MindsDB 25.8.2.0__py3-none-any.whl → 25.9.1.0__py3-none-any.whl

mindsdb/api/a2a/task_manager.py

@@ -1,4 +1,4 @@
-from typing import AsyncIterable
+from typing import AsyncIterable, Dict
 from mindsdb.api.a2a.common.types import (
     SendTaskRequest,
     TaskSendParams,
@@ -18,12 +18,13 @@ from mindsdb.api.a2a.common.types import (
 )
 from mindsdb.api.a2a.common.server.task_manager import InMemoryTaskManager
 from mindsdb.api.a2a.agent import MindsDBAgent
-from mindsdb.api.a2a.utils import to_serializable
+from mindsdb.api.a2a.utils import to_serializable, convert_a2a_message_to_qa_format
 
 from typing import Union
 import logging
 import asyncio
 import time
+import traceback
 
 logger = logging.getLogger(__name__)
 
@@ -46,19 +47,15 @@ class AgentTaskManager(InMemoryTaskManager):
     def __init__(
         self,
         project_name: str,
-        mindsdb_host: str,
-        mindsdb_port: int,
         agent_name: str = None,
     ):
         super().__init__()
         self.project_name = project_name
-        self.mindsdb_host = mindsdb_host
-        self.mindsdb_port = mindsdb_port
         self.agent_name = agent_name
         self.tasks = {}  # Task storage
         self.lock = asyncio.Lock()  # Lock for task operations
 
-    def _create_agent(self, agent_name: str = None) -> MindsDBAgent:
+    def _create_agent(self, user_info: Dict, agent_name: str = None) -> MindsDBAgent:
         """Create a new MindsDBAgent instance for the given agent name."""
         if not agent_name:
             raise ValueError("Agent name is required but was not provided in the request")
@@ -66,11 +63,12 @@ class AgentTaskManager(InMemoryTaskManager):
         return MindsDBAgent(
             agent_name=agent_name,
             project_name=self.project_name,
-            host=self.mindsdb_host,
-            port=self.mindsdb_port,
+            user_info=user_info,
         )
 
-    async def _stream_generator(self, request: SendTaskStreamingRequest) -> AsyncIterable[SendTaskStreamingResponse]:
+    async def _stream_generator(
+        self, request: SendTaskStreamingRequest, user_info: Dict
+    ) -> AsyncIterable[SendTaskStreamingResponse]:
         task_send_params: TaskSendParams = request.params
         query = self._get_user_query(task_send_params)
         params = self._get_task_params(task_send_params)
@@ -92,24 +90,10 @@ class AgentTaskManager(InMemoryTaskManager):
             yield error_result
             return  # Early return from generator
 
-        agent = self._create_agent(agent_name)
+        agent = self._create_agent(user_info, agent_name)
 
-        # Get the history from the task
+        # Get the history from the task object (where it was properly extracted and stored)
         history = task.history if task and task.history else []
-        logger.info(f"Using history with length {len(history)} for request")
-
-        # Log the history for debugging
-        logger.info(f"Conversation history for task {task_send_params.id}:")
-        for idx, msg in enumerate(history):
-            # Convert Message object to dict if needed
-            msg_dict = msg.dict() if hasattr(msg, "dict") else msg
-            role = msg_dict.get("role", "unknown")
-            text = ""
-            for part in msg_dict.get("parts", []):
-                if part.get("type") == "text":
-                    text = part.get("text", "")
-                    break
-            logger.info(f"Message {idx + 1} ({role}): {text[:100]}...")
 
         if not streaming:
             # If streaming is disabled, use invoke and return a single response
@@ -182,24 +166,24 @@ class AgentTaskManager(InMemoryTaskManager):
 
