gitarsenal-cli 1.1.2 → 1.1.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gitarsenal-cli",
-  "version": "1.1.2",
+  "version": "1.1.3",
   "description": "CLI tool for creating Modal sandboxes with GitHub repositories",
   "main": "index.js",
   "bin": {

package/python/README.md

@@ -68,6 +68,101 @@ This will guide you through setting up:
 - `--setup-commands`: Setup commands to run
 - `--volume-name`: Name of the Modal volume for persistent storage
 - `--timeout`: Container timeout in minutes (SSH mode only, default: 60)
+- `--use-proxy`: Use Modal proxy service instead of direct Modal access
+
+## Using the Modal Proxy Service
+
+GitArsenal CLI now supports using a Modal proxy service, which allows you to use Modal services without having your own Modal token. This is useful for teams or organizations where a single Modal account is shared.
+
+### Setting Up the Proxy Service
+
+#### 1. Create an Environment File
+
+Copy the example environment file and edit it:
+
+```bash
+cp .env.example .env
+```
+
+Edit the `.env` file to add your Modal token:
+
+```
+MODAL_TOKEN=your_modal_token_here
+```
+
+#### 2. Run the Proxy Service
+
+```bash
+# Start the proxy service
+python modal_proxy_service.py
+```
+
+The service will start on port 5001 by default (to avoid conflicts with macOS AirPlay on port 5000).
+
+#### 3. Create an API Key for Clients
+
+When the service starts for the first time, it will generate an admin key. Use this key to create API keys for clients:
+
+```bash
+# Create a new API key
+curl -X POST -H "X-Admin-Key: your_admin_key" http://localhost:5001/api/create-api-key
+```
+
+#### 4. Using ngrok for Public Access (Optional)
+
+If you want to make your proxy service accessible from outside your network:
+
+```bash
+# Install ngrok if you haven't already
+brew install ngrok  # On macOS
+
+# Start ngrok to expose your proxy service
+ngrok http 5001
+```
+
+Use the ngrok URL when configuring clients.
+
+### Configuring the Client
+
+```bash
+# Configure the proxy service
+./gitarsenal.py proxy configure
+```
+
+This will prompt you for the proxy service URL and API key.
+
+### Checking Proxy Service Status
+
+```bash
+# Check if the proxy service is running
+./gitarsenal.py proxy status
+```
+
+### Creating a Sandbox through the Proxy
+
+```bash
+# Create a sandbox through the proxy service
+./gitarsenal.py proxy sandbox --gpu A10G --repo-url "https://github.com/username/repo.git" --wait
+```
+
+### Creating an SSH Container through the Proxy
+
+```bash
+# Create an SSH container through the proxy service
+./gitarsenal.py proxy ssh --gpu A10G --repo-url "https://github.com/username/repo.git" --wait
+```
+
+### Using the Proxy with Standard Commands
+
+You can also use the proxy service with the standard `sandbox` and `ssh` commands by adding the `--use-proxy` flag:
+
+```bash
+# Create a sandbox using the proxy service
+./gitarsenal.py sandbox --gpu A10G --repo-url "https://github.com/username/repo.git" --use-proxy
+
+# Create an SSH container using the proxy service
+./gitarsenal.py ssh --gpu A10G --repo-url "https://github.com/username/repo.git" --use-proxy
+```
 
 ## Managing Credentials
 
@@ -97,6 +192,8 @@ You can manage your credentials using the following commands:
 
 Your credentials are stored securely in `~/.gitarsenal/credentials.json` with restrictive file permissions. The file is only readable by your user account.
 
+Proxy configuration is stored in `~/.gitarsenal/proxy_config.json` with similar security measures.
+
 ## Troubleshooting
 
 ### Modal Authentication Issues
@@ -118,6 +215,29 @@ If you see errors like "Token missing" or "Could not authenticate client":
    ./gitarsenal.py credentials set modal_token
    ```
 
+### Proxy Service Issues
+
+If you're having issues with the proxy service:
+
+1. Check if the proxy service is running:
+   ```bash
+   ./gitarsenal.py proxy status
+   ```
+
+2. Reconfigure the proxy service:
+   ```bash
+   ./gitarsenal.py proxy configure
+   ```
+
+3. Make sure you have a valid API key for the proxy service.
+
+4. Check the proxy service logs:
+   ```bash
+   cat modal_proxy.log
+   ```
+
+5. If using ngrok, make sure the tunnel is active and use the correct URL.
+
 ### API Timeout Issues
 
 If the GitArsenal API times out when analyzing repositories, the tool will automatically use fallback setup commands based on the detected programming language and technologies.

package/python/gitarsenal.py

@@ -59,6 +59,27 @@ def check_modal_auth():
         print(f"⚠️ Error checking Modal authentication: {e}")
         return False
 
+def check_proxy_config():
+    """Check if Modal proxy is configured"""
+    try:
+        # Import the proxy client
+        from gitarsenal_proxy_client import GitArsenalProxyClient
+        
+        # Create client and load config
+        client = GitArsenalProxyClient()
+        config = client.load_config()
+        
+        # Check if proxy URL and API key are configured
+        if "proxy_url" in config and "api_key" in config:
+            return True
+        else:
+            return False
+    except ImportError:
+        return False
+    except Exception as e:
+        print(f"⚠️ Error checking proxy configuration: {e}")
+        return False
+
 def main():
     parser = argparse.ArgumentParser(description="GitArsenal CLI - GPU-accelerated cloud environments")
     subparsers = parser.add_subparsers(dest="command", help="Command to run")
@@ -96,8 +117,10 @@ def main():
     sandbox_parser.add_argument("--repo-name", type=str, help="Repository name override")
     sandbox_parser.add_argument("--setup-commands", type=str, nargs="+", help="Setup commands to run")
     sandbox_parser.add_argument("--volume-name", type=str, help="Name of the Modal volume for persistent storage")
+    sandbox_parser.add_argument("--use-api", action="store_true", help="Use API for setup commands")
+    sandbox_parser.add_argument("--use-proxy", action="store_true", help="Use Modal proxy service instead of direct Modal access")
     
