ltcai 2.2.7 → 3.1.0

package/latticeai/__init__.py

@@ -1,3 +1,3 @@
 """Lattice AI - modular server package."""
 
-__version__ = "2.2.7"
+__version__ = "3.1.0"

package/latticeai/api/admin.py

@@ -109,6 +109,53 @@ def create_admin_router(
             report["graph"] = {"error": str(e)}
         return report
 
+    # Canonical RBAC capability map — which product areas each role can reach.
+    # This is the real access policy the app enforces, not sample data.
+    _ROLE_CAPS = {
+        "owner": ["all"],
+        "admin": ["users", "policies", "audit", "security", "chat", "search", "files", "pipeline"],
+        "member": ["chat", "search", "files", "pipeline"],
+        "user": ["chat", "search", "files", "pipeline"],
+        "viewer": ["chat", "search"],
+    }
+
+    @router.get("/admin/roles")
+    async def admin_roles(request: Request):
+        _, users = require_admin(request)
+        counts: Dict[str, int] = defaultdict(int)
+        for email, user in users.items():
+            role = (get_user_role(email, users) or "user").lower()
+            counts[role] += 1
+        # Always surface the two RBAC tiers the app actually distinguishes so the
+        # matrix is meaningful even before extra users exist.
+        for base in ("admin", "user"):
+            counts.setdefault(base, counts.get(base, 0))
+        roles = [
+            {"role": role, "members": counts.get(role, 0), "caps": _ROLE_CAPS.get(role, ["chat", "search"])}
+            for role in sorted(counts, key=lambda r: (r != "owner", r != "admin", r))
+        ]
+        return {"roles": roles}
+
+    @router.get("/admin/policies")
+    async def admin_policies(request: Request):
+        require_admin(request)
+        # The real, enforced governance posture of a local-first deployment.
+        return {
+            "policies": [
+                {"id": "local_file_access", "label": "Local file access",
+                 "value": "Approval-token gated (per path/user/action)", "enforced": True},
+                {"id": "package_install", "label": "Package install",
+                 "value": "Admin-only with audit trail", "enforced": True},
+                {"id": "data_residency", "label": "Data residency",
+                 "value": "Single-tenant local storage (~/.ltcai)", "enforced": True},
+                {"id": "model_egress", "label": "Model egress",
+                 "value": "Local-only by default (no external inference in local mode)", "enforced": True},
+                {"id": "invite_gate", "label": "Invite gate",
+                 "value": "Required for new accounts" if invite_gate_enabled else "Open registration",
+                 "enforced": bool(invite_gate_enabled)},
+            ]
+        }
+
     @router.get("/vpc/status")
     async def vpc_status(request: Request):
         require_user(request)

package/latticeai/api/agents.py

@@ -40,11 +40,54 @@ def create_agents_router(
     append_audit_event: Callable[..., None],
     ui_file_response: Optional[Callable[[Path], Any]] = None,
     static_dir: Optional[Path] = None,
+    agent_runtime: Any = None,
 ) -> APIRouter:
     from latticeai.core.multi_agent import AGENT_ROLES, ROLE_AGENT_IDS
+    from latticeai.services.agent_runtime import AgentRuntime
+
+    # Single AgentRuntime boundary: the router (and via it, the frontend) talks
+    # to this façade instead of reaching into the orchestrator/store directly.
+    runtime = agent_runtime or AgentRuntime(
+        store=store,
+        orchestrator_factory=orchestrator_factory,
+        workspace_graph=workspace_graph,
+        append_audit_event=append_audit_event,
+    )
 
     router = APIRouter()
 
