pylance-mcp-server 1.0.0

package/mcp_server/api_routes.py

@@ -0,0 +1,429 @@
+"""
+REST API Routes
+
+HTTP API endpoints wrapping MCP tools for web/mobile clients.
+"""
+
+import logging
+from typing import List, Dict, Any, Optional
+from fastapi import APIRouter, Depends, HTTPException
+from pydantic import BaseModel, Field
+
+from mcp_server.auth import verify_api_key_header, auth_service
+from mcp_server import ai_features
+
+logger = logging.getLogger(__name__)
+
+# Create API router
+api_router = APIRouter(prefix="/api/v1", tags=["API"])
+
+
+# ==================== REQUEST/RESPONSE MODELS ====================
+
+class AnalyzeCodeRequest(BaseModel):
+    """Request model for code analysis."""
+    file_path: str = Field(..., description="Path to Python file (relative to workspace)")
+    content: str = Field(..., description="Python code content to analyze")
+    include_type_check: bool = Field(True, description="Run full type checking")
+
+
+class AnalyzeCodeResponse(BaseModel):
+    """Response model for code analysis."""
+    diagnostics: List[Dict[str, Any]]
+    summary: Dict[str, Any]
+    file_path: str
+
+
+class CompletionRequest(BaseModel):
+    """Request model for code completions."""
+    file_path: str
+    content: str
+    line: int = Field(..., description="Line number (0-indexed)")
+    character: int = Field(..., description="Character position (0-indexed)")
+
+
+class CompletionResponse(BaseModel):
+    """Response model for completions."""
+    completions: List[Dict[str, Any]]
+    count: int
+
+
+class HoverRequest(BaseModel):
+    """Request model for hover information."""
+    file_path: str
+    content: str
+    line: int
+    character: int
+
+
+class HoverResponse(BaseModel):
+    """Response model for hover info."""
+    documentation: str
+    type_info: Optional[str] = None
+
+
+class DiagnosticsRequest(BaseModel):
+    """Request model for diagnostics."""
+    file_path: str
+    content: str
+
+
+class DiagnosticsResponse(BaseModel):
+    """Response model for diagnostics."""
+    errors: List[Dict[str, Any]]
+    warnings: List[Dict[str, Any]]
+    information: List[Dict[str, Any]]
+    summary: Dict[str, int]
+
+
+# ==================== API ENDPOINTS ====================
+
+@api_router.post("/analyze", response_model=AnalyzeCodeResponse)
+async def analyze_code(
+    request: AnalyzeCodeRequest,
+    user: dict = Depends(verify_api_key_header)
+):
+    """
+    Analyze Python code for errors, warnings, and type issues.
+    
+    Returns comprehensive diagnostics with severity levels.
+    """
+    try:
+        from server import tools
+        
+        if not tools:
+            raise HTTPException(status_code=503, detail="Server not initialized")
+        
+        # Get diagnostics
+        diagnostics = tools.get_diagnostics(request.file_path, request.content)
+        
+        # If type checking requested, add full type check
+        if request.include_type_check:
+            type_check_result = tools.type_check(
+                file_path=request.file_path,
+                content=request.content
+            )
+            diagnostics.extend(type_check_result.get("diagnostics", []))
+        
+        # Summarize by severity
+        summary = {
+            "total_errors": sum(1 for d in diagnostics if d.get("severity") == "error"),
+            "total_warnings": sum(1 for d in diagnostics if d.get("severity") == "warning"),
+            "total_info": sum(1 for d in diagnostics if d.get("severity") in ["information", "hint"])
+        }
+        
+        # Log usage
+        await auth_service.log_usage(user["api_key"], "analyze", tokens=len(request.content))
+        
+        return AnalyzeCodeResponse(
+            diagnostics=diagnostics,
+            summary=summary,
+            file_path=request.file_path
+        )
+        
+    except Exception as e:
+        logger.error(f"Analyze error: {e}")
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+@api_router.post("/complete", response_model=CompletionResponse)
+async def get_completions(
+    request: CompletionRequest,
+    user: dict = Depends(verify_api_key_header)
+):
+    """
+    Get code completions at a specific position.
+    
+    Returns intelligent suggestions with type information.