-    # SSH container command
+    # SSH command
     ssh_parser = subparsers.add_parser("ssh", help="Create a Modal SSH container")
     ssh_parser.add_argument("--gpu", type=str, default="A10G", choices=["A10G", "A100", "H100", "T4", "V100"],
                           help="GPU type (default: A10G)")
@@ -106,123 +129,387 @@ def main():
     ssh_parser.add_argument("--setup-commands", type=str, nargs="+", help="Setup commands to run")
     ssh_parser.add_argument("--volume-name", type=str, help="Name of the Modal volume for persistent storage")
     ssh_parser.add_argument("--timeout", type=int, default=60, help="Container timeout in minutes (default: 60)")
+    ssh_parser.add_argument("--use-api", action="store_true", help="Use API for setup commands")
+    ssh_parser.add_argument("--use-proxy", action="store_true", help="Use Modal proxy service instead of direct Modal access")
+    
+    # Proxy command
+    proxy_parser = subparsers.add_parser("proxy", help="Configure and use Modal proxy service")
+    proxy_subparsers = proxy_parser.add_subparsers(dest="proxy_command", help="Proxy command")
+    
+    # Proxy configure command
+    proxy_configure_parser = proxy_subparsers.add_parser("configure", help="Configure Modal proxy service")
+    
+    # Proxy status command
+    proxy_status_parser = proxy_subparsers.add_parser("status", help="Check Modal proxy service status")
+    
+    # Proxy sandbox command
+    proxy_sandbox_parser = proxy_subparsers.add_parser("sandbox", help="Create a sandbox through Modal proxy")
+    proxy_sandbox_parser.add_argument("--gpu", type=str, default="A10G", choices=["A10G", "A100", "H100", "T4", "V100"],
+                                    help="GPU type (default: A10G)")
+    proxy_sandbox_parser.add_argument("--repo-url", type=str, help="Repository URL to clone")
+    proxy_sandbox_parser.add_argument("--repo-name", type=str, help="Repository name override")
+    proxy_sandbox_parser.add_argument("--setup-commands", type=str, nargs="+", help="Setup commands to run")
+    proxy_sandbox_parser.add_argument("--volume-name", type=str, help="Name of the Modal volume for persistent storage")
+    proxy_sandbox_parser.add_argument("--wait", action="store_true", help="Wait for sandbox to be ready")
+    
+    # Proxy ssh command
+    proxy_ssh_parser = proxy_subparsers.add_parser("ssh", help="Create an SSH container through Modal proxy")
+    proxy_ssh_parser.add_argument("--gpu", type=str, default="A10G", choices=["A10G", "A100", "H100", "T4", "V100"],
+                                help="GPU type (default: A10G)")
+    proxy_ssh_parser.add_argument("--repo-url", type=str, help="Repository URL to clone")
+    proxy_ssh_parser.add_argument("--repo-name", type=str, help="Repository name override")
+    proxy_ssh_parser.add_argument("--setup-commands", type=str, nargs="+", help="Setup commands to run")
+    proxy_ssh_parser.add_argument("--volume-name", type=str, help="Name of the Modal volume for persistent storage")
+    proxy_ssh_parser.add_argument("--timeout", type=int, default=60, help="Container timeout in minutes (default: 60)")
+    proxy_ssh_parser.add_argument("--wait", action="store_true", help="Wait for container to be ready")
     
     args = parser.parse_args()
     
-    # If no command is provided, show help
     if not args.command:
         parser.print_help()
-        return 1
-    
-    # Handle credentials commands
-    if args.command == "credentials":
-        cred_args = []
-        
-        if not args.cred_command:
-            cred_parser.print_help()
-            return 1
-            
-        cred_args.append(args.cred_command)
-        
-        if args.cred_command == "set" or args.cred_command == "get":
-            cred_args.append(args.key)
-        elif args.cred_command == "clear" and args.key != "all":
-            cred_args.append(args.key)
-            
-        return run_script("manage_credentials.py", cred_args)
+        return 0
     
     # For sandbox and SSH commands, check Modal authentication first
     if args.command in ["sandbox", "ssh"]:
-        # Check if Modal is authenticated
-        if not check_modal_auth():
-            print("\n⚠️ Please authenticate with Modal before proceeding.")
-            return 1
-        
-        # Try to load credentials and set Modal token if available
+        # Check if using proxy service
+        if hasattr(args, 'use_proxy') and args.use_proxy:
+            # Check if proxy is configured
+            if not check_proxy_config():
+                print("\n⚠️ Modal proxy service is not configured.")
+                print("Please run './gitarsenal.py proxy configure' first.")
+                return 1
+        else:
+            # Check if Modal is authenticated
+            if not check_modal_auth():
+                print("\n⚠️ Please authenticate with Modal before proceeding.")
+                return 1
+            
+            # Try to load credentials and set Modal token if available
+            try:
+                from credentials_manager import CredentialsManager
+                credentials_manager = CredentialsManager()
+                credentials = credentials_manager.load_credentials()
+                
+                if "modal_token" in credentials:
+                    # Set the Modal token in the environment
+                    os.environ["MODAL_TOKEN_ID"] = credentials["modal_token"]
+                    print("✅ Using Modal token from credentials")
+                    
+                    # Try to authenticate with the token
+                    try:
+                        token_result = subprocess.run(
+                            ["modal", "token", "set", credentials["modal_token"]], 
+                            capture_output=True, text=True
+                        )
+                        if token_result.returncode == 0:
+                            print("✅ Successfully authenticated with Modal")
+                    except Exception as e:
+                        print(f"⚠️ Error setting Modal token: {e}")
+            except ImportError:
+                print("⚠️ Could not load credentials manager")
+            except Exception as e:
+                print(f"⚠️ Error loading credentials: {e}")
+    
+    # Handle credentials commands
+    if args.command == "credentials":
         try:
             from credentials_manager import CredentialsManager
             credentials_manager = CredentialsManager()
-            credentials = credentials_manager.load_credentials()
             