         # If streaming is enabled (default), use the streaming implementation
         try:
-            logger.debug(f"[TaskManager] Entering agent.stream() at {time.time()}")
-            # Transform to agent-compatible format
-            agent_messages = to_question_format(
-                [
-                    {
-                        "role": task_send_params.message.role,
-                        "parts": task_send_params.message.parts,
-                        "metadata": task_send_params.message.metadata,
-                    }
-                ]
-            )
-            async for item in agent.streaming_invoke(agent_messages, timeout=60):
+            logger.debug(f"Entering agent.stream() at {time.time()}")
+            # Create A2A message structure and convert using centralized utility
+            a2a_message = task_send_params.message.model_dump()
+            logger.debug(f"History: {history}")
+            if history:
+                a2a_message["history"] = [msg.model_dump() if hasattr(msg, "model_dump") else msg for msg in history]
+
+            # Convert to Q&A format using centralized utility function
+            all_messages = convert_a2a_message_to_qa_format(a2a_message)
+
+            async for item in agent.streaming_invoke(all_messages, timeout=60):
                 # Clean up: Remove verbose debug logs, keep only errors and essential info
                 if isinstance(item, dict) and "artifact" in item and "parts" in item["artifact"]:
                     item["artifact"]["parts"] = [to_serializable(p) for p in item["artifact"]["parts"]]
                 yield to_serializable(item)
         except Exception as e:
             logger.error(f"An error occurred while streaming the response: {e}")
+            logger.error(traceback.format_exc())
             error_text = f"An error occurred while streaming the response: {str(e)}"
             # Ensure all parts are plain dicts
             parts = [{"type": "text", "text": error_text}]
@@ -235,19 +219,23 @@ class AgentTaskManager(InMemoryTaskManager):
                 message = task_send_params.message
                 message_dict = message.dict() if hasattr(message, "dict") else message
 
-                # Get history from request if available
+                # Get history from request if available - check both locations
                 history = []
+
+                # First check if history is at top level (task_send_params.history)
                 if hasattr(task_send_params, "history") and task_send_params.history:
-                    # Convert each history item to dict if needed and ensure proper role
+                    # Convert each history item to dict if needed
                     for item in task_send_params.history:
-                        item_dict = item.dict() if hasattr(item, "dict") else item
-                        # Ensure the role is properly set
-                        if "role" not in item_dict:
-                            item_dict["role"] = "assistant" if "answer" in item_dict else "user"
+                        item_dict = item.model_dump() if hasattr(item, "model_dump") else item
+                        history.append(item_dict)
+                # Also check if history is nested under message (message.history)
+                elif hasattr(task_send_params.message, "history") and task_send_params.message.history:
+                    for item in task_send_params.message.history:
+                        item_dict = item.model_dump() if hasattr(item, "model_dump") else item
                         history.append(item_dict)
 
-                # Add current message to history
-                history.append(message_dict)
+                # DO NOT add current message to history - it should be processed separately
+                # The current message will be extracted during streaming from task_send_params.message
 
                 # Create a new task
                 task = Task(
@@ -321,27 +309,27 @@ class AgentTaskManager(InMemoryTaskManager):
 
         return None
 
-    async def on_send_task(self, request: SendTaskRequest) -> SendTaskResponse:
+    async def on_send_task(self, request: SendTaskRequest, user_info: Dict) -> SendTaskResponse:
         error = self._validate_request(request)
         if error:
             return error
 
-        return await self._invoke(request)
+        return await self._invoke(request, user_info=user_info)
 
     async def on_send_task_subscribe(
-        self, request: SendTaskStreamingRequest
+        self, request: SendTaskStreamingRequest, user_info: Dict
     ) -> AsyncIterable[SendTaskStreamingResponse]:
         error = self._validate_request(request)
         if error:
-            logger.info(f"[TaskManager] Yielding error at {time.time()} for invalid request: {error}")
+            logger.info(f"Yielding error at {time.time()} for invalid request: {error}")
             yield to_serializable(SendTaskStreamingResponse(id=request.id, error=to_serializable(error.error)))
             return
 