+    """
+    try:
+        from server import tools
+        
+        if not tools:
+            raise HTTPException(status_code=503, detail="Server not initialized")
+        
+        completions = tools.get_completions(
+            file_path=request.file_path,
+            line=request.line,
+            character=request.character,
+            content=request.content
+        )
+        
+        # Log usage
+        await auth_service.log_usage(user["api_key"], "complete", tokens=len(request.content))
+        
+        return CompletionResponse(
+            completions=completions,
+            count=len(completions)
+        )
+        
+    except Exception as e:
+        logger.error(f"Completion error: {e}")
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+@api_router.post("/hover", response_model=HoverResponse)
+async def get_hover_info(
+    request: HoverRequest,
+    user: dict = Depends(verify_api_key_header)
+):
+    """
+    Get type information and documentation for a symbol.
+    
+    Returns hover information like in VS Code.
+    """
+    try:
+        from server import tools
+        
+        if not tools:
+            raise HTTPException(status_code=503, detail="Server not initialized")
+        
+        hover_text = tools.get_hover(
+            file_path=request.file_path,
+            line=request.line,
+            character=request.character,
+            content=request.content
+        )
+        
+        # Log usage
+        await auth_service.log_usage(user["api_key"], "hover")
+        
+        return HoverResponse(
+            documentation=hover_text,
+            type_info=hover_text  # Can be parsed further
+        )
+        
+    except Exception as e:
+        logger.error(f"Hover error: {e}")
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+@api_router.post("/diagnostics", response_model=DiagnosticsResponse)
+async def get_diagnostics(
+    request: DiagnosticsRequest,
+    user: dict = Depends(verify_api_key_header)
+):
+    """
+    Get all diagnostics (errors, warnings, info) for a file.
+    
+    Returns categorized diagnostics with line numbers.
+    """
+    try:
+        from server import tools
+        
+        if not tools:
+            raise HTTPException(status_code=503, detail="Server not initialized")
+        
+        all_diagnostics = tools.get_diagnostics(request.file_path, request.content)
+        
+        # Categorize by severity
+        errors = [d for d in all_diagnostics if d.get("severity") == "error"]
+        warnings = [d for d in all_diagnostics if d.get("severity") == "warning"]
+        information = [d for d in all_diagnostics if d.get("severity") in ["information", "hint"]]
+        
+        summary = {
+            "errors": len(errors),
+            "warnings": len(warnings),
+            "information": len(information)
+        }
+        
+        # Log usage
+        await auth_service.log_usage(user["api_key"], "diagnostics", tokens=len(request.content))
+        
+        return DiagnosticsResponse(
+            errors=errors,
+            warnings=warnings,
+            information=information,
+            summary=summary
+        )
+        
+    except Exception as e:
+        logger.error(f"Diagnostics error: {e}")
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+@api_router.get("/usage")
+async def get_usage_stats(user: dict = Depends(verify_api_key_header)):
+    """
+    Get API usage statistics for the current user.
+    
+    Returns request counts, rate limit status, and billing info.
+    """
+    try:
+        # TODO: Query Supabase usage_logs table
+        # For now, return mock data
+        return {
+            "user_id": user["user_id"],
+            "tier": user["tier"],
+            "current_period": {
+                "requests_made": 150,
+                "requests_limit": 5000 if user["tier"] == "pro" else 20,
+                "tokens_used": 45000,
+                "reset_at": "2025-12-19T00:00:00Z"
+            },
+            "rate_limit": {
+                "hourly_limit": 5000 if user["tier"] == "pro" else 20,
+                "daily_limit": 50000 if user["tier"] == "pro" else 100
+            }
+        }
+        
+    except Exception as e:
+        logger.error(f"Usage stats error: {e}")
+
+
+# ==================== AI FEATURES (PRO TIER ONLY) ====================
+
+class ExplainErrorRequest(BaseModel):
+    """Request model for AI type error explanations."""
+    code: str
+    error_message: str
+    file_path: str
+    line_number: int
+
+
+class ExplainErrorResponse(BaseModel):
+    """Response model for error explanations."""
+    explanation: str
+    model: str
+    tokens_used: int
+
+
+class EnhanceTypesRequest(BaseModel):
+    """Request model for AI type enhancement."""
+    code: str
+    file_path: str
+    existing_types: Optional[List[Dict[str, Any]]] = []
+
+
+class EnhanceTypesResponse(BaseModel):
+    """Response model for type enhancements."""
+    suggestions: str
+    model: str
+    tokens_used: int
+
+
+@api_router.post("/explain-error", response_model=ExplainErrorResponse)
+async def explain_type_error(
+    request: ExplainErrorRequest,
+    user: dict = Depends(verify_api_key_header)
+):
+    """
+    AI-powered type error explanation (PRO tier only).
