tray, args=(url,), daemon=True).start()
|
|
||||||
|
|
||||||
uvicorn.run(app, host=bind_host, port=bind_port, log_level="info")
|
|
||||||
@@ -1,94 +0,0 @@
|
|||||||
Copyright (c) 2019-07-29, Abbie Gonzalez (https://abbiecod.es|support@abbiecod.es),
|
|
||||||
with Reserved Font Name OpenDyslexic.
|
|
||||||
Copyright (c) 12/2012 - 2019
|
|
||||||
This Font Software is licensed under the SIL Open Font License, Version 1.1.
|
|
||||||
This license is copied below, and is also available with a FAQ at:
|
|
||||||
http://scripts.sil.org/OFL
|
|
||||||
|
|
||||||
|
|
||||||
-----------------------------------------------------------
|
|
||||||
SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
|
|
||||||
-----------------------------------------------------------
|
|
||||||
|
|
||||||
PREAMBLE
|
|
||||||
The goals of the Open Font License (OFL) are to stimulate worldwide
|
|
||||||
development of collaborative font projects, to support the font creation
|
|
||||||
efforts of academic and linguistic communities, and to provide a free and
|
|
||||||
open framework in which fonts may be shared and improved in partnership
|
|
||||||
with others.
|
|
||||||
|
|
||||||
The OFL allows the licensed fonts to be used, studied, modified and
|
|
||||||
redistributed freely as long as they are not sold by themselves. The
|
|
||||||
fonts, including any derivative works, can be bundled, embedded,
|
|
||||||
redistributed and/or sold with any software provided that any reserved
|
|
||||||
names are not used by derivative works. The fonts and derivatives,
|
|
||||||
however, cannot be released under any other type of license. The
|
|
||||||
requirement for fonts to remain under this license does not apply
|
|
||||||
to any document created using the fonts or their derivatives.
|
|
||||||
|
|
||||||
DEFINITIONS
|
|
||||||
"Font Software" refers to the set of files released by the Copyright
|
|
||||||
Holder(s) under this license and clearly marked as such. This may
|
|
||||||
include source files, build scripts and documentation.
|
|
||||||
|
|
||||||
"Reserved Font Name" refers to any names specified as such after the
|
|
||||||
copyright statement(s).
|
|
||||||
|
|
||||||
"Original Version" refers to the collection of Font Software components as
|
|
||||||
distributed by the Copyright Holder(s).
|
|
||||||
|
|
||||||
"Modified Version" refers to any derivative made by adding to, deleting,
|
|
||||||
or substituting -- in part or in whole -- any of the components of the
|
|
||||||
Original Version, by changing formats or by porting the Font Software to a
|
|
||||||
new environment.
|
|
||||||
|
|
||||||
"Author" refers to any designer, engineer, programmer, technical
|
|
||||||
writer or other person who contributed to the Font Software.
|
|
||||||
|
|
||||||
PERMISSION & CONDITIONS
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining
|
|
||||||
a copy of the Font Software, to use, study, copy, merge, embed, modify,
|
|
||||||
redistribute, and sell modified and unmodified copies of the Font
|
|
||||||
Software, subject to the following conditions:
|
|
||||||
|
|
||||||
1) Neither the Font Software nor any of its individual components,
|
|
||||||
in Original or Modified Versions, may be sold by itself.
|
|
||||||
|
|
||||||
2) Original or Modified Versions of the Font Software may be bundled,
|
|
||||||
redistributed and/or sold with any software, provided that each copy
|
|
||||||
contains the above copyright notice and this license. These can be
|
|
||||||
included either as stand-alone text files, human-readable headers or
|
|
||||||
in the appropriate machine-readable metadata fields within text or
|
|
||||||
binary files as long as those fields can be easily viewed by the user.
|
|
||||||
|
|
||||||
3) No Modified Version of the Font Software may use the Reserved Font
|
|
||||||
Name(s) unless explicit written permission is granted by the corresponding
|
|
||||||
Copyright Holder. This restriction only applies to the primary font name as
|
|
||||||
presented to the users.
|
|
||||||
|
|
||||||
4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
|
|
||||||
Software shall not be used to promote, endorse or advertise any
|
|
||||||
Modified Version, except to acknowledge the contribution(s) of the
|
|
||||||
Copyright Holder(s) and the Author(s) or with their explicit written
|
|
||||||
permission.
|
|
||||||
|
|
||||||
5) The Font Software, modified or unmodified, in part or in whole,
|
|
||||||
must be distributed entirely under this license, and must not be
|
|
||||||
distributed under any other license. The requirement for fonts to
|
|
||||||
remain under this license does not apply to any document created
|
|
||||||
using the Font Software.
|
|
||||||
|
|
||||||
TERMINATION
|
|
||||||
This license becomes null and void if any of the above conditions are
|
|
||||||
not met.
|
|
||||||
|
|
||||||
DISCLAIMER
|
|
||||||
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
||||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
|
|
||||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
|
|
||||||
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
|
|
||||||
COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
|
||||||
INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
|
|
||||||
DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
||||||
FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
|
|
||||||
OTHER DEALINGS IN THE FONT SOFTWARE.
|
|
||||||
+12
-89
@@ -23,7 +23,6 @@ import os.path
|
|||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
from datetime import datetime, timedelta
|
from datetime import datetime, timedelta
|
||||||
import uuid
|
import uuid
|
||||||
from contextvars import ContextVar
|
|
||||||
|
|
||||||
from mcp.server import Server
|
from mcp.server import Server
|
||||||
from mcp.server.stdio import stdio_server
|
from mcp.server.stdio import stdio_server
|
||||||
@@ -56,8 +55,6 @@ def _uid_fetch_rows(data) -> list:
|
|||||||
# flat keys when no DB row matches (legacy single-account behaviour).
|
# flat keys when no DB row matches (legacy single-account behaviour).
|
||||||
|
|
||||||
_ACCOUNT_CACHE: dict = {} # key = normalized account selector -> config dict
|
_ACCOUNT_CACHE: dict = {} # key = normalized account selector -> config dict
|
||||||
_MCP_OWNER_ARG = "_odysseus_owner"
|
|
||||||
_CURRENT_OWNER: ContextVar[str | None] = ContextVar("email_mcp_owner", default=None)
|
|
||||||
|
|
||||||
|
|
||||||
def _clean_header_value(value) -> str:
|
def _clean_header_value(value) -> str:
|
||||||
@@ -71,45 +68,6 @@ def _db_path() -> Path:
|
|||||||
return Path(APP_DB)
|
return Path(APP_DB)
|
||||||
|
|
||||||
|
|
||||||
def _current_owner() -> str:
|
|
||||||
owner = _CURRENT_OWNER.get()
|
|
||||||
return str(owner or "").strip()
|
|
||||||
|
|
||||||
|
|
||||||
def _account_visible_to_owner(row: dict, owner: str) -> bool:
|
|
||||||
row_owner = str(row.get("owner") or "").strip()
|
|
||||||
if row_owner == owner:
|
|
||||||
return True
|
|
||||||
if row_owner:
|
|
||||||
return False
|
|
||||||
# Legacy ownerless accounts are only visible to a scoped caller when the
|
|
||||||
# mailbox itself matches the owner, mirroring the HTTP email route fallback.
|
|
||||||
owner_l = owner.lower()
|
|
||||||
return owner_l in {
|
|
||||||
str(row.get("imap_user") or "").strip().lower(),
|
|
||||||
str(row.get("from_address") or "").strip().lower(),
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
def _filter_accounts_for_owner(rows: list[dict]) -> list[dict]:
|
|
||||||
owner = _current_owner()
|
|
||||||
if owner:
|
|
||||||
return [r for r in rows if _account_visible_to_owner(r, owner)]
|
|
||||||
|
|
||||||
owners = {str(r.get("owner") or "").strip() for r in rows if str(r.get("owner") or "").strip()}
|
|
||||||
if len(owners) > 1:
|
|
||||||
return []
|
|
||||||
return rows
|
|
||||||
|
|
||||||
|
|
||||||
def _mcp_owner_required(rows: list[dict] | None = None) -> bool:
|
|
||||||
if _current_owner():
|
|
||||||
return False
|
|
||||||
rows = rows if rows is not None else _read_accounts_from_db()
|
|
||||||
owners = {str(r.get("owner") or "").strip() for r in rows if str(r.get("owner") or "").strip()}
|
|
||||||
return len(owners) > 1
|
|
||||||
|
|
||||||
|
|
||||||
def _load_email_writing_style() -> str:
|
def _load_email_writing_style() -> str:
|
||||||
"""Return the existing Settings > Email > Writing Style value."""
|
"""Return the existing Settings > Email > Writing Style value."""
|
||||||
try:
|
try:
|
||||||
@@ -163,8 +121,9 @@ def _default_document_owner() -> str | None:
|
|||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
||||||
def _read_accounts_from_db() -> list:
|
def _list_accounts_raw() -> list:
|
||||||
"""Return all enabled email account rows. Empty list if missing. Never raises."""
|
"""Return list of dicts from the email_accounts table. Empty list if table
|
||||||
|
missing or empty. Never raises."""
|
||||||
path = _db_path()
|
path = _db_path()
|
||||||
if not path.exists():
|
if not path.exists():
|
||||||
return []
|
return []
|
||||||
@@ -172,10 +131,9 @@ def _read_accounts_from_db() -> list:
|
|||||||
conn = sqlite3.connect(str(path))
|
conn = sqlite3.connect(str(path))
|
||||||
conn.row_factory = sqlite3.Row
|
conn.row_factory = sqlite3.Row
|
||||||
columns = {r[1] for r in conn.execute("PRAGMA table_info(email_accounts)").fetchall()}
|
columns = {r[1] for r in conn.execute("PRAGMA table_info(email_accounts)").fetchall()}
|
||||||
owner_select = "owner" if "owner" in columns else "NULL AS owner"
|
|
||||||
smtp_security_select = "smtp_security" if "smtp_security" in columns else "'' AS smtp_security"
|
smtp_security_select = "smtp_security" if "smtp_security" in columns else "'' AS smtp_security"
|
||||||
rows = conn.execute(f"""
|
rows = conn.execute(f"""
|
||||||
SELECT id, {owner_select}, name, is_default, enabled,
|
SELECT id, name, is_default, enabled,
|
||||||
imap_host, imap_port, imap_user, imap_password, imap_starttls,
|
imap_host, imap_port, imap_user, imap_password, imap_starttls,
|
||||||
smtp_host, smtp_port, {smtp_security_select}, smtp_user, smtp_password, from_address
|
smtp_host, smtp_port, {smtp_security_select}, smtp_user, smtp_password, from_address
|
||||||
FROM email_accounts WHERE enabled = 1
|
FROM email_accounts WHERE enabled = 1
|
||||||
@@ -189,15 +147,11 @@ def _read_accounts_from_db() -> list:
|
|||||||
return []
|
return []
|
||||||
|
|
||||||
|
|
||||||
def _list_accounts_raw() -> list:
|
def _resolve_account(selector: str | None) -> dict | None:
|
||||||
"""Return owner-visible email account rows for the active MCP call."""
|
|
||||||
return _filter_accounts_for_owner(_read_accounts_from_db())
|
|
||||||
|
|
||||||
|
|
||||||
def _resolve_account_from_rows(rows: list[dict], selector: str | None) -> dict | None:
|
|
||||||
"""Given a selector (None = default, or a name/user/id string), return the
|
"""Given a selector (None = default, or a name/user/id string), return the
|
||||||
matching row or None. Matching is case-insensitive substring on name +
|
matching row or None. Matching is case-insensitive substring on name +
|
||||||
imap_user + from_address, plus exact id match."""
|
imap_user + from_address, plus exact id match."""
|
||||||
|
rows = _list_accounts_raw()
|
||||||
if not rows:
|
if not rows:
|
||||||
return None
|
return None
|
||||||
if not selector:
|
if not selector:
|
||||||
@@ -232,10 +186,6 @@ def _resolve_account_from_rows(rows: list[dict], selector: str | None) -> dict |
|
|||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
||||||
def _resolve_account(selector: str | None) -> dict | None:
|
|
||||||
return _resolve_account_from_rows(_list_accounts_raw(), selector)
|
|
||||||
|
|
||||||
|
|
||||||
def _load_config(account: str | None = None) -> dict:
|
def _load_config(account: str | None = None) -> dict:
|
||||||
"""Return the full config dict for the requested account (or default).
|
"""Return the full config dict for the requested account (or default).
|
||||||
|
|
||||||
@@ -244,7 +194,7 @@ def _load_config(account: str | None = None) -> dict:
|
|||||||
2. env vars + settings.json flat keys (legacy)
|
2. env vars + settings.json flat keys (legacy)
|
||||||
3. hardcoded fallbacks (localhost:31143 etc.)
|
3. hardcoded fallbacks (localhost:31143 etc.)
|
||||||
"""
|
"""
|
||||||
cache_key = (_current_owner(), (account or "").strip().lower() or "__default__")
|
cache_key = (account or "").strip().lower() or "__default__"
|
||||||
if cache_key in _ACCOUNT_CACHE:
|
if cache_key in _ACCOUNT_CACHE:
|
||||||
return _ACCOUNT_CACHE[cache_key]
|
return _ACCOUNT_CACHE[cache_key]
|
||||||
|
|
||||||
@@ -273,11 +223,8 @@ def _load_config(account: str | None = None) -> dict:
|
|||||||
"account_name": None,
|
"account_name": None,
|
||||||
}
|
}
|
||||||
|
|
||||||
raw_rows = _read_accounts_from_db()
|
rows = _list_accounts_raw()
|
||||||
rows = _filter_accounts_for_owner(raw_rows)
|
row = _resolve_account(account)
|
||||||
row = _resolve_account_from_rows(rows, account)
|
|
||||||
if _current_owner() and raw_rows and not rows:
|
|
||||||
raise ValueError("No email account is configured for the authenticated owner")
|
|
||||||
if account and rows and not row:
|
if account and rows and not row:
|
||||||
available = ", ".join(
|
available = ", ".join(
|
||||||
f"{r.get('name') or r.get('imap_user')} <{r.get('imap_user') or r.get('from_address') or '?'}>"
|
f"{r.get('name') or r.get('imap_user')} <{r.get('imap_user') or r.get('from_address') or '?'}>"
|
||||||
@@ -1006,7 +953,7 @@ def _stash_agent_draft(*, to, subject, body, in_reply_to=None, references=None,
|
|||||||
now,
|
now,
|
||||||
account or None,
|
account or None,
|
||||||
"agent_draft",
|
"agent_draft",
|
||||||
_current_owner(),
|
"",
|
||||||
))
|
))
|
||||||
conn.commit()
|
conn.commit()
|
||||||
conn.close()
|
conn.close()
|
||||||
@@ -1192,7 +1139,7 @@ def _create_email_draft_document(
|
|||||||
doc_id = str(uuid.uuid4())
|
doc_id = str(uuid.uuid4())
|
||||||
ver_id = str(uuid.uuid4())
|
ver_id = str(uuid.uuid4())
|
||||||
doc_title = (title or subject or "Email draft").strip() or "Email draft"
|
doc_title = (title or subject or "Email draft").strip() or "Email draft"
|
||||||
doc_owner = _current_owner() or _default_document_owner()
|
doc_owner = _default_document_owner()
|
||||||
|
|
||||||
db = SessionLocal()
|
db = SessionLocal()
|
||||||
try:
|
try:
|
||||||
@@ -1978,22 +1925,10 @@ async def list_tools() -> list[Tool]:
|
|||||||
|
|
||||||
@server.call_tool()
|
@server.call_tool()
|
||||||
async def call_tool(name: str, arguments: dict) -> list[TextContent]:
|
async def call_tool(name: str, arguments: dict) -> list[TextContent]:
|
||||||
arguments = dict(arguments) if isinstance(arguments, dict) else {}
|
|
||||||
owner = str(arguments.pop(_MCP_OWNER_ARG, "") or "").strip()
|
|
||||||
owner_token = _CURRENT_OWNER.set(owner or None)
|
|
||||||
try:
|
try:
|
||||||
all_db_accounts = _read_accounts_from_db()
|
|
||||||
if _mcp_owner_required(all_db_accounts):
|
|
||||||
return [TextContent(
|
|
||||||
type="text",
|
|
||||||
text="Error: email MCP requires an authenticated owner when multiple email account owners are configured.",
|
|
||||||
)]
|
|
||||||
|
|
||||||
if name == "list_email_accounts":
|
if name == "list_email_accounts":
|
||||||
rows = _filter_accounts_for_owner(all_db_accounts)
|
rows = _list_accounts_raw()
|
||||||
if not rows:
|
if not rows:
|
||||||
if all_db_accounts and owner:
|
|
||||||
return [TextContent(type="text", text="No email accounts configured for this owner.")]
|
|
||||||
return [TextContent(type="text", text="No email accounts configured. Legacy single-account mode active.")]
|
return [TextContent(type="text", text="No email accounts configured. Legacy single-account mode active.")]
|
||||||
lines = [f"Found {len(rows)} email account(s):\n"]
|
lines = [f"Found {len(rows)} email account(s):\n"]
|
||||||
for r in rows:
|
for r in rows:
|
||||||
@@ -2173,16 +2108,6 @@ async def call_tool(name: str, arguments: dict) -> list[TextContent]:
|
|||||||
bcc=arguments.get("bcc"),
|
bcc=arguments.get("bcc"),
|
||||||
account=acct,
|
account=acct,
|
||||||
)
|
)
|
||||||
if "error" in result:
|
|
||||||
return [TextContent(type="text", text=f"Error: {result['error']}")]
|
|
||||||
if result.get("pending"):
|
|
||||||
return [TextContent(
|
|
||||||
type="text",
|
|
||||||
text=(
|
|
||||||
f"Draft staged for approval (pending id: {result.get('pending_id')}). "
|
|
||||||
"Nothing has been sent yet. Review and approve it in Odysseus before delivery."
|
|
||||||
),
|
|
||||||
)]
|
|
||||||
acct_note = f" (from {result['account']})" if result.get("account") else ""
|
acct_note = f" (from {result['account']})" if result.get("account") else ""
|
||||||
return [TextContent(type="text", text=f"Sent email to {result['to']} with subject '{result['subject']}'{acct_note}.")]
|
return [TextContent(type="text", text=f"Sent email to {result['to']} with subject '{result['subject']}'{acct_note}.")]
|
||||||
|
|
||||||
@@ -2358,8 +2283,6 @@ async def call_tool(name: str, arguments: dict) -> list[TextContent]:
|
|||||||
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return [TextContent(type="text", text=f"Error: {e}")]
|
return [TextContent(type="text", text=f"Error: {e}")]
|
||||||
finally:
|
|
||||||
_CURRENT_OWNER.reset(owner_token)
|
|
||||||
|
|
||||||
|
|
||||||
# ── Main ──
|
# ── Main ──
|
||||||
|
|||||||
@@ -73,7 +73,7 @@ async def call_tool(name: str, arguments: dict) -> list[TextContent]:
|
|||||||
if not model_spec:
|
if not model_spec:
|
||||||
for candidate in ("gpt-image-1.5", "gpt-image-1", "dall-e-3"):
|
for candidate in ("gpt-image-1.5", "gpt-image-1", "dall-e-3"):
|
||||||
try:
|
try:
|
||||||
await asyncio.to_thread(_resolve_model, candidate)
|
_resolve_model(candidate)
|
||||||
model_spec = candidate
|
model_spec = candidate
|
||||||
break
|
break
|
||||||
except ValueError:
|
except ValueError:
|
||||||
@@ -81,7 +81,7 @@ async def call_tool(name: str, arguments: dict) -> list[TextContent]:
|
|||||||
if not model_spec:
|
if not model_spec:
|
||||||
return [TextContent(type="text", text="Error: No image model found. Configure one in Admin.")]
|
return [TextContent(type="text", text="Error: No image model found. Configure one in Admin.")]
|
||||||
|
|
||||||
url, model_id, headers = await asyncio.to_thread(_resolve_model, model_spec)
|
url, model_id, headers = _resolve_model(model_spec)
|
||||||
|
|
||||||
is_gpt_image = "gpt-image" in model_id.lower()
|
is_gpt_image = "gpt-image" in model_id.lower()
|
||||||
base_url = url.replace("/chat/completions", "").replace("/v1/messages", "").rstrip("/")
|
base_url = url.replace("/chat/completions", "").replace("/v1/messages", "").rstrip("/")
|
||||||
|
|||||||
@@ -6,7 +6,6 @@ Imports MemoryManager and MemoryVectorStore from the Odysseus codebase.
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
import asyncio
|
import asyncio
|
||||||
import os
|
|
||||||
import sys
|
import sys
|
||||||
import time
|
import time
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
@@ -24,55 +23,6 @@ _memory_manager = None
|
|||||||
_memory_vector = None
|
_memory_vector = None
|
||||||
_initialized = False
|
_initialized = False
|
||||||
|
|
||||||
_OWNER_ENV_KEYS = ("ODYSSEUS_MCP_MEMORY_OWNER", "ODYSSEUS_MEMORY_OWNER")
|
|
||||||
_OWNER_SCOPE_ERROR = (
|
|
||||||
"Error: Memory MCP owner is not configured for an owner-scoped memory store. "
|
|
||||||
"Set ODYSSEUS_MCP_MEMORY_OWNER for this server or use the owner-aware native memory tool."
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def _configured_owner() -> str | None:
|
|
||||||
for key in _OWNER_ENV_KEYS:
|
|
||||||
owner = os.environ.get(key, "").strip()
|
|
||||||
if owner:
|
|
||||||
return owner
|
|
||||||
return None
|
|
||||||
|
|
||||||
|
|
||||||
def _entry_owner(entry: dict) -> str | None:
|
|
||||||
owner = entry.get("owner")
|
|
||||||
if owner is None:
|
|
||||||
return None
|
|
||||||
owner_text = str(owner).strip()
|
|
||||||
return owner_text or None
|
|
||||||
|
|
||||||
|
|
||||||
def _owner_scoped_store(entries: list[dict]) -> bool:
|
|
||||||
return any(_entry_owner(entry) for entry in entries if isinstance(entry, dict))
|
|
||||||
|
|
||||||
|
|
||||||
def _scope_entries() -> tuple[str | None, list[dict], list[dict], str | None]:
|
|
||||||
"""Return configured owner, all entries, visible entries, and optional error."""
|
|
||||||
entries = _memory_manager.load_all()
|
|
||||||
owner = _configured_owner()
|
|
||||||
if owner is None and _owner_scoped_store(entries):
|
|
||||||
return None, entries, [], _OWNER_SCOPE_ERROR
|
|
||||||
if owner is None:
|
|
||||||
visible = [
|
|
||||||
entry for entry in entries
|
|
||||||
if isinstance(entry, dict) and _entry_owner(entry) is None
|
|
||||||
]
|
|
||||||
else:
|
|
||||||
visible = [
|
|
||||||
entry for entry in entries
|
|
||||||
if isinstance(entry, dict) and _entry_owner(entry) == owner
|
|
||||||
]
|
|
||||||
return owner, entries, visible, None
|
|
||||||
|
|
||||||
|
|
||||||
def _text_result(text: str) -> list[TextContent]:
|
|
||||||
return [TextContent(type="text", text=text)]
|
|
||||||
|
|
||||||
|
|
||||||
def _ensure_init():
|
def _ensure_init():
|
||||||
"""Lazy-init memory managers on first use."""
|
"""Lazy-init memory managers on first use."""
|
||||||
@@ -125,26 +75,24 @@ async def list_tools() -> list[Tool]:
|
|||||||
@server.call_tool()
|
@server.call_tool()
|
||||||
async def call_tool(name: str, arguments: dict) -> list[TextContent]:
|
async def call_tool(name: str, arguments: dict) -> list[TextContent]:
|
||||||
if name != "manage_memory":
|
if name != "manage_memory":
|
||||||
return _text_result(f"Unknown tool: {name}")
|
return [TextContent(type="text", text=f"Unknown tool: {name}")]
|
||||||
|
|
||||||
_ensure_init()
|
_ensure_init()
|
||||||
if not _memory_manager:
|
if not _memory_manager:
|
||||||
return _text_result("Error: Memory manager not available")
|
return [TextContent(type="text", text="Error: Memory manager not available")]
|
||||||
|
|
||||||
action = arguments.get("action", "")
|
action = arguments.get("action", "")
|
||||||
|
|
||||||
if action == "list":
|
if action == "list":
|
||||||
category_filter = arguments.get("category", "")
|
category_filter = arguments.get("category", "")
|
||||||
_owner, _all_memories, memories, scope_error = _scope_entries()
|
memories = _memory_manager.load()
|
||||||
if scope_error:
|
|
||||||
return _text_result(scope_error)
|
|
||||||
if category_filter:
|
if category_filter:
|
||||||
memories = [m for m in memories if m.get("category", "").lower() == category_filter.lower()]
|
memories = [m for m in memories if m.get("category", "").lower() == category_filter.lower()]
|
||||||
if not memories:
|
if not memories:
|
||||||
msg = "No memories found"
|
msg = "No memories found"
|
||||||
if category_filter:
|
if category_filter:
|
||||||
msg += f" in category '{category_filter}'"
|
msg += f" in category '{category_filter}'"
|
||||||
return _text_result(msg + ".")
|
return [TextContent(type="text", text=msg + ".")]
|
||||||
|
|
||||||
lines = [f"Found {len(memories)} memory entries:\n"]
|
lines = [f"Found {len(memories)} memory entries:\n"]
|
||||||
for m in memories:
|
for m in memories:
|
||||||
@@ -154,17 +102,15 @@ async def call_tool(name: str, arguments: dict) -> list[TextContent]:
|
|||||||
if len(text) > 150:
|
if len(text) > 150:
|
||||||
text = text[:150] + "..."
|
text = text[:150] + "..."
|
||||||
lines.append(f"- [{cat}] `{mid}` — {text}")
|
lines.append(f"- [{cat}] `{mid}` — {text}")
|
||||||
return _text_result("\n".join(lines))
|
return [TextContent(type="text", text="\n".join(lines))]
|
||||||
|
|
||||||
elif action == "add":
|
elif action == "add":
|
||||||
text = arguments.get("text", "")
|
text = arguments.get("text", "")
|
||||||
category = arguments.get("category", "fact")
|
category = arguments.get("category", "fact")
|
||||||
if not text:
|
if not text:
|
||||||
return _text_result("Error: Memory text cannot be empty")
|
return [TextContent(type="text", text="Error: Memory text cannot be empty")]
|
||||||
owner, memories, _visible, scope_error = _scope_entries()
|
entry = _memory_manager.add_entry(text, source="ai_agent", category=category)
|
||||||
if scope_error:
|
memories = _memory_manager.load_all()
|
||||||
return _text_result(scope_error)
|
|
||||||
entry = _memory_manager.add_entry(text, source="ai_agent", category=category, owner=owner)
|
|
||||||
memories.append(entry)
|
memories.append(entry)
|
||||||
_memory_manager.save(memories)
|
_memory_manager.save(memories)
|
||||||
if _memory_vector and _memory_vector.healthy:
|
if _memory_vector and _memory_vector.healthy:
|
||||||
@@ -172,28 +118,25 @@ async def call_tool(name: str, arguments: dict) -> list[TextContent]:
|
|||||||
_memory_vector.add(entry["id"], text)
|
_memory_vector.add(entry["id"], text)
|
||||||
except Exception:
|
except Exception:
|
||||||
pass
|
pass
|
||||||
return _text_result(f"Memory added: [{category}] {text} (id: {entry['id'][:8]})")
|
return [TextContent(type="text", text=f"Memory added: [{category}] {text} (id: {entry['id'][:8]})")]
|
||||||
|
|
||||||
elif action == "edit":
|
elif action == "edit":
|
||||||
memory_id = arguments.get("memory_id", "")
|
memory_id = arguments.get("memory_id", "")
|
||||||
new_text = arguments.get("text", "")
|
new_text = arguments.get("text", "")
|
||||||
if not memory_id or not new_text:
|
if not memory_id or not new_text:
|
||||||
return _text_result("Error: edit needs memory_id and text")
|
return [TextContent(type="text", text="Error: edit needs memory_id and text")]
|
||||||
_owner, memories, visible, scope_error = _scope_entries()
|
memories = _memory_manager.load_all()
|
||||||
if scope_error:
|
found = False
|
||||||
return _text_result(scope_error)
|
|
||||||
full_id = None
|
full_id = None
|
||||||
for m in visible:
|
|
||||||
if m.get("id", "").startswith(memory_id):
|
|
||||||
full_id = m["id"]
|
|
||||||
break
|
|
||||||
if not full_id:
|
|
||||||
return _text_result(f"Error: Memory '{memory_id}' not found")
|
|
||||||
for m in memories:
|
for m in memories:
|
||||||
if m.get("id") == full_id:
|
if m.get("id", "").startswith(memory_id):
|
||||||
m["text"] = new_text
|
m["text"] = new_text
|
||||||
m["timestamp"] = int(time.time())
|
m["timestamp"] = int(time.time())
|
||||||
|
found = True
|
||||||
|
full_id = m["id"]
|
||||||
break
|
break
|
||||||
|
if not found:
|
||||||
|
return [TextContent(type="text", text=f"Error: Memory '{memory_id}' not found")]
|
||||||
_memory_manager.save(memories)
|
_memory_manager.save(memories)
|
||||||
if _memory_vector and _memory_vector.healthy and full_id:
|
if _memory_vector and _memory_vector.healthy and full_id:
|
||||||
try:
|
try:
|
||||||
@@ -201,26 +144,24 @@ async def call_tool(name: str, arguments: dict) -> list[TextContent]:
|
|||||||
_memory_vector.add(full_id, new_text)
|
_memory_vector.add(full_id, new_text)
|
||||||
except Exception:
|
except Exception:
|
||||||
pass
|
pass
|
||||||
return _text_result(f"Memory updated: {new_text}")
|
return [TextContent(type="text", text=f"Memory updated: {new_text}")]
|
||||||
|
|
||||||
elif action == "delete":
|
elif action == "delete":
|
||||||
memory_id = arguments.get("memory_id", "")
|
memory_id = arguments.get("memory_id", "")
|
||||||
if not memory_id:
|
if not memory_id:
|
||||||
return _text_result("Error: delete needs memory_id")
|
return [TextContent(type="text", text="Error: delete needs memory_id")]
|
||||||
_owner, memories, visible, scope_error = _scope_entries()
|
memories = _memory_manager.load_all()
|
||||||
if scope_error:
|
|
||||||
return _text_result(scope_error)
|
|
||||||
full_id = None
|
full_id = None
|
||||||
deleted_text = ""
|
deleted_text = ""
|
||||||
deleted_category = ""
|
deleted_category = ""
|
||||||
for m in visible:
|
for m in memories:
|
||||||
if m.get("id", "").startswith(memory_id):
|
if m.get("id", "").startswith(memory_id):
|
||||||
full_id = m["id"]
|
full_id = m["id"]
|
||||||
deleted_text = m.get("text", "")
|
deleted_text = m.get("text", "")
|
||||||
deleted_category = m.get("category", "")
|
deleted_category = m.get("category", "")
|
||||||
break
|
break
|
||||||
if not full_id:
|
if not full_id:
|
||||||
return _text_result(f"Error: Memory '{memory_id}' not found")
|
return [TextContent(type="text", text=f"Error: Memory '{memory_id}' not found")]
|
||||||
memories = [m for m in memories if m.get("id") != full_id]
|
memories = [m for m in memories if m.get("id") != full_id]
|
||||||
_memory_manager.save(memories)
|
_memory_manager.save(memories)
|
||||||
if _memory_vector and _memory_vector.healthy and full_id:
|
if _memory_vector and _memory_vector.healthy and full_id:
|
||||||
@@ -230,32 +171,30 @@ async def call_tool(name: str, arguments: dict) -> list[TextContent]:
|
|||||||
pass
|
pass
|
||||||
cat = f"[{deleted_category}] " if deleted_category else ""
|
cat = f"[{deleted_category}] " if deleted_category else ""
|
||||||
snippet = deleted_text if len(deleted_text) <= 120 else deleted_text[:117] + "..."
|
snippet = deleted_text if len(deleted_text) <= 120 else deleted_text[:117] + "..."
|
||||||
return _text_result(f"Memory deleted: {cat}{snippet} (id: {memory_id})")
|
return [TextContent(type="text", text=f"Memory deleted: {cat}{snippet} (id: {memory_id})")]
|
||||||
|
|
||||||
elif action == "search":
|
elif action == "search":
|
||||||
query = arguments.get("text", "")
|
query = arguments.get("text", "")
|
||||||
if not query:
|
if not query:
|
||||||
return _text_result("Error: search needs text (query)")
|
return [TextContent(type="text", text="Error: search needs text (query)")]
|
||||||
_owner, _all_memories, memories, scope_error = _scope_entries()
|
memories = _memory_manager.load()
|
||||||
if scope_error:
|
|
||||||
return _text_result(scope_error)
|
|
||||||
if hasattr(_memory_manager, 'get_relevant_memories'):
|
if hasattr(_memory_manager, 'get_relevant_memories'):
|
||||||
results = _memory_manager.get_relevant_memories(query, memories, threshold=0.05, max_items=20)
|
results = _memory_manager.get_relevant_memories(query, memories, threshold=0.05, max_items=20)
|
||||||
else:
|
else:
|
||||||
query_lower = query.lower()
|
query_lower = query.lower()
|
||||||
results = [m for m in memories if query_lower in m.get("text", "").lower()][:20]
|
results = [m for m in memories if query_lower in m.get("text", "").lower()][:20]
|
||||||
if not results:
|
if not results:
|
||||||
return _text_result(f"No memories found matching '{query}'.")
|
return [TextContent(type="text", text=f"No memories found matching '{query}'.")]
|
||||||
lines = [f"Found {len(results)} matching memories:\n"]
|
lines = [f"Found {len(results)} matching memories:\n"]
|
||||||
for m in results:
|
for m in results:
|
||||||
cat = m.get("category", "fact")
|
cat = m.get("category", "fact")
|
||||||
mid = m.get("id", "?")[:8]
|
mid = m.get("id", "?")[:8]
|
||||||
text = m.get("text", "")
|
text = m.get("text", "")
|
||||||
lines.append(f"- [{cat}] `{mid}` — {text}")
|
lines.append(f"- [{cat}] `{mid}` — {text}")
|
||||||
return _text_result("\n".join(lines))
|
return [TextContent(type="text", text="\n".join(lines))]
|
||||||
|
|
||||||
else:
|
else:
|
||||||
return _text_result(f"Error: Unknown action '{action}'. Use: list, add, edit, delete, search")
|
return [TextContent(type="text", text=f"Error: Unknown action '{action}'. Use: list, add, edit, delete, search")]
|
||||||
|
|
||||||
|
|
||||||
async def run():
|
async def run():
|
||||||
|
|||||||
Generated
+78
-4
@@ -4,19 +4,93 @@
|
|||||||
"requires": true,
|
"requires": true,
|
||||||
"packages": {
|
"packages": {
|
||||||
"": {
|
"": {
|
||||||
|
"dependencies": {
|
||||||
|
"@anthropic-ai/sdk": "^0.104.1"
|
||||||
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@antithesishq/bombadil": "^0.6.1"
|
"@antithesishq/bombadil": "^0.5.0"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"node_modules/@anthropic-ai/sdk": {
|
||||||
|
"version": "0.104.1",
|
||||||
|
"resolved": "https://registry.npmjs.org/@anthropic-ai/sdk/-/sdk-0.104.1.tgz",
|
||||||
|
"integrity": "sha512-gGACa/+IaiXzRRmF96aOhamoBgapKRBiFWbmmTFP8aMkpaEcuStF+Q61bjo4vPxBM7gqWJNZqsngslRdnLHv0Q==",
|
||||||
|
"license": "MIT",
|
||||||
|
"dependencies": {
|
||||||
|
"json-schema-to-ts": "^3.1.1",
|
||||||
|
"standardwebhooks": "^1.0.0"
|
||||||
|
},
|
||||||
|
"bin": {
|
||||||
|
"anthropic-ai-sdk": "bin/cli"
|
||||||
|
},
|
||||||
|
"peerDependencies": {
|
||||||
|
"zod": "^3.25.0 || ^4.0.0"
|
||||||
|
},
|
||||||
|
"peerDependenciesMeta": {
|
||||||
|
"zod": {
|
||||||
|
"optional": true
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/@antithesishq/bombadil": {
|
"node_modules/@antithesishq/bombadil": {
|
||||||
"version": "0.6.1",
|
"version": "0.5.0",
|
||||||
"resolved": "https://registry.npmjs.org/@antithesishq/bombadil/-/bombadil-0.6.1.tgz",
|
"resolved": "https://registry.npmjs.org/@antithesishq/bombadil/-/bombadil-0.5.0.tgz",
|
||||||
"integrity": "sha512-d1iufG3MI7gSMSiSmMeNdcMW+qR0yQXL2zdkVynC3n3DYgFJYlYXKUQzygmqU12m4RWlR5iOdQU1hsx5UT6+IA==",
|
"integrity": "sha512-s0zImmr0iyvSP6QcVLvf40CUiZYIdWBAxiq20uhzujwvfitYa3PGJN652k/pLtVccHM/JrGQxZdvLnihZpltHA==",
|
||||||
"dev": true,
|
"dev": true,
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"bin": {
|
"bin": {
|
||||||
"bombadil": "bin/bombadil.js"
|
"bombadil": "bin/bombadil.js"
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"node_modules/@babel/runtime": {
|
||||||
|
"version": "7.29.7",
|
||||||
|
"resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.29.7.tgz",
|
||||||
|
"integrity": "sha512-Nq8OhGWiZIZGV6hLHoyAKLLcJihP/xFeBMGJoUrxTX2psI8dCifzLhZISFb+VWS3wFMRDmCGw5R+dOySCqPLhw==",
|
||||||
|
"license": "MIT",
|
||||||
|
"engines": {
|
||||||
|
"node": ">=6.9.0"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"node_modules/@stablelib/base64": {
|
||||||
|
"version": "1.0.1",
|
||||||
|
"resolved": "https://registry.npmjs.org/@stablelib/base64/-/base64-1.0.1.tgz",
|
||||||
|
"integrity": "sha512-1bnPQqSxSuc3Ii6MhBysoWCg58j97aUjuCSZrGSmDxNqtytIi0k8utUenAwTZN4V5mXXYGsVUI9zeBqy+jBOSQ==",
|
||||||
|
"license": "MIT"
|
||||||
|
},
|
||||||
|
"node_modules/fast-sha256": {
|
||||||
|
"version": "1.3.0",
|
||||||
|
"resolved": "https://registry.npmjs.org/fast-sha256/-/fast-sha256-1.3.0.tgz",
|
||||||
|
"integrity": "sha512-n11RGP/lrWEFI/bWdygLxhI+pVeo1ZYIVwvvPkW7azl/rOy+F3HYRZ2K5zeE9mmkhQppyv9sQFx0JM9UabnpPQ==",
|
||||||
|
"license": "Unlicense"
|
||||||
|
},
|
||||||
|
"node_modules/json-schema-to-ts": {
|
||||||
|
"version": "3.1.1",
|
||||||
|
"resolved": "https://registry.npmjs.org/json-schema-to-ts/-/json-schema-to-ts-3.1.1.tgz",
|
||||||
|
"integrity": "sha512-+DWg8jCJG2TEnpy7kOm/7/AxaYoaRbjVB4LFZLySZlWn8exGs3A4OLJR966cVvU26N7X9TWxl+Jsw7dzAqKT6g==",
|
||||||
|
"license": "MIT",
|
||||||
|
"dependencies": {
|
||||||
|
"@babel/runtime": "^7.18.3",
|
||||||
|
"ts-algebra": "^2.0.0"
|
||||||
|
},
|
||||||
|
"engines": {
|
||||||
|
"node": ">=16"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"node_modules/standardwebhooks": {
|
||||||
|
"version": "1.0.0",
|
||||||
|
"resolved": "https://registry.npmjs.org/standardwebhooks/-/standardwebhooks-1.0.0.tgz",
|
||||||
|
"integrity": "sha512-BbHGOQK9olHPMvQNHWul6MYlrRTAOKn03rOe4A8O3CLWhNf4YHBqq2HJKKC+sfqpxiBY52pNeesD6jIiLDz8jg==",
|
||||||
|
"license": "MIT",
|
||||||
|
"dependencies": {
|
||||||
|
"@stablelib/base64": "^1.0.0",
|
||||||
|
"fast-sha256": "^1.3.0"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"node_modules/ts-algebra": {
|
||||||
|
"version": "2.0.0",
|
||||||
|
"resolved": "https://registry.npmjs.org/ts-algebra/-/ts-algebra-2.0.0.tgz",
|
||||||
|
"integrity": "sha512-FPAhNPFMrkwz76P7cdjdmiShwMynZYN6SgOujD1urY4oNm80Ou9oMdmbR45LotcKOXoy7wSmHkRFE6Mxbrhefw==",
|
||||||
|
"license": "MIT"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
+4
-1
@@ -4,6 +4,9 @@
|
|||||||
"url": "https://github.com/pewdiepie-archdaemon/odysseus.git"
|
"url": "https://github.com/pewdiepie-archdaemon/odysseus.git"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@antithesishq/bombadil": "^0.6.1"
|
"@antithesishq/bombadil": "^0.5.0"
|
||||||
|
},
|
||||||
|
"dependencies": {
|
||||||
|
"@anthropic-ai/sdk": "^0.104.1"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -160,8 +160,6 @@ def setup_api_token_routes() -> APIRouter:
|
|||||||
payload = await request.json()
|
payload = await request.json()
|
||||||
except Exception:
|
except Exception:
|
||||||
payload = {}
|
payload = {}
|
||||||
if not isinstance(payload, dict):
|
|
||||||
payload = {}
|
|
||||||
with get_db_session() as db:
|
with get_db_session() as db:
|
||||||
token = db.query(ApiToken).filter(ApiToken.id == token_id).first()
|
token = db.query(ApiToken).filter(ApiToken.id == token_id).first()
|
||||||
if not token:
|
if not token:
|
||||||
|
|||||||
@@ -16,7 +16,6 @@ from pydantic import BaseModel
|
|||||||
|
|
||||||
from core.database import SessionLocal, CrewMember, ScheduledTask
|
from core.database import SessionLocal, CrewMember, ScheduledTask
|
||||||
from src.auth_helpers import get_current_user
|
from src.auth_helpers import get_current_user
|
||||||
from core.auth import RESERVED_USERNAMES
|
|
||||||
from src.task_scheduler import compute_next_run
|
from src.task_scheduler import compute_next_run
|
||||||
|
|
||||||
|
|
||||||
@@ -90,11 +89,11 @@ def setup_assistant_routes(task_scheduler) -> APIRouter:
|
|||||||
# check-in tasks seeded. Hitting any /assistant route under one of these
|
# check-in tasks seeded. Hitting any /assistant route under one of these
|
||||||
# used to seed a full CrewMember + Morning/Midday/Evening tasks under that
|
# used to seed a full CrewMember + Morning/Midday/Evening tasks under that
|
||||||
# owner, which then double-fired alongside the real user's check-ins.
|
# owner, which then double-fired alongside the real user's check-ins.
|
||||||
# RESERVED_USERNAMES covers the same set; the `not owner` guard handles "".
|
_SYNTHETIC_OWNERS = frozenset({"internal-tool", "api", "demo", "system", ""})
|
||||||
|
|
||||||
async def _get_or_create(owner: str) -> CrewMember:
|
async def _get_or_create(owner: str) -> CrewMember:
|
||||||
"""Return the per-owner assistant CrewMember, creating it on demand."""
|
"""Return the per-owner assistant CrewMember, creating it on demand."""
|
||||||
if not owner or owner in RESERVED_USERNAMES:
|
if not owner or owner in _SYNTHETIC_OWNERS:
|
||||||
raise HTTPException(status_code=400, detail=f"Cannot seed assistant for {owner!r}")
|
raise HTTPException(status_code=400, detail=f"Cannot seed assistant for {owner!r}")
|
||||||
db = SessionLocal()
|
db = SessionLocal()
|
||||||
try:
|
try:
|
||||||
|
|||||||
+11
-45
@@ -12,8 +12,8 @@ import re
|
|||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
|
|
||||||
from core.atomic_io import atomic_write_json, atomic_write_text
|
from core.atomic_io import atomic_write_json, atomic_write_text
|
||||||
from core.auth import AuthManager, RESERVED_USERNAMES, SetAdminResult, TOKEN_TTL
|
from core.auth import AuthManager, SetAdminResult
|
||||||
from src.constants import DEEP_RESEARCH_DIR, MEMORY_FILE, PASSWORD_MIN_LENGTH, SKILLS_DIR
|
from src.constants import DEEP_RESEARCH_DIR, MEMORY_FILE, SKILLS_DIR
|
||||||
from src.rate_limiter import RateLimiter
|
from src.rate_limiter import RateLimiter
|
||||||
from src.settings_scrub import scrub_settings
|
from src.settings_scrub import scrub_settings
|
||||||
from src.settings import (
|
from src.settings import (
|
||||||
@@ -102,12 +102,8 @@ def setup_auth_routes(auth_manager: AuthManager) -> APIRouter:
|
|||||||
raise HTTPException(429, "Too many requests — try again later")
|
raise HTTPException(429, "Too many requests — try again later")
|
||||||
if auth_manager.is_configured:
|
if auth_manager.is_configured:
|
||||||
raise HTTPException(400, "Already configured")
|
raise HTTPException(400, "Already configured")
|
||||||
if len(body.password) < PASSWORD_MIN_LENGTH:
|
if len(body.password) < 8:
|
||||||
raise HTTPException(400, f"Password must be at least {PASSWORD_MIN_LENGTH} characters")
|
raise HTTPException(400, "Password must be at least 8 characters")
|
||||||
if len(body.username.strip()) < 1:
|
|
||||||
raise HTTPException(400, "Username is required")
|
|
||||||
if body.username.lower() in RESERVED_USERNAMES:
|
|
||||||
raise HTTPException(403, "Username is reserved")
|
|
||||||
ok = await asyncio.to_thread(auth_manager.setup, body.username, body.password)
|
ok = await asyncio.to_thread(auth_manager.setup, body.username, body.password)
|
||||||
if not ok:
|
if not ok:
|
||||||
raise HTTPException(500, "Setup failed")
|
raise HTTPException(500, "Setup failed")
|
||||||
@@ -122,12 +118,10 @@ def setup_auth_routes(auth_manager: AuthManager) -> APIRouter:
|
|||||||
raise HTTPException(400, "Run setup first")
|
raise HTTPException(400, "Run setup first")
|
||||||
if not auth_manager.signup_enabled:
|
if not auth_manager.signup_enabled:
|
||||||
raise HTTPException(403, "Registration is disabled. Ask an admin for an account.")
|
raise HTTPException(403, "Registration is disabled. Ask an admin for an account.")
|
||||||
if len(body.password) < PASSWORD_MIN_LENGTH:
|
if len(body.password) < 8:
|
||||||
raise HTTPException(400, f"Password must be at least {PASSWORD_MIN_LENGTH} characters")
|
raise HTTPException(400, "Password must be at least 8 characters")
|
||||||
if len(body.username.strip()) < 1:
|
if len(body.username.strip()) < 1:
|
||||||
raise HTTPException(400, "Username is required")
|
raise HTTPException(400, "Username is required")
|
||||||
if body.username.lower() in RESERVED_USERNAMES:
|
|
||||||
raise HTTPException(403, "Username is reserved")
|
|
||||||
ok = await asyncio.to_thread(auth_manager.create_user, body.username, body.password, is_admin=False)
|
ok = await asyncio.to_thread(auth_manager.create_user, body.username, body.password, is_admin=False)
|
||||||
if not ok:
|
if not ok:
|
||||||
raise HTTPException(409, "Username already taken")
|
raise HTTPException(409, "Username already taken")
|
||||||
@@ -150,8 +144,6 @@ def setup_auth_routes(auth_manager: AuthManager) -> APIRouter:
|
|||||||
raise HTTPException(401, "Invalid 2FA code")
|
raise HTTPException(401, "Invalid 2FA code")
|
||||||
# All checks passed — create session (password already verified above)
|
# All checks passed — create session (password already verified above)
|
||||||
token = await asyncio.to_thread(auth_manager.create_session_trusted, username)
|
token = await asyncio.to_thread(auth_manager.create_session_trusted, username)
|
||||||
if not token:
|
|
||||||
raise HTTPException(401, "Invalid credentials")
|
|
||||||
cookie_kwargs = dict(
|
cookie_kwargs = dict(
|
||||||
key=SESSION_COOKIE,
|
key=SESSION_COOKIE,
|
||||||
value=token,
|
value=token,
|
||||||
@@ -161,7 +153,7 @@ def setup_auth_routes(auth_manager: AuthManager) -> APIRouter:
|
|||||||
path="/",
|
path="/",
|
||||||
)
|
)
|
||||||
if body.remember:
|
if body.remember:
|
||||||
cookie_kwargs["max_age"] = TOKEN_TTL
|
cookie_kwargs["max_age"] = 60 * 60 * 24 * 7 # 7 days
|
||||||
response.set_cookie(**cookie_kwargs)
|
response.set_cookie(**cookie_kwargs)
|
||||||
return {"ok": True, "username": username}
|
return {"ok": True, "username": username}
|
||||||
|
|
||||||
@@ -190,18 +182,13 @@ def setup_auth_routes(auth_manager: AuthManager) -> APIRouter:
|
|||||||
pass
|
pass
|
||||||
return result
|
return result
|
||||||
|
|
||||||
@router.get("/policy")
|
|
||||||
async def auth_policy():
|
|
||||||
"""Return public auth policy constants for the frontend."""
|
|
||||||
return auth_manager.policy()
|
|
||||||
|
|
||||||
@router.post("/change-password")
|
@router.post("/change-password")
|
||||||
async def change_password(body: ChangePasswordRequest, request: Request):
|
async def change_password(body: ChangePasswordRequest, request: Request):
|
||||||
user = _get_current_user(request)
|
user = _get_current_user(request)
|
||||||
if not user:
|
if not user:
|
||||||
raise HTTPException(401, "Not authenticated")
|
raise HTTPException(401, "Not authenticated")
|
||||||
if len(body.new_password) < PASSWORD_MIN_LENGTH:
|
if len(body.new_password) < 8:
|
||||||
raise HTTPException(400, f"Password must be at least {PASSWORD_MIN_LENGTH} characters")
|
raise HTTPException(400, "Password must be at least 8 characters")
|
||||||
current_token = request.cookies.get(SESSION_COOKIE)
|
current_token = request.cookies.get(SESSION_COOKIE)
|
||||||
ok = await asyncio.to_thread(auth_manager.change_password, user, body.current_password, body.new_password)
|
ok = await asyncio.to_thread(auth_manager.change_password, user, body.current_password, body.new_password)
|
||||||
if not ok:
|
if not ok:
|
||||||
@@ -281,12 +268,8 @@ def setup_auth_routes(auth_manager: AuthManager) -> APIRouter:
|
|||||||
user = _get_current_user(request)
|
user = _get_current_user(request)
|
||||||
if not user or not auth_manager.is_admin(user):
|
if not user or not auth_manager.is_admin(user):
|
||||||
raise HTTPException(403, "Admin only")
|
raise HTTPException(403, "Admin only")
|
||||||
if len(body.password) < PASSWORD_MIN_LENGTH:
|
if len(body.password) < 8:
|
||||||
raise HTTPException(400, f"Password must be at least {PASSWORD_MIN_LENGTH} characters")
|
raise HTTPException(400, "Password must be at least 8 characters")
|
||||||
if len(body.username.strip()) < 1:
|
|
||||||
raise HTTPException(400, "Username is required")
|
|
||||||
if body.username.lower() in RESERVED_USERNAMES:
|
|
||||||
raise HTTPException(403, "Username is reserved")
|
|
||||||
ok = auth_manager.create_user(body.username, body.password, body.is_admin)
|
ok = auth_manager.create_user(body.username, body.password, body.is_admin)
|
||||||
if not ok:
|
if not ok:
|
||||||
raise HTTPException(409, "Username already taken")
|
raise HTTPException(409, "Username already taken")
|
||||||
@@ -449,23 +432,6 @@ def setup_auth_routes(auth_manager: AuthManager) -> APIRouter:
|
|||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.warning("Failed to rename upload owner references %s -> %s: %s", old_username, new_username, e)
|
logger.warning("Failed to rename upload owner references %s -> %s: %s", old_username, new_username, e)
|
||||||
|
|
||||||
# direct personal RAG uploads live in per-owner directories and the
|
|
||||||
# vector metadata also carries the username used for owner-filtered
|
|
||||||
# search. Keep both in sync with the auth rename.
|
|
||||||
try:
|
|
||||||
from routes.personal_routes import rename_personal_upload_owner
|
|
||||||
personal_docs_manager = getattr(request.app.state, "personal_docs_manager", None)
|
|
||||||
if personal_docs_manager is not None:
|
|
||||||
rag_manager = getattr(personal_docs_manager, "rag_manager", None)
|
|
||||||
rename_personal_upload_owner(
|
|
||||||
old_username,
|
|
||||||
new_username,
|
|
||||||
personal_docs_manager=personal_docs_manager,
|
|
||||||
rag_manager=rag_manager,
|
|
||||||
)
|
|
||||||
except Exception as e:
|
|
||||||
logger.warning("Failed to rename personal RAG upload owner references %s -> %s: %s", old_username, new_username, e)
|
|
||||||
|
|
||||||
# skills: SKILL.md frontmatter carries owner: <username>; the usage
|
# skills: SKILL.md frontmatter carries owner: <username>; the usage
|
||||||
# sidecar (_usage.json) keys entries as owner::skill-name. Both must
|
# sidecar (_usage.json) keys entries as owner::skill-name. Both must
|
||||||
# be updated or the renamed user's Skills panel goes empty.
|
# be updated or the renamed user's Skills panel goes empty.
|
||||||
|
|||||||
@@ -34,24 +34,6 @@ def _ics_naive_dtstart(dt):
|
|||||||
return datetime(dt.year, dt.month, dt.day)
|
return datetime(dt.year, dt.month, dt.day)
|
||||||
return dt
|
return dt
|
||||||
|
|
||||||
|
|
||||||
def _ensure_positive_duration(start_dt, end_dt, all_day):
|
|
||||||
"""Clamp an imported event's end so it has a positive duration.
|
|
||||||
|
|
||||||
Some .ics exporters write a single-day all-day event with DTEND equal to
|
|
||||||
DTSTART (treating DTEND as inclusive rather than the RFC 5545 exclusive
|
|
||||||
bound). Stored verbatim that produces a zero-duration row, which the
|
|
||||||
list_events overlap filter (dtstart < end AND dtend > start) silently
|
|
||||||
drops — the event never appears on the calendar even though the web UI
|
|
||||||
would otherwise show it. Normalize a non-positive end to the same default
|
|
||||||
span used when DTEND is absent: one day for all-day events, one hour
|
|
||||||
otherwise.
|
|
||||||
"""
|
|
||||||
if end_dt <= start_dt:
|
|
||||||
return start_dt + (timedelta(days=1) if all_day else timedelta(hours=1))
|
|
||||||
return end_dt
|
|
||||||
|
|
||||||
|
|
||||||
# Single-user fallback identity. Used only when:
|
# Single-user fallback identity. Used only when:
|
||||||
# 1. The app is configured for single-user (no auth middleware), AND
|
# 1. The app is configured for single-user (no auth middleware), AND
|
||||||
# 2. The request didn't resolve to an authenticated user.
|
# 2. The request didn't resolve to an authenticated user.
|
||||||
@@ -452,20 +434,6 @@ def _parse_dt(s: str) -> datetime:
|
|||||||
if t is not None:
|
if t is not None:
|
||||||
return base.replace(hour=t[0], minute=t[1])
|
return base.replace(hour=t[0], minute=t[1])
|
||||||
|
|
||||||
# time-first: "3pm today", "9am tomorrow", "11pm tonight"
|
|
||||||
# (parity with parse_due_for_user, which handles these via the same form)
|
|
||||||
m = _re.match(r'^(.+?)\s+(today|tonight|tomorrow|tmrw|yesterday)$', lower)
|
|
||||||
if m:
|
|
||||||
time_part, word = m.group(1).strip(), m.group(2)
|
|
||||||
base = today
|
|
||||||
if word in ("tomorrow", "tmrw"):
|
|
||||||
base = today + timedelta(days=1)
|
|
||||||
elif word == "yesterday":
|
|
||||||
base = today - timedelta(days=1)
|
|
||||||
t = _parse_time(time_part)
|
|
||||||
if t is not None:
|
|
||||||
return base.replace(hour=t[0], minute=t[1])
|
|
||||||
|
|
||||||
# next <weekday> [at] TIME
|
# next <weekday> [at] TIME
|
||||||
weekdays = ["monday", "tuesday", "wednesday", "thursday", "friday", "saturday", "sunday"]
|
weekdays = ["monday", "tuesday", "wednesday", "thursday", "friday", "saturday", "sunday"]
|
||||||
m = _re.match(r'^next\s+(\w+)(?:\s+at)?\s*(.*)$', lower)
|
m = _re.match(r'^next\s+(\w+)(?:\s+at)?\s*(.*)$', lower)
|
||||||
@@ -1258,7 +1226,7 @@ def setup_calendar_routes() -> APIRouter:
|
|||||||
db.commit()
|
db.commit()
|
||||||
db.refresh(target_cal)
|
db.refresh(target_cal)
|
||||||
|
|
||||||
imported = skipped = repaired = 0
|
imported = skipped = 0
|
||||||
for comp in cal_data.walk():
|
for comp in cal_data.walk():
|
||||||
if comp.name != "VEVENT":
|
if comp.name != "VEVENT":
|
||||||
continue
|
continue
|
||||||
@@ -1294,18 +1262,6 @@ def setup_calendar_routes() -> APIRouter:
|
|||||||
.first()
|
.first()
|
||||||
)
|
)
|
||||||
if existing:
|
if existing:
|
||||||
# An import predating the clamp below may have stored
|
|
||||||
# this same event with a non-positive duration, which
|
|
||||||
# the list_events overlap filter hides. Re-importing
|
|
||||||
# lands here and would skip without touching that row,
|
|
||||||
# so the event would stay invisible. Backfill the clamp
|
|
||||||
# onto the stored row before skipping it.
|
|
||||||
fixed_end = _ensure_positive_duration(
|
|
||||||
existing.dtstart, existing.dtend, bool(existing.all_day)
|
|
||||||
)
|
|
||||||
if fixed_end != existing.dtend:
|
|
||||||
existing.dtend = fixed_end
|
|
||||||
repaired += 1
|
|
||||||
skipped += 1
|
skipped += 1
|
||||||
continue
|
continue
|
||||||
|
|
||||||
@@ -1339,8 +1295,6 @@ def setup_calendar_routes() -> APIRouter:
|
|||||||
else:
|
else:
|
||||||
end_dt = start_dt + timedelta(hours=1)
|
end_dt = start_dt + timedelta(hours=1)
|
||||||
|
|
||||||
end_dt = _ensure_positive_duration(start_dt, end_dt, all_day)
|
|
||||||
|
|
||||||
ev = CalendarEvent(
|
ev = CalendarEvent(
|
||||||
uid=uid_val,
|
uid=uid_val,
|
||||||
calendar_id=target_cal.id,
|
calendar_id=target_cal.id,
|
||||||
@@ -1361,7 +1315,6 @@ def setup_calendar_routes() -> APIRouter:
|
|||||||
"ok": True,
|
"ok": True,
|
||||||
"imported": imported,
|
"imported": imported,
|
||||||
"skipped": skipped,
|
"skipped": skipped,
|
||||||
"repaired": repaired,
|
|
||||||
"calendar": cal_display,
|
"calendar": cal_display,
|
||||||
"calendar_id": target_cal.id,
|
"calendar_id": target_cal.id,
|
||||||
}
|
}
|
||||||
|
|||||||
+26
-126
@@ -14,7 +14,7 @@ from core.database import Session as DBSession, ModelEndpoint
|
|||||||
from src.llm_core import normalize_model_id
|
from src.llm_core import normalize_model_id
|
||||||
from src.endpoint_resolver import normalize_base
|
from src.endpoint_resolver import normalize_base
|
||||||
from src.context_compactor import maybe_compact, trim_for_context
|
from src.context_compactor import maybe_compact, trim_for_context
|
||||||
from src.auth_helpers import effective_user
|
from src.auth_helpers import get_current_user
|
||||||
from src.prompt_security import untrusted_context_message
|
from src.prompt_security import untrusted_context_message
|
||||||
from routes.prefs_routes import _load_for_user as load_prefs_for_user
|
from routes.prefs_routes import _load_for_user as load_prefs_for_user
|
||||||
|
|
||||||
@@ -22,47 +22,6 @@ from fastapi import HTTPException
|
|||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
_CASUAL_OPENING_RE = re.compile(
|
|
||||||
r"^\s*(?:h+i+|hey+|hello+|yo+|sup+|what'?s up|wass?up|hiya|howdy|"
|
|
||||||
r"lol|lmao|haha+|hehe+|thanks?|thank you|ty|idk|dunno|meh|bruh|bro)\b(?P<tail>.*)$",
|
|
||||||
re.IGNORECASE,
|
|
||||||
)
|
|
||||||
_CASUAL_BLOCKLIST_RE = re.compile(
|
|
||||||
r"\b(?:cookbook|serve|serving|launch|start|vllm|sglang|llama\.?cpp|ollama|"
|
|
||||||
r"download|model|email|document|doc|note|calendar|task|search|web|research|"
|
|
||||||
r"file|folder|repo|git|settings?|endpoint|api|token|mcp)\b",
|
|
||||||
re.IGNORECASE,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def _is_casual_low_signal(text: str) -> bool:
|
|
||||||
"""Short greetings/slang should not pull memory, skills, RAG, or docs."""
|
|
||||||
s = str(text or "").strip()
|
|
||||||
m = _CASUAL_OPENING_RE.match(s)
|
|
||||||
if not m:
|
|
||||||
return False
|
|
||||||
tail = m.group("tail") or ""
|
|
||||||
if _CASUAL_BLOCKLIST_RE.search(tail):
|
|
||||||
return False
|
|
||||||
tail_words = re.findall(r"[A-Za-z0-9_'-]+", tail)
|
|
||||||
return len(tail_words) <= 2
|
|
||||||
|
|
||||||
|
|
||||||
# Strong references to in-flight fire-and-forget tasks scheduled from this
|
|
||||||
# module. asyncio only keeps weak references to tasks created via
|
|
||||||
# create_task, so without this the GC can collect a task mid-execution and
|
|
||||||
# the background work (extraction, auto-naming) silently never runs.
|
|
||||||
# Mirrors WebhookManager._spawn_tracked from src/webhook_manager.py.
|
|
||||||
_BG_TASKS: set[asyncio.Task] = set()
|
|
||||||
|
|
||||||
|
|
||||||
def _spawn_bg(coro) -> asyncio.Task:
|
|
||||||
"""Schedule a background task and hold a strong reference until it finishes."""
|
|
||||||
task = asyncio.create_task(coro)
|
|
||||||
_BG_TASKS.add(task)
|
|
||||||
task.add_done_callback(_BG_TASKS.discard)
|
|
||||||
return task
|
|
||||||
|
|
||||||
|
|
||||||
# ── Data containers ────────────────────────────────────────────────────── #
|
# ── Data containers ────────────────────────────────────────────────────── #
|
||||||
|
|
||||||
@@ -104,9 +63,6 @@ class ChatContext:
|
|||||||
# The chat route emits a doc_update SSE event for each before streaming
|
# The chat route emits a doc_update SSE event for each before streaming
|
||||||
# begins, so the editor pane switches to the new doc immediately.
|
# begins, so the editor pane switches to the new doc immediately.
|
||||||
auto_opened_docs: list = field(default_factory=list)
|
auto_opened_docs: list = field(default_factory=list)
|
||||||
# Uploads attached to this user turn, resolved and owner-checked for the
|
|
||||||
# agent's private context. This is not emitted to the browser.
|
|
||||||
uploaded_files: list = field(default_factory=list)
|
|
||||||
|
|
||||||
|
|
||||||
# ── Helpers ────────────────────────────────────────────────────────────── #
|
# ── Helpers ────────────────────────────────────────────────────────────── #
|
||||||
@@ -122,7 +78,7 @@ def _enforce_chat_privileges(request, sess) -> None:
|
|||||||
which means unrestricted allowed_models / zero cap -> no-op for them.
|
which means unrestricted allowed_models / zero cap -> no-op for them.
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
user = effective_user(request)
|
user = get_current_user(request)
|
||||||
except Exception:
|
except Exception:
|
||||||
user = None
|
user = None
|
||||||
if not user:
|
if not user:
|
||||||
@@ -203,9 +159,17 @@ async def auto_name_session(session_manager, sess):
|
|||||||
return
|
return
|
||||||
|
|
||||||
owner = getattr(sess, "owner", None)
|
owner = getattr(sess, "owner", None)
|
||||||
t_url, t_model, t_headers = resolve_task_endpoint(
|
t_url, t_model, t_headers = resolve_task_endpoint(owner=owner)
|
||||||
sess.endpoint_url, sess.model, sess.headers, owner=owner
|
if not t_model:
|
||||||
)
|
# If no task/utility model is configured at all, fall back to
|
||||||
|
# the session's own model so auto-naming still works even on
|
||||||
|
# minimal setups.
|
||||||
|
from src.endpoint_resolver import resolve_endpoint
|
||||||
|
_fallback = resolve_endpoint("default", owner=owner)
|
||||||
|
if _fallback and _fallback[1]:
|
||||||
|
t_url, t_model, t_headers = _fallback
|
||||||
|
else:
|
||||||
|
t_url, t_model, t_headers = sess.endpoint_url, sess.model, sess.headers
|
||||||
if not t_model:
|
if not t_model:
|
||||||
logger.debug("[auto-name] No model provided, skipping")
|
logger.debug("[auto-name] No model provided, skipping")
|
||||||
return
|
return
|
||||||
@@ -369,59 +333,6 @@ async def preprocess(
|
|||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def build_uploaded_file_manifest(att_ids: list, upload_handler, owner: Optional[str]) -> list[dict]:
|
|
||||||
"""Resolve current-turn upload IDs into a small tool-facing manifest.
|
|
||||||
|
|
||||||
The chat UI already sends attachment ids, and preprocessing inlines as much
|
|
||||||
text as fits. Agent mode still needs a discoverable bridge for files whose
|
|
||||||
content was truncated/omitted or when the model chooses file tools. Only
|
|
||||||
owner-authorized uploads are included, and paths must remain inside the
|
|
||||||
configured upload directory.
|
|
||||||
"""
|
|
||||||
if not att_ids or not upload_handler or not hasattr(upload_handler, "resolve_upload"):
|
|
||||||
return []
|
|
||||||
|
|
||||||
def _read_file_can_open(path: str) -> bool:
|
|
||||||
try:
|
|
||||||
from src.tool_execution import _resolve_tool_path
|
|
||||||
|
|
||||||
return _resolve_tool_path(path) == os.path.realpath(path)
|
|
||||||
except Exception:
|
|
||||||
return False
|
|
||||||
|
|
||||||
manifest: list[dict] = []
|
|
||||||
for att_id in att_ids:
|
|
||||||
try:
|
|
||||||
info = upload_handler.resolve_upload(str(att_id), owner=owner)
|
|
||||||
except Exception:
|
|
||||||
logger.debug("Failed to resolve upload %r for agent manifest", att_id, exc_info=True)
|
|
||||||
continue
|
|
||||||
if not isinstance(info, dict):
|
|
||||||
continue
|
|
||||||
|
|
||||||
path = info.get("path")
|
|
||||||
if path:
|
|
||||||
try:
|
|
||||||
inside = True
|
|
||||||
if hasattr(upload_handler, "_inside_upload_dir"):
|
|
||||||
inside = bool(upload_handler._inside_upload_dir(path))
|
|
||||||
elif hasattr(upload_handler, "inside_base_dir"):
|
|
||||||
inside = bool(upload_handler.inside_base_dir(path))
|
|
||||||
if not inside or not os.path.exists(path) or not _read_file_can_open(path):
|
|
||||||
path = None
|
|
||||||
except Exception:
|
|
||||||
path = None
|
|
||||||
|
|
||||||
manifest.append({
|
|
||||||
"id": info.get("id") or str(att_id),
|
|
||||||
"name": info.get("name") or info.get("original_name") or str(att_id),
|
|
||||||
"mime": info.get("mime", ""),
|
|
||||||
"size": info.get("size", 0),
|
|
||||||
"path": path,
|
|
||||||
})
|
|
||||||
return manifest
|
|
||||||
|
|
||||||
|
|
||||||
def add_user_message(sess, chat_handler, preprocessed: PreprocessedMessage, incognito: bool = False):
|
def add_user_message(sess, chat_handler, preprocessed: PreprocessedMessage, incognito: bool = False):
|
||||||
"""Add user message to session history and update session name.
|
"""Add user message to session history and update session name.
|
||||||
In incognito mode, still add to in-memory history (for conversation context)
|
In incognito mode, still add to in-memory history (for conversation context)
|
||||||
@@ -435,11 +346,11 @@ def add_user_message(sess, chat_handler, preprocessed: PreprocessedMessage, inco
|
|||||||
def fire_message_event(request, webhook_manager, session_id: str, sess, message: str, compare_mode: bool = False):
|
def fire_message_event(request, webhook_manager, session_id: str, sess, message: str, compare_mode: bool = False):
|
||||||
"""Fire webhook and event_bus events for a new user message."""
|
"""Fire webhook and event_bus events for a new user message."""
|
||||||
if webhook_manager and not compare_mode:
|
if webhook_manager and not compare_mode:
|
||||||
webhook_manager.fire_and_forget("chat.message", {
|
asyncio.create_task(webhook_manager.fire("chat.message", {
|
||||||
"session_id": session_id, "model": sess.model, "message": message[:2000],
|
"session_id": session_id, "model": sess.model, "message": message[:2000],
|
||||||
})
|
}))
|
||||||
from src.event_bus import fire_event
|
from src.event_bus import fire_event
|
||||||
user = effective_user(request)
|
user = get_current_user(request)
|
||||||
fire_event("message_sent", user)
|
fire_event("message_sent", user)
|
||||||
|
|
||||||
|
|
||||||
@@ -665,16 +576,9 @@ async def build_chat_context(
|
|||||||
if not incognito:
|
if not incognito:
|
||||||
fire_message_event(request, webhook_manager, session_id, sess, message, compare_mode)
|
fire_message_event(request, webhook_manager, session_id, sess, message, compare_mode)
|
||||||
|
|
||||||
# Resolve owner-scoped prefs/context. Browser requests keep the cookie user;
|
# Resolve user prefs
|
||||||
# bearer-token chat requests use the token owner instead of the "api" sentinel.
|
user = get_current_user(request)
|
||||||
user = effective_user(request)
|
|
||||||
uprefs = load_prefs_for_user(user)
|
uprefs = load_prefs_for_user(user)
|
||||||
uploaded_files = build_uploaded_file_manifest(
|
|
||||||
att_ids or [],
|
|
||||||
getattr(chat_handler, "upload_handler", None),
|
|
||||||
getattr(sess, "owner", None),
|
|
||||||
)
|
|
||||||
casual_low_signal = _is_casual_low_signal(message)
|
|
||||||
|
|
||||||
# Memory enabled?
|
# Memory enabled?
|
||||||
mem_enabled = not incognito and not no_memory and uprefs.get("memory_enabled", True)
|
mem_enabled = not incognito and not no_memory and uprefs.get("memory_enabled", True)
|
||||||
@@ -684,9 +588,6 @@ async def build_chat_context(
|
|||||||
if not allow_tool_preprocessing:
|
if not allow_tool_preprocessing:
|
||||||
mem_enabled = False
|
mem_enabled = False
|
||||||
skills_enabled = False
|
skills_enabled = False
|
||||||
if casual_low_signal:
|
|
||||||
mem_enabled = False
|
|
||||||
skills_enabled = False
|
|
||||||
logger.debug(
|
logger.debug(
|
||||||
"Memory enabled=%s for user=%s (incognito=%s, no_memory=%s, pref=%s)",
|
"Memory enabled=%s for user=%s (incognito=%s, no_memory=%s, pref=%s)",
|
||||||
mem_enabled, user, incognito, no_memory, uprefs.get("memory_enabled", "NOT_SET"),
|
mem_enabled, user, incognito, no_memory, uprefs.get("memory_enabled", "NOT_SET"),
|
||||||
@@ -702,11 +603,11 @@ async def build_chat_context(
|
|||||||
|
|
||||||
# Use RAG?
|
# Use RAG?
|
||||||
use_rag_val = (str(use_rag).lower() != "false") if use_rag is not None else True
|
use_rag_val = (str(use_rag).lower() != "false") if use_rag is not None else True
|
||||||
if incognito or not allow_tool_preprocessing or is_research_spinoff or casual_low_signal:
|
if incognito or not allow_tool_preprocessing or is_research_spinoff:
|
||||||
use_rag_val = False
|
use_rag_val = False
|
||||||
|
|
||||||
# If pre-fetched search context was provided (compare mode), skip live web search
|
# If pre-fetched search context was provided (compare mode), skip live web search
|
||||||
skip_web = bool(search_context) or not allow_tool_preprocessing or casual_low_signal
|
skip_web = bool(search_context) or not allow_tool_preprocessing
|
||||||
|
|
||||||
# Build context preface
|
# Build context preface
|
||||||
# The stream path uses enhanced_message (with CoT/preprocessing applied),
|
# The stream path uses enhanced_message (with CoT/preprocessing applied),
|
||||||
@@ -725,7 +626,7 @@ async def build_chat_context(
|
|||||||
incognito=incognito,
|
incognito=incognito,
|
||||||
use_skills=skills_enabled,
|
use_skills=skills_enabled,
|
||||||
)
|
)
|
||||||
if use_rag is not None or is_research_spinoff or casual_low_signal:
|
if use_rag is not None or is_research_spinoff:
|
||||||
_preface_kwargs["use_rag"] = use_rag_val
|
_preface_kwargs["use_rag"] = use_rag_val
|
||||||
preface, rag_sources, web_sources = chat_processor.build_context_preface(**_preface_kwargs)
|
preface, rag_sources, web_sources = chat_processor.build_context_preface(**_preface_kwargs)
|
||||||
|
|
||||||
@@ -733,7 +634,7 @@ async def build_chat_context(
|
|||||||
used_memories = getattr(chat_processor, '_last_used_memories', [])
|
used_memories = getattr(chat_processor, '_last_used_memories', [])
|
||||||
|
|
||||||
# Inject pre-fetched search context (compare mode)
|
# Inject pre-fetched search context (compare mode)
|
||||||
if search_context and allow_tool_preprocessing and not casual_low_signal:
|
if search_context and allow_tool_preprocessing:
|
||||||
preface.append(untrusted_context_message("prefetched search context", search_context))
|
preface.append(untrusted_context_message("prefetched search context", search_context))
|
||||||
|
|
||||||
# YouTube transcripts
|
# YouTube transcripts
|
||||||
@@ -792,7 +693,6 @@ async def build_chat_context(
|
|||||||
preset=preset,
|
preset=preset,
|
||||||
preprocessed=preprocessed,
|
preprocessed=preprocessed,
|
||||||
auto_opened_docs=auto_opened_docs,
|
auto_opened_docs=auto_opened_docs,
|
||||||
uploaded_files=uploaded_files,
|
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
@@ -1212,7 +1112,7 @@ def run_post_response_tasks(
|
|||||||
)))
|
)))
|
||||||
|
|
||||||
if _extraction_jobs:
|
if _extraction_jobs:
|
||||||
_spawn_bg(_run_extraction_jobs_sequentially(session_id, _extraction_jobs))
|
asyncio.create_task(_run_extraction_jobs_sequentially(session_id, _extraction_jobs))
|
||||||
|
|
||||||
# Token accumulation
|
# Token accumulation
|
||||||
if last_metrics:
|
if last_metrics:
|
||||||
@@ -1220,11 +1120,11 @@ def run_post_response_tasks(
|
|||||||
|
|
||||||
# Webhook
|
# Webhook
|
||||||
if webhook_manager and not compare_mode:
|
if webhook_manager and not compare_mode:
|
||||||
webhook_manager.fire_and_forget("chat.completed", {
|
asyncio.create_task(webhook_manager.fire("chat.completed", {
|
||||||
"session_id": session_id, "model": sess.model,
|
"session_id": session_id, "model": sess.model,
|
||||||
"user_message": message, "response": full_response[:2000],
|
"user_message": message, "response": full_response[:2000],
|
||||||
})
|
}))
|
||||||
|
|
||||||
# Auto-name
|
# Auto-name
|
||||||
if needs_auto_name(sess.name):
|
if needs_auto_name(sess.name):
|
||||||
_spawn_bg(auto_name_session(session_manager, sess))
|
asyncio.create_task(auto_name_session(session_manager, sess))
|
||||||
|
|||||||
+15
-34
@@ -23,13 +23,12 @@ from src.endpoint_resolver import normalize_base as _normalize_base, build_chat_
|
|||||||
from src.session_search import search_session_messages
|
from src.session_search import search_session_messages
|
||||||
from src.prompt_security import untrusted_context_message
|
from src.prompt_security import untrusted_context_message
|
||||||
from core.exceptions import SessionNotFoundError
|
from core.exceptions import SessionNotFoundError
|
||||||
from src.auth_helpers import effective_user, get_current_user
|
from src.auth_helpers import get_current_user
|
||||||
from routes.session_routes import _verify_session_owner
|
from routes.session_routes import _verify_session_owner
|
||||||
from routes.document_helpers import _owner_session_filter
|
from routes.document_helpers import _owner_session_filter
|
||||||
from core.database import SessionLocal, get_session_mode, set_session_mode
|
from core.database import SessionLocal, get_session_mode, set_session_mode
|
||||||
from core.database import Session as DBSession, ChatMessage as DBChatMessage
|
from core.database import Session as DBSession, ChatMessage as DBChatMessage
|
||||||
from core.database import Document as DBDocument, ModelEndpoint
|
from core.database import Document as DBDocument, ModelEndpoint
|
||||||
from core.log_safety import redact_url
|
|
||||||
from routes.research_routes import _resolve_research_endpoint
|
from routes.research_routes import _resolve_research_endpoint
|
||||||
from routes.model_routes import _visible_models
|
from routes.model_routes import _visible_models
|
||||||
from routes.chat_helpers import (
|
from routes.chat_helpers import (
|
||||||
@@ -127,8 +126,7 @@ def _clear_orphaned_session_endpoint(sess, owner: str | None = None) -> bool:
|
|||||||
sess.model = ""
|
sess.model = ""
|
||||||
sess.headers = {}
|
sess.headers = {}
|
||||||
return True
|
return True
|
||||||
except Exception as e:
|
except Exception:
|
||||||
logger.warning("Failed to clear orphaned session endpoint", exc_info=e)
|
|
||||||
db.rollback()
|
db.rollback()
|
||||||
return False
|
return False
|
||||||
finally:
|
finally:
|
||||||
@@ -146,8 +144,7 @@ def _endpoint_cache_contains_model(endpoint, model: str) -> bool:
|
|||||||
return True
|
return True
|
||||||
try:
|
try:
|
||||||
models = json.loads(raw) if isinstance(raw, str) else raw
|
models = json.loads(raw) if isinstance(raw, str) else raw
|
||||||
except Exception as e:
|
except Exception:
|
||||||
logger.warning("Failed to parse cached models list, treating as containing model", exc_info=e)
|
|
||||||
return True
|
return True
|
||||||
if not isinstance(models, list) or not models:
|
if not isinstance(models, list) or not models:
|
||||||
return True
|
return True
|
||||||
@@ -239,8 +236,7 @@ def _recover_empty_session_model(sess, session_id: str, owner: str | None = None
|
|||||||
is_chatgpt_subscription = False
|
is_chatgpt_subscription = False
|
||||||
try:
|
try:
|
||||||
cached = json.loads(ep.cached_models) if isinstance(ep.cached_models, str) else (ep.cached_models or [])
|
cached = json.loads(ep.cached_models) if isinstance(ep.cached_models, str) else (ep.cached_models or [])
|
||||||
except Exception as e:
|
except Exception:
|
||||||
logger.warning("Failed to parse cached_models for endpoint %r", getattr(ep, "id", "?"), exc_info=e)
|
|
||||||
cached = []
|
cached = []
|
||||||
if not cached:
|
if not cached:
|
||||||
visible = []
|
visible = []
|
||||||
@@ -364,7 +360,7 @@ def setup_chat_routes(
|
|||||||
sess = session_manager.get_session(session)
|
sess = session_manager.get_session(session)
|
||||||
except KeyError:
|
except KeyError:
|
||||||
raise HTTPException(404, f"Session '{session}' not found")
|
raise HTTPException(404, f"Session '{session}' not found")
|
||||||
owner = effective_user(request)
|
owner = get_current_user(request)
|
||||||
if _clear_orphaned_session_endpoint(sess, owner=owner):
|
if _clear_orphaned_session_endpoint(sess, owner=owner):
|
||||||
raise HTTPException(400, "Selected model endpoint was removed. Pick another model in Settings.")