-            if "modal_token" in credentials:
-                # Set the Modal token in the environment
-                os.environ["MODAL_TOKEN_ID"] = credentials["modal_token"]
-                print("✅ Using Modal token from credentials")
+            if args.cred_command == "setup":
+                # Set up all credentials
+                print("🔧 Setting up all credentials")
+                
+                # Modal token
+                modal_token = credentials_manager.get_modal_token()
+                if modal_token:
+                    print("✅ Modal token set")
+                else:
+                    print("⚠️ Modal token not set")
+                
+                # OpenAI API key
+                openai_api_key = credentials_manager.get_openai_api_key()
+                if openai_api_key:
+                    print("✅ OpenAI API key set")
+                else:
+                    print("⚠️ OpenAI API key not set")
+                
+                # Hugging Face token
+                huggingface_token = credentials_manager.get_huggingface_token()
+                if huggingface_token:
+                    print("✅ Hugging Face token set")
+                else:
+                    print("⚠️ Hugging Face token not set")
+                
+                # Weights & Biases API key
+                wandb_api_key = credentials_manager.get_wandb_api_key()
+                if wandb_api_key:
+                    print("✅ Weights & Biases API key set")
+                else:
+                    print("⚠️ Weights & Biases API key not set")
+                
+            elif args.cred_command == "set":
+                # Set a specific credential
+                if args.key == "modal_token":
+                    modal_token = credentials_manager.get_modal_token()
+                    if modal_token:
+                        print("✅ Modal token set")
+                    else:
+                        print("⚠️ Modal token not set")
+                elif args.key == "openai_api_key":
+                    openai_api_key = credentials_manager.get_openai_api_key()
+                    if openai_api_key:
+                        print("✅ OpenAI API key set")
+                    else:
+                        print("⚠️ OpenAI API key not set")
+                elif args.key == "huggingface_token":
+                    huggingface_token = credentials_manager.get_huggingface_token()
+                    if huggingface_token:
+                        print("✅ Hugging Face token set")
+                    else:
+                        print("⚠️ Hugging Face token not set")
+                elif args.key == "wandb_api_key":
+                    wandb_api_key = credentials_manager.get_wandb_api_key()
+                    if wandb_api_key:
+                        print("✅ Weights & Biases API key set")
+                    else:
+                        print("⚠️ Weights & Biases API key not set")
+            
+            elif args.cred_command == "get":
+                # Get a specific credential
+                credentials = credentials_manager.load_credentials()
+                if args.key in credentials:
+                    # Mask the credential for security
+                    value = credentials[args.key]
+                    masked_value = value[:4] + "*" * (len(value) - 8) + value[-4:] if len(value) > 8 else "****"
+                    print(f"{args.key}: {masked_value}")
+                else:
+                    print(f"⚠️ {args.key} not found")
+            
+            elif args.cred_command == "clear":
+                # Clear credentials
+                if args.key == "all":
+                    credentials_manager.clear_all_credentials()
+                    print("✅ All credentials cleared")
+                else:
+                    if credentials_manager.clear_credential(args.key):
+                        print(f"✅ {args.key} cleared")
+                    else:
+                        print(f"⚠️ {args.key} not found")
+            
+            elif args.cred_command == "list":
+                # List all credentials
+                credentials = credentials_manager.load_credentials()
+                if credentials:
+                    print("📋 Saved credentials:")
+                    for key in credentials:
+                        print(f"  - {key}")
+                else:
+                    print("⚠️ No credentials found")
+            
+            else:
+                print("⚠️ Unknown credentials command")
+                return 1
                 
-                # Try to authenticate with the token
-                try:
-                    token_result = subprocess.run(
-                        ["modal", "token", "set", credentials["modal_token"]], 
-                        capture_output=True, text=True
-                    )
-                    if token_result.returncode == 0:
-                        print("✅ Successfully authenticated with Modal")
-                except Exception as e:
-                    print(f"⚠️ Error setting Modal token: {e}")
         except ImportError:
-            print("⚠️ Could not load credentials manager")
+            print("❌ Could not import credentials_manager module")
+            return 1
         except Exception as e:
-            print(f"⚠️ Error loading credentials: {e}")
+            print(f"❌ Error: {e}")
+            return 1
     
     # Handle sandbox command
-    if args.command == "sandbox":
-        sandbox_args = []
+    elif args.command == "sandbox":
+        try:
+            # Check if using proxy service
+            if args.use_proxy:
+                # Import proxy client
+                try:
+                    from gitarsenal_proxy_client import GitArsenalProxyClient
+                    client = GitArsenalProxyClient()
+                    
+                    # Create sandbox through proxy
+                    result = client.create_sandbox(
+                        gpu_type=args.gpu,
+                        repo_url=args.repo_url,
+                        repo_name=args.repo_name,
+                        setup_commands=args.setup_commands,
+                        volume_name=args.volume_name,
+                        wait=True  # Always wait for sandbox to be ready
+                    )
+                    
+                    if not result:
+                        print("❌ Failed to create sandbox through proxy service")
+                        return 1
+                    
+                    print("✅ Sandbox created successfully through proxy service")
+                    
+                except ImportError:
+                    print("❌ Could not import gitarsenal_proxy_client module")
+                    print("Please make sure gitarsenal_proxy_client.py is in the same directory")
+                    return 1
+            else:
+                # Import sandbox creation function
+                from test_modalSandboxScript import create_modal_sandbox
+                
+                # Create sandbox directly
+                result = create_modal_sandbox(
+                    args.gpu,
+                    repo_url=args.repo_url,
+                    repo_name=args.repo_name,
+                    setup_commands=args.setup_commands,
+                    volume_name=args.volume_name
+                )
+                
+                if not result:
+                    print("❌ Failed to create sandbox")
+                    return 1
+                
+                print("✅ Sandbox created successfully")
         