         # We can't await an async generator directly, so we need to use it as is
         try:
-            logger.debug(f"[TaskManager] Entering streaming path at {time.time()}")
-            async for response in self._stream_generator(request):
-                logger.debug(f"[TaskManager] Yielding streaming response at {time.time()} with: {str(response)[:120]}")
+            logger.debug(f"Entering streaming path at {time.time()}")
+            async for response in self._stream_generator(request, user_info):
+                logger.debug(f"Yielding streaming response at {time.time()} with: {str(response)[:120]}")
                 yield response
         except Exception as e:
             # If an error occurs, yield an error response
@@ -420,13 +408,13 @@ class AgentTaskManager(InMemoryTaskManager):
             "session_id": task_send_params.sessionId,
         }
 
-    async def _invoke(self, request: SendTaskRequest) -> SendTaskResponse:
+    async def _invoke(self, request: SendTaskRequest, user_info: Dict) -> SendTaskResponse:
         task_send_params: TaskSendParams = request.params
         query = self._get_user_query(task_send_params)
         params = self._get_task_params(task_send_params)
         agent_name = params["agent_name"]
         streaming = params["streaming"]
-        agent = self._create_agent(agent_name)
+        agent = self._create_agent(user_info, agent_name)
 
         try:
             # Get the history from the task

mindsdb/api/a2a/utils.py

@@ -1,3 +1,9 @@
+from typing import Dict, List
+from mindsdb.utilities.log import getLogger
+
+logger = getLogger(__name__)
+
+
 def to_serializable(obj):
     # Primitives
     if isinstance(obj, (str, int, float, bool, type(None))):
@@ -19,3 +25,60 @@ def to_serializable(obj):
         return [to_serializable(v) for v in obj]
     # Fallback: string
     return str(obj)
+
+
+def convert_a2a_message_to_qa_format(a2a_message: Dict) -> List[Dict[str, str]]:
+    """
+    Convert A2A message format to question/answer format.
+
+    This is the format that the langchain agent expects and ensure effective multi-turn conversation
+
+    Args:
+        a2a_message: A2A message containing history and current message parts
+
+    Returns:
+        List of messages in question/answer format
+    """
+    converted_messages = []
+
+    # Process conversation history first
+    if "history" in a2a_message and a2a_message["history"] is not None:
+        for hist_msg in a2a_message["history"]:
+            if hist_msg.get("role") == "user":
+                # Extract text from parts
+                text = ""
+                for part in hist_msg.get("parts", []):
+                    if part.get("type") == "text":
+                        text = part.get("text", "")
+                        break
+                # Create question with empty answer initially
+                converted_messages.append({"question": text, "answer": ""})
+            elif hist_msg.get("role") in ["agent", "assistant"]:
+                # Extract text from parts
+                text = ""
+                for part in hist_msg.get("parts", []):
+                    if part.get("type") == "text":
+                        text = part.get("text", "")
+                        break
+                # Pair with the most recent question that has empty answer
+                paired = False
+                for i in range(len(converted_messages) - 1, -1, -1):
+                    if converted_messages[i].get("answer") == "":
+                        converted_messages[i]["answer"] = text
+                        paired = True
+                        break
+
+                if not paired:
+                    logger.warning("Could not pair agent response with question (no empty answer found)")
+
+        logger.debug(f"Converted {len(a2a_message['history'])} A2A history messages to Q&A format")
+
+    # Add current message as final question with empty answer
+    current_text = ""
+    for part in a2a_message.get("parts", []):
+        if part.get("type") == "text":
+            current_text = part.get("text", "")
+            break
+    converted_messages.append({"question": current_text, "answer": ""})
+
+    return converted_messages