|
raise HTTPException(400, "Selected model endpoint was removed. Pick another model in Settings.")
|
||||||
|
|
||||||
@@ -604,7 +600,7 @@ def setup_chat_routes(
|
|||||||
# but BEFORE loading. Prevents cross-user session hijack.
|
# but BEFORE loading. Prevents cross-user session hijack.
|
||||||
_verify_session_owner(request, session)
|
_verify_session_owner(request, session)
|
||||||
sess = session_manager.get_session(session)
|
sess = session_manager.get_session(session)
|
||||||
owner = effective_user(request)
|
owner = get_current_user(request)
|
||||||
if _clear_orphaned_session_endpoint(sess, owner=owner):
|
if _clear_orphaned_session_endpoint(sess, owner=owner):
|
||||||
raise HTTPException(400, "Selected model endpoint was removed. Pick another model in Settings.")
|
raise HTTPException(400, "Selected model endpoint was removed. Pick another model in Settings.")
|
||||||
# Issue #587: picker shows a model from the endpoint cache but
|
# Issue #587: picker shows a model from the endpoint cache but
|
||||||
@@ -635,7 +631,7 @@ def setup_chat_routes(
|
|||||||
_enforce_chat_privileges(request, sess)
|
_enforce_chat_privileges(request, sess)
|
||||||
|
|
||||||
# Ensure session has auth headers
|
# Ensure session has auth headers
|
||||||
resolve_session_auth(sess, session, owner=effective_user(request))
|
resolve_session_auth(sess, session, owner=get_current_user(request))
|
||||||
|
|
||||||
# Check for research_pending BEFORE mode persist overwrites it
|
# Check for research_pending BEFORE mode persist overwrites it
|
||||||
do_research = str(use_research).lower() == "true"
|
do_research = str(use_research).lower() == "true"
|
||||||
@@ -650,8 +646,8 @@ def setup_chat_routes(
|
|||||||
elif attachments:
|
elif attachments:
|
||||||
try:
|
try:
|
||||||
att_ids = [str(x) for x in json.loads(attachments)]
|
att_ids = [str(x) for x in json.loads(attachments)]
|
||||||
except Exception as e:
|
except Exception:
|
||||||
logger.warning("Failed to parse attachments JSON, ignoring attachments", exc_info=e)
|
pass
|
||||||
|
|
||||||
no_memory = str(form_data.get("no_memory", "")).lower() == "true"
|
no_memory = str(form_data.get("no_memory", "")).lower() == "true"
|
||||||
pre_context_tool_policy = build_effective_tool_policy(
|
pre_context_tool_policy = build_effective_tool_policy(
|
||||||
@@ -830,11 +826,7 @@ def setup_chat_routes(
|
|||||||
from src.settings import get_setting
|
from src.settings import get_setting
|
||||||
_global_disabled = get_setting("disabled_tools", [])
|
_global_disabled = get_setting("disabled_tools", [])
|
||||||
if _global_disabled and isinstance(_global_disabled, list):
|
if _global_disabled and isinstance(_global_disabled, list):
|
||||||
explicit_web_allowed = allow_web_search is not None and str(allow_web_search).lower() == "true"
|
disabled_tools.update(_global_disabled)
|
||||||
if explicit_web_allowed:
|
|
||||||
disabled_tools.update(t for t in _global_disabled if t not in {"web_search", "web_fetch"})
|
|
||||||
else:
|
|
||||||
disabled_tools.update(_global_disabled)
|
|
||||||
|
|
||||||
# Light auto-escalation: the user is in chat mode and just expressed a
|
# Light auto-escalation: the user is in chat mode and just expressed a
|
||||||
# notes/calendar/email intent. Grant the relevant managers but withhold
|
# notes/calendar/email intent. Grant the relevant managers but withhold
|
||||||
@@ -931,7 +923,7 @@ def setup_chat_routes(
|
|||||||
if effective_do_research:
|
if effective_do_research:
|
||||||
_r_ep, _r_model, _r_headers = _resolve_research_endpoint(sess)
|
_r_ep, _r_model, _r_headers = _resolve_research_endpoint(sess)
|
||||||
_auth_keys = list(_r_headers.keys()) if _r_headers else []
|
_auth_keys = list(_r_headers.keys()) if _r_headers else []
|
||||||
logger.info(f"Research endpoint resolved: model={_r_model}, endpoint={redact_url(_r_ep)}, auth_keys={_auth_keys}, sess_headers_keys={list(sess.headers.keys()) if isinstance(sess.headers, dict) else type(sess.headers)}")
|
logger.info(f"Research endpoint resolved: model={_r_model}, endpoint={_r_ep}, auth_keys={_auth_keys}, sess_headers_keys={list(sess.headers.keys()) if isinstance(sess.headers, dict) else type(sess.headers)}")
|
||||||
|
|
||||||
# Clarification round: only for very short/vague queries on first research message.
|
# Clarification round: only for very short/vague queries on first research message.
|
||||||
# Skip in compare mode — each pane is a fresh session, so every one would
|
# Skip in compare mode — each pane is a fresh session, so every one would
|
||||||
@@ -1255,14 +1247,7 @@ def setup_chat_routes(
|
|||||||
try:
|
try:
|
||||||
from src.settings import get_setting
|
from src.settings import get_setting
|
||||||
from src.agent_tools import MAX_AGENT_ROUNDS as _DEFAULT_ROUNDS
|
from src.agent_tools import MAX_AGENT_ROUNDS as _DEFAULT_ROUNDS
|
||||||
# Per-message tool budget from settings; guard defensively in
|
_tool_budget = int(get_setting("agent_max_tool_calls", 0))
|
||||||
# case settings.json was hand-edited to a non-numeric value
|
|
||||||
# (the HTTP admin endpoint validates, but direct edits bypass
|
|
||||||
# it). 0 = unlimited, matching auth_routes set_settings().
|
|
||||||
try:
|
|
||||||
_tool_budget = int(get_setting("agent_max_tool_calls", 0))
|
|
||||||
except (TypeError, ValueError):
|
|
||||||
_tool_budget = 0
|
|
||||||
# Per-message round cap from settings; clamp defensively in
|
# Per-message round cap from settings; clamp defensively in
|
||||||
# case settings.json was hand-edited to a bad value.
|
# case settings.json was hand-edited to a bad value.
|
||||||
try:
|
try:
|
||||||
@@ -1271,10 +1256,6 @@ def setup_chat_routes(
|
|||||||
_max_rounds = _DEFAULT_ROUNDS
|
_max_rounds = _DEFAULT_ROUNDS
|
||||||
_max_rounds = max(1, min(_max_rounds, 200))
|
_max_rounds = max(1, min(_max_rounds, 200))
|
||||||
|
|
||||||
_forced_tools = None
|
|
||||||
if allow_web_search is not None and str(allow_web_search).lower() == "true":
|
|
||||||
_forced_tools = {"web_search", "web_fetch"}
|
|
||||||
|
|
||||||
async for chunk in stream_agent_loop(
|
async for chunk in stream_agent_loop(
|
||||||
sess.endpoint_url,
|
sess.endpoint_url,
|
||||||
sess.model,
|
sess.model,
|
||||||
@@ -1296,8 +1277,6 @@ def setup_chat_routes(
|
|||||||
plan_mode=plan_mode,
|
plan_mode=plan_mode,
|
||||||
approved_plan=approved_plan or None,
|
approved_plan=approved_plan or None,
|
||||||
workspace=workspace or None,
|
workspace=workspace or None,
|
||||||
forced_tools=_forced_tools,
|
|
||||||
uploaded_files=ctx.uploaded_files,
|
|
||||||
):
|
):
|
||||||
if chunk.startswith("data: ") and not chunk.startswith("data: [DONE]"):
|
if chunk.startswith("data: ") and not chunk.startswith("data: [DONE]"):
|
||||||
try:
|
try:
|
||||||
@@ -1318,6 +1297,8 @@ def setup_chat_routes(
|
|||||||
"doc_stream_open", "doc_stream_delta",
|
"doc_stream_open", "doc_stream_delta",
|
||||||
"doc_update", "doc_suggestions", "ui_control",
|
"doc_update", "doc_suggestions", "ui_control",
|
||||||
"rounds_exhausted",
|
"rounds_exhausted",
|
||||||
|
"loop_breaker_triggered",
|
||||||
|
"intent_nudge_exhausted",
|
||||||
"ask_user",
|
"ask_user",
|
||||||
"plan_update",
|
"plan_update",
|
||||||
):
|
):
|
||||||
@@ -1503,7 +1484,7 @@ def setup_chat_routes(
|
|||||||
if not q or not q.strip():
|
if not q or not q.strip():
|
||||||
return []
|
return []
|
||||||
|
|
||||||
_user = effective_user(request)
|
_user = get_current_user(request)
|
||||||
return [
|
return [
|
||||||
result.to_dict()
|
result.to_dict()
|
||||||
for result in search_session_messages(
|
for result in search_session_messages(
|
||||||
|
|||||||
+13
-55
@@ -15,7 +15,6 @@ from typing import Any
|
|||||||
from fastapi import APIRouter, BackgroundTasks, Body, HTTPException, Request
|
from fastapi import APIRouter, BackgroundTasks, Body, HTTPException, Request
|
||||||
from fastapi.responses import StreamingResponse
|
from fastapi.responses import StreamingResponse
|
||||||
|
|
||||||
from core.middleware import require_admin
|
|
||||||
from src.auth_helpers import require_authenticated_request, require_user
|
from src.auth_helpers import require_authenticated_request, require_user
|
||||||
from src.tool_implementations import do_manage_notes
|
from src.tool_implementations import do_manage_notes
|
||||||
from src.constants import COOKBOOK_STATE_FILE
|
from src.constants import COOKBOOK_STATE_FILE
|
||||||
@@ -47,12 +46,8 @@ def _ssh_prefix_for_task(task: dict) -> tuple[str, str]:
|
|||||||
shell metacharacters in ``remoteHost`` is rejected with 400 rather than
|
shell metacharacters in ``remoteHost`` is rejected with 400 rather than
|
||||||
injected.
|
injected.
|
||||||
"""
|
"""
|
||||||
raw_host = task.get("remoteHost")
|
host = validate_remote_host((task.get("remoteHost") or "").strip() or None) or ""
|
||||||
raw_port = task.get("sshPort")
|
ssh_port = validate_ssh_port((task.get("sshPort") or "").strip() or None) or ""
|
||||||
host_value = str(raw_host).strip() if raw_host is not None else None
|
|
||||||
port_value = str(raw_port).strip() if raw_port is not None else None
|
|
||||||
host = validate_remote_host(host_value or None) or ""
|
|
||||||
ssh_port = validate_ssh_port(port_value or None) or ""
|
|
||||||
port_flag = f"-p {ssh_port} " if ssh_port and ssh_port != "22" else ""
|
port_flag = f"-p {ssh_port} " if ssh_port and ssh_port != "22" else ""
|
||||||
return host, port_flag
|
return host, port_flag
|
||||||
|
|
||||||
@@ -110,20 +105,6 @@ def _scope_owner_all(request: Request, required: set[str]) -> str:
|
|||||||
return require_user(request)
|
return require_user(request)
|
||||||
|
|
||||||
|
|
||||||
def _require_cookbook_scope(request: Request, allowed: set[str]) -> str:
|
|
||||||
"""Authorize a Codex cookbook route.
|
|
||||||
|
|
||||||
For API-token callers, enforce the given scope set.
|
|
||||||
For cookie-session callers, additionally require admin privileges
|
|
||||||
because cookbook surfaces expose host topology, task logs, tmux
|
|
||||||
commands, and model-serving controls.
|
|
||||||
"""
|
|
||||||
owner = _scope_owner(request, allowed)
|
|
||||||
if not getattr(request.state, "api_token", False):
|
|
||||||
require_admin(request)
|
|
||||||
return owner
|
|
||||||
|
|
||||||
|
|
||||||
def _find_endpoint(router: APIRouter | None, method: str, path: str):
|
def _find_endpoint(router: APIRouter | None, method: str, path: str):
|
||||||
if router is None:
|
if router is None:
|
||||||
return None
|
return None
|
||||||
@@ -133,18 +114,6 @@ def _find_endpoint(router: APIRouter | None, method: str, path: str):
|
|||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
||||||
def _clamp_pagination(offset: Any, limit: Any, *, default_limit: int = 50, max_limit: int = 50) -> tuple[int, int]:
|
|
||||||
try:
|
|
||||||
parsed_offset = int(0 if offset in (None, "") else offset)
|
|
||||||
except (TypeError, ValueError):
|
|
||||||
raise HTTPException(400, "Invalid offset")
|
|
||||||
try:
|
|
||||||
parsed_limit = int(default_limit if limit in (None, "") else limit)
|
|
||||||
except (TypeError, ValueError):
|
|
||||||
raise HTTPException(400, "Invalid limit")
|
|
||||||
return max(0, parsed_offset), max(1, min(parsed_limit, max_limit))
|
|
||||||
|
|
||||||
|
|
||||||
def setup_codex_routes(
|
def setup_codex_routes(
|
||||||
email_router: APIRouter | None = None,
|
email_router: APIRouter | None = None,
|
||||||
memory_router: APIRouter | None = None,
|
memory_router: APIRouter | None = None,
|
||||||
@@ -337,10 +306,7 @@ def setup_codex_routes(
|
|||||||
|
|
||||||
@router.post("/emails/draft-document")
|
@router.post("/emails/draft-document")
|
||||||
async def codex_email_draft_document(request: Request, body: dict[str, Any] = Body(default_factory=dict)):
|
async def codex_email_draft_document(request: Request, body: dict[str, Any] = Body(default_factory=dict)):
|
||||||
owner = _scope_owner(request, EMAIL_DRAFT_SCOPES)
|
owner = _scope_owner_all(request, {"email:draft", "documents:write"})
|
||||||
docs_owner = _scope_owner_all(request, DOCS_WRITE_SCOPES)
|
|
||||||
if docs_owner != owner:
|
|
||||||
raise HTTPException(403, "API token owner mismatch")
|
|
||||||
if documents_create_endpoint is None:
|
if documents_create_endpoint is None:
|
||||||
raise HTTPException(503, "Documents integration is not available")
|
raise HTTPException(503, "Documents integration is not available")
|
||||||
from routes.document_routes import DocumentCreate
|
from routes.document_routes import DocumentCreate
|
||||||
@@ -452,18 +418,10 @@ def setup_codex_routes(
|
|||||||
owner = _scope_owner(request, DOCS_READ_SCOPES)
|
owner = _scope_owner(request, DOCS_READ_SCOPES)
|
||||||
if documents_library_endpoint is None:
|
if documents_library_endpoint is None:
|
||||||
raise HTTPException(503, "Documents integration is not available")
|
raise HTTPException(503, "Documents integration is not available")
|
||||||
offset, limit = _clamp_pagination(offset, limit)
|
return await _as_owner(
|
||||||
result = await _as_owner(
|
|
||||||
request, owner, documents_library_endpoint,
|
request, owner, documents_library_endpoint,
|
||||||
request, search, language, sort, offset, limit, archived,
|
request, search, language, sort, offset, limit, archived,
|
||||||
)
|
)
|
||||||
if isinstance(result, dict):
|
|
||||||
docs = result.get("documents")
|
|
||||||
total = result.get("total")
|
|
||||||
if isinstance(docs, list) and isinstance(total, int):
|
|
||||||
next_offset = offset + len(docs)
|
|
||||||
result["next_offset"] = next_offset if next_offset < total else None
|
|
||||||
return result
|
|
||||||
|
|
||||||
@router.get("/documents/{doc_id}")
|
@router.get("/documents/{doc_id}")
|
||||||
async def codex_documents_get(request: Request, doc_id: str):
|
async def codex_documents_get(request: Request, doc_id: str):
|
||||||
@@ -567,14 +525,14 @@ def setup_codex_routes(
|
|||||||
|
|
||||||
@router.get("/cookbook/tasks")
|
@router.get("/cookbook/tasks")
|
||||||
async def codex_cookbook_tasks(request: Request):
|
async def codex_cookbook_tasks(request: Request):
|
||||||
_require_cookbook_scope(request, COOKBOOK_READ_SCOPES)
|
_scope_owner(request, COOKBOOK_READ_SCOPES)
|
||||||
state = _read_cookbook_state()
|
state = _read_cookbook_state()
|
||||||
tasks = state.get("tasks") or []
|
tasks = state.get("tasks") or []
|
||||||
return {"tasks": [_redact_task(t) for t in tasks]}
|
return {"tasks": [_redact_task(t) for t in tasks]}
|
||||||
|
|
||||||
@router.get("/cookbook/servers")
|
@router.get("/cookbook/servers")
|
||||||
async def codex_cookbook_servers(request: Request):
|
async def codex_cookbook_servers(request: Request):
|
||||||
_require_cookbook_scope(request, COOKBOOK_READ_SCOPES)
|
_scope_owner(request, COOKBOOK_READ_SCOPES)
|
||||||
state = _read_cookbook_state()
|
state = _read_cookbook_state()
|
||||||
servers = state.get("env", {}).get("servers") or []
|
servers = state.get("env", {}).get("servers") or []
|
||||||
# Strip ssh creds / passwords; keep only what's needed to pick a host.
|
# Strip ssh creds / passwords; keep only what's needed to pick a host.
|
||||||
@@ -593,7 +551,7 @@ def setup_codex_routes(
|
|||||||
|
|
||||||
@router.get("/cookbook/output/{session_id}")
|
@router.get("/cookbook/output/{session_id}")
|
||||||
async def codex_cookbook_output(request: Request, session_id: str, tail: int = 400):
|
async def codex_cookbook_output(request: Request, session_id: str, tail: int = 400):
|
||||||
_require_cookbook_scope(request, COOKBOOK_READ_SCOPES)
|
_scope_owner(request, COOKBOOK_READ_SCOPES)
|
||||||
# Defensive: session_id must be the tmux-style id we issue
|
# Defensive: session_id must be the tmux-style id we issue
|
||||||
# (`serve-XXXX` / `cookbook-XXXX` / `queue-XXXX`); anything else
|
# (`serve-XXXX` / `cookbook-XXXX` / `queue-XXXX`); anything else
|
||||||
# would let the agent run arbitrary `tmux capture-pane` targets.
|
# would let the agent run arbitrary `tmux capture-pane` targets.
|
||||||
@@ -635,7 +593,7 @@ def setup_codex_routes(
|
|||||||
|
|
||||||
@router.post("/cookbook/serve")
|
@router.post("/cookbook/serve")
|
||||||
async def codex_cookbook_serve(request: Request, body: dict[str, Any] = Body(default_factory=dict)):
|
async def codex_cookbook_serve(request: Request, body: dict[str, Any] = Body(default_factory=dict)):
|
||||||
_require_cookbook_scope(request, COOKBOOK_LAUNCH_SCOPES)
|
_scope_owner(request, COOKBOOK_LAUNCH_SCOPES)
|
||||||
# Wraps /api/model/serve with the SAME validation the UI uses.
|
# Wraps /api/model/serve with the SAME validation the UI uses.
|
||||||
# _validate_serve_cmd (called inside model_serve) rejects shell
|
# _validate_serve_cmd (called inside model_serve) rejects shell
|
||||||
# metachars and requires the leading binary to be in the
|
# metachars and requires the leading binary to be in the
|
||||||
@@ -674,7 +632,7 @@ def setup_codex_routes(
|
|||||||
|
|
||||||
@router.post("/cookbook/stop/{session_id}")
|
@router.post("/cookbook/stop/{session_id}")
|
||||||
async def codex_cookbook_stop(request: Request, session_id: str):
|
async def codex_cookbook_stop(request: Request, session_id: str):
|
||||||
_require_cookbook_scope(request, COOKBOOK_LAUNCH_SCOPES)
|
_scope_owner(request, COOKBOOK_LAUNCH_SCOPES)
|
||||||
import re as _re
|
import re as _re
|
||||||
if not _re.fullmatch(r"[a-zA-Z0-9_-]+", session_id):
|
if not _re.fullmatch(r"[a-zA-Z0-9_-]+", session_id):
|
||||||
raise HTTPException(400, "Invalid session id")
|
raise HTTPException(400, "Invalid session id")
|
||||||
@@ -694,7 +652,7 @@ def setup_codex_routes(
|
|||||||
"""List cached models on a configured server (or local if host is omitted).
|
"""List cached models on a configured server (or local if host is omitted).
|
||||||
Mirrors `list_cached_models` from the chat agent so external agents have
|
Mirrors `list_cached_models` from the chat agent so external agents have
|
||||||
the same inventory view before deciding what to serve/download."""
|
the same inventory view before deciding what to serve/download."""
|
||||||
_require_cookbook_scope(request, COOKBOOK_READ_SCOPES)
|
_scope_owner(request, COOKBOOK_READ_SCOPES)
|
||||||
# Hit /api/model/cached internally, with the same modelDirs the chat
|
# Hit /api/model/cached internally, with the same modelDirs the chat
|
||||||
# agent's list_cached_models would resolve from cookbook state.
|
# agent's list_cached_models would resolve from cookbook state.
|
||||||
state = _read_cookbook_state()
|
state = _read_cookbook_state()
|
||||||
@@ -756,7 +714,7 @@ def setup_codex_routes(
|
|||||||
"""List saved serve presets (model + host + port + launch cmd).
|
"""List saved serve presets (model + host + port + launch cmd).
|
||||||
Counterpart to `list_serve_presets`. Use BEFORE composing a `serve`
|
Counterpart to `list_serve_presets`. Use BEFORE composing a `serve`
|
||||||
body — the user's saved preset usually has the working cmd already."""
|
body — the user's saved preset usually has the working cmd already."""
|
||||||
_require_cookbook_scope(request, COOKBOOK_READ_SCOPES)
|
_scope_owner(request, COOKBOOK_READ_SCOPES)
|
||||||
state = _read_cookbook_state()
|
state = _read_cookbook_state()
|
||||||
presets = state.get("presets") or []
|
presets = state.get("presets") or []
|
||||||
out = []
|
out = []
|
||||||
@@ -776,7 +734,7 @@ def setup_codex_routes(
|
|||||||
async def codex_cookbook_serve_preset(request: Request, name: str):
|
async def codex_cookbook_serve_preset(request: Request, name: str):
|
||||||
"""Launch a saved preset by name. Reuses the working cmd + host the
|
"""Launch a saved preset by name. Reuses the working cmd + host the
|
||||||
user already saved, avoiding the cmd-allowlist trial-and-error loop."""
|
user already saved, avoiding the cmd-allowlist trial-and-error loop."""
|
||||||
_require_cookbook_scope(request, COOKBOOK_LAUNCH_SCOPES)
|
_scope_owner(request, COOKBOOK_LAUNCH_SCOPES)
|
||||||
import re as _re
|
import re as _re
|
||||||
if not _re.fullmatch(r"[A-Za-z0-9 _.:@\-]+", name):
|
if not _re.fullmatch(r"[A-Za-z0-9 _.:@\-]+", name):
|
||||||
raise HTTPException(400, "Invalid preset name")
|
raise HTTPException(400, "Invalid preset name")
|
||||||
@@ -828,7 +786,7 @@ def setup_codex_routes(
|
|||||||
cookbook tracking. Needed when serve_model rejects a cmd and the
|
cookbook tracking. Needed when serve_model rejects a cmd and the
|
||||||
agent falls back to direct ssh — without adoption the session is
|
agent falls back to direct ssh — without adoption the session is
|
||||||
invisible to the UI. Body: {tmux_session, model, host?, port?}."""
|
invisible to the UI. Body: {tmux_session, model, host?, port?}."""
|
||||||
_require_cookbook_scope(request, COOKBOOK_LAUNCH_SCOPES)
|
_scope_owner(request, COOKBOOK_LAUNCH_SCOPES)
|
||||||
norm = dict(body or {})
|
norm = dict(body or {})
|
||||||
sess = (norm.get("tmux_session") or norm.get("session_id") or "").strip()
|
sess = (norm.get("tmux_session") or norm.get("session_id") or "").strip()
|
||||||
model = (norm.get("model") or norm.get("repo_id") or "").strip()
|
model = (norm.get("model") or norm.get("repo_id") or "").strip()
|
||||||
|
|||||||
@@ -18,7 +18,6 @@ from pathlib import Path
|
|||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
from urllib.parse import urljoin, urlparse, urlunparse
|
from urllib.parse import urljoin, urlparse, urlunparse
|
||||||
|
|
||||||
from core.log_safety import redact_url
|
|
||||||
from fastapi import APIRouter, Query, Depends, Response, HTTPException
|
from fastapi import APIRouter, Query, Depends, Response, HTTPException
|
||||||
from typing import List, Dict, Optional
|
from typing import List, Dict, Optional
|
||||||
|
|
||||||
@@ -150,14 +149,6 @@ def _vunesc(value: str) -> str:
|
|||||||
|
|
||||||
def _parse_vcards(text: str) -> List[Dict]:
|
def _parse_vcards(text: str) -> List[Dict]:
|
||||||
"""Parse a stream of vCards into dicts with name, email, phone."""
|
"""Parse a stream of vCards into dicts with name, email, phone."""
|
||||||
# Unfold RFC 6350 3.2 line folding first: a CRLF/LF followed by a single
|
|
||||||
# space or tab is a continuation of the previous logical line. Real
|
|
||||||
# CardDAV servers (Radicale, iCloud, Apple/Google) fold long EMAIL / FN /
|
|
||||||
# PHOTO lines, and splitting on raw newlines without unfolding dropped the
|
|
||||||
# continuation (e.g. "...@example\n .com" lost the ".com"), truncating the
|
|
||||||
# email/name.
|
|
||||||
text = re.sub(r"\r\n[ \t]", "", text or "")
|
|
||||||
text = re.sub(r"\n[ \t]", "", text)
|
|
||||||
contacts = []
|
contacts = []
|
||||||
for block in re.split(r"BEGIN:VCARD", text):
|
for block in re.split(r"BEGIN:VCARD", text):
|
||||||
if not block.strip():
|
if not block.strip():
|
||||||
@@ -698,24 +689,15 @@ def _delete_contact(uid: str) -> bool:
|
|||||||
url = _resolve_resource_url(uid)
|
url = _resolve_resource_url(uid)
|
||||||
auth = (cfg["username"], cfg["password"]) if cfg["username"] else None
|
auth = (cfg["username"], cfg["password"]) if cfg["username"] else None
|
||||||
r = httpx.delete(url, auth=auth, timeout=10)
|
r = httpx.delete(url, auth=auth, timeout=10)
|
||||||
if r.status_code in (200, 204, 404):
|
if r.status_code in (200, 204):
|
||||||
# Invalidate cache so the next fetch sees the server truth.
|
_contact_cache["fetched_at"] = None
|
||||||
|
return True
|
||||||
|
if r.status_code == 404:
|
||||||
|
# Resource not found at the resolved URL. With href resolution
|
||||||
|
# this should be rare (genuinely already deleted). Invalidate
|
||||||
|
# the cache and report success so the UI doesn't keep a ghost.
|
||||||
|
logger.info(f"CardDAV DELETE 404 for {uid} — treating as already gone")
|
||||||
_contact_cache["fetched_at"] = None
|
_contact_cache["fetched_at"] = None
|
||||||
# Verify: force a fresh fetch and check the UID is actually gone.
|
|
||||||
# A 404 on the guessed URL ({uid}.vcf) can mean the contact
|
|
||||||
# lives at a different resource URL — the DELETE missed it but
|
|
||||||
# we'd silently report success. This check catches that.
|
|
||||||
fresh = _fetch_contacts(force=True)
|
|
||||||
still_there = any(c.get("uid") == uid for c in fresh)
|
|
||||||
if still_there:
|
|
||||||
logger.warning(
|
|
||||||
f"CardDAV DELETE reported success for {uid} "
|
|
||||||
f"but UID still present after re-fetch — "
|
|
||||||
f"resource URL may differ from {redact_url(url)}"
|
|
||||||
)
|
|
||||||
return False
|
|
||||||
if r.status_code == 404:
|
|
||||||
logger.info(f"CardDAV DELETE 404 for {uid} — already gone")
|
|
||||||
return True
|
return True
|
||||||
logger.warning(f"CardDAV DELETE returned {r.status_code}: {r.text[:200]}")
|
logger.warning(f"CardDAV DELETE returned {r.status_code}: {r.text[:200]}")
|
||||||
return False
|
return False
|
||||||
|
|||||||
+19
-183
@@ -505,8 +505,6 @@ def _cached_model_scan_script(model_dirs: list[str] | None = None, add_hf_cache:
|
|||||||
" if u.startswith('KB'): return int(n * 1024)",
|
" if u.startswith('KB'): return int(n * 1024)",
|
||||||
" return int(n)",
|
" return int(n)",
|
||||||
"def scan_ollama():",
|
"def scan_ollama():",
|
||||||
" if any(m.get('is_ollama') for m in models): return",
|
|
||||||
" if os.name == 'nt' and not os.environ.get('ODYSSEUS_ALLOW_OLLAMA_CLI_SCAN'): return",
|
|
||||||
" if not shutil.which('ollama'): return",
|
" if not shutil.which('ollama'): return",
|
||||||
" try:",
|
" try:",
|
||||||
" p = subprocess.run(['ollama', 'list'], stdout=subprocess.PIPE, stderr=subprocess.DEVNULL, text=True, timeout=6)",
|
" p = subprocess.run(['ollama', 'list'], stdout=subprocess.PIPE, stderr=subprocess.DEVNULL, text=True, timeout=6)",
|
||||||
@@ -537,8 +535,8 @@ def _cached_model_scan_script(model_dirs: list[str] | None = None, add_hf_cache:
|
|||||||
" models.append({'repo_id':name,'size_bytes':size_bytes,'nb_files':1,'has_incomplete':False,'path':'ollama','backend':'ollama','is_ollama':True})",
|
" models.append({'repo_id':name,'size_bytes':size_bytes,'nb_files':1,'has_incomplete':False,'path':'ollama','backend':'ollama','is_ollama':True})",
|
||||||
" return",
|
" return",
|
||||||
"for _hf_cache in hf_cache_paths(): scan_hf(_hf_cache)",
|
"for _hf_cache in hf_cache_paths(): scan_hf(_hf_cache)",
|
||||||
"scan_ollama_api()",
|
|
||||||
"scan_ollama()",
|
"scan_ollama()",
|
||||||
|
"scan_ollama_api()",
|
||||||
]
|
]
|
||||||
for model_dir in model_dirs or []:
|
for model_dir in model_dirs or []:
|
||||||
lines.append(f"scan_dir(os.path.expanduser({model_dir!r}))")
|
lines.append(f"scan_dir(os.path.expanduser({model_dir!r}))")
|
||||||
@@ -561,7 +559,7 @@ def _bash_squote(v: str) -> str:
|
|||||||
# Allow-list of binaries permitted as the leading token of `req.cmd` for /api/model/serve.
|
# Allow-list of binaries permitted as the leading token of `req.cmd` for /api/model/serve.
|
||||||
# Anything else is rejected before the cmd is interpolated into a tmux/PowerShell wrapper.
|
# Anything else is rejected before the cmd is interpolated into a tmux/PowerShell wrapper.
|
||||||
_SERVE_CMD_ALLOWLIST = {
|
_SERVE_CMD_ALLOWLIST = {
|
||||||
"vllm", "llama-server", "llama-server.exe", "llama_server", "llama.cpp", "ollama",
|
"vllm", "llama-server", "llama_server", "llama.cpp", "ollama",
|
||||||
"python", "python3",
|
"python", "python3",
|
||||||
"sglang", "lmdeploy",
|
"sglang", "lmdeploy",
|
||||||
"node", "npx",
|
"node", "npx",
|
||||||
@@ -786,149 +784,25 @@ def _append_llama_cpp_linux_accel_build_lines(runner_lines: list[str]) -> None:
|
|||||||
to hard-wire CUDA on Linux. That made ROCm hosts attempt a CUDA configure and
|
to hard-wire CUDA on Linux. That made ROCm hosts attempt a CUDA configure and
|
||||||
fail with "CUDA Toolkit not found" instead of building with HIP.
|
fail with "CUDA Toolkit not found" instead of building with HIP.
|
||||||
"""
|
"""
|
||||||
# Try a prebuilt binary from llama.cpp's GitHub releases FIRST — no
|
|
||||||
# cmake/build-essential/git/CUDA-headers needed at all. The from-source
|
|
||||||
# build below stays as a fallback (custom flags, esoteric arch, no
|
|
||||||
# internet, etc). 30 seconds vs 5+ minutes of compile, and removes
|
|
||||||
# every OS-package dep from the launch path. Sets _odysseus_have_prebuilt=1
|
|
||||||
# on success; the existing build-tier if/elif chain below is gated on
|
|
||||||
# that variable so we never compile twice or shadow the prebuilt symlink.
|
|
||||||
runner_lines.append(' _odysseus_have_prebuilt=""')
|
|
||||||
runner_lines.append(' _odysseus_arch="$(uname -m)"')
|
|
||||||
runner_lines.append(' _odysseus_prebuilt_url=""')
|
|
||||||
runner_lines.append(' if command -v curl >/dev/null 2>&1 && [ "$_odysseus_arch" = "x86_64" ]; then')
|
|
||||||
runner_lines.append(' _odysseus_pat=""')
|
|
||||||
runner_lines.append(' _odysseus_has_nv_inline() { command -v nvidia-smi >/dev/null 2>&1 && nvidia-smi -L 2>/dev/null | grep -q "GPU "; }')
|
|
||||||
runner_lines.append(' _odysseus_has_vk_inline() { ldconfig -p 2>/dev/null | grep -q "libvulkan\\.so" || command -v vulkaninfo >/dev/null 2>&1 || [ -e /usr/lib/x86_64-linux-gnu/libvulkan.so.1 ]; }')
|
|
||||||
runner_lines.append(' _odysseus_has_vkdev_inline() { ls /dev/dri/renderD* >/dev/null 2>&1 || (lspci 2>/dev/null | grep -Ei \'VGA|3D|Display\' | grep -Eiq \'AMD|ATI|Radeon\'); }')
|
|
||||||
runner_lines.append(' if _odysseus_has_nv_inline; then')
|
|
||||||
runner_lines.append(' _odysseus_pat="ubuntu.*cuda"')
|
|
||||||
runner_lines.append(' elif _odysseus_has_vkdev_inline && _odysseus_has_vk_inline; then')
|
|
||||||
runner_lines.append(' _odysseus_pat="ubuntu.*vulkan"')
|
|
||||||
runner_lines.append(' else')
|
|
||||||
runner_lines.append(' _odysseus_pat="ubuntu-x64\\\\.zip"')
|
|
||||||
runner_lines.append(' fi')
|
|
||||||
runner_lines.append(' _odysseus_prebuilt_url="$(curl -fsSL --max-time 15 https://api.github.com/repos/ggml-org/llama.cpp/releases/latest 2>/dev/null | grep \'"browser_download_url"\' | cut -d\'"\' -f4 | grep -iE "$_odysseus_pat" | grep -iv "arm\\|aarch64" | head -1)"')
|
|
||||||
runner_lines.append(' fi')
|
|
||||||
# Accept any of unzip / bsdtar / python3 -m zipfile as the extractor.
|
|
||||||
# python3 is essentially always present on modern Linux, so this lets
|
|
||||||
# the prebuilt path work on minimal Ubuntu installs that lack `unzip`.
|
|
||||||
runner_lines.append(' if [ -n "$_odysseus_prebuilt_url" ] && (command -v unzip >/dev/null 2>&1 || command -v bsdtar >/dev/null 2>&1 || command -v python3 >/dev/null 2>&1); then')
|
|
||||||
runner_lines.append(' echo "[odysseus] Found prebuilt llama-server: $_odysseus_prebuilt_url"')
|
|
||||||
runner_lines.append(' mkdir -p ~/bin "$HOME/.cache/odysseus/llama-cpp-prebuilt" && cd "$HOME/.cache/odysseus/llama-cpp-prebuilt"')
|
|
||||||
runner_lines.append(' rm -f llama-cpp.zip')
|
|
||||||
runner_lines.append(' if curl -fsSL --max-time 120 "$_odysseus_prebuilt_url" -o llama-cpp.zip && [ -s llama-cpp.zip ]; then')
|
|
||||||
runner_lines.append(' rm -rf build && mkdir -p build')
|
|
||||||
runner_lines.append(' if command -v unzip >/dev/null 2>&1; then unzip -qq -o llama-cpp.zip -d build; elif command -v bsdtar >/dev/null 2>&1; then bsdtar -xf llama-cpp.zip -C build; else python3 -c "import zipfile; zipfile.ZipFile(\\"llama-cpp.zip\\").extractall(\\"build\\")"; fi')
|
|
||||||
runner_lines.append(' _odysseus_extracted="$(find build -type f -name llama-server 2>/dev/null | head -1)"')
|
|
||||||
runner_lines.append(' if [ -n "$_odysseus_extracted" ]; then')
|
|
||||||
runner_lines.append(' chmod +x "$_odysseus_extracted"')
|
|
||||||
runner_lines.append(' ln -sf "$_odysseus_extracted" ~/bin/llama-server')
|
|
||||||
runner_lines.append(' _odysseus_libdir="$(dirname "$_odysseus_extracted")"')
|
|
||||||
runner_lines.append(' mkdir -p ~/.config && echo "export LD_LIBRARY_PATH=\\"$_odysseus_libdir:\\${LD_LIBRARY_PATH:-}\\"" > ~/.config/odysseus-llama-cpp-env')
|
|
||||||
runner_lines.append(' _odysseus_have_prebuilt=1')
|
|
||||||
runner_lines.append(' echo "[odysseus] Prebuilt llama-server installed at $_odysseus_extracted"')
|
|
||||||
runner_lines.append(' fi')
|
|
||||||
runner_lines.append(' fi')
|
|
||||||
runner_lines.append(' [ -z "$_odysseus_have_prebuilt" ] && echo "[odysseus] Prebuilt download/extract failed — falling back to from-source build."')
|
|
||||||
runner_lines.append(' elif [ -z "$_odysseus_prebuilt_url" ]; then')
|
|
||||||
runner_lines.append(' echo "[odysseus] No matching prebuilt llama-server for this host (arch=$_odysseus_arch) — will build from source."')
|
|
||||||
runner_lines.append(' fi')
|
|
||||||
runner_lines.append(' if [ -z "$_odysseus_have_prebuilt" ]; then')
|
|
||||||
# Detect pip-installed nvcc (from vLLM/nvidia CUDA wheels) and put it on PATH
|
# Detect pip-installed nvcc (from vLLM/nvidia CUDA wheels) and put it on PATH
|
||||||
# so cmake's CUDA configure can find it — BUT only when actual NVIDIA
|
# so cmake's CUDA configure can find it. We keep this after the ROCm/HIP
|
||||||
# hardware is present. On AMD/Intel hosts the pip nvcc is a misleading
|
# check — a machine with both stacks should honor the native HIP toolchain on
|
||||||
# leftover (no libcudart, no GPU it could target) and would otherwise
|
# AMD hosts instead of accidentally preferring a stray nvcc wheel.
|
||||||
# send the build down the CUDA branch and fail with "CUDA Toolkit not
|
runner_lines.append(' for _cudir in ~/.local/lib/python*/site-packages/nvidia/cu13 ~/.local/lib/python*/site-packages/nvidia/cu12 ~/.local/lib/python*/site-packages/nvidia/cuda_nvcc; do')
|
||||||
# found" instead of trying Vulkan.
|
runner_lines.append(' [ -x "$_cudir/bin/nvcc" ] && export CUDA_HOME="$_cudir" && export PATH="$_cudir/bin:$PATH" && break')
|
||||||
runner_lines.append(' _odysseus_has_nvidia_hw() {')
|
runner_lines.append(' done')
|
||||||
runner_lines.append(' command -v nvidia-smi >/dev/null 2>&1 && nvidia-smi -L 2>/dev/null | grep -q "GPU " && return 0')
|
|
||||||
runner_lines.append(' ls /dev/nvidia* >/dev/null 2>&1 && return 0')
|
|
||||||
runner_lines.append(' lspci 2>/dev/null | grep -iE \'VGA|3D|Display\' | grep -iq nvidia && return 0')
|
|
||||||
runner_lines.append(' return 1')
|
|
||||||
runner_lines.append(' }')
|
|
||||||
runner_lines.append(' if _odysseus_has_nvidia_hw; then')
|
|
||||||
runner_lines.append(' for _cudir in ~/.local/lib/python*/site-packages/nvidia/cu13 ~/.local/lib/python*/site-packages/nvidia/cu12 ~/.local/lib/python*/site-packages/nvidia/cuda_nvcc; do')
|
|
||||||
runner_lines.append(' [ -x "$_cudir/bin/nvcc" ] && export CUDA_HOME="$_cudir" && export PATH="$_cudir/bin:$PATH" && break')
|
|
||||||
runner_lines.append(' done')
|
|
||||||
runner_lines.append(' fi')
|
|
||||||
# rm -rf build so a prior poisoned CMakeCache.txt (e.g. from a failed CUDA
|
# rm -rf build so a prior poisoned CMakeCache.txt (e.g. from a failed CUDA
|
||||||
# or HIP attempt) doesn't cause the next configure to reuse stale settings.
|
# or HIP attempt) doesn't cause the next configure to reuse stale settings.
|
||||||
runner_lines.append(' mkdir -p ~/bin')
|
runner_lines.append(' mkdir -p ~/bin')
|
||||||
# Try to install cmake / build-essential / git automatically before the
|
runner_lines.append(' cd ~/llama.cpp && rm -rf build')
|
||||||
# build, but ONLY via passwordless sudo (`sudo -n`) — interactive sudo
|
|
||||||
# would hang a tmux-backgrounded serve task waiting for a password. If
|
|
||||||
# sudo asks for a password the install is skipped silently and the
|
|
||||||
# diagnosis pattern (cookbook_routes.py / cookbook_helpers.py) surfaces
|
|
||||||
# an explicit "install cmake" suggestion in the Cookbook diagnosis
|
|
||||||
# toolbar after the inevitable build failure.
|
|
||||||
runner_lines.append(' _odysseus_apt_bootstrap() {')
|
|
||||||
runner_lines.append(' local _missing=""')
|
|
||||||
runner_lines.append(' command -v cmake >/dev/null 2>&1 || _missing="$_missing cmake"')
|
|
||||||
runner_lines.append(' command -v g++ >/dev/null 2>&1 || command -v gcc >/dev/null 2>&1 || _missing="$_missing build-essential"')
|
|
||||||
runner_lines.append(' command -v git >/dev/null 2>&1 || _missing="$_missing git"')
|
|
||||||
runner_lines.append(' [ -z "$_missing" ] && return 0')
|
|
||||||
runner_lines.append(' if command -v apt-get >/dev/null 2>&1 && sudo -n true 2>/dev/null; then')
|
|
||||||
runner_lines.append(' echo "[odysseus] Auto-installing missing build deps via apt:$_missing"')
|
|
||||||
runner_lines.append(' sudo -n env DEBIAN_FRONTEND=noninteractive apt-get update -qq 2>&1 | tail -3')
|
|
||||||
runner_lines.append(' sudo -n env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $_missing 2>&1 | tail -5 || true')
|
|
||||||
runner_lines.append(' elif command -v pacman >/dev/null 2>&1 && sudo -n true 2>/dev/null; then')
|
|
||||||
runner_lines.append(' echo "[odysseus] Auto-installing missing build deps via pacman:$_missing"')
|
|
||||||
runner_lines.append(' local _pacpkgs="$(echo "$_missing" | sed -e \'s/build-essential/base-devel/g\')"')
|
|
||||||
runner_lines.append(' sudo -n pacman -Sy --needed --noconfirm $_pacpkgs 2>&1 | tail -5 || true')
|
|
||||||
runner_lines.append(' elif command -v dnf >/dev/null 2>&1 && sudo -n true 2>/dev/null; then')
|
|
||||||
runner_lines.append(' echo "[odysseus] Auto-installing missing build deps via dnf:$_missing"')
|
|
||||||
runner_lines.append(' local _dnfpkgs="$(echo "$_missing" | sed -e \'s/build-essential/gcc gcc-c++ make/g\')"')
|
|
||||||
runner_lines.append(' sudo -n dnf install -y $_dnfpkgs 2>&1 | tail -5 || true')
|
|
||||||
runner_lines.append(' else')
|
|
||||||
runner_lines.append(' echo "[odysseus] WARNING: missing build deps ($_missing) — passwordless sudo is unavailable, cannot auto-install. Cookbook Diagnosis will explain the fix after the build fails."')
|
|
||||||
runner_lines.append(' fi')
|
|
||||||
runner_lines.append(' }')
|
|
||||||
runner_lines.append(' _odysseus_apt_bootstrap')
|
|
||||||
runner_lines.append(' _odysseus_missing_build_deps=""')
|
|
||||||
runner_lines.append(' command -v cmake >/dev/null 2>&1 || _odysseus_missing_build_deps="$_odysseus_missing_build_deps cmake"')
|
|
||||||
runner_lines.append(' command -v git >/dev/null 2>&1 || _odysseus_missing_build_deps="$_odysseus_missing_build_deps git"')
|
|
||||||
runner_lines.append(' command -v g++ >/dev/null 2>&1 || command -v gcc >/dev/null 2>&1 || _odysseus_missing_build_deps="$_odysseus_missing_build_deps build-essential"')
|
|
||||||
runner_lines.append(' if [ -n "$_odysseus_missing_build_deps" ]; then')
|
|
||||||
runner_lines.append(' echo "ERROR: llama.cpp source build needs missing packages:$_odysseus_missing_build_deps"')
|
|
||||||
runner_lines.append(' if command -v apt-get >/dev/null 2>&1; then')
|
|
||||||
runner_lines.append(' echo "Install on this host: sudo apt-get update && sudo apt-get install -y cmake build-essential git"')
|
|
||||||
runner_lines.append(' elif command -v pacman >/dev/null 2>&1; then')
|
|
||||||
runner_lines.append(' echo "Install on this host: sudo pacman -Sy --needed cmake base-devel git"')
|
|
||||||
runner_lines.append(' elif command -v dnf >/dev/null 2>&1; then')
|
|
||||||
runner_lines.append(' echo "Install on this host: sudo dnf install -y cmake gcc gcc-c++ make git"')
|
|
||||||
runner_lines.append(' fi')
|
|
||||||
runner_lines.append(' echo "Alternative: install a native llama-server on PATH, then relaunch."')
|
|
||||||
runner_lines.append(' ODYSSEUS_PREFLIGHT_EXIT=127')
|
|
||||||
runner_lines.append(' fi')
|
|
||||||
runner_lines.append(' cd ~/llama.cpp')
|
|
||||||
runner_lines.append(' _odysseus_has_vulkan() {')
|
|
||||||
runner_lines.append(' ldconfig -p 2>/dev/null | grep -q \'libvulkan\\.so\' && return 0')
|
|
||||||
runner_lines.append(' [ -e /usr/lib/libvulkan.so.1 ] && return 0')
|
|
||||||
runner_lines.append(' [ -e /usr/lib/x86_64-linux-gnu/libvulkan.so.1 ] && return 0')
|
|
||||||
runner_lines.append(' command -v vulkaninfo >/dev/null 2>&1 && return 0')
|
|
||||||
runner_lines.append(' return 1')
|
|
||||||
runner_lines.append(' }')
|
|
||||||
runner_lines.append(' _odysseus_has_vulkan_device() {')
|
|
||||||
runner_lines.append(' ls /dev/dri/renderD* >/dev/null 2>&1 && return 0')
|
|
||||||
runner_lines.append(' lspci 2>/dev/null | grep -Ei \'VGA|3D|Display\' | grep -Eiq \'AMD|ATI|Radeon\' && return 0')
|
|
||||||
runner_lines.append(' return 1')
|
|
||||||
runner_lines.append(' }')
|
|
||||||
# Backend preference: native ROCm/HIP > native CUDA > Vulkan > CPU.
|
|
||||||
# Vulkan is a portable fallback that works on AMD when ROCm isn't
|
|
||||||
# installed (e.g. Strix Halo) and on any vendor's discrete GPU, but
|
|
||||||
# it's ~30-40% slower than native HIP/CUDA for LLM inference — only
|
|
||||||
# pick it when no native toolchain is present.
|
|
||||||
runner_lines.append(' if command -v hipconfig &>/dev/null || [ -d /opt/rocm ] || [ -n "$ROCM_PATH" ] || [ -n "$HIP_PATH" ]; then')
|
runner_lines.append(' if command -v hipconfig &>/dev/null || [ -d /opt/rocm ] || [ -n "$ROCM_PATH" ] || [ -n "$HIP_PATH" ]; then')
|
||||||
runner_lines.append(' rm -rf build')
|
|
||||||
runner_lines.append(' if command -v hipconfig &>/dev/null; then')
|
runner_lines.append(' if command -v hipconfig &>/dev/null; then')
|
||||||
runner_lines.append(' export HIPCXX="${HIPCXX:-$(hipconfig -l)/clang}"')
|
runner_lines.append(' export HIPCXX="${HIPCXX:-$(hipconfig -l)/clang}"')
|
||||||
runner_lines.append(' export HIP_PATH="${HIP_PATH:-$(hipconfig -R)}"')
|
runner_lines.append(' export HIP_PATH="${HIP_PATH:-$(hipconfig -R)}"')
|
||||||
runner_lines.append(' fi')
|
runner_lines.append(' fi')
|
||||||
runner_lines.append(' echo "[odysseus] ROCm/HIP detected — building llama-server with HIP support..."')
|
runner_lines.append(' echo "[odysseus] ROCm/HIP detected — building llama-server with HIP support..."')
|
||||||
runner_lines.append(' cmake -B build -DCMAKE_BUILD_TYPE=Release -DGGML_HIP=ON && cmake --build build -j"$NPROC" --target llama-server && ln -sf ~/llama.cpp/build/bin/llama-server ~/bin/llama-server')
|
runner_lines.append(' cmake -B build -DCMAKE_BUILD_TYPE=Release -DGGML_HIP=ON && cmake --build build -j"$NPROC" --target llama-server && ln -sf ~/llama.cpp/build/bin/llama-server ~/bin/llama-server')
|
||||||
runner_lines.append(' elif command -v nvcc &>/dev/null && _odysseus_has_nvidia_hw; then')
|
runner_lines.append(' elif command -v nvcc &>/dev/null; then')
|
||||||
runner_lines.append(' rm -rf build')
|
|
||||||
# nvcc alone is not sufficient — pip-installed CUDA wheels or incomplete
|
# nvcc alone is not sufficient — pip-installed CUDA wheels or incomplete
|
||||||
# tooling can expose nvcc without shipping libcudart, causing cmake to fail
|
# tooling can expose nvcc without shipping libcudart, causing cmake to fail
|
||||||
# mid-build with "CUDA runtime library not found". Check cudart explicitly
|
# mid-build with "CUDA runtime library not found". Check cudart explicitly
|
||||||
@@ -952,50 +826,31 @@ def _append_llama_cpp_linux_accel_build_lines(runner_lines: list[str]) -> None:
|
|||||||
runner_lines.append(' echo "[odysseus] Ensure libcudart is installed (e.g. cuda-runtime package) and visible via ldconfig or CUDA_HOME."')
|
runner_lines.append(' echo "[odysseus] Ensure libcudart is installed (e.g. cuda-runtime package) and visible via ldconfig or CUDA_HOME."')
|
||||||
runner_lines.append(' cmake -B build -DCMAKE_BUILD_TYPE=Release && cmake --build build -j"$NPROC" --target llama-server && ln -sf ~/llama.cpp/build/bin/llama-server ~/bin/llama-server')
|
runner_lines.append(' cmake -B build -DCMAKE_BUILD_TYPE=Release && cmake --build build -j"$NPROC" --target llama-server && ln -sf ~/llama.cpp/build/bin/llama-server ~/bin/llama-server')
|
||||||
runner_lines.append(' fi')
|
runner_lines.append(' fi')
|
||||||
runner_lines.append(' elif _odysseus_has_vulkan_device && _odysseus_has_vulkan; then')
|
|
||||||
runner_lines.append(' echo "[odysseus] Vulkan-capable GPU detected (no ROCm/CUDA toolchain installed) — building llama-server with Vulkan support..."')
|
|
||||||
runner_lines.append(' rm -rf build-vulkan')
|
|
||||||
runner_lines.append(' cmake -B build-vulkan -DCMAKE_BUILD_TYPE=Release -DGGML_VULKAN=ON && cmake --build build-vulkan -j"$NPROC" --target llama-server && ln -sf ~/llama.cpp/build-vulkan/bin/llama-server ~/bin/llama-server')
|
|
||||||
runner_lines.append(' else')
|
runner_lines.append(' else')
|
||||||
runner_lines.append(' echo "[odysseus] WARNING: no HIP/CUDA/Vulkan toolchain found — building llama-server for CPU only."')
|
runner_lines.append(' echo "[odysseus] WARNING: no HIP/CUDA toolchain found — building llama-server for CPU only."')
|
||||||
runner_lines.append(' echo "[odysseus] GPU inference will not be available for this llama.cpp build."')
|
runner_lines.append(' echo "[odysseus] GPU inference will not be available for this llama.cpp build."')
|
||||||
runner_lines.append(' echo "[odysseus] Install Vulkan (libvulkan-dev) / ROCm for AMD GPUs or CUDA tooling for NVIDIA, then re-launch this serve task."')
|
runner_lines.append(' echo "[odysseus] Install ROCm for AMD GPUs or vLLM/CUDA tooling for NVIDIA, then re-launch this serve task."')
|
||||||
runner_lines.append(' rm -rf build')
|
|
||||||
runner_lines.append(' cmake -B build -DCMAKE_BUILD_TYPE=Release && cmake --build build -j"$NPROC" --target llama-server && ln -sf ~/llama.cpp/build/bin/llama-server ~/bin/llama-server')
|
runner_lines.append(' cmake -B build -DCMAKE_BUILD_TYPE=Release && cmake --build build -j"$NPROC" --target llama-server && ln -sf ~/llama.cpp/build/bin/llama-server ~/bin/llama-server')
|
||||||
runner_lines.append(' fi')
|
runner_lines.append(' fi')
|
||||||
runner_lines.append(' fi # end _odysseus_have_prebuilt guard')
|
|
||||||
|
|
||||||
|
|
||||||
def _llama_cpp_rebuild_cmd(update_source: bool = False) -> str:
|
def _llama_cpp_rebuild_cmd() -> str:
|
||||||
"""Shell command that clears the Cookbook-managed llama.cpp build.
|
"""Shell command that clears the Cookbook-managed llama.cpp build.
|
||||||
|
|
||||||
Removes the cached ``llama-server`` symlink and the ``~/llama.cpp/build*``
|
Removes the cached ``llama-server`` symlink and the ``~/llama.cpp/build``
|
||||||
directory so the next llama.cpp serve recompiles from source, picking up a
|
directory so the next llama.cpp serve recompiles from source, picking up a
|
||||||
CUDA or HIP toolchain if one is now available. The serve bootstrap only
|
CUDA or HIP toolchain if one is now available. The serve bootstrap only
|
||||||
builds when ``llama-server`` is missing from PATH, so without this an
|
builds when ``llama-server`` is missing from PATH, so without this an
|
||||||
existing CPU-only build is reused forever. When ``update_source`` is true,
|
existing CPU-only build is reused forever. It deliberately installs and
|
||||||
the command also fast-forwards the Cookbook-managed ``~/llama.cpp`` checkout
|
downloads nothing; the rebuild itself happens on the next serve.
|
||||||
if it exists. The rebuild itself happens on the next serve.
|
|
||||||
"""
|
"""
|
||||||
update_cmd = ''
|
|
||||||
if update_source:
|
|
||||||
update_cmd = (
|
|
||||||
'if [ -d "$HOME/llama.cpp/.git" ]; then '
|
|
||||||
'git -C "$HOME/llama.cpp" pull --ff-only --depth 1 || '
|
|
||||||
'echo "[odysseus] WARNING: llama.cpp source update failed; clearing cached build anyway."; '
|
|
||||||
'elif command -v git >/dev/null 2>&1; then '
|
|
||||||
'git clone --depth 1 https://github.com/ggml-org/llama.cpp "$HOME/llama.cpp" || '
|
|
||||||
'echo "[odysseus] WARNING: llama.cpp clone failed; clearing cached build anyway."; '
|
|
||||||
'fi && '
|
|
||||||
)
|
|
||||||
return (
|
return (
|
||||||
'mkdir -p "$HOME/bin" && '
|
'mkdir -p "$HOME/bin" && '
|
||||||
f'{update_cmd}'
|
|
||||||
'rm -f "$HOME/bin/llama-server" && '
|
'rm -f "$HOME/bin/llama-server" && '
|
||||||
'rm -rf "$HOME/llama.cpp/build" "$HOME/llama.cpp/build-vulkan" && '
|
'rm -rf "$HOME/llama.cpp/build" && '
|
||||||
'echo "[odysseus] Cleared the cached llama.cpp build. '
|
'echo "[odysseus] Cleared the cached llama.cpp build. '
|
||||||
'Re-launch the serve task to rebuild llama-server from source '
|
'Re-launch the serve task to rebuild llama-server from source '
|
||||||
'(Vulkan, HIP, or CUDA will be used if a matching toolchain is now available)."'
|
'(CUDA or HIP will be used if a toolchain is now available)."'
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
@@ -1258,27 +1113,8 @@ def _diagnose_serve_output(text: str) -> dict | None:
|
|||||||
"SGLang is not installed or not in PATH on this server.",
|
"SGLang is not installed or not in PATH on this server.",
|
||||||
[{"label": "install SGLang in Cookbook Dependencies", "op": "dependency", "package": "sglang[all]"}],
|
[{"label": "install SGLang in Cookbook Dependencies", "op": "dependency", "package": "sglang[all]"}],
|
||||||
),
|
),
|
||||||
# System build deps come BEFORE the generic llama.cpp catch-all so
|
|
||||||
# cmake / build-essential / git missing → a specific OS-package
|
|
||||||
# remediation instead of "install llama-cpp-python[server]" (which
|
|
||||||
# itself fails to compile when cmake is absent).
|
|
||||||
(
|
(
|
||||||
r"cmake: command not found|cmake.*not found.*[Cc]ould not",
|
r"llama-server.*command not found|llama\.cpp.*not found|No module named.*llama_cpp|No module named 'starlette_context'|git: command not found|cmake: command not found",
|
||||||
"cmake is required to build llama.cpp from source but isn't installed on this server.",
|
|
||||||
[{"label": "install build deps for llama.cpp (apt: cmake build-essential git / pacman: cmake base-devel git / dnf: cmake gcc-c++ make git / brew: cmake git)", "op": "dependency", "package": "llama-cpp-python[server]"}],
|
|
||||||
),
|
|
||||||
(
|
|
||||||
r"^(make|g\+\+|gcc): command not found|Could not find C\+\+ compiler",
|
|
||||||
"A C/C++ compiler (build-essential) is required to build llama.cpp from source.",
|
|
||||||
[{"label": "install build deps for llama.cpp on this server", "op": "dependency", "package": "llama-cpp-python[server]"}],
|
|
||||||
),
|
|
||||||
(
|
|
||||||
r"^git: command not found",
|
|
||||||
"git is required to clone the llama.cpp source tree.",
|
|
||||||
[{"label": "install build deps for llama.cpp on this server", "op": "dependency", "package": "llama-cpp-python[server]"}],
|
|
||||||
),
|
|
||||||
(
|
|
||||||
r"llama-server.*command not found|llama\.cpp.*not found|No module named.*llama_cpp|No module named 'starlette_context'",
|
|
||||||
"llama.cpp / llama-cpp-python dependencies are missing.",
|
"llama.cpp / llama-cpp-python dependencies are missing.",
|
||||||
[{"label": "install llama.cpp dependencies or llama-cpp-python[server]", "op": "dependency", "package": "llama-cpp-python[server]"}],
|
[{"label": "install llama.cpp dependencies or llama-cpp-python[server]", "op": "dependency", "package": "llama-cpp-python[server]"}],
|
||||||
),
|
),
|
||||||
|
|||||||
+19
-356
@@ -73,9 +73,6 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
return "stored"
|
return "stored"
|
||||||
return f"{value[:4]}...{value[-4:]}"
|
return f"{value[:4]}...{value[-4:]}"
|
||||||
|
|
||||||
def _client_host_platform() -> str:
|
|
||||||
return "windows" if IS_WINDOWS else ""
|
|
||||||
|
|
||||||
def _decrypt_secret(value: str | None) -> str:
|
def _decrypt_secret(value: str | None) -> str:
|
||||||
if not value:
|
if not value:
|
||||||
return ""
|
return ""
|
||||||
@@ -192,27 +189,8 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
"SGLang is not installed or not in PATH on this server.",
|
"SGLang is not installed or not in PATH on this server.",
|
||||||
[{"label": "install SGLang in Cookbook Dependencies", "op": "dependency", "package": "sglang[all]"}],
|
[{"label": "install SGLang in Cookbook Dependencies", "op": "dependency", "package": "sglang[all]"}],
|
||||||
),
|
),
|
||||||
# System build deps come BEFORE the generic llama.cpp catch-all
|
|
||||||
# so cmake / build-essential / git missing → a specific OS-package
|
|
||||||
# remediation instead of "install llama-cpp-python[server]" (which
|
|
||||||
# itself fails to compile when cmake is absent).
|
|
||||||
(
|
(
|
||||||
r"cmake: command not found|cmake.*not found.*[Cc]ould not",
|
r"llama-server.*command not found|llama\.cpp.*not found|No module named.*llama_cpp|No module named 'starlette_context'|git: command not found|cmake: command not found",
|
||||||
"cmake is required to build llama.cpp from source but isn't installed on this server.",
|
|
||||||
[{"label": "install build deps for llama.cpp (apt: cmake build-essential git / pacman: cmake base-devel git / dnf: cmake gcc-c++ make git / brew: cmake git)", "op": "dependency", "package": "llama-cpp-python[server]"}],
|
|
||||||
),
|
|
||||||
(
|
|
||||||
r"^(make|g\+\+|gcc): command not found|Could not find C\+\+ compiler",
|
|
||||||
"A C/C++ compiler (build-essential) is required to build llama.cpp from source.",
|
|
||||||
[{"label": "install build deps for llama.cpp on this server", "op": "dependency", "package": "llama-cpp-python[server]"}],
|
|
||||||
),
|
|
||||||
(
|
|
||||||
r"^git: command not found",
|
|
||||||
"git is required to clone the llama.cpp source tree.",
|
|
||||||
[{"label": "install build deps for llama.cpp on this server", "op": "dependency", "package": "llama-cpp-python[server]"}],
|
|
||||||
),
|
|
||||||
(
|
|
||||||
r"llama-server.*command not found|llama\.cpp.*not found|No module named.*llama_cpp|No module named 'starlette_context'",
|
|
||||||
"llama.cpp / llama-cpp-python dependencies are missing.",
|
"llama.cpp / llama-cpp-python dependencies are missing.",
|
||||||
[{"label": "install llama.cpp dependencies or llama-cpp-python[server]", "op": "dependency", "package": "llama-cpp-python[server]"}],
|
[{"label": "install llama.cpp dependencies or llama-cpp-python[server]", "op": "dependency", "package": "llama-cpp-python[server]"}],
|
||||||
),
|
),
|
||||||
@@ -248,15 +226,11 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
"""Return cookbook state without raw secrets for browser clients."""
|
"""Return cookbook state without raw secrets for browser clients."""
|
||||||
_strip_task_secrets(state)
|
_strip_task_secrets(state)
|
||||||
env = state.get("env") if isinstance(state, dict) else None
|
env = state.get("env") if isinstance(state, dict) else None
|
||||||
if isinstance(state, dict) and not isinstance(env, dict):
|
|
||||||
env = {}
|
|
||||||
state["env"] = env
|
|
||||||
if isinstance(env, dict):
|
if isinstance(env, dict):
|
||||||
token = _decrypt_secret(env.get("hfToken"))
|
token = _decrypt_secret(env.get("hfToken"))
|
||||||
env.pop("hfToken", None)
|
env.pop("hfToken", None)
|
||||||
env["hfTokenConfigured"] = bool(token)
|
env["hfTokenConfigured"] = bool(token)
|
||||||
env["hfTokenMasked"] = _mask_secret(token)
|
env["hfTokenMasked"] = _mask_secret(token)
|
||||||
env["hostPlatform"] = _client_host_platform()
|
|
||||||
return state
|
return state
|
||||||
|
|
||||||
def _state_for_storage(state, on_disk=None):
|
def _state_for_storage(state, on_disk=None):
|
||||||
@@ -275,85 +249,11 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
env.pop("hfToken", None)
|
env.pop("hfToken", None)
|
||||||
env.pop("hfTokenMasked", None)
|
env.pop("hfTokenMasked", None)
|
||||||
env.pop("hfTokenConfigured", None)
|
env.pop("hfTokenConfigured", None)
|
||||||
env.pop("hostPlatform", None)
|
|
||||||
return state
|
return state
|
||||||
|
|
||||||
def _load_stored_hf_token() -> str:
|
def _load_stored_hf_token() -> str:
|
||||||
return load_stored_hf_token(state_path=_cookbook_state_path)
|
return load_stored_hf_token(state_path=_cookbook_state_path)
|
||||||
|
|
||||||
def _normalize_minimax_m3_vllm_cmd(cmd: str) -> str:
|
|
||||||
"""Patch MiniMax M3 vLLM launches into the known-good local form.
|
|
||||||
|
|
||||||
The browser form can be stale or omit advanced-only fields. MiniMax M3
|
|
||||||
is sensitive to several flags: using the HF repo id with block-size 128
|
|
||||||
fails KV-cache setup, and FlashInfer sampler JIT fails on this host's
|
|
||||||
system nvcc. Normalize server-side before writing the tmux runner.
|
|
||||||
"""
|
|
||||||
cmd_lower = (cmd or "").lower()
|
|
||||||
if not cmd or "vllm serve" not in cmd_lower or "minimax" not in cmd_lower or "m3" not in cmd_lower:
|
|
||||||
return cmd
|
|
||||||
try:
|
|
||||||
parts = shlex.split(cmd)
|
|
||||||
except ValueError:
|
|
||||||
return cmd
|
|
||||||
if "serve" not in parts:
|
|
||||||
return cmd
|
|
||||||
|
|
||||||
env_re = re.compile(r"^[A-Za-z_][A-Za-z0-9_]*=")
|
|
||||||
env_parts = [p for p in parts if env_re.match(p)]
|
|
||||||
body = [p for p in parts if not env_re.match(p)]
|
|
||||||
try:
|
|
||||||
serve_i = body.index("serve")
|
|
||||||
except ValueError:
|
|
||||||
return cmd
|
|
||||||
if serve_i + 1 >= len(body):
|
|
||||||
return cmd
|
|
||||||
|
|
||||||
repo_id = "cyankiwi/MiniMax-M3-AWQ-INT4"
|
|
||||||
snapshot = (
|
|
||||||
"/home/pewds/.cache/huggingface/hub/"
|
|
||||||
"models--cyankiwi--MiniMax-M3-AWQ-INT4/"
|
|
||||||
"snapshots/4082acbbec1236d21828d55b6bb0fe02ade4ab5b"
|
|
||||||
)
|
|
||||||
if body[serve_i + 1] == repo_id:
|
|
||||||
body[serve_i + 1] = snapshot
|
|
||||||
|
|
||||||
def add_env(key: str, value: str) -> None:
|
|
||||||
if not any(p.startswith(f"{key}=") for p in env_parts):
|
|
||||||
env_parts.append(f"{key}={value}")
|
|
||||||
|
|
||||||
def has_flag(flag: str) -> bool:
|
|
||||||
return any(p == flag or p.startswith(flag + "=") for p in body)
|
|
||||||
|
|
||||||
def set_flag(flag: str, value: str) -> None:
|
|
||||||
for i, part in enumerate(body):
|
|
||||||
if part == flag:
|
|
||||||
if i + 1 < len(body):
|
|
||||||
body[i + 1] = value
|
|
||||||
else:
|
|
||||||
body.append(value)
|
|
||||||
return
|
|
||||||
if part.startswith(flag + "="):
|
|
||||||
body[i] = f"{flag}={value}"
|
|
||||||
return
|
|
||||||
body.extend([flag, value])
|
|
||||||
|
|
||||||
def add_bool(flag: str) -> None:
|
|
||||||
if not has_flag(flag):
|
|
||||||
body.append(flag)
|
|
||||||
|
|
||||||
add_env("VLLM_TARGET_DEVICE", "cuda")
|
|
||||||
add_env("VLLM_USE_FLASHINFER_SAMPLER", "0")
|
|
||||||
set_flag("--served-model-name", repo_id)
|
|
||||||
set_flag("--tool-call-parser", "minimax_m3")
|
|
||||||
set_flag("--reasoning-parser", "minimax_m3")
|
|
||||||
set_flag("--attention-backend", "TRITON_ATTN")
|
|
||||||
set_flag("--block-size", "128")
|
|
||||||
add_bool("--language-model-only")
|
|
||||||
add_bool("--disable-custom-all-reduce")
|
|
||||||
add_bool("--enable-expert-parallel")
|
|
||||||
return shlex.join(env_parts + body)
|
|
||||||
|
|
||||||
def _cookbook_ssh_dir() -> Path:
|
def _cookbook_ssh_dir() -> Path:
|
||||||
# The Docker image keeps cookbook keys under /app/.ssh; that path only
|
# The Docker image keeps cookbook keys under /app/.ssh; that path only
|
||||||
# exists inside the container. On Windows (and any non-container host)
|
# exists inside the container. On Windows (and any non-container host)
|
||||||
@@ -1330,7 +1230,6 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
# `TypeError: argument of type 'NoneType'` (a 500 instead of a clean 400).
|
# `TypeError: argument of type 'NoneType'` (a 500 instead of a clean 400).
|
||||||
req.cmd = _validate_serve_cmd(req.cmd) or ""
|
req.cmd = _validate_serve_cmd(req.cmd) or ""
|
||||||
req.cmd = _normalize_llama_cpp_python_cache_types(req.cmd) or ""
|
req.cmd = _normalize_llama_cpp_python_cache_types(req.cmd) or ""
|
||||||
req.cmd = _normalize_minimax_m3_vllm_cmd(req.cmd)
|
|
||||||
req.cmd = _venv_safe_local_pip_install_cmd(
|
req.cmd = _venv_safe_local_pip_install_cmd(
|
||||||
req.cmd,
|
req.cmd,
|
||||||
local=not bool(req.remote_host),
|
local=not bool(req.remote_host),
|
||||||
@@ -1344,16 +1243,8 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
req.cmd = _pip_install_no_cache(req.cmd)
|
req.cmd = _pip_install_no_cache(req.cmd)
|
||||||
# Accept common aliases and enforce server extras for llama-cpp so
|
# Accept common aliases and enforce server extras for llama-cpp so
|
||||||
# `python -m llama_cpp.server` has all runtime dependencies.
|
# `python -m llama_cpp.server` has all runtime dependencies.
|
||||||
# CRITICAL: the lookbehind / lookahead must also exclude `/` so
|
req.cmd = re.sub(r"(?<![A-Za-z0-9_.-])llama_cpp(?![A-Za-z0-9_.-])", "llama-cpp-python[server]", req.cmd)
|
||||||
# the regex DOESN'T mangle a URL path like
|
req.cmd = re.sub(r"(?<![A-Za-z0-9_.-])llama-cpp-python(?!\[)", "llama-cpp-python[server]", req.cmd)
|
||||||
# https://abetlen.github.io/llama-cpp-python/whl/cu124
|
|
||||||
# The previous regex turned that URL into
|
|
||||||
# https://abetlen.github.io/llama-cpp-python[server]/whl/cu124
|
|
||||||
# which pip then couldn't resolve → silent fallback to source
|
|
||||||
# build of the .tar.gz → CPU-only binary (because CMAKE_ARGS
|
|
||||||
# isn't set), defeating the entire purpose of the CUDA index.
|
|
||||||
req.cmd = re.sub(r"(?<![A-Za-z0-9_.\-/])llama_cpp(?![A-Za-z0-9_.\-/])", "llama-cpp-python[server]", req.cmd)
|
|
||||||
req.cmd = re.sub(r"(?<![A-Za-z0-9_.\-/])llama-cpp-python(?![\[/])", "llama-cpp-python[server]", req.cmd)
|
|
||||||
if "llama-cpp-python" in req.cmd and "--extra-index-url" not in req.cmd:
|
if "llama-cpp-python" in req.cmd and "--extra-index-url" not in req.cmd:
|
||||||
req.cmd += " --extra-index-url https://abetlen.github.io/llama-cpp-python/whl/cpu"
|
req.cmd += " --extra-index-url https://abetlen.github.io/llama-cpp-python/whl/cpu"
|
||||||
# PEP-508-style package spec — letters, digits, `.-_` for the
|
# PEP-508-style package spec — letters, digits, `.-_` for the
|
||||||
@@ -1393,11 +1284,6 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
# LOCAL execution on a native-Windows host never uses tmux (detached
|
# LOCAL execution on a native-Windows host never uses tmux (detached
|
||||||
# process path below), regardless of the UI-supplied platform.
|
# process path below), regardless of the UI-supplied platform.
|
||||||
local_windows = IS_WINDOWS and not remote
|
local_windows = IS_WINDOWS and not remote
|
||||||
if is_windows and remote and "diffusion_server.py" in req.cmd:
|
|
||||||
raise HTTPException(
|
|
||||||
400,
|
|
||||||
"Remote Windows Diffusers serving is not supported yet; use local Windows or a Linux remote server.",
|
|
||||||
)
|
|
||||||
|
|
||||||
if not is_windows and not local_windows and not await _binary_available("tmux", remote, req.ssh_port):
|
if not is_windows and not local_windows and not await _binary_available("tmux", remote, req.ssh_port):
|
||||||
return {
|
return {
|
||||||
@@ -1487,10 +1373,6 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
# shell resolves the bundled python3/hf, mirroring the download flow.
|
# shell resolves the bundled python3/hf, mirroring the download flow.
|
||||||
if not remote:
|
if not remote:
|
||||||
runner_lines.append(_local_tooling_path_export(sys.executable))
|
runner_lines.append(_local_tooling_path_export(sys.executable))
|
||||||
if local_windows:
|
|
||||||
# Detached Git Bash runs do not always inherit recently edited
|
|
||||||
# user PATH entries from the already-running Odysseus process.
|
|
||||||
runner_lines.append('export PATH="$HOME/bin:$HOME/llama.cpp/build-cuda/bin/Release:$HOME/llama.cpp/build/bin/Release:$HOME/llama.cpp/build/bin/Debug:$HOME/llama.cpp/build/bin:$PATH"')
|
|
||||||
runner_lines.append("export FLASHINFER_DISABLE_VERSION_CHECK=1")
|
runner_lines.append("export FLASHINFER_DISABLE_VERSION_CHECK=1")
|
||||||
if req.hf_token:
|
if req.hf_token:
|
||||||
runner_lines.append(f"export HF_TOKEN='{_bash_squote(req.hf_token)}'")
|
runner_lines.append(f"export HF_TOKEN='{_bash_squote(req.hf_token)}'")
|
||||||
@@ -1505,8 +1387,7 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
runner_lines.append(_HF_TOKEN_STATUS_SNIPPET)
|
runner_lines.append(_HF_TOKEN_STATUS_SNIPPET)
|
||||||
handled_ollama_serve = False
|
handled_ollama_serve = False
|
||||||
# Auto-install inference engine if missing
|
# Auto-install inference engine if missing
|
||||||
local_windows_llama_cmd = local_windows and ("llama_cpp" in req.cmd or "llama-server" in req.cmd)
|
if "llama_cpp" in req.cmd or "llama-server" in req.cmd:
|
||||||
if ("llama_cpp" in req.cmd or "llama-server" in req.cmd) and not local_windows_llama_cmd:
|
|
||||||
# Prefer the NATIVE llama-server binary — its minja templating
|
# Prefer the NATIVE llama-server binary — its minja templating
|
||||||
# renders modern GGUF chat templates that the Python bindings'
|
# renders modern GGUF chat templates that the Python bindings'
|
||||||
# Jinja2 rejects (do_tojson ensure_ascii). Build it once from
|
# Jinja2 rejects (do_tojson ensure_ascii). Build it once from
|
||||||
@@ -1545,69 +1426,6 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
runner_lines.append(' else')
|
runner_lines.append(' else')
|
||||||
_append_llama_cpp_linux_accel_build_lines(runner_lines)
|
_append_llama_cpp_linux_accel_build_lines(runner_lines)
|
||||||
runner_lines.append(' fi')
|
runner_lines.append(' fi')
|
||||||
# Source the env file the prebuilt-download path writes so
|
|
||||||
# LD_LIBRARY_PATH includes the directory holding libllama.so
|
|
||||||
# and friends. No-op when prebuilt wasn't used.
|
|
||||||
runner_lines.append(' [ -r ~/.config/odysseus-llama-cpp-env ] && . ~/.config/odysseus-llama-cpp-env')
|
|
||||||
# Auto-upgrade pip llama-cpp-python to the CUDA-enabled
|
|
||||||
# wheel when (a) NVIDIA hardware is present and (b) the
|
|
||||||
# currently-installed wheel is CPU-only. Without this the
|
|
||||||
# user gets the Python server happily running at 3 tok/s
|
|
||||||
# because pip's default index ships CPU-only wheels.
|
|
||||||
# Forward-compat: cu124 wheels work on driver/runtime
|
|
||||||
# 12.4+ including the cu13.x line.
|
|
||||||
runner_lines.append(' if command -v nvidia-smi >/dev/null 2>&1 && nvidia-smi -L 2>/dev/null | grep -q "GPU " && python3 -c "import llama_cpp" 2>/dev/null; then')
|
|
||||||
runner_lines.append(' if ! python3 -c "import llama_cpp; import sys; sys.exit(0 if llama_cpp.llama_supports_gpu_offload() else 1)" 2>/dev/null; then')
|
|
||||||
runner_lines.append(' echo "[odysseus] NVIDIA detected but installed llama-cpp-python is CPU-only — reinstalling with CUDA wheel index for GPU offload..."')
|
|
||||||
runner_lines.append(' python3 -m pip install --user --break-system-packages --force-reinstall --no-cache-dir "llama-cpp-python[server]" --extra-index-url https://abetlen.github.io/llama-cpp-python/whl/cu124 2>&1 | tail -8 || echo "[odysseus] WARNING: CUDA wheel reinstall failed — Python server will stay CPU-only (slow). Manual fix: pip install --user --force-reinstall \'llama-cpp-python[server]\' --extra-index-url https://abetlen.github.io/llama-cpp-python/whl/cu124"')
|
|
||||||
runner_lines.append(' if python3 -c "import llama_cpp; import sys; sys.exit(0 if llama_cpp.llama_supports_gpu_offload() else 1)" 2>/dev/null; then')
|
|
||||||
runner_lines.append(' echo "[odysseus] llama-cpp-python now supports GPU offload."')