-        if args.gpu:
-            sandbox_args.extend(["--gpu", args.gpu])
-        if args.repo_url:
-            sandbox_args.extend(["--repo-url", args.repo_url])
-        if args.repo_name:
-            sandbox_args.extend(["--repo-name", args.repo_name])
-        if args.setup_commands:
-            sandbox_args.extend(["--setup-commands"] + args.setup_commands)
-        if args.volume_name:
-            sandbox_args.extend(["--volume-name", args.volume_name])
-            
-        return run_script("test_modalSandboxScript.py", sandbox_args)
+        except ImportError as e:
+            print(f"❌ Could not import required module: {e}")
+            return 1
+        except Exception as e:
+            print(f"❌ Error: {e}")
+            return 1
     
-    # Handle SSH container command
+    # Handle SSH command
     elif args.command == "ssh":
-        ssh_args = []
+        try:
+            # Check if using proxy service
+            if args.use_proxy:
+                # Import proxy client
+                try:
+                    from gitarsenal_proxy_client import GitArsenalProxyClient
+                    client = GitArsenalProxyClient()
+                    
+                    # Create SSH container through proxy
+                    result = client.create_ssh_container(
+                        gpu_type=args.gpu,
+                        repo_url=args.repo_url,
+                        repo_name=args.repo_name,
+                        setup_commands=args.setup_commands,
+                        volume_name=args.volume_name,
+                        timeout=args.timeout,
+                        wait=True  # Always wait for container to be ready
+                    )
+                    
+                    if not result:
+                        print("❌ Failed to create SSH container through proxy service")
+                        return 1
+                    
+                    print("✅ SSH container created successfully through proxy service")
+                    
+                except ImportError:
+                    print("❌ Could not import gitarsenal_proxy_client module")
+                    print("Please make sure gitarsenal_proxy_client.py is in the same directory")
+                    return 1
+            else:
+                # Import SSH container creation function
+                from test_modalSandboxScript import create_modal_ssh_container
+                
+                # Create SSH container directly
+                result = create_modal_ssh_container(
+                    args.gpu,
+                    repo_url=args.repo_url,
+                    repo_name=args.repo_name,
+                    setup_commands=args.setup_commands,
+                    volume_name=args.volume_name,
+                    timeout_minutes=args.timeout
+                )
+                
+                if not result:
+                    print("❌ Failed to create SSH container")
+                    return 1
+                
+                print("✅ SSH container created successfully")
         
-        if args.gpu:
-            ssh_args.extend(["--gpu", args.gpu])
-        if args.repo_url:
-            ssh_args.extend(["--repo-url", args.repo_url])
-        if args.repo_name:
-            ssh_args.extend(["--repo-name", args.repo_name])
-        if args.setup_commands:
-            ssh_args.extend(["--setup-commands"] + args.setup_commands)
-        if args.volume_name:
-            ssh_args.extend(["--volume-name", args.volume_name])
-        if args.timeout:
-            ssh_args.extend(["--timeout", str(args.timeout)])
-            
-        # Use test_modalSandboxScript.py with SSH mode
-        ssh_args.extend(["--ssh"])
-        return run_script("test_modalSandboxScript.py", ssh_args)
-    
-    return 0
-
-def run_script(script_name, args):
-    """Run a Python script with the given arguments"""
-    # Get the directory of the current script
-    script_dir = os.path.dirname(os.path.abspath(__file__))
-    script_path = os.path.join(script_dir, script_name)
+        except ImportError as e:
+            print(f"❌ Could not import required module: {e}")
+            return 1
+        except Exception as e:
+            print(f"❌ Error: {e}")
+            return 1
     
-    # Build the command
-    cmd = [sys.executable, script_path] + args
+    # Handle proxy commands
+    elif args.command == "proxy":
+        if not args.proxy_command:
+            proxy_parser.print_help()
+            return 0
+        
+        try:
+            # Import proxy client
+            from gitarsenal_proxy_client import GitArsenalProxyClient
+            client = GitArsenalProxyClient()
+            
+            if args.proxy_command == "configure":
+                # Configure proxy service
+                client.configure(interactive=True)
+            
+            elif args.proxy_command == "status":
+                # Check proxy service status
+                response = client.health_check()
+                if response["success"]:
+                    print(f"✅ Proxy service is running: {response['data']['message']}")
+                else:
+                    print(f"❌ Proxy service health check failed: {response['error']}")
+                    return 1
+            
+            elif args.proxy_command == "sandbox":
+                # Create sandbox through proxy
+                result = client.create_sandbox(
+                    gpu_type=args.gpu,
+                    repo_url=args.repo_url,
+                    repo_name=args.repo_name,
+                    setup_commands=args.setup_commands,
+                    volume_name=args.volume_name,
+                    wait=args.wait
+                )
+                
+                if not result:
+                    print("❌ Failed to create sandbox through proxy service")
+                    return 1
+                
+                print("✅ Sandbox created successfully through proxy service")
+            
+            elif args.proxy_command == "ssh":
+                # Create SSH container through proxy
+                result = client.create_ssh_container(
+                    gpu_type=args.gpu,
+                    repo_url=args.repo_url,
+                    repo_name=args.repo_name,
+                    setup_commands=args.setup_commands,
+                    volume_name=args.volume_name,
+                    timeout=args.timeout,
+                    wait=args.wait
+                )
+                
+                if not result:
+                    print("❌ Failed to create SSH container through proxy service")
+                    return 1
+                
+                print("✅ SSH container created successfully through proxy service")
+            
+            else:
+                print(f"❌ Unknown proxy command: {args.proxy_command}")
+                proxy_parser.print_help()
+                return 1
+        
+        except ImportError:
+            print("❌ Could not import gitarsenal_proxy_client module")
+            print("Please make sure gitarsenal_proxy_client.py is in the same directory")
+            return 1
+        except Exception as e:
+            print(f"❌ Error: {e}")
+            return 1
     