mindsdb/api/common/middleware.py

@@ -0,0 +1,106 @@
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.responses import JSONResponse
+from starlette.requests import Request
+from http import HTTPStatus
+from typing import Optional
+import secrets
+import hmac
+import hashlib
+import os
+import traceback
+
+from mindsdb.utilities import log
+from mindsdb.utilities.config import config
+
+logger = log.getLogger(__name__)
+
+SECRET_KEY = os.environ.get("AUTH_SECRET_KEY") or secrets.token_urlsafe(32)
+# We store token (fingerprints) in memory, which means everyone is logged out if the process restarts
+TOKENS = []
+
+
+def get_pat_fingerprint(token: str) -> str:
+    """Hash the token with HMAC-SHA256 using secret_key as pepper."""
+    return hmac.new(SECRET_KEY.encode(), token.encode(), hashlib.sha256).hexdigest()
+
+
+def generate_pat() -> str:
+    logger.debug("Generating new auth token")
+    token = "pat_" + secrets.token_urlsafe(32)
+    TOKENS.append(get_pat_fingerprint(token))
+    return token
+
+
+def verify_pat(raw_token: str) -> bool:
+    """Verify if the raw_token matches a stored fingerprint.
+    Returns token_id if valid, None if not.
+    """
+    if not raw_token:
+        return False
+    fp = get_pat_fingerprint(raw_token)
+    for stored_fp in TOKENS:
+        if hmac.compare_digest(fp, stored_fp):
+            return True
+    return False
+
+
+def revoke_pat(raw_token: str) -> bool:
+    """Revoke raw_token from active tokens"""
+    if not raw_token:
+        return False
+    fp = get_pat_fingerprint(raw_token)
+    for stored_fp in TOKENS:
+        if hmac.compare_digest(fp, stored_fp):
+            TOKENS.remove(stored_fp)
+            return True
+    return False
+
+
+class PATAuthMiddleware(BaseHTTPMiddleware):
+    def _extract_bearer(self, request: Request) -> Optional[str]:
+        h = request.headers.get("Authorization")
+        if not h or not h.startswith("Bearer "):
+            return None
+        return h.split(" ", 1)[1].strip() or None
+
+    async def dispatch(self, request: Request, call_next):
+        if config.get("auth", {}).get("http_auth_enabled", False) is False:
+            return await call_next(request)
+
+        token = self._extract_bearer(request)
+        if not token or not verify_pat(token):
+            return JSONResponse({"detail": "Unauthorized"}, status_code=HTTPStatus.UNAUTHORIZED)
+
+        request.state.user = config["auth"].get("username")
+        return await call_next(request)
+
+
+# Used by mysql and postgres protocols
+def check_auth(username, password, scramble_func, salt, company_id, config):
+    try:
+        hardcoded_user = config["auth"].get("username")
+        hardcoded_password = config["auth"].get("password")
+        if hardcoded_password is None:
+            hardcoded_password = ""
+        hardcoded_password_hash = scramble_func(hardcoded_password, salt)
+        hardcoded_password = hardcoded_password.encode()
+
+        if password is None:
+            password = ""
+        if isinstance(password, str):
+            password = password.encode()
+
+        if username != hardcoded_user:
+            logger.warning(f"Check auth, user={username}: user mismatch")
+            return {"success": False}
+
+        if password != hardcoded_password and password != hardcoded_password_hash:
+            logger.warning(f"check auth, user={username}: password mismatch")
+            return {"success": False}
+
+        logger.info(f"Check auth, user={username}: Ok")
+        return {"success": True, "username": username}
+    except Exception as e:
+        logger.error(f"Check auth, user={username}: ERROR")
+        logger.error(e)
+        logger.error(traceback.format_exc())

mindsdb/api/http/initialize.py

@@ -1,5 +1,4 @@
 import os
-import secrets
 import mimetypes
 import threading
 import traceback
@@ -27,7 +26,7 @@ from mindsdb.api.http.namespaces.chatbots import ns_conf as chatbots_ns
 from mindsdb.api.http.namespaces.jobs import ns_conf as jobs_ns
 from mindsdb.api.http.namespaces.config import ns_conf as conf_ns
 from mindsdb.api.http.namespaces.databases import ns_conf as databases_ns
-from mindsdb.api.http.namespaces.default import ns_conf as default_ns, check_auth
+from mindsdb.api.http.namespaces.default import ns_conf as default_ns
 from mindsdb.api.http.namespaces.file import ns_conf as file_ns
 from mindsdb.api.http.namespaces.handlers import ns_conf as handlers_ns
 from mindsdb.api.http.namespaces.knowledge_bases import ns_conf as knowledge_bases_ns
@@ -53,6 +52,7 @@ from mindsdb.utilities.json_encoder import CustomJSONProvider
 from mindsdb.utilities.ps import is_pid_listen_port, wait_func_is_true
 from mindsdb.utilities.sentry import sentry_sdk  # noqa: F401
 from mindsdb.utilities.otel import trace  # noqa: F401
+from mindsdb.api.common.middleware import verify_pat
 