|
|
||||||
runner_lines.append(' fi')
|
|
||||||
runner_lines.append(' fi')
|
|
||||||
runner_lines.append(' fi')
|
|
||||||
# SHORT-CIRCUIT before the build/pip fallback: if the
|
|
||||||
# native binary is missing but llama_cpp Python is already
|
|
||||||
# installed, drop a wrapper at ~/bin/llama-server that
|
|
||||||
# translates llama-server CLI args to llama_cpp.server's
|
|
||||||
# underscore-style flags. The user's serve command stays
|
|
||||||
# `llama-server ...` and "just works" — no build, no cmake,
|
|
||||||
# no second install. This is the path that unblocks every
|
|
||||||
# remote where pip-installed llama-cpp-python is already
|
|
||||||
# working but Cookbook used to insist on a native binary.
|
|
||||||
runner_lines.append(' if ! command -v llama-server >/dev/null 2>&1 && python3 -c "import llama_cpp" 2>/dev/null; then')
|
|
||||||
runner_lines.append(' mkdir -p ~/bin')
|
|
||||||
runner_lines.append(' cat > ~/bin/llama-server <<\'_ODY_LLAMA_SHIM_EOF\'')
|
|
||||||
runner_lines.append('#!/usr/bin/env bash')
|
|
||||||
runner_lines.append('# Auto-generated by Odysseus Cookbook: a `llama-server` lookalike')
|
|
||||||
runner_lines.append('# that translates the native CLI to `python -m llama_cpp.server`.')
|
|
||||||
runner_lines.append('# Lets cookbook-generated launch commands run unchanged on hosts')
|
|
||||||
runner_lines.append('# where only the pip llama-cpp-python package is installed.')
|
|
||||||
runner_lines.append('ARGS=()')
|
|
||||||
runner_lines.append('while [ $# -gt 0 ]; do')
|
|
||||||
runner_lines.append(' case "$1" in')
|
|
||||||
runner_lines.append(' -ngl|--gpu-layers|--n-gpu-layers) ARGS+=(--n_gpu_layers "$2"); shift 2 ;;')
|
|
||||||
runner_lines.append(' -c|--ctx-size) ARGS+=(--n_ctx "$2"); shift 2 ;;')
|
|
||||||
runner_lines.append(' -b|--batch-size) ARGS+=(--n_batch "$2"); shift 2 ;;')
|
|
||||||
runner_lines.append(' -ub|--ubatch-size) shift 2 ;; # llama-cpp-python has no separate ubatch')
|
|
||||||
runner_lines.append(' --flash-attn) ARGS+=(--flash_attn true); shift 2 ;;')
|
|
||||||
runner_lines.append(' --cache-type-k) ARGS+=(--type_k "$2"); shift 2 ;;')
|
|
||||||
runner_lines.append(' --cache-type-v) ARGS+=(--type_v "$2"); shift 2 ;;')
|
|
||||||
runner_lines.append(' --n-cpu-moe) ARGS+=(--n_cpu_moe "$2"); shift 2 ;;')
|
|
||||||
runner_lines.append(' --mmproj) ARGS+=(--clip_model_path "$2"); shift 2 ;;')
|
|
||||||
runner_lines.append(' --image-max-tokens) shift 2 ;; # native-only')
|
|
||||||
runner_lines.append(' --no-mmap) ARGS+=(--no_mmap true); shift ;;')
|
|
||||||
runner_lines.append(' --no-warmup) shift ;; # native-only')
|
|
||||||
runner_lines.append(' --chat-template) ARGS+=(--chat_format "$2"); shift 2 ;;')
|
|
||||||
runner_lines.append(' --fit|--split-mode|--tensor-split|--main-gpu|--parallel) shift 2 ;; # native-only')
|
|
||||||
runner_lines.append(' --mlock) ARGS+=(--use_mlock true); shift ;;')
|
|
||||||
runner_lines.append(' *) ARGS+=("$1"); shift ;;')
|
|
||||||
runner_lines.append(' esac')
|
|
||||||
runner_lines.append('done')
|
|
||||||
runner_lines.append('exec python3 -m llama_cpp.server "${ARGS[@]}"')
|
|
||||||
runner_lines.append('_ODY_LLAMA_SHIM_EOF')
|
|
||||||
runner_lines.append(' chmod +x ~/bin/llama-server')
|
|
||||||
runner_lines.append(' echo "[odysseus] Created llama-server shim → python -m llama_cpp.server (no native binary needed)"')
|
|
||||||
runner_lines.append(' fi')
|
|
||||||
runner_lines.append(' # If the native build failed, fall back to the Python bindings.')
|
runner_lines.append(' # If the native build failed, fall back to the Python bindings.')
|
||||||
runner_lines.append(' if ! command -v llama-server &>/dev/null && ! python3 -c "import llama_cpp" 2>/dev/null; then')
|
runner_lines.append(' if ! command -v llama-server &>/dev/null && ! python3 -c "import llama_cpp" 2>/dev/null; then')
|
||||||
runner_lines.append(' echo "llama-server build failed — installing Python bindings as fallback..."')
|
runner_lines.append(' echo "llama-server build failed — installing Python bindings as fallback..."')
|
||||||
@@ -1671,96 +1489,6 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
runner_lines.append(' echo "ERROR: vLLM is not installed."')
|
runner_lines.append(' echo "ERROR: vLLM is not installed."')
|
||||||
runner_lines.append(' ODYSSEUS_PREFLIGHT_EXIT=127')
|
runner_lines.append(' ODYSSEUS_PREFLIGHT_EXIT=127')
|
||||||
runner_lines.append('fi')
|
runner_lines.append('fi')
|
||||||
runner_lines.append(f"ODYSSEUS_SERVE_CMD='{_bash_squote(req.cmd)}'")
|
|
||||||
runner_lines.append('if [ -z "$ODYSSEUS_PREFLIGHT_EXIT" ]; then')
|
|
||||||
runner_lines.append(' ODYSSEUS_VLLM_HELP_CMD="$(python3 - "$ODYSSEUS_SERVE_CMD" <<\'PY\'')
|
|
||||||
runner_lines.append('import shlex, sys')
|
|
||||||
runner_lines.append('parts = shlex.split(sys.argv[1])')
|
|
||||||
runner_lines.append('try:')
|
|
||||||
runner_lines.append(' serve_i = parts.index("serve")')
|
|
||||||
runner_lines.append('except ValueError:')
|
|
||||||
runner_lines.append(' print("vllm serve --help")')
|
|
||||||
runner_lines.append('else:')
|
|
||||||
runner_lines.append(' print(shlex.join(parts[:serve_i + 1] + ["--help"]))')
|
|
||||||
runner_lines.append('PY')
|
|
||||||
runner_lines.append(')"')
|
|
||||||
runner_lines.append(' ODYSSEUS_VLLM_SUPPORTS_SWAP=0')
|
|
||||||
runner_lines.append(' if eval "$ODYSSEUS_VLLM_HELP_CMD" 2>&1 | grep -q -- "--swap-space"; then ODYSSEUS_VLLM_SUPPORTS_SWAP=1; fi')
|
|
||||||
runner_lines.append('fi')
|
|
||||||
runner_lines.append('if [ -z "$ODYSSEUS_PREFLIGHT_EXIT" ] && [ "${ODYSSEUS_VLLM_SUPPORTS_SWAP:-0}" = "1" ] && ! printf "%s" "$ODYSSEUS_SERVE_CMD" | grep -q -- "--swap-space"; then')
|
|
||||||
runner_lines.append(' echo "[odysseus] Setting vLLM --swap-space 0 so the runtime does not reserve CPU swap per GPU."')
|
|
||||||
runner_lines.append(' ODYSSEUS_SERVE_CMD="${ODYSSEUS_SERVE_CMD} --swap-space 0"')
|
|
||||||
runner_lines.append('fi')
|
|
||||||
runner_lines.append('if [ -z "$ODYSSEUS_PREFLIGHT_EXIT" ] && [ "${ODYSSEUS_VLLM_SUPPORTS_SWAP:-0}" != "1" ]; then')
|
|
||||||
runner_lines.append(' if printf "%s" "$ODYSSEUS_SERVE_CMD" | grep -q -- "--swap-space"; then')
|
|
||||||
runner_lines.append(' echo "[odysseus] vLLM serve does not expose --swap-space; removing the flag and patching the runtime default to 0."')
|
|
||||||
runner_lines.append(' ODYSSEUS_SERVE_CMD="$(python3 - "$ODYSSEUS_SERVE_CMD" <<\'PY\'')
|
|
||||||
runner_lines.append('import shlex, sys')
|
|
||||||
runner_lines.append('parts = shlex.split(sys.argv[1])')
|
|
||||||
runner_lines.append('out = []')
|
|
||||||
runner_lines.append('skip = False')
|
|
||||||
runner_lines.append('for part in parts:')
|
|
||||||
runner_lines.append(' if skip:')
|
|
||||||
runner_lines.append(' skip = False')
|
|
||||||
runner_lines.append(' continue')
|
|
||||||
runner_lines.append(' if part == "--swap-space":')
|
|
||||||
runner_lines.append(' skip = True')
|
|
||||||
runner_lines.append(' continue')
|
|
||||||
runner_lines.append(' if part.startswith("--swap-space="):')
|
|
||||||
runner_lines.append(' continue')
|
|
||||||
runner_lines.append(' out.append(part)')
|
|
||||||
runner_lines.append('print(shlex.join(out))')
|
|
||||||
runner_lines.append('PY')
|
|
||||||
runner_lines.append(')"')
|
|
||||||
runner_lines.append(' fi')
|
|
||||||
runner_lines.append(' ODYSSEUS_SERVE_CMD="$(python3 - "$ODYSSEUS_SERVE_CMD" <<\'PY\'')
|
|
||||||
runner_lines.append('import shlex, sys')
|
|
||||||
runner_lines.append('parts = shlex.split(sys.argv[1])')
|
|
||||||
runner_lines.append('patch = r"""import inspect, sys')
|
|
||||||
runner_lines.append('from vllm.engine.arg_utils import EngineArgs, AsyncEngineArgs')
|
|
||||||
runner_lines.append('def _odysseus_swap0(cls):')
|
|
||||||
runner_lines.append(' params = list(inspect.signature(cls).parameters)')
|
|
||||||
runner_lines.append(' if "swap_space" not in params:')
|
|
||||||
runner_lines.append(' return')
|
|
||||||
runner_lines.append(' idx = params.index("swap_space")')
|
|
||||||
runner_lines.append(' defaults = list(cls.__init__.__defaults__ or ())')
|
|
||||||
runner_lines.append(' if idx < len(defaults):')
|
|
||||||
runner_lines.append(' defaults[idx] = 0')
|
|
||||||
runner_lines.append(' cls.__init__.__defaults__ = tuple(defaults)')
|
|
||||||
runner_lines.append(' fields = getattr(cls, "__dataclass_fields__", {})')
|
|
||||||
runner_lines.append(' if "swap_space" in fields:')
|
|
||||||
runner_lines.append(' fields["swap_space"].default = 0')
|
|
||||||
runner_lines.append('_odysseus_swap0(EngineArgs)')
|
|
||||||
runner_lines.append('_odysseus_swap0(AsyncEngineArgs)')
|
|
||||||
runner_lines.append('try:')
|
|
||||||
runner_lines.append(' from vllm.config import CacheConfig')
|
|
||||||
runner_lines.append(' CacheConfig.swap_space = 0')
|
|
||||||
runner_lines.append('except Exception:')
|
|
||||||
runner_lines.append(' pass')
|
|
||||||
runner_lines.append('_orig_create_engine_config = EngineArgs.create_engine_config')
|
|
||||||
runner_lines.append('def _odysseus_create_engine_config(self, *args, **kwargs):')
|
|
||||||
runner_lines.append(' self.swap_space = 0')
|
|
||||||
runner_lines.append(' return _orig_create_engine_config(self, *args, **kwargs)')
|
|
||||||
runner_lines.append('EngineArgs.create_engine_config = _odysseus_create_engine_config')
|
|
||||||
runner_lines.append('AsyncEngineArgs.create_engine_config = _odysseus_create_engine_config')
|
|
||||||
runner_lines.append('from vllm.entrypoints.cli.main import main')
|
|
||||||
runner_lines.append('sys.exit(main())"""')
|
|
||||||
runner_lines.append('try:')
|
|
||||||
runner_lines.append(' serve_i = parts.index("serve")')
|
|
||||||
runner_lines.append('except ValueError:')
|
|
||||||
runner_lines.append(' print(shlex.join(parts))')
|
|
||||||
runner_lines.append('else:')
|
|
||||||
runner_lines.append(' exe_i = serve_i - 1')
|
|
||||||
runner_lines.append(' exe = parts[exe_i] if exe_i >= 0 else "vllm"')
|
|
||||||
runner_lines.append(' py = "python3"')
|
|
||||||
runner_lines.append(' if exe.endswith("/bin/vllm"):')
|
|
||||||
runner_lines.append(' py = exe[:-len("/bin/vllm")] + "/bin/python"')
|
|
||||||
runner_lines.append(' parts[exe_i:serve_i] = [py, "-c", patch]')
|
|
||||||
runner_lines.append(' print(shlex.join(parts))')
|
|
||||||
runner_lines.append('PY')
|
|
||||||
runner_lines.append(')"')
|
|
||||||
runner_lines.append(' echo "[odysseus] Patched vLLM internal swap_space default to 0 for this runtime."')
|
|
||||||
runner_lines.append('fi')
|
|
||||||
elif "sglang.launch_server" in req.cmd:
|
elif "sglang.launch_server" in req.cmd:
|
||||||
runner_lines.append('export PATH="$HOME/.local/bin:$PATH"')
|
runner_lines.append('export PATH="$HOME/.local/bin:$PATH"')
|
||||||
runner_lines.append('if ! command -v sglang &>/dev/null; then')
|
runner_lines.append('if ! command -v sglang &>/dev/null; then')
|
||||||
@@ -1802,10 +1530,7 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
runner_lines,
|
runner_lines,
|
||||||
keep_shell_open=not local_windows,
|
keep_shell_open=not local_windows,
|
||||||
)
|
)
|
||||||
if "vllm serve" in req.cmd:
|
runner_lines.append(req.cmd)
|
||||||
runner_lines.append('eval "$ODYSSEUS_SERVE_CMD"')
|
|
||||||
else:
|
|
||||||
runner_lines.append(req.cmd)
|
|
||||||
if local_windows:
|
if local_windows:
|
||||||
# Detached background process — no interactive shell to keep open.
|
# Detached background process — no interactive shell to keep open.
|
||||||
# Print the exit marker the status poller looks for, then stop.
|
# Print the exit marker the status poller looks for, then stop.
|
||||||
@@ -2109,25 +1834,6 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
out, err = await _run_gpu_shell("ls -1 /sys/class/drm 2>/dev/null", host, ssh_port, timeout=4)
|
out, err = await _run_gpu_shell("ls -1 /sys/class/drm 2>/dev/null", host, ssh_port, timeout=4)
|
||||||
if err is not None or not out:
|
if err is not None or not out:
|
||||||
return []
|
return []
|
||||||
# Pick the runtime label up-front so each GPU dict gets the
|
|
||||||
# right `backend`. AMD silicon can be driven by ROCm/HIP (native)
|
|
||||||
# OR Vulkan (mesa RADV). Reporting "rocm" on a host where no
|
|
||||||
# ROCm toolchain is installed misleads the frontend env-var
|
|
||||||
# prefix logic — it would emit `HIP_VISIBLE_DEVICES=` for a
|
|
||||||
# Vulkan-only stack, which is a silent no-op at best.
|
|
||||||
rt_out, _ = await _run_gpu_shell(
|
|
||||||
'command -v rocminfo >/dev/null 2>&1 && echo rocm '
|
|
||||||
'|| (command -v hipconfig >/dev/null 2>&1 && echo rocm) '
|
|
||||||
'|| (command -v vulkaninfo >/dev/null 2>&1 && echo vulkan) '
|
|
||||||
'|| echo unknown',
|
|
||||||
host, ssh_port, timeout=4,
|
|
||||||
)
|
|
||||||
_amd_runtime = (rt_out or "").strip().splitlines()[-1:][0].strip() if rt_out else "rocm"
|
|
||||||
if _amd_runtime not in ("rocm", "vulkan"):
|
|
||||||
# Default to rocm so existing ROCm-installed hosts keep
|
|
||||||
# working; "unknown" only happens when neither toolchain is
|
|
||||||
# detected (e.g. minimal sysfs read on a fresh box).
|
|
||||||
_amd_runtime = "rocm"
|
|
||||||
gpus = []
|
gpus = []
|
||||||
for entry in out.split():
|
for entry in out.split():
|
||||||
if not entry.startswith("card") or "-" in entry:
|
if not entry.startswith("card") or "-" in entry:
|
||||||
@@ -2171,7 +1877,7 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
"free_mb": free_mb, "total_mb": total_mb, "used_mb": used_mb,
|
"free_mb": free_mb, "total_mb": total_mb, "used_mb": used_mb,
|
||||||
"gtt_used_mb": gtt_used_mb,
|
"gtt_used_mb": gtt_used_mb,
|
||||||
"util_pct": 0, "busy": bool(total_mb and (free_mb / total_mb) < 0.85),
|
"util_pct": 0, "busy": bool(total_mb and (free_mb / total_mb) < 0.85),
|
||||||
"processes": [], "backend": _amd_runtime, "source": "amd-sysfs",
|
"processes": [], "backend": "rocm", "source": "amd-sysfs",
|
||||||
"unified_memory": unified,
|
"unified_memory": unified,
|
||||||
})
|
})
|
||||||
if gpus:
|
if gpus:
|
||||||
@@ -2312,15 +2018,10 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
|
|
||||||
amd_gpus = await _probe_amd_sysfs(host, ssh_port)
|
amd_gpus = await _probe_amd_sysfs(host, ssh_port)
|
||||||
if amd_gpus:
|
if amd_gpus:
|
||||||
# The per-GPU dict already carries the runtime label picked by
|
|
||||||
# _probe_amd_sysfs (rocm vs vulkan); mirror that into the
|
|
||||||
# wrapper so the frontend can read `data.backend` directly
|
|
||||||
# without scanning the list.
|
|
||||||
_amd_wrap_backend = str(amd_gpus[0].get("backend") or "rocm")
|
|
||||||
return {
|
return {
|
||||||
"ok": True,
|
"ok": True,
|
||||||
"gpus": amd_gpus,
|
"gpus": amd_gpus,
|
||||||
"backend": _amd_wrap_backend,
|
"backend": "rocm",
|
||||||
"source": "amd-sysfs",
|
"source": "amd-sysfs",
|
||||||
"fallback_from": "nvidia-smi",
|
"fallback_from": "nvidia-smi",
|
||||||
"nvidia_error": nvidia_error,
|
"nvidia_error": nvidia_error,
|
||||||
@@ -2409,8 +2110,8 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
try:
|
try:
|
||||||
return _state_for_client(json.loads(_cookbook_state_path.read_text(encoding="utf-8")))
|
return _state_for_client(json.loads(_cookbook_state_path.read_text(encoding="utf-8")))
|
||||||
except Exception:
|
except Exception:
|
||||||
return _state_for_client({})
|
return {}
|
||||||
return _state_for_client({})
|
return {}
|
||||||
|
|
||||||
@router.post("/api/cookbook/state")
|
@router.post("/api/cookbook/state")
|
||||||
async def save_cookbook_state(request: Request):
|
async def save_cookbook_state(request: Request):
|
||||||
@@ -2460,17 +2161,6 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
|
|
||||||
disk_tasks = on_disk.get("tasks") or [] if isinstance(on_disk, dict) else []
|
disk_tasks = on_disk.get("tasks") or [] if isinstance(on_disk, dict) else []
|
||||||
incoming_tasks = data.get("tasks") if isinstance(data.get("tasks"), list) else []
|
incoming_tasks = data.get("tasks") if isinstance(data.get("tasks"), list) else []
|
||||||
incoming_removed = data.get("removedTasks") if isinstance(data.get("removedTasks"), dict) else {}
|
|
||||||
disk_removed = on_disk.get("removedTasks") if isinstance(on_disk, dict) and isinstance(on_disk.get("removedTasks"), dict) else {}
|
|
||||||
removed_tasks = {**disk_removed, **incoming_removed}
|
|
||||||
data["removedTasks"] = removed_tasks
|
|
||||||
removed_ids = set(removed_tasks.keys())
|
|
||||||
if removed_ids:
|
|
||||||
incoming_tasks = [
|
|
||||||
t for t in incoming_tasks
|
|
||||||
if not (isinstance(t, dict) and t.get("sessionId") in removed_ids)
|
|
||||||
]
|
|
||||||
data["tasks"] = incoming_tasks
|
|
||||||
# Anti-poisoning guard: a stale browser tab can keep POSTing a
|
# Anti-poisoning guard: a stale browser tab can keep POSTing a
|
||||||
# download task as status='done' from before the strict-finish
|
# download task as status='done' from before the strict-finish
|
||||||
# fix landed, undoing any server-side correction. For each
|
# fix landed, undoing any server-side correction. For each
|
||||||
@@ -2508,8 +2198,6 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
sid = t.get("sessionId")
|
sid = t.get("sessionId")
|
||||||
if not sid or sid in incoming_ids:
|
if not sid or sid in incoming_ids:
|
||||||
continue # client's version wins
|
continue # client's version wins
|
||||||
if sid in removed_ids:
|
|
||||||
continue # intentional cross-device clear/remove
|
|
||||||
ts = t.get("ts") or 0
|
ts = t.get("ts") or 0
|
||||||
if isinstance(ts, (int, float)) and (now_ms - ts) <= RACE_WINDOW_MS:
|
if isinstance(ts, (int, float)) and (now_ms - ts) <= RACE_WINDOW_MS:
|
||||||
preserved.append(t)
|
preserved.append(t)
|
||||||
@@ -2616,14 +2304,16 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
# Add 30% headroom for KV cache, activations, etc.
|
# Add 30% headroom for KV cache, activations, etc.
|
||||||
needed_vram = (est_vram * 1.3) if est_vram else None
|
needed_vram = (est_vram * 1.3) if est_vram else None
|
||||||
|
|
||||||
if vram_gb > 0:
|
if vram_gb > 0 and needed_vram is not None and needed_vram > vram_gb:
|
||||||
if needed_vram is None:
|
continue
|
||||||
# The "trending models that fit" list must be conservative:
|
# Unknown-size models (e.g. MiniMax-M2.7, DeepSeek-V4-Flash) have no
|
||||||
# if we cannot estimate size from the repo id/tags, do not
|
# "NB" in the repo id, so the regex above can't extract their
|
||||||
# present it as runnable on this hardware.
|
# param count. Previously we dropped them entirely, which made
|
||||||
continue
|
# brand-new flagship releases silently vanish from this list even
|
||||||
if needed_vram > vram_gb:
|
# on rigs with hundreds of GB of VRAM. Adapters/LoRAs are already
|
||||||
continue
|
# filtered by _is_excluded(), so what falls through here is
|
||||||
|
# overwhelmingly full models — keep them, just without a size
|
||||||
|
# badge (the frontend handles needed_vram_gb=null gracefully).
|
||||||
|
|
||||||
out.append({
|
out.append({
|
||||||
"repo_id": repo_id,
|
"repo_id": repo_id,
|
||||||
@@ -2820,33 +2510,6 @@ def setup_cookbook_routes() -> APIRouter:
|
|||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.warning(f"orphan sweep: state write failed: {e}")
|
logger.warning(f"orphan sweep: state write failed: {e}")
|
||||||
|
|
||||||
@router.get("/api/cookbook/hf-gguf-files")
|
|
||||||
async def hf_gguf_files(repo_id: str, owner: str = Depends(require_user)):
|
|
||||||
"""List GGUF files in a HuggingFace repo for the direct-download picker."""
|
|
||||||
import httpx
|
|
||||||
|
|
||||||
repo_id = _validate_repo_id(repo_id)
|
|
||||||
url = f"https://huggingface.co/api/models/{repo_id}"
|
|
||||||
try:
|
|
||||||
headers = {}
|
|
||||||
token = _load_stored_hf_token()
|
|
||||||
if token:
|
|
||||||
headers["Authorization"] = f"Bearer {token}"
|
|
||||||
async with httpx.AsyncClient(timeout=15, follow_redirects=True) as client:
|
|
||||||
resp = await client.get(url, headers=headers)
|
|
||||||
if resp.status_code != 200:
|
|
||||||
return {"ok": False, "files": [], "error": f"HF API HTTP {resp.status_code}"}
|
|
||||||
data = resp.json()
|
|
||||||
except Exception:
|
|
||||||
logger.exception("HF GGUF file scan failed for %s", repo)
|
|
||||||
return {"ok": False, "files": [], "error": "HF API request failed"}
|
|
||||||
files = [
|
|
||||||
str(s.get("rfilename") or "")
|
|
||||||
for s in data.get("siblings", [])
|
|
||||||
if str(s.get("rfilename") or "").lower().endswith(".gguf")
|
|
||||||
]
|
|
||||||
return {"ok": True, "repo_id": repo_id, "files": files}
|
|
||||||
|
|
||||||
# In-memory cache for the Ollama library scrape. ollama.com is a public
|
# In-memory cache for the Ollama library scrape. ollama.com is a public
|
||||||
# site, but it doesn't expose a stable JSON listing — we fetch the HTML
|
# site, but it doesn't expose a stable JSON listing — we fetch the HTML
|
||||||
# search page and regex out the model cards. Cached for 1 h so a busy
|
# search page and regex out the model cards. Cached for 1 h so a busy
|
||||||
|
|||||||
@@ -12,7 +12,6 @@ from pydantic import BaseModel
|
|||||||
|
|
||||||
from core.database import Document, DocumentVersion
|
from core.database import Document, DocumentVersion
|
||||||
from core.database import Session as DbSession
|
from core.database import Session as DbSession
|
||||||
from src.auth_helpers import _auth_disabled
|
|
||||||
from src.upload_handler import UploadHandler
|
from src.upload_handler import UploadHandler
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
@@ -79,8 +78,6 @@ def _verify_doc_owner(db, doc: Document, user: str):
|
|||||||
the session join for any not-yet-backfilled legacy row.
|
the session join for any not-yet-backfilled legacy row.
|
||||||
"""
|
"""
|
||||||
if user is None:
|
if user is None:
|
||||||
if _auth_disabled():
|
|
||||||
return # Single-user / no-auth mode: allow access
|
|
||||||
raise HTTPException(403, "Authentication required")
|
raise HTTPException(403, "Authentication required")
|
||||||
if doc.owner is not None:
|
if doc.owner is not None:
|
||||||
if doc.owner != user:
|
if doc.owner != user:
|
||||||
@@ -105,10 +102,8 @@ def _owner_session_filter(q, user):
|
|||||||
|
|
||||||
The owner backfill runs in init_db before the app serves requests, so
|
The owner backfill runs in init_db before the app serves requests, so
|
||||||
by the time this filter is live there are no NULL-owner rows to leak;
|
by the time this filter is live there are no NULL-owner rows to leak;
|
||||||
we therefore match the owner strictly for authenticated callers."""
|
we therefore match the owner strictly."""
|
||||||
if not user:
|
if user is None:
|
||||||
if user == "" or _auth_disabled():
|
|
||||||
return q
|
|
||||||
return q.filter(False)
|
return q.filter(False)
|
||||||
return q.filter(Document.owner == user)
|
return q.filter(Document.owner == user)
|
||||||
|
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ from fastapi import APIRouter, HTTPException, Query, Request, UploadFile, File,
|
|||||||
from sqlalchemy import case, func, or_
|
from sqlalchemy import case, func, or_
|
||||||
from core.database import SessionLocal, Document, DocumentVersion
|
from core.database import SessionLocal, Document, DocumentVersion
|
||||||
from core.database import Session as DbSession
|
from core.database import Session as DbSession
|
||||||
from src.auth_helpers import get_current_user, _auth_disabled
|
from src.auth_helpers import get_current_user
|
||||||
from src.constants import MAIL_ATTACHMENTS_DIR
|
from src.constants import MAIL_ATTACHMENTS_DIR
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
@@ -388,8 +388,7 @@ def setup_document_routes(session_manager, upload_handler=None) -> APIRouter:
|
|||||||
db = SessionLocal()
|
db = SessionLocal()
|
||||||
try:
|
try:
|
||||||
if not user:
|
if not user:
|
||||||
if not _auth_disabled():
|
raise HTTPException(403, "Authentication required")
|
||||||
raise HTTPException(403, "Authentication required")
|
|
||||||
# v2 review HIGH-9: raise 403 explicitly when the caller
|
# v2 review HIGH-9: raise 403 explicitly when the caller
|
||||||
# can't see this session, instead of returning [] which the
|
# can't see this session, instead of returning [] which the
|
||||||
# UI treats identically to "no docs" and silently masks
|
# UI treats identically to "no docs" and silently masks
|
||||||
@@ -504,8 +503,7 @@ def setup_document_routes(session_manager, upload_handler=None) -> APIRouter:
|
|||||||
user = get_current_user(request)
|
user = get_current_user(request)
|
||||||
try:
|
try:
|
||||||
data = await request.json()
|
data = await request.json()
|
||||||
except Exception as e:
|
except Exception:
|
||||||
logger.warning("Failed to parse export request body, defaulting to empty", exc_info=e)
|
|
||||||
data = {}
|
data = {}
|
||||||
ids = data.get("ids") or []
|
ids = data.get("ids") or []
|
||||||
if not ids:
|
if not ids:
|
||||||
@@ -647,8 +645,8 @@ def setup_document_routes(session_manager, upload_handler=None) -> APIRouter:
|
|||||||
try:
|
try:
|
||||||
from src.agent_tools.document_tools import clear_active_document
|
from src.agent_tools.document_tools import clear_active_document
|
||||||
clear_active_document(doc_id)
|
clear_active_document(doc_id)
|
||||||
except Exception as e:
|
except Exception:
|
||||||
logger.warning("Failed to clear active document %r on detach", doc_id, exc_info=e)
|
pass
|
||||||
db.commit()
|
db.commit()
|
||||||
db.refresh(doc)
|
db.refresh(doc)
|
||||||
return _doc_to_dict(doc)
|
return _doc_to_dict(doc)
|
||||||
@@ -1333,12 +1331,6 @@ def setup_document_routes(session_manager, upload_handler=None) -> APIRouter:
|
|||||||
if not pdf_path:
|
if not pdf_path:
|
||||||
raise HTTPException(404, f"Source PDF {upload_id} not found")
|
raise HTTPException(404, f"Source PDF {upload_id} not found")
|
||||||
|
|
||||||
# Fail fast with a clear 503 if the optional PyMuPDF dependency
|
|
||||||
# is missing — fill_fields/stamp_annotations will otherwise
|
|
||||||
# raise RuntimeError deep inside and bubble out as a 500.
|
|
||||||
# Mirrors the convention in _load_pdf_viewer_fitz above.
|
|
||||||
_load_pdf_viewer_fitz()
|
|
||||||
|
|
||||||
values = parse_markdown_to_values(doc.current_content or "")
|
values = parse_markdown_to_values(doc.current_content or "")
|
||||||
out_path = tempfile.NamedTemporaryFile(suffix=".pdf", delete=False).name
|
out_path = tempfile.NamedTemporaryFile(suffix=".pdf", delete=False).name
|
||||||
_to_unlink.append(out_path)
|
_to_unlink.append(out_path)
|
||||||
|
|||||||
+10
-66
@@ -40,16 +40,6 @@ from src.secret_storage import decrypt as _decrypt
|
|||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
class EmailNotConfiguredError(RuntimeError):
|
|
||||||
"""Raised when an IMAP operation is attempted on an account that has no
|
|
||||||
inbox configured (e.g. a send-only / SMTP-only account).
|
|
||||||
|
|
||||||
Subclasses RuntimeError so existing broad ``except Exception`` handlers
|
|
||||||
keep working; callers that want to treat "no inbox" as an empty result
|
|
||||||
rather than a failure can catch this type specifically.
|
|
||||||
"""
|
|
||||||
|
|
||||||
|
|
||||||
def _xoauth2_raw(user: str, access_token: str) -> str:
|
def _xoauth2_raw(user: str, access_token: str) -> str:
|
||||||
"""The SASL XOAUTH2 initial-response string (unencoded).
|
"""The SASL XOAUTH2 initial-response string (unencoded).
|
||||||
|
|
||||||
@@ -235,9 +225,8 @@ def _strip_think(text: str) -> str:
|
|||||||
"""
|
"""
|
||||||
if not text:
|
if not text:
|
||||||
return ""
|
return ""
|
||||||
from src.text_helpers import strip_think as _central, _THINK_TAG_RE
|
from src.text_helpers import strip_think as _central, _THINK_CLOSED_RE, _THINK_OPEN_RE, _THINK_TAG_RE
|
||||||
# Single linear tag check; the old closed/open `.search()` calls could ReDoS.
|
had_think = bool(_THINK_CLOSED_RE.search(text) or _THINK_OPEN_RE.search(text) or _THINK_TAG_RE.search(text))
|
||||||
had_think = bool(_THINK_TAG_RE.search(text))
|
|
||||||
return _central(text, prose=had_think, prompt_echo=True)
|
return _central(text, prose=had_think, prompt_echo=True)
|
||||||
|
|
||||||
|
|
||||||
@@ -939,14 +928,6 @@ def _imap_connect(account_id: str | None = None, owner: str = "",
|
|||||||
# `timeout` is overridable so short-lived callers (e.g. the service-health
|
# `timeout` is overridable so short-lived callers (e.g. the service-health
|
||||||
# probe) can impose a tighter budget than the default IMAP timeout.
|
# probe) can impose a tighter budget than the default IMAP timeout.
|
||||||
cfg = _get_email_config(account_id, owner=owner)
|
cfg = _get_email_config(account_id, owner=owner)
|
||||||
# Send-only (SMTP-only) account: no IMAP host means there is no inbox to
|
|
||||||
# read. Bail out with a clear, typed error instead of handing an empty
|
|
||||||
# host to imaplib — IMAP4("", 993) silently dials localhost:993 and fails
|
|
||||||
# with a confusing "[Errno 111] Connection refused" on every inbox poll.
|
|
||||||
if not cfg.get("imap_host"):
|
|
||||||
raise EmailNotConfiguredError(
|
|
||||||
f"IMAP is not configured for account {cfg.get('account_name') or 'default'!r}"
|
|
||||||
)
|
|
||||||
# Connection mode:
|
# Connection mode:
|
||||||
# STARTTLS on → plain + upgrade
|
# STARTTLS on → plain + upgrade
|
||||||
# STARTTLS off + port 993 → implicit SSL (IMAPS)
|
# STARTTLS off + port 993 → implicit SSL (IMAPS)
|
||||||
@@ -1252,30 +1233,22 @@ def _list_attachments_from_msg(msg):
|
|||||||
return attachments
|
return attachments
|
||||||
idx = 0
|
idx = 0
|
||||||
for part in msg.walk():
|
for part in msg.walk():
|
||||||
|
if part.is_multipart():
|
||||||
|
continue
|
||||||
cd = str(part.get("Content-Disposition", ""))
|
cd = str(part.get("Content-Disposition", ""))
|
||||||
ct = part.get_content_type()
|
ct = part.get_content_type()
|
||||||
is_attached_email = ct == "message/rfc822" and ("attachment" in cd.lower() or part.get_filename())
|
|
||||||
if part.is_multipart() and not is_attached_email:
|
|
||||||
continue
|
|
||||||
# Skip text/html body parts (only consider real attachments)
|
# Skip text/html body parts (only consider real attachments)
|
||||||
if ct in ("text/plain", "text/html") and "attachment" not in cd:
|
if ct in ("text/plain", "text/html") and "attachment" not in cd:
|
||||||
continue
|
continue
|
||||||
filename = part.get_filename()
|
filename = part.get_filename()
|
||||||
if filename:
|
if filename:
|
||||||
filename = _decode_header(filename)
|
filename = _decode_header(filename)
|
||||||
if ct == "message/rfc822" and not re.search(r"\.[A-Za-z0-9]{1,8}$", filename):
|
|
||||||
filename = f"{filename}.eml"
|
|
||||||
else:
|
else:
|
||||||
# Inline images, etc. - generate a name
|
# Inline images, etc. - generate a name
|
||||||
ext = "eml" if ct == "message/rfc822" else (ct.split("/")[-1] if "/" in ct else "bin")
|
ext = ct.split("/")[-1] if "/" in ct else "bin"
|
||||||
filename = f"attachment_{idx}.{ext}"
|
filename = f"attachment_{idx}.{ext}"
|
||||||
payload = part.get_payload(decode=True)
|
payload = part.get_payload(decode=True)
|
||||||
if payload is None and ct == "message/rfc822":
|
size = len(payload) if payload else 0
|
||||||
try:
|
|
||||||
payload = part.as_bytes()
|
|
||||||
except Exception:
|
|
||||||
payload = b""
|
|
||||||
size = len(payload) if payload is not None else 0
|
|
||||||
attachments.append({
|
attachments.append({
|
||||||
"index": idx,
|
"index": idx,
|
||||||
"filename": filename,
|
"filename": filename,
|
||||||
@@ -1287,58 +1260,29 @@ def _list_attachments_from_msg(msg):
|
|||||||
return attachments
|
return attachments
|
||||||
|
|
||||||
|
|
||||||
def _is_likely_signature_image_attachment(att: dict) -> bool:
|
|
||||||
"""Match the reader's inline signature/logo image filter."""
|
|
||||||
filename = str((att or {}).get("filename") or "").lower()
|
|
||||||
if not re.search(r"\.(png|jpe?g|gif|bmp|svg|webp)$", filename):
|
|
||||||
return False
|
|
||||||
size = int((att or {}).get("size") or 0)
|
|
||||||
if re.search(r"^image\d{3,}\.(png|jpe?g|gif)$", filename):
|
|
||||||
return True
|
|
||||||
if re.search(r"^(signature|logo|sig|footer|banner)[-_\d]*\.(png|jpe?g|gif|svg)$", filename):
|
|
||||||
return True
|
|
||||||
return 0 < size < 30 * 1024
|
|
||||||
|
|
||||||
|
|
||||||
def _has_visible_attachments(msg) -> bool:
|
|
||||||
"""Return True only for attachments the reader will render as chips."""
|
|
||||||
return any(
|
|
||||||
not _is_likely_signature_image_attachment(att)
|
|
||||||
for att in _list_attachments_from_msg(msg)
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def _extract_attachment_to_disk(msg, index, target_dir):
|
def _extract_attachment_to_disk(msg, index, target_dir):
|
||||||
"""Extract a specific attachment to disk and return the file path."""
|
"""Extract a specific attachment to disk and return the file path."""
|
||||||
if not msg.is_multipart():
|
if not msg.is_multipart():
|
||||||
return None
|
return None
|
||||||
idx = 0
|
idx = 0
|
||||||
for part in msg.walk():
|
for part in msg.walk():
|
||||||
|
if part.is_multipart():
|
||||||
|
continue
|
||||||
cd = str(part.get("Content-Disposition", ""))
|
cd = str(part.get("Content-Disposition", ""))
|
||||||
ct = part.get_content_type()
|
ct = part.get_content_type()
|
||||||
is_attached_email = ct == "message/rfc822" and ("attachment" in cd.lower() or part.get_filename())
|
|
||||||
if part.is_multipart() and not is_attached_email:
|
|
||||||
continue
|
|
||||||
if ct in ("text/plain", "text/html") and "attachment" not in cd:
|
if ct in ("text/plain", "text/html") and "attachment" not in cd:
|
||||||
continue
|
continue
|
||||||
if idx == index:
|
if idx == index:
|
||||||
filename = part.get_filename()
|
filename = part.get_filename()
|
||||||
if filename:
|
if filename:
|
||||||
filename = _decode_header(filename)
|
filename = _decode_header(filename)
|
||||||
if ct == "message/rfc822" and not re.search(r"\.[A-Za-z0-9]{1,8}$", filename):
|
|
||||||
filename = f"{filename}.eml"
|
|
||||||
else:
|
else:
|
||||||
ext = "eml" if ct == "message/rfc822" else (ct.split("/")[-1] if "/" in ct else "bin")
|
ext = ct.split("/")[-1] if "/" in ct else "bin"
|
||||||
filename = f"attachment_{idx}.{ext}"
|
filename = f"attachment_{idx}.{ext}"
|
||||||
# Sanitize
|
# Sanitize
|
||||||
safe_name = re.sub(r"[^\w\s\-.]", "_", filename).strip()
|
safe_name = re.sub(r"[^\w\s\-.]", "_", filename).strip()
|
||||||
payload = part.get_payload(decode=True)
|
payload = part.get_payload(decode=True)
|
||||||
if payload is None and ct == "message/rfc822":
|
if not payload:
|
||||||
try:
|
|
||||||
payload = part.as_bytes()
|
|
||||||
except Exception:
|
|
||||||
payload = b""
|
|
||||||
if payload is None:
|
|
||||||
return None
|
return None
|
||||||
target_dir.mkdir(parents=True, exist_ok=True)
|
target_dir.mkdir(parents=True, exist_ok=True)
|
||||||
filepath = target_dir / safe_name
|
filepath = target_dir / safe_name
|
||||||
|
|||||||
+15
-29
@@ -44,17 +44,6 @@ from routes.email_helpers import (
|
|||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
# Recovers a `[{"action": ...}, ...]` JSON array from raw LLM output when the
|
|
||||||
# fenced-block strip leaves nothing usable. Runs on model output influenced by
|
|
||||||
# untrusted email bodies, so it must not backtrack: the object content class is
|
|
||||||
# `[^{}]` (brace-delimited, greedy) rather than the old `[^[\]]*?` lazy runs,
|
|
||||||
# which exploded exponentially on inputs like `[{"action"},{` + `}},{{` * N
|
|
||||||
# (CodeQL py/redos #198).
|
|
||||||
_CAL_ACTION_ARRAY_RE = re.compile(
|
|
||||||
r'\[\s*\{[^{}]*"action"[^{}]*\}\s*(?:,\s*\{[^{}]*\}\s*)*\]',
|
|
||||||
re.DOTALL,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def _owner_for_email_account(account_id: str | None) -> str:
|
def _owner_for_email_account(account_id: str | None) -> str:
|
||||||
if not account_id:
|
if not account_id:
|
||||||
@@ -569,7 +558,7 @@ async def _auto_summarize_pass_single(days_back: int = 1, account_id: str | None
|
|||||||
cal_extract = _strip_think(_raw_original)
|
cal_extract = _strip_think(_raw_original)
|
||||||
cal_extract = re.sub(r"^```(?:json)?\s*|\s*```$", "", cal_extract, flags=re.MULTILINE).strip()
|
cal_extract = re.sub(r"^```(?:json)?\s*|\s*```$", "", cal_extract, flags=re.MULTILINE).strip()
|
||||||
if not cal_extract and _raw_original:
|
if not cal_extract and _raw_original:
|
||||||
matches = list(_CAL_ACTION_ARRAY_RE.finditer(_raw_original))
|
matches = list(re.finditer(r'\[\s*\{[^[\]]*?"action"[^[\]]*?\}\s*(?:,\s*\{[^[\]]*?\}\s*)*\]', _raw_original, re.DOTALL))
|
||||||
if matches:
|
if matches:
|
||||||
cal_extract = matches[-1].group()
|
cal_extract = matches[-1].group()
|
||||||
logger.info(f"[cal-extract] uid={uid.decode() if isinstance(uid, bytes) else uid} folder={_folder} subj={subject[:50]!r} raw_len={len(cal_extract)} orig_len={len(_raw_original)} raw={cal_extract[:800]!r}")
|
logger.info(f"[cal-extract] uid={uid.decode() if isinstance(uid, bytes) else uid} folder={_folder} subj={subject[:50]!r} raw_len={len(cal_extract)} orig_len={len(_raw_original)} raw={cal_extract[:800]!r}")
|
||||||
@@ -694,23 +683,20 @@ async def _auto_summarize_pass_single(days_back: int = 1, account_id: str | None
|
|||||||
logger.warning(f"[cal-extract] JSON parse failed: {je} on raw={cal_extract[:200]!r}")
|
logger.warning(f"[cal-extract] JSON parse failed: {je} on raw={cal_extract[:200]!r}")
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.warning(f"[cal-extract] Meeting extraction LLM call failed for uid={uid}: {e}")
|
logger.warning(f"[cal-extract] Meeting extraction LLM call failed for uid={uid}: {e}")
|
||||||
else:
|
# Record we processed this email so we don't re-LLM next run
|
||||||
# Record we processed this email so we don't re-LLM next run.
|
try:
|
||||||
# Only mark as processed on success ? transient LLM failures
|
_cc = _sql3.connect(SCHEDULED_DB)
|
||||||
# are retried on the next poll run (matches summary/reply pattern).
|
_cc.execute(
|
||||||
try:
|
"INSERT OR REPLACE INTO email_calendar_extractions "
|
||||||
_cc = _sql3.connect(SCHEDULED_DB)
|
"(message_id, owner, uid, events_created, created_at) VALUES (?, ?, ?, ?, ?)",
|
||||||
_cc.execute(
|
(message_id, account_owner or "", uid.decode() if isinstance(uid, bytes) else str(uid),
|
||||||
"INSERT OR REPLACE INTO email_calendar_extractions "
|
_cal_run_count, datetime.utcnow().isoformat())
|
||||||
"(message_id, owner, uid, events_created, created_at) VALUES (?, ?, ?, ?, ?)",
|
)
|
||||||
(message_id, account_owner or "", uid.decode() if isinstance(uid, bytes) else str(uid),
|
_cc.commit()
|
||||||
_cal_run_count, datetime.utcnow().isoformat())
|
_cc.close()
|
||||||
)
|
_cal_existing.add(message_id)
|
||||||
_cc.commit()
|
except Exception as ce:
|
||||||
_cc.close()
|
logger.debug(f"Could not cache calendar extraction: {ce}")
|
||||||
_cal_existing.add(message_id)
|
|
||||||
except Exception as ce:
|
|
||||||
logger.debug(f"Could not cache calendar extraction: {ce}")
|
|
||||||
|
|
||||||
if need_urgent:
|
if need_urgent:
|
||||||
try:
|
try:
|
||||||
|
|||||||
+55
-265
@@ -46,9 +46,8 @@ from routes.email_helpers import (
|
|||||||
_send_smtp_message, _smtp_security_mode,
|
_send_smtp_message, _smtp_security_mode,
|
||||||
_IMAP_TIMEOUT_SECONDS, _open_imap_connection,
|
_IMAP_TIMEOUT_SECONDS, _open_imap_connection,
|
||||||
make_oauth_state, verify_oauth_state,
|
make_oauth_state, verify_oauth_state,
|
||||||
EmailNotConfiguredError,
|
|
||||||
_imap_connect, _imap, _decode_header, _detect_sent_folder, _detect_drafts_folder,
|
_imap_connect, _imap, _decode_header, _detect_sent_folder, _detect_drafts_folder,
|
||||||
_extract_attachment_text, _list_attachments_from_msg, _has_visible_attachments, _is_likely_signature_image_attachment,
|
_extract_attachment_text, _list_attachments_from_msg,
|
||||||
_extract_attachment_to_disk, _extract_html, _extract_text,
|
_extract_attachment_to_disk, _extract_html, _extract_text,
|
||||||
_fetch_sender_thread_context, _pre_retrieve_context,
|
_fetch_sender_thread_context, _pre_retrieve_context,
|
||||||
_EMAIL_REPLY_SYS_PROMPT_BASE, _POOL_HOOKS,
|
_EMAIL_REPLY_SYS_PROMPT_BASE, _POOL_HOOKS,
|
||||||
@@ -62,22 +61,6 @@ from routes.email_pollers import _start_poller
|
|||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
ODYSSEUS_MAIL_ORIGIN = "odysseus-ui"
|
ODYSSEUS_MAIL_ORIGIN = "odysseus-ui"
|
||||||
EMAIL_READ_ATTACHMENT_VERSION = 2
|
|
||||||
|
|
||||||
|
|
||||||
def _coerce_port(value, default):
|
|
||||||
"""Coerce a user-supplied port to int.
|
|
||||||
|
|
||||||
Returns ``(port, error)``. A missing or blank value yields ``default``; a
|
|
||||||
non-numeric value yields ``(None, message)`` so callers can return a clean
|
|
||||||
error instead of letting ``int()`` raise and surface as an HTTP 500.
|
|
||||||
"""
|
|
||||||
if value in (None, ""):
|
|
||||||
return default, None
|
|
||||||
try:
|
|
||||||
return int(value), None
|
|
||||||
except (TypeError, ValueError):
|
|
||||||
return None, f"Invalid port {value!r}; must be a whole number"
|
|
||||||
|
|
||||||
|
|
||||||
def _email_tag_owner_aliases(account_id: str | None, owner: str = "") -> list[str]:
|
def _email_tag_owner_aliases(account_id: str | None, owner: str = "") -> list[str]:
|
||||||
@@ -96,16 +79,15 @@ def _email_tag_owner_aliases(account_id: str | None, owner: str = "") -> list[st
|
|||||||
cfg.get("smtp_user") or "",
|
cfg.get("smtp_user") or "",
|
||||||
cfg.get("from_address") or "",
|
cfg.get("from_address") or "",
|
||||||
])
|
])
|
||||||
except Exception as _e:
|
except Exception:
|
||||||
logger.warning("Failed to resolve email account alias", exc_info=_e)
|
|
||||||
resolved_account_id = None
|
resolved_account_id = None
|
||||||
row = db.get(_EA, resolved_account_id) if resolved_account_id else None
|
row = db.get(_EA, resolved_account_id) if resolved_account_id else None
|
||||||
if row:
|
if row:
|
||||||
aliases.extend([row.owner or "", row.imap_user or "", row.from_address or ""])
|
aliases.extend([row.owner or "", row.imap_user or "", row.from_address or ""])
|
||||||
finally:
|
finally:
|
||||||
db.close()
|
db.close()
|
||||||
except Exception as _e:
|
except Exception:
|
||||||
logger.warning("Failed to load email aliases", exc_info=_e)
|
pass
|
||||||
out = []
|
out = []
|
||||||
for a in aliases:
|
for a in aliases:
|
||||||
a = (a or "").strip()
|
a = (a or "").strip()
|
||||||
@@ -265,21 +247,6 @@ def _imap_uid_fetch(conn, uid_set: str | bytes, query: str):
|
|||||||
return conn.uid("FETCH", _uid_bytes(uid_set), query)
|
return conn.uid("FETCH", _uid_bytes(uid_set), query)
|
||||||
|
|
||||||
|
|
||||||
def _imap_search_quote(value: str) -> str:
|
|
||||||
return '"' + str(value or "").replace("\\", "\\\\").replace('"', '\\"') + '"'
|
|
||||||
|
|
||||||
|
|
||||||
def _message_id_chain(*values: str) -> list[str]:
|
|
||||||
seen = set()
|
|
||||||
out = []
|
|
||||||
for value in values:
|
|
||||||
for mid in re.findall(r"<[^>]+>", value or ""):
|
|
||||||
if mid not in seen:
|
|
||||||
seen.add(mid)
|
|
||||||
out.append(mid)
|
|
||||||
return out
|
|
||||||
|
|
||||||
|
|
||||||
def _uid_from_fetch_meta(meta_b: bytes) -> str:
|
def _uid_from_fetch_meta(meta_b: bytes) -> str:
|
||||||
m = re.search(rb"\bUID\s+(\d+)\b", meta_b)
|
m = re.search(rb"\bUID\s+(\d+)\b", meta_b)
|
||||||
return m.group(1).decode() if m else ""
|
return m.group(1).decode() if m else ""
|
||||||
@@ -398,21 +365,6 @@ def _apply_odysseus_headers(msg, kind: str | None = None, ref_id: str | None = N
|
|||||||
msg["X-Odysseus-Ref"] = re.sub(r"[^A-Za-z0-9_.:-]", "-", ref_id)[:128]
|
msg["X-Odysseus-Ref"] = re.sub(r"[^A-Za-z0-9_.:-]", "-", ref_id)[:128]
|
||||||
|
|
||||||
|
|
||||||
def _normalize_addr_field(field: str) -> str:
|
|
||||||
"""Strip the malformed-but-common trailing/leading commas and stray
|
|
||||||
whitespace from a To/Cc/Bcc string before it lands in the MIME header
|
|
||||||
or the SMTP envelope. Users often paste a single address with a
|
|
||||||
trailing comma (e.g. `felix@pewdiepie.com,`) and most MTAs reject the
|
|
||||||
resulting `To: felix@pewdiepie.com,` line as a syntax error. Collapse
|
|
||||||
any run of separator junk between addresses too."""
|
|
||||||
if not field:
|
|
||||||
return field
|
|
||||||
# Split on commas, drop empty tokens, rejoin with a single ', '.
|
|
||||||
parts = [p.strip() for p in field.split(",")]
|
|
||||||
parts = [p for p in parts if p]
|
|
||||||
return ", ".join(parts)
|
|
||||||
|
|
||||||
|
|
||||||
def _envelope_recipients(*fields: str) -> list:
|
def _envelope_recipients(*fields: str) -> list:
|
||||||
"""Extract bare SMTP envelope addresses from one or more To/Cc/Bcc header
|
"""Extract bare SMTP envelope addresses from one or more To/Cc/Bcc header
|
||||||
strings. A naive `field.split(",")` corrupts display names that contain a
|
strings. A naive `field.split(",")` corrupts display names that contain a
|
||||||
@@ -1030,11 +982,6 @@ def setup_email_routes():
|
|||||||
logger.debug(f"Bulk summary attach skipped: {_summary_err}")
|
logger.debug(f"Bulk summary attach skipped: {_summary_err}")
|
||||||
|
|
||||||
return {"emails": emails, "total": total, "folder": folder, "offset": offset}
|
return {"emails": emails, "total": total, "folder": folder, "offset": offset}
|
||||||
except EmailNotConfiguredError:
|
|
||||||
# Send-only (SMTP-only) account: there is no inbox to read, so the
|
|
||||||
# poll returns an empty list instead of a per-minute error. SMTP
|
|
||||||
# send is unaffected.
|
|
||||||
return {"emails": [], "total": 0, "folder": folder, "offset": offset}
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.error(f"Failed to list emails: {e}")
|
logger.error(f"Failed to list emails: {e}")
|
||||||
detail = str(e).strip()
|
detail = str(e).strip()
|
||||||
@@ -1046,65 +993,6 @@ def setup_email_routes():
|
|||||||
except Exception:
|
except Exception:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
def _related_thread_attachments_sync(
|
|
||||||
folder: str,
|
|
||||||
account_id: str | None,
|
|
||||||
owner: str,
|
|
||||||
current_uid: str,
|
|
||||||
current_message_id: str,
|
|
||||||
in_reply_to: str,
|
|
||||||
references: str,
|
|
||||||
limit: int = 12,
|
|
||||||
) -> list[dict]:
|
|
||||||
"""Return visible attachments from referenced messages in this folder."""
|
|
||||||
wanted_ids = _message_id_chain(references, in_reply_to)
|
|
||||||
current_mid = (current_message_id or "").strip()
|
|
||||||
wanted_ids = [mid for mid in wanted_ids if mid and mid != current_mid]
|
|
||||||
if not wanted_ids:
|
|
||||||
return []
|
|
||||||
|
|
||||||
related: list[dict] = []
|
|
||||||
try:
|
|
||||||
with _imap(account_id, owner=owner) as conn:
|
|
||||||
conn.select(_q(folder), readonly=True)
|
|
||||||
# Search newest referenced messages first; cap work so opening
|
|
||||||
# a long thread stays bounded.
|
|
||||||
for mid in reversed(wanted_ids[-10:]):
|
|
||||||
if len(related) >= limit:
|
|
||||||
break
|
|
||||||
status, data = _imap_uid_search(conn, f'(HEADER Message-ID {_imap_search_quote(mid)})')
|
|
||||||
if status != "OK" or not data or not data[0]:
|
|
||||||
continue
|
|
||||||
for uid_b in reversed(data[0].split()[-3:]):
|
|
||||||
source_uid = uid_b.decode(errors="ignore")
|
|
||||||
if not source_uid or source_uid == str(current_uid):
|
|
||||||
continue
|
|
||||||
st2, msg_data = _imap_uid_fetch(conn, source_uid, "(BODY.PEEK[])")
|
|
||||||
if st2 != "OK" or not msg_data or not isinstance(msg_data[0], tuple):
|
|
||||||
continue
|
|
||||||
msg = email_mod.message_from_bytes(msg_data[0][1])
|
|
||||||
source_from = _decode_header(msg.get("From", ""))
|
|
||||||
source_subject = _decode_header(msg.get("Subject", ""))
|
|
||||||
source_date = msg.get("Date", "")
|
|
||||||
for att in _list_attachments_from_msg(msg):
|
|
||||||
if _is_likely_signature_image_attachment(att):
|
|
||||||
continue
|
|
||||||
enriched = dict(att)
|
|
||||||
enriched.update({
|
|
||||||
"source_uid": source_uid,
|
|
||||||
"source_folder": folder,
|
|
||||||
"source_message_id": (msg.get("Message-ID") or "").strip(),
|
|
||||||
"source_from": source_from,
|
|
||||||
"source_subject": source_subject,
|
|
||||||
"source_date": source_date,
|
|
||||||
})
|
|
||||||
related.append(enriched)
|
|
||||||
if len(related) >= limit:
|
|
||||||
break
|
|
||||||
except Exception as e:
|
|
||||||
logger.debug(f"related thread attachment lookup failed uid={current_uid}: {e}")
|
|
||||||
return related
|
|
||||||
|
|
||||||
@router.get("/list")
|
@router.get("/list")
|
||||||
async def list_emails(
|
async def list_emails(
|
||||||
folder: str = Query("INBOX"),
|
folder: str = Query("INBOX"),
|
||||||
@@ -1375,17 +1263,6 @@ def setup_email_routes():
|
|||||||
sender_name, sender_addr = email.utils.parseaddr(sender)
|
sender_name, sender_addr = email.utils.parseaddr(sender)
|
||||||
parsed_date = email.utils.parsedate_to_datetime(date_str) if date_str else None
|
parsed_date = email.utils.parsedate_to_datetime(date_str) if date_str else None
|
||||||
attachments = _list_attachments_from_msg(msg)
|
attachments = _list_attachments_from_msg(msg)
|
||||||
related_attachments = []
|
|
||||||
if not _has_visible_attachments(msg):
|
|
||||||
related_attachments = _related_thread_attachments_sync(
|
|
||||||
folder,
|
|
||||||
account_id,
|
|
||||||
owner,
|
|
||||||
uid,
|
|
||||||
message_id,
|
|
||||||
in_reply_to,
|
|
||||||
references,
|
|
||||||
)
|
|
||||||
|
|
||||||
if mark_seen:
|
if mark_seen:
|
||||||
# Set \Seen in a separate readwrite session so concurrent reads
|
# Set \Seen in a separate readwrite session so concurrent reads
|
||||||
@@ -1494,8 +1371,6 @@ def setup_email_routes():
|
|||||||
"body": body,
|
"body": body,
|
||||||
"body_html": body_html,
|
"body_html": body_html,
|
||||||
"attachments": attachments,
|
"attachments": attachments,
|
||||||
"related_attachments": related_attachments,
|
|
||||||
"attachment_version": EMAIL_READ_ATTACHMENT_VERSION,
|
|
||||||
"cached_summary": cached_summary,
|
"cached_summary": cached_summary,
|
||||||
"cached_ai_reply": cached_ai_reply,
|
"cached_ai_reply": cached_ai_reply,
|
||||||
"boundaries": cached_boundaries,
|
"boundaries": cached_boundaries,
|
||||||
@@ -1526,12 +1401,6 @@ def setup_email_routes():
|
|||||||
"""Read email body. Cached for 30m, sync IMAP work runs in a thread."""
|
"""Read email body. Cached for 30m, sync IMAP work runs in a thread."""
|
||||||
ck = _read_cache_key(account_id, folder, uid, owner=owner)
|
ck = _read_cache_key(account_id, folder, uid, owner=owner)
|
||||||
cached = _read_cache_get(ck)
|
cached = _read_cache_get(ck)
|
||||||
if cached is not None:
|
|
||||||
# Older cached read responses lack the thread-attachment fallback.
|
|
||||||
# Fetch once so replies that reference prior attachments can show
|
|
||||||
# those files without waiting for cache expiry.
|
|
||||||
if cached.get("attachment_version") != EMAIL_READ_ATTACHMENT_VERSION:
|
|
||||||
cached = None
|
|
||||||
if cached is not None:
|
if cached is not None:
|
||||||
if mark_seen:
|
if mark_seen:
|
||||||
try:
|
try:
|
||||||
@@ -1666,12 +1535,6 @@ def setup_email_routes():
|
|||||||
return {"error": f"Attachment index {index} not found"}
|
return {"error": f"Attachment index {index} not found"}
|
||||||
|
|
||||||
from pathlib import Path as _Path
|
from pathlib import Path as _Path
|
||||||
target_root = os.path.abspath(str(target_dir))
|
|
||||||
filepath_str = os.path.abspath(str(filepath))
|
|
||||||
if os.path.commonpath([target_root, filepath_str]) != target_root:
|
|
||||||
logger.warning("Rejected attachment path outside extraction dir: %s", filepath)
|
|
||||||
return {"error": "Invalid attachment path"}
|
|
||||||
filepath = _Path(filepath_str)
|
|
||||||
base = _Path(filepath).name
|
base = _Path(filepath).name
|
||||||
if base.startswith("."):
|
if base.startswith("."):
|
||||||
return {"error": "Invalid filename", "filename": base}
|
return {"error": "Invalid filename", "filename": base}
|
||||||
@@ -1726,65 +1589,6 @@ def setup_email_routes():
|
|||||||
return None
|
return None
|
||||||
doc_session_id = _resolve_doc_session()
|
doc_session_id = _resolve_doc_session()
|
||||||
|
|
||||||
def _create_markdown_doc(content: str, summary: str):
|
|
||||||
from src.database import SessionLocal as _SL, Document as _Doc, DocumentVersion as _DV
|
|
||||||
doc_id = str(uuid.uuid4())
|
|
||||||
ver_id = str(uuid.uuid4())
|
|
||||||
_db = _SL()
|
|
||||||
try:
|
|
||||||
_db.query(_Doc).filter(_Doc.is_active == True).update({"is_active": False})
|
|
||||||
_db.add(_Doc(
|
|
||||||
id=doc_id, session_id=doc_session_id, title=title,
|
|
||||||
language="markdown", current_content=content,
|
|
||||||
version_count=1, is_active=True,
|
|
||||||
))
|
|
||||||
_db.add(_DV(
|
|
||||||
id=ver_id, document_id=doc_id, version_number=1,
|
|
||||||
content=content, summary=summary, source="upload",
|
|
||||||
))
|
|
||||||
_db.commit()
|
|
||||||
finally:
|
|
||||||
_db.close()
|
|
||||||
_tag_doc_with_source(doc_id)
|
|
||||||
return doc_id
|
|
||||||
|
|
||||||
def _attached_email_markdown(raw_bytes: bytes):
|
|
||||||
if not raw_bytes:
|
|
||||||
return f"# Attached email: {base}\n\n_(empty email attachment)_"
|
|
||||||
try:
|
|
||||||
attached_msg = email_mod.message_from_bytes(raw_bytes)
|
|
||||||
except Exception:
|
|
||||||
logger.exception("Failed to parse attached email %s", base)
|
|
||||||
return f"# Attached email: {base}\n\nCould not parse this email attachment."
|
|
||||||
|
|
||||||
attached_subject = _decode_header(attached_msg.get("Subject", "")) or base
|
|
||||||
attached_from = _decode_header(attached_msg.get("From", ""))
|
|
||||||
attached_to = _decode_header(attached_msg.get("To", ""))
|
|
||||||
attached_cc = _decode_header(attached_msg.get("Cc", ""))
|
|
||||||
attached_date = attached_msg.get("Date", "")
|
|
||||||
attached_body = _extract_text(attached_msg).strip()
|
|
||||||
attached_atts = _list_attachments_from_msg(attached_msg)
|
|
||||||
|
|
||||||
lines = [f"# Attached email: {attached_subject}", ""]
|
|
||||||
if attached_from:
|
|
||||||
lines.append(f"**From:** {attached_from}")
|
|
||||||
if attached_to:
|
|
||||||
lines.append(f"**To:** {attached_to}")
|
|
||||||
if attached_cc:
|
|
||||||
lines.append(f"**Cc:** {attached_cc}")
|
|
||||||
if attached_date:
|
|
||||||
lines.append(f"**Date:** {attached_date}")
|
|
||||||
lines.extend(["", "## Body", "", attached_body or "_(no readable body)_"])
|
|
||||||
if attached_atts:
|
|
||||||
lines.extend(["", "## Attachments", ""])
|
|
||||||
for att in attached_atts:
|
|
||||||
size = int(att.get("size") or 0)
|
|
||||||
size_label = f"{size} B" if size < 1024 else f"{round(size / 1024)} KB"
|
|
||||||
name = att.get("filename") or f"attachment_{att.get('index', '')}"
|
|
||||||
ctype = att.get("content_type") or "application/octet-stream"
|
|
||||||
lines.append(f"- {name} ({ctype}, {size_label})")
|
|
||||||
return "\n".join(lines).strip()
|
|
||||||
|
|
||||||
# ── PDF path (existing) ────────────────────────────────────
|
# ── PDF path (existing) ────────────────────────────────────
|
||||||
if ext == ".pdf":
|
if ext == ".pdf":
|
||||||
import shutil as _shutil
|
import shutil as _shutil
|
||||||
@@ -1831,39 +1635,6 @@ def setup_email_routes():
|
|||||||
_tag_doc_with_source(doc_id)
|
_tag_doc_with_source(doc_id)
|
||||||
return {"doc_id": doc_id, "filename": filepath.name}
|
return {"doc_id": doc_id, "filename": filepath.name}
|
||||||
|
|
||||||
# ── Attached email (.eml / message/rfc822) ────────────────
|
|
||||||
if ext == ".eml":
|
|
||||||
def _attachment_bytes_from_msg():
|
|
||||||
if not msg.is_multipart():
|
|
||||||
return b""
|
|
||||||
idx = 0
|
|
||||||
for part in msg.walk():
|
|
||||||
cd = str(part.get("Content-Disposition", ""))
|
|
||||||
ct = part.get_content_type()
|
|
||||||
is_attached_email = ct == "message/rfc822" and ("attachment" in cd.lower() or part.get_filename())
|
|
||||||
if part.is_multipart() and not is_attached_email:
|
|
||||||
continue
|
|
||||||
if ct in ("text/plain", "text/html") and "attachment" not in cd:
|
|
||||||
continue
|
|
||||||
if idx == index:
|
|
||||||
payload = part.get_payload(decode=True)
|
|
||||||
if payload is None and ct == "message/rfc822":
|
|
||||||
try:
|
|
||||||
payload = part.as_bytes()
|
|
||||||
except Exception:
|
|
||||||
payload = b""
|
|
||||||
return payload or b""
|
|
||||||
idx += 1
|
|
||||||
return b""
|
|
||||||
|
|
||||||
try:
|
|
||||||
content = _attached_email_markdown(_attachment_bytes_from_msg())
|
|
||||||
except Exception:
|
|
||||||
logger.exception("Failed to read email attachment %s", base)
|
|
||||||
return {"error": "Failed to read email attachment", "filename": base}
|
|
||||||
doc_id = _create_markdown_doc(content, "Imported attached email")
|
|
||||||
return {"doc_id": doc_id, "filename": filepath.name}
|
|
||||||
|
|
||||||
# ── DOCX path: extract text → markdown document ───────────
|
# ── DOCX path: extract text → markdown document ───────────
|
||||||
if ext == ".docx":
|
if ext == ".docx":
|
||||||
try:
|
try:
|
||||||
@@ -1901,7 +1672,25 @@ def setup_email_routes():
|
|||||||
lines.append("")
|
lines.append("")
|
||||||
content = "\n".join(lines).strip() or f"_(empty {base})_"
|
content = "\n".join(lines).strip() or f"_(empty {base})_"
|
||||||
|
|
||||||
doc_id = _create_markdown_doc(content, "Imported from DOCX")
|
from src.database import SessionLocal as _SL, Document as _Doc, DocumentVersion as _DV
|
||||||
|
doc_id = str(uuid.uuid4())
|
||||||
|
ver_id = str(uuid.uuid4())
|
||||||
|
_db = _SL()
|
||||||
|
try:
|
||||||
|
_db.query(_Doc).filter(_Doc.is_active == True).update({"is_active": False})
|
||||||
|
_db.add(_Doc(
|
||||||
|
id=doc_id, session_id=doc_session_id, title=title,
|
||||||
|
language="markdown", current_content=content,
|
||||||
|
version_count=1, is_active=True,
|
||||||
|
))
|
||||||
|
_db.add(_DV(
|
||||||
|
id=ver_id, document_id=doc_id, version_number=1,
|
||||||
|
content=content, summary="Imported from DOCX", source="upload",
|
||||||
|
))
|
||||||
|
_db.commit()
|
||||||
|
finally:
|
||||||
|
_db.close()
|
||||||
|
_tag_doc_with_source(doc_id)
|
||||||
return {"doc_id": doc_id, "filename": filepath.name}
|
return {"doc_id": doc_id, "filename": filepath.name}
|
||||||
|
|
||||||
# ── Plain text / markdown ────────────────────────────────
|
# ── Plain text / markdown ────────────────────────────────
|
||||||
@@ -1910,7 +1699,25 @@ def setup_email_routes():
|
|||||||
content = filepath.read_text(encoding="utf-8", errors="replace")
|
content = filepath.read_text(encoding="utf-8", errors="replace")
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return {"error": f"Failed to read text file: {e}", "filename": base}
|
return {"error": f"Failed to read text file: {e}", "filename": base}
|
||||||
doc_id = _create_markdown_doc(content, "Imported from email attachment")
|
from src.database import SessionLocal as _SL, Document as _Doc, DocumentVersion as _DV
|
||||||
|
doc_id = str(uuid.uuid4())
|
||||||
|
ver_id = str(uuid.uuid4())
|
||||||
|
_db = _SL()
|
||||||
|
try:
|
||||||
|
_db.query(_Doc).filter(_Doc.is_active == True).update({"is_active": False})
|
||||||
|
_db.add(_Doc(
|
||||||
|
id=doc_id, session_id=doc_session_id, title=title,
|
||||||
|
language="markdown", current_content=content,
|
||||||
|
version_count=1, is_active=True,
|
||||||
|
))
|
||||||
|
_db.add(_DV(
|
||||||
|
id=ver_id, document_id=doc_id, version_number=1,
|
||||||
|
content=content, summary="Imported from email attachment", source="upload",
|
||||||
|
))
|
||||||
|
_db.commit()
|
||||||
|
finally:
|
||||||
|
_db.close()
|
||||||
|
_tag_doc_with_source(doc_id)
|
||||||
return {"doc_id": doc_id, "filename": filepath.name}
|
return {"doc_id": doc_id, "filename": filepath.name}
|
||||||
|
|
||||||
return {"error": f"Unsupported attachment type: {ext}", "filename": base}
|
return {"error": f"Unsupported attachment type: {ext}", "filename": base}
|
||||||
@@ -2219,9 +2026,6 @@ def setup_email_routes():
|
|||||||
outer = MIMEMultipart("alternative")
|
outer = MIMEMultipart("alternative")
|
||||||
body_container = outer
|
body_container = outer
|
||||||
|
|
||||||
to = _normalize_addr_field(to or "")
|
|
||||||
cc = _normalize_addr_field(cc or "")
|
|
||||||
bcc = _normalize_addr_field(bcc or "")
|
|
||||||
outer["From"] = email.utils.formataddr((cfg.get("display_name") or "", cfg["from_address"]))
|
outer["From"] = email.utils.formataddr((cfg.get("display_name") or "", cfg["from_address"]))
|
||||||
outer["To"] = to
|
outer["To"] = to
|
||||||
if cc:
|
if cc:
|
||||||
@@ -2366,10 +2170,12 @@ def setup_email_routes():
|
|||||||
try:
|
try:
|
||||||
conn = sqlite3.connect(SCHEDULED_DB)
|
conn = sqlite3.connect(SCHEDULED_DB)
|
||||||
conn.row_factory = sqlite3.Row
|
conn.row_factory = sqlite3.Row
|
||||||
|
# The MCP server can't easily set owner, so it stores '' — fall
|
||||||
|
# back to those rows in addition to the caller's owner.
|
||||||
rows = conn.execute(
|
rows = conn.execute(
|
||||||
"""SELECT id, to_addr, subject, body, created_at, account_id
|
"""SELECT id, to_addr, subject, body, created_at, account_id
|
||||||
FROM scheduled_emails
|
FROM scheduled_emails
|
||||||
WHERE status = 'agent_draft' AND owner = ?
|
WHERE status = 'agent_draft' AND (owner = ? OR owner = '')
|
||||||
ORDER BY created_at DESC""",
|
ORDER BY created_at DESC""",
|
||||||
(owner or "",),
|
(owner or "",),
|
||||||
).fetchall()
|
).fetchall()
|
||||||
@@ -2390,7 +2196,7 @@ def setup_email_routes():
|
|||||||
cur = conn.execute(
|
cur = conn.execute(
|
||||||
"""UPDATE scheduled_emails
|
"""UPDATE scheduled_emails
|
||||||
SET status = 'pending', send_at = ?
|
SET status = 'pending', send_at = ?
|
||||||
WHERE id = ? AND status = 'agent_draft' AND owner = ?""",
|
WHERE id = ? AND status = 'agent_draft' AND (owner = ? OR owner = '')""",
|
||||||
(datetime.utcnow().isoformat(), sid, owner or ""),
|
(datetime.utcnow().isoformat(), sid, owner or ""),
|
||||||
)
|
)
|
||||||
conn.commit()
|
conn.commit()
|
||||||
@@ -2411,7 +2217,7 @@ def setup_email_routes():
|
|||||||
conn = sqlite3.connect(SCHEDULED_DB)
|
conn = sqlite3.connect(SCHEDULED_DB)
|
||||||
cur = conn.execute(
|
cur = conn.execute(
|
||||||
"""UPDATE scheduled_emails SET status = 'cancelled'
|
"""UPDATE scheduled_emails SET status = 'cancelled'
|
||||||
WHERE id = ? AND status = 'agent_draft' AND owner = ?""",
|
WHERE id = ? AND status = 'agent_draft' AND (owner = ? OR owner = '')""",
|
||||||
(sid, owner or ""),
|
(sid, owner or ""),
|
||||||
)
|
)
|
||||||
conn.commit()
|
conn.commit()
|
||||||
@@ -2497,9 +2303,6 @@ def setup_email_routes():
|
|||||||
outer = MIMEMultipart("alternative")
|
outer = MIMEMultipart("alternative")
|
||||||
body_container = outer
|
body_container = outer
|
||||||
|
|
||||||
req.to = _normalize_addr_field(req.to or "")
|
|
||||||
req.cc = _normalize_addr_field(req.cc or "")
|
|
||||||
req.bcc = _normalize_addr_field(req.bcc or "")
|
|
||||||
outer["From"] = email.utils.formataddr((cfg.get("display_name") or "", cfg["from_address"]))
|
outer["From"] = email.utils.formataddr((cfg.get("display_name") or "", cfg["from_address"]))
|
||||||
outer["To"] = req.to
|
outer["To"] = req.to
|
||||||
if req.cc:
|
if req.cc:
|
||||||
@@ -3350,12 +3153,6 @@ def setup_email_routes():
|
|||||||
name = (data.get("name") or "").strip()
|
name = (data.get("name") or "").strip()
|
||||||
if not name:
|
if not name:
|
||||||
return {"ok": False, "error": "name required"}
|
return {"ok": False, "error": "name required"}
|
||||||
imap_port, port_err = _coerce_port(data.get("imap_port"), 993)
|
|
||||||
if port_err:
|
|
||||||
return {"ok": False, "error": port_err}
|
|
||||||
smtp_port, port_err = _coerce_port(data.get("smtp_port"), 465)
|
|
||||||
if port_err:
|
|
||||||
return {"ok": False, "error": port_err}
|
|
||||||
db = SessionLocal()
|
db = SessionLocal()
|
||||||
try:
|
try:
|
||||||
row = EmailAccount(
|
row = EmailAccount(
|
||||||
@@ -3364,13 +3161,13 @@ def setup_email_routes():
|
|||||||
is_default=bool(data.get("is_default", False)),
|
is_default=bool(data.get("is_default", False)),
|
||||||
enabled=bool(data.get("enabled", True)),
|
enabled=bool(data.get("enabled", True)),
|
||||||
imap_host=(data.get("imap_host") or "").strip(),
|
imap_host=(data.get("imap_host") or "").strip(),
|
||||||
imap_port=imap_port,
|
imap_port=int(data.get("imap_port") or 993),
|
||||||
imap_user=(data.get("imap_user") or "").strip(),
|
imap_user=(data.get("imap_user") or "").strip(),
|
||||||
imap_password=_enc(data.get("imap_password") or ""),
|
imap_password=_enc(data.get("imap_password") or ""),
|
||||||
imap_starttls=bool(data.get("imap_starttls", True)),
|
imap_starttls=bool(data.get("imap_starttls", True)),
|
||||||
smtp_host=(data.get("smtp_host") or "").strip(),
|
smtp_host=(data.get("smtp_host") or "").strip(),
|
||||||
smtp_port=smtp_port,
|
smtp_port=int(data.get("smtp_port") or 465),
|
||||||
smtp_security=_smtp_security_mode({"smtp_security": data.get("smtp_security"), "smtp_port": smtp_port}),
|
smtp_security=_smtp_security_mode({"smtp_security": data.get("smtp_security"), "smtp_port": data.get("smtp_port") or 465}),
|
||||||
smtp_user=(data.get("smtp_user") or "").strip(),
|
smtp_user=(data.get("smtp_user") or "").strip(),
|
||||||
smtp_password=_enc(data.get("smtp_password") or ""),
|
smtp_password=_enc(data.get("smtp_password") or ""),
|
||||||
from_address=(data.get("from_address") or "").strip(),
|
from_address=(data.get("from_address") or "").strip(),
|
||||||
@@ -3414,10 +3211,7 @@ def setup_email_routes():
|
|||||||
setattr(row, key, (data[key] or "").strip())
|
setattr(row, key, (data[key] or "").strip())
|
||||||
for key in ("imap_port", "smtp_port"):
|
for key in ("imap_port", "smtp_port"):
|
||||||
if data.get(key) not in (None, ""):
|
if data.get(key) not in (None, ""):
|
||||||
port, port_err = _coerce_port(data.get(key), None)
|
setattr(row, key, int(data[key]))
|
||||||
if port_err:
|
|
||||||
return {"ok": False, "error": port_err}
|
|
||||||
setattr(row, key, port)
|
|
||||||
if "smtp_security" in data:
|
if "smtp_security" in data:
|
||||||
row.smtp_security = _smtp_security_mode({"smtp_security": data.get("smtp_security"), "smtp_port": data.get("smtp_port") or row.smtp_port})
|
row.smtp_security = _smtp_security_mode({"smtp_security": data.get("smtp_security"), "smtp_port": data.get("smtp_port") or row.smtp_port})
|
||||||
for key in ("imap_starttls", "enabled"):
|
for key in ("imap_starttls", "enabled"):
|
||||||
@@ -3521,14 +3315,12 @@ def setup_email_routes():
|
|||||||
smtp_result = None
|
smtp_result = None
|
||||||
|
|
||||||
imap_host = (body.get("imap_host") or "").strip()
|
imap_host = (body.get("imap_host") or "").strip()
|
||||||
imap_port, imap_port_err = _coerce_port(body.get("imap_port"), 993)
|
imap_port = int(body.get("imap_port") or 993)
|
||||||
imap_user = (body.get("imap_user") or "").strip()
|
imap_user = (body.get("imap_user") or "").strip()
|
||||||
imap_pass = body.get("imap_password") or ""
|
imap_pass = body.get("imap_password") or ""
|
||||||
imap_starttls = bool(body.get("imap_starttls"))
|
imap_starttls = bool(body.get("imap_starttls"))
|
||||||
|
|
||||||
if imap_port_err:
|
if not (imap_host and imap_user and imap_pass):
|
||||||
imap_result = {"ok": False, "error": imap_port_err}
|
|
||||||
elif not (imap_host and imap_user and imap_pass):
|
|
||||||
imap_result = {"ok": False, "error": "Need IMAP host, username, and password"}
|
imap_result = {"ok": False, "error": "Need IMAP host, username, and password"}
|
||||||
else:
|
else:
|
||||||
# Connection mode resolution:
|
# Connection mode resolution:
|
||||||
@@ -3555,10 +3347,8 @@ def setup_email_routes():
|
|||||||
imap_result = {"ok": False, "error": _friendly_email_auth_error("IMAP", imap_host, e)}
|
imap_result = {"ok": False, "error": _friendly_email_auth_error("IMAP", imap_host, e)}
|
||||||
|
|
||||||
smtp_host = (body.get("smtp_host") or "").strip()
|
smtp_host = (body.get("smtp_host") or "").strip()
|
||||||
smtp_port, smtp_port_err = _coerce_port(body.get("smtp_port"), 465)
|
if smtp_host:
|
||||||
if smtp_host and smtp_port_err:
|
smtp_port = int(body.get("smtp_port") or 465)
|
||||||
smtp_result = {"ok": False, "error": smtp_port_err}
|
|
||||||
elif smtp_host:
|
|
||||||
smtp_security = _smtp_security_mode({"smtp_security": body.get("smtp_security"), "smtp_port": smtp_port})
|
smtp_security = _smtp_security_mode({"smtp_security": body.get("smtp_security"), "smtp_port": smtp_port})
|
||||||
smtp_user = (body.get("smtp_user") or imap_user).strip()
|
smtp_user = (body.get("smtp_user") or imap_user).strip()
|
||||||
smtp_pass = body.get("smtp_password") or imap_pass
|
smtp_pass = body.get("smtp_password") or imap_pass
|
||||||
|
|||||||
@@ -9,7 +9,6 @@ from pathlib import Path
|
|||||||
from fastapi import APIRouter, HTTPException, Form, Depends
|
from fastapi import APIRouter, HTTPException, Form, Depends
|
||||||
from core.constants import EMBEDDING_ENDPOINT_FILE, FASTEMBED_CACHE_DIR
|
from core.constants import EMBEDDING_ENDPOINT_FILE, FASTEMBED_CACHE_DIR
|
||||||
from core.middleware import require_admin
|
from core.middleware import require_admin
|
||||||
from src.runtime_paths import get_app_root
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +0,0 @@
|
|||||||
"""Gallery route domain package (slice 2a, #4082/#4071).