-    try:
-        # Run the command
-        result = subprocess.run(cmd)
-        return result.returncode
-    except KeyboardInterrupt:
-        print("\n⚠️ Command interrupted by user")
-        return 130
-    except Exception as e:
-        print(f"❌ Error running {script_name}: {e}")
+    else:
+        print(f"❌ Unknown command: {args.command}")
+        parser.print_help()
         return 1
+    
+    return 0
 
 if __name__ == "__main__":
     sys.exit(main()) 

package/python/gitarsenal_proxy_client.py

@@ -0,0 +1,375 @@
+#!/usr/bin/env python3
+"""
+GitArsenal Proxy Client - Integration for Modal Proxy Service
+
+This module provides integration between gitarsenal-cli and the Modal proxy service,
+allowing users to use Modal services without exposing the server's Modal token.
+"""
+
+import os
+import json
+import requests
+import time
+import sys
+from pathlib import Path
+import getpass
+
+class GitArsenalProxyClient:
+    """Client for interacting with the Modal Proxy Service from gitarsenal-cli"""
+    
+    def __init__(self, base_url=None, api_key=None):
+        """Initialize the client with base URL and API key"""
+        self.base_url = base_url or os.environ.get("MODAL_PROXY_URL")
+        self.api_key = api_key or os.environ.get("MODAL_PROXY_API_KEY")
+        
+        # If no URL/API key provided, try to load from config
+        if not self.base_url or not self.api_key:
+            config = self.load_config()
+            if not self.base_url:
+                self.base_url = config.get("proxy_url")
+            if not self.api_key:
+                self.api_key = config.get("api_key")
+        
+        # If still no URL, use default
+        if not self.base_url:
+            self.base_url = "http://localhost:5001"  # Default to 5001 to avoid macOS AirPlay conflict
+        
+        # Warn if no API key
+        if not self.api_key:
+            print("⚠️ No API key provided. You will need to authenticate with the proxy service.")
+    
+    def load_config(self):
+        """Load proxy configuration from user's home directory"""
+        config_file = Path.home() / ".gitarsenal" / "proxy_config.json"
+        if not config_file.exists():
+            return {}
+            
+        try:
+            with open(config_file, 'r') as f:
+                return json.load(f)
+        except (json.JSONDecodeError, IOError):
+            return {}
+    
+    def save_config(self, config):
+        """Save proxy configuration to user's home directory"""
+        config_dir = Path.home() / ".gitarsenal"
+        config_file = config_dir / "proxy_config.json"
+        
+        # Ensure directory exists
+        if not config_dir.exists():
+            config_dir.mkdir(parents=True)
+            # Set restrictive permissions on Unix-like systems
+            if os.name == 'posix':
+                config_dir.chmod(0o700)  # Only owner can read/write/execute
+        
+        try:
+            with open(config_file, 'w') as f:
+                json.dump(config, f)
+                
+            # Set restrictive permissions on Unix-like systems
+            if os.name == 'posix':
+                config_file.chmod(0o600)  # Only owner can read/write
+                
+            return True
+        except IOError as e:
+            print(f"❌ Error saving proxy configuration: {e}")
+            return False
+    
+    def configure(self, interactive=True):
+        """Configure the proxy client with URL and API key"""
+        config = self.load_config()
+        
+        if interactive:
+            print("\n" + "="*60)
+            print("🔧 MODAL PROXY CONFIGURATION")
+            print("="*60)
+            print("Configure GitArsenal to use a Modal proxy service.")
+            print("This allows you to use Modal services without having your own Modal token.")
+            print("-" * 60)
+            
+            # Get proxy URL
+            default_url = config.get("proxy_url", self.base_url)
+            print(f"\nEnter the URL of the Modal proxy service")
+            print(f"(Press Enter to use default: {default_url})")
+            proxy_url = input("Proxy URL: ").strip()
+            if not proxy_url:
+                proxy_url = default_url
+            
+            # Get API key
+            print("\nEnter your API key for the Modal proxy service")
+            print("(Contact the proxy service administrator if you don't have one)")
+            api_key = getpass.getpass("API Key (hidden): ").strip()
+            
+            # Save configuration
+            config["proxy_url"] = proxy_url
+            if api_key:
+                config["api_key"] = api_key
+            
+            self.save_config(config)
+            
+            # Update current instance
+            self.base_url = proxy_url
+            if api_key:
+                self.api_key = api_key
+            
+            print("\n✅ Proxy configuration saved successfully!")
+            return True
+        else:
+            # Non-interactive configuration
+            if "proxy_url" in config:
+                self.base_url = config["proxy_url"]
+            if "api_key" in config:
+                self.api_key = config["api_key"]
+            return "proxy_url" in config and "api_key" in config
+    
+    def _make_request(self, method, endpoint, data=None, params=None):
+        """Make a request to the proxy service"""
+        url = f"{self.base_url}{endpoint}"
+        headers = {"X-API-Key": self.api_key} if self.api_key else {}
+        
+        try:
+            if method.lower() == "get":
+                response = requests.get(url, headers=headers, params=params, timeout=30)
+            elif method.lower() == "post":
+                response = requests.post(url, headers=headers, json=data, timeout=30)
+            else:
+                raise ValueError(f"Unsupported HTTP method: {method}")
+            
+            # Check if the response is valid JSON
+            try:
+                response_data = response.json()
+            except json.JSONDecodeError:
+                return {
+                    "success": False,
+                    "error": f"Invalid JSON response: {response.text[:100]}...",
+                    "status_code": response.status_code
+                }
+            
+            # Check for errors
+            if response.status_code >= 400:
+                return {
+                    "success": False,
+                    "error": response_data.get("error", "Unknown error"),
+                    "status_code": response.status_code
+                }
+            
+            # Return successful response
+            return {
+                "success": True,
+                "data": response_data,
+                "status_code": response.status_code
+            }
+            
+        except requests.exceptions.RequestException as e:
+            return {
+                "success": False,
+                "error": f"Request failed: {str(e)}",
+                "status_code": None
+            }
+    
+    def health_check(self):
+        """Check if the proxy service is running"""
+        return self._make_request("get", "/api/health")
+    
+    def create_sandbox(self, gpu_type="A10G", repo_url=None, repo_name=None, 
+                      setup_commands=None, volume_name=None, wait=False):
+        """Create a Modal sandbox through the proxy service"""
+        data = {
+            "gpu_type": gpu_type,
+            "repo_url": repo_url,
+            "repo_name": repo_name,
+            "setup_commands": setup_commands or [],
+            "volume_name": volume_name
+        }
+        
+        response = self._make_request("post", "/api/create-sandbox", data=data)
+        
+        if not response["success"]:
+            print(f"❌ Failed to create sandbox: {response['error']}")
+            return None
+        
+        sandbox_id = response["data"].get("sandbox_id")
+        print(f"🚀 Sandbox creation started. ID: {sandbox_id}")
+        
+        # If wait is True, poll for sandbox status
+        if wait and sandbox_id:
+            print("⏳ Waiting for sandbox to be ready...")
+            max_wait_time = 300  # 5 minutes
+            poll_interval = 10   # 10 seconds
+            start_time = time.time()
+            
+            while time.time() - start_time < max_wait_time:
+                status_response = self.get_container_status(sandbox_id)
+                
+                if status_response["success"]:
+                    status_data = status_response["data"]
+                    if status_data.get("status") == "active":
+                        print(f"✅ Sandbox is ready!")
+                        return status_data.get("info")
+                
+                print(".", end="", flush=True)
+                time.sleep(poll_interval)
+            
+            print("\n⚠️ Timed out waiting for sandbox to be ready")
+        
+        return {"sandbox_id": sandbox_id}
+    
+    def create_ssh_container(self, gpu_type="A10G", repo_url=None, repo_name=None,
+                           setup_commands=None, volume_name=None, timeout=60, wait=False):
+        """Create a Modal SSH container through the proxy service"""
+        data = {
+            "gpu_type": gpu_type,
+            "repo_url": repo_url,
+            "repo_name": repo_name,
+            "setup_commands": setup_commands or [],
+            "volume_name": volume_name,
+            "timeout": timeout
+        }
+        
+        response = self._make_request("post", "/api/create-ssh-container", data=data)
+        
+        if not response["success"]:
+            print(f"❌ Failed to create SSH container: {response['error']}")
+            return None
+        
+        container_id = response["data"].get("container_id")
+        ssh_password = response["data"].get("ssh_password")
+        
+        print(f"🚀 SSH container creation started. ID: {container_id}")
+        if ssh_password:
+            print(f"🔐 SSH Password: {ssh_password}")
+        
+        # If wait is True, poll for container status
+        if wait and container_id:
+            print("⏳ Waiting for SSH container to be ready...")
+            max_wait_time = 300  # 5 minutes
+            poll_interval = 10   # 10 seconds
+            start_time = time.time()
+            
+            while time.time() - start_time < max_wait_time:
+                status_response = self.get_container_status(container_id)
+                
+                if status_response["success"]:
+                    status_data = status_response["data"]
+                    if status_data.get("status") == "active":
+                        print(f"✅ SSH container is ready!")
+                        return {
+                            "container_id": container_id,
+                            "ssh_password": ssh_password,
+                            "info": status_data.get("info")
+                        }
+                
+                print(".", end="", flush=True)
+                time.sleep(poll_interval)
+            
+            print("\n⚠️ Timed out waiting for SSH container to be ready")
+        
+        return {
+            "container_id": container_id,
+            "ssh_password": ssh_password
+        }
+    
+    def get_container_status(self, container_id):
+        """Get the status of a container"""
+        return self._make_request("get", f"/api/container-status/{container_id}")
+    
+    def terminate_container(self, container_id):
+        """Terminate a container"""
+        data = {"container_id": container_id}
+        return self._make_request("post", "/api/terminate-container", data=data)
+
+
+if __name__ == "__main__":
+    # Example usage
+    if len(sys.argv) < 2:
+        print("Usage: python gitarsenal_proxy_client.py [command] [options]")
+        print("Commands: configure, health, create-sandbox, create-ssh, status, terminate")
+        sys.exit(1)
+    
+    client = GitArsenalProxyClient()
+    command = sys.argv[1]
+    
+    if command == "configure":
+        client.configure(interactive=True)
+    
+    elif command == "health":
+        response = client.health_check()
+        if response["success"]:
+            print(f"✅ Proxy service is running: {response['data']['message']}")
+        else:
+            print(f"❌ Proxy service health check failed: {response['error']}")
+    
+    elif command == "create-sandbox":
+        import argparse
+        parser = argparse.ArgumentParser(description="Create a Modal sandbox")
+        parser.add_argument("--gpu", type=str, default="A10G", help="GPU type")
+        parser.add_argument("--repo", type=str, help="Repository URL")
+        parser.add_argument("--name", type=str, help="Repository name")
+        parser.add_argument("--volume", type=str, help="Volume name")
+        parser.add_argument("--wait", action="store_true", help="Wait for sandbox to be ready")
+        args = parser.parse_args(sys.argv[2:])
+        
+        result = client.create_sandbox(
+            gpu_type=args.gpu,
+            repo_url=args.repo,
+            repo_name=args.name,
+            volume_name=args.volume,
+            wait=args.wait
+        )
+        
+        if result:
+            print(f"🚀 Sandbox creation initiated: {result}")
+    
+    elif command == "create-ssh":
+        import argparse
+        parser = argparse.ArgumentParser(description="Create a Modal SSH container")
+        parser.add_argument("--gpu", type=str, default="A10G", help="GPU type")
+        parser.add_argument("--repo", type=str, help="Repository URL")
+        parser.add_argument("--name", type=str, help="Repository name")
+        parser.add_argument("--volume", type=str, help="Volume name")
+        parser.add_argument("--timeout", type=int, default=60, help="Timeout in minutes")
+        parser.add_argument("--wait", action="store_true", help="Wait for container to be ready")
+        args = parser.parse_args(sys.argv[2:])
+        
+        result = client.create_ssh_container(
+            gpu_type=args.gpu,
+            repo_url=args.repo,
+            repo_name=args.name,
+            volume_name=args.volume,
+            timeout=args.timeout,
+            wait=args.wait
+        )
+        
+        if result:
+            print(f"🚀 SSH container creation initiated: {result}")
+    
+    elif command == "status":
+        if len(sys.argv) < 3:
+            print("Usage: python gitarsenal_proxy_client.py status [container_id]")
+            sys.exit(1)
+        
+        container_id = sys.argv[2]
+        response = client.get_container_status(container_id)
+        
+        if response["success"]:
+            print(f"✅ Container status: {json.dumps(response['data'], indent=2)}")
+        else:
+            print(f"❌ Failed to get container status: {response['error']}")
+    
+    elif command == "terminate":
+        if len(sys.argv) < 3:
+            print("Usage: python gitarsenal_proxy_client.py terminate [container_id]")
+            sys.exit(1)
+        
+        container_id = sys.argv[2]
+        response = client.terminate_container(container_id)
+        
+        if response["success"]:
+            print(f"✅ Container terminated: {response['data']['message']}")
+        else:
+            print(f"❌ Failed to terminate container: {response['error']}")
+    
+    else:
+        print(f"❌ Unknown command: {command}")
+        print("Available commands: configure, health, create-sandbox, create-ssh, status, terminate")
+        sys.exit(1) 