+    # ── AgentRuntime boundary endpoints ───────────────────────────────────
+    @router.get("/agents/api/runtime/status")
+    async def agent_runtime_status(request: Request):
+        require_user(request)
+        scope = gate_read(request)
+        return runtime.status(scope=scope)
+
+    @router.get("/agents/api/runtime/health")
+    async def agent_runtime_health(request: Request):
+        require_user(request)
+        return runtime.health()
+
+    @router.get("/agents/api/runtime/config")
+    async def agent_runtime_config(request: Request):
+        require_user(request)
+        return runtime.config()
+
+    @router.get("/agents/api/runs/{run_id}/events")
+    async def agent_run_events(run_id: str, request: Request):
+        require_user(request)
+        scope = gate_read(request)
+        try:
+            return runtime.events(run_id, scope=scope)
+        except FileNotFoundError as exc:
+            raise HTTPException(status_code=404, detail=f"Agent run not found: {run_id}") from exc
+
+    @router.post("/agents/api/runs/{run_id}/stop")
+    async def agent_run_stop(run_id: str, request: Request):
+        require_user(request)
+        scope = gate_write(request)
+        return runtime.stop(run_id, scope=scope)
+
     @router.get("/agents")
     async def agents_page(request: Request):
         require_user(request)
@@ -119,36 +162,16 @@ def create_agents_router(
     async def agent_run(req: AgentRunRequest, request: Request):
         current_user = require_user(request)
         scope = gate_write(request)
-        if not str(req.goal or "").strip():
-            raise HTTPException(status_code=400, detail="goal is required")
-        orchestrator = orchestrator_factory(current_user or None, scope)
-        result = orchestrator.run(
-            req.goal,
-            user_email=current_user or None,
-            workspace_id=scope,
-            inputs=req.inputs,
-            roles=req.roles or None,
-            max_retries=max(0, min(int(req.max_retries or 0), 5)),
-        )
-        run = store.record_agent_run(
-            agent_id=result.agent_id,
-            status=result.status,
-            input_text=req.goal,
-            output_text=result.output,
-            timeline=result.timeline,
-            relationships=[ROLE_AGENT_IDS.get(r, f"agent:{r}") for r in result.roles_run],
-            handoffs=result.handoffs,
-            context_packets=result.context_packets,
-            plan=result.plan,
-            plan_review=result.plan_review,
-            review_history=result.review_history,
-            retry_history=result.retry_history,
-            memory_snapshots=result.memory_snapshots,
-            user_email=current_user or None,
-            graph=workspace_graph(),
-            workspace_id=scope,
-        )
-        append_audit_event("multi_agent_run", user_email=current_user, agent_id=result.agent_id, status=result.status, retries=result.retries)
-        return {"run": run, "result": result.as_dict()}
+        try:
+            return runtime.start(
+                req.goal,
+                user_email=current_user or None,
+                scope=scope,
+                roles=req.roles or None,
+                inputs=req.inputs,
+                max_retries=req.max_retries,
+            )
+        except ValueError as exc:
+            raise HTTPException(status_code=400, detail=str(exc)) from exc
 
     return router

package/latticeai/api/auth.py

@@ -57,6 +57,7 @@ def create_auth_router(
     public_sso_config: Callable[..., Dict],
     open_registration: bool,
     session_ttl: int,
+    require_auth: bool = True,
 ) -> APIRouter:
     router = APIRouter()
 
@@ -167,7 +168,7 @@ def create_auth_router(
         if users[email].get("disabled"):
             raise HTTPException(status_code=403, detail="비활성화된 계정입니다.")
         token = create_session(email)
-        resp = RedirectResponse("/chat", status_code=302)
+        resp = RedirectResponse("/app", status_code=302)
         resp.set_cookie("session_token", token, httponly=True, samesite="lax", max_age=session_ttl)
         return resp
 
@@ -221,7 +222,9 @@ def create_auth_router(
     async def get_profile(request: Request):
         email = require_user(request)
         if not email:
-            raise HTTPException(status_code=401, detail="인증이 필요합니다.")
+            if require_auth:
+                raise HTTPException(status_code=401, detail="인증이 필요합니다.")
+            return {"email": "", "name": "Local User", "nickname": "You", "role": "admin", "is_admin": True}
         users = load_users()
         user = users.get(email)
         if not user:

package/latticeai/api/chat.py

@@ -342,9 +342,17 @@ def create_chat_router(
     
         if not router.current_model_id:
             detail = "No model loaded. Call /models/load first."
-            if IS_PUBLIC_MODE:
+            if CONFIG.is_public:
                 detail = f"No public model loaded. Set OPENAI_API_KEY and LATTICEAI_PUBLIC_MODEL={PUBLIC_MODEL}, or call /models/load with an OpenAI-compatible model."
-            raise HTTPException(status_code=400, detail=detail)
+            return JSONResponse(
+                status_code=400,
+                content={
+                    "error": "no_model_loaded",
+                    "detail": detail,
+                    "message": detail,
+                    "action": "load_model",
+                },
+            )
     
         if req.model and req.model != router.current_model_id:
             if req.model not in router.loaded_model_ids:

package/latticeai/api/search.py

@@ -0,0 +1,240 @@
+"""v3 knowledge graph, vector, and hybrid search API contracts."""
+
+from __future__ import annotations
+
+from typing import Any, Callable, Dict, Optional
+
+from fastapi import APIRouter, HTTPException, Request
+from pydantic import BaseModel, Field
+
+from latticeai.core.embedding_providers import embedding_provider_profiles
+from latticeai.services.search_service import DEFAULT_HYBRID_WEIGHTS, SearchService
+
+
+class SearchRequest(BaseModel):
+    query: str = Field(..., min_length=1)
+    limit: int = 30
+
+
+class VectorSearchRequest(SearchRequest):
+    min_score: float = 0.0
+
+
+class HybridSearchRequest(SearchRequest):
+    keyword_limit: int = 30
+    vector_limit: int = 30
+    graph_limit: int = 30
+    weights: Optional[Dict[str, float]] = None
+
+
+class GraphNodeRequest(BaseModel):
+    node_id: str = Field(..., min_length=1)
+    include_neighbors: bool = True
+    depth: int = 1
+    limit: int = 100
+
+
+class RelationshipSearchRequest(BaseModel):
+    query: str = ""
+    node_id: str = ""
+    relationship_type: str = ""
+    limit: int = 30
+
+
+class IndexRebuildRequest(BaseModel):
+    full: bool = False
+    include_nodes: bool = True
+    include_chunks: bool = True
+
+
+def create_search_router(
+    *,
+    service: SearchService,
+    require_user: Callable[[Request], str],
+    embedding_info: Optional[Callable[[], Dict[str, Any]]] = None,
+) -> APIRouter:
+    router = APIRouter()
+
+    def _guarded(request: Request) -> SearchService:
+        require_user(request)
+        return service
+
+    def _raise_graph_error(exc: Exception) -> None:
+        raise HTTPException(status_code=404, detail=str(exc)) from exc
+
+    @router.post("/api/search/hybrid")
+    async def hybrid_search(req: HybridSearchRequest, request: Request) -> Dict[str, Any]:
+        try:
+            return _guarded(request).hybrid_search(
+                req.query,
+                limit=req.limit,
+                keyword_limit=req.keyword_limit,
+                vector_limit=req.vector_limit,
+                graph_limit=req.graph_limit,
+                weights=req.weights or DEFAULT_HYBRID_WEIGHTS,
+            )
+        except ValueError as exc:
+            _raise_graph_error(exc)
+
+    @router.get("/api/search/hybrid")
+    async def hybrid_search_get(q: str, request: Request, limit: int = 30) -> Dict[str, Any]:
+        try:
+            return _guarded(request).hybrid_search(q, limit=limit)
+        except ValueError as exc:
+            _raise_graph_error(exc)
+
+    @router.post("/api/search/keyword")
+    async def keyword_search(req: SearchRequest, request: Request) -> Dict[str, Any]:
+        try:
+            return _guarded(request).keyword_search(req.query, limit=req.limit)
+        except ValueError as exc:
+            _raise_graph_error(exc)
+
+    @router.get("/api/search/keyword")
+    async def keyword_search_get(q: str, request: Request, limit: int = 30) -> Dict[str, Any]:
+        try:
+            return _guarded(request).keyword_search(q, limit=limit)
+        except ValueError as exc:
+            _raise_graph_error(exc)
+
+    @router.post("/api/search/vector")
+    async def vector_search(req: VectorSearchRequest, request: Request) -> Dict[str, Any]:
+        try:
+            return _guarded(request).vector_search(req.query, limit=req.limit, min_score=req.min_score)
+        except ValueError as exc:
+            _raise_graph_error(exc)
+
+    @router.get("/api/search/vector")
+    async def vector_search_get(
+        q: str,
+        request: Request,
+        limit: int = 30,
+        min_score: float = 0.0,
+    ) -> Dict[str, Any]:
+        try:
+            return _guarded(request).vector_search(q, limit=limit, min_score=min_score)
+        except ValueError as exc:
+            _raise_graph_error(exc)
+
+    @router.get("/api/graph")
+    async def graph(request: Request, limit: int = 300) -> Dict[str, Any]:
+        try:
+            return _guarded(request).graph(limit=limit)