|
|
||||||
|
|
||||||
Contains gallery_routes.py and gallery_helpers.py, migrated from the flat
|
|
||||||
routes/ directory. Backward-compat shims at routes/gallery_routes.py and
|
|
||||||
routes/gallery_helpers.py re-export from here.
|
|
||||||
"""
|
|
||||||
@@ -1,144 +0,0 @@
|
|||||||
"""gallery_helpers.py — extracted helpers, models, and small utilities.
|
|
||||||
|
|
||||||
Imported by gallery_routes.py."""
|
|
||||||
|
|
||||||
"""Gallery routes — browsable library for photos and AI-generated images."""
|
|
||||||
|
|
||||||
import logging
|
|
||||||
from datetime import datetime
|
|
||||||
from typing import Dict, Any, Optional
|
|
||||||
|
|
||||||
from pydantic import BaseModel
|
|
||||||
|
|
||||||
from core.database import GalleryImage
|
|
||||||
from src.auth_helpers import _auth_disabled
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
|
||||||
|
|
||||||
|
|
||||||
# ---- Request schemas ----
|
|
||||||
|
|
||||||
class GalleryPatch(BaseModel):
|
|
||||||
tags: Optional[str] = None
|
|
||||||
favorite: Optional[bool] = None
|
|
||||||
album_id: Optional[str] = None
|
|
||||||
|
|
||||||
|
|
||||||
# ---- EXIF extraction ----
|
|
||||||
|
|
||||||
def _extract_exif(content: bytes) -> dict:
|
|
||||||
"""Extract EXIF metadata from image bytes. Returns dict of fields."""
|
|
||||||
result = {"width": None, "height": None}
|
|
||||||
try:
|
|
||||||
from PIL import Image
|
|
||||||
from io import BytesIO
|
|
||||||
img = Image.open(BytesIO(content))
|
|
||||||
# Read the raw EXIF before any transpose: exif_transpose strips the
|
|
||||||
# orientation tag and with it the parsed EXIF view.
|
|
||||||
exif = img._getexif() if hasattr(img, '_getexif') else None
|
|
||||||
|
|
||||||
# Record DISPLAY dimensions (EXIF-rotated), matching upload_handler.
|
|
||||||
# A phone photo with Orientation 6/8 is stored landscape but shown
|
|
||||||
# portrait, so the raw width/height swap the aspect ratio.
|
|
||||||
try:
|
|
||||||
from PIL import ImageOps
|
|
||||||
img = ImageOps.exif_transpose(img) or img
|
|
||||||
except Exception:
|
|
||||||
pass
|
|
||||||
result["width"] = img.width
|
|
||||||
result["height"] = img.height
|
|
||||||
|
|
||||||
if not exif:
|
|
||||||
return result
|
|
||||||
|
|
||||||
# EXIF tag IDs
|
|
||||||
# 271=Make, 272=Model, 306=DateTime, 36867=DateTimeOriginal
|
|
||||||
# 34853=GPSInfo
|
|
||||||
result["camera_make"] = str(exif.get(271, "")).strip() or None
|
|
||||||
result["camera_model"] = str(exif.get(272, "")).strip() or None
|
|
||||||
|
|
||||||
# Date taken
|
|
||||||
for tag_id in (36867, 36868, 306): # DateTimeOriginal, DateTimeDigitized, DateTime
|
|
||||||
raw = exif.get(tag_id)
|
|
||||||
if raw:
|
|
||||||
try:
|
|
||||||
result["taken_at"] = datetime.strptime(str(raw).strip(), "%Y:%m:%d %H:%M:%S")
|
|
||||||
break
|
|
||||||
except (ValueError, TypeError):
|
|
||||||
pass
|
|
||||||
|
|
||||||
# GPS
|
|
||||||
gps_info = exif.get(34853)
|
|
||||||
if gps_info and isinstance(gps_info, dict):
|
|
||||||
try:
|
|
||||||
def _to_deg(vals):
|
|
||||||
d, m, s = [float(v) for v in vals]
|
|
||||||
return d + m / 60 + s / 3600
|
|
||||||
if 2 in gps_info and 4 in gps_info:
|
|
||||||
lat = _to_deg(gps_info[2])
|
|
||||||
lng = _to_deg(gps_info[4])
|
|
||||||
if gps_info.get(1) == 'S': lat = -lat
|
|
||||||
if gps_info.get(3) == 'W': lng = -lng
|
|
||||||
result["gps_lat"] = f"{lat:.6f}"
|
|
||||||
result["gps_lng"] = f"{lng:.6f}"
|
|
||||||
except Exception:
|
|
||||||
pass
|
|
||||||
except Exception as e:
|
|
||||||
# User-visible failure (photo loses metadata): surface at WARNING
|
|
||||||
# and record on the result so the upload endpoint can pass it back.
|
|
||||||
logger.warning(f"EXIF extraction failed: {e}")
|
|
||||||
result["exif_error"] = str(e)
|
|
||||||
return result
|
|
||||||
|
|
||||||
|
|
||||||
# ---- Helpers ----
|
|
||||||
|
|
||||||
def _image_to_dict(img: GalleryImage, session_name: str = None) -> Dict[str, Any]:
|
|
||||||
return {
|
|
||||||
"id": img.id,
|
|
||||||
"filename": img.filename,
|
|
||||||
"url": f"/api/generated-image/{img.filename}",
|
|
||||||
"prompt": img.prompt,
|
|
||||||
"model": img.model,
|
|
||||||
"size": img.size,
|
|
||||||
"quality": img.quality,
|
|
||||||
"tags": img.tags or "",
|
|
||||||
"ai_tags": img.ai_tags or "",
|
|
||||||
"user_tags": img.tags or "",
|
|
||||||
"session_id": img.session_id,
|
|
||||||
"session_name": session_name,
|
|
||||||
"album_id": img.album_id,
|
|
||||||
"is_active": img.is_active,
|
|
||||||
"favorite": img.favorite or False,
|
|
||||||
"taken_at": img.taken_at.isoformat() if img.taken_at else None,
|
|
||||||
"camera": f"{img.camera_make or ''} {img.camera_model or ''}".strip() or None,
|
|
||||||
"gps": {"lat": img.gps_lat, "lng": img.gps_lng} if img.gps_lat else None,
|
|
||||||
"width": img.width,
|
|
||||||
"height": img.height,
|
|
||||||
"file_size": img.file_size,
|
|
||||||
"created_at": img.created_at.isoformat() if img.created_at else None,
|
|
||||||
"updated_at": img.updated_at.isoformat() if img.updated_at else None,
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
def _owner_filter(q, user, model_cls=GalleryImage):
|
|
||||||
"""Apply owner filtering to a gallery query.
|
|
||||||
|
|
||||||
``get_current_user`` returns None both in auth-disabled single-user mode
|
|
||||||
and when auth is enabled but no current user was resolved. Preserve the
|
|
||||||
single-user behavior, but fail closed for auth-enabled null-user states.
|
|
||||||
"""
|
|
||||||
if user is not None:
|
|
||||||
return q.filter(model_cls.owner == user)
|
|
||||||
if _auth_disabled():
|
|
||||||
return q
|
|
||||||
return q.filter(False)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def _human_size(nbytes):
|
|
||||||
for unit in ['B', 'KB', 'MB', 'GB', 'TB']:
|
|
||||||
if abs(nbytes) < 1024:
|
|
||||||
return f"{nbytes:.1f} {unit}"
|
|
||||||
nbytes /= 1024
|
|
||||||
return f"{nbytes:.1f} PB"
|
|
||||||
File diff suppressed because it is too large
Load Diff
+140
-10
@@ -1,14 +1,144 @@
|
|||||||
"""Backward-compat shim — canonical location is routes/gallery/gallery_helpers.py.
|
"""gallery_helpers.py — extracted helpers, models, and small utilities.
|
||||||
|
|
||||||
This module is replaced in ``sys.modules`` by the canonical module object so
|
Imported by gallery_routes.py."""
|
||||||
that ``import routes.gallery_helpers``, ``from routes.gallery_helpers import X``,
|
|
||||||
``importlib.import_module("routes.gallery_helpers")``, and
|
|
||||||
``monkeypatch.setattr(routes.gallery_helpers, ...)`` all operate on the *same*
|
|
||||||
object. Keeps existing import paths working after slice 2a (#4082/#4071).
|
|
||||||
"""
|
|
||||||
|
|
||||||
import sys as _sys
|
"""Gallery routes — browsable library for photos and AI-generated images."""
|
||||||
|
|
||||||
from routes.gallery import gallery_helpers as _canonical # noqa: F401
|
import logging
|
||||||
|
from datetime import datetime
|
||||||
|
from typing import Dict, Any, Optional
|
||||||
|
|
||||||
_sys.modules[__name__] = _canonical
|
from pydantic import BaseModel
|
||||||
|
|
||||||
|
from core.database import GalleryImage
|
||||||
|
from src.auth_helpers import _auth_disabled
|
||||||
|
|
||||||
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
# ---- Request schemas ----
|
||||||
|
|
||||||
|
class GalleryPatch(BaseModel):
|
||||||
|
tags: Optional[str] = None
|
||||||
|
favorite: Optional[bool] = None
|
||||||
|
album_id: Optional[str] = None
|
||||||
|
|
||||||
|
|
||||||
|
# ---- EXIF extraction ----
|
||||||
|
|
||||||
|
def _extract_exif(content: bytes) -> dict:
|
||||||
|
"""Extract EXIF metadata from image bytes. Returns dict of fields."""
|
||||||
|
result = {"width": None, "height": None}
|
||||||
|
try:
|
||||||
|
from PIL import Image
|
||||||
|
from io import BytesIO
|
||||||
|
img = Image.open(BytesIO(content))
|
||||||
|
# Read the raw EXIF before any transpose: exif_transpose strips the
|
||||||
|
# orientation tag and with it the parsed EXIF view.
|
||||||
|
exif = img._getexif() if hasattr(img, '_getexif') else None
|
||||||
|
|
||||||
|
# Record DISPLAY dimensions (EXIF-rotated), matching upload_handler.
|
||||||
|
# A phone photo with Orientation 6/8 is stored landscape but shown
|
||||||
|
# portrait, so the raw width/height swap the aspect ratio.
|
||||||
|
try:
|
||||||
|
from PIL import ImageOps
|
||||||
|
img = ImageOps.exif_transpose(img) or img
|
||||||
|
except Exception:
|
||||||
|
pass
|
||||||
|
result["width"] = img.width
|
||||||
|
result["height"] = img.height
|
||||||
|
|
||||||
|
if not exif:
|
||||||
|
return result
|
||||||
|
|
||||||
|
# EXIF tag IDs
|
||||||
|
# 271=Make, 272=Model, 306=DateTime, 36867=DateTimeOriginal
|
||||||
|
# 34853=GPSInfo
|
||||||
|
result["camera_make"] = str(exif.get(271, "")).strip() or None
|
||||||
|
result["camera_model"] = str(exif.get(272, "")).strip() or None
|
||||||
|
|
||||||
|
# Date taken
|
||||||
|
for tag_id in (36867, 36868, 306): # DateTimeOriginal, DateTimeDigitized, DateTime
|
||||||
|
raw = exif.get(tag_id)
|
||||||
|
if raw:
|
||||||
|
try:
|
||||||
|
result["taken_at"] = datetime.strptime(str(raw).strip(), "%Y:%m:%d %H:%M:%S")
|
||||||
|
break
|
||||||
|
except (ValueError, TypeError):
|
||||||
|
pass
|
||||||
|
|
||||||
|
# GPS
|
||||||
|
gps_info = exif.get(34853)
|
||||||
|
if gps_info and isinstance(gps_info, dict):
|
||||||
|
try:
|
||||||
|
def _to_deg(vals):
|
||||||
|
d, m, s = [float(v) for v in vals]
|
||||||
|
return d + m / 60 + s / 3600
|
||||||
|
if 2 in gps_info and 4 in gps_info:
|
||||||
|
lat = _to_deg(gps_info[2])
|
||||||
|
lng = _to_deg(gps_info[4])
|
||||||
|
if gps_info.get(1) == 'S': lat = -lat
|
||||||
|
if gps_info.get(3) == 'W': lng = -lng
|
||||||
|
result["gps_lat"] = f"{lat:.6f}"
|
||||||
|
result["gps_lng"] = f"{lng:.6f}"
|
||||||
|
except Exception:
|
||||||
|
pass
|
||||||
|
except Exception as e:
|
||||||
|
# User-visible failure (photo loses metadata): surface at WARNING
|
||||||
|
# and record on the result so the upload endpoint can pass it back.
|
||||||
|
logger.warning(f"EXIF extraction failed: {e}")
|
||||||
|
result["exif_error"] = str(e)
|
||||||
|
return result
|
||||||
|
|
||||||
|
|
||||||
|
# ---- Helpers ----
|
||||||
|
|
||||||
|
def _image_to_dict(img: GalleryImage, session_name: str = None) -> Dict[str, Any]:
|
||||||
|
return {
|
||||||
|
"id": img.id,
|
||||||
|
"filename": img.filename,
|
||||||
|
"url": f"/api/generated-image/{img.filename}",
|
||||||
|
"prompt": img.prompt,
|
||||||
|
"model": img.model,
|
||||||
|
"size": img.size,
|
||||||
|
"quality": img.quality,
|
||||||
|
"tags": img.tags or "",
|
||||||
|
"ai_tags": img.ai_tags or "",
|
||||||
|
"user_tags": img.tags or "",
|
||||||
|
"session_id": img.session_id,
|
||||||
|
"session_name": session_name,
|
||||||
|
"album_id": img.album_id,
|
||||||
|
"is_active": img.is_active,
|
||||||
|
"favorite": img.favorite or False,
|
||||||
|
"taken_at": img.taken_at.isoformat() if img.taken_at else None,
|
||||||
|
"camera": f"{img.camera_make or ''} {img.camera_model or ''}".strip() or None,
|
||||||
|
"gps": {"lat": img.gps_lat, "lng": img.gps_lng} if img.gps_lat else None,
|
||||||
|
"width": img.width,
|
||||||
|
"height": img.height,
|
||||||
|
"file_size": img.file_size,
|
||||||
|
"created_at": img.created_at.isoformat() if img.created_at else None,
|
||||||
|
"updated_at": img.updated_at.isoformat() if img.updated_at else None,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def _owner_filter(q, user, model_cls=GalleryImage):
|
||||||
|
"""Apply owner filtering to a gallery query.
|
||||||
|
|
||||||
|
``get_current_user`` returns None both in auth-disabled single-user mode
|
||||||
|
and when auth is enabled but no current user was resolved. Preserve the
|
||||||
|
single-user behavior, but fail closed for auth-enabled null-user states.
|
||||||
|
"""
|
||||||
|
if user is not None:
|
||||||
|
return q.filter(model_cls.owner == user)
|
||||||
|
if _auth_disabled():
|
||||||
|
return q
|
||||||
|
return q.filter(False)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
def _human_size(nbytes):
|
||||||
|
for unit in ['B', 'KB', 'MB', 'GB', 'TB']:
|
||||||
|
if abs(nbytes) < 1024:
|
||||||
|
return f"{nbytes:.1f} {unit}"
|
||||||
|
nbytes /= 1024
|
||||||
|
return f"{nbytes:.1f} PB"
|
||||||
|
|||||||
+1930
-12
File diff suppressed because it is too large
Load Diff
+4
-111
@@ -1,13 +1,8 @@
|
|||||||
import json
|
|
||||||
import os
|
|
||||||
import re
|
import re
|
||||||
import shlex
|
|
||||||
import subprocess
|
|
||||||
from copy import deepcopy
|
from copy import deepcopy
|
||||||
|
|
||||||
from fastapi import APIRouter, HTTPException
|
from fastapi import APIRouter, HTTPException
|
||||||
|
|
||||||
from core.platform_compat import run_ssh_command
|
|
||||||
from routes._validators import validate_remote_host, validate_ssh_port
|
from routes._validators import validate_remote_host, validate_ssh_port
|
||||||
|
|
||||||
|
|
||||||
@@ -112,73 +107,6 @@ def _apply_manual_hardware(system, manual_mode="", manual_gpu_count="", manual_v
|
|||||||
return system
|
return system
|
||||||
|
|
||||||
|
|
||||||
def _run_model_probe(host: str, ssh_port: str, cmd: str) -> str:
|
|
||||||
try:
|
|
||||||
if host:
|
|
||||||
r = run_ssh_command(
|
|
||||||
host,
|
|
||||||
ssh_port or None,
|
|
||||||
cmd,
|
|
||||||
timeout=15,
|
|
||||||
connect_timeout=5,
|
|
||||||
strict_host_key_checking=False,
|
|
||||||
text=True,
|
|
||||||
)
|
|
||||||
else:
|
|
||||||
r = subprocess.run(["bash", "-lc", cmd], capture_output=True, text=True, timeout=15)
|
|
||||||
if r.returncode == 0:
|
|
||||||
return (r.stdout or "").strip()
|
|
||||||
except Exception:
|
|
||||||
return ""
|
|
||||||
return ""
|
|
||||||
|
|
||||||
|
|
||||||
def _inspect_model_path(model_path: str, host: str = "", ssh_port: str = "") -> dict:
|
|
||||||
"""Read lightweight metadata from a local or SSH-visible HF model folder."""
|
|
||||||
path = (model_path or "").strip()
|
|
||||||
if not path or path.startswith(("http://", "https://")):
|
|
||||||
return {}
|
|
||||||
if not (path.startswith("/") or path.startswith("~")):
|
|
||||||
return {}
|
|
||||||
|
|
||||||
qpath = shlex.quote(path)
|
|
||||||
qconfig = shlex.quote(os.path.join(path, "config.json"))
|
|
||||||
out = {}
|
|
||||||
exists = _run_model_probe(host, ssh_port, f"test -d {qpath} && printf found || printf missing")
|
|
||||||
if exists != "found":
|
|
||||||
target = host or "local container"
|
|
||||||
out["model_probe_error"] = f"Model path is not visible on {target}: {path}"
|
|
||||||
return out
|
|
||||||
raw_config = _run_model_probe(host, ssh_port, f"test -f {qconfig} && sed -n '1,240p' {qconfig}")
|
|
||||||
if raw_config:
|
|
||||||
try:
|
|
||||||
cfg = json.loads(raw_config)
|
|
||||||
except Exception:
|
|
||||||
cfg = {}
|
|
||||||
for key in ("context_length", "max_position_embeddings", "n_ctx_train", "model_max_length", "max_seq_len"):
|
|
||||||
value = cfg.get(key)
|
|
||||||
if isinstance(value, (int, float)) and value > 0:
|
|
||||||
out["model_ctx_max"] = int(value)
|
|
||||||
break
|
|
||||||
else:
|
|
||||||
out["model_probe_error"] = f"config.json not found in model path: {path}"
|
|
||||||
|
|
||||||
size_cmd = (
|
|
||||||
f"find {qpath} -type f \\( -name '*.safetensors' -o -name '*.bin' -o -name '*.gguf' \\) "
|
|
||||||
"-printf '%s\\n' 2>/dev/null | awk '{s+=$1} END {if (s>0) printf \"%.6f\", s/1073741824}'"
|
|
||||||
)
|
|
||||||
weights = _run_model_probe(host, ssh_port, size_cmd)
|
|
||||||
try:
|
|
||||||
weights_gb = float(weights)
|
|
||||||
except Exception:
|
|
||||||
weights_gb = 0.0
|
|
||||||
if weights_gb > 0:
|
|
||||||
out["model_weights_gb"] = round(weights_gb, 3)
|
|
||||||
elif "model_probe_error" not in out:
|
|
||||||
out["model_probe_error"] = f"No model weight files found in: {path}"
|
|
||||||
return out
|
|
||||||
|
|
||||||
|
|
||||||
def setup_hwfit_routes():
|
def setup_hwfit_routes():
|
||||||
router = APIRouter(prefix="/api/hwfit", tags=["hwfit"])
|
router = APIRouter(prefix="/api/hwfit", tags=["hwfit"])
|
||||||
|
|
||||||
@@ -307,7 +235,7 @@ def setup_hwfit_routes():
|
|||||||
return {"system": system, "models": results}
|
return {"system": system, "models": results}
|
||||||
|
|
||||||
@router.get("/profiles")
|
@router.get("/profiles")
|
||||||
def get_serve_profiles(model: str = "", model_path: str = "", host: str = "", ssh_port: str = "", platform: str = "", fresh: bool = False, serve_weights_gb: float = 0.0, serve_quant: str = ""):
|
def get_serve_profiles(model: str = "", host: str = "", ssh_port: str = "", platform: str = "", fresh: bool = False, serve_weights_gb: float = 0.0, serve_quant: str = ""):
|
||||||
"""Compute llama.cpp serve profiles (Quality/Balanced/Speed) for `model`
|
"""Compute llama.cpp serve profiles (Quality/Balanced/Speed) for `model`
|
||||||
against the detected hardware on `host` (or local). Returns concrete
|
against the detected hardware on `host` (or local). Returns concrete
|
||||||
flags (n_gpu_layers, n_cpu_moe, cache_type, ctx) the serve UI can apply.
|
flags (n_gpu_layers, n_cpu_moe, cache_type, ctx) the serve UI can apply.
|
||||||
@@ -332,23 +260,8 @@ def setup_hwfit_routes():
|
|||||||
# "deepseek-ai/DeepSeek-Coder-V2-Lite-Instruct".
|
# "deepseek-ai/DeepSeek-Coder-V2-Lite-Instruct".
|
||||||
s = (s or "").lower().strip()
|
s = (s or "").lower().strip()
|
||||||
s = s.split("/")[-1] # drop org prefix
|
s = s.split("/")[-1] # drop org prefix
|
||||||
for suffix in ("-gguf", "_gguf", ".gguf", "gguf"):
|
s = re.sub(r"[-_.]?gguf$", "", s) # drop trailing gguf marker
|
||||||
if s.endswith(suffix):
|
s = re.sub(r"[-_.](q\d[^/]*|iq\d[^/]*|fp8|bf16|f16|awq[^/]*|gptq[^/]*)$", "", s)
|
||||||
s = s[: -len(suffix)]
|
|
||||||
break
|
|
||||||
cut_at = None
|
|
||||||
for idx, ch in enumerate(s):
|
|
||||||
if ch not in "-_." or idx + 1 >= len(s):
|
|
||||||
continue
|
|
||||||
suffix = s[idx + 1:]
|
|
||||||
if (
|
|
||||||
suffix in {"fp8", "bf16", "f16"}
|
|
||||||
or suffix.startswith(("awq", "gptq", "iq"))
|
|
||||||
or (suffix.startswith("q") and len(suffix) > 1 and suffix[1].isdigit())
|
|
||||||
):
|
|
||||||
cut_at = idx
|
|
||||||
if cut_at is not None:
|
|
||||||
s = s[:cut_at]
|
|
||||||
return s
|
return s
|
||||||
|
|
||||||
m = catalog.get(model)
|
m = catalog.get(model)
|
||||||
@@ -359,16 +272,8 @@ def setup_hwfit_routes():
|
|||||||
if nn and (nn == want or want.endswith(nn) or nn.endswith(want)):
|
if nn and (nn == want or want.endswith(nn) or nn.endswith(want)):
|
||||||
m = entry
|
m = entry
|
||||||
break
|
break
|
||||||
path_meta = _inspect_model_path(model_path or model, host=host, ssh_port=ssh_port)
|
|
||||||
if m is None:
|
if m is None:
|
||||||
return {
|
return {"system": system, "profiles": [], "error": "model not in catalog"}
|
||||||
"system": system,
|
|
||||||
"profiles": [],
|
|
||||||
"error": "model not in catalog",
|
|
||||||
"model_ctx_max": int(path_meta.get("model_ctx_max") or 0),
|
|
||||||
"model_weights_gb": float(path_meta.get("model_weights_gb") or 0),
|
|
||||||
"model_probe_error": path_meta.get("model_probe_error") or "",
|
|
||||||
}
|
|
||||||
# Surface the model's trained context limit so the serve UI can clamp a
|
# Surface the model's trained context limit so the serve UI can clamp a
|
||||||
# user-typed context down to it (asking for ctx > n_ctx_train overflows
|
# user-typed context down to it (asking for ctx > n_ctx_train overflows
|
||||||
# and, with a quantized KV cache, can crash the GPU).
|
# and, with a quantized KV cache, can crash the GPU).
|
||||||
@@ -378,16 +283,6 @@ def setup_hwfit_routes():
|
|||||||
if isinstance(v, (int, float)) and v > 0:
|
if isinstance(v, (int, float)) and v > 0:
|
||||||
model_ctx_max = int(v)
|
model_ctx_max = int(v)
|
||||||
break
|
break
|
||||||
path_ctx_max = int(path_meta.get("model_ctx_max") or 0)
|
|
||||||
if path_ctx_max > 0:
|
|
||||||
model_ctx_max = max(model_ctx_max, path_ctx_max)
|
|
||||||
model_weights_gb = float(path_meta.get("model_weights_gb") or 0)
|
|
||||||
if model_weights_gb <= 0:
|
|
||||||
for k in ("min_vram_gb", "required_gb", "size_gb", "recommended_ram_gb", "min_ram_gb"):
|
|
||||||
v = m.get(k)
|
|
||||||
if isinstance(v, (int, float)) and v > 0:
|
|
||||||
model_weights_gb = float(v)
|
|
||||||
break
|
|
||||||
return {
|
return {
|
||||||
"system": system,
|
"system": system,
|
||||||
"profiles": compute_serve_profiles(
|
"profiles": compute_serve_profiles(
|
||||||
@@ -396,8 +291,6 @@ def setup_hwfit_routes():
|
|||||||
serve_quant=(serve_quant or None),
|
serve_quant=(serve_quant or None),
|
||||||
),
|
),
|
||||||
"model_ctx_max": model_ctx_max,
|
"model_ctx_max": model_ctx_max,
|
||||||
"model_weights_gb": model_weights_gb,
|
|
||||||
"model_probe_error": path_meta.get("model_probe_error") or "",
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@router.get("/image-models")
|
@router.get("/image-models")
|
||||||
|
|||||||
+58
-33
@@ -273,30 +273,65 @@ def setup_memory_routes(memory_manager: MemoryManager, session_manager: SessionM
|
|||||||
async def api_audit_memories(request: Request, session: str = Form(None)):
|
async def api_audit_memories(request: Request, session: str = Form(None)):
|
||||||
"""Deduplicate and consolidate memories via LLM.
|
"""Deduplicate and consolidate memories via LLM.
|
||||||
|
|
||||||
Uses task/utility/default settings through the shared resolver, with
|
Uses the default model from settings, or falls back to a session's model.
|
||||||
the active session as fallback when no task or utility model is set.
|
|
||||||
Returns before and after memory counts.
|
Returns before and after memory counts.
|
||||||
"""
|
"""
|
||||||
user = _owner(request)
|
from routes.model_routes import _load_settings, _normalize_base, build_chat_url
|
||||||
fallback_url = fallback_model = None
|
from core.database import ModelEndpoint
|
||||||
fallback_headers = None
|
import json as _json
|
||||||
if session:
|
|
||||||
try:
|
|
||||||
sess = session_manager.get_session(session)
|
|
||||||
_assert_session_owner(sess, user)
|
|
||||||
fallback_url = sess.endpoint_url
|
|
||||||
fallback_model = sess.model
|
|
||||||
fallback_headers = sess.headers
|
|
||||||
except KeyError:
|
|
||||||
pass
|
|
||||||
|
|
||||||
endpoint_url, model, headers = resolve_task_endpoint(
|
endpoint_url = model = None
|
||||||
fallback_url, fallback_model, fallback_headers, owner=user
|
headers = {}
|
||||||
)
|
|
||||||
|
# Try utility model from settings first — memory audit is a background
|
||||||
|
# task and should prefer the lighter utility model over the main chat model.
|
||||||
|
from src.task_endpoint import resolve_task_endpoint
|
||||||
|
user = _owner(request)
|
||||||
|
t_url, t_model, t_headers = resolve_task_endpoint(owner=user)
|
||||||
|
if t_url and t_model:
|
||||||
|
endpoint_url, model, headers = t_url, t_model, t_headers
|
||||||
|
else:
|
||||||
|
# Fall back to default model if no task/utility model configured
|
||||||
|
settings = _load_settings()
|
||||||
|
ep_id = settings.get("default_endpoint_id", "")
|
||||||
|
default_model = settings.get("default_model", "")
|
||||||
|
if ep_id:
|
||||||
|
db = SessionLocal()
|
||||||
|
try:
|
||||||
|
ep = db.query(ModelEndpoint).filter(
|
||||||
|
ModelEndpoint.id == ep_id, ModelEndpoint.is_enabled == True
|
||||||
|
).first()
|
||||||
|
if ep:
|
||||||
|
base = _normalize_base(ep.base_url)
|
||||||
|
endpoint_url = build_chat_url(base)
|
||||||
|
model = default_model
|
||||||
|
if not model and ep.models:
|
||||||
|
try:
|
||||||
|
models = _json.loads(ep.models) if isinstance(ep.models, str) else ep.models
|
||||||
|
if models:
|
||||||
|
model = models[0]
|
||||||
|
except Exception:
|
||||||
|
pass
|
||||||
|
if ep.api_key:
|
||||||
|
headers = {"Authorization": f"Bearer {ep.api_key}"}
|
||||||
|
finally:
|
||||||
|
db.close()
|
||||||
|
|
||||||
|
# Fall back to session model if no default configured
|
||||||
|
if not endpoint_url and session:
|
||||||
|
try:
|
||||||
|
sess = session_manager.get_session(session)
|
||||||
|
_assert_session_owner(sess, _owner(request))
|
||||||
|
endpoint_url = sess.endpoint_url
|
||||||
|
model = sess.model
|
||||||
|
headers = sess.headers
|
||||||
|
except KeyError:
|
||||||
|
pass
|
||||||
|
|
||||||
if not endpoint_url or not model:
|
if not endpoint_url or not model:
|
||||||
raise HTTPException(400, "No default model configured — set one in Settings")
|
raise HTTPException(400, "No default model configured — set one in Settings")
|
||||||
|
|
||||||
|
user = _owner(request)
|
||||||
result = await audit_memories(
|
result = await audit_memories(
|
||||||
memory_manager,
|
memory_manager,
|
||||||
memory_vector,
|
memory_vector,
|
||||||
@@ -334,28 +369,18 @@ def setup_memory_routes(memory_manager: MemoryManager, session_manager: SessionM
|
|||||||
model = None
|
model = None
|
||||||
headers = {}
|
headers = {}
|
||||||
|
|
||||||
user = _owner(request)
|
|
||||||
|
|
||||||
if session:
|
if session:
|
||||||
try:
|
try:
|
||||||
sess = session_manager.get_session(session)
|
sess = session_manager.get_session(session)
|
||||||
_assert_session_owner(sess, user)
|
_assert_session_owner(sess, _owner(request))
|
||||||
except KeyError:
|
|
||||||
sess = None
|
|
||||||
except HTTPException as exc:
|
|
||||||
if exc.status_code != 404:
|
|
||||||
raise
|
|
||||||
sess = None
|
|
||||||
|
|
||||||
if sess is None:
|
|
||||||
logger.warning("Session %s not found or inaccessible, falling back to utility endpoint", session)
|
|
||||||
endpoint_url, model, headers = resolve_endpoint("utility", owner=user)
|
|
||||||
else:
|
|
||||||
endpoint_url, model, headers = resolve_task_endpoint(
|
endpoint_url, model, headers = resolve_task_endpoint(
|
||||||
sess.endpoint_url, sess.model, sess.headers, owner=user
|
sess.endpoint_url, sess.model, sess.headers, owner=_owner(request)
|
||||||
)
|
)
|
||||||
|
except KeyError:
|
||||||
|
logger.warning("Session %s not found, falling back to utility endpoint", session)
|
||||||
|
endpoint_url, model, headers = resolve_endpoint("utility", owner=_owner(request))
|
||||||
else:
|
else:
|
||||||
endpoint_url, model, headers = resolve_task_endpoint(owner=user)
|
endpoint_url, model, headers = resolve_task_endpoint(owner=_owner(request))
|
||||||
|
|
||||||
if not endpoint_url or not model:
|
if not endpoint_url or not model:
|
||||||
raise HTTPException(400, "No LLM model configured. Set a default model in Settings.")
|
raise HTTPException(400, "No LLM model configured. Set a default model in Settings.")
|
||||||
|
|||||||
+31
-156
@@ -5,7 +5,6 @@ import re
|
|||||||
import uuid
|
import uuid
|
||||||
import json
|
import json
|
||||||
import hashlib
|
import hashlib
|
||||||
import ipaddress
|
|
||||||
import socket
|
import socket
|
||||||
import time as _time
|
import time as _time
|
||||||
import logging
|
import logging
|
||||||
@@ -17,7 +16,6 @@ from fastapi import APIRouter, HTTPException, Form, Query, Body, Request, Respon
|
|||||||
from pydantic import BaseModel
|
from pydantic import BaseModel
|
||||||
from fastapi.responses import StreamingResponse
|
from fastapi.responses import StreamingResponse
|
||||||
from core.database import SessionLocal, ModelEndpoint, Session as DbSession
|
from core.database import SessionLocal, ModelEndpoint, Session as DbSession
|
||||||
from core.log_safety import redact_url as _redact_url_for_log
|
|
||||||
from core.middleware import require_admin
|
from core.middleware import require_admin
|
||||||
from src.llm_core import _detect_provider, _host_match, ANTHROPIC_MODELS
|
from src.llm_core import _detect_provider, _host_match, ANTHROPIC_MODELS
|
||||||
from src.tls_overrides import llm_verify
|
from src.tls_overrides import llm_verify
|
||||||
@@ -407,11 +405,8 @@ def _endpoint_refresh_timeout(ep: Any, category: str) -> float:
|
|||||||
except Exception:
|
except Exception:
|
||||||
val = 0
|
val = 0
|
||||||
if val > 0:
|
if val > 0:
|
||||||
return float(max(1, min(60, val)))
|
return float(max(1, min(30, val)))
|
||||||
# llama.cpp and other local OpenAI-compatible servers can block briefly
|
return 2.5 if category == "local" else 2.0
|
||||||
# while warming/loading. A 2s local timeout makes working endpoints flicker
|
|
||||||
# offline before /v1/models is ready.
|
|
||||||
return 10.0 if category == "local" else 2.0
|
|
||||||
|
|
||||||
|
|
||||||
def _manual_refresh_timeout(ep: Any, category: str, requested: Any = None) -> float:
|
def _manual_refresh_timeout(ep: Any, category: str, requested: Any = None) -> float:
|
||||||
@@ -478,7 +473,7 @@ def _explicit_model_list_timeout(base_url: str, endpoint_kind: str = "auto", req
|
|||||||
category = _classify_endpoint(base_url, kind)
|
category = _classify_endpoint(base_url, kind)
|
||||||
if kind in ("api", "proxy") or category == "api":
|
if kind in ("api", "proxy") or category == "api":
|
||||||
return 30.0
|
return 30.0
|
||||||
return 15.0 if category == "local" else (3.0 if _is_ollama_base(base_url) else 2.0)
|
return 3.0 if _is_ollama_base(base_url) else 2.0
|
||||||
|
|
||||||
|
|
||||||
def _cached_model_ids(ep: Any) -> List[str]:
|
def _cached_model_ids(ep: Any) -> List[str]:
|
||||||
@@ -523,10 +518,6 @@ _NON_CHAT_EXACT_PREFIXES = (
|
|||||||
|
|
||||||
def _is_chat_model(model_id: str) -> bool:
|
def _is_chat_model(model_id: str) -> bool:
|
||||||
"""Return True if the model ID looks like a chat/completions-capable model."""
|
"""Return True if the model ID looks like a chat/completions-capable model."""
|
||||||
if not isinstance(model_id, str):
|
|
||||||
# Non-compliant upstreams can return non-string IDs (e.g. int/None);
|
|
||||||
# treat them as chat-capable rather than crashing on .lower().
|
|
||||||
return True
|
|
||||||
mid = model_id.lower()
|
mid = model_id.lower()
|
||||||
for prefix in _NON_CHAT_PREFIXES:
|
for prefix in _NON_CHAT_PREFIXES:
|
||||||
if mid.startswith(prefix):
|
if mid.startswith(prefix):
|
||||||
@@ -571,8 +562,6 @@ def _safe_build_models_url(base_url: str) -> str:
|
|||||||
"""Build a /models URL without letting optional provider imports break probes."""
|
"""Build a /models URL without letting optional provider imports break probes."""
|
||||||
try:
|
try:
|
||||||
return build_models_url(base_url)
|
return build_models_url(base_url)
|
||||||
except ValueError:
|
|
||||||
raise
|
|
||||||
except Exception as exc:
|
except Exception as exc:
|
||||||
logger.debug("Model URL detection failed for %s: %s", base_url, exc)
|
logger.debug("Model URL detection failed for %s: %s", base_url, exc)
|
||||||
return f"{(base_url or '').rstrip('/')}/models"
|
return f"{(base_url or '').rstrip('/')}/models"
|
||||||
@@ -644,7 +633,7 @@ def _probe_single_model(base: str, api_key: str, model_id: str, timeout: int = 1
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
t0 = _time.time()
|
t0 = _time.time()
|
||||||
r = httpx.post(target_url, headers=h, json=payload, timeout=timeout, verify=llm_verify())
|
r = httpx.post(target_url, headers=h, json=payload, timeout=timeout)
|
||||||
latency = round((_time.time() - t0) * 1000)
|
latency = round((_time.time() - t0) * 1000)
|
||||||
if r.is_success:
|
if r.is_success:
|
||||||
return {"status": "ok", "latency_ms": latency}
|
return {"status": "ok", "latency_ms": latency}
|
||||||
@@ -670,20 +659,13 @@ def _probe_single_model(base: str, api_key: str, model_id: str, timeout: int = 1
|
|||||||
|
|
||||||
# Hostnames / IP prefixes that indicate a local endpoint
|
# Hostnames / IP prefixes that indicate a local endpoint
|
||||||
_LOCAL_HOSTS = {"localhost", "127.0.0.1", "0.0.0.0", "::1"}
|
_LOCAL_HOSTS = {"localhost", "127.0.0.1", "0.0.0.0", "::1"}
|
||||||
_PRIVATE_NETWORKS = (
|
_PRIVATE_PREFIXES = ("10.", "172.16.", "172.17.", "172.18.", "172.19.",
|
||||||
ipaddress.ip_network("10.0.0.0/8"),
|
"172.20.", "172.21.", "172.22.", "172.23.", "172.24.",
|
||||||
ipaddress.ip_network("172.16.0.0/12"),
|
"172.25.", "172.26.", "172.27.", "172.28.", "172.29.",
|
||||||
ipaddress.ip_network("192.168.0.0/16"),
|
"172.30.", "172.31.", "192.168.")
|
||||||
)
|
|
||||||
_TAILSCALE_CGNAT = ipaddress.ip_network("100.64.0.0/10")
|
|
||||||
|
|
||||||
|
|
||||||
def _local_ip_literal(host: str) -> bool:
|
_TAILSCALE_RE = re.compile(r"^100\.(6[4-9]|[7-9]\d|1[01]\d|12[0-7])\.")
|
||||||
try:
|
|
||||||
ip = ipaddress.ip_address(host)
|
|
||||||
except ValueError:
|
|
||||||
return False
|
|
||||||
return any(ip in network for network in _PRIVATE_NETWORKS) or ip in _TAILSCALE_CGNAT
|
|
||||||
|
|
||||||
|
|
||||||
def _classify_endpoint(base_url: str, endpoint_kind: str = "auto") -> str:
|
def _classify_endpoint(base_url: str, endpoint_kind: str = "auto") -> str:
|
||||||
@@ -697,7 +679,9 @@ def _classify_endpoint(base_url: str, endpoint_kind: str = "auto") -> str:
|
|||||||
return "api"
|
return "api"
|
||||||
try:
|
try:
|
||||||
host = urlparse(base_url).hostname or ""
|
host = urlparse(base_url).hostname or ""
|
||||||
if host in _LOCAL_HOSTS or _local_ip_literal(host):
|
if host in _LOCAL_HOSTS or host.startswith(_PRIVATE_PREFIXES):
|
||||||
|
return "local"
|
||||||
|
if _TAILSCALE_RE.match(host):
|
||||||
return "local"
|
return "local"
|
||||||
except Exception:
|
except Exception:
|
||||||
pass
|
pass
|
||||||
@@ -719,51 +703,6 @@ def _effective_endpoint_kind(ep: Any, base_url: str) -> str:
|
|||||||
return "auto"
|
return "auto"
|
||||||
|
|
||||||
|
|
||||||
def _is_loading_model_response(resp: Any) -> bool:
|
|
||||||
if getattr(resp, "status_code", None) != 503:
|
|
||||||
return False
|
|
||||||
try:
|
|
||||||
body = resp.text or ""
|
|
||||||
except Exception:
|
|
||||||
body = ""
|
|
||||||
return "loading model" in body.lower()
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def _openai_model_ids(data: Any) -> List[str]:
|
|
||||||
"""Extract OpenAI-style model IDs.
|
|
||||||
|
|
||||||
Accepts both standard ``{"data": [{"id": ...}]}`` responses and bare
|
|
||||||
``[{"id": ...}]`` lists returned by some OpenAI-compatible providers.
|
|
||||||
Tolerates non-dict/non-list bodies and non-string IDs, returning only
|
|
||||||
non-empty string IDs.
|
|
||||||
"""
|
|
||||||
if isinstance(data, list):
|
|
||||||
items = data
|
|
||||||
elif isinstance(data, dict):
|
|
||||||
items = data.get("data")
|
|
||||||
else:
|
|
||||||
items = None
|
|
||||||
return [m["id"] for m in (items or [])
|
|
||||||
if isinstance(m, dict) and isinstance(m.get("id"), str) and m["id"]]
|
|
||||||
|
|
||||||
|
|
||||||
def _ollama_model_names(data: Any) -> List[str]:
|
|
||||||
"""Extract native-Ollama model names (``{"models": [{"name"|"model": ...}]}``).
|
|
||||||
|
|
||||||
Same tolerance as :func:`_openai_model_ids`: a non-dict body or non-string
|
|
||||||
value is skipped rather than crashing, preserving name-then-model precedence.
|
|
||||||
"""
|
|
||||||
items = data.get("models") if isinstance(data, dict) else None
|
|
||||||
out: List[str] = []
|
|
||||||
for m in (items or []):
|
|
||||||
if not isinstance(m, dict):
|
|
||||||
continue
|
|
||||||
v = m.get("name") or m.get("model")
|
|
||||||
if isinstance(v, str) and v:
|
|
||||||
out.append(v)
|
|
||||||
return out
|
|
||||||
|
|
||||||
|
|
||||||
def _probe_endpoint(base_url: str, api_key: str = None, timeout: int = 5) -> List[str]:
|
def _probe_endpoint(base_url: str, api_key: str = None, timeout: int = 5) -> List[str]:
|
||||||
"""Probe a base URL's /models endpoint and return list of model IDs.
|
"""Probe a base URL's /models endpoint and return list of model IDs.
|
||||||
@@ -787,7 +726,7 @@ def _probe_endpoint(base_url: str, api_key: str = None, timeout: int = 5) -> Lis
|
|||||||
r = httpx.get(url, headers=headers, timeout=timeout, verify=llm_verify())
|
r = httpx.get(url, headers=headers, timeout=timeout, verify=llm_verify())
|
||||||
r.raise_for_status()
|
r.raise_for_status()
|
||||||
data = r.json()
|
data = r.json()
|
||||||
models = _openai_model_ids(data)
|
models = [m.get("id") for m in (data.get("data") or []) if m.get("id")]
|
||||||
if models:
|
if models:
|
||||||
return models
|
return models
|
||||||
except httpx.HTTPStatusError as e:
|
except httpx.HTTPStatusError as e:
|
||||||
@@ -809,10 +748,10 @@ def _probe_endpoint(base_url: str, api_key: str = None, timeout: int = 5) -> Lis
|
|||||||
r.raise_for_status()
|
r.raise_for_status()
|
||||||
data = r.json()
|
data = r.json()
|
||||||
# OpenAI format: {"data": [{"id": "model-name"}]}
|
# OpenAI format: {"data": [{"id": "model-name"}]}
|
||||||
models = _openai_model_ids(data)
|
models = [m.get("id") for m in (data.get("data") or []) if m.get("id")]
|
||||||
# Ollama format: {"models": [{"name": "model-name"}]}
|
# Ollama format: {"models": [{"name": "model-name"}]}
|
||||||
if not models:
|
if not models:
|
||||||
models = _ollama_model_names(data)
|
models = [m.get("name") or m.get("model") for m in (data.get("models") or []) if m.get("name") or m.get("model")]
|
||||||
if models:
|
if models:
|
||||||
# Z.AI coding plan omits some working models from /models;
|
# Z.AI coding plan omits some working models from /models;
|
||||||
# append curated-only entries for that endpoint only.
|
# append curated-only entries for that endpoint only.
|
||||||
@@ -828,19 +767,16 @@ def _probe_endpoint(base_url: str, api_key: str = None, timeout: int = 5) -> Lis
|
|||||||
models.append(_e)
|
models.append(_e)
|
||||||
return [m for m in models if _is_chat_model(m)]
|
return [m for m in models if _is_chat_model(m)]
|
||||||
except httpx.HTTPStatusError as e:
|
except httpx.HTTPStatusError as e:
|
||||||
if e.response is not None and _is_loading_model_response(e.response):
|
|
||||||
logger.info("Endpoint still loading model at %s", _redact_url_for_log(url))
|
|
||||||
return []
|
|
||||||
if api_key:
|
if api_key:
|
||||||
status = e.response.status_code if e.response is not None else "unknown"
|
status = e.response.status_code if e.response is not None else "unknown"
|
||||||
logger.warning("Failed to probe %s with API key: HTTP %s", _redact_url_for_log(url), status)
|
logger.warning(f"Failed to probe {url} with API key: HTTP {status}")
|
||||||
return []
|
return []
|
||||||
logger.warning("Failed to probe %s: %s", _redact_url_for_log(url), e)
|
logger.warning(f"Failed to probe {url}: {e}")
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
if api_key:
|
if api_key:
|
||||||
logger.warning("Failed to probe %s with API key: %s", _redact_url_for_log(url), e)
|
logger.warning(f"Failed to probe {url} with API key: {e}")
|
||||||
return []
|
return []
|
||||||
logger.warning("Failed to probe %s: %s", _redact_url_for_log(url), e)
|
logger.warning(f"Failed to probe {url}: {e}")
|
||||||
|
|
||||||
# Older Ollama builds and some proxies expose native /api/tags even when
|
# Older Ollama builds and some proxies expose native /api/tags even when
|
||||||
# the OpenAI-compatible /v1/models path is unavailable.
|
# the OpenAI-compatible /v1/models path is unavailable.
|
||||||
@@ -851,7 +787,7 @@ def _probe_endpoint(base_url: str, api_key: str = None, timeout: int = 5) -> Lis
|
|||||||
r = httpx.get(root + "/api/tags", timeout=timeout, verify=llm_verify())
|
r = httpx.get(root + "/api/tags", timeout=timeout, verify=llm_verify())
|
||||||
r.raise_for_status()
|
r.raise_for_status()
|
||||||
data = r.json()
|
data = r.json()
|
||||||
models = _ollama_model_names(data)
|
models = [m.get("name") or m.get("model") for m in (data.get("models") or []) if m.get("name") or m.get("model")]
|
||||||
if models:
|
if models:
|
||||||
return [m for m in models if _is_chat_model(m)]
|
return [m for m in models if _is_chat_model(m)]
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
@@ -880,15 +816,6 @@ def _ping_endpoint(base_url: str, api_key: str = None, timeout: float = 1.5) ->
|
|||||||
or "ollama" in (parsed_base.hostname or "").lower()
|
or "ollama" in (parsed_base.hostname or "").lower()
|
||||||
)
|
)
|
||||||
|
|
||||||
def _is_loading_model_response(r) -> bool:
|
|
||||||
if getattr(r, "status_code", None) != 503:
|
|
||||||
return False
|
|
||||||
try:
|
|
||||||
body = r.text or ""
|
|
||||||
except Exception:
|
|
||||||
body = ""
|
|
||||||
return "loading model" in body.lower()
|
|
||||||
|
|
||||||
def _result_from_response(r) -> Dict[str, Any]:
|
def _result_from_response(r) -> Dict[str, Any]:
|
||||||
if 300 <= r.status_code < 400:
|
if 300 <= r.status_code < 400:
|
||||||
loc = r.headers.get("location", "")
|
loc = r.headers.get("location", "")
|
||||||
@@ -905,13 +832,6 @@ def _ping_endpoint(base_url: str, api_key: str = None, timeout: float = 1.5) ->
|
|||||||
"status_code": r.status_code,
|
"status_code": r.status_code,
|
||||||
"error": None,
|
"error": None,
|
||||||
}
|
}
|
||||||
if _is_loading_model_response(r):
|
|
||||||
return {
|
|
||||||
"reachable": True,
|
|
||||||
"loading": True,
|
|
||||||
"status_code": r.status_code,
|
|
||||||
"error": "Loading model",
|
|
||||||
}
|
|
||||||
return {"reachable": False, "status_code": r.status_code, "error": f"HTTP {r.status_code}"}
|
return {"reachable": False, "status_code": r.status_code, "error": f"HTTP {r.status_code}"}
|
||||||
|
|
||||||
last_error: Optional[str] = None
|
last_error: Optional[str] = None
|
||||||
@@ -944,7 +864,7 @@ def _ping_endpoint(base_url: str, api_key: str = None, timeout: float = 1.5) ->
|
|||||||
if 400 <= sc < 500 and sc not in (401, 403):
|
if 400 <= sc < 500 and sc not in (401, 403):
|
||||||
models_url = _safe_build_models_url(base)
|
models_url = _safe_build_models_url(base)
|
||||||
try:
|
try:
|
||||||
r2 = httpx.get(models_url, headers=headers,timeout=timeout, verify=llm_verify())
|
r2 = httpx.get(models_url, headers=headers, timeout=timeout, verify=llm_verify())
|
||||||
result2 = _result_from_response(r2)
|
result2 = _result_from_response(r2)
|
||||||
if result2["reachable"]:
|
if result2["reachable"]:
|
||||||
return result2
|
return result2
|
||||||
@@ -1128,11 +1048,9 @@ def setup_model_routes(model_discovery):
|
|||||||
except Exception:
|
except Exception:
|
||||||
return 0.0
|
return 0.0
|
||||||
|
|
||||||
def _failure_delay(fails: int, *, empty_local: bool = False) -> float:
|
def _failure_delay(fails: int) -> float:
|
||||||
if fails <= 0:
|
if fails <= 0:
|
||||||
return 0.0
|
return 0.0
|
||||||
if empty_local:
|
|
||||||
return min(5.0 * (2 ** max(0, fails - 1)), 30.0)
|
|
||||||
return min(_REFRESH_FAILURE_BASE * (2 ** max(0, fails - 1)), _REFRESH_FAILURE_MAX)
|
return min(_REFRESH_FAILURE_BASE * (2 ** max(0, fails - 1)), _REFRESH_FAILURE_MAX)
|
||||||
|
|
||||||
def _should_refresh_endpoint(ep: Any, now: float, force: bool = False) -> tuple[bool, Dict[str, Any]]:
|
def _should_refresh_endpoint(ep: Any, now: float, force: bool = False) -> tuple[bool, Dict[str, Any]]:
|
||||||
@@ -1163,12 +1081,7 @@ def setup_model_routes(model_discovery):
|
|||||||
fails = int(state.get("fail_count") or 0)
|
fails = int(state.get("fail_count") or 0)
|
||||||
if fails and not force:
|
if fails and not force:
|
||||||
last_failure = float(state.get("last_failure") or 0.0)
|
last_failure = float(state.get("last_failure") or 0.0)
|
||||||
empty_local = (
|
if now - last_failure < _failure_delay(fails):
|
||||||
not cached
|
|
||||||
and category == "local"
|
|
||||||
and str(getattr(ep, "id", "") or "").startswith("local-")
|
|
||||||
)
|
|
||||||
if now - last_failure < _failure_delay(fails, empty_local=empty_local):
|
|
||||||
return False, info
|
return False, info
|
||||||
if cached and not force:
|
if cached and not force:
|
||||||
interval = _endpoint_refresh_interval(ep, category)
|
interval = _endpoint_refresh_interval(ep, category)
|
||||||
@@ -1483,7 +1396,7 @@ def setup_model_routes(model_discovery):
|
|||||||
t0 = _time.time()
|
t0 = _time.time()
|
||||||
ping = _ping_endpoint(base, ep.api_key, timeout=1.5)
|
ping = _ping_endpoint(base, ep.api_key, timeout=1.5)
|
||||||
entry["latency_ms"] = round((_time.time() - t0) * 1000)
|
entry["latency_ms"] = round((_time.time() - t0) * 1000)
|
||||||
entry["status"] = "loading" if ping.get("loading") else ("online" if ping.get("reachable") or cached_count else "offline")
|
entry["status"] = "online" if ping.get("reachable") or cached_count else "offline"
|
||||||
entry["error"] = ping.get("error")
|
entry["error"] = ping.get("error")
|
||||||
entry["model_count"] = cached_count or (len(ANTHROPIC_MODELS) if provider == "anthropic" else 0)
|
entry["model_count"] = cached_count or (len(ANTHROPIC_MODELS) if provider == "anthropic" else 0)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
@@ -1657,37 +1570,9 @@ def setup_model_routes(model_discovery):
|
|||||||
# "everything's already cached" path because this branch only
|
# "everything's already cached" path because this branch only
|
||||||
# runs for endpoints with an empty cached_models.
|
# runs for endpoints with an empty cached_models.
|
||||||
if not all_models and not pinned and r.is_enabled:
|
if not all_models and not pinned and r.is_enabled:
|
||||||
base_for_ping = _normalize_base(r.base_url)
|
ping = _ping_endpoint(r.base_url, r.api_key, timeout=3.5)
|
||||||
kind_for_ping = _effective_endpoint_kind(r, base_for_ping)
|
|
||||||
ping_timeout = 10.0 if _classify_endpoint(base_for_ping, kind_for_ping) == "local" else 3.5
|
|
||||||
ping = _ping_endpoint(r.base_url, r.api_key, timeout=ping_timeout)
|
|
||||||
if ping.get("reachable"):
|
if ping.get("reachable"):
|
||||||
status = "loading" if ping.get("loading") else "empty"
|
status = "empty"
|
||||||
if ping.get("loading"):
|
|
||||||
base = _normalize_base(r.base_url)
|
|
||||||
kind = _effective_endpoint_kind(r, base)
|
|
||||||
results.append({
|
|
||||||
"id": r.id,
|
|
||||||
"name": r.name,
|
|
||||||
"base_url": r.base_url,
|
|
||||||
"has_key": bool(r.api_key),
|
|
||||||
"api_key_fingerprint": _api_key_fingerprint(r.api_key),
|
|
||||||
"is_enabled": r.is_enabled,
|
|
||||||
"models": visible,
|
|
||||||
"pinned_models": pinned,
|
|
||||||
"hidden_count": len(hidden),
|
|
||||||
"online": True,
|
|
||||||
"status": status,
|
|
||||||
"ping_error": (ping or {}).get("error") if ping else None,
|
|
||||||
"model_type": getattr(r, "model_type", None) or "llm",
|
|
||||||
"supports_tools": getattr(r, "supports_tools", None),
|
|
||||||
"endpoint_kind": kind,
|
|
||||||
"category": _classify_endpoint(base, kind),
|
|
||||||
"model_refresh_mode": _endpoint_refresh_mode(r, kind),
|
|
||||||
"model_refresh_interval": getattr(r, "model_refresh_interval", None),
|
|
||||||
"model_refresh_timeout": getattr(r, "model_refresh_timeout", None),
|
|
||||||
})
|
|
||||||
continue
|
|
||||||
# Best-effort: if the probe came back reachable, try
|
# Best-effort: if the probe came back reachable, try
|
||||||
# to populate cached_models in the background so the
|
# to populate cached_models in the background so the
|
||||||
# NEXT picker load shows "online" instead of "empty".
|
# NEXT picker load shows "online" instead of "empty".
|
||||||
@@ -1695,7 +1580,7 @@ def setup_model_routes(model_discovery):
|
|||||||
# "empty" status, and the existing background refresh
|
# "empty" status, and the existing background refresh
|
||||||
# path will eventually fill it in too.
|
# path will eventually fill it in too.
|
||||||
try:
|
try:
|
||||||
probed = _probe_endpoint(r.base_url, r.api_key, timeout=max(5, int(ping_timeout)))
|
probed = _probe_endpoint(r.base_url, r.api_key, timeout=5)
|
||||||
if probed:
|
if probed:
|
||||||
r.cached_models = json.dumps(probed)
|
r.cached_models = json.dumps(probed)
|
||||||
db.commit()
|
db.commit()
|
||||||
@@ -1873,7 +1758,7 @@ def setup_model_routes(model_discovery):
|
|||||||
model_ids = _probe_endpoint(base_url, api_key.strip() or None, timeout=explicit_timeout) if should_probe else []
|
model_ids = _probe_endpoint(base_url, api_key.strip() or None, timeout=explicit_timeout) if should_probe else []
|
||||||
ping = {"reachable": False, "error": None}
|
ping = {"reachable": False, "error": None}
|
||||||
if (should_probe or requested_kind in ("api", "proxy")) and not model_ids:
|
if (should_probe or requested_kind in ("api", "proxy")) and not model_ids:
|
||||||
ping = _ping_endpoint(base_url, api_key.strip() or None, timeout=min(explicit_timeout, 10.0))
|
ping = _ping_endpoint(base_url, api_key.strip() or None, timeout=min(explicit_timeout, 2.0))
|
||||||
if require_model_list and not model_ids:
|
if require_model_list and not model_ids:
|
||||||
raise HTTPException(400, _model_endpoint_error_message(base_url, ping))
|
raise HTTPException(400, _model_endpoint_error_message(base_url, ping))
|
||||||
|
|
||||||
@@ -1940,7 +1825,7 @@ def setup_model_routes(model_discovery):
|
|||||||
"models": _merge_model_ids(model_ids, _pinned),
|
"models": _merge_model_ids(model_ids, _pinned),
|
||||||
"pinned_models": _pinned,
|
"pinned_models": _pinned,
|
||||||
"online": bool(model_ids) or bool(_pinned) or bool(ping.get("reachable")),
|
"online": bool(model_ids) or bool(_pinned) or bool(ping.get("reachable")),
|
||||||
"status": "online" if (model_ids or _pinned) else ("loading" if ping.get("loading") else ("empty" if ping.get("reachable") else "offline")),
|
"status": "online" if (model_ids or _pinned) else ("empty" if ping.get("reachable") else "offline"),
|
||||||
"ping_error": ping.get("error") if ping else None,
|
"ping_error": ping.get("error") if ping else None,
|
||||||
"endpoint_kind": requested_kind,
|
"endpoint_kind": requested_kind,
|
||||||
"category": _classify_endpoint(base_url, requested_kind),
|
"category": _classify_endpoint(base_url, requested_kind),
|
||||||
@@ -1965,11 +1850,11 @@ def setup_model_routes(model_discovery):
|
|||||||
configured_timeout = _parse_positive_int(model_refresh_timeout, minimum=1, maximum=60)
|
configured_timeout = _parse_positive_int(model_refresh_timeout, minimum=1, maximum=60)
|
||||||
probe_timeout = _explicit_model_list_timeout(base_url, requested_kind, configured_timeout)
|
probe_timeout = _explicit_model_list_timeout(base_url, requested_kind, configured_timeout)
|
||||||
models = _probe_endpoint(base_url, api_key.strip() or None, timeout=probe_timeout)
|
models = _probe_endpoint(base_url, api_key.strip() or None, timeout=probe_timeout)
|
||||||
ping = {"reachable": True, "error": None} if models else _ping_endpoint(base_url, api_key.strip() or None, timeout=min(probe_timeout, 10.0))
|
ping = {"reachable": True, "error": None} if models else _ping_endpoint(base_url, api_key.strip() or None, timeout=min(probe_timeout, 2.0))
|
||||||
return {
|
return {
|
||||||
"base_url": base_url,
|
"base_url": base_url,
|
||||||
"online": bool(models) or bool(ping.get("reachable")),
|
"online": bool(models) or bool(ping.get("reachable")),
|
||||||
"status": "online" if models else ("loading" if ping.get("loading") else ("empty" if ping.get("reachable") else "offline")),
|
"status": "online" if models else ("empty" if ping.get("reachable") else "offline"),
|
||||||
"ping_error": ping.get("error") if ping else None,
|
"ping_error": ping.get("error") if ping else None,
|
||||||
"models": models,
|
"models": models,
|
||||||
"count": len(models),
|
"count": len(models),
|
||||||
@@ -2147,16 +2032,6 @@ def setup_model_routes(model_discovery):
|
|||||||
ep_id = (_user_prefs.get("default_endpoint_id") or "").strip()
|
ep_id = (_user_prefs.get("default_endpoint_id") or "").strip()
|
||||||
model = (_user_prefs.get("default_model") or "").strip()
|
model = (_user_prefs.get("default_model") or "").strip()
|
||||||
_fallbacks = _user_prefs.get("default_model_fallbacks") or []
|
_fallbacks = _user_prefs.get("default_model_fallbacks") or []
|
||||||
# If user has no personal default, fall back to global default
|
|
||||||
# But only based on the "share_defaults_with_users" flag
|
|
||||||
# (only if share_defaults_with_users is enabled)
|
|
||||||
if settings.get("share_defaults_with_users", False):
|
|
||||||
if not ep_id:
|
|
||||||
ep_id = settings.get("default_endpoint_id", "")
|
|
||||||
if not model:
|
|
||||||
model = settings.get("default_model", "")
|
|
||||||
if not _fallbacks:
|
|
||||||
_fallbacks = settings.get("default_model_fallbacks") or []
|
|
||||||
else:
|
else:
|
||||||
ep_id = settings.get("default_endpoint_id", "")
|
ep_id = settings.get("default_endpoint_id", "")
|
||||||
model = settings.get("default_model", "")
|
model = settings.get("default_model", "")
|
||||||
|
|||||||
@@ -10,7 +10,6 @@ from fastapi import APIRouter, HTTPException, Request
|
|||||||
from pydantic import BaseModel
|
from pydantic import BaseModel
|
||||||
|
|
||||||
from core.database import SessionLocal, Note
|
from core.database import SessionLocal, Note
|
||||||
from core.middleware import INTERNAL_TOOL_USER
|
|
||||||
from src.auth_helpers import require_user
|
from src.auth_helpers import require_user
|
||||||
from src.constants import DATA_DIR
|
from src.constants import DATA_DIR
|
||||||
from sqlalchemy.orm.attributes import flag_modified
|
from sqlalchemy.orm.attributes import flag_modified
|
||||||
@@ -335,11 +334,10 @@ async def dispatch_reminder(
|
|||||||
# Loud diagnostic so we can see WHY a reminder didn't send (the
|
# Loud diagnostic so we can see WHY a reminder didn't send (the
|
||||||
# previous "silently no-op when cfg has no smtp_host" was invisible).
|
# previous "silently no-op when cfg has no smtp_host" was invisible).
|
||||||
logger.info(
|
logger.info(
|
||||||
"dispatch_reminder[email] note_id=%s owner=%r "
|
f"dispatch_reminder[email] note_id={note_id} owner={owner!r} "
|
||||||
"has_smtp_host=%s has_smtp_user=%s has_from=%s has_recipient=%s",
|
f"smtp_host={cfg.get('smtp_host')!r} smtp_user={cfg.get('smtp_user')!r} "
|
||||||
note_id, owner,
|
f"from={from_addr!r} recipient={recipient!r} "
|
||||||
bool(cfg.get("smtp_host")), bool(cfg.get("smtp_user")),
|
f"account_name={cfg.get('account_name')!r}"
|
||||||
bool(from_addr), bool(recipient),
|
|
||||||
)
|
)
|
||||||
missing = []
|
missing = []
|
||||||
if not cfg.get("smtp_host"):
|
if not cfg.get("smtp_host"):
|
||||||
@@ -584,7 +582,7 @@ def setup_note_routes(task_scheduler=None):
|
|||||||
return require_user(request) or None
|
return require_user(request) or None
|
||||||
|
|
||||||
def _is_admin_or_single_user(request: Request, user: str | None) -> bool:
|
def _is_admin_or_single_user(request: Request, user: str | None) -> bool:
|
||||||
if user == INTERNAL_TOOL_USER:
|
if user == "internal-tool":
|
||||||
return True
|
return True
|
||||||
if not user:
|
if not user:
|
||||||
# require_user() already admitted this request, which only happens
|
# require_user() already admitted this request, which only happens
|
||||||
|
|||||||
@@ -2,9 +2,8 @@
|
|||||||
"""Routes for personal documents management."""
|
"""Routes for personal documents management."""
|
||||||
import os
|
import os
|
||||||
import logging
|
import logging
|
||||||
import shutil
|
|
||||||
import uuid
|
import uuid
|
||||||
from typing import Any, Dict, List, Tuple
|
from typing import List, Tuple
|
||||||
from fastapi import APIRouter, HTTPException, Query, Request, UploadFile, File, Depends
|
from fastapi import APIRouter, HTTPException, Query, Request, UploadFile, File, Depends
|
||||||
from src.request_models import DirectoryRequest
|
from src.request_models import DirectoryRequest
|
||||||
from core.constants import BASE_DIR, PERSONAL_DIR, PERSONAL_UPLOADS_DIR
|
from core.constants import BASE_DIR, PERSONAL_DIR, PERSONAL_UPLOADS_DIR
|
||||||
@@ -19,15 +18,14 @@ UPLOADS_DIR = PERSONAL_UPLOADS_DIR
|
|||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
def _personal_upload_dir_for_owner(owner: str | None, *, create: bool = True) -> str:
|
def _personal_upload_dir_for_owner(owner: str | None) -> str:
|
||||||
"""Return the per-owner upload directory used for direct RAG uploads."""
|
"""Return the per-owner upload directory used for direct RAG uploads."""
|
||||||
owner_segment = secure_filename((owner or "local").strip())[:80] or "local"
|
owner_segment = secure_filename((owner or "local").strip())[:80] or "local"
|
||||||
upload_dir = os.path.abspath(os.path.join(UPLOADS_DIR, owner_segment))
|
upload_dir = os.path.abspath(os.path.join(UPLOADS_DIR, owner_segment))
|
||||||
base_abs = os.path.abspath(UPLOADS_DIR)
|
base_abs = os.path.abspath(UPLOADS_DIR)
|
||||||
if os.path.commonpath([upload_dir, base_abs]) != base_abs:
|
if os.path.commonpath([upload_dir, base_abs]) != base_abs:
|
||||||
raise ValueError("Unsafe upload owner path")
|
raise ValueError("Unsafe upload owner path")
|
||||||
if create:
|
os.makedirs(upload_dir, exist_ok=True)
|
||||||
os.makedirs(upload_dir, exist_ok=True)
|
|
||||||
return upload_dir
|
return upload_dir
|
||||||
|
|
||||||
|
|
||||||
@@ -46,87 +44,6 @@ def _unique_personal_upload_path(upload_dir: str, original_name: str | None) ->
|
|||||||
raise ValueError("Unsafe upload filename")
|
raise ValueError("Unsafe upload filename")
|
||||||
return file_path, filename, safe_name
|
return file_path, filename, safe_name
|
||||||
|
|
||||||
|
|
||||||
def _unique_existing_target(path: str) -> str:
|
|
||||||
"""Return a non-existing sibling path for rename collision handling."""
|
|
||||||
if not os.path.exists(path):
|
|
||||||
return path
|
|
||||||
stem, ext = os.path.splitext(path)
|
|
||||||
while True:
|
|
||||||
candidate = f"{stem}-{uuid.uuid4().hex[:10]}{ext}"
|
|
||||||
if not os.path.exists(candidate):
|
|
||||||
return candidate
|
|
||||||
|
|
||||||
|
|
||||||
def _remove_empty_tree(path: str) -> None:
|
|
||||||
"""Best-effort removal of empty directories under ``path``."""
|
|
||||||
if not os.path.isdir(path):
|
|
||||||
return
|
|
||||||
for root, dirs, _files in os.walk(path, topdown=False):
|
|
||||||
for dirname in dirs:
|
|
||||||
candidate = os.path.join(root, dirname)
|
|
||||||
try:
|
|
||||||
os.rmdir(candidate)
|
|
||||||
except OSError:
|
|
||||||
pass
|
|
||||||
try:
|
|
||||||
os.rmdir(path)
|
|
||||||
except OSError:
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
def rename_personal_upload_owner(
|
|
||||||
old_owner: str,
|
|
||||||
new_owner: str,
|
|
||||||
*,
|
|
||||||
personal_docs_manager: Any = None,
|
|
||||||
rag_manager: Any = None,
|
|
||||||
) -> Dict[str, Any]:
|
|
||||||
"""Move direct personal uploads and rewrite RAG owner metadata on user rename."""
|
|
||||||
old_dir = _personal_upload_dir_for_owner(old_owner, create=False)
|
|
||||||
new_dir = _personal_upload_dir_for_owner(new_owner, create=False)
|
|
||||||
path_map: Dict[str, str] = {}
|
|
||||||
moved_files = 0
|
|
||||||
|
|
||||||
if os.path.isdir(old_dir) and old_dir != new_dir:
|
|
||||||
os.makedirs(new_dir, exist_ok=True)
|
|
||||||
for root, _dirs, files in os.walk(old_dir):
|
|
||||||
rel_root = os.path.relpath(root, old_dir)
|
|
||||||
target_root = new_dir if rel_root == "." else os.path.join(new_dir, rel_root)
|
|
||||||
os.makedirs(target_root, exist_ok=True)
|
|
||||||
for filename in files:
|
|
||||||
source = os.path.abspath(os.path.join(root, filename))
|
|
||||||
target = _unique_existing_target(os.path.abspath(os.path.join(target_root, filename)))
|
|
||||||
shutil.move(source, target)
|
|
||||||
path_map[source] = target
|
|
||||||
moved_files += 1
|
|
||||||
_remove_empty_tree(old_dir)
|
|
||||||
|
|
||||||
if personal_docs_manager is not None:
|
|
||||||
rename_directory = getattr(personal_docs_manager, "rename_directory", None)
|
|
||||||
if callable(rename_directory):
|
|
||||||
rename_directory(old_dir, new_dir, path_map=path_map)
|
|
||||||
|
|
||||||
rag_result = None
|
|
||||||
if rag_manager is not None:
|
|
||||||
rename_owner = getattr(rag_manager, "rename_owner", None)
|
|
||||||
if callable(rename_owner):
|
|
||||||
rag_result = rename_owner(
|
|
||||||
old_owner,
|
|
||||||
new_owner,
|
|
||||||
path_map=path_map,
|
|
||||||
path_prefixes=[(old_dir, new_dir)],
|
|
||||||
)
|
|
||||||
|
|
||||||
return {
|
|
||||||
"old_dir": old_dir,
|
|
||||||
"new_dir": new_dir,
|
|
||||||
"moved_files": moved_files,
|
|
||||||
"path_map": path_map,
|
|
||||||
"rag_result": rag_result,
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
def setup_personal_routes(personal_docs_manager, rag_manager, rag_available):
|
def setup_personal_routes(personal_docs_manager, rag_manager, rag_available):
|
||||||
"""
|
"""
|
||||||
Setup personal documents related routes.
|
Setup personal documents related routes.
|
||||||
@@ -358,13 +275,11 @@ def setup_personal_routes(personal_docs_manager, rag_manager, rag_available):
|
|||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.warning(f"RAG removal failed for {filepath}: {e}")
|
logger.warning(f"RAG removal failed for {filepath}: {e}")
|
||||||
|
|
||||||
# Delete file from disk if it's in the caller's own uploads dir.
|
# Delete file from disk if it's in uploads dir
|
||||||
# Scope to the per-owner subdir, not the shared uploads root, so one
|
|
||||||
# admin can't delete another user's personal files by path.
|
|
||||||
deleted_from_disk = False
|
deleted_from_disk = False
|
||||||
try:
|
try:
|
||||||
abs_target = os.path.realpath(filepath)
|
abs_target = os.path.realpath(filepath)
|
||||||
base_abs = os.path.realpath(_personal_upload_dir_for_owner(owner, create=False))
|
base_abs = os.path.realpath(UPLOADS_DIR)
|
||||||
in_uploads = (
|
in_uploads = (
|
||||||
abs_target == base_abs
|
abs_target == base_abs
|
||||||
or os.path.commonpath([abs_target, base_abs]) == base_abs
|
or os.path.commonpath([abs_target, base_abs]) == base_abs
|
||||||
|
|||||||
@@ -1,6 +1,5 @@
|
|||||||
"""Preset routes — /api/presets GET, /api/presets/custom POST, user templates CRUD."""
|
"""Preset routes — /api/presets GET, /api/presets/custom POST, user templates CRUD."""
|
||||||
|
|
||||||
import asyncio
|
|
||||||
import logging
|
import logging
|
||||||
import uuid
|
import uuid
|
||||||
from typing import Dict, Any, List
|
from typing import Dict, Any, List
|
||||||
@@ -103,7 +102,7 @@ def setup_preset_routes(preset_manager) -> APIRouter:
|
|||||||
try:
|
try:
|
||||||
model_spec = data.get("model") or ""
|
model_spec = data.get("model") or ""
|
||||||
user = effective_user(request)
|
user = effective_user(request)
|
||||||
url, model, headers = await asyncio.to_thread(_resolve_model, model_spec, owner=user)
|
url, model, headers = _resolve_model(model_spec, owner=user)
|
||||||
result = await llm_call_async(url, model, messages, temperature=0.8, max_tokens=500, headers=headers)
|
result = await llm_call_async(url, model, messages, temperature=0.8, max_tokens=500, headers=headers)
|
||||||
return {"success": True, "prompt": result.strip()}
|
return {"success": True, "prompt": result.strip()}
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
|
|||||||
@@ -12,10 +12,8 @@ from typing import Optional
|
|||||||
from fastapi import APIRouter, HTTPException, Query, Request
|
from fastapi import APIRouter, HTTPException, Query, Request
|
||||||
from fastapi.responses import HTMLResponse, StreamingResponse
|
from fastapi.responses import HTMLResponse, StreamingResponse
|
||||||
from pydantic import BaseModel, Field
|
from pydantic import BaseModel, Field
|
||||||
from core.middleware import INTERNAL_TOOL_USER
|
|
||||||
from src.endpoint_resolver import resolve_endpoint
|
from src.endpoint_resolver import resolve_endpoint
|
||||||
from src.auth_helpers import _auth_disabled, get_current_user
|
from src.auth_helpers import _auth_disabled, get_current_user
|
||||||
from core.auth import RESERVED_USERNAMES
|
|
||||||
from src.constants import DEEP_RESEARCH_DIR
|
from src.constants import DEEP_RESEARCH_DIR
|
||||||
|
|
||||||
_SESSION_ID_RE = re.compile(r"^[a-zA-Z0-9-]{1,128}$")
|
_SESSION_ID_RE = re.compile(r"^[a-zA-Z0-9-]{1,128}$")
|
||||||
@@ -387,9 +385,9 @@ def setup_research_routes(research_handler, session_manager=None) -> APIRouter:
|
|||||||
"""Launch a research job from the dedicated panel."""
|
"""Launch a research job from the dedicated panel."""