package/python/modal_proxy_service.py

@@ -0,0 +1,317 @@
+#!/usr/bin/env python3
+"""
+Modal Proxy Service for GitArsenal CLI
+
+This service allows GitArsenal CLI users to access Modal services without exposing your Modal token.
+It acts as a secure proxy between clients and Modal's API.
+"""
+
+import os
+import json
+import secrets
+import string
+import time
+from flask import Flask, request, jsonify
+from flask_cors import CORS
+import modal
+import threading
+import logging
+from dotenv import load_dotenv
+import uuid
+import sys
+from pathlib import Path
+
+# Add the current directory to the path so we can import the test_modalSandboxScript module
+current_dir = Path(__file__).parent.absolute()
+sys.path.append(str(current_dir.parent))
+
+# Load environment variables from .env file
+load_dotenv()
+
+# Configure logging
+logging.basicConfig(
+    level=logging.INFO,
+    format='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
+    handlers=[
+        logging.FileHandler("modal_proxy.log"),
+        logging.StreamHandler()
+    ]
+)
+logger = logging.getLogger("modal-proxy")
+
+app = Flask(__name__)
+CORS(app)  # Enable CORS for all routes
+
+# Get Modal token from environment variable
+MODAL_TOKEN = os.environ.get("MODAL_TOKEN")
+if not MODAL_TOKEN:
+    logger.error("MODAL_TOKEN environment variable is not set!")
+
+# Dictionary to store active containers
+active_containers = {}
+
+# Authentication tokens for clients
+# In a production environment, use a proper authentication system
+API_KEYS = {}
+if os.environ.get("API_KEYS"):
+    API_KEYS = {key.strip(): True for key in os.environ.get("API_KEYS").split(",")}
+
+def generate_api_key():
+    """Generate a new API key for a client"""
+    return ''.join(secrets.choice(string.ascii_letters + string.digits) for _ in range(32))
+
+def authenticate_request():
+    """Authenticate the request using API key"""
+    api_key = request.headers.get('X-API-Key')
+    if not api_key or api_key not in API_KEYS:
+        return False
+    return True
+
+def generate_random_password(length=16):
+    """Generate a random password for SSH access"""
+    alphabet = string.ascii_letters + string.digits + "!@#$%^&*"
+    password = ''.join(secrets.choice(alphabet) for i in range(length))
+    return password
+
+def setup_modal_auth():
+    """Set up Modal authentication using the server's token"""
+    if not MODAL_TOKEN:
+        logger.error("Cannot set up Modal authentication: No token provided")
+        return False
+    
+    try:
+        # Set the token in the environment
+        os.environ["MODAL_TOKEN_ID"] = MODAL_TOKEN
+        logger.info("Modal token set in environment")
+        return True
+    except Exception as e:
+        logger.error(f"Error setting up Modal authentication: {e}")
+        return False
+
+@app.route('/api/health', methods=['GET'])
+def health_check():
+    """Health check endpoint"""
+    return jsonify({"status": "ok", "message": "Modal proxy service is running"})
+
+@app.route('/api/create-api-key', methods=['POST'])
+def create_api_key():
+    """Create a new API key (protected by admin key)"""
+    admin_key = request.headers.get('X-Admin-Key')
+    if not admin_key or admin_key != os.environ.get("ADMIN_KEY"):
+        return jsonify({"error": "Unauthorized"}), 401
+    
+    new_key = generate_api_key()
+    API_KEYS[new_key] = True
+    
+    return jsonify({"api_key": new_key})
+
+@app.route('/api/create-sandbox', methods=['POST'])
+def create_sandbox():
+    """Create a Modal sandbox"""
+    if not authenticate_request():
+        return jsonify({"error": "Unauthorized"}), 401
+    
+    if not setup_modal_auth():
+        return jsonify({"error": "Failed to set up Modal authentication"}), 500
+    
+    try:
+        data = request.json
+        gpu_type = data.get('gpu_type', 'A10G')
+        repo_url = data.get('repo_url')
+        repo_name = data.get('repo_name')
+        setup_commands = data.get('setup_commands', [])
+        volume_name = data.get('volume_name')
+        
+        # Import the sandbox creation function from your module
+        from test_modalSandboxScript import create_modal_sandbox
+        
+        logger.info(f"Creating sandbox with GPU: {gpu_type}, Repo: {repo_url}")
+        
+        # Create a unique ID for this sandbox
+        sandbox_id = str(uuid.uuid4())
+        
+        # Start sandbox creation in a separate thread
+        def create_sandbox_thread():
+            try:
+                result = create_modal_sandbox(
+                    gpu_type, 
+                    repo_url=repo_url, 
+                    repo_name=repo_name, 
+                    setup_commands=setup_commands,
+                    volume_name=volume_name
+                )
+                
+                if result:
+                    active_containers[sandbox_id] = {
+                        "container_id": result.get("container_id"),
+                        "sandbox_id": result.get("sandbox_id"),
+                        "created_at": time.time(),
+                        "type": "sandbox"
+                    }
+                    logger.info(f"Sandbox created successfully: {result.get('container_id')}")
+                else:
+                    logger.error("Failed to create sandbox")
+            except Exception as e:
+                logger.error(f"Error in sandbox creation thread: {e}")
+        
+        thread = threading.Thread(target=create_sandbox_thread)
+        thread.daemon = True
+        thread.start()
+        
+        return jsonify({
+            "message": "Sandbox creation started",
+            "sandbox_id": sandbox_id
+        })
+        
+    except Exception as e:
+        logger.error(f"Error creating sandbox: {e}")
+        return jsonify({"error": str(e)}), 500
+
+@app.route('/api/create-ssh-container', methods=['POST'])