 logger = log.getLogger(__name__)
 
@@ -314,12 +314,19 @@ def initialize_app(config, no_studio):
         ctx.set_default()
         config = Config()
 
+        h = request.headers.get("Authorization")
+        if not h or not h.startswith("Bearer "):
+            bearer = None
+        else:
+            bearer = h.split(" ", 1)[1].strip() or None
+
         # region routes where auth is required
         if (
             config["auth"]["http_auth_enabled"] is True
             and any(request.path.startswith(f"/api{ns.path}") for ns in protected_namespaces)
-            and check_auth() is False
+            and verify_pat(bearer) is False
         ):
+            logger.debug(f"Auth failed for path {request.path}")
             return http_error(
                 HTTPStatus.UNAUTHORIZED,
                 "Unauthorized",
@@ -340,29 +347,23 @@ def initialize_app(config, no_studio):
         except Exception:
             user_id = 0
 
-        try:
-            session_id = request.cookies.get("session")
-        except Exception:
-            session_id = "unknown"
-
         if company_id is not None:
             try:
                 company_id = int(company_id)
             except Exception as e:
-                logger.error(f"Cloud not parse company id: {company_id} | exception: {e}")
+                logger.error(f"Could not parse company id: {company_id} | exception: {e}")
                 company_id = None
 
         if user_class is not None:
             try:
                 user_class = int(user_class)
             except Exception as e:
-                logger.error(f"Cloud not parse user_class: {user_class} | exception: {e}")
+                logger.error(f"Could not parse user_class: {user_class} | exception: {e}")
                 user_class = 0
         else:
             user_class = 0
 
         ctx.user_id = user_id
-        ctx.session_id = session_id
         ctx.company_id = company_id
         ctx.user_class = user_class
         ctx.email_confirmed = email_confirmed
@@ -394,14 +395,11 @@ def initialize_flask(config, init_static_thread, no_studio):
     FlaskInstrumentor().instrument_app(app)
     RequestsInstrumentor().instrument()
 
-    app.config["SECRET_KEY"] = os.environ.get("FLASK_SECRET_KEY", secrets.token_hex(32))
-    app.config["SESSION_COOKIE_NAME"] = "session"
-    app.config["PERMANENT_SESSION_LIFETIME"] = config["auth"]["http_permanent_session_lifetime"]
     app.config["SEND_FILE_MAX_AGE_DEFAULT"] = 60
     app.config["SWAGGER_HOST"] = "http://localhost:8000/mindsdb"
     app.json = CustomJSONProvider()
 
-    authorizations = {"apikey": {"type": "session", "in": "query", "name": "session"}}
+    authorizations = {"apikey": {"type": "apiKey", "in": "header", "name": "Authorization"}}
 
     logger.debug("Creating swagger API..")
     api = Swagger_Api(

mindsdb/api/http/namespaces/agents.py

@@ -323,15 +323,16 @@ class AgentCompletionsStream(Resource):
     @ns_conf.doc("agent_completions_stream")
     @api_endpoint_metrics("POST", "/agents/agent/completions/stream")
     def post(self, project_name, agent_name):
-        logger.info(f"Received streaming request for agent {agent_name} in project {project_name}")
-
-        # Check for required parameters.
+        # Extract messages from request (HTTP format only)
         if "messages" not in request.json:
-            logger.error("Missing 'messages' parameter in request body")
             return http_error(
-                HTTPStatus.BAD_REQUEST, "Missing parameter", 'Must provide "messages" parameter in POST body'
+                HTTPStatus.BAD_REQUEST,
+                "Missing parameter",
+                'Must provide "messages" parameter in POST body',
             )
 