|
||||||
from src.auth_helpers import require_privilege
|
from src.auth_helpers import require_privilege
|
||||||
user = require_privilege(request, "can_use_research")
|
user = require_privilege(request, "can_use_research")
|
||||||
if user == INTERNAL_TOOL_USER:
|
if user == "internal-tool":
|
||||||
tool_owner = (request.headers.get("X-Odysseus-Owner") or "").strip()
|
tool_owner = (request.headers.get("X-Odysseus-Owner") or "").strip()
|
||||||
if tool_owner and tool_owner not in RESERVED_USERNAMES:
|
if tool_owner and tool_owner not in {"internal-tool", "api", "demo", "system"}:
|
||||||
auth_mgr = getattr(request.app.state, "auth_manager", None)
|
auth_mgr = getattr(request.app.state, "auth_manager", None)
|
||||||
if auth_mgr is not None and getattr(auth_mgr, "is_configured", False):
|
if auth_mgr is not None and getattr(auth_mgr, "is_configured", False):
|
||||||
try:
|
try:
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ from core.session_manager import SessionManager
|
|||||||
from core.models import ChatMessage
|
from core.models import ChatMessage
|
||||||
from src.request_models import SessionResponse
|
from src.request_models import SessionResponse
|
||||||
from core.database import Session as DbSession, SessionLocal, Document, GalleryImage, utcnow_naive
|
from core.database import Session as DbSession, SessionLocal, Document, GalleryImage, utcnow_naive
|
||||||
from src.auth_helpers import effective_user, _auth_disabled, owner_filter
|
from src.auth_helpers import get_current_user, effective_user, _auth_disabled, owner_filter
|
||||||
from src.session_actions import is_session_recently_active
|
from src.session_actions import is_session_recently_active
|
||||||
|
|
||||||
|
|
||||||
@@ -328,7 +328,7 @@ def setup_session_routes(session_manager: SessionManager, config: dict, webhook_
|
|||||||
endpoint_id: str = Form(""),
|
endpoint_id: str = Form(""),
|
||||||
):
|
):
|
||||||
skip_val = str(skip_validation).lower() == "true"
|
skip_val = str(skip_validation).lower() == "true"
|
||||||
user = effective_user(request)
|
user = get_current_user(request)
|
||||||
endpoint_api_key = ""
|
endpoint_api_key = ""
|
||||||
endpoint_base_url = ""
|
endpoint_base_url = ""
|
||||||
_reject_raw_endpoint_url_for_non_admin(request, user, endpoint_id, endpoint_url)
|
_reject_raw_endpoint_url_for_non_admin(request, user, endpoint_id, endpoint_url)
|
||||||
@@ -477,7 +477,7 @@ def setup_session_routes(session_manager: SessionManager, config: dict, webhook_
|
|||||||
db.close()
|
db.close()
|
||||||
# Switch model/endpoint mid-session
|
# Switch model/endpoint mid-session
|
||||||
if model is not None and endpoint_url is not None:
|
if model is not None and endpoint_url is not None:
|
||||||
user = effective_user(request)
|
user = get_current_user(request)
|
||||||
_reject_raw_endpoint_url_for_non_admin(request, user, endpoint_id, endpoint_url)
|
_reject_raw_endpoint_url_for_non_admin(request, user, endpoint_id, endpoint_url)
|
||||||
endpoint_api_key = ""
|
endpoint_api_key = ""
|
||||||
endpoint_base_url = ""
|
endpoint_base_url = ""
|
||||||
@@ -1004,7 +1004,6 @@ def setup_session_routes(session_manager: SessionManager, config: dict, webhook_
|
|||||||
"""
|
"""
|
||||||
from src.llm_core import llm_call
|
from src.llm_core import llm_call
|
||||||
user = effective_user(request)
|
user = effective_user(request)
|
||||||
single_user_mode = not user and _auth_disabled()
|
|
||||||
user_sessions = session_manager.get_sessions_for_user(user)
|
user_sessions = session_manager.get_sessions_for_user(user)
|
||||||
|
|
||||||
# Delete empty and throwaway sessions before sorting
|
# Delete empty and throwaway sessions before sorting
|
||||||
@@ -1023,12 +1022,7 @@ def setup_session_routes(session_manager: SessionManager, config: dict, webhook_
|
|||||||
}
|
}
|
||||||
_THROWAWAY_MAX_MESSAGES = 4 # only delete if <= this many messages
|
_THROWAWAY_MAX_MESSAGES = 4 # only delete if <= this many messages
|
||||||
try:
|
try:
|
||||||
rows_q = db.query(DbSession).filter(DbSession.archived == False)
|
rows = db.query(DbSession).filter(DbSession.archived == False, DbSession.owner == user).limit(2000).all()
|
||||||
if user:
|
|
||||||
rows_q = rows_q.filter(DbSession.owner == user)
|
|
||||||
elif not single_user_mode:
|
|
||||||
rows_q = rows_q.filter(DbSession.owner == user)
|
|
||||||
rows = rows_q.limit(2000).all()
|
|
||||||
folder_map = {r.id: r.folder for r in rows}
|
folder_map = {r.id: r.folder for r in rows}
|
||||||
# Precompute per-session message counts in TWO aggregate queries
|
# Precompute per-session message counts in TWO aggregate queries
|
||||||
# instead of 1–3 queries PER session — with many chats the per-row
|
# instead of 1–3 queries PER session — with many chats the per-row
|
||||||
@@ -1248,12 +1242,7 @@ def setup_session_routes(session_manager: SessionManager, config: dict, webhook_
|
|||||||
db = SessionLocal()
|
db = SessionLocal()
|
||||||
try:
|
try:
|
||||||
for sid, folder_name in assignments.items():
|
for sid, folder_name in assignments.items():
|
||||||
db_session_q = db.query(DbSession).filter(DbSession.id == sid)
|
db_session = db.query(DbSession).filter(DbSession.id == sid, DbSession.owner == user).first()
|
||||||
if user:
|
|
||||||
db_session_q = db_session_q.filter(DbSession.owner == user)
|
|
||||||
elif not single_user_mode:
|
|
||||||
db_session_q = db_session_q.filter(DbSession.owner == user)
|
|
||||||
db_session = db_session_q.first()
|
|
||||||
if db_session:
|
if db_session:
|
||||||
db_session.folder = folder_name
|
db_session.folder = folder_name
|
||||||
db_session.updated_at = datetime.utcnow()
|
db_session.updated_at = datetime.utcnow()
|
||||||
|
|||||||
+15
-381
@@ -15,7 +15,6 @@ from collections import namedtuple
|
|||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
from typing import Dict, Any
|
from typing import Dict, Any
|
||||||
from core.platform_compat import IS_APPLE_SILICON, which_tool
|
from core.platform_compat import IS_APPLE_SILICON, which_tool
|
||||||
from core.middleware import INTERNAL_TOOL_USER
|
|
||||||
from src.optional_deps import prepare_optional_dependency_import
|
from src.optional_deps import prepare_optional_dependency_import
|
||||||
|
|
||||||
# POSIX-only: `pty`/`fcntl` transitively import `termios`, which does NOT exist
|
# POSIX-only: `pty`/`fcntl` transitively import `termios`, which does NOT exist
|
||||||
@@ -56,7 +55,7 @@ def _require_admin(request: Request):
|
|||||||
# In-process tool loopback. The AuthMiddleware already validated the
|
# In-process tool loopback. The AuthMiddleware already validated the
|
||||||
# internal token + loopback client before setting this marker, so
|
# internal token + loopback client before setting this marker, so
|
||||||
# honour it here as admin-equivalent.
|
# honour it here as admin-equivalent.
|
||||||
if user == INTERNAL_TOOL_USER:
|
if user == "internal-tool":
|
||||||
return
|
return
|
||||||
if not user or user == "api":
|
if not user or user == "api":
|
||||||
raise HTTPException(403, "Admin only")
|
raise HTTPException(403, "Admin only")
|
||||||
@@ -331,9 +330,6 @@ def add_user_install_bins_to_path():
|
|||||||
candidates.append(os.path.join(site.USER_BASE, 'bin'))
|
candidates.append(os.path.join(site.USER_BASE, 'bin'))
|
||||||
except Exception:
|
except Exception:
|
||||||
pass
|
pass
|
||||||
candidates.append(os.path.expanduser('~/bin'))
|
|
||||||
candidates.append(os.path.expanduser('~/llama.cpp/build/bin'))
|
|
||||||
candidates.append(os.path.expanduser('~/llama.cpp/build-vulkan/bin'))
|
|
||||||
candidates.append(os.path.expanduser('~/.local/bin'))
|
candidates.append(os.path.expanduser('~/.local/bin'))
|
||||||
parts = os.environ.get('PATH', '').split(os.pathsep) if os.environ.get('PATH') else []
|
parts = os.environ.get('PATH', '').split(os.pathsep) if os.environ.get('PATH') else []
|
||||||
changed = False
|
changed = False
|
||||||
@@ -965,84 +961,12 @@ def setup_shell_routes() -> APIRouter:
|
|||||||
|
|
||||||
return StreamingResponse(generate(), media_type="text/event-stream")
|
return StreamingResponse(generate(), media_type="text/event-stream")
|
||||||
|
|
||||||
def _os_id_from_release(text: str) -> str:
|
|
||||||
"""Map /etc/os-release contents to a canonical family for our matrix."""
|
|
||||||
if not text:
|
|
||||||
return ""
|
|
||||||
ids = []
|
|
||||||
for line in text.splitlines():
|
|
||||||
line = line.strip()
|
|
||||||
if line.startswith("ID=") or line.startswith("ID_LIKE="):
|
|
||||||
ids += line.split("=", 1)[1].strip().strip('"').split()
|
|
||||||
ids = [i.lower() for i in ids]
|
|
||||||
if any(x in ids for x in ("debian", "ubuntu", "linuxmint", "pop", "elementary")):
|
|
||||||
return "debian"
|
|
||||||
if any(x in ids for x in ("arch", "manjaro", "endeavouros", "cachyos", "garuda")):
|
|
||||||
return "arch"
|
|
||||||
if any(x in ids for x in ("fedora", "rhel", "centos", "rocky", "almalinux", "ol")):
|
|
||||||
return "fedora"
|
|
||||||
if "alpine" in ids:
|
|
||||||
return "alpine"
|
|
||||||
if any(x in ids for x in ("suse", "opensuse", "opensuse-leap", "opensuse-tumbleweed", "sles")):
|
|
||||||
return "suse"
|
|
||||||
return ""
|
|
||||||
|
|
||||||
# Matrix lookup keyed on (os_family, backend) → (pkg_mgr_cmd_template, pkg_list_per_dep).
|
|
||||||
# Each `system_prereqs` name resolves to a list of OS-specific package
|
|
||||||
# names that get joined into the final `sudo apt install -y …` etc.
|
|
||||||
# command. Backend-specific extras (CUDA toolkit, ROCm, Vulkan headers)
|
|
||||||
# are added only when the detected backend needs them.
|
|
||||||
_PKG_NAMES = {
|
|
||||||
# canonical-name → {os_id: [actual_pkg_names_on_this_os]}
|
|
||||||
"cmake": {"debian": ["cmake"], "arch": ["cmake"], "fedora": ["cmake"], "alpine": ["cmake"], "suse": ["cmake"], "macos": ["cmake"]},
|
|
||||||
"build-essential": {"debian": ["build-essential"], "arch": ["base-devel"], "fedora": ["gcc", "gcc-c++", "make"], "alpine": ["build-base"], "suse": ["gcc-c++", "make"], "macos": []},
|
|
||||||
"g++": {"debian": ["g++"], "arch": ["gcc"], "fedora": ["gcc-c++"], "alpine": ["g++"], "suse": ["gcc-c++"], "macos": []},
|
|
||||||
"gcc": {"debian": ["gcc"], "arch": ["gcc"], "fedora": ["gcc"], "alpine": ["gcc"], "suse": ["gcc"], "macos": []},
|
|
||||||
"make": {"debian": ["make"], "arch": ["make"], "fedora": ["make"], "alpine": ["make"], "suse": ["make"], "macos": []},
|
|
||||||
"git": {"debian": ["git"], "arch": ["git"], "fedora": ["git"], "alpine": ["git"], "suse": ["git"], "macos": ["git"]},
|
|
||||||
"tmux": {"debian": ["tmux"], "arch": ["tmux"], "fedora": ["tmux"], "alpine": ["tmux"], "suse": ["tmux"], "macos": ["tmux"]},
|
|
||||||
}
|
|
||||||
_BACKEND_EXTRAS = {
|
|
||||||
"cuda": {"debian": ["nvidia-cuda-toolkit"], "arch": ["cuda"], "fedora": ["cuda-toolkit"], "alpine": [], "suse": ["cuda"], "macos": []},
|
|
||||||
"rocm": {"debian": ["rocm-dev"], "arch": ["rocm-hip-sdk"], "fedora": ["rocm-devel"], "alpine": [], "suse": ["rocm-dev"], "macos": []},
|
|
||||||
"vulkan": {"debian": ["libvulkan-dev", "vulkan-tools"], "arch": ["vulkan-headers", "vulkan-tools"], "fedora": ["vulkan-headers", "vulkan-tools"], "alpine": ["vulkan-loader-dev", "vulkan-tools"], "suse": ["vulkan-devel", "vulkan-tools"], "macos": []},
|
|
||||||
}
|
|
||||||
_PKG_MGR = {
|
|
||||||
"debian": "sudo apt install -y {pkgs}",
|
|
||||||
"arch": "sudo pacman -S --needed {pkgs}",
|
|
||||||
"fedora": "sudo dnf install -y {pkgs}",
|
|
||||||
"alpine": "sudo apk add {pkgs}",
|
|
||||||
"suse": "sudo zypper install -n {pkgs}",
|
|
||||||
"macos": "brew install {pkgs}",
|
|
||||||
}
|
|
||||||
|
|
||||||
def _install_cmd_for_target(os_id: str, backend: str, missing: list[str]) -> str:
|
|
||||||
"""Build a single OS+backend-aware install command for the missing prereqs."""
|
|
||||||
if not os_id or os_id not in _PKG_MGR:
|
|
||||||
return ""
|
|
||||||
pkgs: list[str] = []
|
|
||||||
seen: set[str] = set()
|
|
||||||
for m in missing:
|
|
||||||
for p in _PKG_NAMES.get(m, {}).get(os_id, []):
|
|
||||||
if p not in seen:
|
|
||||||
pkgs.append(p); seen.add(p)
|
|
||||||
# Add backend-specific extras only when the build would actually
|
|
||||||
# consume them (a CUDA toolkit isn't useful on a Vulkan box).
|
|
||||||
backend = (backend or "").lower()
|
|
||||||
for p in _BACKEND_EXTRAS.get(backend, {}).get(os_id, []):
|
|
||||||
if p not in seen:
|
|
||||||
pkgs.append(p); seen.add(p)
|
|
||||||
if not pkgs:
|
|
||||||
return ""
|
|
||||||
return _PKG_MGR[os_id].format(pkgs=" ".join(pkgs))
|
|
||||||
|
|
||||||
@router.get("/api/cookbook/packages")
|
@router.get("/api/cookbook/packages")
|
||||||
async def list_packages(
|
async def list_packages(
|
||||||
request: Request,
|
request: Request,
|
||||||
host: str | None = None,
|
host: str | None = None,
|
||||||
ssh_port: str | None = None,
|
ssh_port: str | None = None,
|
||||||
venv: str | None = None,
|
venv: str | None = None,
|
||||||
backend: str | None = None,
|
|
||||||
):
|
):
|
||||||
"""Check which optional packages are installed.
|
"""Check which optional packages are installed.
|
||||||
|
|
||||||
@@ -1063,19 +987,8 @@ def setup_shell_routes() -> APIRouter:
|
|||||||
importlib.invalidate_caches()
|
importlib.invalidate_caches()
|
||||||
try:
|
try:
|
||||||
user_site = site.getusersitepackages()
|
user_site = site.getusersitepackages()
|
||||||
if user_site and os.path.isdir(user_site):
|
if user_site and os.path.isdir(user_site) and user_site not in sys.path:
|
||||||
# Use addsitedir(), NOT a bare sys.path.append(). When a package
|
sys.path.append(user_site)
|
||||||
# is `pip install --user`'d at runtime (Cookbook → Install) the
|
|
||||||
# long-lived server process started before the user-site existed,
|
|
||||||
# so site never processed it — including its `.pth` hooks. On
|
|
||||||
# Python 3.12+ `distutils` is gone from stdlib and is only
|
|
||||||
# restored by setuptools' `distutils-precedence.pth`, which ships
|
|
||||||
# in user-site. basicsr (a realesrgan dep) does `import distutils`
|
|
||||||
# at import time, so a plain append left the package importable
|
|
||||||
# but `import distutils` failing → realesrgan probed as
|
|
||||||
# not-installed until a full process restart. addsitedir() replays
|
|
||||||
# the `.pth` files so the shim is active.
|
|
||||||
site.addsitedir(user_site)
|
|
||||||
except Exception:
|
except Exception:
|
||||||
pass
|
pass
|
||||||
if ssh_port and str(ssh_port).strip() not in ("", "22"):
|
if ssh_port and str(ssh_port).strip() not in ("", "22"):
|
||||||
@@ -1102,12 +1015,6 @@ def setup_shell_routes() -> APIRouter:
|
|||||||
"kind": "system",
|
"kind": "system",
|
||||||
"install_hint": "Install Docker on the selected server and allow this user to run docker.",
|
"install_hint": "Install Docker on the selected server and allow this user to run docker.",
|
||||||
},
|
},
|
||||||
# Note: cmake / gcc / git are not separate dependency rows —
|
|
||||||
# they're declared as `system_prereqs` on llama_cpp (and any
|
|
||||||
# other engine that compiles from source) so they appear as
|
|
||||||
# an inline status note on that engine's row instead of
|
|
||||||
# cluttering the panel with raw OS package names that aren't
|
|
||||||
# meaningful product-level dependencies on their own.
|
|
||||||
# ── LLM ── installs on GPU servers for model serving/downloading
|
# ── LLM ── installs on GPU servers for model serving/downloading
|
||||||
{
|
{
|
||||||
"name": "hf_transfer",
|
"name": "hf_transfer",
|
||||||
@@ -1119,16 +1026,9 @@ def setup_shell_routes() -> APIRouter:
|
|||||||
{
|
{
|
||||||
"name": "llama_cpp",
|
"name": "llama_cpp",
|
||||||
"pip": "llama-cpp-python[server]",
|
"pip": "llama-cpp-python[server]",
|
||||||
"desc": "Great for single-GPU or CPU inference with GGUF models",
|
"desc": "Serve GGUF models via llama.cpp",
|
||||||
"category": "LLM",
|
"category": "LLM",
|
||||||
"target": "remote",
|
"target": "remote",
|
||||||
# Build-toolchain prereqs. Cookbook's launch bootstrap
|
|
||||||
# compiles llama-server from source when no prebuilt
|
|
||||||
# binary is present; without these the build aborts
|
|
||||||
# with `cmake: command not found`. Surfaced inline on
|
|
||||||
# this row so the user doesn't have to chase three
|
|
||||||
# separate OS-package rows.
|
|
||||||
"system_prereqs": ["cmake", "g++", "git"],
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "sglang",
|
"name": "sglang",
|
||||||
@@ -1140,7 +1040,7 @@ def setup_shell_routes() -> APIRouter:
|
|||||||
{
|
{
|
||||||
"name": "vllm",
|
"name": "vllm",
|
||||||
"pip": "vllm",
|
"pip": "vllm",
|
||||||
"desc": "Great for high-throughput multi-GPU inference",
|
"desc": "High-throughput LLM serving engine",
|
||||||
"category": "LLM",
|
"category": "LLM",
|
||||||
"target": "remote",
|
"target": "remote",
|
||||||
},
|
},
|
||||||
@@ -1203,7 +1103,6 @@ def setup_shell_routes() -> APIRouter:
|
|||||||
# venv over SSH so a remote `pip install` actually reflects here.
|
# venv over SSH so a remote `pip install` actually reflects here.
|
||||||
remote_status: dict = {}
|
remote_status: dict = {}
|
||||||
remote_details: dict = {}
|
remote_details: dict = {}
|
||||||
remote_probe_error = ""
|
|
||||||
remote_names = [
|
remote_names = [
|
||||||
p["name"]
|
p["name"]
|
||||||
for p in packages
|
for p in packages
|
||||||
@@ -1242,56 +1141,16 @@ def setup_shell_routes() -> APIRouter:
|
|||||||
break
|
break
|
||||||
except ValueError as e:
|
except ValueError as e:
|
||||||
raise HTTPException(400, str(e))
|
raise HTTPException(400, str(e))
|
||||||
except Exception as e:
|
except Exception:
|
||||||
remote_status = {}
|
remote_status = {}
|
||||||
remote_probe_error = f"SSH package probe failed: {str(e)[:160]}"
|
if host and remote_system_names:
|
||||||
if "llama_cpp" in remote_names:
|
|
||||||
try:
|
|
||||||
inner = (
|
|
||||||
'export PATH="$HOME/.local/bin:$HOME/bin:'
|
|
||||||
'$HOME/llama.cpp/build/bin:$HOME/llama.cpp/build-vulkan/bin:$PATH"; '
|
|
||||||
"command -v llama-server 2>/dev/null || true"
|
|
||||||
)
|
|
||||||
argv = _ssh_base_argv(host, ssh_port) + [inner]
|
|
||||||
proc = await asyncio.create_subprocess_exec(
|
|
||||||
*argv,
|
|
||||||
stdout=asyncio.subprocess.PIPE,
|
|
||||||
stderr=asyncio.subprocess.PIPE,
|
|
||||||
)
|
|
||||||
out, _err = await asyncio.wait_for(proc.communicate(), timeout=8)
|
|
||||||
llama_server_path = out.decode("utf-8", errors="replace").strip().splitlines()
|
|
||||||
llama_server_path = llama_server_path[-1].strip() if llama_server_path else ""
|
|
||||||
if llama_server_path:
|
|
||||||
remote_status["llama_cpp"] = True
|
|
||||||
probe = remote_details.setdefault("llama_cpp", {})
|
|
||||||
if isinstance(probe, dict):
|
|
||||||
probe.setdefault("binaries", {})["llama-server"] = llama_server_path
|
|
||||||
except Exception as e:
|
|
||||||
if not remote_probe_error:
|
|
||||||
remote_probe_error = f"SSH llama-server probe failed: {str(e)[:160]}"
|
|
||||||
pass
|
|
||||||
# Union of system_names + every package's system_prereqs. Probing
|
|
||||||
# the prereqs alongside the main system deps in a single SSH call
|
|
||||||
# avoids a second round-trip per Cookbook → Dependencies refresh.
|
|
||||||
prereq_names: set[str] = set()
|
|
||||||
for p in packages:
|
|
||||||
for pr in p.get("system_prereqs") or []:
|
|
||||||
prereq_names.add(str(pr))
|
|
||||||
all_system_names = list(set(remote_system_names) | prereq_names)
|
|
||||||
# Detect the target's OS family + read /etc/os-release in the same
|
|
||||||
# SSH round-trip as the prereq probe — used downstream to render a
|
|
||||||
# single OS-specific install command per row instead of dumping
|
|
||||||
# every distro's syntax onto the user.
|
|
||||||
target_os_id: str = ""
|
|
||||||
if host and all_system_names:
|
|
||||||
try:
|
try:
|
||||||
checks = []
|
checks = []
|
||||||
for name in all_system_names:
|
for name in remote_system_names:
|
||||||
qn = shlex.quote(name)
|
qn = shlex.quote(name)
|
||||||
checks.append(
|
checks.append(
|
||||||
f"if command -v {qn} >/dev/null 2>&1; then echo {qn}=1; else echo {qn}=0; fi"
|
f"if command -v {qn} >/dev/null 2>&1; then echo {qn}=1; else echo {qn}=0; fi"
|
||||||
)
|
)
|
||||||
checks.append("echo '---OSREL---'; cat /etc/os-release 2>/dev/null || true")
|
|
||||||
inner = " ; ".join(checks)
|
inner = " ; ".join(checks)
|
||||||
argv = _ssh_base_argv(host, ssh_port) + [inner]
|
argv = _ssh_base_argv(host, ssh_port) + [inner]
|
||||||
proc = await asyncio.create_subprocess_exec(
|
proc = await asyncio.create_subprocess_exec(
|
||||||
@@ -1301,45 +1160,20 @@ def setup_shell_routes() -> APIRouter:
|
|||||||
)
|
)
|
||||||
out, _err = await asyncio.wait_for(proc.communicate(), timeout=12)
|
out, _err = await asyncio.wait_for(proc.communicate(), timeout=12)
|
||||||
txt = out.decode("utf-8", errors="replace").strip()
|
txt = out.decode("utf-8", errors="replace").strip()
|
||||||
_section, _osrel_lines = "probe", []
|
|
||||||
for line in txt.splitlines():
|
for line in txt.splitlines():
|
||||||
if line.strip() == "---OSREL---":
|
|
||||||
_section = "osrel"; continue
|
|
||||||
if _section == "osrel":
|
|
||||||
_osrel_lines.append(line)
|
|
||||||
continue
|
|
||||||
name, sep, value = line.strip().partition("=")
|
name, sep, value = line.strip().partition("=")
|
||||||
if sep and name in all_system_names:
|
if sep and name in remote_system_names:
|
||||||
remote_status[name] = value == "1"
|
remote_status[name] = value == "1"
|
||||||
target_os_id = _os_id_from_release("\n".join(_osrel_lines))
|
|
||||||
except ValueError as e:
|
except ValueError as e:
|
||||||
raise HTTPException(400, str(e))
|
raise HTTPException(400, str(e))
|
||||||
except Exception as e:
|
|
||||||
if not remote_probe_error:
|
|
||||||
remote_probe_error = f"SSH system probe failed: {str(e)[:160]}"
|
|
||||||
pass
|
|
||||||
elif not host:
|
|
||||||
# Local target — probe in-process so the inline install command
|
|
||||||
# still appears in the dep panel when the cookbook container
|
|
||||||
# itself is the selected server.
|
|
||||||
try:
|
|
||||||
with open("/etc/os-release", encoding="utf-8") as f:
|
|
||||||
target_os_id = _os_id_from_release(f.read())
|
|
||||||
except Exception:
|
except Exception:
|
||||||
target_os_id = ""
|
pass
|
||||||
if sys.platform == "darwin":
|
|
||||||
target_os_id = "macos"
|
|
||||||
|
|
||||||
for pkg in packages:
|
for pkg in packages:
|
||||||
on_remote = bool(host and pkg.get("target") == "remote")
|
on_remote = bool(host and pkg.get("target") == "remote")
|
||||||
probe = None
|
probe = None
|
||||||
if on_remote:
|
if on_remote:
|
||||||
if remote_probe_error and pkg["name"] not in remote_status:
|
pkg["installed"] = bool(remote_status.get(pkg["name"], False))
|
||||||
pkg["installed"] = None
|
|
||||||
pkg["probe_error"] = remote_probe_error
|
|
||||||
pkg["status_note"] = remote_probe_error
|
|
||||||
else:
|
|
||||||
pkg["installed"] = bool(remote_status.get(pkg["name"], False))
|
|
||||||
probe = remote_details.get(pkg["name"])
|
probe = remote_details.get(pkg["name"])
|
||||||
if isinstance(probe, dict):
|
if isinstance(probe, dict):
|
||||||
pkg["details"] = probe
|
pkg["details"] = probe
|
||||||
@@ -1388,116 +1222,13 @@ def setup_shell_routes() -> APIRouter:
|
|||||||
pkg["installed"] = False
|
pkg["installed"] = False
|
||||||
except importlib_metadata.PackageNotFoundError:
|
except importlib_metadata.PackageNotFoundError:
|
||||||
pkg["installed"] = False
|
pkg["installed"] = False
|
||||||
except (Exception, SystemExit):
|
except Exception:
|
||||||
# Installed but crashes on import — e.g. a CUDA build of
|
# Installed but crashes on import — e.g. a CUDA build of
|
||||||
# llama-cpp-python raising FileNotFoundError when the CUDA
|
# llama-cpp-python raising FileNotFoundError when the CUDA
|
||||||
# toolkit dir is absent, or rembg calling sys.exit(1) when no
|
# toolkit dir is absent. One broken optional package must not
|
||||||
# onnxruntime backend can be loaded. SystemExit is a
|
# 500 the entire packages panel; report it as not usable.
|
||||||
# BaseException, not Exception, so without catching it here a
|
|
||||||
# single sys.exit-on-import package escapes and takes down the
|
|
||||||
# whole packages panel / worker (the panel hangs forever). One
|
|
||||||
# broken optional package must not 500 — or hang — the entire
|
|
||||||
# panel; report it as not usable.
|
|
||||||
pkg["installed"] = False
|
pkg["installed"] = False
|
||||||
|
|
||||||
# llama_cpp partial-state probe: when the package is installed
|
|
||||||
# but the wheel was built CPU-only AND the target has NVIDIA
|
|
||||||
# hardware, mark the row as partial (yellow/orange) with a
|
|
||||||
# one-click upgrade to the CUDA wheel. Without this the row
|
|
||||||
# reads "ready" green while inference runs at 3 tok/s on GPU
|
|
||||||
# silicon — actively misleading.
|
|
||||||
if pkg["name"] == "llama_cpp" and pkg.get("installed"):
|
|
||||||
_native_llama_server = bool(
|
|
||||||
isinstance(probe, dict)
|
|
||||||
and isinstance(probe.get("binaries"), dict)
|
|
||||||
and probe["binaries"].get("llama-server")
|
|
||||||
)
|
|
||||||
_gpu_capable = False
|
|
||||||
_has_nvidia_target = False
|
|
||||||
if _native_llama_server:
|
|
||||||
# Native llama-server is the launcher path Cookbook now
|
|
||||||
# prefers. Do not mark this as a CPU-only Python wheel just
|
|
||||||
# because llama-cpp-python is absent from the selected venv.
|
|
||||||
_gpu_capable = True
|
|
||||||
elif on_remote and host:
|
|
||||||
try:
|
|
||||||
# Activate the configured venv FIRST so the probe
|
|
||||||
# runs against the same python the launch script
|
|
||||||
# would activate. Without this prefix, bare
|
|
||||||
# `python3` was checked — which can disagree with
|
|
||||||
# the venv's wheel (e.g. user-site has CUDA wheel
|
|
||||||
# but venv has CPU-only), and the dep panel then
|
|
||||||
# showed "ready" green while every launch fell to
|
|
||||||
# CPU.
|
|
||||||
_vp = _venv_activate_prefix(venv)
|
|
||||||
probe = (
|
|
||||||
f'{_vp}python3 -c "import llama_cpp; import sys; '
|
|
||||||
'sys.exit(0 if llama_cpp.llama_supports_gpu_offload() else 1)" '
|
|
||||||
'&& echo llama_cpp_gpu=1 || echo llama_cpp_gpu=0; '
|
|
||||||
'command -v nvidia-smi >/dev/null 2>&1 '
|
|
||||||
'&& nvidia-smi -L 2>/dev/null | grep -q "GPU " '
|
|
||||||
'&& echo nvidia=1 || echo nvidia=0'
|
|
||||||
)
|
|
||||||
argv = _ssh_base_argv(host, ssh_port) + [probe]
|
|
||||||
proc = await asyncio.create_subprocess_exec(
|
|
||||||
*argv, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE,
|
|
||||||
)
|
|
||||||
out, _ = await asyncio.wait_for(proc.communicate(), timeout=8)
|
|
||||||
txt = out.decode("utf-8", errors="replace")
|
|
||||||
if "llama_cpp_gpu=1" in txt:
|
|
||||||
_gpu_capable = True
|
|
||||||
if "nvidia=1" in txt:
|
|
||||||
_has_nvidia_target = True
|
|
||||||
except Exception:
|
|
||||||
pass
|
|
||||||
else:
|
|
||||||
try:
|
|
||||||
import llama_cpp as _lcp # type: ignore
|
|
||||||
_gpu_capable = bool(_lcp.llama_supports_gpu_offload())
|
|
||||||
except Exception:
|
|
||||||
_gpu_capable = False
|
|
||||||
_has_nvidia_target = shutil.which("nvidia-smi") is not None
|
|
||||||
if (not _gpu_capable) and _has_nvidia_target:
|
|
||||||
pkg["partial"] = True
|
|
||||||
pkg["partial_reason"] = "Installed but CPU-only wheel — GPU detected on this target. Upgrade to a CUDA wheel for ~10× faster inference."
|
|
||||||
pkg["partial_action"] = "reinstall_llama_cpp_cuda"
|
|
||||||
# Attach per-package system_prereqs status. We probed each
|
|
||||||
# prereq name above; surface "Missing build deps: …" ONLY
|
|
||||||
# when the package itself is not installed — if the package
|
|
||||||
# works (e.g. llama-cpp-python already imports cleanly), the
|
|
||||||
# build toolchain is irrelevant and surfacing it as a red
|
|
||||||
# flag confuses users ("ready" + "missing" on the same row).
|
|
||||||
_prereqs = list(pkg.get("system_prereqs") or [])
|
|
||||||
if _prereqs:
|
|
||||||
if on_remote:
|
|
||||||
_pr_present = {n: bool(remote_status.get(n)) for n in _prereqs}
|
|
||||||
else:
|
|
||||||
_pr_present = {n: shutil.which(n) is not None for n in _prereqs}
|
|
||||||
pkg["system_prereqs_status"] = _pr_present
|
|
||||||
_missing = [n for n, ok in _pr_present.items() if not ok]
|
|
||||||
# Suppress the "missing build deps" hint when the package
|
|
||||||
# itself is installed — build deps are only relevant if
|
|
||||||
# the user would need to recompile from source.
|
|
||||||
if pkg.get("installed"):
|
|
||||||
_missing = []
|
|
||||||
if _missing:
|
|
||||||
# Build a target-specific install command from the
|
|
||||||
# (os_family, backend) matrix when we know both. Fall
|
|
||||||
# back to the multi-distro hint only when the target's
|
|
||||||
# OS can't be classified (e.g. ssh probe failed).
|
|
||||||
_resolved_os = target_os_id or "debian" # safest default
|
|
||||||
_cmd = _install_cmd_for_target(_resolved_os, backend or "", _missing)
|
|
||||||
if _cmd and target_os_id:
|
|
||||||
_hint = "Missing build deps for this target: " + ", ".join(_missing)
|
|
||||||
pkg["install_cmd_for_target"] = _cmd
|
|
||||||
pkg["install_cmd_os"] = target_os_id
|
|
||||||
pkg["install_cmd_backend"] = (backend or "").lower()
|
|
||||||
else:
|
|
||||||
_hint = "Missing build deps: " + ", ".join(_missing) + ". Install via apt: cmake build-essential git / pacman: cmake base-devel git / dnf: cmake gcc-c++ make git / brew: cmake git."
|
|
||||||
_existing_note = pkg.get("status_note") or ""
|
|
||||||
pkg["status_note"] = (_existing_note + " — " + _hint) if _existing_note else _hint
|
|
||||||
pkg["build_deps_missing"] = _missing
|
|
||||||
|
|
||||||
if pkg.get("installed"):
|
if pkg.get("installed"):
|
||||||
update_status = _package_pip_update_status(pkg, probe)
|
update_status = _package_pip_update_status(pkg, probe)
|
||||||
pkg["pip_update_available"] = update_status.available
|
pkg["pip_update_available"] = update_status.available
|
||||||
@@ -1557,102 +1288,6 @@ def setup_shell_routes() -> APIRouter:
|
|||||||
return {"ok": True, "output": stdout.decode()[-200:]}
|
return {"ok": True, "output": stdout.decode()[-200:]}
|
||||||
return {"ok": False, "error": stderr.decode()[-300:]}
|
return {"ok": False, "error": stderr.decode()[-300:]}
|
||||||
|
|
||||||
@router.post("/api/cookbook/install-system-deps")
|
|
||||||
async def install_system_deps(request: Request):
|
|
||||||
"""Install OS-level system packages (cmake/build-essential/git/tmux)
|
|
||||||
on a remote target or in the local container. Admin only.
|
|
||||||
|
|
||||||
Bounded by a per-package allowlist — anything outside the catalog
|
|
||||||
is rejected so the route can't be coerced into installing arbitrary
|
|
||||||
OS packages. Uses `sudo -n` (passwordless) so the call returns a
|
|
||||||
clear "needs sudo password" error instead of hanging when interactive
|
|
||||||
sudo is required.
|
|
||||||
"""
|
|
||||||
_require_admin(request)
|
|
||||||
body = await request.json()
|
|
||||||
raw = body.get("packages") or []
|
|
||||||
host = (body.get("remote_host") or "").strip()
|
|
||||||
ssh_port = body.get("ssh_port")
|
|
||||||
# Names users can request — must match canonical names used in the
|
|
||||||
# deps catalog's `system_prereqs` field and on the System rows.
|
|
||||||
ALLOWED = {"cmake", "build-essential", "g++", "gcc", "git", "tmux", "make"}
|
|
||||||
pkgs = [str(p).strip() for p in raw if str(p).strip() in ALLOWED]
|
|
||||||
if not pkgs:
|
|
||||||
return {"ok": False, "error": "no installable packages requested (allowlist: " + ", ".join(sorted(ALLOWED)) + ")"}
|
|
||||||
# Re-map to the right package name per OS. apt/dpkg use the names
|
|
||||||
# as-is; pacman has base-devel for build-essential, etc.
|
|
||||||
def _apt(names): return list(names)
|
|
||||||
def _pacman(names):
|
|
||||||
return ["base-devel" if n == "build-essential" else n for n in names]
|
|
||||||
def _dnf(names):
|
|
||||||
out = []
|
|
||||||
for n in names:
|
|
||||||
if n == "build-essential": out += ["gcc", "gcc-c++", "make"]
|
|
||||||
elif n == "g++": out += ["gcc-c++"]
|
|
||||||
else: out.append(n)
|
|
||||||
return out
|
|
||||||
def _brew(names):
|
|
||||||
return [n for n in names if n not in ("build-essential", "g++", "gcc", "make")]
|
|
||||||
# Build a single shell snippet that detects the package manager and
|
|
||||||
# runs the right install. Non-interactive sudo (-n) only — if sudo
|
|
||||||
# asks for a password the script reports it instead of hanging.
|
|
||||||
apt_pkgs = " ".join(shlex.quote(p) for p in _apt(pkgs))
|
|
||||||
pac_pkgs = " ".join(shlex.quote(p) for p in _pacman(pkgs))
|
|
||||||
dnf_pkgs = " ".join(shlex.quote(p) for p in _dnf(pkgs))
|
|
||||||
brew_pkgs = " ".join(shlex.quote(p) for p in _brew(pkgs))
|
|
||||||
# Error messages go to stderr (>&2) so the route's error field
|
|
||||||
# gets populated. Without the redirect, `echo "ERROR…"` on stdout
|
|
||||||
# left stderr empty and the frontend toast fell through to a
|
|
||||||
# bare "HTTP 200" instead of surfacing the real reason.
|
|
||||||
script = (
|
|
||||||
'set -e; '
|
|
||||||
'if ! sudo -n true 2>/dev/null; then '
|
|
||||||
' echo "ERROR: passwordless sudo unavailable on this target. Run once: sudo apt install -y ' + " ".join(pkgs) + ' (or your distro equivalent: pacman -S, dnf install, brew install). After that, Cookbook can install the rest." >&2; exit 2; fi; '
|
|
||||||
'if command -v apt-get >/dev/null 2>&1; then '
|
|
||||||
f' sudo -n env DEBIAN_FRONTEND=noninteractive apt-get update -qq && sudo -n env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends {apt_pkgs}; '
|
|
||||||
'elif command -v pacman >/dev/null 2>&1; then '
|
|
||||||
f' sudo -n pacman -Sy --needed --noconfirm {pac_pkgs}; '
|
|
||||||
'elif command -v dnf >/dev/null 2>&1; then '
|
|
||||||
f' sudo -n dnf install -y {dnf_pkgs}; '
|
|
||||||
'elif command -v brew >/dev/null 2>&1; then '
|
|
||||||
f' brew install {brew_pkgs}; '
|
|
||||||
'else '
|
|
||||||
' echo "ERROR: no supported package manager (apt/pacman/dnf/brew) on this target." >&2; exit 3; fi'
|
|
||||||
)
|
|
||||||
try:
|
|
||||||
if host:
|
|
||||||
argv = _ssh_base_argv(host, ssh_port) + [script]
|
|
||||||
else:
|
|
||||||
argv = ["bash", "-lc", script]
|
|
||||||
except ValueError as e:
|
|
||||||
raise HTTPException(400, str(e))
|
|
||||||
try:
|
|
||||||
proc = await asyncio.create_subprocess_exec(
|
|
||||||
*argv, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE
|
|
||||||
)
|
|
||||||
out, err = await asyncio.wait_for(proc.communicate(), timeout=180)
|
|
||||||
except asyncio.TimeoutError:
|
|
||||||
return {"ok": False, "error": "Install timed out after 180s"}
|
|
||||||
ok = (proc.returncode == 0)
|
|
||||||
# Combine stderr + (last lines of stdout) into a single error
|
|
||||||
# blob when ok=False — some package managers print useful failure
|
|
||||||
# context to stdout, and a script that exits via `echo ...; exit N`
|
|
||||||
# without `>&2` would otherwise hand back an empty error string
|
|
||||||
# and force the frontend to show a bare "HTTP 200".
|
|
||||||
err_txt = err.decode("utf-8", errors="replace").strip()
|
|
||||||
out_txt = out.decode("utf-8", errors="replace").strip()
|
|
||||||
if not ok:
|
|
||||||
tail_out = out_txt[-500:] if out_txt else ""
|
|
||||||
combined = err_txt or tail_out or f"exit code {proc.returncode}"
|
|
||||||
else:
|
|
||||||
combined = None
|
|
||||||
return {
|
|
||||||
"ok": ok,
|
|
||||||
"exit_code": proc.returncode,
|
|
||||||
"output": out_txt[-1000:],
|
|
||||||
"error": combined,
|
|
||||||
}
|
|
||||||
|
|
||||||
@router.post("/api/cookbook/rebuild-engine")
|
@router.post("/api/cookbook/rebuild-engine")
|
||||||
async def rebuild_engine(request: Request):
|
async def rebuild_engine(request: Request):
|
||||||
"""Clear the cached llama.cpp build so the next serve recompiles.
|
"""Clear the cached llama.cpp build so the next serve recompiles.
|
||||||
@@ -1673,8 +1308,7 @@ def setup_shell_routes() -> APIRouter:
|
|||||||
return {"ok": False, "error": f"Unsupported engine: {engine}"}
|
return {"ok": False, "error": f"Unsupported engine: {engine}"}
|
||||||
host = str(body.get("remote_host") or "").strip()
|
host = str(body.get("remote_host") or "").strip()
|
||||||
ssh_port = body.get("ssh_port")
|
ssh_port = body.get("ssh_port")
|
||||||
update_source = bool(body.get("update_source"))
|
cmd = _llama_cpp_rebuild_cmd()
|
||||||
cmd = _llama_cpp_rebuild_cmd(update_source=update_source)
|
|
||||||
try:
|
try:
|
||||||
argv = (
|
argv = (
|
||||||
(_ssh_base_argv(host, ssh_port) + [cmd])
|
(_ssh_base_argv(host, ssh_port) + [cmd])
|
||||||
|
|||||||
+1
-11
@@ -22,16 +22,6 @@ from core.middleware import require_admin
|
|||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
# Last-resort verdict extraction from a teacher/verifier model's prose (run when
|
|
||||||
# JSON parsing fails). `["\'\s:]*` already consumes whitespace, so the original
|
|
||||||
# trailing `\s*` made two adjacent \s-matching quantifiers that backtrack O(n^2)
|
|
||||||
# on a `verdict` + whitespace flood in untrusted model output (CodeQL
|
|
||||||
# py/polynomial-redos). Without it a single unbounded quantifier remains — the
|
|
||||||
# matched text is identical, and the scan is linear.
|
|
||||||
_VERDICT_PROSE_RE = re.compile(
|
|
||||||
r'verdict["\'\s:]*["\']?(pass|needs_work|fail|inconclusive)', re.I
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
class SkillAddRequest(BaseModel):
|
class SkillAddRequest(BaseModel):
|
||||||
# New schema (preferred)
|
# New schema (preferred)
|
||||||
@@ -206,7 +196,7 @@ async def _eval_skill_run(skill_md: str, task: str, transcript: str,
|
|||||||
# Last resort: pull the verdict keyword straight out of the prose so a
|
# Last resort: pull the verdict keyword straight out of the prose so a
|
||||||
# clearly-decided run isn't thrown away as "unparseable".
|
# clearly-decided run isn't thrown away as "unparseable".
|
||||||
if v not in _VERDICTS:
|
if v not in _VERDICTS:
|
||||||
km = _VERDICT_PROSE_RE.search(text)
|
km = _re.search(r'verdict["\'\s:]*\s*["\']?(pass|needs_work|fail|inconclusive)', text, _re.I)
|
||||||
if km:
|
if km:
|
||||||
v = km.group(1).lower()
|
v = km.group(1).lower()
|
||||||
if data is None:
|
if data is None:
|
||||||
|
|||||||
@@ -11,7 +11,6 @@ from fastapi import APIRouter, HTTPException, Request
|
|||||||
from pydantic import BaseModel
|
from pydantic import BaseModel
|
||||||
|
|
||||||
from core.database import SessionLocal, ScheduledTask, TaskRun
|
from core.database import SessionLocal, ScheduledTask, TaskRun
|
||||||
from core.middleware import INTERNAL_TOOL_USER
|
|
||||||
from core.constants import internal_api_base
|
from core.constants import internal_api_base
|
||||||
from src.auth_helpers import get_current_user
|
from src.auth_helpers import get_current_user
|
||||||
from src.constants import DATA_DIR, EMAIL_URGENCY_CACHE_DIR
|
from src.constants import DATA_DIR, EMAIL_URGENCY_CACHE_DIR
|
||||||
@@ -428,7 +427,7 @@ def setup_task_routes(task_scheduler) -> APIRouter:
|
|||||||
# In-process tool-loopback marker — AuthMiddleware validated
|
# In-process tool-loopback marker — AuthMiddleware validated
|
||||||
# the internal token + loopback client before stamping this,
|
# the internal token + loopback client before stamping this,
|
||||||
# so treat as admin-equivalent.
|
# so treat as admin-equivalent.
|
||||||
if user == INTERNAL_TOOL_USER:
|
if user == "internal-tool":
|
||||||
return True
|
return True
|
||||||
try:
|
try:
|
||||||
from core.auth import AuthManager
|
from core.auth import AuthManager
|
||||||
|
|||||||
+23
-95
@@ -3,16 +3,11 @@ import os
|
|||||||
import time
|
import time
|
||||||
import json
|
import json
|
||||||
import asyncio
|
import asyncio
|
||||||
import shutil
|
|
||||||
import uuid
|
|
||||||
from pathlib import Path
|
|
||||||
from fastapi import APIRouter, Request, File, UploadFile, HTTPException
|
from fastapi import APIRouter, Request, File, UploadFile, HTTPException
|
||||||
from typing import List
|
from typing import List
|
||||||
import logging
|
import logging
|
||||||
from core.middleware import require_admin
|
from core.middleware import require_admin
|
||||||
from core.database import SessionLocal, GalleryImage
|
from src.auth_helpers import get_current_user
|
||||||
from src.auth_helpers import effective_user
|
|
||||||
from src.constants import GENERATED_IMAGES_DIR
|
|
||||||
from src.upload_handler import count_recent_uploads
|
from src.upload_handler import count_recent_uploads
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
@@ -55,69 +50,6 @@ def setup_upload_routes(upload_handler):
|
|||||||
raise HTTPException(404, "File not found")
|
raise HTTPException(404, "File not found")
|
||||||
|
|
||||||
raise HTTPException(404, "File not found")
|
raise HTTPException(404, "File not found")
|
||||||
|
|
||||||
def _promote_chat_image_to_gallery(meta: dict, owner: str | None) -> str | None:
|
|
||||||
"""Make chat-uploaded images visible in Gallery without changing chat storage."""
|
|
||||||
is_image_file = getattr(upload_handler, "is_image_file", None)
|
|
||||||
if not callable(is_image_file):
|
|
||||||
return None
|
|
||||||
if not is_image_file(meta.get("name", ""), meta.get("mime", "")):
|
|
||||||
return None
|
|
||||||
|
|
||||||
source_path = meta.get("path")
|
|
||||||
if not source_path or not os.path.isfile(source_path):
|
|
||||||
return None
|
|
||||||
|
|
||||||
db = SessionLocal()
|
|
||||||
try:
|
|
||||||
file_hash = meta.get("hash")
|
|
||||||
if file_hash:
|
|
||||||
q = db.query(GalleryImage).filter(
|
|
||||||
GalleryImage.file_hash == file_hash,
|
|
||||||
GalleryImage.is_active == True, # noqa: E712
|
|
||||||
)
|
|
||||||
if owner:
|
|
||||||
q = q.filter(GalleryImage.owner == owner)
|
|
||||||
existing = q.first()
|
|
||||||
if existing:
|
|
||||||
return existing.id
|
|
||||||
|
|
||||||
image_dir = Path(GENERATED_IMAGES_DIR)
|
|
||||||
image_dir.mkdir(parents=True, exist_ok=True)
|
|
||||||
ext = Path(meta.get("name") or source_path).suffix.lower()
|
|
||||||
if ext not in {".png", ".jpg", ".jpeg", ".webp", ".gif"}:
|
|
||||||
mime_ext = {
|
|
||||||
"image/png": ".png",
|
|
||||||
"image/jpeg": ".jpg",
|
|
||||||
"image/jpg": ".jpg",
|
|
||||||
"image/webp": ".webp",
|
|
||||||
"image/gif": ".gif",
|
|
||||||
}.get(meta.get("mime", ""))
|
|
||||||
ext = mime_ext or ".png"
|
|
||||||
filename = f"{uuid.uuid4().hex[:12]}{ext}"
|
|
||||||
dest_path = image_dir / filename
|
|
||||||
shutil.copy2(source_path, dest_path)
|
|
||||||
|
|
||||||
image_id = str(uuid.uuid4())
|
|
||||||
db.add(GalleryImage(
|
|
||||||
id=image_id,
|
|
||||||
filename=filename,
|
|
||||||
prompt=meta.get("name") or "Chat upload",
|
|
||||||
model="chat-upload",
|
|
||||||
owner=owner,
|
|
||||||
file_hash=file_hash,
|
|
||||||
width=meta.get("width"),
|
|
||||||
height=meta.get("height"),
|
|
||||||
file_size=meta.get("size"),
|
|
||||||
))
|
|
||||||
db.commit()
|
|
||||||
return image_id
|
|
||||||
except Exception as e:
|
|
||||||
db.rollback()
|
|
||||||
logger.warning("Failed to add chat image upload to gallery: %s", e)
|
|
||||||
return None
|
|
||||||
finally:
|
|
||||||
db.close()
|
|
||||||
|
|
||||||
@router.post("")
|
@router.post("")
|
||||||
async def api_upload(request: Request, files: List[UploadFile] = File(...)):
|
async def api_upload(request: Request, files: List[UploadFile] = File(...)):
|
||||||
@@ -146,10 +78,8 @@ def setup_upload_routes(upload_handler):
|
|||||||
|
|
||||||
for u in files:
|
for u in files:
|
||||||
try:
|
try:
|
||||||
owner = effective_user(request)
|
meta = upload_handler.save_upload(u, client_ip, owner=get_current_user(request))
|
||||||
meta = upload_handler.save_upload(u, client_ip, owner=owner)
|
out.append({
|
||||||
gallery_id = _promote_chat_image_to_gallery(meta, owner)
|
|
||||||
item = {
|
|
||||||
"id": meta["id"],
|
"id": meta["id"],
|
||||||
"name": meta["name"],
|
"name": meta["name"],
|
||||||
"mime": meta["mime"],
|
"mime": meta["mime"],
|
||||||
@@ -159,10 +89,7 @@ def setup_upload_routes(upload_handler):
|
|||||||
"width": meta.get("width"),
|
"width": meta.get("width"),
|
||||||
"height": meta.get("height"),
|
"height": meta.get("height"),
|
||||||
"is_duplicate": meta.get("is_duplicate", False)
|
"is_duplicate": meta.get("is_duplicate", False)
|
||||||
}
|
})
|
||||||
if gallery_id:
|
|
||||||
item["gallery_id"] = gallery_id
|
|
||||||
out.append(item)
|
|
||||||
except HTTPException:
|
except HTTPException:
|
||||||
raise
|
raise
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
@@ -201,16 +128,17 @@ def setup_upload_routes(upload_handler):
|
|||||||
import mimetypes as _mt
|
import mimetypes as _mt
|
||||||
# Look up original filename and owner from uploads.json
|
# Look up original filename and owner from uploads.json
|
||||||
original_name = file_id
|
original_name = file_id
|
||||||
# _load_upload_index() tolerates a missing/corrupt uploads.json (it falls
|
info = None
|
||||||
# back to the .bak sibling, then to {}), so a truncated DB degrades to
|
uploads_db = os.path.join(_upload_root(), "uploads.json")
|
||||||
# "no metadata" instead of a 500 from an unhandled JSONDecodeError.
|
if os.path.exists(uploads_db):
|
||||||
db = upload_handler._load_upload_index()
|
with open(uploads_db, encoding="utf-8") as f:
|
||||||
info = next((fi for fi in db.values() if fi.get("id") == file_id), None)
|
db = json.load(f)
|
||||||
if info:
|
info = next((fi for fi in db.values() if fi.get("id") == file_id), None)
|
||||||
original_name = info.get("name", file_id)
|
if info:
|
||||||
|
original_name = info.get("name", file_id)
|
||||||
auth_mgr = getattr(request.app.state, "auth_manager", None)
|
auth_mgr = getattr(request.app.state, "auth_manager", None)
|
||||||
auth_configured = bool(auth_mgr and auth_mgr.is_configured)
|
auth_configured = bool(auth_mgr and auth_mgr.is_configured)
|
||||||
current_user = effective_user(request)
|
current_user = get_current_user(request)
|
||||||
file_owner = info.get("owner") if info else None
|
file_owner = info.get("owner") if info else None
|
||||||
if auth_configured:
|
if auth_configured:
|
||||||
if not current_user:
|
if not current_user:
|
||||||
@@ -253,10 +181,13 @@ def setup_upload_routes(upload_handler):
|
|||||||
|
|
||||||
def _load_upload_info(file_id: str):
|
def _load_upload_info(file_id: str):
|
||||||
"""Look up the uploads.json record for a file_id, with owner/auth checks."""
|
"""Look up the uploads.json record for a file_id, with owner/auth checks."""
|
||||||
# Corruption-tolerant load (see download_file): a bad uploads.json yields
|
info = None
|
||||||
# {} rather than raising JSONDecodeError out of the vision path.
|
uploads_db = os.path.join(_upload_root(), "uploads.json")
|
||||||
db = upload_handler._load_upload_index()
|
if os.path.exists(uploads_db):
|
||||||
return next((fi for fi in db.values() if fi.get("id") == file_id), None)
|
with open(uploads_db, encoding="utf-8") as f:
|
||||||
|
db = json.load(f)
|
||||||
|
info = next((fi for fi in db.values() if fi.get("id") == file_id), None)
|
||||||
|
return info
|
||||||
|
|
||||||
def _vision_cache_path(file_id: str) -> str:
|
def _vision_cache_path(file_id: str) -> str:
|
||||||
cache_dir = os.path.join(_upload_root(), ".vision")
|
cache_dir = os.path.join(_upload_root(), ".vision")
|
||||||
@@ -273,7 +204,7 @@ def setup_upload_routes(upload_handler):
|
|||||||
info = _load_upload_info(file_id)
|
info = _load_upload_info(file_id)
|
||||||
auth_mgr = getattr(request.app.state, "auth_manager", None)
|
auth_mgr = getattr(request.app.state, "auth_manager", None)
|
||||||
auth_configured = bool(auth_mgr and auth_mgr.is_configured)
|
auth_configured = bool(auth_mgr and auth_mgr.is_configured)
|
||||||
current_user = effective_user(request)
|
current_user = get_current_user(request)
|
||||||
file_owner = info.get("owner") if info else None
|
file_owner = info.get("owner") if info else None
|
||||||
if auth_configured:
|
if auth_configured:
|
||||||
if not current_user:
|
if not current_user:
|
||||||
@@ -316,7 +247,7 @@ def setup_upload_routes(upload_handler):
|
|||||||
raise HTTPException(404, "File not found")
|
raise HTTPException(404, "File not found")
|
||||||
auth_mgr = getattr(request.app.state, "auth_manager", None)
|
auth_mgr = getattr(request.app.state, "auth_manager", None)
|
||||||
auth_configured = bool(auth_mgr and auth_mgr.is_configured)
|
auth_configured = bool(auth_mgr and auth_mgr.is_configured)
|
||||||
current_user = effective_user(request)
|
current_user = get_current_user(request)
|
||||||
file_owner = info.get("owner")
|
file_owner = info.get("owner")
|
||||||
if auth_configured:
|
if auth_configured:
|
||||||
if not current_user:
|
if not current_user:
|
||||||
@@ -324,10 +255,7 @@ def setup_upload_routes(upload_handler):
|
|||||||
if file_owner != current_user and not auth_mgr.is_admin(current_user):
|
if file_owner != current_user and not auth_mgr.is_admin(current_user):
|
||||||
raise HTTPException(404, "File not found")
|
raise HTTPException(404, "File not found")
|
||||||
_resolve_upload_path(file_id)
|
_resolve_upload_path(file_id)
|
||||||
try:
|
body = await request.json()
|
||||||
body = await request.json()
|
|
||||||
except json.JSONDecodeError:
|
|
||||||
raise HTTPException(400, "Request body must be valid JSON")
|
|
||||||
text = (body or {}).get("text", "")
|
text = (body or {}).get("text", "")
|
||||||
if not isinstance(text, str):
|
if not isinstance(text, str):
|
||||||
raise HTTPException(400, "text must be a string")
|
raise HTTPException(400, "text must be a string")
|
||||||
|
|||||||
@@ -1,5 +1,6 @@
|
|||||||
"""Webhook, API Token, and sync chat routes."""
|
"""Webhook, API Token, and sync chat routes."""
|
||||||
|
|
||||||
|
import asyncio
|
||||||
import uuid
|
import uuid
|
||||||
import logging
|
import logging
|
||||||
from typing import Optional
|
from typing import Optional
|
||||||
@@ -345,9 +346,8 @@ def setup_webhook_routes(
|
|||||||
resp = await client.get(models_url, headers=hdrs)
|
resp = await client.get(models_url, headers=hdrs)
|
||||||
resp.raise_for_status()
|
resp.raise_for_status()
|
||||||
data = resp.json()
|
data = resp.json()
|
||||||
items = data if isinstance(data, list) else (data.get("data") or [])
|
ids = [m.get("id") for m in (data.get("data") or []) if m.get("id")]
|
||||||
ids = [m.get("id") for m in items if isinstance(m, dict) and m.get("id")]
|
if not ids:
|
||||||
if not ids and isinstance(data, dict):
|
|
||||||
ids = [
|
ids = [
|
||||||
m.get("name") or m.get("model")
|
m.get("name") or m.get("model")
|
||||||
for m in (data.get("models") or [])
|
for m in (data.get("models") or [])
|
||||||
@@ -385,10 +385,10 @@ def setup_webhook_routes(
|
|||||||
sess.add_message(ChatMessage("assistant", reply))
|
sess.add_message(ChatMessage("assistant", reply))
|
||||||
session_manager.save_sessions()
|
session_manager.save_sessions()
|
||||||
|
|
||||||
webhook_manager.fire_and_forget("chat.completed", {
|
asyncio.create_task(webhook_manager.fire("chat.completed", {
|
||||||
"session_id": session_id, "model": sess.model,
|
"session_id": session_id, "model": sess.model,
|
||||||
"user_message": message[:2000], "response": reply[:2000],
|
"user_message": message[:2000], "response": reply[:2000],
|
||||||
})
|
}))
|
||||||
|
|
||||||
return {"response": reply, "session_id": session_id, "model": sess.model}
|
return {"response": reply, "session_id": session_id, "model": sess.model}
|
||||||
|
|
||||||
|
|||||||
@@ -27,18 +27,12 @@ def claim_json_entries(entries, owner):
|
|||||||
return count
|
return count
|
||||||
|
|
||||||
|
|
||||||
def owner_arg(argv):
|
|
||||||
if len(argv) < 2 or not argv[1].strip():
|
|
||||||
return None
|
|
||||||
return argv[1].strip()
|
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
owner = owner_arg(sys.argv)
|
if len(sys.argv) < 2:
|
||||||
if not owner:
|
|
||||||
print("Usage: python scripts/claim_ownerless.py <username>")
|
print("Usage: python scripts/claim_ownerless.py <username>")
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
|
owner = sys.argv[1]
|
||||||
print(f"Claiming all ownerless data for: {owner}\n")
|
print(f"Claiming all ownerless data for: {owner}\n")
|
||||||
|
|
||||||
# 1. Memories (JSON files)
|
# 1. Memories (JSON files)
|
||||||
|
|||||||
@@ -103,13 +103,9 @@ def cmd_list(args) -> None:
|
|||||||
end = _parse_dt(args.end) if args.end else (start + timedelta(days=30))
|
end = _parse_dt(args.end) if args.end else (start + timedelta(days=30))
|
||||||
db = SessionLocal()
|
db = SessionLocal()
|
||||||
try:
|
try:
|
||||||
# Overlap semantics, matching the web route (routes/calendar_routes.py)
|
|
||||||
# and the recurring-expansion contract: an event is in the window when
|
|
||||||
# it starts before the window end AND ends after the window start. This
|
|
||||||
# includes multi-day / in-progress events that began before `start`.
|
|
||||||
q = db.query(CalendarEvent).filter(
|
q = db.query(CalendarEvent).filter(
|
||||||
|
CalendarEvent.dtstart >= start,
|
||||||
CalendarEvent.dtstart < end,
|
CalendarEvent.dtstart < end,
|
||||||
CalendarEvent.dtend > start,
|
|
||||||
)
|
)
|
||||||
if args.calendar:
|
if args.calendar:
|
||||||
cal = db.query(CalendarCal).filter(CalendarCal.name == args.calendar).first()
|
cal = db.query(CalendarCal).filter(CalendarCal.name == args.calendar).first()
|
||||||
|
|||||||
@@ -14059,138 +14059,6 @@
|
|||||||
"vision"
|
"vision"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"name": "google/gemma-4-12B-it",
|
|
||||||
"provider": "Google",
|
|
||||||
"parameter_count": "12.0B",
|
|
||||||
"parameters_raw": 12000000000,
|
|
||||||
"min_ram_gb": 8.5,
|
|
||||||
"recommended_ram_gb": 11.0,
|
|
||||||
"min_vram_gb": 7.5,
|
|
||||||
"quantization": "Q4_K_M",
|
|
||||||
"context_length": 131072,
|
|
||||||
"use_case": "General purpose, multimodal; unsloth/gemma-4-12B-it-GGUF Dynamic variants reduce VRAM from ~7.5 GB to ~5.5 GB",
|
|
||||||
"is_moe": false,
|
|
||||||
"num_experts": null,
|
|
||||||
"active_experts": null,
|
|
||||||
"active_parameters": null,
|
|
||||||
"architecture": "gemma4",
|
|
||||||
"pipeline_tag": "image-text-to-text",
|
|
||||||
"release_date": "2026-04-01",
|
|
||||||
"gguf_sources": [
|
|
||||||
{
|
|
||||||
"repo": "unsloth/gemma-4-12B-it-GGUF",
|
|
||||||
"provider": "unsloth"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"capabilities": [
|
|
||||||
"vision"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "google/gemma-4-12B-it-qat-int4",
|
|
||||||
"provider": "Google",
|
|
||||||
"parameter_count": "12.0B",
|
|
||||||
"parameters_raw": 12000000000,
|
|
||||||
"min_ram_gb": 8.0,
|
|
||||||
"recommended_ram_gb": 9.5,
|
|
||||||
"min_vram_gb": 6.5,
|
|
||||||
"quantization": "QAT-INT4",
|
|
||||||
"context_length": 131072,
|
|
||||||
"use_case": "General purpose, multimodal (QAT quantization-aware training — higher quality than post-train INT4; vLLM native; no GGUF)",
|
|
||||||
"is_moe": false,
|
|
||||||
"num_experts": null,
|
|
||||||
"active_experts": null,
|
|
||||||
"active_parameters": null,
|
|
||||||
"architecture": "gemma4",
|
|
||||||
"pipeline_tag": "image-text-to-text",
|
|
||||||
"release_date": "2026-04-01",
|
|
||||||
"gguf_sources": [],
|
|
||||||
"capabilities": [
|
|
||||||
"vision"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "google/gemma-4-12B-it-qat-int8",
|
|
||||||
"provider": "Google",
|
|
||||||
"parameter_count": "12.0B",
|
|
||||||
"parameters_raw": 12000000000,
|
|
||||||
"min_ram_gb": 15.0,
|
|
||||||
"recommended_ram_gb": 20.0,
|
|
||||||
"min_vram_gb": 13.5,
|
|
||||||
"quantization": "QAT-INT8",
|
|
||||||
"context_length": 131072,
|
|
||||||
"use_case": "General purpose, multimodal (QAT INT8 — highest quality, 2x VRAM of QAT-INT4; vLLM native; no GGUF)",
|
|
||||||
"is_moe": false,
|
|
||||||
"num_experts": null,
|
|
||||||
"active_experts": null,
|
|
||||||
"active_parameters": null,
|
|
||||||
"architecture": "gemma4",
|
|
||||||
"pipeline_tag": "image-text-to-text",
|
|
||||||
"release_date": "2026-04-01",
|
|
||||||
"gguf_sources": [],
|
|
||||||
"capabilities": [
|
|
||||||
"vision"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "google/gemma-4-12B-it-qat-q4_0-gguf",
|
|
||||||
"provider": "Google",
|
|
||||||
"parameter_count": "12.0B",
|
|
||||||
"parameters_raw": 12000000000,
|
|
||||||
"min_ram_gb": 8.5,
|
|
||||||
"recommended_ram_gb": 11.0,
|
|
||||||
"min_vram_gb": 7.5,
|
|
||||||
"quantization": "QAT-INT4",
|
|
||||||
"context_length": 262144,
|
|
||||||
"use_case": "General purpose, multimodal (vision + audio); official Google QAT int4 GGUF — near-bf16 quality at int4 size, served on llama.cpp/Ollama with CPU offload",
|
|
||||||
"is_moe": false,
|
|
||||||
"num_experts": null,
|
|
||||||
"active_experts": null,
|
|
||||||
"active_parameters": null,
|
|
||||||
"architecture": "gemma4",
|
|
||||||
"pipeline_tag": "image-text-to-text",
|
|
||||||
"release_date": "2026-04-01",
|
|
||||||
"gguf_sources": [
|
|
||||||
{
|
|
||||||
"repo": "google/gemma-4-12B-it-qat-q4_0-gguf",
|
|
||||||
"provider": "Google",
|
|
||||||
"file": "gemma-4-12b-it-qat-q4_0.gguf"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"capabilities": [
|
|
||||||
"vision",
|
|
||||||
"audio"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "google/gemma-4-26B-A4B-it-qat-q4_0-gguf",
|
|
||||||
"provider": "Google",
|
|
||||||
"parameter_count": "25.2B",
|
|
||||||
"parameters_raw": 25200000000,
|
|
||||||
"min_ram_gb": 14.4,
|
|
||||||
"recommended_ram_gb": 18.0,
|
|
||||||
"min_vram_gb": 14.4,
|
|
||||||
"quantization": "QAT-INT4",
|
|
||||||
"context_length": 262144,
|
|
||||||
"use_case": "High-throughput, multimodal MoE (3.8B active); official Google QAT int4 GGUF — near-bf16 quality at int4 size, served on llama.cpp with CPU offload",
|
|
||||||
"is_moe": true,
|
|
||||||
"num_experts": null,
|
|
||||||
"active_experts": null,
|
|
||||||
"active_parameters": 3800000000,
|
|
||||||
"architecture": "gemma4",
|
|
||||||
"pipeline_tag": "image-text-to-text",
|
|
||||||
"release_date": "2026-04-01",
|
|
||||||
"gguf_sources": [
|
|
||||||
{
|
|
||||||
"repo": "google/gemma-4-26B-A4B-it-qat-q4_0-gguf",
|
|
||||||
"provider": "Google"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"capabilities": [
|
|
||||||
"vision"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"name": "google/gemma-4-31B-it",
|
"name": "google/gemma-4-31B-it",
|
||||||
"provider": "Google",
|
"provider": "Google",
|
||||||
@@ -19276,4 +19144,4 @@
|
|||||||
],
|
],
|
||||||
"_discovered": true
|
"_discovered": true
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|||||||
+1
-48
@@ -9,7 +9,7 @@ from services.hwfit.models import (
|
|||||||
GPU_BANDWIDTH = {
|
GPU_BANDWIDTH = {
|
||||||
"5090": 1792, "5080": 960, "5070 ti": 896, "5070": 672, "5060 ti": 448, "5060": 256,
|
"5090": 1792, "5080": 960, "5070 ti": 896, "5070": 672, "5060 ti": 448, "5060": 256,
|
||||||
"4090": 1008, "4080 super": 736, "4080": 717, "4070 ti super": 672, "4070 ti": 504, "4070 super": 504, "4070": 504, "4060 ti": 288, "4060": 272,
|
"4090": 1008, "4080 super": 736, "4080": 717, "4070 ti super": 672, "4070 ti": 504, "4070 super": 504, "4070": 504, "4060 ti": 288, "4060": 272,
|
||||||
"3090 ti": 1008, "3090": 936, "3080 ti": 912, "3080": 760, "3070 ti": 608, "3070": 448, "3060 ti": 448, "3060": 360, "3050 ti": 192, "3050": 224,
|
"3090 ti": 1008, "3090": 936, "3080 ti": 912, "3080": 760, "3070 ti": 608, "3070": 448, "3060 ti": 448, "3060": 360,
|
||||||
"2080 ti": 616, "2080 super": 496, "2080": 448, "2070 super": 448, "2070": 448, "2060 super": 448, "2060": 336,
|
"2080 ti": 616, "2080 super": 496, "2080": 448, "2070 super": 448, "2070": 448, "2060 super": 448, "2060": 336,
|
||||||
"1660 ti": 288, "1660 super": 336, "1660": 192, "1650 super": 192, "1650": 128,
|
"1660 ti": 288, "1660 super": 336, "1660": 192, "1650 super": 192, "1650": 128,
|
||||||
"h100 sxm": 3350, "h100": 2039, "h200": 4800, "a100 sxm": 2039, "a100": 1555,
|
"h100 sxm": 3350, "h100": 2039, "h200": 4800, "a100 sxm": 2039, "a100": 1555,
|
||||||
@@ -19,10 +19,6 @@ GPU_BANDWIDTH = {
|
|||||||
"6950 xt": 576, "6900 xt": 512, "6800 xt": 512, "6800": 512, "6700 xt": 384, "6600 xt": 256, "6600": 224,
|
"6950 xt": 576, "6900 xt": 512, "6800 xt": 512, "6800": 512, "6700 xt": 384, "6600 xt": 256, "6600": 224,
|
||||||
"mi300x": 5300, "mi300": 5300, "mi250x": 3277, "mi250": 3277, "mi210": 1638, "mi100": 1229,
|
"mi300x": 5300, "mi300": 5300, "mi250x": 3277, "mi250": 3277, "mi210": 1638, "mi100": 1229,
|
||||||
"9070 xt": 624, "9070": 488, "9060 xt": 322, "9060": 322,
|
"9070 xt": 624, "9070": 488, "9060 xt": 322, "9060": 322,
|
||||||
# NVIDIA GB10 Grace-Blackwell superchip (DGX Spark). Unified LPDDR5X memory,
|
|
||||||
# not Apple Silicon, so it lives in the generic GPU table — the Apple-only
|
|
||||||
# lookup never matches it (its name carries no "apple").
|
|
||||||
"gb10": 273,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Pre-sort keys by length descending for correct substring matching
|
# Pre-sort keys by length descending for correct substring matching
|
||||||
@@ -130,44 +126,6 @@ def _lookup_bandwidth(system):
|
|||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
||||||
def _canonical_cpu_backend(system):
|
|
||||||
"""Return the canonical CPU backend for cpu_only speed estimation.
|
|
||||||
|
|
||||||
Normalizes CPU-architecture aliases separately from the GPU backend, and
|
|
||||||
overrides GPU-only backends (CUDA/ROCm/Metal) so they do not inherit a
|
|
||||||
discrete-GPU fallback constant when the model is actually running on CPU.
|
|
||||||
"""
|
|
||||||
backend = (system.get("backend") or "").lower().strip()
|
|
||||||
cpu_arch = (system.get("cpu_arch") or "").lower().strip()
|
|
||||||
cpu_name = (system.get("cpu_name") or "").lower()
|
|
||||||
gpu_name = (system.get("gpu_name") or "").lower()
|
|
||||||
|
|
||||||
# Already-canonical CPU backends
|
|
||||||
if backend in ("cpu_x86", "cpu_arm"):
|
|
||||||
return backend
|
|
||||||
|
|
||||||
# Raw CPU-architecture aliases. Treat plain "arm" as 32-bit ARM, not the
|
|
||||||
# ARM64-class CPU fallback used for Apple Silicon/aarch64 machines.
|
|
||||||
if backend in ("x86_64", "amd64", "i386", "i686"):
|
|
||||||
return "cpu_x86"
|
|
||||||
if backend in ("arm64", "aarch64"):
|
|
||||||
return "cpu_arm"
|
|
||||||
|
|
||||||
# Prefer an explicit CPU architecture field when present
|
|
||||||
if cpu_arch:
|
|
||||||
if cpu_arch in ("x86_64", "amd64", "x86", "i386", "i686"):
|
|
||||||
return "cpu_x86"
|
|
||||||
if cpu_arch in ("arm64", "aarch64"):
|
|
||||||
return "cpu_arm"
|
|
||||||
|
|
||||||
# Apple Silicon enters ranking as backend="metal"; its CPU path is ARM.
|
|
||||||
if backend in ("metal", "mps", "apple") or "apple" in cpu_name or "apple" in gpu_name:
|
|
||||||
return "cpu_arm"
|
|
||||||
|
|
||||||
# Conservative default for CUDA/ROCm/discrete GPU backends and unknowns.
|
|
||||||
return "cpu_x86"
|
|
||||||
|
|
||||||
|
|
||||||
def _estimate_speed(model, quant, run_mode, system, offload_frac=0.0):
|
def _estimate_speed(model, quant, run_mode, system, offload_frac=0.0):
|
||||||
"""Estimate tok/s. Uses active params for MoE (only active experts run per token).
|
"""Estimate tok/s. Uses active params for MoE (only active experts run per token).
|
||||||
|
|
||||||
@@ -185,11 +143,6 @@ def _estimate_speed(model, quant, run_mode, system, offload_frac=0.0):
|
|||||||
bw = _lookup_bandwidth(system)
|
bw = _lookup_bandwidth(system)
|
||||||
backend = system.get("backend", "cpu_x86")
|
backend = system.get("backend", "cpu_x86")
|
||||||
|
|
||||||
# CPU-only inference must never inherit a GPU backend's fallback constant,
|
|
||||||
# even if the detected system happens to report a CUDA/Metal/ROCm backend.
|
|
||||||
if run_mode == "cpu_only":
|
|
||||||
backend = _canonical_cpu_backend(system)
|
|
||||||
|
|
||||||
if bw and run_mode in ("gpu", "cpu_offload"):
|
if bw and run_mode in ("gpu", "cpu_offload"):
|
||||||
bpp = QUANT_BYTES_PER_PARAM.get(quant, 0.5)
|
bpp = QUANT_BYTES_PER_PARAM.get(quant, 0.5)
|
||||||
model_gb = pb * bpp
|
model_gb = pb * bpp
|
||||||
|
|||||||
+13
-74
@@ -282,17 +282,7 @@ def _detect_amd():
|
|||||||
"gpus": cards,
|
"gpus": cards,
|
||||||
"gpu_groups": groups,
|
"gpu_groups": groups,
|
||||||
"homogeneous": len(groups) <= 1,
|
"homogeneous": len(groups) <= 1,
|
||||||
# Pick the actual runtime label: ROCm/HIP only when its
|
"backend": "rocm",
|
||||||
# toolchain is installed, otherwise Vulkan if vulkaninfo is
|
|
||||||
# present (mesa RADV works fine on RDNA/CDNA when ROCm
|
|
||||||
# packages are absent — see Strix Halo where ROCm support
|
|
||||||
# is still backporting). Reporting "rocm" on a Vulkan-only
|
|
||||||
# host misleads downstream env-var pinning
|
|
||||||
# (HIP_VISIBLE_DEVICES is a no-op there).
|
|
||||||
"backend": (
|
|
||||||
"rocm" if (_run(["which", "rocminfo"]) or _run(["which", "hipconfig"]))
|
|
||||||
else ("vulkan" if _run(["which", "vulkaninfo"]) else "rocm")
|
|
||||||
),
|
|
||||||
"unified_memory": is_apu,
|
"unified_memory": is_apu,
|
||||||
# AMD ISA/family so downstream can tell datacenter Instinct (CDNA,
|
# AMD ISA/family so downstream can tell datacenter Instinct (CDNA,
|
||||||
# where vLLM/SGLang run AWQ/GPTQ reliably) from consumer Radeon
|
# where vLLM/SGLang run AWQ/GPTQ reliably) from consumer Radeon
|
||||||
@@ -330,7 +320,7 @@ def _detect_apple_silicon():
|
|||||||
|
|
||||||
# Only Apple Silicon (arm64) has a Metal GPU worth serving LLMs on; Intel
|
# Only Apple Silicon (arm64) has a Metal GPU worth serving LLMs on; Intel
|
||||||
# Macs fall through to the CPU path.
|
# Macs fall through to the CPU path.
|
||||||
if _canonical_cpu_arch(arch) != "arm64":
|
if "arm" not in arch and "aarch64" not in arch:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
# Chip name, e.g. "Apple M4 Max" — carries the Pro/Max/Ultra variant that
|
# Chip name, e.g. "Apple M4 Max" — carries the Pro/Max/Ultra variant that
|
||||||
@@ -513,57 +503,12 @@ def _get_cpu_count():
|
|||||||
return os.cpu_count() or 1
|
return os.cpu_count() or 1
|
||||||
|
|
||||||
|
|
||||||
def _canonical_cpu_arch(value):
|
|
||||||
arch = str(value or "").lower().strip().replace("-", "_")
|
|
||||||
if arch in ("x86_64", "amd64", "x64"):
|
|
||||||
return "x86_64"
|
|
||||||
if arch in ("i386", "i686", "x86"):
|
|
||||||
return "x86"
|
|
||||||
if arch in ("arm64", "aarch64"):
|
|
||||||
return "arm64"
|
|
||||||
if arch == "arm" or arch.startswith("armv"):
|
|
||||||
return "arm"
|
|
||||||
return arch
|
|
||||||
|
|
||||||
|
|
||||||
def _get_cpu_arch():
|
|
||||||
if _remote_host:
|
|
||||||
return _canonical_cpu_arch(_run(["uname", "-m"]) or "")
|
|
||||||
return _canonical_cpu_arch(platform.machine())
|
|
||||||
|
|
||||||
|
|
||||||
def _powershell_exe():
|
def _powershell_exe():
|
||||||
"""Pick the best PowerShell executable for LOCAL execution: prefer pwsh
|
"""Pick the best PowerShell executable for LOCAL execution: prefer pwsh
|
||||||
(PowerShell 7+), fall back to Windows PowerShell 5.1. Returns an absolute
|
(PowerShell 7+), fall back to Windows PowerShell 5.1. Returns an absolute
|
||||||
path so we don't depend on a particular PATH ordering."""
|
path so we don't depend on a particular PATH ordering."""
|
||||||
return shutil.which("pwsh") or shutil.which("powershell") or "powershell"
|
return shutil.which("pwsh") or shutil.which("powershell") or "powershell"
|
||||||
|
|
||||||
def _powershell_encoded_for_ssh(script: str):
|
|
||||||
"""Run a PowerShell script on a remote Windows host over SSH.
|
|
||||||
|
|
||||||
Nested quotes in powershell -Command break when passed through Windows
|
|
||||||
OpenSSH's cmd wrapper; -EncodedCommand avoids that.
|
|
||||||
"""
|
|
||||||
import base64
|
|
||||||
encoded = base64.b64encode(script.encode("utf-16-le")).decode("ascii")
|
|
||||||
return _run(f"powershell -NoProfile -EncodedCommand {encoded}")
|
|
||||||
|
|
||||||
|
|
||||||
def _probe_remote_platform():
|
|
||||||
"""Best-effort OS detection over SSH when the caller didn't pass platform."""
|
|
||||||
out = _run("echo %OS%")
|
|
||||||
if out and "Windows_NT" in out:
|
|
||||||
return "windows"
|
|
||||||
uname = (_run(["uname", "-s"]) or "").strip().lower()
|
|
||||||
if uname == "darwin":
|
|
||||||
# Mac uses the linux detection path (_detect_apple_silicon over SSH).
|
|
||||||
return "linux"
|
|
||||||
if uname == "linux":
|
|
||||||
out = _run("test -d /data/data/com.termux && echo termux || echo linux")
|
|
||||||
if out and "termux" in out:
|
|
||||||
return "termux"
|
|
||||||
return "linux"
|
|
||||||
|
|
||||||
|
|
||||||
def _detect_windows():
|
def _detect_windows():
|
||||||
"""Detect Windows hardware via PowerShell/WMI.