+        except ValueError as exc:
+            _raise_graph_error(exc)
+
+    @router.get("/api/graph/node")
+    async def graph_node(
+        node_id: str,
+        request: Request,
+        include_neighbors: bool = True,
+        depth: int = 1,
+        limit: int = 100,
+    ) -> Dict[str, Any]:
+        try:
+            return _guarded(request).node(
+                node_id,
+                include_neighbors=include_neighbors,
+                depth=depth,
+                limit=limit,
+            )
+        except ValueError as exc:
+            raise HTTPException(status_code=404, detail=str(exc)) from exc
+
+    @router.post("/api/graph/node")
+    async def graph_node_post(req: GraphNodeRequest, request: Request) -> Dict[str, Any]:
+        try:
+            return _guarded(request).node(
+                req.node_id,
+                include_neighbors=req.include_neighbors,
+                depth=req.depth,
+                limit=req.limit,
+            )
+        except ValueError as exc:
+            raise HTTPException(status_code=404, detail=str(exc)) from exc
+
+    @router.get("/api/graph/relationship")
+    async def graph_relationship(
+        request: Request,
+        q: str = "",
+        node_id: str = "",
+        relationship_type: str = "",
+        limit: int = 30,
+    ) -> Dict[str, Any]:
+        try:
+            return _guarded(request).relationships(
+                query=q,
+                node_id=node_id,
+                relationship_type=relationship_type,
+                limit=limit,
+            )
+        except ValueError as exc:
+            _raise_graph_error(exc)
+
+    @router.post("/api/graph/relationship")
+    async def graph_relationship_post(req: RelationshipSearchRequest, request: Request) -> Dict[str, Any]:
+        try:
+            return _guarded(request).relationships(
+                query=req.query,
+                node_id=req.node_id,
+                relationship_type=req.relationship_type,
+                limit=req.limit,
+            )
+        except ValueError as exc:
+            _raise_graph_error(exc)
+
+    @router.get("/api/index/status")
+    async def index_status(request: Request) -> Dict[str, Any]:
+        try:
+            return _guarded(request).index_status()
+        except ValueError as exc:
+            _raise_graph_error(exc)
+
+    @router.post("/api/index/rebuild")
+    async def index_rebuild(req: IndexRebuildRequest, request: Request) -> Dict[str, Any]:
+        try:
+            return _guarded(request).rebuild_index(
+                full=req.full,
+                include_nodes=req.include_nodes,
+                include_chunks=req.include_chunks,
+            )
+        except ValueError as exc:
+            _raise_graph_error(exc)
+
+    @router.get("/api/embeddings/status")
+    async def embeddings_status(request: Request, refresh: bool = False) -> Dict[str, Any]:
+        require_user(request)
+        resolved = embedding_info() if embedding_info else {}
+        try:
+            return service.embeddings_status(resolved=resolved, refresh=refresh)
+        except ValueError as exc:
+            _raise_graph_error(exc)
+
+    @router.get("/api/embeddings/providers")
+    async def embeddings_providers(request: Request) -> Dict[str, Any]:
+        require_user(request)
+        resolved = embedding_info() if embedding_info else {}
+        profiles = resolved.get("profiles") or embedding_provider_profiles()
+        return {
+            "active": resolved.get("active_provider"),
+            "requested": resolved.get("requested_provider"),
+            "profile": resolved.get("profile") or "",
+            "profiles": profiles,
+            "providers": [
+                {"id": "hash", "label": "Local hash (fallback)", "grade": "fallback",
+                 "requires": [], "detail": "Deterministic offline vectors — always available."},
+                {"id": "mlx", "label": "MLX (Apple Silicon)", "grade": "production",
+                 "requires": ["LATTICEAI_EMBEDDING_MODEL"], "detail": "Local embedding model via MLX."},
+                {"id": "ollama", "label": "Ollama", "grade": "production",
+                 "requires": ["LATTICEAI_EMBEDDING_MODEL", "LATTICEAI_EMBEDDING_BASE_URL"],
+                 "detail": "Local/remote Ollama embedding server."},
+                {"id": "openai", "label": "OpenAI-compatible", "grade": "production",
+                 "requires": ["LATTICEAI_EMBEDDING_MODEL", "LATTICEAI_EMBEDDING_BASE_URL", "LATTICEAI_EMBEDDING_API_KEY"],
+                 "detail": "Any /v1/embeddings endpoint (OpenAI, LM Studio, vLLM, …)."},
+                {"id": "custom", "label": "Custom callable", "grade": "production",
+                 "requires": ["LATTICEAI_EMBEDDING_CUSTOM_TARGET"],
+                 "detail": "User-supplied module:callable returning vectors."},
+            ],
+        }
+
+    return router