+        messages = request.json["messages"]
+
         session = SessionController()
         try:
             existing_agent = session.agents_controller.get_agent(agent_name, project_name=project_name)
@@ -346,8 +347,6 @@ class AgentCompletionsStream(Resource):
                 HTTPStatus.NOT_FOUND, "Project not found", f"Project with name {project_name} does not exist"
             )
 
-        messages = request.json["messages"]
-
         try:
             gen = _completion_event_generator(agent_name, messages, project_name)
             logger.info(f"Starting streaming response for agent {agent_name}")

mindsdb/api/http/namespaces/auth.py

@@ -4,7 +4,7 @@ import time
 import urllib
 
 import requests
-from flask import redirect, request, session, url_for
+from flask import redirect, request, url_for
 from flask_restx import Resource
 
 from mindsdb.api.http.namespaces.configs.auth import ns_conf
@@ -21,9 +21,7 @@ def get_access_token() -> str:
     Returns:
         str: token
     """
-    return (
-        Config().get("auth", {}).get("oauth", {}).get("tokens", {}).get("access_token")
-    )
+    return Config().get("auth", {}).get("oauth", {}).get("tokens", {}).get("access_token")
 
 
 def request_user_info(access_token: str = None) -> dict:
@@ -58,7 +56,7 @@ def request_user_info(access_token: str = None) -> dict:
 @ns_conf.hide
 class Auth(Resource):
     @ns_conf.doc(params={"code": "authentification code"})
-    @api_endpoint_metrics('GET', '/auth/code')
+    @api_endpoint_metrics("GET", "/auth/code")
     def get(self):
         """callback from auth server if authentification is successful"""
         config = Config()
@@ -72,9 +70,7 @@ class Auth(Resource):
         client_id = oauth_meta["client_id"]
         client_secret = oauth_meta["client_secret"]
         auth_server = oauth_meta["server_host"]
-        client_basic = base64.b64encode(
-            f"{client_id}:{client_secret}".encode()
-        ).decode()
+        client_basic = base64.b64encode(f"{client_id}:{client_secret}".encode()).decode()
 
         redirect_uri = f"https://{public_hostname}{request.path}"
         response = requests.post(
@@ -115,7 +111,7 @@ class Auth(Resource):
                     "public_hostname": public_hostname,
                     "ami_id": aws_meta_data.get("ami-id"),
                 },
-                headers={"Authorization": f'Bearer {tokens["access_token"]}'},
+                headers={"Authorization": f"Bearer {tokens['access_token']}"},
                 timeout=5,
             )
             if resp.status_code != 200:
@@ -123,10 +119,6 @@ class Auth(Resource):
         except Exception as e:
             logger.warning(f"Cant't send request to cloud server: {e}")
 
-        session["username"] = user_data["name"]
-        session["auth_provider"] = "cloud"
-        session.permanent = True
-
         if request.path.endswith("/auth/callback/cloud_home"):
             return redirect(f"https://{auth_server}")
         else:
@@ -140,7 +132,7 @@ class CloudLoginRoute(Resource):
         responses={302: "Redirect to auth server"},
         params={"location": "final redirection should lead to that location"},
     )
-    @api_endpoint_metrics('GET', '/auth/cloud_login')
+    @api_endpoint_metrics("GET", "/auth/cloud_login")
     def get(self):
         """redirect to cloud login form"""
         location = request.args.get("location")

mindsdb/api/http/namespaces/config.py

@@ -32,8 +32,6 @@ class GetConfig(Resource):
             value = config.get(key)
             if value is not None:
                 resp[key] = value
-        if "a2a" in config["api"]:
-            resp["a2a"] = config["api"]["a2a"]
         return resp
 
     @ns_conf.doc("put_config")