|
"""Detect Windows hardware via PowerShell/WMI.
|
||||||
@@ -583,7 +528,6 @@ def _detect_windows():
|
|||||||
$r.cpu_name = $cpu.Name
|
$r.cpu_name = $cpu.Name
|
||||||
$r.cpu_cores = (Get-CimInstance Win32_Processor | Measure-Object -Property NumberOfLogicalProcessors -Sum).Sum
|
$r.cpu_cores = (Get-CimInstance Win32_Processor | Measure-Object -Property NumberOfLogicalProcessors -Sum).Sum
|
||||||
$r.arch = $cpu.AddressWidth
|
$r.arch = $cpu.AddressWidth
|
||||||
$r.cpu_arch = if ($env:PROCESSOR_ARCHITEW6432) { $env:PROCESSOR_ARCHITEW6432 } else { $env:PROCESSOR_ARCHITECTURE }
|
|
||||||
# GPU detection via nvidia-smi (fastest) or WMI fallback
|
# GPU detection via nvidia-smi (fastest) or WMI fallback
|
||||||
try {
|
try {
|
||||||
$nv = nvidia-smi --query-gpu=memory.total,name --format=csv,noheader,nounits 2>$null
|
$nv = nvidia-smi --query-gpu=memory.total,name --format=csv,noheader,nounits 2>$null
|
||||||
@@ -626,8 +570,9 @@ def _detect_windows():
|
|||||||
"""
|
"""
|
||||||
)
|
)
|
||||||
if _remote_host:
|
if _remote_host:
|
||||||
# Remote: use -EncodedCommand so OpenSSH/cmd quoting does not break the script.
|
# Remote: ship a single command string over SSH. The remote shell parses
|
||||||
out = _powershell_encoded_for_ssh(ps_cmd.strip())
|
# the quoting; PowerShell on the far side runs the -Command payload.
|
||||||
|
out = _run(f'powershell -Command "{ps_cmd}"')
|
||||||
else:
|
else:
|
||||||
# Local: pass a LIST argv straight to subprocess so the OS hands ps_cmd
|
# Local: pass a LIST argv straight to subprocess so the OS hands ps_cmd
|
||||||
# to PowerShell verbatim — no fragile string-level quote escaping. Prefer
|
# to PowerShell verbatim — no fragile string-level quote escaping. Prefer
|
||||||
@@ -654,7 +599,6 @@ def _detect_windows():
|
|||||||
"available_ram_gb": d.get("avail_gb", 0),
|
"available_ram_gb": d.get("avail_gb", 0),
|
||||||
"cpu_cores": _as_int(d.get("cpu_cores"), 1),
|
"cpu_cores": _as_int(d.get("cpu_cores"), 1),
|
||||||
"cpu_name": _cpu_name,
|
"cpu_name": _cpu_name,
|
||||||
"cpu_arch": _canonical_cpu_arch(d.get("cpu_arch")),
|
|
||||||
"has_gpu": bool(d.get("gpu_name")),
|
"has_gpu": bool(d.get("gpu_name")),
|
||||||
"gpu_name": d.get("gpu_name"),
|
"gpu_name": d.get("gpu_name"),
|
||||||
"gpu_vram_gb": d.get("gpu_vram_gb"),
|
"gpu_vram_gb": d.get("gpu_vram_gb"),
|
||||||
@@ -798,13 +742,6 @@ def detect_system(host="", ssh_port="", platform="", fresh=False):
|
|||||||
"""
|
"""
|
||||||
global _remote_host, _remote_port, _remote_platform
|
global _remote_host, _remote_port, _remote_platform
|
||||||
|
|
||||||
if host and not platform:
|
|
||||||
_remote_host = host
|
|
||||||
_remote_port = ssh_port or None
|
|
||||||
platform = _probe_remote_platform()
|
|
||||||
_remote_host = None
|
|
||||||
_remote_port = None
|
|
||||||
|
|
||||||
cache_key = _cache_key(host, ssh_port, platform)
|
cache_key = _cache_key(host, ssh_port, platform)
|
||||||
now = time.time()
|
now = time.time()
|
||||||
if not fresh and cache_key in _cache_by_host:
|
if not fresh and cache_key in _cache_by_host:
|
||||||
@@ -825,8 +762,8 @@ def detect_system(host="", ssh_port="", platform="", fresh=False):
|
|||||||
_remote_platform = None
|
_remote_platform = None
|
||||||
_cache_by_host[cache_key] = (now, result)
|
_cache_by_host[cache_key] = (now, result)
|
||||||
return result
|
return result
|
||||||
# SSH may work while the PowerShell hardware probe still fails.
|
# If Windows detection failed, return error
|
||||||
result = {"error": f"Windows hardware probe failed for {host}", "host": host}
|
result = {"error": f"Cannot connect to {host}", "host": host}
|
||||||
_remote_host = None
|
_remote_host = None
|
||||||
_remote_platform = None
|
_remote_platform = None
|
||||||
_cache_by_host[cache_key] = (now, result)
|
_cache_by_host[cache_key] = (now, result)
|
||||||
@@ -857,7 +794,6 @@ def detect_system(host="", ssh_port="", platform="", fresh=False):
|
|||||||
available_ram = round(_get_available_ram_gb(), 1)
|
available_ram = round(_get_available_ram_gb(), 1)
|
||||||
cpu_cores = _get_cpu_count()
|
cpu_cores = _get_cpu_count()
|
||||||
cpu_name = _get_cpu_name()
|
cpu_name = _get_cpu_name()
|
||||||
cpu_arch = _get_cpu_arch()
|
|
||||||
|
|
||||||
gpu_info = _detect_apple_silicon() or _detect_nvidia() or _detect_amd()
|
gpu_info = _detect_apple_silicon() or _detect_nvidia() or _detect_amd()
|
||||||
|
|
||||||
@@ -867,7 +803,6 @@ def detect_system(host="", ssh_port="", platform="", fresh=False):
|
|||||||
"available_ram_gb": available_ram,
|
"available_ram_gb": available_ram,
|
||||||
"cpu_cores": cpu_cores,
|
"cpu_cores": cpu_cores,
|
||||||
"cpu_name": cpu_name,
|
"cpu_name": cpu_name,
|
||||||
"cpu_arch": cpu_arch,
|
|
||||||
"has_gpu": True,
|
"has_gpu": True,
|
||||||
"gpu_name": gpu_info["gpu_name"],
|
"gpu_name": gpu_info["gpu_name"],
|
||||||
"gpu_vram_gb": gpu_info["gpu_vram_gb"],
|
"gpu_vram_gb": gpu_info["gpu_vram_gb"],
|
||||||
@@ -882,13 +817,17 @@ def detect_system(host="", ssh_port="", platform="", fresh=False):
|
|||||||
"unified_memory": gpu_info.get("unified_memory", False),
|
"unified_memory": gpu_info.get("unified_memory", False),
|
||||||
}
|
}
|
||||||
else:
|
else:
|
||||||
backend = "cpu_arm" if cpu_arch == "arm64" else "cpu_x86"
|
if _remote_host:
|
||||||
|
arch_out = _run(["uname", "-m"]) or ""
|
||||||
|
else:
|
||||||
|
import platform as _platform
|
||||||
|
arch_out = _platform.machine().lower()
|
||||||
|
backend = "cpu_arm" if "aarch64" in arch_out or "arm" in arch_out else "cpu_x86"
|
||||||
result = {
|
result = {
|
||||||
"total_ram_gb": total_ram,
|
"total_ram_gb": total_ram,
|
||||||
"available_ram_gb": available_ram,
|
"available_ram_gb": available_ram,
|
||||||
"cpu_cores": cpu_cores,
|
"cpu_cores": cpu_cores,
|
||||||
"cpu_name": cpu_name,
|
"cpu_name": cpu_name,
|
||||||
"cpu_arch": cpu_arch,
|
|
||||||
"has_gpu": False,
|
"has_gpu": False,
|
||||||
"gpu_name": None,
|
"gpu_name": None,
|
||||||
"gpu_vram_gb": None,
|
"gpu_vram_gb": None,
|
||||||
|
|||||||
@@ -12,7 +12,6 @@ QUANT_BPP = {
|
|||||||
"Q4_K_M": 0.58, "Q4_0": 0.58, "Q3_K_M": 0.48, "Q2_K": 0.37,
|
"Q4_K_M": 0.58, "Q4_0": 0.58, "Q3_K_M": 0.48, "Q2_K": 0.37,
|
||||||
"AWQ-4bit": 0.50, "AWQ-8bit": 1.0,
|
"AWQ-4bit": 0.50, "AWQ-8bit": 1.0,
|
||||||
"GPTQ-Int4": 0.50, "GPTQ-Int8": 1.0,
|
"GPTQ-Int4": 0.50, "GPTQ-Int8": 1.0,
|
||||||
"QAT-INT4": 0.50, "QAT-INT8": 1.0,
|
|
||||||
"mlx-4bit": 0.55, "mlx-8bit": 1.0, "mlx-6bit": 0.75,
|
"mlx-4bit": 0.55, "mlx-8bit": 1.0, "mlx-6bit": 0.75,
|
||||||
# DeepSeek-V4-style mixed: MoE experts in FP4 (bulk), attention + non-
|
# DeepSeek-V4-style mixed: MoE experts in FP4 (bulk), attention + non-
|
||||||
# expert dense in FP8, embeddings/LM head in BF16. By weight count the
|
# expert dense in FP8, embeddings/LM head in BF16. By weight count the
|
||||||
@@ -31,7 +30,6 @@ QUANT_SPEED_MULT = {
|
|||||||
"Q4_K_M": 1.15, "Q4_0": 1.15, "Q3_K_M": 1.25, "Q2_K": 1.35,
|
"Q4_K_M": 1.15, "Q4_0": 1.15, "Q3_K_M": 1.25, "Q2_K": 1.35,
|
||||||
"AWQ-4bit": 1.2, "AWQ-8bit": 0.85,
|
"AWQ-4bit": 1.2, "AWQ-8bit": 0.85,
|
||||||
"GPTQ-Int4": 1.2, "GPTQ-Int8": 0.85,
|
"GPTQ-Int4": 1.2, "GPTQ-Int8": 0.85,
|
||||||
"QAT-INT4": 1.15, "QAT-INT8": 0.85,
|
|
||||||
"mlx-4bit": 1.15, "mlx-8bit": 0.85, "mlx-6bit": 1.0,
|
"mlx-4bit": 1.15, "mlx-8bit": 0.85, "mlx-6bit": 1.0,
|
||||||
"FP4-MoE-Mixed": 1.10, # slightly slower than pure FP4 because of mixed-dtype dispatch
|
"FP4-MoE-Mixed": 1.10, # slightly slower than pure FP4 because of mixed-dtype dispatch
|
||||||
"FP8-Mixed": 0.85,
|
"FP8-Mixed": 0.85,
|
||||||
@@ -49,10 +47,6 @@ QUANT_QUALITY_PENALTY = {
|
|||||||
# penalty so FP8 wins when both fit. AWQ-4bit stays heavier.
|
# penalty so FP8 wins when both fit. AWQ-4bit stays heavier.
|
||||||
"AWQ": -1.0, "AWQ-4bit": -4.0, "AWQ-8bit": -1.0,
|
"AWQ": -1.0, "AWQ-4bit": -4.0, "AWQ-8bit": -1.0,
|
||||||
"GPTQ": -1.0, "GPTQ-Int4": -4.0, "GPTQ-Int8": -1.0,
|
"GPTQ": -1.0, "GPTQ-Int4": -4.0, "GPTQ-Int8": -1.0,
|
||||||
# Quantization-aware training recovers most of the int4 quality loss, so a
|
|
||||||
# QAT-INT4 build lands far closer to bf16 than a post-training Q4/INT4
|
|
||||||
# (Google reports near-bf16 quality). Penalize it lightly, not like Q4_K_M.
|
|
||||||
"QAT-INT4": -1.0, "QAT-INT8": 0.0,
|
|
||||||
"mlx-4bit": -4.0, "mlx-8bit": -0.5, "mlx-6bit": -1.5,
|
"mlx-4bit": -4.0, "mlx-8bit": -0.5, "mlx-6bit": -1.5,
|
||||||
# DeepSeek-V4 mixed: only MoE experts at FP4 (the rest is FP8/BF16),
|
# DeepSeek-V4 mixed: only MoE experts at FP4 (the rest is FP8/BF16),
|
||||||
# so the realized quality is much closer to FP8 than to pure FP4 —
|
# so the realized quality is much closer to FP8 than to pure FP4 —
|
||||||
@@ -69,7 +63,6 @@ QUANT_BYTES_PER_PARAM = {
|
|||||||
"Q4_K_M": 0.5, "Q4_0": 0.5, "Q3_K_M": 0.375, "Q2_K": 0.25,
|
"Q4_K_M": 0.5, "Q4_0": 0.5, "Q3_K_M": 0.375, "Q2_K": 0.25,
|
||||||
"AWQ-4bit": 0.5, "AWQ-8bit": 1.0,
|
"AWQ-4bit": 0.5, "AWQ-8bit": 1.0,
|
||||||
"GPTQ-Int4": 0.5, "GPTQ-Int8": 1.0,
|
"GPTQ-Int4": 0.5, "GPTQ-Int8": 1.0,
|
||||||
"QAT-INT4": 0.5, "QAT-INT8": 1.0,
|
|
||||||
"mlx-4bit": 0.5, "mlx-8bit": 1.0, "mlx-6bit": 0.75,
|
"mlx-4bit": 0.5, "mlx-8bit": 1.0, "mlx-6bit": 0.75,
|
||||||
"FP4-MoE-Mixed": 0.55,
|
"FP4-MoE-Mixed": 0.55,
|
||||||
"FP8-Mixed": 1.0,
|
"FP8-Mixed": 1.0,
|
||||||
@@ -81,7 +74,6 @@ PREQUANTIZED_PREFIXES = (
|
|||||||
"AWQ-", "GPTQ-", "mlx-", "FP8", "FP4", "NVFP4", "MXFP4", "NF4",
|
"AWQ-", "GPTQ-", "mlx-", "FP8", "FP4", "NVFP4", "MXFP4", "NF4",
|
||||||
"INT4", "INT8", "W4A16", "W8A8", "W8A16",
|
"INT4", "INT8", "W4A16", "W8A8", "W8A16",
|
||||||
"FP4-MoE-Mixed", "FP8-Mixed",
|
"FP4-MoE-Mixed", "FP8-Mixed",
|
||||||
"QAT-",
|
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
+14
-163
@@ -15,8 +15,6 @@ from urllib.parse import urljoin, urlparse
|
|||||||
import httpx
|
import httpx
|
||||||
from bs4 import BeautifulSoup
|
from bs4 import BeautifulSoup
|
||||||
|
|
||||||
from src.constants import WEB_FETCH_SOFT_MAX_BYTES, WEB_FETCH_HARD_MAX_BYTES, WEB_FETCH_USER_AGENT
|
|
||||||
|
|
||||||
from .analytics import RateLimitError, error_logger
|
from .analytics import RateLimitError, error_logger
|
||||||
from .cache import (
|
from .cache import (
|
||||||
CONTENT_CACHE_DIR,
|
CONTENT_CACHE_DIR,
|
||||||
@@ -91,128 +89,18 @@ def _public_http_url(url: str) -> bool:
|
|||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
class BodyTooLargeError(Exception):
|
def _get_public_url(url: str, headers: dict, timeout: int, max_redirects: int = 5) -> httpx.Response:
|
||||||
"""The server declared a body larger than the hard fetch ceiling."""
|
|
||||||
|
|
||||||
def __init__(self, url: str, declared_bytes: int):
|
|
||||||
self.url = url
|
|
||||||
self.declared_bytes = declared_bytes
|
|
||||||
super().__init__(
|
|
||||||
f"response body is {declared_bytes:,} bytes, over the "
|
|
||||||
f"{WEB_FETCH_HARD_MAX_BYTES:,}-byte hard cap"
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
class _CappedFetch:
|
|
||||||
"""Result of a size-capped streaming GET.
|
|
||||||
|
|
||||||
Carries just what fetch_webpage_content needs from an httpx.Response,
|
|
||||||
plus the cap bookkeeping: the (possibly truncated) body, whether the
|
|
||||||
cap cut it short, and the size the server declared via Content-Length
|
|
||||||
(wire bytes; None when absent).
|
|
||||||
"""
|
|
||||||
|
|
||||||
__slots__ = ("status_code", "headers", "content", "truncated",
|
|
||||||
"declared_bytes", "encoding", "url")
|
|
||||||
|
|
||||||
def __init__(self, status_code, headers, content, truncated,
|
|
||||||
declared_bytes, encoding, url):
|
|
||||||
self.status_code = status_code
|
|
||||||
self.headers = headers
|
|
||||||
self.content = content
|
|
||||||
self.truncated = truncated
|
|
||||||
self.declared_bytes = declared_bytes
|
|
||||||
self.encoding = encoding
|
|
||||||
self.url = url
|
|
||||||
|
|
||||||
@property
|
|
||||||
def text(self) -> str:
|
|
||||||
return self.content.decode(self.encoding or "utf-8", errors="replace")
|
|
||||||
|
|
||||||
def raise_for_status(self):
|
|
||||||
if self.status_code >= 400:
|
|
||||||
request = httpx.Request("GET", self.url)
|
|
||||||
raise httpx.HTTPStatusError(
|
|
||||||
f"HTTP {self.status_code} for {self.url}",
|
|
||||||
request=request,
|
|
||||||
response=httpx.Response(self.status_code, request=request),
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def _get_public_url(url: str, headers: dict, timeout: int, max_redirects: int = 5,
|
|
||||||
max_bytes: int = None) -> "_CappedFetch":
|
|
||||||
"""Capped streaming GET with SSRF-guarded manual redirects.
|
|
||||||
|
|
||||||
The body is streamed and buffering stops at ``max_bytes`` (default: the
|
|
||||||
soft cap), so an oversized resource cannot be pulled into memory or the
|
|
||||||
content cache in full. When Content-Length already declares a body over
|
|
||||||
the hard ceiling, the fetch is refused before any body bytes are read.
|
|
||||||
"""
|
|
||||||
cap = min(max_bytes or WEB_FETCH_SOFT_MAX_BYTES, WEB_FETCH_HARD_MAX_BYTES)
|
|
||||||
current = url
|
current = url
|
||||||
for _ in range(max_redirects + 1):
|
for _ in range(max_redirects + 1):
|
||||||
if not _public_http_url(current):
|
if not _public_http_url(current):
|
||||||
raise httpx.RequestError("Blocked private/internal URL", request=httpx.Request("GET", current))
|
raise httpx.RequestError("Blocked private/internal URL", request=httpx.Request("GET", current))
|
||||||
# Force identity transfer-encoding. With gzip/deflate the wire bytes
|
response = httpx.get(current, headers=headers, timeout=timeout, follow_redirects=False)
|
||||||
# (and Content-Length) can be a small fraction of the decoded body, so
|
if response.status_code not in (301, 302, 303, 307, 308):
|
||||||
# a tiny compressed response could pass the hard-cap preflight and then
|
return response
|
||||||
# expand past the ceiling in a single decoded chunk before the streamed
|
location = response.headers.get("location")
|
||||||
# cap below can slice it. Identity makes Content-Length the true body
|
if not location:
|
||||||
# size and keeps each streamed chunk bounded by the network read.
|
return response
|
||||||
req_headers = dict(headers or {})
|
current = urljoin(str(response.url), location)
|
||||||
req_headers["Accept-Encoding"] = "identity"
|
|
||||||
with httpx.stream("GET", current, headers=req_headers, timeout=timeout,
|
|
||||||
follow_redirects=False) as response:
|
|
||||||
if response.status_code in (301, 302, 303, 307, 308):
|
|
||||||
location = response.headers.get("location")
|
|
||||||
if not location:
|
|
||||||
return _CappedFetch(response.status_code, response.headers, b"",
|
|
||||||
False, None, response.encoding, str(response.url))
|
|
||||||
current = urljoin(str(response.url), location)
|
|
||||||
continue
|
|
||||||
|
|
||||||
# A server can ignore the identity request and still return a
|
|
||||||
# compressed body; httpx.iter_bytes would then decode it, and a tiny
|
|
||||||
# gzip can balloon into one decoded chunk far past the cap before we
|
|
||||||
# slice. Refuse a compressed Content-Encoding so the streamed cap
|
|
||||||
# stays a real memory bound (Content-Length is the compressed wire
|
|
||||||
# length here, so the preflight and size metadata are unreliable too).
|
|
||||||
enc = (response.headers.get("content-encoding") or "").strip().lower()
|
|
||||||
if enc and enc != "identity":
|
|
||||||
raise httpx.RequestError(
|
|
||||||
f"Refusing compressed response (Content-Encoding: {enc}) after "
|
|
||||||
"requesting identity: cannot bound decoded body size",
|
|
||||||
request=httpx.Request("GET", current),
|
|
||||||
)
|
|
||||||
|
|
||||||
declared = None
|
|
||||||
raw_len = response.headers.get("content-length")
|
|
||||||
if raw_len and raw_len.isdigit():
|
|
||||||
declared = int(raw_len)
|
|
||||||
# Refuse before buffering anything when the server already tells
|
|
||||||
# us the body exceeds the absolute ceiling (Content-Length is wire
|
|
||||||
# bytes; the decompressed body can only be larger).
|
|
||||||
if declared is not None and declared > WEB_FETCH_HARD_MAX_BYTES:
|
|
||||||
raise BodyTooLargeError(current, declared)
|
|
||||||
|
|
||||||
chunks = []
|
|
||||||
read = 0
|
|
||||||
truncated = False
|
|
||||||
# We requested identity above, so iter_bytes yields the raw body in
|
|
||||||
# network-read-sized chunks (no decompression expansion); the cap
|
|
||||||
# therefore bounds what we actually buffer.
|
|
||||||
for chunk in response.iter_bytes():
|
|
||||||
read += len(chunk)
|
|
||||||
if read > cap:
|
|
||||||
keep = cap - (read - len(chunk))
|
|
||||||
if keep > 0:
|
|
||||||
chunks.append(chunk[:keep])
|
|
||||||
truncated = True
|
|
||||||
break
|
|
||||||
chunks.append(chunk)
|
|
||||||
return _CappedFetch(response.status_code, response.headers,
|
|
||||||
b"".join(chunks), truncated, declared,
|
|
||||||
response.encoding, str(response.url))
|
|
||||||
raise httpx.RequestError("Too many redirects", request=httpx.Request("GET", current))
|
raise httpx.RequestError("Too many redirects", request=httpx.Request("GET", current))
|
||||||
|
|
||||||
# PDF extraction (optional dependency)
|
# PDF extraction (optional dependency)
|
||||||
@@ -334,19 +222,9 @@ def _empty_result(url: str, error: str = "") -> dict:
|
|||||||
# ----------------------------------------------------------------------
|
# ----------------------------------------------------------------------
|
||||||
# Main content fetcher
|
# Main content fetcher
|
||||||
# ----------------------------------------------------------------------
|
# ----------------------------------------------------------------------
|
||||||
def fetch_webpage_content(url: str, timeout: int = 5, retry_attempt: int = 0,
|
def fetch_webpage_content(url: str, timeout: int = 5, retry_attempt: int = 0) -> dict:
|
||||||
max_bytes: int = None) -> dict:
|
"""Fetch and extract meaningful content from a webpage with caching."""
|
||||||
"""Fetch and extract meaningful content from a webpage with caching.
|
cache_key = generate_cache_key(url)
|
||||||
|
|
||||||
``max_bytes`` raises the download budget per call (clamped to the hard
|
|
||||||
cap); the default is the soft cap. When the body is cut short the result
|
|
||||||
carries ``truncated``/``fetched_bytes``/``total_bytes`` so callers can
|
|
||||||
tell the model the content is partial (#3812).
|
|
||||||
"""
|
|
||||||
effective_cap = min(max_bytes or WEB_FETCH_SOFT_MAX_BYTES, WEB_FETCH_HARD_MAX_BYTES)
|
|
||||||
# The cap is part of the cache identity: a truncated soft-cap fetch must
|
|
||||||
# not be served to a later full-budget request for the same URL.
|
|
||||||
cache_key = generate_cache_key(f"{url}#cap={effective_cap}")
|
|
||||||
cache_file = CONTENT_CACHE_DIR / f"{cache_key}.cache"
|
cache_file = CONTENT_CACHE_DIR / f"{cache_key}.cache"
|
||||||
|
|
||||||
# Check cache
|
# Check cache
|
||||||
@@ -369,24 +247,18 @@ def fetch_webpage_content(url: str, timeout: int = 5, retry_attempt: int = 0,
|
|||||||
# Fetch
|
# Fetch
|
||||||
try:
|
try:
|
||||||
headers = {
|
headers = {
|
||||||
"User-Agent": WEB_FETCH_USER_AGENT,
|
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
|
||||||
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
|
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
|
||||||
"Accept-Language": "en-US,en;q=0.5",
|
"Accept-Language": "en-US,en;q=0.5",
|
||||||
# identity so the streamed size cap in _get_public_url stays honest
|
"Accept-Encoding": "gzip, deflate",
|
||||||
# (a compressed body can decode to far more than Content-Length).
|
|
||||||
"Accept-Encoding": "identity",
|
|
||||||
"Connection": "keep-alive",
|
"Connection": "keep-alive",
|
||||||
}
|
}
|
||||||
response = _get_public_url(url, headers=headers, timeout=timeout,
|
response = _get_public_url(url, headers=headers, timeout=timeout)
|
||||||
max_bytes=effective_cap)
|
|
||||||
|
|
||||||
if response.status_code == 429:
|
if response.status_code == 429:
|
||||||
raise RateLimitError(f"Rate limit hit for {url} (attempt {retry_attempt})")
|
raise RateLimitError(f"Rate limit hit for {url} (attempt {retry_attempt})")
|
||||||
|
|
||||||
response.raise_for_status()
|
response.raise_for_status()
|
||||||
except BodyTooLargeError as e:
|
|
||||||
error_logger.warning(f"Refused oversized body for {url}: {e}")
|
|
||||||
return _empty_result(url, f"TooLarge: {e}")
|
|
||||||
except httpx.HTTPStatusError as e:
|
except httpx.HTTPStatusError as e:
|
||||||
error_logger.warning(f"HTTP {e.response.status_code} fetching {url}: {e}")
|
error_logger.warning(f"HTTP {e.response.status_code} fetching {url}: {e}")
|
||||||
return _empty_result(url, f"HTTP {e.response.status_code}: {e}")
|
return _empty_result(url, f"HTTP {e.response.status_code}: {e}")
|
||||||
@@ -397,27 +269,9 @@ def fetch_webpage_content(url: str, timeout: int = 5, retry_attempt: int = 0,
|
|||||||
error_logger.error(str(e))
|
error_logger.error(str(e))
|
||||||
return _empty_result(url, str(e))
|
return _empty_result(url, str(e))
|
||||||
|
|
||||||
# Size bookkeeping shared by every content branch below. getattr keeps
|
|
||||||
# plain httpx.Response stand-ins (tests) working without the cap fields.
|
|
||||||
_size_fields = {
|
|
||||||
"truncated": getattr(response, "truncated", False),
|
|
||||||
"fetched_bytes": len(response.content),
|
|
||||||
"total_bytes": getattr(response, "declared_bytes", None),
|
|
||||||
}
|
|
||||||
|
|
||||||
# PDF handling
|
# PDF handling
|
||||||
content_type = response.headers.get("Content-Type", "").lower()
|
content_type = response.headers.get("Content-Type", "").lower()
|
||||||
if "application/pdf" in content_type or url.lower().endswith(".pdf"):
|
if "application/pdf" in content_type or url.lower().endswith(".pdf"):
|
||||||
if _size_fields["truncated"]:
|
|
||||||
# A PDF cut mid-stream is not parseable; unlike text there is no
|
|
||||||
# useful partial result, so report the budget problem instead.
|
|
||||||
_declared = _size_fields["total_bytes"]
|
|
||||||
return _empty_result(
|
|
||||||
url,
|
|
||||||
f"TooLarge: PDF exceeds the {effective_cap:,}-byte fetch budget"
|
|
||||||
+ (f" (size {_declared:,} bytes)" if _declared else "")
|
|
||||||
+ "; retry with a larger budget if it fits under the hard cap",
|
|
||||||
)
|
|
||||||
if pdf_extract_text is None:
|
if pdf_extract_text is None:
|
||||||
logger.error("pdfminer.six is not installed; cannot extract PDF text.")
|
logger.error("pdfminer.six is not installed; cannot extract PDF text.")
|
||||||
pdf_text = ""
|
pdf_text = ""
|
||||||
@@ -441,7 +295,6 @@ def fetch_webpage_content(url: str, timeout: int = 5, retry_attempt: int = 0,
|
|||||||
"js_message": "",
|
"js_message": "",
|
||||||
"success": bool(pdf_text),
|
"success": bool(pdf_text),
|
||||||
"error": "" if pdf_text else "Failed to extract PDF text",
|
"error": "" if pdf_text else "Failed to extract PDF text",
|
||||||
**_size_fields,
|
|
||||||
}
|
}
|
||||||
_cache_result(cache_file, cache_key, result, url)
|
_cache_result(cache_file, cache_key, result, url)
|
||||||
return result
|
return result
|
||||||
@@ -476,7 +329,6 @@ def fetch_webpage_content(url: str, timeout: int = 5, retry_attempt: int = 0,
|
|||||||
"js_message": "",
|
"js_message": "",
|
||||||
"success": bool(text_body),
|
"success": bool(text_body),
|
||||||
"error": "" if text_body else "Empty response body",
|
"error": "" if text_body else "Empty response body",
|
||||||
**_size_fields,
|
|
||||||
}
|
}
|
||||||
_cache_result(cache_file, cache_key, result, url)
|
_cache_result(cache_file, cache_key, result, url)
|
||||||
return result
|
return result
|
||||||
@@ -539,7 +391,6 @@ def fetch_webpage_content(url: str, timeout: int = 5, retry_attempt: int = 0,
|
|||||||
"js_message": js_message,
|
"js_message": js_message,
|
||||||
"success": True,
|
"success": True,
|
||||||
"error": "",
|
"error": "",
|
||||||
**_size_fields,
|
|
||||||
}
|
}
|
||||||
_cache_result(cache_file, cache_key, result, url)
|
_cache_result(cache_file, cache_key, result, url)
|
||||||
return result
|
return result
|
||||||
|
|||||||
@@ -9,12 +9,14 @@ from urllib.parse import urljoin, urlparse, parse_qs
|
|||||||
import httpx
|
import httpx
|
||||||
from bs4 import BeautifulSoup
|
from bs4 import BeautifulSoup
|
||||||
|
|
||||||
from src.constants import SEARXNG_INSTANCE, REQUEST_TIMEOUT, WEB_FETCH_USER_AGENT
|
from src.constants import SEARXNG_INSTANCE
|
||||||
from .analytics import RateLimitError, error_logger
|
from .analytics import RateLimitError, error_logger
|
||||||
from .query import build_enhanced_query
|
from .query import build_enhanced_query
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
REQUEST_TIMEOUT = 20
|
||||||
|
|
||||||
# Provider registry — maps setting value to (label, needs_key, needs_url)
|
# Provider registry — maps setting value to (label, needs_key, needs_url)
|
||||||
PROVIDER_INFO = {
|
PROVIDER_INFO = {
|
||||||
"searxng": ("SearXNG", False, True),
|
"searxng": ("SearXNG", False, True),
|
||||||
@@ -138,7 +140,7 @@ def searxng_search_api(query: str, count: Optional[int] = None, categories: str
|
|||||||
count = count if count is not None else _get_result_count()
|
count = count if count is not None else _get_result_count()
|
||||||
instance = _get_search_instance()
|
instance = _get_search_instance()
|
||||||
api_key = ""
|
api_key = ""
|
||||||
headers = {"User-Agent": WEB_FETCH_USER_AGENT}
|
headers = {"User-Agent": "Mozilla/5.0"}
|
||||||
if api_key:
|
if api_key:
|
||||||
headers["Authorization"] = f"Bearer {api_key}"
|
headers["Authorization"] = f"Bearer {api_key}"
|
||||||
# News/fresh queries do badly in the 'general' category — it favours
|
# News/fresh queries do badly in the 'general' category — it favours
|
||||||
@@ -250,7 +252,7 @@ def searxng_search(query, max_results=10):
|
|||||||
"""Search using SearXNG instance - parsing HTML."""
|
"""Search using SearXNG instance - parsing HTML."""
|
||||||
instance = _get_search_instance()
|
instance = _get_search_instance()
|
||||||
api_key = ""
|
api_key = ""
|
||||||
req_headers = {"User-Agent": WEB_FETCH_USER_AGENT}
|
req_headers = {"User-Agent": "Mozilla/5.0"}
|
||||||
if api_key:
|
if api_key:
|
||||||
req_headers["Authorization"] = f"Bearer {api_key}"
|
req_headers["Authorization"] = f"Bearer {api_key}"
|
||||||
try:
|
try:
|
||||||
@@ -389,7 +391,7 @@ def duckduckgo_search(query: str, count: Optional[int] = None, time_filter: Opti
|
|||||||
response = httpx.get(
|
response = httpx.get(
|
||||||
"https://html.duckduckgo.com/html/",
|
"https://html.duckduckgo.com/html/",
|
||||||
params={"q": query, "kp": _safesearch_for("duckduckgo_html")},
|
params={"q": query, "kp": _safesearch_for("duckduckgo_html")},
|
||||||
headers={"User-Agent": WEB_FETCH_USER_AGENT},
|
headers={"User-Agent": "Mozilla/5.0"},
|
||||||
timeout=REQUEST_TIMEOUT,
|
timeout=REQUEST_TIMEOUT,
|
||||||
)
|
)
|
||||||
response.raise_for_status()
|
response.raise_for_status()
|
||||||
|
|||||||
@@ -16,9 +16,8 @@ sys.path.insert(0, BASE_DIR)
|
|||||||
from src.constants import (
|
from src.constants import (
|
||||||
DATA_DIR, AUTH_FILE, UPLOAD_DIR, PERSONAL_DIR, PERSONAL_UPLOADS_DIR,
|
DATA_DIR, AUTH_FILE, UPLOAD_DIR, PERSONAL_DIR, PERSONAL_UPLOADS_DIR,
|
||||||
TTS_CACHE_DIR, GENERATED_IMAGES_DIR, DEEP_RESEARCH_DIR, CHROMA_DIR,
|
TTS_CACHE_DIR, GENERATED_IMAGES_DIR, DEEP_RESEARCH_DIR, CHROMA_DIR,
|
||||||
RAG_DIR, MEMORY_VECTORS_DIR, PASSWORD_MIN_LENGTH,
|
RAG_DIR, MEMORY_VECTORS_DIR,
|
||||||
)
|
)
|
||||||
from core.auth import RESERVED_USERNAMES
|
|
||||||
|
|
||||||
DIRS = [
|
DIRS = [
|
||||||
DATA_DIR,
|
DATA_DIR,
|
||||||
@@ -60,23 +59,15 @@ def _prompt_admin_credentials():
|
|||||||
print(" (Press Enter to accept defaults)")
|
print(" (Press Enter to accept defaults)")
|
||||||
print()
|
print()
|
||||||
|
|
||||||
while True:
|
username = input(" Username [admin]: ").strip().lower()
|
||||||
username = input(" Username [admin]: ").strip().lower()
|
if not username:
|
||||||
if not username:
|
username = "admin"
|
||||||
username = "admin"
|
|
||||||
if username in RESERVED_USERNAMES:
|
|
||||||
print(f" '{username}' is a reserved username. Choose another.")
|
|
||||||
continue
|
|
||||||
break
|
|
||||||
|
|
||||||
while True:
|
while True:
|
||||||
password = getpass.getpass(" Password: ")
|
password = getpass.getpass(" Password: ")
|
||||||
if not password:
|
if not password:
|
||||||
print(" Password cannot be empty.")
|
print(" Password cannot be empty.")
|
||||||
continue
|
continue
|
||||||
if len(password) < PASSWORD_MIN_LENGTH:
|
|
||||||
print(f" Password must be at least {PASSWORD_MIN_LENGTH} characters.")
|
|
||||||
continue
|
|
||||||
confirm = getpass.getpass(" Confirm password: ")
|
confirm = getpass.getpass(" Confirm password: ")
|
||||||
if password != confirm:
|
if password != confirm:
|
||||||
print(" Passwords don't match. Try again.")
|
print(" Passwords don't match. Try again.")
|
||||||
@@ -102,13 +93,8 @@ def create_default_admin():
|
|||||||
password = os.getenv("ODYSSEUS_ADMIN_PASSWORD", "").strip()
|
password = os.getenv("ODYSSEUS_ADMIN_PASSWORD", "").strip()
|
||||||
|
|
||||||
if username and password:
|
if username and password:
|
||||||
# Both provided via env — validate before using
|
# Both provided via env — use them directly
|
||||||
if username in RESERVED_USERNAMES:
|
pass
|
||||||
print(f" [error] ODYSSEUS_ADMIN_USER '{username}' is a reserved username")
|
|
||||||
return "failed"
|
|
||||||
if len(password) < PASSWORD_MIN_LENGTH:
|
|
||||||
print(f" [error] ODYSSEUS_ADMIN_PASSWORD must be at least {PASSWORD_MIN_LENGTH} characters")
|
|
||||||
return "failed"
|
|
||||||
elif sys.stdin.isatty() and not os.getenv("ODYSSEUS_SKIP_ADMIN_PROMPT"):
|
elif sys.stdin.isatty() and not os.getenv("ODYSSEUS_SKIP_ADMIN_PROMPT"):
|
||||||
# Interactive terminal — ask the user
|
# Interactive terminal — ask the user
|
||||||
username, password = _prompt_admin_credentials()
|
username, password = _prompt_admin_credentials()
|
||||||
@@ -239,15 +225,6 @@ def check_arch():
|
|||||||
def main():
|
def main():
|
||||||
print("\n=== Odysseus Setup ===\n")
|
print("\n=== Odysseus Setup ===\n")
|
||||||
|
|
||||||
# Load .env so pre-seeded ODYSSEUS_ADMIN_USER / ODYSSEUS_ADMIN_PASSWORD (and
|
|
||||||
# other deployment vars) are honored on native installs, not just when they
|
|
||||||
# are exported in the shell. Mirrors app.py: encoding="utf-8-sig" tolerates a
|
|
||||||
# UTF-8 BOM in a Notepad-saved .env. load_dotenv does not override already
|
|
||||||
# exported OS env vars, so the existing precedence is preserved. python-dotenv
|
|
||||||
# is a hard dependency (requirements.txt) and is verified by check_deps below.
|
|
||||||
from dotenv import load_dotenv
|
|
||||||
load_dotenv(os.path.join(BASE_DIR, ".env"), encoding="utf-8-sig")
|
|
||||||
|
|
||||||
# Fail fast with a clear message if the CPU architecture is wrong (Apple
|
# Fail fast with a clear message if the CPU architecture is wrong (Apple
|
||||||
# Silicon under an x86/Rosetta Python) before importing anything native.
|
# Silicon under an x86/Rosetta Python) before importing anything native.
|
||||||
check_arch()
|
check_arch()
|
||||||
|
|||||||
@@ -1,412 +0,0 @@
|
|||||||
# Architecture Runtime Inventory
|
|
||||||
|
|
||||||
> **Purpose**: Phase 0 planning baseline for codebase readability improvements (#4071).
|
|
||||||
> **Parent issue**: [#4082](https://github.com/pewdiepie-archdaemon/odysseus/issues/4082)
|
|
||||||
> **Last updated**: dev@b58af42 | 2026-06-16
|
|
||||||
> **Status**: Draft — to be reviewed before follow-up slices open.
|
|
||||||
> **Snapshot basis**: Importer / file / import-line counts are refreshed to `dev@b58af42` (2026-06-16) and are recomputable via the commands in §3.4. **Line counts** in §2.1 / §2.2 are a snapshot from an earlier baseline and drift as `dev` moves — recompute any of them with `wc -l <file>`. This inventory tracks structure and risk, not live metrics.
|
|
||||||
|
|
||||||
This document maps the current runtime module structure, identifies high-risk boundaries, and recommends safe first refactor slices. It does **not** move files, change imports, or alter runtime behavior.
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## 1. Current Structure Overview
|
|
||||||
|
|
||||||
### 1.1 Top-Level Layout
|
|
||||||
|
|
||||||
```
|
|
||||||
odysseus/
|
|
||||||
├── app.py # FastAPI app entrypoint (1,145 lines)
|
|
||||||
├── conf/ # Configuration (config.py, settings.py, settings_scrub.py)
|
|
||||||
├── src/ # 95 flat .py files + 2 subdirectories
|
|
||||||
│ ├── agent_tools/ # Tool helpers: document, filesystem, subprocess, web
|
|
||||||
│ └── search/ # Search subsystem
|
|
||||||
├── routes/ # 54 flat .py files — HTTP route handlers
|
|
||||||
├── core/ # 10 files — database models, auth, middleware, session
|
|
||||||
├── mcp_servers/ # 5 files — MCP server implementations
|
|
||||||
├── scripts/ # CLI tools and one-shot scripts
|
|
||||||
├── static/ # Frontend HTML/CSS/JS
|
|
||||||
├── tests/ # 583 test files (~54,800 lines)
|
|
||||||
└── services/ # (exists as needed)
|
|
||||||
```
|
|
||||||
|
|
||||||
### 1.2 Directory Flatness Metric
|
|
||||||
|
|
||||||
| Directory | Flat `.py` Files | Subdirectories | Concern |
|
|
||||||
|-----------|-----------------|----------------|---------|
|
|
||||||
| `src/` | **95** | 2 (`agent_tools/`, `search/`) | No domain grouping; 95 files in one directory |
|
|
||||||
| `routes/` | **54** | 0 | All route handlers in one flat directory |
|
|
||||||
| `core/` | 10 | 0 | Manageable, but `database.py` is oversized |
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## 2. Largest Runtime Modules
|
|
||||||
|
|
||||||
### 2.1 Python Backend
|
|
||||||
|
|
||||||
| Rank | File | Lines | Classes | Functions | Risk |
|
|
||||||
|------|------|-------|---------|-----------|------|
|
|
||||||
| 1 | `src/tool_implementations.py` | **4,032** | 0 | ~48 | **HIGH** |
|
|
||||||
| 2 | `routes/email_routes.py` | **3,245** | — | — | **MEDIUM** |
|
|
||||||
| 3 | `routes/cookbook_routes.py` | **2,969** | — | — | **MEDIUM** |
|
|
||||||
| 4 | `src/agent_loop.py` | **2,961** | 0 | ~24 | **HIGH** |
|
|
||||||
| 5 | `src/task_scheduler.py` | **2,330** | — | 5 | MEDIUM |
|
|
||||||
| 6 | `routes/model_routes.py` | **2,266** | — | — | MEDIUM |
|
|
||||||
| 7 | `core/database.py` | **2,265** | 28 | ~59 helpers | **HIGH** |
|
|
||||||
| 8 | `src/builtin_actions.py` | **2,262** | 2 | ~24 | MEDIUM |
|
|
||||||
| 9 | `src/llm_core.py` | **2,164** | — | — | MEDIUM |
|
|
||||||
| 10 | `mcp_servers/email_server.py` | 2,197 | — | — | LOW (separate process) |
|
|
||||||
| 11 | `src/visual_report.py` | 1,918 | — | — | LOW |
|
|
||||||
| 12 | `routes/gallery_routes.py` | 1,896 | — | — | LOW |
|
|
||||||
| 13 | `src/ai_interaction.py` | 1,846 | — | — | MEDIUM |
|
|
||||||
| 14 | `routes/document_routes.py` | 1,717 | — | — | LOW |
|
|
||||||
| 15 | `routes/skills_routes.py` | 1,648 | — | — | LOW |
|
|
||||||
|
|
||||||
**Heuristic**: Files > 2,000 lines with 20+ public symbols and many importers are the highest-risk splits. Files 1,000–2,000 lines are medium-risk if tightly coupled.
|
|
||||||
|
|
||||||
### 2.2 Frontend
|
|
||||||
|
|
||||||
| File | Lines | Concern |
|
|
||||||
|------|-------|---------|
|
|
||||||
| `static/style.css` | **36,653** | Entire app CSS in one file (tracked separately in #2617) |
|
|
||||||
| `static/js/document.js` | **9,776** | Single JS file for document functionality |
|
|
||||||
| `static/js/slashCommands.js` | 6,498 | |
|
|
||||||
| `static/js/settings.js` | 5,266 | |
|
|
||||||
| `static/js/emailLibrary.js` | 5,217 | |
|
|
||||||
| `static/js/notes.js` | 5,124 | |
|
|
||||||
| `static/js/chat.js` | 4,985 | |
|
|
||||||
| `static/app.js` | 4,090 | |
|
|
||||||
|
|
||||||
**Note**: Frontend modularization is tracked separately in #2617 (CSS) and is not the focus of this Phase 0 inventory. Frontend is listed here for completeness but follow-up slices should target Python backend boundaries first.
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## 3. Import Dependency Graph
|
|
||||||
|
|
||||||
### 3.1 Who Depends on `core/database.py`
|
|
||||||
|
|
||||||
**102 files** import from `core.database` — this is the most depended-upon module:
|
|
||||||
|
|
||||||
- All route handlers (`routes/*.py`)
|
|
||||||
- Most `src/*.py` files
|
|
||||||
- `core/session_manager.py`, `core/auth.py`
|
|
||||||
- Multiple test files
|
|
||||||
|
|
||||||
**Implication**: Any split of `core/database.py` is the highest-risk refactor. It should be tackled **last**, never first.
|
|
||||||
|
|
||||||
### 3.2 Who Depends on `src/tool_implementations.py`
|
|
||||||
|
|
||||||
**17 files** import from `src.tool_implementations`:
|
|
||||||
- `src/agent_loop.py`, `src/builtin_actions.py`, `src/tool_index.py`
|
|
||||||
- `src/task_scheduler.py`, `src/tool_policy.py`
|
|
||||||
- Various tests
|
|
||||||
|
|
||||||
### 3.3 Who Depends on `src/agent_loop.py`
|
|
||||||
|
|
||||||
**22 files** import from `src.agent_loop`:
|
|
||||||
|
|
||||||
- `src/tool_policy.py`, `src/teacher_escalation.py`, `src/bg_monitor.py`
|
|
||||||
- `src/task_scheduler.py`
|
|
||||||
- Multiple test files
|
|
||||||
|
|
||||||
### 3.4 Cross-Layer Import Violations
|
|
||||||
|
|
||||||
**`src/` importing from `routes/`** (backwards dependency — domain logic depending on HTTP layer):
|
|
||||||
|
|
||||||
```
|
|
||||||
src/tool_implementations.py ──→ routes/calendar_routes.py
|
|
||||||
src/tool_implementations.py ──→ routes/cookbook_helpers.py
|
|
||||||
src/tool_implementations.py ──→ routes/email_helpers.py
|
|
||||||
src/tool_implementations.py ──→ routes/email_pollers.py
|
|
||||||
src/tool_implementations.py ──→ routes/email_routes.py
|
|
||||||
src/tool_implementations.py ──→ routes/model_routes.py
|
|
||||||
src/tool_implementations.py ──→ routes/note_routes.py
|
|
||||||
src/tool_implementations.py ──→ routes/prefs_routes.py
|
|
||||||
```
|
|
||||||
|
|
||||||
> These are **runtime imports** (inside function bodies, not at module top), which mitigates circular import risk but indicates fuzzy layer boundaries. Function-level inline imports from the HTTP layer into business logic are a code smell.
|
|
||||||
|
|
||||||
**Import counts (top-level)**:
|
|
||||||
| Direction | Count | Notes |
|
|
||||||
|-----------|-------|-------|
|
|
||||||
| `routes/` → `src/` | **374** | Expected: HTTP handlers call domain logic |
|
|
||||||
| `routes/` → `core/` | **126** | Expected: handlers access DB models |
|
|
||||||
| `src/` → `routes/` | **31** | **Unexpected**: domain logic reaching into HTTP layer (direct grep of import lines referencing `routes/`) |
|
|
||||||
| `src/` → `core/` | **106** | Acceptable but could be reduced with a data-access layer |
|
|
||||||
|
|
||||||
> **How the metrics in this document are computed** — recompute against current `dev` before treating any count as authoritative (the tree drifts; these numbers are a snapshot, not a live value):
|
|
||||||
> - `src/` flat `.py` files: `find src -maxdepth 1 -name '*.py' | wc -l`
|
|
||||||
> - `tests/` test files: `find tests -name 'test_*.py' | wc -l`
|
|
||||||
> - `core.database` importers: `grep -rlE '(from|import) +core\.database' --include='*.py' . | grep -v core/database.py | wc -l`
|
|
||||||
> - `src.agent_loop` importers: `grep -rlE '(from|import) +src\.agent_loop' --include='*.py' . | grep -v src/agent_loop.py | wc -l`
|
|
||||||
> - Cross-layer import lines: `grep -rhE '(from|import) +<pkg>' --include='*.py' <dir>/ | wc -l` (e.g. `(from|import) +routes` over `src/`)
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## 4. Route Ownership Map
|
|
||||||
|
|
||||||
Routes can be grouped into logical feature domains. Current flat structure obscures these boundaries:
|
|
||||||
|
|
||||||
| Domain | Route Files | Total Lines | Review Complexity |
|
|
||||||
|--------|-------------|-------------|-------------------|
|
|
||||||
| **Email** | `email_routes.py`, `email_helpers.py`, `email_pollers.py` | 5,936 | HIGH — most complex domain |
|
|
||||||
| **Chat / Agent** | `chat_routes.py`, `chat_helpers.py`, `shell_routes.py`, `codex_routes.py`, `skills_routes.py` | 6,365 | HIGH — core interaction surface |
|
|
||||||
| **Cookbook** | `cookbook_routes.py`, `cookbook_helpers.py`, `cookbook_output.py` | 4,110 | MEDIUM |
|
|
||||||
| **Model / LLM** | `model_routes.py`, `assistant_routes.py`, `copilot_routes.py` | 2,764 | MEDIUM |
|
|
||||||
| **Calendar / Contacts** | `calendar_routes.py`, `contacts_routes.py` | 2,336 | MEDIUM |
|
|
||||||
| **Documents** | `document_routes.py`, `document_helpers.py` | 1,954 | LOW |
|
|
||||||
| **Auth** | `auth_routes.py`, `api_token_routes.py`, `device_flow.py` | 1,171 | LOW |
|
|
||||||
| **Tasks** | `task_routes.py` (standalone) | 1,157 | LOW |
|
|
||||||
| **Session** | `session_routes.py` (standalone) | 1,287 | LOW |
|
|
||||||
| **Gallery** | `gallery_routes.py`, `gallery_helpers.py` | 1,896 | LOW |
|
|
||||||
| **Memory** | `memory_routes.py` | — | LOW |
|
|
||||||
| **Research** | `research_routes.py` | — | LOW |
|
|
||||||
| **MCP** | `mcp_routes.py` | — | LOW |
|
|
||||||
| **Notes** | `note_routes.py` | — | LOW |
|
|
||||||
| **Other** | `prefs_routes.py`, `upload_routes.py`, `vault_routes.py`, `webhook_routes.py`, `workspace_routes.py`, `search_routes.py`, `history_routes.py`, `hwfit_routes.py`, `preset_routes.py`, `signature_routes.py`, `backup_routes.py`, `cleanup_routes.py`, `diagnostics_routes.py`, `embedding_routes.py`, `emoji_routes.py`, `font_routes.py`, `stt_routes.py`, `tts_routes.py`, `compare_routes.py`, `personal_routes.py`, `editor_draft_routes.py`, `admin_wipe_routes.py`, `chatgpt_subscription_routes.py` | 2,000+ | LOW individual, HIGH cumulative |
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## 5. Tool Registry & Implementation Boundaries
|
|
||||||
|
|
||||||
### 5.1 Current Tool Architecture
|
|
||||||
|
|
||||||
| Component | File | Lines | Role |
|
|
||||||
|-----------|------|-------|------|
|
|
||||||
| Tool schemas | `src/tool_schemas.py` | 1,392 | JSON Schema tool definitions (Duck-TypedDict) |
|
|
||||||
| Tool index | `src/tool_index.py` | 542 | RAG-based tool retrieval from ChromaDB |
|
|
||||||
| Tool implementations | `src/tool_implementations.py` | 4,032 | 33 `do_*` functions — all tool execution logic |
|
|
||||||
| Tool security | `src/tool_security.py` | — | Owner-scoped tool blocking |
|
|
||||||
| Tool policy | `src/tool_policy.py` | — | Guide-only directive, plan-mode disabled tools |
|
|
||||||
| Tool utils | `src/tool_utils.py` | — | Shared tool helpers |
|
|
||||||
|
|
||||||
### 5.2 Tool Implementation Categories
|
|
||||||
|
|
||||||
The 33 `do_*` functions in `tool_implementations.py` fall into natural domain groups — the basis for slice 1's split in §6.2:
|
|
||||||
|
|
||||||
| Category | `do_*` functions | Count |
|
|
||||||
|----------|------------------|-------|
|
|
||||||
| **System / config** | `do_manage_skills`, `do_manage_tasks`, `do_manage_endpoints`, `do_manage_mcp`, `do_manage_webhooks`, `do_manage_tokens`, `do_manage_settings`, `do_api_call`, `do_app_api` | 9 |
|
|
||||||
| **Cookbook / model serving** | `do_download_model`, `do_serve_model`, `do_list_served_models`, `do_stop_served_model`, `do_tail_serve_output`, `do_list_downloads`, `do_cancel_download`, `do_search_hf_models`, `do_adopt_served_model`, `do_list_cookbook_servers`, `do_list_serve_presets`, `do_serve_preset`, `do_list_cached_models` | 13 |
|
|
||||||
| **Notes** | `do_manage_notes` | 1 |
|
|
||||||
| **Calendar** | `do_manage_calendar` | 1 |
|
|
||||||
| **Search** | `do_search_chats` | 1 |
|
|
||||||
| **Research** | `do_manage_research`, `do_trigger_research` | 2 |
|
|
||||||
| **Contacts** | `do_resolve_contact`, `do_manage_contact` | 2 |
|
|
||||||
| **Vault** | `do_vault_search`, `do_vault_get`, `do_vault_unlock` | 3 |
|
|
||||||
| **Image** | `do_edit_image` | 1 |
|
|
||||||
| | **Total** | **33** |
|
|
||||||
|
|
||||||
> Low-level tools (filesystem, subprocess, web fetch, document parsing) live in `src/agent_tools/`, **not** in `tool_implementations.py` — out of scope for this split.
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## 6. Risk Assessment & Candidate Slice Ranking
|
|
||||||
|
|
||||||
> **Candidate proposals, not a committed plan.** The rankings, package shapes (e.g. `src/pkg/`, `src/domain/`, `src/infra/`, `src/api/`), split ordering, and route-grouping strategy below are **options for maintainer discussion**. Per #4082/#4071, slice ownership and order are settled by maintainers before any follow-up PR. §1–§3 above are the factual current-state inventory.
|
|
||||||
|
|
||||||
### 6.1 Risk Scale
|
|
||||||
|
|
||||||
| Level | Criteria |
|
|
||||||
|-------|----------|
|
|
||||||
| **LOW** | File has ≤3 importers AND ≤500 lines, OR is a pure refactor with clear boundaries |
|
|
||||||
| **MEDIUM** | File has 4–15 importers OR 500–1,500 lines |
|
|
||||||
| **HIGH** | File has 16+ importers OR >2,000 lines, OR has cross-layer import violations |
|
|
||||||
|
|
||||||
### 6.2 Ranked Split Candidates
|
|
||||||
|
|
||||||
| Priority | Target | Risk | Rationale |
|
|
||||||
|----------|--------|------|-----------|
|
|
||||||
| **1** | `src/tool_implementations.py` → `src/tools/*.py` | **MEDIUM** | 4,032 lines → ~10 files by tool category. Already has natural boundaries. 17 importers, tracked in #3629. Use `__init__.py` shim to keep existing imports working. |
|
|
||||||
| **2** | `routes/` → domain subdirectories (one domain per PR) | **MEDIUM** | 54 flat files. Done **one domain at a time** (e.g. a standalone PR for the email domain, then chat, …), not a broad reorganization — route modules carry helper imports, registration assumptions, and test import paths. |
|
|
||||||
| **3** | `src/agent_loop.py` → `src/agent/loop.py` + submodules | **MEDIUM-HIGH** | 2,961 lines, 24 functions. Can extract prompt building, classification, verification, and runaway detection. Tracked in #3266. |
|
|
||||||
| **4** | `src/` → `src/pkg/`, `src/domain/`, `src/infra/`, `src/api/` | **MEDIUM** | Structural reorganization. Split flat `src/` into layered packages. Must come after routes and tools are stable. |
|
|
||||||
| **5** | `routes/email_*.py` consolidation | **LOW** | Already grouped by filename prefix. Low-risk cleanup within the email domain. |
|
|
||||||
| **6** | `core/database.py` → `src/infra/database/models/*.py` | **HIGH** | 28 classes, 102 importers. Highest-risk split. Must be **last** in any sequence. Requires careful import shim strategy. |
|
|
||||||
| **7** | Frontend CSS modularization | **MEDIUM** | 36,653 lines. Tracked in #2617. Separate timeline from backend work. |
|
|
||||||
| **8** | Frontend JS modularization | **MEDIUM** | 9,776 lines in `document.js`. Introduce ES modules at minimum. |
|
|
||||||
|
|
||||||
### 6.3 Candidate First 3 Behavior-Preserving Slices
|
|
||||||
|
|
||||||
**Slice 1: Split `tool_implementations.py`** (Lowest-risk high-impact)
|
|
||||||
|
|
||||||
- Create `src/tools/` package with one file per tool category
|
|
||||||
- Add `src/tools/__init__.py` re-exporting all symbols with current names
|
|
||||||
- Update 17 importers to use new paths (can be deferred via shim)
|
|
||||||
- Validation: `python -m pytest tests/ -x -q` + manual smoke test of tool execution
|
|
||||||
- Reference: #3629
|
|
||||||
|
|
||||||
**Slice 2: Group `routes/` by domain** (one domain per PR, not a broad sweep)
|
|
||||||
|
|
||||||
Route modules carry helper imports, router registration assumptions, and test import paths, so this must be done **one domain at a time** rather than as a single reorganization PR. Example sequence (each its own PR):
|
|
||||||
|
|
||||||
- PR 2a: move the **email** domain (`email_routes.py`, `email_helpers.py`, `email_pollers.py`) → `routes/email/` + shim
|
|
||||||
- PR 2b: move the **chat/agent** domain → `routes/chat/` + shim
|
|
||||||
- PR 2c: move the **cookbook** domain → `routes/cookbook/` + shim
|
|
||||||
- …and so on per domain from §4
|
|
||||||
|
|
||||||
Each PR: add `__init__.py` re-exporting old names, update `app.py` router imports, validation `python app.py` starts clean. **No behavior change** — pure file reorganization.
|
|
||||||
|
|
||||||
**Slice 3: Extract `agent_loop.py` submodules** (Improve reviewability)
|
|
||||||
|
|
||||||
- Move prompt assembly → `src/agent/prompt.py`
|
|
||||||
- Move request classification → `src/agent/classifier.py`
|
|
||||||
- Move sub-agent verification → `src/agent/verifier.py`
|
|
||||||
- Move runaway detection → `src/agent/runaway.py`
|
|
||||||
- Move context management → `src/agent/context.py`
|
|
||||||
- Keep `src/agent/loop.py` as the main orchestration module
|
|
||||||
- Validation: `python -m pytest tests/test_agent_loop.py tests/test_loop_breaker_runaway.py -v`
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## 7. Safety Guardrails for Follow-Up Work
|
|
||||||
|
|
||||||
Per maintainer guidance in #4082 and #4071:
|
|
||||||
|
|
||||||
- [ ] **One domain/slice per PR** — never mix multiple reorganizations
|
|
||||||
- [ ] **No behavior changes** mixed with file moves — pure reorganization only
|
|
||||||
- [ ] **Keep compatibility shims** — `__init__.py` re-exports for all existing import paths
|
|
||||||
- [ ] **Add or identify focused tests** before risky splits
|
|
||||||
- [ ] **Do not start with `core/database.py`** or broad route movement unless this inventory shows a safe boundary
|
|
||||||
- [ ] **Prefer small, reviewable slices** over large restructures
|
|
||||||
- [ ] **No packaging/runtime/tooling migration** mixed into file moves
|
|
||||||
- [ ] **No frontend framework migration** inside this stabilization lane
|
|
||||||
- [ ] **Validate with `python -m compileall`** — every PR must pass CI checks
|
|
||||||
- [ ] **Validate with `pytest`** — run the full test suite before opening each PR
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## 8. Validation Commands
|
|
||||||
|
|
||||||
Each follow-up PR should be verifiable with these commands before submission:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# Syntax check — must pass with zero errors
|
|
||||||
python -m compileall src/ routes/ core/ conf/
|
|
||||||
|
|
||||||
# Full test suite — must match baseline pass rate
|
|
||||||
python -m pytest tests/ -x -q
|
|
||||||
|
|
||||||
# Import shim verification — existing import paths must still work
|
|
||||||
python -c "from src.tool_implementations import do_search_chats; print('OK')"
|
|
||||||
|
|
||||||
# App startup smoke test (if backend touched)
|
|
||||||
timeout 5 python app.py 2>&1 | head -5 || true
|
|
||||||
```
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## 9. Open Questions
|
|
||||||
|
|
||||||
1. Is `#2538` (specs ground truth) the canonical behavior map baseline, and should this inventory be kept in sync with those specs once merged?
|
|
||||||
2. Should route grouping follow the domain map proposed here, or is there a different taxonomy preferred by maintainers?
|
|
||||||
3. For the `tool_implementations.py` split (#3629), is the tool categorization in §5.2 acceptable, or should it follow a different grouping?
|
|
||||||
4. Should compatibility shims (`__init__.py`) be temporary (removed in a follow-up wave) or permanent?
|
|
||||||
5. Should an ADR (Architecture Decision Record) document be started to track decisions made during this process?
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## 10. Future Direction (NOT current state)
|
|
||||||
|
|
||||||
The following are **future refactor targets** (candidate directions **pending maintainer agreement**, not committed), recorded here so this inventory does not imply they exist today. None of them are present in the current `dev` tree:
|
|
||||||
|
|
||||||
- `main.py` — proposed rename of the `app.py` entrypoint. Today the app boots via `app.py`.
|
|
||||||
- `src/agent/` — proposed package to hold `agent_loop.py` submodules (prompt/classifier/verifier/runaway/context). Today `agent_loop.py` is a single flat file in `src/`.
|
|
||||||
- `src/infra/`, `src/domain/`, `src/pkg/`, `src/api/` — proposed layered reorganization of the flat `src/` directory (slice 4 in §6).
|
|
||||||
|
|
||||||
These become real only when the corresponding slices land.
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Appendix A: File Listing
|
|
||||||
|
|
||||||
### `src/` (95 files — 61 shown; run `ls src/*.py` for the full list)
|
|
||||||
|
|
||||||
```
|
|
||||||
agent_loop.py tool_implementations.py tool_schemas.py
|
|
||||||
tool_index.py tool_security.py tool_policy.py
|
|
||||||
tool_utils.py builtin_actions.py task_scheduler.py
|
|
||||||
llm_core.py model_context.py model_discovery.py
|
|
||||||
session_search.py context_budget.py context_compactor.py
|
|
||||||
ai_interaction.py action_intents.py agent_runs.py
|
|
||||||
app_helpers.py app_initializer.py config.py
|
|
||||||
database.py memory.py memory_provider.py
|
|
||||||
secret_storage.py prompt_security.py url_security.py
|
|
||||||
url_safety.py rate_limiter.py cleanup_service.py
|
|
||||||
readiness.py service_health.py exceptions.py
|
|
||||||
request_models.py assistant_log.py bg_monitor.py
|
|
||||||
builtin_mcp.py chat_helpers.py chroma_client.py
|
|
||||||
document_processor.py embedding_lanes.py deep_research.py
|
|
||||||
research_handler.py research_utils.py personal_docs.py
|
|
||||||
rag_manager.py rag_singleton.py topic_analyzer.py
|
|
||||||
visual_report.py youtube_handler.py pdf_forms.py
|
|
||||||
pdf_form_doc.py pdf_runtime.py caldav_writeback.py
|
|
||||||
email_thread_parser.py text_helpers.py user_time.py
|
|
||||||
teacher_escalation.py cookbook_serve_lifecycle.py
|
|
||||||
chatgpt_subscription.py mcp_manager.py
|
|
||||||
```
|
|
||||||
|
|
||||||
### `routes/` (54 files)
|
|
||||||
|
|
||||||
```
|
|
||||||
__init__.py _validators.py
|
|
||||||
auth_routes.py api_token_routes.py device_flow.py
|
|
||||||
chat_routes.py chat_helpers.py shell_routes.py
|
|
||||||
codex_routes.py skills_routes.py
|
|
||||||
email_routes.py email_helpers.py email_pollers.py
|
|
||||||
cookbook_routes.py cookbook_helpers.py cookbook_output.py
|
|
||||||
model_routes.py assistant_routes.py copilot_routes.py
|
|
||||||
calendar_routes.py contacts_routes.py
|
|
||||||
document_routes.py document_helpers.py
|
|
||||||
gallery_routes.py gallery_helpers.py
|
|
||||||
task_routes.py session_routes.py
|
|
||||||
note_routes.py memory_routes.py research_routes.py
|
|
||||||
mcp_routes.py search_routes.py history_routes.py
|
|
||||||
webhook_routes.py workspace_routes.py upload_routes.py
|
|
||||||
vault_routes.py prefs_routes.py preset_routes.py
|
|
||||||
signature_routes.py personal_routes.py hwfit_routes.py
|
|
||||||
backup_routes.py cleanup_routes.py diagnostics_routes.py
|
|
||||||
embedding_routes.py emoji_routes.py font_routes.py
|
|
||||||
stt_routes.py tts_routes.py compare_routes.py
|
|
||||||
editor_draft_routes.py chatgpt_subscription_routes.py admin_wipe_routes.py
|
|
||||||
```
|
|
||||||
|
|
||||||
### `core/` (10 files)
|
|
||||||
|
|
||||||
```
|
|
||||||
__init__.py constants.py database.py models.py
|
|
||||||
auth.py middleware.py session_manager.py exceptions.py
|
|
||||||
atomic_io.py platform_compat.py
|
|
||||||
```
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Appendix B: Key Import Relationships
|
|
||||||
|
|
||||||
```
|
|
||||||
core/database.py ←── 102 importers (routes/*, src/*, core/*, tests/*)
|
|
||||||
↑
|
|
||||||
├── routes/auth_routes.py
|
|
||||||
├── routes/email_routes.py
|
|
||||||
├── src/builtin_actions.py
|
|
||||||
├── src/task_scheduler.py
|
|
||||||
├── src/tool_implementations.py (inline)
|
|
||||||
└── ...97 more
|
|
||||||
|
|
||||||
src/tool_implementations.py ←── 17 importers
|
|
||||||
↑
|
|
||||||
├── src/agent_loop.py
|
|
||||||
├── src/builtin_actions.py
|
|
||||||
├── src/tool_index.py
|
|
||||||
├── src/task_scheduler.py
|
|
||||||
├── src/tool_policy.py
|
|
||||||
└── ...12 more (mostly tests)
|
|
||||||
|
|
||||||
src/agent_loop.py ←── 22 importers
|
|
||||||
↑
|
|
||||||
├── src/tool_policy.py
|
|
||||||
├── src/teacher_escalation.py
|
|
||||||
├── src/bg_monitor.py
|
|
||||||
├── src/task_scheduler.py
|
|
||||||
└── 18 more (incl. tests)
|
|
||||||
```
|
|
||||||
+271
-483
File diff suppressed because it is too large
Load Diff
+1
-13
@@ -174,20 +174,8 @@ async def subscribe(session_id: str) -> AsyncGenerator[str, None]:
|
|||||||
next_seq += 1
|
next_seq += 1
|
||||||
if run.status != "running":
|
if run.status != "running":
|
||||||
return
|
return
|
||||||
heartbeat_idx = 0
|
|
||||||
while True:
|
while True:
|
||||||
try:
|
seq, ev = await q.get()
|
||||||
seq, ev = await asyncio.wait_for(q.get(), timeout=10.0)
|
|
||||||
except asyncio.TimeoutError:
|
|
||||||
# Keep slow local models/proxies alive while they prefill before
|
|
||||||
# the first token. SSE comments are ignored by the UI but reset
|
|
||||||
# browser/proxy idle timers, which prevents "empty response"
|
|
||||||
# disconnects on llama.cpp first-token latencies of 30s+.
|
|
||||||
if run.status == "running":
|
|
||||||
heartbeat_idx += 1
|
|
||||||
yield f": heartbeat {heartbeat_idx}\n\n"
|
|
||||||
continue
|
|
||||||
seq, ev = (None, None)
|
|
||||||
if seq is None: # end sentinel
|
if seq is None: # end sentinel
|
||||||
while next_seq < len(run.buffer): # flush any tail the sentinel raced
|
while next_seq < len(run.buffer): # flush any tail the sentinel raced
|
||||||
yield run.buffer[next_seq]
|
yield run.buffer[next_seq]
|
||||||
|
|||||||
@@ -22,15 +22,6 @@ from .subprocess_tools import BashTool, PythonTool
|
|||||||
from .web_tools import WebSearchTool, WebFetchTool
|
from .web_tools import WebSearchTool, WebFetchTool
|
||||||
from .filesystem_tools import ReadFileTool, WriteFileTool, EditFileTool, LsTool, GlobTool, GrepTool, GetWorkspaceTool
|
from .filesystem_tools import ReadFileTool, WriteFileTool, EditFileTool, LsTool, GlobTool, GrepTool, GetWorkspaceTool
|
||||||
from .document_tools import CreateDocumentTool, UpdateDocumentTool, EditDocumentTool, SuggestDocumentTool, ManageDocumentTool
|
from .document_tools import CreateDocumentTool, UpdateDocumentTool, EditDocumentTool, SuggestDocumentTool, ManageDocumentTool
|
||||||
from .interaction_tools import AskUserTool, UpdatePlanTool
|
|
||||||
from .model_interaction_tools import ChatWithModelTool, AskTeacherTool, ListModelsTool
|
|
||||||
from .bg_job_tools import ManageBgJobsTool
|
|
||||||
from .session_tools import CreateSessionTool, ListSessionsTool, SendToSessionTool, ManageSessionTool
|
|
||||||
from .admin_tools import (
|
|
||||||
ADMIN_TOOL_HANDLERS,
|
|
||||||
do_manage_endpoints, do_manage_mcp, do_manage_webhooks,
|
|
||||||
do_manage_tokens, do_manage_settings,
|
|
||||||
)
|
|
||||||
|
|
||||||
TOOL_HANDLERS = {
|
TOOL_HANDLERS = {
|
||||||
"bash": BashTool().execute,
|
"bash": BashTool().execute,
|
||||||
@@ -49,19 +40,7 @@ TOOL_HANDLERS = {
|
|||||||
"suggest_document": SuggestDocumentTool().execute,
|
"suggest_document": SuggestDocumentTool().execute,
|
||||||
"manage_documents": ManageDocumentTool().execute,
|
"manage_documents": ManageDocumentTool().execute,
|
||||||
"get_workspace": GetWorkspaceTool().execute,
|
"get_workspace": GetWorkspaceTool().execute,
|
||||||
"ask_user": AskUserTool().execute,
|
|
||||||
"update_plan": UpdatePlanTool().execute,
|
|
||||||
"chat_with_model": ChatWithModelTool().execute,
|
|
||||||
"ask_teacher": AskTeacherTool().execute,
|
|
||||||
"list_models": ListModelsTool().execute,
|
|
||||||
"manage_bg_jobs": ManageBgJobsTool().execute,
|
|
||||||
"create_session": CreateSessionTool().execute,
|
|
||||||
"list_sessions": ListSessionsTool().execute,
|
|
||||||
"send_to_session": SendToSessionTool().execute,
|
|
||||||
"manage_session": ManageSessionTool().execute,
|
|
||||||
}
|
}
|
||||||
# Config/integration admin tools (manage_endpoints/mcp/webhooks/tokens/settings).
|
|
||||||
TOOL_HANDLERS.update(ADMIN_TOOL_HANDLERS)
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
# Constants (re-exported for backward compatibility — single source of truth
|
# Constants (re-exported for backward compatibility — single source of truth
|
||||||
@@ -73,7 +52,7 @@ PYTHON_TIMEOUT = 30
|
|||||||
|
|
||||||
# Tool types that trigger execution
|
# Tool types that trigger execution
|
||||||
TOOL_TAGS = {"bash", "python", "web_search", "web_fetch", "read_file", "write_file", "edit_file",
|
TOOL_TAGS = {"bash", "python", "web_search", "web_fetch", "read_file", "write_file", "edit_file",
|
||||||
"grep", "glob", "ls", "get_workspace", "manage_bg_jobs",
|
"grep", "glob", "ls", "get_workspace",
|
||||||
"create_document", "update_document", "edit_document",
|
"create_document", "update_document", "edit_document",
|
||||||
"search_chats",
|
"search_chats",
|
||||||
"chat_with_model", "create_session", "list_sessions",
|
"chat_with_model", "create_session", "list_sessions",
|
||||||
@@ -148,5 +127,10 @@ from src.tool_implementations import ( # noqa: E402, F401
|
|||||||
do_search_chats,
|
do_search_chats,
|
||||||
do_manage_skills,
|
do_manage_skills,
|
||||||
do_manage_tasks,
|
do_manage_tasks,
|
||||||
|
do_manage_endpoints,
|
||||||
|
do_manage_mcp,
|
||||||
|
do_manage_webhooks,
|
||||||
|
do_manage_tokens,
|
||||||
|
do_manage_settings,
|
||||||
do_api_call,
|
do_api_call,
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -1,784 +0,0 @@
|
|||||||
"""Config/integration admin agent tools (TOOL_HANDLERS).
|
|
||||||
|
|
||||||
Moved verbatim from tool_implementations.py as part of the tool-registry
|
|
||||||
migration (#3629, the `admin_tools.py` bullet): manage_endpoints / manage_mcp /
|
|
||||||
manage_webhooks / manage_tokens / manage_settings, plus manage_mcp's
|
|
||||||
command-allowlist guard. Each impl keeps its `do_*(content, owner)` shape;
|
|
||||||
ADMIN_TOOL_HANDLERS wraps them into registry `execute(content, ctx)` adapters
|
|
||||||
via one factory.
|
|
||||||
"""
|
|
||||||
import json
|
|
||||||
import os
|
|
||||||
import re
|
|
||||||
import logging
|
|
||||||
from typing import Optional, Dict
|
|
||||||
|
|
||||||
from src.tool_utils import get_mcp_manager, _parse_tool_args
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
|
||||||
|
|
||||||
|
|
||||||
async def do_manage_endpoints(content: str, owner: Optional[str] = None) -> Dict:
|
|
||||||
"""Manage model endpoints: list, add, delete, enable, disable."""
|
|
||||||
from core.database import SessionLocal, ModelEndpoint
|
|
||||||
try:
|
|
||||||
args = _parse_tool_args(content)
|
|
||||||
except ValueError:
|
|
||||||
return {"error": "Invalid JSON arguments", "exit_code": 1}
|
|
||||||
|
|
||||||
action = args.get("action", "list")
|
|
||||||
db = SessionLocal()
|
|
||||||
try:
|
|
||||||
if action == "list":
|
|
||||||
eps = db.query(ModelEndpoint).all()
|
|
||||||
items = [{"id": e.id, "name": e.name, "base_url": e.base_url,
|
|
||||||
"is_enabled": e.is_enabled} for e in eps]
|
|
||||||
return {"response": f"{len(items)} endpoints", "endpoints": items, "exit_code": 0}
|
|
||||||
|
|
||||||
elif action == "add":
|
|
||||||
import uuid as _uuid
|
|
||||||
name = args.get("name", "")
|
|
||||||
base_url = args.get("base_url", "")
|
|
||||||
api_key = args.get("api_key", "")
|
|
||||||
if not base_url:
|
|
||||||
return {"error": "base_url is required", "exit_code": 1}
|
|
||||||
eid = str(_uuid.uuid4())[:8]
|
|
||||||
from datetime import datetime
|
|
||||||
ep = ModelEndpoint(id=eid, name=name or base_url, base_url=base_url,
|
|
||||||
api_key=api_key, is_enabled=True,
|
|
||||||
created_at=datetime.utcnow(), updated_at=datetime.utcnow())
|
|
||||||
db.add(ep)
|
|
||||||
db.commit()
|
|
||||||
return {"response": f"Added endpoint '{name or base_url}' (id: {eid})", "exit_code": 0}
|
|
||||||
|
|
||||||
elif action == "delete":
|
|
||||||
eid = args.get("endpoint_id", "")
|
|
||||||
ep = db.query(ModelEndpoint).filter(ModelEndpoint.id == eid).first()
|
|
||||||
if not ep:
|
|
||||||
return {"error": f"Endpoint {eid} not found", "exit_code": 1}
|
|
||||||
name = ep.name
|
|
||||||
db.delete(ep)
|
|
||||||
db.commit()
|
|
||||||
return {"response": f"Deleted endpoint '{name}'", "exit_code": 0}
|
|
||||||
|
|
||||||
elif action in ("enable", "disable"):
|
|
||||||
eid = args.get("endpoint_id", "")
|
|
||||||
ep = db.query(ModelEndpoint).filter(ModelEndpoint.id == eid).first()
|
|
||||||
if not ep:
|
|
||||||
return {"error": f"Endpoint {eid} not found", "exit_code": 1}
|
|
||||||
ep.is_enabled = (action == "enable")
|
|
||||||
db.commit()
|
|
||||||
return {"response": f"Endpoint '{ep.name}' {action}d", "exit_code": 0}
|
|
||||||
|
|
||||||
else:
|
|
||||||
return {"error": f"Unknown action: {action}", "exit_code": 1}
|
|
||||||
except Exception as e:
|
|
||||||
logger.error(f"manage_endpoints error: {e}")
|
|
||||||
return {"error": str(e), "exit_code": 1}
|
|
||||||
finally:
|
|
||||||
db.close()
|
|
||||||
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
|
||||||
# MCP server management tool
|
|
||||||
# ---------------------------------------------------------------------------
|
|
||||||
|
|
||||||
# Parallel to routes/cookbook_helpers._validate_serve_cmd but deliberately the
|
|
||||||
# opposite policy: that gate guards an admin-only serve command and allows
|
|
||||||
# interpreters (python3/etc) because model-serving needs them, whereas this is
|
|
||||||
# the model/prompt-injection-reachable manage_mcp path, so interpreters and
|
|
||||||
# runners are denied here.
|
|
||||||
#
|
|
||||||
# Commands that can execute arbitrary code regardless of their arguments. These
|
|
||||||
# are NEVER accepted on the manage_mcp agent path, even if an operator lists one
|
|
||||||
# in ODYSSEUS_MCP_ALLOWED_COMMANDS -- a stdio server that genuinely needs an
|
|
||||||
# interpreter or package runner must be registered via the trusted admin route.
|
|
||||||
_MCP_DENIED_COMMANDS = frozenset({
|
|
||||||
"sh", "bash", "zsh", "fish", "dash", "ksh", "csh", "tcsh", "ash", "busybox",
|
|
||||||
"cmd", "command.com", "powershell", "pwsh",
|
|
||||||
"python", "pypy", "node", "nodejs", "deno", "bun", "ruby", "jruby",
|
|
||||||
"perl", "raku", "php", "lua", "luajit", "tclsh", "wish", "expect", "rscript",
|
|
||||||
"groovy", "scala", "elixir", "erl", "iex", "java", "javac", "jshell", "jbang",
|
|
||||||
"kotlin", "kotlinc", "dotnet", "mono", "swift", "osascript", "tsx", "ts-node",
|
|
||||||
"npx", "bunx", "uvx", "pipx", "npm", "pnpm", "yarn", "pip", "uv",
|
|
||||||
"gem", "cargo", "go", "bundle", "poetry", "conda", "mamba", "brew",
|
|
||||||
"apt", "apt-get", "yum", "dnf", "pacman", "apk",
|
|
||||||
"env", "xargs", "nohup", "setsid", "nice", "ionice", "time", "timeout",
|
|
||||||
"watch", "stdbuf", "unbuffer", "script", "ssh", "scp", "sshpass", "sudo",
|
|
||||||
"doas", "su", "make", "cmake", "docker", "podman", "kubectl", "find",
|
|
||||||
"awk", "gawk", "sed", "vi", "vim", "nvim", "emacs", "ed", "tee", "eval",
|
|
||||||
})
|
|
||||||
|
|
||||||
# Argv flags that make even an allowlisted binary execute inline code. Matched
|
|
||||||
# by prefix so glued forms (-cimport os, --eval=...) are caught, not just the
|
|
||||||
# exact-token form.
|
|
||||||
_MCP_CODE_EXEC_SHORT_FLAGS = ("-c", "-e", "-m")
|
|
||||||
_MCP_CODE_EXEC_LONG_FLAGS = ("--eval", "--exec", "--print", "--module", "--command", "--require")
|
|
||||||
|
|
||||||
_MCP_URL_SCHEMES = ("http://", "https://", "ftp://", "ftps://", "file://", "data:", "jar:", "blob:")
|
|
||||||
|
|
||||||
# Shell metacharacters refused in command/args. Args are passed as an argv list
|
|
||||||
# (no shell), but refusing these keeps the surface narrow and obvious.
|
|
||||||
_MCP_SHELL_METACHARS = set(";|&$`><\n\r")
|
|
||||||
|
|
||||||
# Env vars that let a child process load attacker-supplied code before main().
|
|
||||||
_MCP_DANGEROUS_ENV = frozenset({
|
|
||||||
"LD_PRELOAD", "LD_LIBRARY_PATH", "LD_AUDIT", "DYLD_INSERT_LIBRARIES",
|
|
||||||
"DYLD_LIBRARY_PATH", "DYLD_FRAMEWORK_PATH", "PYTHONPATH", "PYTHONSTARTUP",
|
|
||||||
"PYTHONHOME", "PYTHONEXECUTABLE", "NODE_OPTIONS", "NODE_PATH", "BASH_ENV",
|
|
||||||
"ENV", "SHELLOPTS", "PERL5LIB", "PERL5OPT", "RUBYOPT", "RUBYLIB", "GEM_PATH",
|
|
||||||
"R_PROFILE", "R_HOME", "PATH", "IFS", "PROMPT_COMMAND",
|
|
||||||
})
|
|
||||||
|
|
||||||
|
|
||||||
def _mcp_allowed_commands() -> set:
|
|
||||||
"""Operator-configured allowlist of safe MCP launcher basenames for the agent
|
|
||||||
path. Empty by default; set ODYSSEUS_MCP_ALLOWED_COMMANDS (comma-separated)
|
|
||||||
to opt specific trusted binaries in. Denied commands are rejected even if
|
|
||||||
listed here."""