package/latticeai/api/static_routes.py

@@ -107,8 +107,17 @@ def create_static_routes_router(
     @api_router.get("/chat")
     async def chat_page(request: Request):
         return ui_file_response(STATIC_DIR / "chat.html")
-    
-    
+
+
+    @api_router.get("/app")
+    async def app_shell(request: Request):
+        """v3 single-page workspace shell (token-native design system)."""
+        page = STATIC_DIR / "v3" / "index.html"
+        if not page.exists():
+            raise HTTPException(status_code=404, detail="v3 shell not found.")
+        return ui_file_response(page)
+
+
     @api_router.get("/admin")
     async def admin_page():
         admin_path = STATIC_DIR / "admin.html"

package/latticeai/core/config.py

@@ -93,6 +93,16 @@ class Config:
     local_draft_model: str
     auto_read_chat_paths: bool
 
+    # ── embeddings (retrieval vector signal) ────────────────────────
+    embedding_provider: str
+    embedding_profile: str
+    embedding_model: str
+    embedding_base_url: str
+    embedding_api_key: str
+    embedding_dim: int
+    embedding_timeout: int
+    embedding_custom_target: str
+
     # ── SSO / OIDC ──────────────────────────────────────────────────
     sso_discovery_url: str
     sso_client_id: str
@@ -164,6 +174,14 @@ class Config:
             local_model=local_model,
             local_draft_model=_value(env, "LATTICEAI_LOCAL_DRAFT_MODEL", ""),
             auto_read_chat_paths=_bool(env, "LATTICEAI_AUTO_READ_CHAT_PATHS", default=False),
+            embedding_provider=_value(env, "LATTICEAI_EMBEDDING_PROVIDER", "hash").strip().lower(),
+            embedding_profile=_value(env, "LATTICEAI_EMBEDDING_PROFILE", "").strip().lower(),
+            embedding_model=_value(env, "LATTICEAI_EMBEDDING_MODEL", ""),
+            embedding_base_url=_value(env, "LATTICEAI_EMBEDDING_BASE_URL", ""),
+            embedding_api_key=_value(env, "LATTICEAI_EMBEDDING_API_KEY", ""),
+            embedding_dim=_int(env, "LATTICEAI_VECTOR_DIM", 0),
+            embedding_timeout=_int(env, "LATTICEAI_EMBEDDING_TIMEOUT", 30),
+            embedding_custom_target=_value(env, "LATTICEAI_EMBEDDING_CUSTOM_TARGET", ""),
             sso_discovery_url=_value(env, "OIDC_DISCOVERY_URL", ""),
             sso_client_id=_value(env, "OIDC_CLIENT_ID", ""),
             sso_client_secret=_value(env, "OIDC_CLIENT_SECRET", ""),