+def create_ssh_container():
+    """Create a Modal SSH container"""
+    if not authenticate_request():
+        return jsonify({"error": "Unauthorized"}), 401
+    
+    if not setup_modal_auth():
+        return jsonify({"error": "Failed to set up Modal authentication"}), 500
+    
+    try:
+        data = request.json
+        gpu_type = data.get('gpu_type', 'A10G')
+        repo_url = data.get('repo_url')
+        repo_name = data.get('repo_name')
+        setup_commands = data.get('setup_commands', [])
+        volume_name = data.get('volume_name')
+        timeout_minutes = data.get('timeout', 60)
+        
+        # Generate a random password for SSH
+        ssh_password = generate_random_password()
+        
+        # Import the SSH container creation function
+        from test_modalSandboxScript import create_modal_ssh_container
+        
+        logger.info(f"Creating SSH container with GPU: {gpu_type}, Repo: {repo_url}")
+        
+        # Create a unique ID for this container
+        container_id = str(uuid.uuid4())
+        
+        # Start container creation in a separate thread
+        def create_container_thread():
+            try:
+                result = create_modal_ssh_container(
+                    gpu_type, 
+                    repo_url=repo_url, 
+                    repo_name=repo_name, 
+                    setup_commands=setup_commands,
+                    volume_name=volume_name,
+                    timeout_minutes=timeout_minutes,
+                    ssh_password=ssh_password
+                )
+                
+                if result:
+                    active_containers[container_id] = {
+                        "container_id": result.get("app_name"),
+                        "ssh_password": ssh_password,
+                        "created_at": time.time(),
+                        "type": "ssh"
+                    }
+                    logger.info(f"SSH container created successfully: {result.get('app_name')}")
+                else:
+                    logger.error("Failed to create SSH container")
+            except Exception as e:
+                logger.error(f"Error in SSH container creation thread: {e}")
+        
+        thread = threading.Thread(target=create_container_thread)
+        thread.daemon = True
+        thread.start()
+        
+        return jsonify({
+            "message": "SSH container creation started",
+            "container_id": container_id,
+            "ssh_password": ssh_password
+        })
+        
+    except Exception as e:
+        logger.error(f"Error creating SSH container: {e}")
+        return jsonify({"error": str(e)}), 500
+
+@app.route('/api/container-status/<container_id>', methods=['GET'])
+def container_status(container_id):
+    """Get status of a container"""
+    if not authenticate_request():
+        return jsonify({"error": "Unauthorized"}), 401
+    
+    if container_id in active_containers:
+        # Remove sensitive information like passwords
+        container_info = active_containers[container_id].copy()
+        if "ssh_password" in container_info:
+            del container_info["ssh_password"]
+        
+        return jsonify({
+            "status": "active",
+            "info": container_info
+        })
+    else:
+        return jsonify({
+            "status": "not_found",
+            "message": "Container not found or has been terminated"
+        }), 404
+
+@app.route('/api/terminate-container', methods=['POST'])
+def terminate_container():
+    """Terminate a Modal container"""
+    if not authenticate_request():
+        return jsonify({"error": "Unauthorized"}), 401
+    
+    if not setup_modal_auth():
+        return jsonify({"error": "Failed to set up Modal authentication"}), 500
+    
+    try:
+        data = request.json
+        container_id = data.get('container_id')
+        
+        if not container_id:
+            return jsonify({"error": "Container ID is required"}), 400
+        
+        if container_id not in active_containers:
+            return jsonify({"error": "Container not found"}), 404
+        
+        modal_container_id = active_containers[container_id].get("container_id")
+        
+        # Terminate the container using Modal CLI
+        import subprocess
+        result = subprocess.run(
+            ["modal", "container", "terminate", modal_container_id],
+            capture_output=True,
+            text=True
+        )
+        
+        if result.returncode == 0:
+            # Remove from active containers
+            del active_containers[container_id]
+            logger.info(f"Container terminated successfully: {modal_container_id}")
+            return jsonify({"message": "Container terminated successfully"})
+        else:
+            logger.error(f"Failed to terminate container: {result.stderr}")
+            return jsonify({"error": f"Failed to terminate container: {result.stderr}"}), 500
+        
+    except Exception as e:
+        logger.error(f"Error terminating container: {e}")
+        return jsonify({"error": str(e)}), 500
+
+if __name__ == '__main__':
+    # Check if Modal token is set
+    if not MODAL_TOKEN:
+        logger.error("MODAL_TOKEN environment variable must be set!")
+        exit(1)
+    
+    # Generate an admin key if not set
+    if not os.environ.get("ADMIN_KEY"):
+        admin_key = generate_api_key()
+        os.environ["ADMIN_KEY"] = admin_key
+        logger.info(f"Generated admin key: {admin_key}")
+        print(f"Admin key: {admin_key}")
+    
+    port = int(os.environ.get("PORT", 5001))  # Default to 5001 to avoid macOS AirPlay conflict
+    app.run(host='0.0.0.0', port=port) 

package/python/requirements.txt

@@ -1,4 +1,6 @@
 modal>=0.56.4
 requests>=2.31.0
 pathlib>=1.0.1
-python-dotenv>=1.0.0 
+python-dotenv>=1.0.0
+flask>=2.0.0
+flask-cors>=3.0.0