|
|
||||||
raw = os.environ.get("ODYSSEUS_MCP_ALLOWED_COMMANDS", "")
|
|
||||||
return {c.strip().lower() for c in raw.split(",") if c.strip()}
|
|
||||||
|
|
||||||
|
|
||||||
def _validate_mcp_command(command, args, env) -> Optional[str]:
|
|
||||||
"""Validate a model-supplied stdio MCP registration. Returns an error string
|
|
||||||
if it must be rejected, else None.
|
|
||||||
|
|
||||||
Closes the RCE where manage_mcp 'add' passed prompt-injection-controlled
|
|
||||||
command/args/env straight to a subprocess spawn (issue #438): a payload
|
|
||||||
smuggled into a skill description, memory entry, fetched page, or email body
|
|
||||||
could register a stdio server running arbitrary code as the app UID.
|
|
||||||
"""
|
|
||||||
if not isinstance(command, str) or not command.strip():
|
|
||||||
return "command must be a non-empty string"
|
|
||||||
command = command.strip()
|
|
||||||
if "/" in command or "\\" in command:
|
|
||||||
return "command must be a bare executable name, not a path"
|
|
||||||
if any(ch in _MCP_SHELL_METACHARS for ch in command):
|
|
||||||
return "command contains shell metacharacters"
|
|
||||||
base = command.lower()
|
|
||||||
if base.endswith(".exe") or base.endswith(".cmd") or base.endswith(".bat"):
|
|
||||||
base = base.rsplit(".", 1)[0]
|
|
||||||
# Canonicalize a trailing version suffix so versioned aliases collapse to the
|
|
||||||
# family name (python3.11 -> python, node18 -> node, pip3 -> pip); both the
|
|
||||||
# raw basename and the canonical form are denied, so an operator cannot
|
|
||||||
# accidentally allowlist a runtime alias back into the path.
|
|
||||||
canon = re.sub(r"[-_.]?\d+(?:\.\d+)*$", "", base)
|
|
||||||
if base in _MCP_DENIED_COMMANDS or canon in _MCP_DENIED_COMMANDS:
|
|
||||||
return (
|
|
||||||
f"command '{command}' is not allowed on the agent MCP path: "
|
|
||||||
"interpreters, runtimes, package runners, and shells can execute "
|
|
||||||
"arbitrary code. Register such a server via the admin route instead."
|
|
||||||
)
|
|
||||||
if base not in _mcp_allowed_commands():
|
|
||||||
return (
|
|
||||||
f"command '{command}' is not in the MCP allowlist. Add it to "
|
|
||||||
"ODYSSEUS_MCP_ALLOWED_COMMANDS if you trust it, or register the "
|
|
||||||
"server via the admin route."
|
|
||||||
)
|
|
||||||
|
|
||||||
if args is not None:
|
|
||||||
if isinstance(args, str):
|
|
||||||
try:
|
|
||||||
args = json.loads(args)
|
|
||||||
except Exception:
|
|
||||||
return "args must be a JSON list"
|
|
||||||
if not isinstance(args, list):
|
|
||||||
return "args must be a list"
|
|
||||||
for a in args:
|
|
||||||
if not isinstance(a, str):
|
|
||||||
return "args must all be strings"
|
|
||||||
s = a.strip()
|
|
||||||
low = s.lower()
|
|
||||||
if any(s == f or s.startswith(f) for f in _MCP_CODE_EXEC_SHORT_FLAGS):
|
|
||||||
return f"arg '{a}' is a code-execution flag and is not allowed"
|
|
||||||
if any(low == f or low.startswith(f + "=") for f in _MCP_CODE_EXEC_LONG_FLAGS):
|
|
||||||
return f"arg '{a}' is a code-execution flag and is not allowed"
|
|
||||||
if any(low.startswith(u) for u in _MCP_URL_SCHEMES):
|
|
||||||
return f"arg '{a}' is a remote URL and is not allowed"
|
|
||||||
if any(ch in _MCP_SHELL_METACHARS for ch in a):
|
|
||||||
return f"arg '{a}' contains shell metacharacters"
|
|
||||||
|
|
||||||
if env:
|
|
||||||
if isinstance(env, str):
|
|
||||||
try:
|
|
||||||
env = json.loads(env)
|
|
||||||
except Exception:
|
|
||||||
return "env must be a JSON object"
|
|
||||||
if not isinstance(env, dict):
|
|
||||||
return "env must be an object"
|
|
||||||
for k in env:
|
|
||||||
if str(k).strip().upper() in _MCP_DANGEROUS_ENV:
|
|
||||||
return f"env var '{k}' can inject code into the child process and is not allowed"
|
|
||||||
|
|
||||||
return None
|
|
||||||
|
|
||||||
|
|
||||||
async def do_manage_mcp(content: str, owner: Optional[str] = None) -> Dict:
|
|
||||||
"""Manage MCP servers: list, add, delete, enable, disable, reconnect."""
|
|
||||||
try:
|
|
||||||
args = _parse_tool_args(content)
|
|
||||||
except ValueError:
|
|
||||||
return {"error": "Invalid JSON arguments", "exit_code": 1}
|
|
||||||
|
|
||||||
action = args.get("action", "list")
|
|
||||||
|
|
||||||
if action == "list":
|
|
||||||
mcp = get_mcp_manager()
|
|
||||||
if not mcp:
|
|
||||||
return {"response": "No MCP manager available", "servers": [], "exit_code": 0}
|
|
||||||
from core.database import SessionLocal, McpServer
|
|
||||||
db = SessionLocal()
|
|
||||||
try:
|
|
||||||
servers = db.query(McpServer).all()
|
|
||||||
items = []
|
|
||||||
for s in servers:
|
|
||||||
st = mcp.get_server_status(s.id)
|
|
||||||
status = st.get("status", "disconnected")
|
|
||||||
tool_count = st.get("tool_count", 0)
|
|
||||||
items.append({"id": s.id, "name": s.name, "transport": s.transport,
|
|
||||||
"is_enabled": s.is_enabled, "status": status,
|
|
||||||
"tool_count": tool_count})
|
|
||||||
return {"response": f"{len(items)} MCP servers", "servers": items, "exit_code": 0}
|
|
||||||
finally:
|
|
||||||
db.close()
|
|
||||||
|
|
||||||
elif action == "add":
|
|
||||||
from core.database import SessionLocal, McpServer
|
|
||||||
import uuid as _uuid
|
|
||||||
from datetime import datetime
|
|
||||||
name = args.get("name", "")
|
|
||||||
command = args.get("command", "")
|
|
||||||
cmd_args = args.get("args", [])
|
|
||||||
env = args.get("env", {})
|
|
||||||
if not name or not command:
|
|
||||||
return {"error": "name and command are required", "exit_code": 1}
|
|
||||||
# Validate BEFORE any DB write or spawn: a rejected registration must
|
|
||||||
# leave no enabled row (which would otherwise auto-reconnect on restart)
|
|
||||||
# and must not attempt a connection.
|
|
||||||
_mcp_err = _validate_mcp_command(command, cmd_args, env)
|
|
||||||
if _mcp_err:
|
|
||||||
return {"error": f"manage_mcp: refused unsafe server registration: {_mcp_err}", "exit_code": 1}
|
|
||||||
sid = str(_uuid.uuid4())[:8]
|
|
||||||
db = SessionLocal()
|
|
||||||
try:
|
|
||||||
srv = McpServer(id=sid, name=name, transport="stdio", command=command,
|
|
||||||
args=json.dumps(cmd_args) if isinstance(cmd_args, list) else cmd_args,
|
|
||||||
env=json.dumps(env) if isinstance(env, dict) else env,
|
|
||||||
is_enabled=True, created_at=datetime.utcnow(), updated_at=datetime.utcnow())
|
|
||||||
db.add(srv)
|
|
||||||
db.commit()
|
|
||||||
finally:
|
|
||||||
db.close()
|
|
||||||
# Try to connect
|
|
||||||
mcp = get_mcp_manager()
|
|
||||||
tool_count = 0
|
|
||||||
if mcp:
|
|
||||||
try:
|
|
||||||
await mcp.connect_server(
|
|
||||||
sid, name, "stdio", command=command,
|
|
||||||
args=cmd_args if isinstance(cmd_args, list) else json.loads(cmd_args),
|
|
||||||
env=env if isinstance(env, dict) else json.loads(env),
|
|
||||||
)
|
|
||||||
st = mcp.get_server_status(sid)
|
|
||||||
tool_count = st.get("tool_count", 0)
|
|
||||||
except Exception as e:
|
|
||||||
logger.warning(f"MCP connect failed for {name}: {e}")
|
|
||||||
return {"response": f"Added MCP server '{name}' ({tool_count} tools)", "exit_code": 0}
|
|
||||||
|
|
||||||
elif action == "delete":
|
|
||||||
sid = args.get("server_id", "")
|
|
||||||
from core.database import SessionLocal, McpServer
|
|
||||||
db = SessionLocal()
|
|
||||||
try:
|
|
||||||
srv = db.query(McpServer).filter(McpServer.id == sid).first()
|
|
||||||
if not srv:
|
|
||||||
return {"error": f"Server {sid} not found", "exit_code": 1}
|
|
||||||
name = srv.name
|
|
||||||
mcp = get_mcp_manager()
|
|
||||||
if mcp:
|
|
||||||
try:
|
|
||||||
await mcp.disconnect_server(sid)
|
|
||||||
except Exception:
|
|
||||||
pass
|
|
||||||
db.delete(srv)
|
|
||||||
db.commit()
|
|
||||||
return {"response": f"Deleted MCP server '{name}'", "exit_code": 0}
|
|
||||||
finally:
|
|
||||||
db.close()
|
|
||||||
|
|
||||||
elif action == "reconnect":
|
|
||||||
sid = args.get("server_id", "")
|
|
||||||
mcp = get_mcp_manager()
|
|
||||||
if not mcp:
|
|
||||||
return {"error": "MCP manager not available", "exit_code": 1}
|
|
||||||
try:
|
|
||||||
await mcp.disconnect_server(sid)
|
|
||||||
from core.database import SessionLocal, McpServer
|
|
||||||
db2 = SessionLocal()
|
|
||||||
try:
|
|
||||||
srv = db2.query(McpServer).filter(McpServer.id == sid).first()
|
|
||||||
if srv:
|
|
||||||
_args = json.loads(srv.args) if srv.args else []
|
|
||||||
_env = json.loads(srv.env) if srv.env else {}
|
|
||||||
await mcp.connect_server(
|
|
||||||
server_id=sid,
|
|
||||||
name=srv.name,
|
|
||||||
transport=srv.transport,
|
|
||||||
command=srv.command,
|
|
||||||
args=_args,
|
|
||||||
env=_env,
|
|
||||||
url=srv.url,
|
|
||||||
)
|
|
||||||
st = mcp.get_server_status(sid)
|
|
||||||
return {"response": f"Reconnected '{srv.name}' ({st.get('tool_count', 0)} tools)", "exit_code": 0}
|
|
||||||
return {"error": f"Server {sid} not found", "exit_code": 1}
|
|
||||||
finally:
|
|
||||||
db2.close()
|
|
||||||
except Exception as e:
|
|
||||||
return {"error": str(e), "exit_code": 1}
|
|
||||||
|
|
||||||
elif action in ("enable", "disable"):
|
|
||||||
sid = args.get("server_id", "")
|
|
||||||
from core.database import SessionLocal, McpServer
|
|
||||||
db = SessionLocal()
|
|
||||||
try:
|
|
||||||
srv = db.query(McpServer).filter(McpServer.id == sid).first()
|
|
||||||
if not srv:
|
|
||||||
return {"error": f"Server {sid} not found", "exit_code": 1}
|
|
||||||
srv.is_enabled = (action == "enable")
|
|
||||||
db.commit()
|
|
||||||
return {"response": f"MCP server '{srv.name}' {action}d", "exit_code": 0}
|
|
||||||
finally:
|
|
||||||
db.close()
|
|
||||||
|
|
||||||
elif action == "list_tools":
|
|
||||||
mcp = get_mcp_manager()
|
|
||||||
if not mcp:
|
|
||||||
return {"response": "No MCP manager", "tools": [], "exit_code": 0}
|
|
||||||
tools = mcp.get_all_tools()
|
|
||||||
items = [{"name": t["name"], "server": t["server_name"],
|
|
||||||
"description": t.get("description", "")[:100]} for t in tools]
|
|
||||||
return {"response": f"{len(items)} MCP tools available", "tools": items, "exit_code": 0}
|
|
||||||
|
|
||||||
else:
|
|
||||||
return {"error": f"Unknown action: {action}", "exit_code": 1}
|
|
||||||
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
|
||||||
# Webhook management tool
|
|
||||||
# ---------------------------------------------------------------------------
|
|
||||||
|
|
||||||
async def do_manage_webhooks(content: str, owner: Optional[str] = None) -> Dict:
|
|
||||||
"""Manage webhooks: list, add, delete, enable, disable, test."""
|
|
||||||
from core.database import SessionLocal
|
|
||||||
try:
|
|
||||||
args = _parse_tool_args(content)
|
|
||||||
except ValueError:
|
|
||||||
return {"error": "Invalid JSON arguments", "exit_code": 1}
|
|
||||||
|
|
||||||
action = args.get("action", "list")
|
|
||||||
db = SessionLocal()
|
|
||||||
try:
|
|
||||||
from core.database import Webhook
|
|
||||||
if action == "list":
|
|
||||||
hooks = db.query(Webhook).all()
|
|
||||||
items = [{"id": h.id, "name": h.name, "url": h.url,
|
|
||||||
"events": h.events, "is_active": h.is_active} for h in hooks]
|
|
||||||
return {"response": f"{len(items)} webhooks", "webhooks": items, "exit_code": 0}
|
|
||||||
|
|
||||||
elif action == "add":
|
|
||||||
import uuid as _uuid
|
|
||||||
from datetime import datetime
|
|
||||||
from src.webhook_manager import validate_events, validate_webhook_url
|
|
||||||
name = args.get("name", "")
|
|
||||||
url = args.get("url", "")
|
|
||||||
events = args.get("events", "chat.completed")
|
|
||||||
if not url:
|
|
||||||
return {"error": "url is required", "exit_code": 1}
|
|
||||||
try:
|
|
||||||
url = validate_webhook_url(url)
|
|
||||||
events = validate_events(events)
|
|
||||||
except ValueError as e:
|
|
||||||
return {"error": str(e), "exit_code": 1}
|
|
||||||
wid = str(_uuid.uuid4())[:8]
|
|
||||||
hook = Webhook(id=wid, name=name or url, url=url,
|
|
||||||
events=events, is_active=True,
|
|
||||||
created_at=datetime.utcnow(), updated_at=datetime.utcnow())
|
|
||||||
db.add(hook)
|
|
||||||
db.commit()
|
|
||||||
return {"response": f"Added webhook '{name or url}'", "exit_code": 0}
|
|
||||||
|
|
||||||
elif action == "delete":
|
|
||||||
wid = args.get("webhook_id", "")
|
|
||||||
hook = db.query(Webhook).filter(Webhook.id == wid).first()
|
|
||||||
if not hook:
|
|
||||||
return {"error": f"Webhook {wid} not found", "exit_code": 1}
|
|
||||||
name = hook.name
|
|
||||||
db.delete(hook)
|
|
||||||
db.commit()
|
|
||||||
return {"response": f"Deleted webhook '{name}'", "exit_code": 0}
|
|
||||||
|
|
||||||
elif action in ("enable", "disable"):
|
|
||||||
wid = args.get("webhook_id", "")
|
|
||||||
hook = db.query(Webhook).filter(Webhook.id == wid).first()
|
|
||||||
if not hook:
|
|
||||||
return {"error": f"Webhook {wid} not found", "exit_code": 1}
|
|
||||||
hook.is_active = (action == "enable")
|
|
||||||
db.commit()
|
|
||||||
return {"response": f"Webhook '{hook.name}' {action}d", "exit_code": 0}
|
|
||||||
|
|
||||||
else:
|
|
||||||
return {"error": f"Unknown action: {action}", "exit_code": 1}
|
|
||||||
except Exception as e:
|
|
||||||
logger.error(f"manage_webhooks error: {e}")
|
|
||||||
return {"error": str(e), "exit_code": 1}
|
|
||||||
finally:
|
|
||||||
db.close()
|
|
||||||
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
|
||||||
# API token management tool
|
|
||||||
# ---------------------------------------------------------------------------
|
|
||||||
|
|
||||||
async def do_manage_tokens(content: str, owner: Optional[str] = None) -> Dict:
|
|
||||||
"""Manage API tokens: list, create, delete."""
|
|
||||||
from core.database import SessionLocal, ApiToken
|
|
||||||
try:
|
|
||||||
args = _parse_tool_args(content)
|
|
||||||
except ValueError:
|
|
||||||
return {"error": "Invalid JSON arguments", "exit_code": 1}
|
|
||||||
|
|
||||||
action = args.get("action", "list")
|
|
||||||
db = SessionLocal()
|
|
||||||
try:
|
|
||||||
if action == "list":
|
|
||||||
tokens = db.query(ApiToken).all()
|
|
||||||
items = [{"id": t.id, "name": t.name, "token_prefix": t.token_prefix + "...",
|
|
||||||
"is_active": t.is_active} for t in tokens]
|
|
||||||
return {"response": f"{len(items)} API tokens", "tokens": items, "exit_code": 0}
|
|
||||||
|
|
||||||
elif action == "create":
|
|
||||||
import uuid as _uuid, secrets, bcrypt
|
|
||||||
from datetime import datetime
|
|
||||||
name = args.get("name", "API Token")
|
|
||||||
raw_token = secrets.token_urlsafe(32)
|
|
||||||
token_hash = bcrypt.hashpw(raw_token.encode(), bcrypt.gensalt()).decode()
|
|
||||||
tid = str(_uuid.uuid4())[:8]
|
|
||||||
t = ApiToken(id=tid, name=name, token_hash=token_hash,
|
|
||||||
token_prefix=raw_token[:8], is_active=True,
|
|
||||||
created_at=datetime.utcnow(), updated_at=datetime.utcnow())
|
|
||||||
db.add(t)
|
|
||||||
db.commit()
|
|
||||||
return {"response": f"Created token '{name}'", "token": raw_token, "exit_code": 0}
|
|
||||||
|
|
||||||
elif action == "delete":
|
|
||||||
tid = args.get("token_id", "")
|
|
||||||
t = db.query(ApiToken).filter(ApiToken.id == tid).first()
|
|
||||||
if not t:
|
|
||||||
return {"error": f"Token {tid} not found", "exit_code": 1}
|
|
||||||
name = t.name
|
|
||||||
db.delete(t)
|
|
||||||
db.commit()
|
|
||||||
return {"response": f"Deleted token '{name}'", "exit_code": 0}
|
|
||||||
|
|
||||||
else:
|
|
||||||
return {"error": f"Unknown action: {action}", "exit_code": 1}
|
|
||||||
except Exception as e:
|
|
||||||
logger.error(f"manage_tokens error: {e}")
|
|
||||||
return {"error": str(e), "exit_code": 1}
|
|
||||||
finally:
|
|
||||||
db.close()
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
|
||||||
# Settings/preferences management tool
|
|
||||||
# ---------------------------------------------------------------------------
|
|
||||||
|
|
||||||
async def do_manage_settings(content: str, owner: Optional[str] = None) -> Dict:
|
|
||||||
"""Manage user settings and preferences."""
|
|
||||||
try:
|
|
||||||
args = _parse_tool_args(content)
|
|
||||||
except ValueError:
|
|
||||||
return {"error": "Invalid JSON arguments", "exit_code": 1}
|
|
||||||
|
|
||||||
action = args.get("action", "list")
|
|
||||||
|
|
||||||
from core.database import SessionLocal
|
|
||||||
db = SessionLocal()
|
|
||||||
try:
|
|
||||||
# set/get/list/delete operate on the REAL app settings (the same store
|
|
||||||
# the Settings panel writes), so changing a model / voice / search
|
|
||||||
# engine / reminder channel from chat actually takes effect.
|
|
||||||
from src.settings import load_settings, save_settings, DEFAULT_SETTINGS
|
|
||||||
|
|
||||||
# Secrets/credentials the agent must NOT write: kept read-only (masked)
|
|
||||||
# so API keys never flow through chat. User sets these in the panel.
|
|
||||||
_SECRET_KEYS = {
|
|
||||||
"brave_api_key", "google_pse_key", "google_pse_cx",
|
|
||||||
"tavily_api_key", "serper_api_key", "app_public_url",
|
|
||||||
}
|
|
||||||
def _is_secret(k):
|
|
||||||
# `token` must be a suffix, not a substring: otherwise the int
|
|
||||||
# setting `agent_input_token_budget` (which even has a "token budget"
|
|
||||||
# alias to set it from chat) is wrongly classified as a credential.
|
|
||||||
return (
|
|
||||||
k in _SECRET_KEYS
|
|
||||||
or k.endswith("token")
|
|
||||||
or any(t in k for t in ("api_key", "_key", "secret", "password"))
|
|
||||||
)
|
|
||||||
|
|
||||||
# Friendly aliases → real keys, so natural phrasing resolves.
|
|
||||||
_ALIASES_SET = {
|
|
||||||
"voice": "tts_voice", "tts voice": "tts_voice", "tts": "tts_enabled",
|
|
||||||
"text to speech": "tts_enabled", "tts provider": "tts_provider",
|
|
||||||
"speech speed": "tts_speed", "voice speed": "tts_speed",
|
|
||||||
"stt": "stt_enabled", "speech to text": "stt_enabled", "transcription": "stt_enabled",
|
|
||||||
"search engine": "search_provider", "search provider": "search_provider",
|
|
||||||
"search results": "search_result_count", "result count": "search_result_count",
|
|
||||||
"default model": "default_model", "chat model": "default_model",
|
|
||||||
"default endpoint": "default_endpoint_id",
|
|
||||||
"task model": "task_model", "background model": "task_model",
|
|
||||||
"teacher model": "teacher_model", "teacher": "teacher_enabled",
|
|
||||||
"utility model": "utility_model", "research model": "research_model",
|
|
||||||
"research max tokens": "research_max_tokens",
|
|
||||||
"vision model": "vision_model", "vision": "vision_enabled",
|
|
||||||
"image model": "image_model", "image quality": "image_quality",
|
|
||||||
"image gen": "image_gen_enabled", "image generation": "image_gen_enabled",
|
|
||||||
"reminder channel": "reminder_channel", "reminders": "reminder_channel",
|
|
||||||
"ntfy topic": "reminder_ntfy_topic",
|
|
||||||
"webhook integration": "reminder_webhook_integration_id",
|
|
||||||
"webhook template": "reminder_webhook_payload_template", "webhook payload": "reminder_webhook_payload_template",
|
|
||||||
"agent tool calls": "agent_max_tool_calls", "max tool calls": "agent_max_tool_calls",
|
|
||||||
"agent timeout": "agent_stream_timeout_seconds", "stream timeout": "agent_stream_timeout_seconds",
|
|
||||||
"token budget": "agent_input_token_budget", "input budget": "agent_input_token_budget",
|
|
||||||
"hard max": "agent_input_token_hard_max",
|
|
||||||
"token budget cap": "agent_input_token_hard_max",
|
|
||||||
"input budget cap": "agent_input_token_hard_max",
|
|
||||||
}
|
|
||||||
def _resolve(k):
|
|
||||||
k2 = (k or "").strip().lower()
|
|
||||||
if k2 in DEFAULT_SETTINGS:
|
|
||||||
return k2
|
|
||||||
return _ALIASES_SET.get(k2, (k or "").strip())
|
|
||||||
|
|
||||||
_ENUMS = {
|
|
||||||
"image_quality": ["low", "medium", "high"],
|
|
||||||
"reminder_channel": ["browser", "email", "ntfy", "webhook"],
|
|
||||||
}
|
|
||||||
def _coerce(value, default):
|
|
||||||
if isinstance(default, bool):
|
|
||||||
return value if isinstance(value, bool) else str(value).strip().lower() in ("true", "on", "yes", "1", "enable", "enabled")
|
|
||||||
if isinstance(default, int):
|
|
||||||
return int(value)
|
|
||||||
return value
|
|
||||||
|
|
||||||
def _model_slug(value: str) -> str:
|
|
||||||
import re as _re
|
|
||||||
return _re.sub(r"[^a-z0-9]+", "", (value or "").lower())
|
|
||||||
|
|
||||||
def _endpoint_model_from_cache(model_query: str):
|
|
||||||
"""Resolve friendly model text to an enabled endpoint + real model id.
|
|
||||||
|
|
||||||
The Settings UI stores both `<prefix>_endpoint_id` and
|
|
||||||
`<prefix>_model`; writing only the model leaves the runtime on the
|
|
||||||
old endpoint. Prefer cached model lists so this stays fast/offline.
|
|
||||||
"""
|
|
||||||
import json as _json
|
|
||||||
import re as _re
|
|
||||||
from core.database import ModelEndpoint
|
|
||||||
|
|
||||||
wanted = (model_query or "").strip()
|
|
||||||
wanted_slug = _model_slug(wanted)
|
|
||||||
wanted_tokens = [_model_slug(t) for t in _re.findall(r"[A-Za-z0-9]+", wanted)]
|
|
||||||
wanted_tokens = [t for t in wanted_tokens if t]
|
|
||||||
if not wanted_slug:
|
|
||||||
return None
|
|
||||||
best = None
|
|
||||||
for ep in db.query(ModelEndpoint).filter(ModelEndpoint.is_enabled == True).all():
|
|
||||||
raw_models = []
|
|
||||||
try:
|
|
||||||
raw_models = _json.loads(ep.cached_models or "[]") or []
|
|
||||||
except Exception:
|
|
||||||
raw_models = []
|
|
||||||
# If cache is empty, still allow matching against endpoint name
|
|
||||||
# for callers using model@endpoint elsewhere later.
|
|
||||||
for mid in raw_models:
|
|
||||||
mid = str(mid)
|
|
||||||
mid_slug = _model_slug(mid)
|
|
||||||
if not mid_slug:
|
|
||||||
continue
|
|
||||||
exact = mid.lower() == wanted.lower()
|
|
||||||
compact_match = wanted_slug in mid_slug or mid_slug in wanted_slug
|
|
||||||
token_match = bool(wanted_tokens) and all(tok in mid_slug for tok in wanted_tokens)
|
|
||||||
if exact or compact_match or token_match:
|
|
||||||
score = 3 if exact else (2 if compact_match else 1)
|
|
||||||
if not best or score > best[0]:
|
|
||||||
best = (score, ep.id, mid)
|
|
||||||
if best:
|
|
||||||
return {"endpoint_id": best[1], "model": best[2]}
|
|
||||||
return None
|
|
||||||
|
|
||||||
def _mask(k, v):
|
|
||||||
return "••••• (set in panel)" if _is_secret(k) and v else v
|
|
||||||
|
|
||||||
if action == "list":
|
|
||||||
s = load_settings()
|
|
||||||
shown = {k: _mask(k, v) for k, v in s.items() if k in DEFAULT_SETTINGS and not isinstance(v, dict)}
|
|
||||||
return {"response": f"{len(shown)} settings (use get/set with a key)", "settings": shown, "exit_code": 0}
|
|
||||||
|
|
||||||
elif action == "get":
|
|
||||||
key = _resolve(args.get("key", ""))
|
|
||||||
if not key:
|
|
||||||
return {"error": "key is required", "exit_code": 1}
|
|
||||||
if key not in DEFAULT_SETTINGS:
|
|
||||||
return {"error": f"Unknown setting '{args.get('key')}'. Use action='list' to see them.", "exit_code": 1}
|
|
||||||
val = load_settings().get(key, DEFAULT_SETTINGS.get(key))
|
|
||||||
return {"response": f"{key} = {_mask(key, val)}", "value": _mask(key, val), "exit_code": 0}
|
|
||||||
|
|
||||||
elif action == "set":
|
|
||||||
raw = args.get("key", "")
|
|
||||||
value = args.get("value")
|
|
||||||
if not raw:
|
|
||||||
return {"error": "key is required", "exit_code": 1}
|
|
||||||
key = _resolve(raw)
|
|
||||||
if key not in DEFAULT_SETTINGS:
|
|
||||||
return {"error": f"Unknown setting '{raw}'. Use action='list' to see available settings.", "exit_code": 1}
|
|
||||||
if _is_secret(key):
|
|
||||||
return {"response": f"'{key}' is a credential/secret. For security I can't set it from chat. Open Settings and set it there.", "exit_code": 0}
|
|
||||||
# Structured settings (dicts/lists like keybinds, default_model_fallbacks)
|
|
||||||
# have no safe scalar coercion; _coerce would pass a bare string
|
|
||||||
# straight through and clobber the structure. Refuse them here; they're
|
|
||||||
# edited in their dedicated panels. (reset/delete still restore the
|
|
||||||
# default structure, which is safe.)
|
|
||||||
if isinstance(DEFAULT_SETTINGS[key], (dict, list)):
|
|
||||||
return {"response": f"'{key}' is a structured setting. Edit it in its panel, not from chat. (You can reset it to default here.)", "exit_code": 0}
|
|
||||||
try:
|
|
||||||
value = _coerce(value, DEFAULT_SETTINGS[key])
|
|
||||||
except (ValueError, TypeError):
|
|
||||||
return {"error": f"'{value}' isn't a valid value for {key} (expected {type(DEFAULT_SETTINGS[key]).__name__}).", "exit_code": 1}
|
|
||||||
if key in _ENUMS and str(value).lower() not in _ENUMS[key]:
|
|
||||||
return {"error": f"{key} must be one of: {', '.join(_ENUMS[key])}.", "exit_code": 1}
|
|
||||||
s = load_settings()
|
|
||||||
s[key] = value
|
|
||||||
if key in {"default_model", "research_model", "utility_model", "task_model", "vision_model", "image_model"}:
|
|
||||||
resolved = _endpoint_model_from_cache(str(value))
|
|
||||||
if resolved:
|
|
||||||
prefix = key[:-6]
|
|
||||||
s[f"{prefix}_endpoint_id"] = resolved["endpoint_id"]
|
|
||||||
s[key] = resolved["model"]
|
|
||||||
value = resolved["model"]
|
|
||||||
save_settings(s)
|
|
||||||
if key.endswith("_model") and s.get(f"{key[:-6]}_endpoint_id"):
|
|
||||||
return {"response": f"Set {key} = {value} (endpoint {s.get(f'{key[:-6]}_endpoint_id')}).", "exit_code": 0}
|
|
||||||
return {"response": f"Set {key} = {value}.", "exit_code": 0}
|
|
||||||
|
|
||||||
elif action == "delete" or action == "reset":
|
|
||||||
key = _resolve(args.get("key", ""))
|
|
||||||
if key not in DEFAULT_SETTINGS:
|
|
||||||
return {"error": f"Unknown setting '{args.get('key')}'.", "exit_code": 1}
|
|
||||||
if _is_secret(key):
|
|
||||||
return {"response": f"'{key}' is a credential. Reset it in the panel.", "exit_code": 0}
|
|
||||||
s = load_settings()
|
|
||||||
s[key] = DEFAULT_SETTINGS[key]
|
|
||||||
save_settings(s)
|
|
||||||
return {"response": f"Reset {key} to default ({DEFAULT_SETTINGS[key]}).", "exit_code": 0}
|
|
||||||
|
|
||||||
elif action in ("disable_tool", "enable_tool", "list_tools"):
|
|
||||||
# Tool-toggle actions. These edit settings.json:disabled_tools
|
|
||||||
# (the global list read on every chat request) rather than
|
|
||||||
# prefs.json. Friendly aliases accepted: "shell" -> "bash",
|
|
||||||
# "search" -> "web_search", "browser" -> "builtin_browser",
|
|
||||||
# "documents" -> the document tool set, "memory" ->
|
|
||||||
# manage_memory, etc.
|
|
||||||
from src.settings import get_setting, save_settings, load_settings
|
|
||||||
_ALIASES = {
|
|
||||||
"shell": ["bash"],
|
|
||||||
"terminal": ["bash"],
|
|
||||||
"search": ["web_search", "web_fetch"],
|
|
||||||
"web": ["web_search", "web_fetch"],
|
|
||||||
"browser": ["builtin_browser"],
|
|
||||||
"documents": ["create_document", "edit_document", "update_document", "suggest_document"],
|
|
||||||
"doc": ["create_document", "edit_document", "update_document", "suggest_document"],
|
|
||||||
"memory": ["manage_memory"],
|
|
||||||
"skills": ["manage_skills"],
|
|
||||||
"images": ["generate_image"],
|
|
||||||
"image": ["generate_image"],
|
|
||||||
"tasks": ["manage_tasks"],
|
|
||||||
"notes": ["manage_notes"],
|
|
||||||
"calendar": ["manage_calendar"],
|
|
||||||
"email": ["mcp__email__list_emails", "mcp__email__read_email", "mcp__email__send_email"],
|
|
||||||
"research": ["web_search", "web_fetch"], # research is a per-request flag, not a tool (closest analog)
|
|
||||||
}
|
|
||||||
|
|
||||||
if action == "list_tools":
|
|
||||||
current = get_setting("disabled_tools", []) or []
|
|
||||||
return {
|
|
||||||
"response": (
|
|
||||||
f"Currently disabled: {', '.join(current) if current else '(none)'}.\n"
|
|
||||||
"Common toggles: shell (bash), search (web_search), browser, documents, "
|
|
||||||
"memory, skills, images, tasks, notes, calendar, email."
|
|
||||||
),
|
|
||||||
"disabled": list(current),
|
|
||||||
"exit_code": 0,
|
|
||||||
}
|
|
||||||
|
|
||||||
tool_name = (args.get("tool") or args.get("name") or "").strip().lower()
|
|
||||||
if not tool_name:
|
|
||||||
return {"error": "tool name required (e.g. 'shell', 'search', 'bash')", "exit_code": 1}
|
|
||||||
targets = _ALIASES.get(tool_name, [tool_name])
|
|
||||||
|
|
||||||
settings = load_settings()
|
|
||||||
current = list(settings.get("disabled_tools") or [])
|
|
||||||
before = set(current)
|
|
||||||
if action == "disable_tool":
|
|
||||||
for t in targets:
|
|
||||||
if t not in current:
|
|
||||||
current.append(t)
|
|
||||||
else: # enable_tool
|
|
||||||
current = [t for t in current if t not in targets]
|
|
||||||
after = set(current)
|
|
||||||
settings["disabled_tools"] = current
|
|
||||||
save_settings(settings)
|
|
||||||
|
|
||||||
verb = "Disabled" if action == "disable_tool" else "Enabled"
|
|
||||||
changed = sorted(after.symmetric_difference(before))
|
|
||||||
return {
|
|
||||||
"response": (
|
|
||||||
f"{verb} {tool_name} ({', '.join(targets)}). "
|
|
||||||
f"Now disabled: {', '.join(current) if current else '(none)'}."
|
|
||||||
),
|
|
||||||
"changed": changed,
|
|
||||||
"disabled": list(current),
|
|
||||||
"exit_code": 0,
|
|
||||||
}
|
|
||||||
|
|
||||||
else:
|
|
||||||
return {"error": f"Unknown action: {action}", "exit_code": 1}
|
|
||||||
except Exception as e:
|
|
||||||
logger.error(f"manage_settings error: {e}")
|
|
||||||
return {"error": str(e), "exit_code": 1}
|
|
||||||
finally:
|
|
||||||
db.close()
|
|
||||||
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
|
||||||
# API call tool
|
|
||||||
# ---------------------------------------------------------------------------
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# ── registry adapters ────────────────────────────────────────────────────────
|
|
||||||
def _owner_adapter(fn):
|
|
||||||
"""Wrap a do_*(content, owner) impl as a registry execute(content, ctx)."""
|
|
||||||
async def _execute(content: str, ctx: dict) -> dict:
|
|
||||||
return await fn(content, ctx.get("owner"))
|
|
||||||
return _execute
|
|
||||||
|
|
||||||
|
|
||||||
ADMIN_TOOL_HANDLERS = {
|
|
||||||
"manage_endpoints": _owner_adapter(do_manage_endpoints),
|
|
||||||
"manage_mcp": _owner_adapter(do_manage_mcp),
|
|
||||||
"manage_webhooks": _owner_adapter(do_manage_webhooks),
|
|
||||||
"manage_tokens": _owner_adapter(do_manage_tokens),
|
|
||||||
"manage_settings": _owner_adapter(do_manage_settings),
|
|
||||||
}
|
|
||||||
@@ -1,98 +0,0 @@
|
|||||||
"""Agent tool to inspect and control detached background `bash` jobs.
|
|
||||||
|
|
||||||
`bash` blocks prefixed with a `#!bg` marker run detached via `src.bg_jobs`; the
|
|
||||||
agent is auto-re-invoked with the output when they finish. This tool covers the
|
|
||||||
gaps in that flow: list the jobs in the current chat, read a still-running job's
|
|
||||||
output on demand, and kill a runaway job instead of waiting out its max-runtime.
|
|
||||||
|
|
||||||
Registry tool (`TOOL_HANDLERS["manage_bg_jobs"]`). Jobs are scoped to the chat
|
|
||||||
that launched them, so every action requires the caller's `session_id` and a job
|
|
||||||
from another session is treated as not found.
|
|
||||||
"""
|
|
||||||
|
|
||||||
import json
|
|
||||||
import time
|
|
||||||
from typing import Any, Dict, List
|
|
||||||
|
|
||||||
_LIST_ACTIONS = {"list", "ls", "jobs"}
|
|
||||||
_OUTPUT_ACTIONS = {"output", "get", "read", "tail", "status", "show"}
|
|
||||||
_KILL_ACTIONS = {"kill", "stop", "cancel", "terminate"}
|
|
||||||
|
|
||||||
|
|
||||||
def _age(rec: Dict[str, Any]) -> str:
|
|
||||||
start = rec.get("started_at")
|
|
||||||
if not start:
|
|
||||||
return "?"
|
|
||||||
secs = int(time.time() - start)
|
|
||||||
if secs < 60:
|
|
||||||
return f"{secs}s"
|
|
||||||
if secs < 3600:
|
|
||||||
return f"{secs // 60}m"
|
|
||||||
return f"{secs // 3600}h{(secs % 3600) // 60}m"
|
|
||||||
|
|
||||||
|
|
||||||
def _status_label(rec: Dict[str, Any]) -> str:
|
|
||||||
status = rec.get("status", "?")
|
|
||||||
if rec.get("killed"):
|
|
||||||
return "killed"
|
|
||||||
if rec.get("timed_out"):
|
|
||||||
return "timed out"
|
|
||||||
if rec.get("died"):
|
|
||||||
return "died"
|
|
||||||
if status in ("done", "failed"):
|
|
||||||
return f"{status} (exit {rec.get('exit_code')})"
|
|
||||||
return status
|
|
||||||
|
|
||||||
|
|
||||||
def _row(rec: Dict[str, Any]) -> str:
|
|
||||||
cmd = (rec.get("command") or "").strip().splitlines()[0][:80]
|
|
||||||
return f"[{rec.get('id')}] {_status_label(rec)} | {_age(rec)} | {cmd}"
|
|
||||||
|
|
||||||
|
|
||||||
class ManageBgJobsTool:
|
|
||||||
async def execute(self, content: str, ctx: dict) -> dict:
|
|
||||||
from src import bg_jobs
|
|
||||||
|
|
||||||
session_id = ctx.get("session_id")
|
|
||||||
raw = (content or "").strip()
|
|
||||||
try:
|
|
||||||
args = json.loads(raw) if raw else {}
|
|
||||||
except (ValueError, TypeError):
|
|
||||||
args = {}
|
|
||||||
if not isinstance(args, dict):
|
|
||||||
args = {}
|
|
||||||
action = str(args.get("action", "list")).strip().lower()
|
|
||||||
job_id = str(args.get("job_id") or args.get("id") or "").strip()
|
|
||||||
|
|
||||||
if not session_id:
|
|
||||||
return {"error": "manage_bg_jobs: no active chat session; background jobs are scoped to a chat.", "exit_code": 1}
|
|
||||||
|
|
||||||
if action in _LIST_ACTIONS:
|
|
||||||
jobs: List[Dict[str, Any]] = bg_jobs.list_for_session(session_id)
|
|
||||||
if not jobs:
|
|
||||||
return {"output": "No background jobs in this chat.", "exit_code": 0}
|
|
||||||
jobs.sort(key=lambda r: r.get("started_at") or 0, reverse=True)
|
|
||||||
lines = "\n".join(_row(r) for r in jobs)
|
|
||||||
return {"output": f"{len(jobs)} background job(s):\n{lines}", "exit_code": 0}
|
|
||||||
|
|
||||||
if action in _OUTPUT_ACTIONS or action in _KILL_ACTIONS:
|
|
||||||
if not job_id:
|
|
||||||
return {"error": f"manage_bg_jobs: action '{action}' requires a job_id (see action='list').", "exit_code": 1}
|
|
||||||
rec = bg_jobs.get(job_id)
|
|
||||||
# Scope: only the chat that launched a job may see or control it.
|
|
||||||
if rec is None or rec.get("session_id") != session_id:
|
|
||||||
return {"error": f"manage_bg_jobs: no background job '{job_id}' in this chat.", "exit_code": 1}
|
|
||||||
|
|
||||||
if action in _KILL_ACTIONS:
|
|
||||||
if rec.get("status") != "running":
|
|
||||||
return {"output": f"Job `{job_id}` already {_status_label(rec)}; nothing to kill.", "exit_code": 0}
|
|
||||||
killed = bg_jobs.kill(job_id)
|
|
||||||
return {"output": f"Killed background job `{job_id}` ({(killed or {}).get('command', '').splitlines()[0][:80]}).", "exit_code": 0}
|
|
||||||
|
|
||||||
out = rec.get("output") or "(no output yet)"
|
|
||||||
return {
|
|
||||||
"output": f"Job `{job_id}` [{_status_label(rec)}, {_age(rec)}]\nCommand: {rec.get('command')}\n\nOutput:\n{out}",
|
|
||||||
"exit_code": 0,
|
|
||||||
}
|
|
||||||
|
|
||||||
return {"error": f"manage_bg_jobs: unknown action '{action}'. Use list, output, or kill.", "exit_code": 1}
|
|
||||||
@@ -1,8 +1,8 @@
|
|||||||
from typing import Any, Dict, List, Optional
|
from typing import Any, Dict, List, Optional
|
||||||
import logging
|
import logging
|
||||||
import re
|
import re
|
||||||
|
import json
|
||||||
from src.constants import MAX_READ_CHARS
|
from src.constants import MAX_READ_CHARS
|
||||||
from src.tool_utils import _parse_tool_args
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
@@ -154,6 +154,38 @@ def _coerce_email_document_content(existing: str, incoming: str) -> str:
|
|||||||
body = new
|
body = new
|
||||||
return header.rstrip() + "\n---\n" + body
|
return header.rstrip() + "\n---\n" + body
|
||||||
|
|
||||||
|
def _parse_tool_args(content):
|
||||||
|
"""Parse a tool-call argument blob.
|
||||||
|
|
||||||
|
Accepts either a JSON string or an already-decoded dict. Unwraps the
|
||||||
|
common `{"body": {...}}` envelope that smaller models emit when they
|
||||||
|
read tool descriptions like "Body is JSON: {...}" literally — they
|
||||||
|
pass `body` as a field name rather than treating it as a noun.
|
||||||
|
|
||||||
|
Returns a dict on success, raises ValueError on bad JSON.
|
||||||
|
"""
|
||||||
|
if isinstance(content, str):
|
||||||
|
try:
|
||||||
|
args = json.loads(content) if content.strip() else {}
|
||||||
|
except (json.JSONDecodeError, TypeError) as e:
|
||||||
|
raise ValueError(str(e))
|
||||||
|
elif isinstance(content, dict):
|
||||||
|
args = content
|
||||||
|
else:
|
||||||
|
args = {}
|
||||||
|
# Unwrap {"body": {...}} envelope — but only if `body` is the sole key
|
||||||
|
# and points at a dict. We don't want to clobber a legitimate `body`
|
||||||
|
# field on tools where it's a real arg (e.g. send_email body text).
|
||||||
|
if (
|
||||||
|
isinstance(args, dict)
|
||||||
|
and len(args) == 1
|
||||||
|
and "body" in args
|
||||||
|
and isinstance(args["body"], dict)
|
||||||
|
and "action" in args["body"] # extra safety: only unwrap if the inner dict looks like a tool call
|
||||||
|
):
|
||||||
|
args = args["body"]
|
||||||
|
return args
|
||||||
|
|
||||||
def parse_edit_blocks(content: str) -> list:
|
def parse_edit_blocks(content: str) -> list:
|
||||||
"""Parse <<<FIND>>>...<<<REPLACE>>>...<<<END>>> blocks."""
|
"""Parse <<<FIND>>>...<<<REPLACE>>>...<<<END>>> blocks."""
|
||||||
edits = []
|
edits = []
|
||||||
@@ -564,20 +596,9 @@ class ManageDocumentTool:
|
|||||||
if not doc:
|
if not doc:
|
||||||
return {"error": f"Document '{doc_id}' not found", "exit_code": 1}
|
return {"error": f"Document '{doc_id}' not found", "exit_code": 1}
|
||||||
body = doc.current_content or ""
|
body = doc.current_content or ""
|
||||||
try:
|
preview_limit = int(args.get("limit", MAX_READ_CHARS))
|
||||||
preview_limit = max(1, min(int(args.get("limit", MAX_READ_CHARS)), MAX_READ_CHARS))
|
truncated = len(body) > preview_limit
|
||||||
except (TypeError, ValueError):
|
preview = body[:preview_limit] + (f"\n... (truncated, {len(body)} chars total)" if truncated else "")
|
||||||
preview_limit = MAX_READ_CHARS
|
|
||||||
try:
|
|
||||||
offset = max(0, int(args.get("offset", 0) or 0))
|
|
||||||
except (TypeError, ValueError):
|
|
||||||
offset = 0
|
|
||||||
offset = min(offset, len(body))
|
|
||||||
end = min(offset + preview_limit, len(body))
|
|
||||||
truncated = end < len(body)
|
|
||||||
preview = body[offset:end]
|
|
||||||
if truncated:
|
|
||||||
preview += f"\n... (truncated, {len(body)} chars total; next_offset={end})"
|
|
||||||
anchor = f"[{doc.title}](#document-{doc.id})"
|
anchor = f"[{doc.title}](#document-{doc.id})"
|
||||||
return {
|
return {
|
||||||
"response": f"{anchor} — click to open in editor.\n\n```{doc.language or ''}\n{preview}\n```",
|
"response": f"{anchor} — click to open in editor.\n\n```{doc.language or ''}\n{preview}\n```",
|
||||||
@@ -588,8 +609,6 @@ class ManageDocumentTool:
|
|||||||
"size": len(body),
|
"size": len(body),
|
||||||
"content": preview,
|
"content": preview,
|
||||||
"truncated": truncated,
|
"truncated": truncated,
|
||||||
"offset": offset,
|
|
||||||
"next_offset": end if truncated else None,
|
|
||||||
},
|
},
|
||||||
"exit_code": 0,
|
"exit_code": 0,
|
||||||
}
|
}
|
||||||
@@ -622,4 +641,4 @@ class ManageDocumentTool:
|
|||||||
logger.error(f"manage_documents error: {e}")
|
logger.error(f"manage_documents error: {e}")
|
||||||
return {"error": str(e), "exit_code": 1}
|
return {"error": str(e), "exit_code": 1}
|
||||||
finally:
|
finally:
|
||||||
db.close()
|
db.close()
|
||||||
@@ -1,7 +1,6 @@
|
|||||||
import asyncio
|
import asyncio
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
import re
|
|
||||||
import difflib
|
import difflib
|
||||||
import fnmatch
|
import fnmatch
|
||||||
import shutil
|
import shutil
|
||||||
@@ -17,31 +16,6 @@ _CODENAV_SKIP_DIRS = frozenset({
|
|||||||
_CODENAV_MAX_HITS = 200
|
_CODENAV_MAX_HITS = 200
|
||||||
_CODENAV_MAX_LINE = 400
|
_CODENAV_MAX_LINE = 400
|
||||||
|
|
||||||
|
|
||||||
def _glob_to_regex(pat: str) -> "re.Pattern":
|
|
||||||
"""Translate a forward-slash glob (**, *, ?) into a compiled regex.
|
|
||||||
`**/` matches zero or more complete directories.
|
|
||||||
`*` matches within a single path segment (does not cross /).
|
|
||||||
"""
|
|
||||||
i, n, out = 0, len(pat), []
|
|
||||||
while i < n:
|
|
||||||
if pat[i : i + 3] == "**/":
|
|
||||||
out.append("(?:[^/]+/)*")
|
|
||||||
i += 3
|
|
||||||
elif pat[i : i + 2] == "**":
|
|
||||||
out.append(".*")
|
|
||||||
i += 2
|
|
||||||
elif pat[i] == "*":
|
|
||||||
out.append("[^/]*")
|
|
||||||
i += 1
|
|
||||||
elif pat[i] == "?":
|
|
||||||
out.append("[^/]")
|
|
||||||
i += 1
|
|
||||||
else:
|
|
||||||
out.append(re.escape(pat[i]))
|
|
||||||
i += 1
|
|
||||||
return re.compile("".join(out))
|
|
||||||
|
|
||||||
def _unified_diff(old: str, new: str, path: str) -> Optional[Dict[str, Any]]:
|
def _unified_diff(old: str, new: str, path: str) -> Optional[Dict[str, Any]]:
|
||||||
if old == new:
|
if old == new:
|
||||||
return None
|
return None
|
||||||
@@ -285,38 +259,23 @@ class GlobTool:
|
|||||||
return {"error": f"glob: {e}", "exit_code": 1}
|
return {"error": f"glob: {e}", "exit_code": 1}
|
||||||
|
|
||||||
def _glob():
|
def _glob():
|
||||||
base = os.path.abspath(root)
|
from pathlib import Path
|
||||||
if not os.path.isdir(base):
|
base = Path(root)
|
||||||
|
if not base.is_dir():
|
||||||
return None, f"glob: {root}: not a directory"
|
return None, f"glob: {root}: not a directory"
|
||||||
norm_pat = pattern.replace("\\", "/")
|
|
||||||
# Fast path: literal pattern (no wildcards) → direct path lookup.
|
|
||||||
if not any(c in norm_pat for c in "*?["):
|
|
||||||
cand = os.path.normpath(os.path.join(base, norm_pat))
|
|
||||||
if os.path.exists(cand):
|
|
||||||
return [cand], None
|
|
||||||
# Literal not at exact path — fall through to walk so
|
|
||||||
# e.g. "foo.py" still matches at any depth (like rglob).
|
|
||||||
# Compile glob to regex: * stays within one segment, **/ spans dirs.
|
|
||||||
regex = _glob_to_regex(norm_pat)
|
|
||||||
matched = []
|
matched = []
|
||||||
cap = _CODENAV_MAX_HITS * 5
|
|
||||||
try:
|
try:
|
||||||
for dp, dns, fns in os.walk(base):
|
for p in base.rglob(pattern):
|
||||||
# Prune skipped dirs before descending (unlike rglob which
|
if set(p.relative_to(base).parts) & _CODENAV_SKIP_DIRS:
|
||||||
# descends first then filters — fatal on large node_modules).
|
continue
|
||||||
dns[:] = [d for d in dns if d not in _CODENAV_SKIP_DIRS]
|
try:
|
||||||
for name in fns + dns:
|
mtime = p.stat().st_mtime
|
||||||
full = os.path.join(dp, name)
|
except OSError:
|
||||||
rel = os.path.relpath(full, base).replace(os.sep, "/")
|
mtime = 0
|
||||||
if regex.fullmatch(rel) or regex.fullmatch(name):
|
matched.append((mtime, str(p)))
|
||||||
try:
|
if len(matched) > _CODENAV_MAX_HITS * 5:
|
||||||
mtime = os.stat(full).st_mtime
|
|
||||||
except OSError:
|
|
||||||
mtime = 0
|
|
||||||
matched.append((mtime, full))
|
|
||||||
if len(matched) > cap:
|
|
||||||
break
|
break
|
||||||
except OSError as _e:
|
except (OSError, ValueError) as _e:
|
||||||
return None, f"glob: {_e}"
|
return None, f"glob: {_e}"
|
||||||
matched.sort(key=lambda t: t[0], reverse=True)
|
matched.sort(key=lambda t: t[0], reverse=True)
|
||||||
return [pth for _, pth in matched[:_CODENAV_MAX_HITS]], None
|
return [pth for _, pth in matched[:_CODENAV_MAX_HITS]], None
|
||||||
|
|||||||
@@ -1,95 +0,0 @@
|
|||||||
import json
|
|
||||||
import logging
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
|
||||||
|
|
||||||
class AskUserTool:
|
|
||||||
async def execute(self, content, ctx):
|
|
||||||
"""
|
|
||||||
ask_user: the agent poses a multiple-choice question to the user to get a
|
|
||||||
decision/clarification. This is a pure UI-control marker — no subprocess,
|
|
||||||
no filesystem. It returns an `ask_user` payload that the agent loop turns
|
|
||||||
into an `ask_user` SSE event and then ENDS the turn, so the chat waits for
|
|
||||||
the user's selection (their choice arrives as the next message).
|
|
||||||
"""
|
|
||||||
question, options, multi = "", [], False
|
|
||||||
raw = (content or "").strip()
|
|
||||||
try:
|
|
||||||
parsed = json.loads(raw) if raw else {}
|
|
||||||
except (ValueError, TypeError):
|
|
||||||
parsed = {}
|
|
||||||
|
|
||||||
if isinstance(parsed, dict):
|
|
||||||
question = str(parsed.get("question", "")).strip()
|
|
||||||
multi = bool(parsed.get("multi") or parsed.get("multiSelect"))
|
|
||||||
for opt in (parsed.get("options") or []):
|
|
||||||
if isinstance(opt, dict):
|
|
||||||
label = str(opt.get("label", "")).strip()
|
|
||||||
descr = str(opt.get("description", "")).strip()
|
|
||||||
elif isinstance(opt, str):
|
|
||||||
label, descr = opt.strip(), ""
|
|
||||||
else:
|
|
||||||
continue
|
|
||||||
if label:
|
|
||||||
options.append({"label": label, "description": descr})
|
|
||||||
else:
|
|
||||||
question = raw
|
|
||||||
|
|
||||||
if not question or len(options) < 2:
|
|
||||||
return "ask_user: invalid", {
|
|
||||||
"error": (
|
|
||||||
"ask_user needs a non-empty `question` and at least 2 `options` "
|
|
||||||
"(each an object with a `label`, optional `description`)."
|
|
||||||
),
|
|
||||||
"exit_code": 1,
|
|
||||||
}
|
|
||||||
|
|
||||||
options = options[:6] # keep the choice list sane
|
|
||||||
desc = f"ask_user: {question[:80]}"
|
|
||||||
labels = ", ".join(o["label"] for o in options)
|
|
||||||
result = {
|
|
||||||
"ask_user": {"question": question, "options": options, "multi": multi},
|
|
||||||
"output": f"Asked the user: {question}\nOptions: {labels}\nAwaiting their selection.",
|
|
||||||
"exit_code": 0,
|
|
||||||
}
|
|
||||||
logger.info("Tool executed: %s (%d options, multi=%s)", desc, len(options), multi)
|
|
||||||
return desc, result
|
|
||||||
|
|
||||||
class UpdatePlanTool:
|
|
||||||
async def execute(self, content, ctx):
|
|
||||||
"""
|
|
||||||
update_plan: the agent writes back to the active plan — tick an item done
|
|
||||||
or revise steps (e.g. when the user asks to change something). Pure UI
|
|
||||||
marker: returns a `plan_update` payload the agent loop turns into a
|
|
||||||
`plan_update` SSE event; the frontend replaces the stored plan and refreshes
|
|
||||||
the docked plan window. Does NOT end the turn.
|
|
||||||
"""
|
|
||||||
raw = (content or "").strip()
|
|
||||||
plan = ""
|
|
||||||
try:
|
|
||||||
parsed = json.loads(raw) if raw else {}
|
|
||||||
except (ValueError, TypeError):
|
|
||||||
parsed = {}
|
|
||||||
|
|
||||||
if isinstance(parsed, dict) and parsed.get("plan"):
|
|
||||||
plan = str(parsed.get("plan", "")).strip()
|
|
||||||
else:
|
|
||||||
plan = raw
|
|
||||||
|
|
||||||
if not plan:
|
|
||||||
return "update_plan: invalid", {
|
|
||||||
"error": "update_plan needs a non-empty `plan` (the full updated checklist as markdown).",
|
|
||||||
"exit_code": 1,
|
|
||||||
}
|
|
||||||
|
|
||||||
plan = plan[:8192]
|
|
||||||
done = plan.count("- [x]") + plan.count("- [X]")
|
|
||||||
total = done + plan.count("- [ ]")
|
|
||||||
desc = f"update_plan: {done}/{total} done" if total else "update_plan"
|
|
||||||
result = {
|
|
||||||
"plan_update": {"plan": plan},
|
|
||||||
"output": f"Plan updated ({done}/{total} steps complete)." if total else "Plan updated.",
|
|
||||||
"exit_code": 0,
|
|
||||||
}
|
|
||||||
logger.info("Tool executed: %s", desc)
|
|
||||||
return desc, result
|
|
||||||
@@ -1,209 +0,0 @@
|
|||||||
"""model_interaction_tools.py - agent tools for talking to other models.
|
|
||||||
|
|
||||||
Owns the model-interaction tool implementations (chat_with_model, ask_teacher,
|
|
||||||
list_models) and their handler classes, registered in ``TOOL_HANDLERS``. Part
|
|
||||||
of the tool -> registry migration (#3629): the implementations were moved here
|
|
||||||
out of ``src.ai_interaction`` so dispatch flows through the registry instead of
|
|
||||||
the elif chain / dispatch_ai_tool in tool_execution.py.
|
|
||||||
|
|
||||||
Shared helpers that still live in ``src.ai_interaction`` and are used by tools
|
|
||||||
not yet migrated (``_resolve_model``, ``AI_CHAT_TIMEOUT``) are imported lazily
|
|
||||||
inside the functions to avoid an import cycle at module load.
|
|
||||||
"""
|
|
||||||
import asyncio
|
|
||||||
import logging
|
|
||||||
from typing import Dict, Optional
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
|
||||||
|
|
||||||
|
|
||||||
_TEACHER_SYSTEM_PROMPT = (
|
|
||||||
"You are a senior AI mentor. A less capable model is stuck on a problem and asking for help. "
|
|
||||||
"Provide clear, actionable guidance:\n"
|
|
||||||
"1. Brief analysis of the problem\n"
|
|
||||||
"2. Recommended approach (step by step)\n"
|
|
||||||
"3. Key things to watch out for\n\n"
|
|
||||||
"Be concise and practical. No preamble."
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
async def chat_with_model(content: str, session_id: Optional[str] = None, owner: Optional[str] = None) -> Dict:
|
|
||||||
"""Send a message to a specific model and return its response.
|
|
||||||
|
|
||||||
Content format:
|
|
||||||
Line 1: model_name (or model_name@endpoint_name)
|
|
||||||
Line 2+: the message to send
|
|
||||||
"""
|
|
||||||
from src.ai_interaction import _resolve_model, AI_CHAT_TIMEOUT
|
|
||||||
from src.llm_core import llm_call_async
|
|
||||||
|
|
||||||
lines = content.strip().split("\n", 1)
|
|
||||||
if not lines or not lines[0].strip():
|
|
||||||
return {"error": "First line must be the model name"}
|
|
||||||
|
|
||||||
model_spec = lines[0].strip()
|
|
||||||
message = lines[1].strip() if len(lines) > 1 else ""
|
|
||||||
if not message:
|
|
||||||
return {"error": "No message provided (line 2+ is the message)"}
|
|
||||||
|
|
||||||
try:
|
|
||||||
url, model, headers = await asyncio.to_thread(_resolve_model, model_spec, owner=owner)
|
|
||||||
except ValueError as e:
|
|
||||||
return {"error": str(e)}
|
|
||||||
|
|
||||||
try:
|
|
||||||
response = await llm_call_async(
|
|
||||||
url, model,
|
|
||||||
[{"role": "user", "content": message}],
|
|
||||||
headers=headers,
|
|
||||||
timeout=AI_CHAT_TIMEOUT,
|
|
||||||
)
|
|
||||||
# Truncate very long responses
|
|
||||||
if len(response) > 10000:
|
|
||||||
response = response[:10000] + "\n... (truncated)"
|
|
||||||
return {"model": model, "response": response}
|
|
||||||
except Exception as e:
|
|
||||||
logger.error(f"chat_with_model failed: {e}")
|
|
||||||
return {"error": f"Failed to get response from {model_spec}: {e}"}
|
|
||||||
|
|
||||||
|
|
||||||
async def ask_teacher(content: str, session_id: Optional[str] = None, owner: Optional[str] = None) -> Dict:
|
|
||||||
"""Ask a more capable model for help.
|
|
||||||
|
|
||||||
Content format:
|
|
||||||
Line 1: model_name (or 'auto')
|
|
||||||
Line 2+: the problem description
|
|
||||||
"""
|
|
||||||
from src.ai_interaction import _resolve_model, AI_CHAT_TIMEOUT
|
|
||||||
from src.llm_core import llm_call_async
|
|
||||||
from src.settings import get_setting
|
|
||||||
|
|
||||||
lines = content.strip().split("\n", 1)
|
|
||||||
model_spec = lines[0].strip() if lines else "auto"
|
|
||||||
problem = lines[1].strip() if len(lines) > 1 else ""
|
|
||||||
|
|
||||||
if not problem:
|
|
||||||
return {"error": "No problem description provided"}
|
|
||||||
|
|
||||||
if model_spec.lower() in ("auto", ""):
|
|
||||||
model_spec = get_setting("teacher_model", "")
|
|
||||||
if not model_spec:
|
|
||||||
return {"error": "No teacher model configured. Specify a model name or set teacher_model in settings."}
|
|
||||||
|
|
||||||
try:
|
|
||||||
url, model, headers = await asyncio.to_thread(_resolve_model, model_spec, owner=owner)
|
|
||||||
except ValueError as e:
|
|
||||||
return {"error": str(e)}
|
|
||||||
|
|
||||||
try:
|
|
||||||
response = await llm_call_async(
|
|
||||||
url, model,
|
|
||||||
[
|
|
||||||
{"role": "system", "content": _TEACHER_SYSTEM_PROMPT},
|
|
||||||
{"role": "user", "content": f"Problem:\n{problem}"},
|
|
||||||
],
|
|
||||||
headers=headers,
|
|
||||||
timeout=AI_CHAT_TIMEOUT,
|
|
||||||
)
|
|
||||||
if len(response) > 8000:
|
|
||||||
response = response[:8000] + "\n... (truncated)"
|
|
||||||
return {"model": model, "response": response, "teacher": True}
|
|
||||||
except Exception as e:
|
|
||||||
logger.error(f"ask_teacher failed: {e}")
|
|
||||||
return {"error": f"Teacher call failed ({model_spec}): {e}"}
|
|
||||||
|
|
||||||
|
|
||||||
async def list_models(content: str, session_id: Optional[str] = None, owner: Optional[str] = None) -> Dict:
|
|
||||||
"""List all available models across configured endpoints.
|
|
||||||
|
|
||||||
Content = optional filter keyword.
|
|
||||||
"""
|
|
||||||
import json
|
|
||||||
import httpx
|
|
||||||
from src.database import SessionLocal, ModelEndpoint
|
|
||||||
from src.llm_core import _detect_provider, ANTHROPIC_MODELS
|
|
||||||
from src.auth_helpers import owner_filter
|
|
||||||
from src.endpoint_resolver import resolve_endpoint_runtime, build_headers, build_models_url
|
|
||||||
|
|
||||||
keyword = content.strip().lower() if content.strip() else None
|
|
||||||
|
|
||||||
db = SessionLocal()
|
|
||||||
try:
|
|
||||||
query = db.query(ModelEndpoint).filter(ModelEndpoint.is_enabled == True)
|
|
||||||
if owner:
|
|
||||||
query = owner_filter(query, ModelEndpoint, owner)
|
|
||||||
endpoints = query.all()
|
|
||||||
if not endpoints:
|
|
||||||
return {"results": "No enabled model endpoints configured."}
|
|
||||||
|
|
||||||
result_lines = []
|
|
||||||
total_models = 0
|
|
||||||
|
|
||||||
for ep in endpoints:
|
|
||||||
try:
|
|
||||||
base, api_key = resolve_endpoint_runtime(ep, owner=owner)
|
|
||||||
except Exception:
|
|
||||||
continue
|
|
||||||
provider = _detect_provider(base)
|
|
||||||
headers = build_headers(api_key, base)
|
|
||||||
|
|
||||||
model_ids = []
|
|
||||||
if provider == "anthropic":
|
|
||||||
model_ids = list(ANTHROPIC_MODELS)
|
|
||||||
else:
|
|
||||||
try:
|
|
||||||
models_url = build_models_url(base)
|
|
||||||
if models_url:
|
|
||||||
r = httpx.get(models_url, headers=headers, timeout=5)
|
|
||||||
r.raise_for_status()
|
|
||||||
data = r.json()
|
|
||||||
model_ids = [m.get("id") for m in (data.get("data") or []) if m.get("id")]
|
|
||||||
if not model_ids:
|
|
||||||
model_ids = [
|
|
||||||
m.get("name") or m.get("model")
|
|
||||||
for m in (data.get("models") or [])
|
|
||||||
if m.get("name") or m.get("model")
|
|
||||||
]
|
|
||||||
else:
|
|
||||||
model_ids = json.loads(ep.cached_models or "[]")
|
|
||||||
except Exception:
|
|
||||||
model_ids = ["(endpoint offline)"]
|
|
||||||
|
|
||||||
if keyword:
|
|
||||||
model_ids = [m for m in model_ids if keyword in m.lower() or keyword in (ep.name or "").lower()]
|
|
||||||
|
|
||||||
if model_ids:
|
|
||||||
result_lines.append(f"\n**{ep.name or base}** ({provider}):")
|
|
||||||
for mid in model_ids:
|
|
||||||
result_lines.append(f" - `{mid}`")
|
|
||||||
total_models += 1
|
|
||||||
|
|
||||||
if not result_lines:
|
|
||||||
return {"results": "No models found" + (f" matching '{keyword}'" if keyword else "") + "."}
|
|
||||||
|
|
||||||
header = f"Available models ({total_models} total):"
|
|
||||||
return {"results": header + "\n".join(result_lines)}
|
|
||||||
except Exception as e:
|
|
||||||
logger.error(f"list_models failed: {e}")
|
|
||||||
return {"error": str(e)}
|
|
||||||
finally:
|
|
||||||
db.close()
|
|
||||||
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
|
||||||
# Handler classes registered in TOOL_HANDLERS
|
|
||||||
# ---------------------------------------------------------------------------
|
|
||||||
|
|
||||||
class ChatWithModelTool:
|
|
||||||
async def execute(self, content: str, ctx: dict) -> Dict:
|
|
||||||
return await chat_with_model(content, ctx.get("session_id"), owner=ctx.get("owner"))
|
|
||||||
|
|
||||||
|
|
||||||
class AskTeacherTool:
|
|
||||||
async def execute(self, content: str, ctx: dict) -> Dict:
|
|
||||||
return await ask_teacher(content, ctx.get("session_id"), owner=ctx.get("owner"))
|
|
||||||
|
|
||||||
|
|
||||||
class ListModelsTool:
|
|
||||||
async def execute(self, content: str, ctx: dict) -> Dict:
|
|
||||||
return await list_models(content, ctx.get("session_id"), owner=ctx.get("owner"))
|
|
||||||
@@ -1,465 +0,0 @@
|
|||||||
"""session_tools.py - agent tools for AI-to-AI session management.
|
|
||||||
|
|
||||||
Owns create_session, list_sessions, send_to_session and manage_session, moved
|
|
||||||
out of src.ai_interaction as part of the tool -> registry migration (#3629), and
|
|
||||||
their handler classes registered in TOOL_HANDLERS.
|
|
||||||
|
|
||||||
The session manager is a runtime-set singleton in src.ai_interaction, so each
|
|
||||||
function fetches it via get_session_manager() (imported here); _resolve_model and
|
|
||||||
AI_CHAT_TIMEOUT are reused from there too.
|
|
||||||
"""
|
|
||||||
import asyncio
|
|
||||||
import json
|
|
||||||
import logging
|
|
||||||
import uuid
|
|
||||||
from typing import Dict, Optional
|
|
||||||
|
|
||||||
from src.ai_interaction import get_session_manager, _resolve_model, AI_CHAT_TIMEOUT
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
|
||||||
|
|
||||||
|
|
||||||
async def create_session(content: str, session_id: Optional[str] = None, owner: Optional[str] = None) -> Dict:
|
|
||||||
"""Create a new chat session.
|
|
||||||
|
|
||||||
Content format:
|
|
||||||
Line 1: session name
|
|
||||||
Line 2: model_name (or model_name@endpoint_name)
|
|
||||||
"""
|
|
||||||
_session_manager = get_session_manager()
|
|
||||||
if not _session_manager:
|
|
||||||
return {"error": "Session manager not available"}
|
|
||||||
|
|
||||||
lines = content.strip().split("\n")
|
|
||||||
if len(lines) < 2:
|
|
||||||
return {"error": "Need 2 lines: session name, then model spec"}
|
|
||||||
|
|
||||||
name = lines[0].strip()
|
|
||||||
model_spec = lines[1].strip()
|
|
||||||
|
|
||||||
if not name:
|
|
||||||
return {"error": "Session name cannot be empty"}
|
|
||||||
|
|
||||||
try:
|
|
||||||
url, model, headers = await asyncio.to_thread(_resolve_model, model_spec, owner=owner)
|
|
||||||
except ValueError as e:
|
|
||||||
return {"error": str(e)}
|
|
||||||
|
|
||||||
sid = str(uuid.uuid4())[:8]
|
|
||||||
try:
|
|
||||||
_session_manager.create_session(
|
|
||||||
session_id=sid,
|
|
||||||
name=name,
|
|
||||||
endpoint_url=url,
|
|
||||||
model=model,
|
|
||||||
rag=False,
|
|
||||||
owner=owner,
|
|
||||||
)
|
|
||||||
# Store headers on session for future calls
|
|
||||||
sess = _session_manager.get_session(sid)
|
|
||||||
if sess and headers:
|
|
||||||
sess.headers = headers
|
|
||||||
try:
|
|
||||||
from src.event_bus import fire_event
|
|
||||||
fire_event("session_created", owner)
|
|
||||||
except Exception:
|
|
||||||
logger.debug("session_created event dispatch failed", exc_info=True)
|
|
||||||
|
|
||||||
return {"session_id": sid, "name": name, "model": model, "endpoint_url": url}
|
|
||||||
except Exception as e:
|
|
||||||
logger.error(f"create_session failed: {e}")
|
|
||||||
return {"error": f"Failed to create session: {e}"}
|
|
||||||
|
|
||||||
async def list_sessions(content: str, session_id: Optional[str] = None, owner: Optional[str] = None) -> Dict:
|
|
||||||
"""List sessions sorted by most-recently-active first.
|
|
||||||
|
|
||||||
Output includes a relative "last active" timestamp per row so the
|
|
||||||
agent can answer "open my last chat" without guessing from titles.
|
|
||||||
The most-recent session is always first in the list.
|
|
||||||
|
|
||||||
Content = optional filter keyword (matches session name).
|
|
||||||
"""
|
|
||||||
_session_manager = get_session_manager()
|
|
||||||
if not _session_manager:
|
|
||||||
return {"error": "Session manager not available"}
|
|
||||||
|
|
||||||
keyword = content.strip().lower() if content.strip() else None
|
|
||||||
|
|
||||||
try:
|
|
||||||
from core.database import SessionLocal, Session as DbSession
|
|
||||||
from datetime import datetime, timezone
|
|
||||||
|
|
||||||
# Pull every session's last_accessed from the DB so we can sort
|
|
||||||
# by recency. In-memory sessions hold name + model + msg_count;
|
|
||||||
# the DB row holds the timestamps.
|
|
||||||
db = SessionLocal()
|
|
||||||
try:
|
|
||||||
db_rows = {r.id: r for r in db.query(DbSession).all()}
|
|
||||||
finally:
|
|
||||||
db.close()
|
|
||||||
|
|
||||||
# SECURITY: scope to the caller's sessions. Passing None returned
|
|
||||||
# every user's sessions, which the agent tool then exposed via the
|
|
||||||
# "list my chats" reply.
|
|
||||||
sessions = _session_manager.get_sessions_for_user(owner)
|
|
||||||
rows = []
|
|
||||||
for sid, sess in sessions.items():
|
|
||||||
if keyword and keyword not in (sess.name or "").lower():
|
|
||||||
continue
|
|
||||||
db_row = db_rows.get(sid)
|
|
||||||
# Prefer last_accessed; fall back to updated_at, then created_at.
|
|
||||||
ts = None
|
|
||||||
if db_row:
|
|
||||||
ts = getattr(db_row, 'last_accessed', None) or getattr(db_row, 'updated_at', None) or getattr(db_row, 'created_at', None)
|
|
||||||
rows.append((ts, sid, sess))
|
|
||||||
|
|
||||||
# Sort by timestamp DESC; rows without a timestamp sink to the bottom.
|
|
||||||
rows.sort(key=lambda r: r[0] or datetime.min, reverse=True)
|
|
||||||
|
|
||||||
def _rel(ts):
|
|
||||||
if not ts:
|
|
||||||
return 'never'
|
|
||||||
now = datetime.utcnow()
|
|
||||||
try:
|
|
||||||
if ts.tzinfo is not None:
|
|
||||||
now = datetime.now(timezone.utc)
|
|
||||||
diff = (now - ts).total_seconds()
|
|
||||||
except Exception:
|
|
||||||
return 'unknown'
|
|
||||||
if diff < 60: return 'just now'
|
|
||||||
if diff < 3600: return f'{int(diff / 60)}m ago'
|
|
||||||
if diff < 86400: return f'{int(diff / 3600)}h ago'
|
|
||||||
if diff < 86400 * 7: return f'{int(diff / 86400)}d ago'
|
|
||||||
return ts.strftime('%Y-%m-%d')
|
|
||||||
|
|
||||||
lines = []
|
|
||||||
for i, (ts, sid, sess) in enumerate(rows):
|
|
||||||
if i >= 50:
|
|
||||||
lines.append(f"... and {len(rows) - 50} more (showing first 50)")
|
|
||||||
break
|
|
||||||
safe_name = (sess.name or "Untitled").replace("[", "\\[").replace("]", "\\]")
|
|
||||||
msg_count = getattr(sess, "message_count", 0) or 0
|
|
||||||
model = getattr(sess, "model", "unknown")
|
|
||||||
marker = " ← most recent" if i == 0 else ""
|
|
||||||
lines.append(f"- **[{safe_name}](#session-{sid})** (id: `{sid}`, model: {model}, {msg_count} msgs, last active {_rel(ts)}){marker}")
|
|
||||||
|
|
||||||
if not lines:
|
|
||||||
return {"results": "No sessions found" + (f" matching '{keyword}'" if keyword else "") + "."}
|
|
||||||
|
|
||||||
return {
|
|
||||||
"results": (
|
|
||||||
f"Found {len(rows)} session(s), sorted most-recent first:\n"
|
|
||||||
+ "\n".join(lines)
|
|
||||||
+ "\n\nAssistant: when replying to the user, preserve the chat-title markdown links exactly as shown, e.g. `[Chat](#session-id)`. Do not rewrite this as a plain, non-clickable table."
|
|
||||||
)
|
|
||||||
}
|
|
||||||
except Exception as e:
|
|
||||||
logger.error(f"list_sessions failed: {e}")
|
|
||||||
return {"error": str(e)}
|
|
||||||
|
|
||||||
async def send_to_session(content: str, session_id: Optional[str] = None, owner: Optional[str] = None) -> Dict:
|
|
||||||
"""Send a message to an existing session and get a response.