+    
+    Uses Claude to explain type errors in beginner-friendly language with fix suggestions.
+    """
+    try:
+        # Check PRO tier
+        if user["tier"] != "pro":
+            raise HTTPException(
+                status_code=403,
+                detail="AI features require PRO tier. Upgrade at pylancemcp.com/pricing"
+            )
+        
+        result = await ai_features.explain_type_error(
+            code=request.code,
+            error_message=request.error_message,
+            file_path=request.file_path,
+            line_number=request.line_number
+        )
+        
+        if not result["success"]:
+            raise HTTPException(status_code=500, detail=result.get("error", "AI processing failed"))
+        
+        # Log usage
+        await auth_service.log_usage(
+            user["api_key"],
+            "explain-error",
+            tokens=result["tokens_used"]
+        )
+        
+        return ExplainErrorResponse(
+            explanation=result["explanation"],
+            model=result["model"],
+            tokens_used=result["tokens_used"]
+        )
+        
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Explain error failed: {e}")
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+@api_router.post("/enhance-types", response_model=EnhanceTypesResponse)
+async def enhance_type_annotations(
+    request: EnhanceTypesRequest,
+    user: dict = Depends(verify_api_key_header)
+):
+    """
+    AI-powered type annotation suggestions (PRO tier only).
+    
+    Uses Claude to suggest improved type annotations for Python code.
+    """
+    try:
+        # Check PRO tier
+        if user["tier"] != "pro":
+            raise HTTPException(
+                status_code=403,
+                detail="AI features require PRO tier. Upgrade at pylancemcp.com/pricing"
+            )
+        
+        result = await ai_features.enhance_type_annotations(
+            code=request.code,
+            file_path=request.file_path,
+            existing_types=request.existing_types or []
+        )
+        
+        if not result["success"]:
+            raise HTTPException(status_code=500, detail=result.get("error", "AI processing failed"))
+        
+        # Log usage
+        await auth_service.log_usage(
+            user["api_key"],
+            "enhance-types",
+            tokens=result["tokens_used"]
+        )
+        
+        return EnhanceTypesResponse(
+            suggestions=result["suggestions"],
+            model=result["model"],
+            tokens_used=result["tokens_used"]
+        )
+        
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Enhance types failed: {e}")
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+@api_router.post("/analyze-patterns")
+async def analyze_code_patterns_endpoint(
+    code: str,
+    diagnostics: List[Dict[str, Any]],
+    user: dict = Depends(verify_api_key_header)
+):
+    """
+    AI-powered code pattern analysis (PRO tier only).
+    
+    Identifies anti-patterns and suggests improvements.
+    """
+    try:
+        if user["tier"] != "pro":
+            raise HTTPException(status_code=403, detail="AI features require PRO tier")
+        
+        result = await ai_features.analyze_code_patterns(code, diagnostics)
+        
+        if not result["success"]:
+            raise HTTPException(status_code=500, detail=result.get("error"))
+        
+        await auth_service.log_usage(user["api_key"], "analyze-patterns", tokens=result["tokens_used"])
+        
+        return result
+        
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Pattern analysis failed: {e}")
+        raise HTTPException(status_code=500, detail=str(e))
+        raise HTTPException(status_code=500, detail=str(e))

package/mcp_server/auth.py

@@ -0,0 +1,275 @@
+"""
+Authentication Middleware
+
+Handles API key verification, subscription tier checks, and rate limiting.
+"""
+
+import logging
+import os
+from datetime import datetime, timedelta
+from typing import Optional, Dict, Any
+from fastapi import Header, HTTPException, Request
+from collections import defaultdict
+import asyncio
+import hashlib
+import requests
+
+logger = logging.getLogger(__name__)
+
+# In-memory rate limiting (use Redis in production)
+rate_limit_store: Dict[str, list] = defaultdict(list)
+
+
+class AuthService:
+    """Authentication and authorization service."""
+    
+    def __init__(self) -> None:
+        """Initialize auth service."""