|
|
||||||
|
|
||||||
Content format:
|
|
||||||
Line 1: session_id
|
|
||||||
Line 2+: message
|
|
||||||
"""
|
|
||||||
_session_manager = get_session_manager()
|
|
||||||
from src.llm_core import llm_call_async
|
|
||||||
from core.models import ChatMessage
|
|
||||||
|
|
||||||
if not _session_manager:
|
|
||||||
return {"error": "Session manager not available"}
|
|
||||||
|
|
||||||
lines = content.strip().split("\n", 1)
|
|
||||||
if len(lines) < 2:
|
|
||||||
return {"error": "Need 2 lines: session_id, then message"}
|
|
||||||
|
|
||||||
target_sid = lines[0].strip()
|
|
||||||
message = lines[1].strip()
|
|
||||||
|
|
||||||
sess = _session_manager.get_session(target_sid)
|
|
||||||
if not sess:
|
|
||||||
return {"error": f"Session '{target_sid}' not found"}
|
|
||||||
|
|
||||||
# Owner-scope: reject access to another user's session
|
|
||||||
if owner and getattr(sess, "owner", None) and sess.owner != owner:
|
|
||||||
return {"error": f"Session '{target_sid}' not found"}
|
|
||||||
|
|
||||||
if not message:
|
|
||||||
return {"error": "No message provided"}
|
|
||||||
|
|
||||||
try:
|
|
||||||
# Build context from session history
|
|
||||||
context = sess.get_context_messages()
|
|
||||||
context.append({"role": "user", "content": message})
|
|
||||||
|
|
||||||
response = await llm_call_async(
|
|
||||||
sess.endpoint_url, sess.model, context,
|
|
||||||
headers=sess.headers,
|
|
||||||
timeout=AI_CHAT_TIMEOUT,
|
|
||||||
)
|
|
||||||
|
|
||||||
# Save both messages to session
|
|
||||||
sess.add_message(ChatMessage("user", message))
|
|
||||||
sess.add_message(ChatMessage("assistant", response))
|
|
||||||
|
|
||||||
# Truncate for tool output
|
|
||||||
if len(response) > 10000:
|
|
||||||
response = response[:10000] + "\n... (truncated)"
|
|
||||||
|
|
||||||
return {
|
|
||||||
"session_id": target_sid,
|
|
||||||
"session_name": sess.name,
|
|
||||||
"response": response,
|
|
||||||
}
|
|
||||||
except Exception as e:
|
|
||||||
logger.error(f"send_to_session failed: {e}")
|
|
||||||
return {"error": f"Failed to send to session: {e}"}
|
|
||||||
|
|
||||||
async def manage_session(content: str, session_id: Optional[str] = None, owner: Optional[str] = None) -> Dict:
|
|
||||||
"""Manage sessions: rename, archive, delete, important, truncate, fork.
|
|
||||||
|
|
||||||
Content format:
|
|
||||||
Line 1: action (rename|archive|unarchive|delete|important|unimportant|truncate|fork)
|
|
||||||
Line 2: target session_id (or "current" to use the active session)
|
|
||||||
Line 3+: action-specific params (e.g. new name for rename, keep_count for truncate)
|
|
||||||
"""
|
|
||||||
_session_manager = get_session_manager()
|
|
||||||
if not _session_manager:
|
|
||||||
return {"error": "Session manager not available"}
|
|
||||||
|
|
||||||
from src.database import SessionLocal, Session as DbSession
|
|
||||||
|
|
||||||
# Accept BOTH the structured JSON args the tool schema advertises
|
|
||||||
# ({action, session_id, value}) AND the legacy line-based format
|
|
||||||
# (line1=action, line2=session_id, line3=value). Native function-calling
|
|
||||||
# models send JSON; fenced-block callers send lines. Previously only the
|
|
||||||
# line format was parsed, so a model that followed the schema (JSON) got
|
|
||||||
# "Need at least 2 lines" / "Rename needs line 3" and couldn't drive it.
|
|
||||||
_raw = (content or "").strip()
|
|
||||||
action = ""
|
|
||||||
target_sid = ""
|
|
||||||
value = None # the action param: new name (rename) / keep_count (truncate, fork)
|
|
||||||
_list_filter = ""
|
|
||||||
_parsed = None
|
|
||||||
if _raw.startswith("{"):
|
|
||||||
try:
|
|
||||||
_parsed = json.loads(_raw)
|
|
||||||
except Exception:
|
|
||||||
_parsed = None
|
|
||||||
if isinstance(_parsed, dict):
|
|
||||||
action = str(_parsed.get("action") or "").strip().lower()
|
|
||||||
target_sid = str(_parsed.get("session_id") or _parsed.get("session") or _parsed.get("id") or "").strip()
|
|
||||||
_v = _parsed.get("value")
|
|
||||||
if _v is None:
|
|
||||||
_v = (_parsed.get("name") or _parsed.get("new_name")
|
|
||||||
or _parsed.get("title") or _parsed.get("keep_count"))
|
|
||||||
value = None if _v is None else str(_v).strip()
|
|
||||||
_list_filter = str(_parsed.get("filter") or "").strip()
|
|
||||||
else:
|
|
||||||
lines = _raw.split("\n")
|
|
||||||
if not lines or not lines[0].strip():
|
|
||||||
return {"error": "Missing action (rename|archive|delete|important|truncate|fork|list|switch)"}
|
|
||||||
action = lines[0].strip().lower()
|
|
||||||
target_sid = lines[1].strip() if len(lines) >= 2 else ""
|
|
||||||
value = lines[2].strip() if len(lines) >= 3 else None
|
|
||||||
_list_filter = "\n".join(lines[1:]).strip()
|
|
||||||
|
|
||||||
if not action:
|
|
||||||
return {"error": "Missing action (rename|archive|delete|important|truncate|fork|list|switch)"}
|
|
||||||
|
|
||||||
# `list` alias - dispatch to list_sessions so the agent's natural
|
|
||||||
# first guess (every other manage_* tool has a `list` action) works.
|
|
||||||
if action == "list":
|
|
||||||
return await list_sessions(_list_filter, session_id, owner=owner)
|
|
||||||
|
|
||||||
if not target_sid:
|
|
||||||
return {"error": "Need a session_id (or 'current' for the active chat)"}
|
|
||||||
|
|
||||||
# Allow "current" to refer to the active session
|
|
||||||
if target_sid.lower() == "current" and session_id:
|
|
||||||
target_sid = session_id
|
|
||||||
|
|
||||||
# `switch` / `open` / `select` / `view` - the agent reaches for
|
|
||||||
# these when the user asks to "open" or "switch to" a session.
|
|
||||||
# There's no server-side way to make the browser navigate, so we
|
|
||||||
# just return a clickable anchor link the user can click. The
|
|
||||||
# frontend's chat-history click delegate routes `#session-<id>`
|
|
||||||
# to selectSession(). The agent's reply naturally embeds this
|
|
||||||
# result so the user sees a single clickable line.
|
|
||||||
def _session_query(db):
|
|
||||||
query = db.query(DbSession).filter(DbSession.id == target_sid)
|
|
||||||
if owner is not None:
|
|
||||||
query = query.filter(DbSession.owner == owner)
|
|
||||||
return query
|
|
||||||
|
|
||||||
if action in ("switch", "open", "select", "view"):
|
|
||||||
db = SessionLocal()
|
|
||||||
try:
|
|
||||||
db_sess = _session_query(db).first()
|
|
||||||
if not db_sess:
|
|
||||||
return {"error": f"Session '{target_sid}' not found. Use list_sessions and pass the exact id it returned."}
|
|
||||||
name = db_sess.name or target_sid
|
|
||||||
finally:
|
|
||||||
db.close()
|
|
||||||
return {
|
|
||||||
"action": action,
|
|
||||||
"session_id": target_sid,
|
|
||||||
"name": name,
|
|
||||||
"results": f"[{name}](#session-{target_sid}) - click to open.",
|
|
||||||
}
|
|
||||||
|
|
||||||
db = SessionLocal()
|
|
||||||
try:
|
|
||||||
if action == "rename":
|
|
||||||
if not value:
|
|
||||||
return {"error": "rename needs a new name (the `value` arg, or line 3 in the legacy format)"}
|
|
||||||
new_name = value
|
|
||||||
db_sess = _session_query(db).first()
|
|
||||||
if not db_sess:
|
|
||||||
return {"error": f"Session '{target_sid}' not found. Use list_sessions and pass the exact id it returned."}
|
|
||||||
db_sess.name = new_name
|
|
||||||
db.commit()
|
|
||||||
_session_manager.update_session_name(target_sid, new_name)
|
|
||||||
return {"action": "rename", "session_id": target_sid, "name": new_name,
|
|
||||||
"results": f"Session renamed to '{new_name}'"}
|
|
||||||
|
|
||||||
elif action == "archive":
|
|
||||||
db_sess = _session_query(db).first()
|
|
||||||
if not db_sess:
|
|
||||||
return {"error": f"Session '{target_sid}' not found. Use list_sessions and pass the exact id it returned."}
|
|
||||||
db_sess.archived = True
|
|
||||||
db.commit()
|
|
||||||
return {"action": "archive", "session_id": target_sid,
|
|
||||||
"results": f"Session '{db_sess.name}' archived"}
|
|
||||||
|
|
||||||
elif action == "unarchive":
|
|
||||||
db_sess = _session_query(db).first()
|
|
||||||
if not db_sess:
|
|
||||||
return {"error": f"Session '{target_sid}' not found. Use list_sessions and pass the exact id it returned."}
|
|
||||||
db_sess.archived = False
|
|
||||||
db.commit()
|
|
||||||
return {"action": "unarchive", "session_id": target_sid,
|
|
||||||
"results": f"Session '{db_sess.name}' unarchived"}
|
|
||||||
|
|
||||||
elif action == "delete":
|
|
||||||
if target_sid == session_id:
|
|
||||||
return {"error": "Cannot delete the current session while chatting in it. Delete other sessions first."}
|
|
||||||
db_sess = _session_query(db).first()
|
|
||||||
if not db_sess:
|
|
||||||
return {"error": f"Session '{target_sid}' not found. Refusing to delete an unknown chat id; use the exact id from list_sessions."}
|
|
||||||
if db_sess and db_sess.is_important:
|
|
||||||
return {"error": f"Session '{db_sess.name}' is starred/favorited. Unstar it first before deleting."}
|
|
||||||
try:
|
|
||||||
ok = _session_manager.delete_session(target_sid)
|
|
||||||
if not ok:
|
|
||||||
return {"error": f"Session '{target_sid}' was not deleted because it no longer exists."}
|
|
||||||
return {"action": "delete", "session_id": target_sid,
|
|
||||||
"results": f"Session '{db_sess.name or target_sid}' deleted"}
|
|
||||||
except Exception as e:
|
|
||||||
return {"error": f"Failed to delete session: {e}"}
|
|
||||||
|
|
||||||
elif action in ("important", "unimportant"):
|
|
||||||
is_important = action == "important"
|
|
||||||
db_sess = _session_query(db).first()
|
|
||||||
if not db_sess:
|
|
||||||
return {"error": f"Session '{target_sid}' not found. Use list_sessions and pass the exact id it returned."}
|
|
||||||
# Prevent AI from unstarring sessions - only the user can do that manually
|
|
||||||
if not is_important and db_sess.is_important:
|
|
||||||
return {"error": f"Session '{db_sess.name}' is starred by the user. Only the user can unstar sessions manually."}
|
|
||||||
db_sess.is_important = is_important
|
|
||||||
db.commit()
|
|
||||||
status = "marked as important" if is_important else "unmarked as important"
|
|
||||||
return {"action": action, "session_id": target_sid,
|
|
||||||
"results": f"Session '{db_sess.name}' {status}"}
|
|
||||||
|
|
||||||
elif action == "truncate":
|
|
||||||
db_sess = _session_query(db).first()
|
|
||||||
if not db_sess:
|
|
||||||
return {"error": f"Session '{target_sid}' not found. Use list_sessions and pass the exact id it returned."}
|
|
||||||
keep_count = 10
|
|
||||||
if value:
|
|
||||||
try:
|
|
||||||
keep_count = int(value)
|
|
||||||
except ValueError:
|
|
||||||
pass
|
|
||||||
success = _session_manager.truncate_messages(target_sid, keep_count)
|
|
||||||
if success:
|
|
||||||
return {"action": "truncate", "session_id": target_sid,
|
|
||||||
"results": f"Session truncated to last {keep_count} messages"}
|
|
||||||
return {"error": f"Failed to truncate session '{target_sid}'"}
|
|
||||||
|
|
||||||
elif action == "fork":
|
|
||||||
db_sess = _session_query(db).first()
|
|
||||||
if not db_sess:
|
|
||||||
return {"error": f"Session '{target_sid}' not found. Use list_sessions and pass the exact id it returned."}
|
|
||||||
keep_count = 0 # 0 = all messages
|
|
||||||
if value:
|
|
||||||
try:
|
|
||||||
keep_count = int(value)
|
|
||||||
except ValueError:
|
|
||||||
pass
|
|
||||||
|
|
||||||
source = _session_manager.get_session(target_sid)
|
|
||||||
if not source:
|
|
||||||
return {"error": f"Session '{target_sid}' not found"}
|
|
||||||
|
|
||||||
new_sid = str(uuid.uuid4())[:8]
|
|
||||||
_session_manager.create_session(
|
|
||||||
session_id=new_sid,
|
|
||||||
name=f"Fork: {source.name}",
|
|
||||||
endpoint_url=source.endpoint_url,
|
|
||||||
model=source.model,
|
|
||||||
rag=False,
|
|
||||||
owner=owner,
|
|
||||||
)
|
|
||||||
# Copy messages
|
|
||||||
history = source.get_context_messages()
|
|
||||||
if keep_count > 0:
|
|
||||||
history = history[:keep_count]
|
|
||||||
from core.models import ChatMessage as InMemoryMsg
|
|
||||||
new_sess = _session_manager.get_session(new_sid)
|
|
||||||
for msg in history:
|
|
||||||
new_sess.add_message(InMemoryMsg(msg["role"], msg["content"]))
|
|
||||||
try:
|
|
||||||
from src.event_bus import fire_event
|
|
||||||
fire_event("session_created", owner)
|
|
||||||
except Exception:
|
|
||||||
logger.debug("session_created event dispatch failed", exc_info=True)
|
|
||||||
|
|
||||||
return {"action": "fork", "session_id": new_sid,
|
|
||||||
"source_session": target_sid, "messages_copied": len(history),
|
|
||||||
"results": f"Forked session '{source.name}' -> new session {new_sid} ({len(history)} messages)"}
|
|
||||||
|
|
||||||
else:
|
|
||||||
return {"error": f"Unknown action '{action}'. Use: list, switch, rename, archive, unarchive, delete, important, unimportant, truncate, fork"}
|
|
||||||
except Exception as e:
|
|
||||||
logger.error(f"manage_session failed: {e}")
|
|
||||||
return {"error": str(e)}
|
|
||||||
finally:
|
|
||||||
db.close()
|
|
||||||
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
|
||||||
# Handler classes registered in TOOL_HANDLERS
|
|
||||||
# ---------------------------------------------------------------------------
|
|
||||||
|
|
||||||
class CreateSessionTool:
|
|
||||||
async def execute(self, content: str, ctx: dict) -> Dict:
|
|
||||||
return await create_session(content, ctx.get("session_id"), owner=ctx.get("owner"))
|
|
||||||
|
|
||||||
|
|
||||||
class ListSessionsTool:
|
|
||||||
async def execute(self, content: str, ctx: dict) -> Dict:
|
|
||||||
return await list_sessions(content, ctx.get("session_id"), owner=ctx.get("owner"))
|
|
||||||
|
|
||||||
|
|
||||||
class SendToSessionTool:
|
|
||||||
async def execute(self, content: str, ctx: dict) -> Dict:
|
|
||||||
return await send_to_session(content, ctx.get("session_id"), owner=ctx.get("owner"))
|
|
||||||
|
|
||||||
|
|
||||||
class ManageSessionTool:
|
|
||||||
async def execute(self, content: str, ctx: dict) -> Dict:
|
|
||||||
return await manage_session(content, ctx.get("session_id"), owner=ctx.get("owner"))
|
|
||||||
@@ -7,7 +7,6 @@ from src.constants import MAX_OUTPUT_CHARS
|
|||||||
class WebSearchTool:
|
class WebSearchTool:
|
||||||
async def execute(self, content: str, ctx: dict) -> dict:
|
async def execute(self, content: str, ctx: dict) -> dict:
|
||||||
from src.search import comprehensive_web_search
|
from src.search import comprehensive_web_search
|
||||||
progress_cb = ctx.get("progress_cb") if isinstance(ctx, dict) else None
|
|
||||||
raw = content.strip()
|
raw = content.strip()
|
||||||
query = raw
|
query = raw
|
||||||
time_filter = None
|
time_filter = None
|
||||||
@@ -38,39 +37,18 @@ class WebSearchTool:
|
|||||||
elif " news" in q_lc or q_lc.startswith("news ") or q_lc.endswith(" news"):
|
elif " news" in q_lc or q_lc.startswith("news ") or q_lc.endswith(" news"):
|
||||||
time_filter = "week"
|
time_filter = "week"
|
||||||
loop = asyncio.get_running_loop()
|
loop = asyncio.get_running_loop()
|
||||||
if progress_cb:
|
text, sources = await asyncio.wait_for(
|
||||||
await progress_cb({
|
loop.run_in_executor(
|
||||||
"elapsed_s": 0,
|
None,
|
||||||
"tail": f"Searching web for: {query[:160]}",
|
lambda: comprehensive_web_search(
|
||||||
})
|
query,
|
||||||
try:
|
max_pages=max_pages,
|
||||||
text, sources = await asyncio.wait_for(
|
time_filter=time_filter,
|
||||||
loop.run_in_executor(
|
return_sources=True,
|
||||||
None,
|
|
||||||
lambda: comprehensive_web_search(
|
|
||||||
query,
|
|
||||||
max_pages=max_pages,
|
|
||||||
time_filter=time_filter,
|
|
||||||
return_sources=True,
|
|
||||||
),
|
|
||||||
),
|
),
|
||||||
timeout=30,
|
),
|
||||||
)
|
timeout=30,
|
||||||
except asyncio.TimeoutError:
|
)
|
||||||
return {
|
|
||||||
"error": f"web_search timed out after 30s: {query[:200]}",
|
|
||||||
"exit_code": 1,
|
|
||||||
}
|
|
||||||
except Exception as e:
|
|
||||||
return {
|
|
||||||
"error": f"web_search failed: {type(e).__name__}: {str(e) or 'no details'}",
|
|
||||||
"exit_code": 1,
|
|
||||||
}
|
|
||||||
if progress_cb:
|
|
||||||
await progress_cb({
|
|
||||||
"elapsed_s": 30,
|
|
||||||
"tail": "Search completed; preparing sources.",
|
|
||||||
})
|
|
||||||
output = text[:MAX_OUTPUT_CHARS] if len(text) > MAX_OUTPUT_CHARS else text
|
output = text[:MAX_OUTPUT_CHARS] if len(text) > MAX_OUTPUT_CHARS else text
|
||||||
if sources:
|
if sources:
|
||||||
output += "\n\n<!-- SOURCES:" + json.dumps(sources) + " -->"
|
output += "\n\n<!-- SOURCES:" + json.dumps(sources) + " -->"
|
||||||
@@ -79,23 +57,13 @@ class WebSearchTool:
|
|||||||
class WebFetchTool:
|
class WebFetchTool:
|
||||||
async def execute(self, content: str, ctx: dict) -> dict:
|
async def execute(self, content: str, ctx: dict) -> dict:
|
||||||
from src.search.content import fetch_webpage_content
|
from src.search.content import fetch_webpage_content
|
||||||
from src.constants import WEB_FETCH_HARD_MAX_BYTES
|
|
||||||
raw = content.strip()
|
raw = content.strip()
|
||||||
url = ""
|
url = ""
|
||||||
max_bytes = None
|
|
||||||
if raw.startswith("{"):
|
if raw.startswith("{"):
|
||||||
try:
|
try:
|
||||||
parsed = json.loads(raw)
|
parsed = json.loads(raw)
|
||||||
if isinstance(parsed, dict):
|
if isinstance(parsed, dict):
|
||||||
url = str(parsed.get("url") or "").strip()
|
url = str(parsed.get("url") or "").strip()
|
||||||
# Download-budget override (#3812): "full": true raises the
|
|
||||||
# budget to the hard cap; an explicit max_bytes is clamped
|
|
||||||
# to the hard cap downstream. Default stays the soft cap.
|
|
||||||
if parsed.get("full") is True:
|
|
||||||
max_bytes = WEB_FETCH_HARD_MAX_BYTES
|
|
||||||
mb = parsed.get("max_bytes")
|
|
||||||
if isinstance(mb, int) and mb > 0:
|
|
||||||
max_bytes = mb
|
|
||||||
except json.JSONDecodeError:
|
except json.JSONDecodeError:
|
||||||
url = ""
|
url = ""
|
||||||
if not url:
|
if not url:
|
||||||
@@ -110,7 +78,7 @@ class WebFetchTool:
|
|||||||
loop = asyncio.get_running_loop()
|
loop = asyncio.get_running_loop()
|
||||||
try:
|
try:
|
||||||
result = await asyncio.wait_for(
|
result = await asyncio.wait_for(
|
||||||
loop.run_in_executor(None, lambda: fetch_webpage_content(url, timeout=10, max_bytes=max_bytes)),
|
loop.run_in_executor(None, lambda: fetch_webpage_content(url, timeout=10)),
|
||||||
timeout=30,
|
timeout=30,
|
||||||
)
|
)
|
||||||
except asyncio.TimeoutError:
|
except asyncio.TimeoutError:
|
||||||
@@ -126,28 +94,8 @@ class WebFetchTool:
|
|||||||
return {"error": f"web_fetch: {url}: {err}", "exit_code": 1}
|
return {"error": f"web_fetch: {url}: {err}", "exit_code": 1}
|
||||||
return {"error": f"web_fetch: {url}: no readable text content (not HTML, or the page needs JS/login)", "exit_code": 1}
|
return {"error": f"web_fetch: {url}: no readable text content (not HTML, or the page needs JS/login)", "exit_code": 1}
|
||||||
|
|
||||||
# Tell the model when the download budget cut the body short and how
|
|
||||||
# to get the rest, instead of silently presenting a partial page as
|
|
||||||
# the whole thing.
|
|
||||||
size_note = ""
|
|
||||||
if result.get("truncated"):
|
|
||||||
fetched = result.get("fetched_bytes") or 0
|
|
||||||
total = result.get("total_bytes")
|
|
||||||
total_txt = f" of {total:,} bytes" if total else ""
|
|
||||||
size_note = (
|
|
||||||
f"[partial content: download stopped at {fetched:,} bytes{total_txt}. "
|
|
||||||
f'Re-call with {{"url": "{url}", "full": true}} to fetch up to '
|
|
||||||
f"{WEB_FETCH_HARD_MAX_BYTES:,} bytes.]\n\n"
|
|
||||||
)
|
|
||||||
|
|
||||||
# The notice must lead the output so the MAX_OUTPUT_CHARS trim below can
|
|
||||||
# never drop it. The title is untrusted, uncapped page content, so a
|
|
||||||
# giant title ahead of the notice could push it out of range; keep the
|
|
||||||
# notice first and cap the title as a second guard.
|
|
||||||
if len(title) > 300:
|
|
||||||
title = title[:300] + "..."
|
|
||||||
header = (f"# {title}\n" if title else "") + f"Source: {url}\n\n"
|
header = (f"# {title}\n" if title else "") + f"Source: {url}\n\n"
|
||||||
output = size_note + header + text
|
output = header + text
|
||||||
if len(output) > MAX_OUTPUT_CHARS:
|
if len(output) > MAX_OUTPUT_CHARS:
|
||||||
output = output[:MAX_OUTPUT_CHARS] + "\n\n[...truncated]"
|
output = output[:MAX_OUTPUT_CHARS] + "\n\n[...truncated]"
|
||||||
return {"output": output, "exit_code": 0}
|
return {"output": output, "exit_code": 0}
|
||||||
|
|||||||
+780
-19
@@ -1,20 +1,13 @@
|
|||||||
"""
|
"""
|
||||||
ai_interaction.py
|
ai_interaction.py
|
||||||
|
|
||||||
AI-to-AI interaction tools: pipeline and manage_memory, plus shared model
|
AI-to-AI interaction tools: chat_with_model, create_session, list_sessions,
|
||||||
resolution (_resolve_model), the session-manager singleton, and dispatch_ai_tool.
|
send_to_session, pipeline.
|
||||||
|
|
||||||
As part of the tool -> registry migration (#3629), chat_with_model, ask_teacher
|
|
||||||
and list_models moved to src/agent_tools/model_interaction_tools.py, and
|
|
||||||
create_session, list_sessions, send_to_session and manage_session moved to
|
|
||||||
src/agent_tools/session_tools.py. Those modules reuse get_session_manager /
|
|
||||||
_resolve_model / AI_CHAT_TIMEOUT from here.
|
|
||||||
|
|
||||||
These are agent tools — the LLM writes fenced code blocks and they execute
|
These are agent tools — the LLM writes fenced code blocks and they execute
|
||||||
through the standard agent_tools.py pipeline.
|
through the standard agent_tools.py pipeline.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import asyncio
|
|
||||||
import json
|
import json
|
||||||
import logging
|
import logging
|
||||||
import uuid
|
import uuid
|
||||||
@@ -135,8 +128,7 @@ def _resolve_model(spec: str, owner: Optional[str] = None) -> Tuple[str, str, Di
|
|||||||
r = httpx.get(models_url, headers=headers, timeout=5)
|
r = httpx.get(models_url, headers=headers, timeout=5)
|
||||||
r.raise_for_status()
|
r.raise_for_status()
|
||||||
data = r.json()
|
data = r.json()
|
||||||
items = data if isinstance(data, list) else (data.get("data") or [])
|
model_ids = [m.get("id") for m in (data.get("data") or []) if m.get("id")]
|
||||||
model_ids = [m.get("id") for m in items if isinstance(m, dict) and m.get("id")]
|
|
||||||
if not model_ids:
|
if not model_ids:
|
||||||
model_ids = [
|
model_ids = [
|
||||||
m.get("name") or m.get("model")
|
m.get("name") or m.get("model")
|
||||||
@@ -167,6 +159,440 @@ def _resolve_model(spec: str, owner: Optional[str] = None) -> Tuple[str, str, Di
|
|||||||
# Tool implementations
|
# Tool implementations
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
async def do_chat_with_model(content: str, session_id: Optional[str] = None, owner: Optional[str] = None) -> Dict:
|
||||||
|
"""Send a message to a specific model and return its response.
|
||||||
|
|
||||||
|
Content format:
|
||||||
|
Line 1: model_name (or model_name@endpoint_name)
|
||||||
|
Line 2+: the message to send
|
||||||
|
"""
|
||||||
|
from src.llm_core import llm_call_async
|
||||||
|
|
||||||
|
lines = content.strip().split("\n", 1)
|
||||||
|
if not lines or not lines[0].strip():
|
||||||
|
return {"error": "First line must be the model name"}
|
||||||
|
|
||||||
|
model_spec = lines[0].strip()
|
||||||
|
message = lines[1].strip() if len(lines) > 1 else ""
|
||||||
|
if not message:
|
||||||
|
return {"error": "No message provided (line 2+ is the message)"}
|
||||||
|
|
||||||
|
try:
|
||||||
|
url, model, headers = _resolve_model(model_spec, owner=owner)
|
||||||
|
except ValueError as e:
|
||||||
|
return {"error": str(e)}
|
||||||
|
|
||||||
|
try:
|
||||||
|
response = await llm_call_async(
|
||||||
|
url, model,
|
||||||
|
[{"role": "user", "content": message}],
|
||||||
|
headers=headers,
|
||||||
|
timeout=AI_CHAT_TIMEOUT,
|
||||||
|
)
|
||||||
|
# Truncate very long responses
|
||||||
|
if len(response) > 10000:
|
||||||
|
response = response[:10000] + "\n... (truncated)"
|
||||||
|
return {"model": model, "response": response}
|
||||||
|
except Exception as e:
|
||||||
|
logger.error(f"chat_with_model failed: {e}")
|
||||||
|
return {"error": f"Failed to get response from {model_spec}: {e}"}
|
||||||
|
|
||||||
|
|
||||||
|
_TEACHER_SYSTEM_PROMPT = (
|
||||||
|
"You are a senior AI mentor. A less capable model is stuck on a problem and asking for help. "
|
||||||
|
"Provide clear, actionable guidance:\n"
|
||||||
|
"1. Brief analysis of the problem\n"
|
||||||
|
"2. Recommended approach (step by step)\n"
|
||||||
|
"3. Key things to watch out for\n\n"
|
||||||
|
"Be concise and practical. No preamble."
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
async def do_ask_teacher(content: str, session_id: Optional[str] = None, owner: Optional[str] = None) -> Dict:
|
||||||
|
"""Ask a more capable model for help.
|
||||||
|
|
||||||
|
Content format:
|
||||||
|
Line 1: model_name (or 'auto')
|
||||||
|
Line 2+: the problem description
|
||||||
|
"""
|
||||||
|
from src.llm_core import llm_call_async
|
||||||
|
from src.settings import get_setting
|
||||||
|
|
||||||
|
lines = content.strip().split("\n", 1)
|
||||||
|
model_spec = lines[0].strip() if lines else "auto"
|
||||||
|
problem = lines[1].strip() if len(lines) > 1 else ""
|
||||||
|
|
||||||
|
if not problem:
|
||||||
|
return {"error": "No problem description provided"}
|
||||||
|
|
||||||
|
if model_spec.lower() in ("auto", ""):
|
||||||
|
model_spec = get_setting("teacher_model", "")
|
||||||
|
if not model_spec:
|
||||||
|
return {"error": "No teacher model configured. Specify a model name or set teacher_model in settings."}
|
||||||
|
|
||||||
|
try:
|
||||||
|
url, model, headers = _resolve_model(model_spec, owner=owner)
|
||||||
|
except ValueError as e:
|
||||||
|
return {"error": str(e)}
|
||||||
|
|
||||||
|
try:
|
||||||
|
response = await llm_call_async(
|
||||||
|
url, model,
|
||||||
|
[
|
||||||
|
{"role": "system", "content": _TEACHER_SYSTEM_PROMPT},
|
||||||
|
{"role": "user", "content": f"Problem:\n{problem}"},
|
||||||
|
],
|
||||||
|
headers=headers,
|
||||||
|
timeout=AI_CHAT_TIMEOUT,
|
||||||
|
)
|
||||||
|
if len(response) > 8000:
|
||||||
|
response = response[:8000] + "\n... (truncated)"
|
||||||
|
return {"model": model, "response": response, "teacher": True}
|
||||||
|
except Exception as e:
|
||||||
|
logger.error(f"ask_teacher failed: {e}")
|
||||||
|
return {"error": f"Teacher call failed ({model_spec}): {e}"}
|
||||||
|
|
||||||
|
|
||||||
|
async def do_second_opinion(content: str, session_id: Optional[str] = None, owner: Optional[str] = None) -> Dict:
|
||||||
|
"""Get a second opinion from another model, then have the original model
|
||||||
|
evaluate the feedback and produce a unified version.
|
||||||
|
|
||||||
|
Content format:
|
||||||
|
Line 1: model_name (or model_name@endpoint_name)
|
||||||
|
Line 2+ (optional): specific question or focus area
|
||||||
|
|
||||||
|
Flow:
|
||||||
|
1. Pull recent conversation context
|
||||||
|
2. Send to reviewer model → get honest feedback
|
||||||
|
3. Send feedback back to the session's own model → evaluate & unify
|
||||||
|
4. Return both the review and the unified response
|
||||||
|
"""
|
||||||
|
from src.llm_core import llm_call_async
|
||||||
|
|
||||||
|
lines = content.strip().split("\n", 1)
|
||||||
|
if not lines or not lines[0].strip():
|
||||||
|
return {"error": "First line must be the model name"}
|
||||||
|
|
||||||
|
model_spec = lines[0].strip()
|
||||||
|
focus = lines[1].strip() if len(lines) > 1 else ""
|
||||||
|
|
||||||
|
try:
|
||||||
|
reviewer_url, reviewer_model, reviewer_headers = _resolve_model(model_spec, owner=owner)
|
||||||
|
except ValueError as e:
|
||||||
|
return {"error": str(e)}
|
||||||
|
|
||||||
|
# Pull recent conversation context from current session
|
||||||
|
context_text = ""
|
||||||
|
sess = None
|
||||||
|
if session_id and _session_manager:
|
||||||
|
sess = _session_manager.get_session(session_id)
|
||||||
|
if sess:
|
||||||
|
messages = sess.get_context_messages()
|
||||||
|
recent = messages[-15:] if len(messages) > 15 else messages
|
||||||
|
parts = []
|
||||||
|
for m in recent:
|
||||||
|
role = m.get("role", "unknown").upper()
|
||||||
|
text = m.get("content", "")
|
||||||
|
if isinstance(text, list):
|
||||||
|
text = " ".join(
|
||||||
|
p.get("text", "") for p in text if isinstance(p, dict)
|
||||||
|
)
|
||||||
|
if text:
|
||||||
|
parts.append(f"[{role}]: {text[:2000]}")
|
||||||
|
context_text = "\n\n".join(parts)
|
||||||
|
|
||||||
|
if not context_text:
|
||||||
|
return {"error": "No conversation context found to review"}
|
||||||
|
|
||||||
|
# ── Step 1: Get the reviewer's feedback ──
|
||||||
|
reviewer_system = (
|
||||||
|
"You are giving a second opinion on a conversation between a user and an AI assistant. "
|
||||||
|
"Your job is to be genuinely helpful and honest — not a yes-man, but not a contrarian either.\n\n"
|
||||||
|
"Guidelines:\n"
|
||||||
|
"- If the plan/idea is solid, say so clearly. Don't manufacture problems that aren't there.\n"
|
||||||
|
"- If you spot a real flaw, blind spot, or simpler approach — call it out directly.\n"
|
||||||
|
"- Be practical. Don't over-engineer or over-analyze. Real-world tradeoffs matter.\n"
|
||||||
|
"- If there's a meaningfully better way to do something, suggest it concretely.\n"
|
||||||
|
"- Give credit where it's due — highlight what's working well.\n"
|
||||||
|
"- Keep it concise and actionable. No fluff.\n"
|
||||||
|
"- You're a second pair of eyes, not a professor grading a paper."
|
||||||
|
)
|
||||||
|
|
||||||
|
reviewer_message = f"Here's the conversation so far:\n\n{context_text}"
|
||||||
|
if focus:
|
||||||
|
reviewer_message += f"\n\n---\nSpecifically, I want your take on: {focus}"
|
||||||
|
else:
|
||||||
|
reviewer_message += "\n\n---\nGive me your honest second opinion on what's being discussed."
|
||||||
|
|
||||||
|
try:
|
||||||
|
review = await llm_call_async(
|
||||||
|
reviewer_url, reviewer_model,
|
||||||
|
[
|
||||||
|
{"role": "system", "content": reviewer_system},
|
||||||
|
{"role": "user", "content": reviewer_message},
|
||||||
|
],
|
||||||
|
headers=reviewer_headers,
|
||||||
|
timeout=AI_CHAT_TIMEOUT,
|
||||||
|
)
|
||||||
|
if len(review) > 8000:
|
||||||
|
review = review[:8000] + "\n... (truncated)"
|
||||||
|
except Exception as e:
|
||||||
|
logger.error(f"second_opinion reviewer call failed: {e}")
|
||||||
|
return {"error": f"Failed to get second opinion from {model_spec}: {e}"}
|
||||||
|
|
||||||
|
# ── Step 2: Send review back to session's own model for evaluation ──
|
||||||
|
unified = ""
|
||||||
|
original_model = "unknown"
|
||||||
|
if sess:
|
||||||
|
original_url = sess.endpoint_url
|
||||||
|
original_model = sess.model
|
||||||
|
original_headers = getattr(sess, "headers", None) or {}
|
||||||
|
|
||||||
|
unify_system = (
|
||||||
|
"Another AI model just reviewed the conversation you've been having with the user. "
|
||||||
|
"Read their feedback carefully, then respond with:\n\n"
|
||||||
|
"1. **What you agree with** — acknowledge valid points honestly.\n"
|
||||||
|
"2. **What you disagree with** — explain why, briefly.\n"
|
||||||
|
"3. **Unified version** — produce an updated/refined version of whatever was being discussed, "
|
||||||
|
"incorporating the feedback you found valid. Don't accept every note blindly — "
|
||||||
|
"use your judgment on what actually improves things vs what's unnecessary.\n\n"
|
||||||
|
"Be concise and practical. The user wants a better result, not a meta-discussion."
|
||||||
|
)
|
||||||
|
|
||||||
|
unify_message = (
|
||||||
|
f"Here's the conversation context:\n\n{context_text}\n\n"
|
||||||
|
f"---\n\n"
|
||||||
|
f"**Review from {reviewer_model}:**\n\n{review}\n\n"
|
||||||
|
f"---\n\n"
|
||||||
|
f"Evaluate this feedback and produce a unified improved version."
|
||||||
|
)
|
||||||
|
|
||||||
|
try:
|
||||||
|
unified = await llm_call_async(
|
||||||
|
original_url, original_model,
|
||||||
|
[
|
||||||
|
{"role": "system", "content": unify_system},
|
||||||
|
{"role": "user", "content": unify_message},
|
||||||
|
],
|
||||||
|
headers=original_headers,
|
||||||
|
timeout=AI_CHAT_TIMEOUT,
|
||||||
|
)
|
||||||
|
if len(unified) > 10000:
|
||||||
|
unified = unified[:10000] + "\n... (truncated)"
|
||||||
|
except Exception as e:
|
||||||
|
logger.error(f"second_opinion unify call failed: {e}")
|
||||||
|
unified = f"(Failed to get unified response: {e})"
|
||||||
|
|
||||||
|
# Build combined result
|
||||||
|
combined = (
|
||||||
|
f"## Second Opinion from {reviewer_model}\n\n{review}"
|
||||||
|
f"\n\n---\n\n"
|
||||||
|
f"## {original_model}'s Response\n\n{unified}"
|
||||||
|
)
|
||||||
|
|
||||||
|
return {
|
||||||
|
"model": reviewer_model,
|
||||||
|
"response": combined,
|
||||||
|
"instruction": "Present these results to the user exactly as they are. Do NOT call second_opinion again. The user can continue the conversation from here.",
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
async def do_create_session(content: str, session_id: Optional[str] = None, owner: Optional[str] = None) -> Dict:
|
||||||
|
"""Create a new chat session.
|
||||||
|
|
||||||
|
Content format:
|
||||||
|
Line 1: session name
|
||||||
|
Line 2: model_name (or model_name@endpoint_name)
|
||||||
|
"""
|
||||||
|
if not _session_manager:
|
||||||
|
return {"error": "Session manager not available"}
|
||||||
|
|
||||||
|
lines = content.strip().split("\n")
|
||||||
|
if len(lines) < 2:
|
||||||
|
return {"error": "Need 2 lines: session name, then model spec"}
|
||||||
|
|
||||||
|
name = lines[0].strip()
|
||||||
|
model_spec = lines[1].strip()
|
||||||
|
|
||||||
|
if not name:
|
||||||
|
return {"error": "Session name cannot be empty"}
|
||||||
|
|
||||||
|
try:
|
||||||
|
url, model, headers = _resolve_model(model_spec, owner=owner)
|
||||||
|
except ValueError as e:
|
||||||
|
return {"error": str(e)}
|
||||||
|
|
||||||
|
sid = str(uuid.uuid4())[:8]
|
||||||
|
try:
|
||||||
|
_session_manager.create_session(
|
||||||
|
session_id=sid,
|
||||||
|
name=name,
|
||||||
|
endpoint_url=url,
|
||||||
|
model=model,
|
||||||
|
rag=False,
|
||||||
|
owner=owner,
|
||||||
|
)
|
||||||
|
# Store headers on session for future calls
|
||||||
|
sess = _session_manager.get_session(sid)
|
||||||
|
if sess and headers:
|
||||||
|
sess.headers = headers
|
||||||
|
try:
|
||||||
|
from src.event_bus import fire_event
|
||||||
|
fire_event("session_created", owner)
|
||||||
|
except Exception:
|
||||||
|
logger.debug("session_created event dispatch failed", exc_info=True)
|
||||||
|
|
||||||
|
return {"session_id": sid, "name": name, "model": model, "endpoint_url": url}
|
||||||
|
except Exception as e:
|
||||||
|
logger.error(f"create_session failed: {e}")
|
||||||
|
return {"error": f"Failed to create session: {e}"}
|
||||||
|
|
||||||
|
|
||||||
|
async def do_list_sessions(content: str, session_id: Optional[str] = None, owner: Optional[str] = None) -> Dict:
|
||||||
|
"""List sessions sorted by most-recently-active first.
|
||||||
|
|
||||||
|
Output includes a relative "last active" timestamp per row so the
|
||||||
|
agent can answer "open my last chat" without guessing from titles.
|
||||||
|
The most-recent session is always first in the list.
|
||||||
|
|
||||||
|
Content = optional filter keyword (matches session name).
|
||||||
|
"""
|
||||||
|
if not _session_manager:
|
||||||
|
return {"error": "Session manager not available"}
|
||||||
|
|
||||||
|
keyword = content.strip().lower() if content.strip() else None
|
||||||
|
|
||||||
|
try:
|
||||||
|
from core.database import SessionLocal, Session as DbSession
|
||||||
|
from datetime import datetime, timezone
|
||||||
|
|
||||||
|
# Pull every session's last_accessed from the DB so we can sort
|
||||||
|
# by recency. In-memory sessions hold name + model + msg_count;
|
||||||
|
# the DB row holds the timestamps.
|
||||||
|
db = SessionLocal()
|
||||||
|
try:
|
||||||
|
db_rows = {r.id: r for r in db.query(DbSession).all()}
|
||||||
|
finally:
|
||||||
|
db.close()
|
||||||
|
|
||||||
|
# SECURITY: scope to the caller's sessions. Passing None returned
|
||||||
|
# every user's sessions, which the agent tool then exposed via the
|
||||||
|
# "list my chats" reply.
|
||||||
|
sessions = _session_manager.get_sessions_for_user(owner)
|
||||||
|
rows = []
|
||||||
|
for sid, sess in sessions.items():
|
||||||
|
if keyword and keyword not in (sess.name or "").lower():
|
||||||
|
continue
|
||||||
|
db_row = db_rows.get(sid)
|
||||||
|
# Prefer last_accessed; fall back to updated_at, then created_at.
|
||||||
|
ts = None
|
||||||
|
if db_row:
|
||||||
|
ts = getattr(db_row, 'last_accessed', None) or getattr(db_row, 'updated_at', None) or getattr(db_row, 'created_at', None)
|
||||||
|
rows.append((ts, sid, sess))
|
||||||
|
|
||||||
|
# Sort by timestamp DESC; rows without a timestamp sink to the bottom.
|
||||||
|
rows.sort(key=lambda r: r[0] or datetime.min, reverse=True)
|
||||||
|
|
||||||
|
def _rel(ts):
|
||||||
|
if not ts:
|
||||||
|
return 'never'
|
||||||
|
now = datetime.utcnow()
|
||||||
|
try:
|
||||||
|
if ts.tzinfo is not None:
|
||||||
|
now = datetime.now(timezone.utc)
|
||||||
|
diff = (now - ts).total_seconds()
|
||||||
|
except Exception:
|
||||||
|
return 'unknown'
|
||||||
|
if diff < 60: return 'just now'
|
||||||
|
if diff < 3600: return f'{int(diff / 60)}m ago'
|
||||||
|
if diff < 86400: return f'{int(diff / 3600)}h ago'
|
||||||
|
if diff < 86400 * 7: return f'{int(diff / 86400)}d ago'
|
||||||
|
return ts.strftime('%Y-%m-%d')
|
||||||
|
|
||||||
|
lines = []
|
||||||
|
for i, (ts, sid, sess) in enumerate(rows):
|
||||||
|
if i >= 50:
|
||||||
|
lines.append(f"... and {len(rows) - 50} more (showing first 50)")
|
||||||
|
break
|
||||||
|
safe_name = (sess.name or "Untitled").replace("[", "\\[").replace("]", "\\]")
|
||||||
|
msg_count = getattr(sess, "message_count", 0) or 0
|
||||||
|
model = getattr(sess, "model", "unknown")
|
||||||
|
marker = " ← most recent" if i == 0 else ""
|
||||||
|
lines.append(f"- **[{safe_name}](#session-{sid})** (id: `{sid}`, model: {model}, {msg_count} msgs, last active {_rel(ts)}){marker}")
|
||||||
|
|
||||||
|
if not lines:
|
||||||
|
return {"results": "No sessions found" + (f" matching '{keyword}'" if keyword else "") + "."}
|
||||||
|
|
||||||
|
return {
|
||||||
|
"results": (
|
||||||
|
f"Found {len(rows)} session(s), sorted most-recent first:\n"
|
||||||
|
+ "\n".join(lines)
|
||||||
|
+ "\n\nAssistant: when replying to the user, preserve the chat-title markdown links exactly as shown, e.g. `[Chat](#session-id)`. Do not rewrite this as a plain, non-clickable table."
|
||||||
|
)
|
||||||
|
}
|
||||||
|
except Exception as e:
|
||||||
|
logger.error(f"list_sessions failed: {e}")
|
||||||
|
return {"error": str(e)}
|
||||||
|
|
||||||
|
|
||||||
|
async def do_send_to_session(content: str, session_id: Optional[str] = None, owner: Optional[str] = None) -> Dict:
|
||||||
|
"""Send a message to an existing session and get a response.
|
||||||
|
|
||||||
|
Content format:
|
||||||
|
Line 1: session_id
|
||||||
|
Line 2+: message
|
||||||
|
"""
|
||||||
|
from src.llm_core import llm_call_async
|
||||||
|
from core.models import ChatMessage
|
||||||
|
|
||||||
|
if not _session_manager:
|
||||||
|
return {"error": "Session manager not available"}
|
||||||
|
|
||||||
|
lines = content.strip().split("\n", 1)
|
||||||
|
if len(lines) < 2:
|
||||||
|
return {"error": "Need 2 lines: session_id, then message"}
|
||||||
|
|
||||||
|
target_sid = lines[0].strip()
|
||||||
|
message = lines[1].strip()
|
||||||
|
|
||||||
|
sess = _session_manager.get_session(target_sid)
|
||||||
|
if not sess:
|
||||||
|
return {"error": f"Session '{target_sid}' not found"}
|
||||||
|
|
||||||
|
# Owner-scope: reject access to another user's session
|
||||||
|
if owner and getattr(sess, "owner", None) and sess.owner != owner:
|
||||||
|
return {"error": f"Session '{target_sid}' not found"}
|
||||||
|
|
||||||
|
if not message:
|
||||||
|
return {"error": "No message provided"}
|
||||||
|
|
||||||
|
try:
|
||||||
|
# Build context from session history
|
||||||
|
context = sess.get_context_messages()
|
||||||
|
context.append({"role": "user", "content": message})
|
||||||
|
|
||||||
|
response = await llm_call_async(
|
||||||
|
sess.endpoint_url, sess.model, context,
|
||||||
|
headers=sess.headers,
|
||||||
|
timeout=AI_CHAT_TIMEOUT,
|
||||||
|
)
|
||||||
|
|
||||||
|
# Save both messages to session
|
||||||
|
sess.add_message(ChatMessage("user", message))
|
||||||
|
sess.add_message(ChatMessage("assistant", response))
|
||||||
|
|
||||||
|
# Truncate for tool output
|
||||||
|
if len(response) > 10000:
|
||||||
|
response = response[:10000] + "\n... (truncated)"
|
||||||
|
|
||||||
|
return {
|
||||||
|
"session_id": target_sid,
|
||||||
|
"session_name": sess.name,
|
||||||
|
"response": response,
|
||||||
|
}
|
||||||
|
except Exception as e:
|
||||||
|
logger.error(f"send_to_session failed: {e}")
|
||||||
|
return {"error": f"Failed to send to session: {e}"}
|
||||||
|
|
||||||
|
|
||||||
async def stream_ai_tool(tool: str, content: str, session_id: Optional[str] = None, owner: Optional[str] = None):
|
async def stream_ai_tool(tool: str, content: str, session_id: Optional[str] = None, owner: Optional[str] = None):
|
||||||
@@ -230,7 +656,7 @@ async def do_pipeline(content: str, session_id: Optional[str] = None, owner: Opt
|
|||||||
if not model_spec or not instruction:
|
if not model_spec or not instruction:
|
||||||
return {"error": f"Step {i + 1}: both 'model' and 'instruction' are required"}
|
return {"error": f"Step {i + 1}: both 'model' and 'instruction' are required"}
|
||||||
try:
|
try:
|
||||||
url, model, headers = await asyncio.to_thread(_resolve_model, model_spec, owner=owner)
|
url, model, headers = _resolve_model(model_spec, owner=owner)
|
||||||
resolved.append((url, model, headers, instruction))
|
resolved.append((url, model, headers, instruction))
|
||||||
except ValueError as e:
|
except ValueError as e:
|
||||||
return {"error": f"Step {i + 1}: {e}"}
|
return {"error": f"Step {i + 1}: {e}"}
|
||||||
@@ -289,6 +715,229 @@ async def do_pipeline(content: str, session_id: Optional[str] = None, owner: Opt
|
|||||||
# Session management tool
|
# Session management tool
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
async def do_manage_session(content: str, session_id: Optional[str] = None, owner: Optional[str] = None) -> Dict:
|
||||||
|
"""Manage sessions: rename, archive, delete, important, truncate, fork.
|
||||||
|
|
||||||
|
Content format:
|
||||||
|
Line 1: action (rename|archive|unarchive|delete|important|unimportant|truncate|fork)
|
||||||
|
Line 2: target session_id (or "current" to use the active session)
|
||||||
|
Line 3+: action-specific params (e.g. new name for rename, keep_count for truncate)
|
||||||
|
"""
|
||||||
|
if not _session_manager:
|
||||||
|
return {"error": "Session manager not available"}
|
||||||
|
|
||||||
|
from src.database import SessionLocal, Session as DbSession
|
||||||
|
|
||||||
|
# Accept BOTH the structured JSON args the tool schema advertises
|
||||||
|
# ({action, session_id, value}) AND the legacy line-based format
|
||||||
|
# (line1=action, line2=session_id, line3=value). Native function-calling
|
||||||
|
# models send JSON; fenced-block callers send lines. Previously only the
|
||||||
|
# line format was parsed, so a model that followed the schema (JSON) got
|
||||||
|
# "Need at least 2 lines" / "Rename needs line 3" and couldn't drive it.
|
||||||
|
_raw = (content or "").strip()
|
||||||
|
action = ""
|
||||||
|
target_sid = ""
|
||||||
|
value = None # the action param: new name (rename) / keep_count (truncate, fork)
|
||||||
|
_list_filter = ""
|
||||||
|
_parsed = None
|
||||||
|
if _raw.startswith("{"):
|
||||||
|
try:
|
||||||
|
_parsed = json.loads(_raw)
|
||||||
|
except Exception:
|
||||||
|
_parsed = None
|
||||||
|
if isinstance(_parsed, dict):
|
||||||
|
action = str(_parsed.get("action") or "").strip().lower()
|
||||||
|
target_sid = str(_parsed.get("session_id") or _parsed.get("session") or _parsed.get("id") or "").strip()
|
||||||
|
_v = _parsed.get("value")
|
||||||
|
if _v is None:
|
||||||
|
_v = (_parsed.get("name") or _parsed.get("new_name")
|
||||||
|
or _parsed.get("title") or _parsed.get("keep_count"))
|
||||||
|
value = None if _v is None else str(_v).strip()
|
||||||
|
_list_filter = str(_parsed.get("filter") or "").strip()
|
||||||
|
else:
|
||||||
|
lines = _raw.split("\n")
|
||||||
|
if not lines or not lines[0].strip():
|
||||||
|
return {"error": "Missing action (rename|archive|delete|important|truncate|fork|list|switch)"}
|
||||||
|
action = lines[0].strip().lower()
|
||||||
|
target_sid = lines[1].strip() if len(lines) >= 2 else ""
|
||||||
|
value = lines[2].strip() if len(lines) >= 3 else None
|
||||||
|
_list_filter = "\n".join(lines[1:]).strip()
|
||||||
|
|
||||||
|
if not action:
|
||||||
|
return {"error": "Missing action (rename|archive|delete|important|truncate|fork|list|switch)"}
|
||||||
|
|
||||||
|
# `list` alias — dispatch to do_list_sessions so the agent's natural
|
||||||
|
# first guess (every other manage_* tool has a `list` action) works.
|
||||||
|
if action == "list":
|
||||||
|
return await do_list_sessions(_list_filter, session_id, owner=owner)
|
||||||
|
|
||||||
|
if not target_sid:
|
||||||
|
return {"error": "Need a session_id (or 'current' for the active chat)"}
|
||||||
|
|
||||||
|
# Allow "current" to refer to the active session
|
||||||
|
if target_sid.lower() == "current" and session_id:
|
||||||
|
target_sid = session_id
|
||||||
|
|
||||||
|
# `switch` / `open` / `select` / `view` — the agent reaches for
|
||||||
|
# these when the user asks to "open" or "switch to" a session.
|
||||||
|
# There's no server-side way to make the browser navigate, so we
|
||||||
|
# just return a clickable anchor link the user can click. The
|
||||||
|
# frontend's chat-history click delegate routes `#session-<id>`
|
||||||
|
# to selectSession(). The agent's reply naturally embeds this
|
||||||
|
# result so the user sees a single clickable line.
|
||||||
|
def _session_query(db):
|
||||||
|
query = db.query(DbSession).filter(DbSession.id == target_sid)
|
||||||
|
if owner is not None:
|
||||||
|
query = query.filter(DbSession.owner == owner)
|
||||||
|
return query
|
||||||
|
|
||||||
|
if action in ("switch", "open", "select", "view"):
|
||||||
|
db = SessionLocal()
|
||||||
|
try:
|
||||||
|
db_sess = _session_query(db).first()
|
||||||
|
if not db_sess:
|
||||||
|
return {"error": f"Session '{target_sid}' not found. Use list_sessions and pass the exact id it returned."}
|
||||||
|
name = db_sess.name or target_sid
|
||||||
|
finally:
|
||||||
|
db.close()
|
||||||
|
return {
|
||||||
|
"action": action,
|
||||||
|
"session_id": target_sid,
|
||||||
|
"name": name,
|
||||||
|
"results": f"[{name}](#session-{target_sid}) — click to open.",
|
||||||
|
}
|
||||||
|
|
||||||
|
db = SessionLocal()
|
||||||
|
try:
|
||||||
|
if action == "rename":
|
||||||
|
if not value:
|
||||||
|
return {"error": "rename needs a new name (the `value` arg, or line 3 in the legacy format)"}
|
||||||
|
new_name = value
|
||||||
|
db_sess = _session_query(db).first()
|
||||||
|
if not db_sess:
|
||||||
|
return {"error": f"Session '{target_sid}' not found. Use list_sessions and pass the exact id it returned."}
|
||||||
|
db_sess.name = new_name
|
||||||
|
db.commit()
|
||||||
|
_session_manager.update_session_name(target_sid, new_name)
|
||||||
|
return {"action": "rename", "session_id": target_sid, "name": new_name,
|
||||||
|
"results": f"Session renamed to '{new_name}'"}
|
||||||
|
|
||||||
|
elif action == "archive":
|
||||||
|
db_sess = _session_query(db).first()
|
||||||
|
if not db_sess:
|
||||||
|
return {"error": f"Session '{target_sid}' not found. Use list_sessions and pass the exact id it returned."}
|
||||||
|
db_sess.archived = True
|
||||||
|
db.commit()
|
||||||
|
return {"action": "archive", "session_id": target_sid,
|
||||||
|
"results": f"Session '{db_sess.name}' archived"}
|
||||||
|
|
||||||
|
elif action == "unarchive":
|
||||||
|
db_sess = _session_query(db).first()
|
||||||
|
if not db_sess:
|
||||||
|
return {"error": f"Session '{target_sid}' not found. Use list_sessions and pass the exact id it returned."}
|
||||||
|
db_sess.archived = False
|
||||||
|
db.commit()
|
||||||
|
return {"action": "unarchive", "session_id": target_sid,
|
||||||
|
"results": f"Session '{db_sess.name}' unarchived"}
|
||||||
|
|
||||||
|
elif action == "delete":
|
||||||
|
if target_sid == session_id:
|
||||||
|
return {"error": "Cannot delete the current session while chatting in it. Delete other sessions first."}
|
||||||
|
db_sess = _session_query(db).first()
|
||||||
|
if not db_sess:
|
||||||
|
return {"error": f"Session '{target_sid}' not found. Refusing to delete an unknown chat id; use the exact id from list_sessions."}
|
||||||
|
if db_sess and db_sess.is_important:
|
||||||
|
return {"error": f"Session '{db_sess.name}' is starred/favorited. Unstar it first before deleting."}
|
||||||
|
try:
|
||||||
|
ok = _session_manager.delete_session(target_sid)
|
||||||
|
if not ok:
|
||||||
|
return {"error": f"Session '{target_sid}' was not deleted because it no longer exists."}
|
||||||
|
return {"action": "delete", "session_id": target_sid,
|
||||||
|
"results": f"Session '{db_sess.name or target_sid}' deleted"}
|
||||||
|
except Exception as e:
|
||||||
|
return {"error": f"Failed to delete session: {e}"}
|
||||||
|
|
||||||
|
elif action in ("important", "unimportant"):
|
||||||
|
is_important = action == "important"
|
||||||
|
db_sess = _session_query(db).first()
|
||||||
|
if not db_sess:
|
||||||
|
return {"error": f"Session '{target_sid}' not found. Use list_sessions and pass the exact id it returned."}
|
||||||
|
# Prevent AI from unstarring sessions — only the user can do that manually
|
||||||
|
if not is_important and db_sess.is_important:
|
||||||
|
return {"error": f"Session '{db_sess.name}' is starred by the user. Only the user can unstar sessions manually."}
|
||||||
|
db_sess.is_important = is_important
|
||||||
|
db.commit()
|
||||||
|
status = "marked as important" if is_important else "unmarked as important"
|
||||||
|
return {"action": action, "session_id": target_sid,
|
||||||
|
"results": f"Session '{db_sess.name}' {status}"}
|
||||||
|
|
||||||
|
elif action == "truncate":
|
||||||
|
db_sess = _session_query(db).first()
|
||||||
|
if not db_sess:
|
||||||
|
return {"error": f"Session '{target_sid}' not found. Use list_sessions and pass the exact id it returned."}
|
||||||
|
keep_count = 10
|
||||||
|
if value:
|
||||||
|
try:
|
||||||
|
keep_count = int(value)
|
||||||
|
except ValueError:
|
||||||
|
pass
|
||||||
|
success = _session_manager.truncate_messages(target_sid, keep_count)
|
||||||
|
if success:
|
||||||
|
return {"action": "truncate", "session_id": target_sid,
|
||||||
|
"results": f"Session truncated to last {keep_count} messages"}
|
||||||
|
return {"error": f"Failed to truncate session '{target_sid}'"}
|
||||||
|
|
||||||
|
elif action == "fork":
|
||||||
|
db_sess = _session_query(db).first()
|
||||||
|
if not db_sess:
|
||||||
|
return {"error": f"Session '{target_sid}' not found. Use list_sessions and pass the exact id it returned."}
|
||||||
|
keep_count = 0 # 0 = all messages
|
||||||
|
if value:
|
||||||
|
try:
|
||||||
|
keep_count = int(value)
|
||||||
|
except ValueError:
|
||||||
|
pass
|
||||||
|
|
||||||
|
source = _session_manager.get_session(target_sid)
|
||||||
|
if not source:
|
||||||
|
return {"error": f"Session '{target_sid}' not found"}
|
||||||
|
|
||||||
|
new_sid = str(uuid.uuid4())[:8]
|
||||||
|
_session_manager.create_session(
|
||||||
|
session_id=new_sid,
|
||||||
|
name=f"Fork: {source.name}",
|
||||||
|
endpoint_url=source.endpoint_url,
|
||||||
|
model=source.model,
|
||||||
|
rag=False,
|
||||||
|
owner=owner,
|
||||||
|
)
|
||||||
|
# Copy messages
|
||||||
|
history = source.get_context_messages()
|
||||||
|
if keep_count > 0:
|
||||||
|
history = history[:keep_count]
|
||||||
|
from core.models import ChatMessage as InMemoryMsg
|
||||||
|
new_sess = _session_manager.get_session(new_sid)
|
||||||
|
for msg in history:
|
||||||
|
new_sess.add_message(InMemoryMsg(msg["role"], msg["content"]))
|
||||||
|
try:
|
||||||
|
from src.event_bus import fire_event
|
||||||
|
fire_event("session_created", owner)
|
||||||
|
except Exception:
|
||||||
|
logger.debug("session_created event dispatch failed", exc_info=True)
|
||||||
|
|
||||||
|
return {"action": "fork", "session_id": new_sid,
|
||||||
|
"source_session": target_sid, "messages_copied": len(history),
|
||||||
|
"results": f"Forked session '{source.name}' -> new session {new_sid} ({len(history)} messages)"}
|
||||||
|
|
||||||
|
else:
|
||||||
|
return {"error": f"Unknown action '{action}'. Use: list, switch, rename, archive, unarchive, delete, important, unimportant, truncate, fork"}
|
||||||
|
except Exception as e:
|
||||||
|
logger.error(f"manage_session failed: {e}")
|
||||||
|
return {"error": str(e)}
|
||||||
|
finally:
|
||||||
|
db.close()
|
||||||
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
# Memory management tool
|
# Memory management tool
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
@@ -455,6 +1104,85 @@ async def do_manage_memory(content: str, session_id: Optional[str] = None, owner
|
|||||||
return {"error": f"Unknown action '{action}'. Use: list, add, edit, delete, search"}
|
return {"error": f"Unknown action '{action}'. Use: list, add, edit, delete, search"}
|
||||||
|
|
||||||
|
|
||||||
|
# ---------------------------------------------------------------------------
|
||||||
|
# List models tool
|
||||||
|
# ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
async def do_list_models(content: str, session_id: Optional[str] = None, owner: Optional[str] = None) -> Dict:
|
||||||
|
"""List all available models across configured endpoints.
|
||||||
|
|
||||||
|
Content = optional filter keyword.
|
||||||
|
"""
|
||||||
|
import httpx
|
||||||
|
from src.database import SessionLocal, ModelEndpoint
|
||||||
|
from src.llm_core import _detect_provider, ANTHROPIC_MODELS
|
||||||
|
from src.auth_helpers import owner_filter
|
||||||
|
|
||||||
|
keyword = content.strip().lower() if content.strip() else None
|
||||||
|
|
||||||
|
db = SessionLocal()
|
||||||
|
try:
|
||||||
|
query = db.query(ModelEndpoint).filter(ModelEndpoint.is_enabled == True)
|
||||||
|
if owner:
|
||||||
|
query = owner_filter(query, ModelEndpoint, owner)
|
||||||
|
endpoints = query.all()
|
||||||
|
if not endpoints:
|
||||||
|
return {"results": "No enabled model endpoints configured."}
|
||||||
|
|
||||||
|
result_lines = []
|
||||||
|
total_models = 0
|
||||||
|
|
||||||
|
for ep in endpoints:
|
||||||
|
try:
|
||||||
|
base, api_key = resolve_endpoint_runtime(ep, owner=owner)
|
||||||
|
except Exception:
|
||||||
|
continue
|
||||||
|
provider = _detect_provider(base)
|
||||||
|
headers = build_headers(api_key, base)
|
||||||
|
|
||||||
|
model_ids = []
|
||||||
|
if provider == "anthropic":
|
||||||
|
model_ids = list(ANTHROPIC_MODELS)
|
||||||
|
else:
|
||||||
|
try:
|
||||||
|
models_url = build_models_url(base)
|
||||||
|
if models_url:
|
||||||
|
r = httpx.get(models_url, headers=headers, timeout=5)
|
||||||
|
r.raise_for_status()
|
||||||
|
data = r.json()
|
||||||
|
model_ids = [m.get("id") for m in (data.get("data") or []) if m.get("id")]
|
||||||
|
if not model_ids:
|
||||||
|
model_ids = [
|
||||||
|
m.get("name") or m.get("model")
|
||||||
|
for m in (data.get("models") or [])
|
||||||
|
if m.get("name") or m.get("model")
|
||||||
|
]
|
||||||
|
else:
|
||||||
|
model_ids = json.loads(ep.cached_models or "[]")
|
||||||
|
except Exception:
|
||||||
|
model_ids = ["(endpoint offline)"]
|
||||||
|
|
||||||
|
if keyword:
|
||||||
|
model_ids = [m for m in model_ids if keyword in m.lower() or keyword in (ep.name or "").lower()]
|
||||||
|
|
||||||
|
if model_ids:
|
||||||
|
result_lines.append(f"\n**{ep.name or base}** ({provider}):")
|
||||||
|
for mid in model_ids:
|
||||||
|
result_lines.append(f" - `{mid}`")
|
||||||
|
total_models += 1
|
||||||
|
|
||||||
|
if not result_lines:
|
||||||
|
return {"results": "No models found" + (f" matching '{keyword}'" if keyword else "") + "."}
|
||||||
|
|
||||||
|
header = f"Available models ({total_models} total):"
|
||||||
|
return {"results": header + "\n".join(result_lines)}
|
||||||
|
except Exception as e:
|
||||||
|
logger.error(f"list_models failed: {e}")
|
||||||
|
return {"error": str(e)}
|
||||||
|
finally:
|
||||||
|
db.close()
|
||||||
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
# RAG management tool
|
# RAG management tool
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
@@ -625,7 +1353,7 @@ async def do_ui_control(content: str, session_id: Optional[str] = None, owner: O
|
|||||||
|
|
||||||
# Resolve the model to validate it exists
|
# Resolve the model to validate it exists
|
||||||
try:
|
try:
|
||||||
url, model_id, headers = await asyncio.to_thread(_resolve_model, model_spec, owner=owner)
|
url, model_id, headers = _resolve_model(model_spec, owner=owner)
|
||||||
except ValueError as e:
|
except ValueError as e:
|
||||||
return {"error": str(e)}
|
return {"error": str(e)}
|
||||||
|
|
||||||
@@ -915,7 +1643,7 @@ async def do_generate_image(content: str, session_id: Optional[str] = None, owne
|
|||||||
if not model_spec:
|
if not model_spec:
|
||||||
for candidate in ("gpt-image-1.5", "gpt-image-1", "dall-e-3"):
|
for candidate in ("gpt-image-1.5", "gpt-image-1", "dall-e-3"):
|
||||||
try:
|
try:
|
||||||
await asyncio.to_thread(_resolve_model, candidate, owner=owner)
|
_resolve_model(candidate, owner=owner)
|
||||||
model_spec = candidate
|
model_spec = candidate
|
||||||
break
|
break
|
||||||
except ValueError:
|
except ValueError:
|
||||||
@@ -942,9 +1670,7 @@ async def do_generate_image(content: str, session_id: Optional[str] = None, owne
|
|||||||
try:
|
try:
|
||||||
_r = _req.get(_ibase + "/models", timeout=3)
|
_r = _req.get(_ibase + "/models", timeout=3)
|
||||||
_r.raise_for_status()
|
_r.raise_for_status()
|
||||||
_data = _r.json()
|
_mids = [m.get("id") for m in (_r.json().get("data") or []) if m.get("id")]
|
||||||
_ditems = _data if isinstance(_data, list) else (_data.get("data") or [])
|
|
||||||
_mids = [m.get("id") for m in _ditems if isinstance(m, dict) and m.get("id")]
|
|
||||||
if _mids:
|
if _mids:
|
||||||
model_spec = _mids[0]
|
model_spec = _mids[0]
|
||||||
break
|
break
|
||||||
@@ -959,7 +1685,7 @@ async def do_generate_image(content: str, session_id: Optional[str] = None, owne
|
|||||||
|
|
||||||
# Resolve the model to find the right endpoint
|
# Resolve the model to find the right endpoint
|
||||||
try:
|
try:
|
||||||
url, model_id, headers = await asyncio.to_thread(_resolve_model, model_spec, owner=owner)
|
url, model_id, headers = _resolve_model(model_spec, owner=owner)
|
||||||
except ValueError:
|
except ValueError:
|
||||||
return {"error": f"No endpoint found with image model '{model_spec}'. "
|
return {"error": f"No endpoint found with image model '{model_spec}'. "
|
||||||
"Configure an OpenAI-compatible endpoint with image generation support."}
|
"Configure an OpenAI-compatible endpoint with image generation support."}
|
||||||
@@ -1105,20 +1831,55 @@ async def dispatch_ai_tool(
|
|||||||
) -> Tuple[str, Dict]:
|
) -> Tuple[str, Dict]:
|
||||||
"""Dispatch an AI interaction tool. Returns (description, result_dict)."""
|
"""Dispatch an AI interaction tool. Returns (description, result_dict)."""
|
||||||
|
|
||||||
if tool == "pipeline":
|
if tool == "chat_with_model":
|
||||||
|
model_spec = content.split("\n")[0].strip()[:60]
|
||||||
|
desc = f"chat_with_model: {model_spec}"
|
||||||
|
result = await do_chat_with_model(content, session_id, owner=owner)
|
||||||
|
|
||||||
|
elif tool == "create_session":
|
||||||
|
name = content.split("\n")[0].strip()[:60]
|
||||||
|
desc = f"create_session: {name}"
|
||||||
|
result = await do_create_session(content, session_id, owner=owner)
|
||||||
|
|
||||||
|
elif tool == "list_sessions":
|
||||||
|
keyword = content.strip()[:40]
|
||||||
|
desc = f"list_sessions{': ' + keyword if keyword else ''}"
|
||||||
|
result = await do_list_sessions(content, session_id, owner=owner)
|
||||||
|
|
||||||
|
elif tool == "send_to_session":
|
||||||
|
sid = content.split("\n")[0].strip()[:20]
|
||||||
|
desc = f"send_to_session: {sid}"
|
||||||
|
result = await do_send_to_session(content, session_id, owner=owner)
|
||||||
|
|
||||||
|
elif tool == "pipeline":
|
||||||
desc = "pipeline: running steps"
|
desc = "pipeline: running steps"
|
||||||
result = await do_pipeline(content, session_id, owner=owner)
|
result = await do_pipeline(content, session_id, owner=owner)
|
||||||
|
|
||||||
|
elif tool == "manage_session":
|
||||||
|
action = content.split("\n")[0].strip()[:40]
|
||||||
|
desc = f"manage_session: {action}"
|
||||||
|
result = await do_manage_session(content, session_id, owner=owner)
|
||||||
|
|
||||||
elif tool == "manage_memory":
|
elif tool == "manage_memory":
|
||||||
action = content.split("\n")[0].strip()[:40]
|
action = content.split("\n")[0].strip()[:40]
|
||||||
desc = f"manage_memory: {action}"
|
desc = f"manage_memory: {action}"
|
||||||
result = await do_manage_memory(content, session_id, owner=owner)
|
result = await do_manage_memory(content, session_id, owner=owner)
|
||||||
|
|
||||||
|
elif tool == "list_models":
|
||||||
|
keyword = content.strip()[:40]
|
||||||
|
desc = f"list_models{': ' + keyword if keyword else ''}"
|
||||||
|
result = await do_list_models(content, session_id, owner=owner)
|
||||||
|
|
||||||
elif tool == "ui_control":
|
elif tool == "ui_control":
|
||||||
action = content.split("\n")[0].strip()[:60]
|
action = content.split("\n")[0].strip()[:60]
|
||||||
desc = f"ui_control: {action}"
|
desc = f"ui_control: {action}"
|
||||||
result = await do_ui_control(content, session_id, owner=owner)
|
result = await do_ui_control(content, session_id, owner=owner)
|
||||||
|
|
||||||
|
elif tool == "ask_teacher":
|
||||||
|
problem = content.split("\n", 1)[-1].strip()[:60]
|
||||||
|
desc = f"ask_teacher: {problem}"
|
||||||
|
result = await do_ask_teacher(content, session_id, owner=owner)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
desc = f"unknown ai tool: {tool}"
|
desc = f"unknown ai tool: {tool}"
|
||||||
result = {"error": f"Unknown AI interaction tool: {tool}"}
|
result = {"error": f"Unknown AI interaction tool: {tool}"}
|
||||||
|
|||||||
+2
-17
@@ -81,26 +81,11 @@ class APIKeyManager:
|
|||||||
keys stay encrypted. Loading via load() first would decrypt them and
|
keys stay encrypted. Loading via load() first would decrypt them and
|
||||||
write them back as plaintext, which then fails to decrypt on the next
|
write them back as plaintext, which then fails to decrypt on the next
|
||||||
load() and silently drops those providers.
|
load() and silently drops those providers.
|
||||||
|
|
||||||
Uses atomic write (temp file + os.replace) so a crash, disk-full, or
|
|
||||||
mid-write error never truncates the existing keys file.
|
|
||||||
"""
|
"""
|
||||||
keys = self._load_raw()
|
keys = self._load_raw()
|
||||||
keys[provider] = self.encrypt_api_key(api_key)
|
keys[provider] = self.encrypt_api_key(api_key)
|
||||||
tmp_file = self.api_keys_file + ".tmp"
|
with open(self.api_keys_file, 'w', encoding="utf-8") as f:
|
||||||
try:
|
json.dump(keys, f)
|
||||||
with open(tmp_file, 'w', encoding="utf-8") as f:
|
|
||||||
json.dump(keys, f)
|
|
||||||
f.flush()
|
|
||||||
os.fsync(f.fileno())
|
|
||||||
os.replace(tmp_file, self.api_keys_file)
|
|
||||||
except OSError:
|
|
||||||
# Clean up temp file on failure; re-raise so callers see the error
|
|
||||||
try:
|
|
||||||
os.remove(tmp_file)
|
|
||||||
except OSError:
|
|
||||||
pass
|
|
||||||
raise
|
|
||||||
|
|
||||||
def load(self) -> Dict[str, str]:
|
def load(self) -> Dict[str, str]:
|
||||||
"""Load and decrypt API keys"""
|
"""Load and decrypt API keys"""
|
||||||
|
|||||||
+1
-30
@@ -1,13 +1,6 @@
|
|||||||
# src/app_helpers.py
|
# src/app_helpers.py
|
||||||
import base64
|
|
||||||
import logging
|
|
||||||
import os
|
import os
|
||||||
|
import base64
|
||||||
from fastapi import HTTPException
|
|
||||||
from fastapi.responses import HTMLResponse
|
|
||||||
from starlette.requests import Request
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
|
||||||
|
|
||||||
def read_if_exists(path: str) -> str:
|
def read_if_exists(path: str) -> str:
|
||||||
"""Read file if it exists, return empty string otherwise."""
|
"""Read file if it exists, return empty string otherwise."""
|
||||||
@@ -27,28 +20,6 @@ def abs_join(base_dir: str, rel: str) -> str:
|
|||||||
"""Join paths and return absolute path."""
|
"""Join paths and return absolute path."""
|
||||||
return os.path.abspath(os.path.join(base_dir, rel))
|
return os.path.abspath(os.path.join(base_dir, rel))
|
||||||
|
|
||||||
def serve_html_with_nonce(request: Request, file_path: str) -> HTMLResponse:
|
|
||||||
"""Read an app-bundled HTML page and inject the CSP nonce into inline <script> tags.
|
|
||||||
|
|
||||||
Callers pass fixed, server-owned template paths (index/login/backgrounds),
|
|
||||||
never a client-supplied path. So any read failure here — a missing file
|
|
||||||
(broken deployment) or a permission/IO error — is a server fault, not a
|
|
||||||
client "not found": map all of them to a logged 500 so a missing core
|
|
||||||
template surfaces in 5xx alerting instead of hiding behind a 404. If a
|
|
||||||
future caller serves a client-influenced path where 404 is correct, branch
|
|
||||||
that at the call site rather than defaulting this shared helper to 404.
|
|
||||||
"""
|
|
||||||
try:
|
|
||||||
with open(file_path, "r", encoding="utf-8") as f:
|
|
||||||
html = f.read()
|
|
||||||
except OSError:
|
|
||||||
logger.exception("Failed to read page %s", file_path)
|
|
||||||
raise HTTPException(500, "Internal server error")
|
|
||||||
nonce = getattr(request.state, "csp_nonce", "")
|
|
||||||
html = html.replace("{{CSP_NONCE}}", nonce)
|
|
||||||
return HTMLResponse(html)
|
|
||||||
|
|
||||||
|
|
||||||
def inside_base_dir(base_dir: str, path: str) -> bool:
|
def inside_base_dir(base_dir: str, path: str) -> bool:
|
||||||
"""Check if path is inside base directory."""
|
"""Check if path is inside base directory."""
|
||||||
if not isinstance(base_dir, str) or not isinstance(path, str):
|
if not isinstance(base_dir, str) or not isinstance(path, str):
|
||||||
|
|||||||
@@ -68,10 +68,8 @@ def initialize_managers(base_dir: str, rag_manager=None) -> Dict[str, Any]:
|
|||||||
logger.info(f"Rebuilt memory vector index from {len(existing)} existing entries")
|
logger.info(f"Rebuilt memory vector index from {len(existing)} existing entries")
|
||||||
logger.info("MemoryVectorStore initialized")
|
logger.info("MemoryVectorStore initialized")
|
||||||
else:
|
else:
|
||||||
# Keep the unhealthy object (do NOT reset to None): consumers gate on
|
|
||||||
# `.healthy`, and service_health.chromadb_health() needs a present
|
|
||||||
# object to report DEGRADED/DOWN instead of DISABLED ("not configured").
|
|
||||||
logger.warning("MemoryVectorStore DEGRADED: ChromaDB vector memory unavailable")
|
logger.warning("MemoryVectorStore DEGRADED: ChromaDB vector memory unavailable")
|
||||||
|
memory_vector = None
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.warning(f"MemoryVectorStore DEGRADED: {e}")
|
logger.warning(f"MemoryVectorStore DEGRADED: {e}")
|
||||||
memory_vector = None
|
memory_vector = None
|
||||||
|
|||||||
+1
-23
@@ -263,32 +263,10 @@ def list_for_session(session_id: str) -> List[Dict[str, Any]]:
|
|||||||
return [r for r in refresh().values() if r.get("session_id") == session_id]
|
return [r for r in refresh().values() if r.get("session_id") == session_id]
|
||||||
|
|
||||||
|
|
||||||
def kill(job_id: str) -> Optional[Dict[str, Any]]:
|
|
||||||
"""Terminate a running job's process tree and mark it killed. Returns the
|
|
||||||
updated record, or None if the id is unknown. Idempotent: a job that already
|
|
||||||
finished is returned unchanged. Sets followed_up so the monitor does not also
|
|
||||||
fire an auto-continue for a job the agent deliberately stopped."""
|
|
||||||
jobs = _load()
|
|
||||||
rec = jobs.get(job_id)
|
|
||||||
if rec is None:
|
|
||||||
return None
|
|
||||||
if rec.get("status") == "running":
|
|
||||||
_kill(rec.get("pid"))
|
|
||||||
rec["status"] = "failed"
|
|
||||||
rec["exit_code"] = -1
|
|
||||||
rec["ended_at"] = time.time()
|
|
||||||
rec["killed"] = True
|
|
||||||
rec["followed_up"] = True
|
|
||||||
_save(jobs)
|
|
||||||
return rec
|
|
||||||
|
|
||||||
|
|
||||||
def result_text(rec: Dict[str, Any]) -> str:
|
def result_text(rec: Dict[str, Any]) -> str:
|
||||||
"""Human/agent-readable summary of a finished job, for the follow-up."""
|
"""Human/agent-readable summary of a finished job, for the follow-up."""
|
||||||
out = _read_output(rec)
|
out = _read_output(rec)
|
||||||
if rec.get("killed"):
|
if rec.get("timed_out"):
|
||||||
head = "Background job was killed."
|
|
||||||
elif rec.get("timed_out"):
|
|
||||||
head = f"Background job timed out after {rec.get('max_runtime_s')}s."
|
head = f"Background job timed out after {rec.get('max_runtime_s')}s."
|
||||||
elif rec.get("died"):
|
elif rec.get("died"):
|
||||||
head = "Background job process died unexpectedly (no exit code)."
|
head = "Background job process died unexpectedly (no exit code)."
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user