+        self.appwrite_endpoint = os.getenv("APPWRITE_ENDPOINT") or os.getenv("VITE_APPWRITE_ENDPOINT")
+        self.appwrite_project_id = os.getenv("APPWRITE_PROJECT_ID") or os.getenv("VITE_APPWRITE_PROJECT_ID")
+        self.appwrite_api_key = os.getenv("APPWRITE_API_KEY")
+        self.appwrite_database_id = os.getenv("APPWRITE_DATABASE_ID") or os.getenv("VITE_APPWRITE_DATABASE_ID")
+        self.appwrite_user_profiles_collection_id = (
+            os.getenv("APPWRITE_USER_PROFILES_COLLECTION_ID")
+            or os.getenv("VITE_APPWRITE_USERS_COLLECTION_ID")
+        )
+        self.appwrite_api_keys_collection_id = (
+            os.getenv("APPWRITE_API_KEYS_COLLECTION_ID")
+            or os.getenv("VITE_APPWRITE_API_KEYS_COLLECTION_ID")
+        )
+
+        # Simple in-memory cache to reduce Appwrite calls: api_key_hash -> (expires_at_utc, user_info)
+        self._cache: Dict[str, Any] = {}
+        self._cache_ttl_seconds = int(os.getenv("AUTH_CACHE_TTL_SECONDS", "60"))
+        
+        # Rate limits per tier
+        self.rate_limits = {
+            "free": {"requests_per_hour": 20, "requests_per_day": 100},
+            "pro": {"requests_per_hour": 5000, "requests_per_day": 50000},
+        }
+
+    def _appwrite_headers(self) -> Dict[str, str]:
+        if not self.appwrite_project_id or not self.appwrite_api_key:
+            raise HTTPException(status_code=500, detail="Appwrite auth is not configured")
+
+        return {
+            "X-Appwrite-Project": self.appwrite_project_id,
+            "X-Appwrite-Key": self.appwrite_api_key,
+            "Content-Type": "application/json",
+        }
+
+    def _require_appwrite_config(self) -> None:
+        missing = []
+        if not self.appwrite_endpoint:
+            missing.append("APPWRITE_ENDPOINT")
+        if not self.appwrite_project_id:
+            missing.append("APPWRITE_PROJECT_ID")
+        if not self.appwrite_api_key:
+            missing.append("APPWRITE_API_KEY")
+        if not self.appwrite_database_id:
+            missing.append("APPWRITE_DATABASE_ID")
+        if not self.appwrite_user_profiles_collection_id:
+            missing.append("APPWRITE_USER_PROFILES_COLLECTION_ID")
+        if not self.appwrite_api_keys_collection_id:
+            missing.append("APPWRITE_API_KEYS_COLLECTION_ID")
+
+        if missing:
+            raise HTTPException(
+                status_code=500,
+                detail=f"Appwrite configuration missing: {', '.join(missing)}",
+            )
+
+    def _sha256_hex(self, value: str) -> str:
+        return hashlib.sha256(value.encode("utf-8")).hexdigest()
+
+    def _appwrite_query_equal(self, field: str, value: Any) -> str:
+        # Appwrite expects query strings like:
+        # - equal("field", ["value"]) for strings
+        # - equal("active", [true]) for booleans
+        if isinstance(value, bool):
+            return f'equal("{field}", [{"true" if value else "false"}])'
+
+        escaped = str(value).replace('"', '\\"')
+        return f'equal("{field}", ["{escaped}"])'
+
+    def _get(self, url: str, params: Optional[Dict[str, Any]] = None) -> Dict[str, Any]:
+        headers = self._appwrite_headers()
+        resp = requests.get(url, headers=headers, params=params, timeout=10)
+
+        if resp.status_code == 400:
+            logger.error("Appwrite request failed (400): %s", resp.text)
+            raise HTTPException(status_code=500, detail="Auth backend misconfigured")
+
+        if resp.status_code in (401, 403, 404):
+            raise HTTPException(status_code=401, detail="Invalid API key")
+
+        if resp.status_code >= 500:
+            logger.error("Appwrite request failed (%s): %s", resp.status_code, resp.text)
+            raise HTTPException(status_code=503, detail="Auth backend unavailable")
+
+        if resp.status_code >= 400:
+            logger.error("Appwrite request failed (%s): %s", resp.status_code, resp.text)
+            raise HTTPException(status_code=500, detail="Auth backend error")
+        return resp.json()
+
+    def _get_api_key_record_by_hash(self, api_key_hash: str) -> Optional[Dict[str, Any]]:
+        base = self.appwrite_endpoint.rstrip("/")
+        url = (
+            f"{base}/databases/{self.appwrite_database_id}/collections/{self.appwrite_api_keys_collection_id}/documents"
+        )
+
+        params = {
+            "queries[]": [
+                self._appwrite_query_equal("keyHash", api_key_hash),
+                self._appwrite_query_equal("active", True),
+                "limit(1)",
+            ]
+        }
+
+        data = self._get(url, params=params)
+        docs = data.get("documents", [])
+        if not docs:
+            return None
+        return docs[0]
+
+    def _get_user_profile(self, user_id: str) -> Optional[Dict[str, Any]]:
+        base = self.appwrite_endpoint.rstrip("/")
+        url = (
+            f"{base}/databases/{self.appwrite_database_id}/collections/{self.appwrite_user_profiles_collection_id}/documents/{user_id}"
+        )
+        try:
+            return self._get(url)
+        except HTTPException:
+            return None
+    
+    async def verify_api_key(self, api_key: str) -> Dict[str, Any]:
+        """
+        Verify API key and return user info with subscription tier.
+        
+        Args:
+            api_key: API key from request header
+            
+        Returns:
+            Dictionary with user_id, email, tier, and permissions
+            
+        Raises:
+            HTTPException: If API key is invalid or expired
+        """
+        if not api_key:
+            raise HTTPException(status_code=401, detail="API key required")
+        
+        # Allow test keys
+        if api_key.startswith("test_"):
+            return {
+                "user_id": "test_user",
+                "email": "test@example.com",
+                "tier": "pro",
+                "api_key": api_key,
+                "active": True
+            }
+
+        self._require_appwrite_config()
+
+        api_key_hash = self._sha256_hex(api_key)
+        now = datetime.utcnow()
+
+        cached = self._cache.get(api_key_hash)
+        if cached:
+            expires_at, user_info = cached
+            if expires_at > now:
+                return user_info
+            self._cache.pop(api_key_hash, None)
+
+        def lookup() -> Dict[str, Any]:
+            record = self._get_api_key_record_by_hash(api_key_hash)
+            if not record:
+                raise HTTPException(status_code=401, detail="Invalid API key")
+
+            user_id = record.get("userId") or record.get("user_id")
+            if not user_id:
+                raise HTTPException(status_code=401, detail="Invalid API key")
+
+            profile = self._get_user_profile(user_id) or {}
+            tier = profile.get("tier") or "free"
+            email = profile.get("email") or ""
+
+            user_info = {
+                "user_id": user_id,
+                "email": email,
+                "tier": tier,
+                "api_key": api_key,
+                "active": True,
+            }
+
+            return user_info
+
+        user_info = await asyncio.to_thread(lookup)
+        self._cache[api_key_hash] = (now + timedelta(seconds=self._cache_ttl_seconds), user_info)
+        return user_info
+    
+    async def check_rate_limit(self, api_key: str, tier: str) -> bool:
+        """
+        Check if request is within rate limits for the tier.
+        
+        Args:
+            api_key: User's API key
+            tier: Subscription tier (free/pro)
+            
+        Returns:
+            True if within limits, raises HTTPException otherwise
+        """
+        now = datetime.utcnow()
+        hour_ago = now - timedelta(hours=1)
+        
+        # Clean old entries
+        rate_limit_store[api_key] = [
+            ts for ts in rate_limit_store[api_key] if ts > hour_ago
+        ]
+        
+        # Check limit
+        current_count = len(rate_limit_store[api_key])
+        limit = self.rate_limits.get(tier, self.rate_limits["free"])["requests_per_hour"]
+        
+        if current_count >= limit:
+            raise HTTPException(
+                status_code=429,
+                detail=f"Rate limit exceeded. Limit: {limit} requests/hour. "
+                       f"Upgrade to Pro for higher limits."
+            )
+        
+        # Add current request
+        rate_limit_store[api_key].append(now)
+        return True
+    
+    async def log_usage(self, api_key: str, endpoint: str, tokens: int = 0) -> None:
+        """
+        Log API usage for analytics and billing.
+        
+        Args:
+            api_key: User's API key
+            endpoint: API endpoint called
+            tokens: Number of tokens processed (if applicable)
+        """
+        # TODO: Insert into Supabase usage_logs table
+        logger.info(f"Usage: {api_key[:8]}... -> {endpoint} ({tokens} tokens)")
+
+
+# Global auth service instance
+auth_service = AuthService()
+
+
+async def verify_api_key_header(
+    x_api_key: str = Header(..., description="Your API key")
+) -> Dict[str, Any]:
+    """
+    FastAPI dependency for API key verification.
+    
+    Usage:
+        @app.post("/api/v1/analyze")
+        async def analyze(user: dict = Depends(verify_api_key_header)):
+            # user has: user_id, email, tier, api_key, active
+            pass
+    """
+    user = await auth_service.verify_api_key(x_api_key)
+    await auth_service.check_rate_limit(x_api_key, user["tier"])
+    return user