agentgear-ai 0.1.16__py3-none-any.whl

agentgear/server/app/api/spans.py

@@ -0,0 +1,56 @@
+from fastapi import APIRouter, Depends, HTTPException, Query, Request, status
+from sqlalchemy.orm import Session
+
+from agentgear.server.app import schemas
+from agentgear.server.app.config import get_settings
+from agentgear.server.app.db import get_db
+from agentgear.server.app.models import Project, Run, Span
+from agentgear.server.app.deps import require_scopes
+
+router = APIRouter(prefix="/api/spans", tags=["spans"])
+
+
+@router.post("", response_model=schemas.SpanRead, status_code=status.HTTP_201_CREATED)
+def create_span(
+    payload: schemas.SpanCreate,
+    request: Request,
+    db: Session = Depends(get_db),
+    _: None = Depends(require_scopes(["runs.write"])),
+):
+    settings = get_settings()
+    project = db.query(Project).filter(Project.id == payload.project_id).first()
+    if not project:
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Project not found")
+    if not settings.local_mode and request.state.project_id and request.state.project_id != project.id:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Project mismatch")
+
+    run = db.query(Run).filter(Run.id == payload.run_id, Run.project_id == project.id).first()
+    if not run:
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Run not found")
+
+    span = Span(
+        project_id=project.id,
+        run_id=payload.run_id,
+        parent_id=payload.parent_id,
+        name=payload.name,
+        start_time=payload.start_time or run.created_at,
+        end_time=payload.end_time,
+        latency_ms=payload.latency_ms,
+        metadata_=payload.metadata,
+    )
+    db.add(span)
+    db.commit()
+    db.refresh(span)
+    return span
+
+
+@router.get("", response_model=list[schemas.SpanRead])
+def list_spans(
+    run_id: str | None = Query(default=None),
+    db: Session = Depends(get_db),
+):
+    query = db.query(Span)
+    if run_id:
+        query = query.filter(Span.run_id == run_id)
+    spans = query.order_by(Span.start_time.desc()).all()
+    return spans

agentgear/server/app/api/tokens.py

@@ -0,0 +1,67 @@
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy.orm import Session
+
+from agentgear.server.app import schemas
+from agentgear.server.app.auth import generate_token, hash_token
+from agentgear.server.app.db import get_db
+from agentgear.server.app.deps import require_project, require_scopes
+from agentgear.server.app.models import APIKey, Project
+
+router = APIRouter(prefix="/api/projects/{project_id}/tokens", tags=["tokens"])
+
+
+@router.post("", response_model=schemas.TokenWithSecret, status_code=status.HTTP_201_CREATED)
+def create_token(
+    project_id: str,
+    project: Project = Depends(require_project),
+    payload: schemas.TokenCreate = None,
+    db: Session = Depends(get_db),
+    _: None = Depends(require_scopes(["tokens.manage"])),
+):
+    scopes = payload.scopes if payload else ["runs.write", "prompts.read", "prompts.write", "tokens.manage"]
+    raw_token, hashed = generate_token()
+    record = APIKey(project_id=project.id, key_hash=hashed, scopes=scopes)
+    db.add(record)
+    db.commit()
+    db.refresh(record)
+    return schemas.TokenWithSecret(
+        id=record.id,
+        project_id=record.project_id,
+        scopes=record.scopes,
+        created_at=record.created_at,
+        revoked=record.revoked,
+        last_used_at=record.last_used_at,
+        token=raw_token,
+    )
+
+
+@router.get("", response_model=list[schemas.TokenRead])
+def list_tokens(
+    project_id: str,
+    project: Project = Depends(require_project),
+    db: Session = Depends(get_db),
+    _: None = Depends(require_scopes(["tokens.manage"])),
+):
+    tokens = db.query(APIKey).filter(APIKey.project_id == project.id).all()
+    return tokens
+
+
+@router.delete("/{token_id}", status_code=status.HTTP_204_NO_CONTENT)
+def revoke_token(
+    project_id: str,
+    token_id: str,
+    project: Project = Depends(require_project),
+    db: Session = Depends(get_db),
+    _: None = Depends(require_scopes(["tokens.manage"])),
+):
+    token = (
+        db.query(APIKey)
+        .filter(APIKey.id == token_id, APIKey.project_id == project.id, APIKey.revoked.is_(False))
+        .first()
+    )
+    if not token:
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Token not found")
+    token.revoked = True
+    db.add(token)
+    db.commit()
+    return None

agentgear/server/app/api/users.py

@@ -0,0 +1,116 @@
+from typing import List
+
+from fastapi import APIRouter, Depends, HTTPException, status, Request
+from sqlalchemy.orm import Session
+
+from agentgear.server.app import schemas
+from agentgear.server.app.auth import hash_password
+from agentgear.server.app.db import get_db
+from agentgear.server.app.models import User
+import secrets
+
+router = APIRouter(prefix="/api/users", tags=["users"])
+
+
+@router.get("", response_model=List[schemas.UserRead])
+def list_users(db: Session = Depends(get_db)):
+    return db.query(User).all()
+
+
+@router.post("", response_model=schemas.UserRead, status_code=status.HTTP_201_CREATED)
+def create_user(
+    payload: schemas.UserCreate, 
+    request: Request,
+    db: Session = Depends(get_db)
+):
+    # RBAC: Only admin can create users
+    if not hasattr(request.state, "role") or request.state.role != "admin":
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Admin access required")
+
+    # Check if user exists
+    if db.query(User).filter(User.username == payload.username).first():
+        raise HTTPException(status_code=400, detail="Username already exists")
+    
+    salt = secrets.token_hex(8)
+    password_hash = hash_password(payload.password, salt)
+    
+    user = User(
+        username=payload.username,
+        email=payload.email,
+        password_hash=password_hash,
+        salt=salt,
+        role=payload.role,
+        project_id=payload.project_id
+    )
+    db.add(user)
+    db.commit()
+    db.refresh(user)
+
+    # Try to send invite email
+    try:
+        if user.email:
+            from agentgear.server.app.models import SMTPSettings
+            from agentgear.server.app.utils.email import send_email
+            
+            # Fetch SMTP settings for this project (or globally if null project_id?)
+            # User might be created for specific project.
+            # If project_id is None (admin), we might look for a 'default' project or just skip?
+            # Or look for *any* SMTP config?
+            # Let's try to lookup by project_id first.
+            smtp = None
+            if payload.project_id:
+                smtp = db.query(SMTPSettings).filter(SMTPSettings.project_id == payload.project_id).first()
+            
+            # Fallback: Find *any* enabled SMTP config (e.g. from admin project) if not found?
+            if not smtp:
+                smtp = db.query(SMTPSettings).filter(SMTPSettings.enabled == True).first()
+            
+            if smtp and smtp.enabled:
+                subject = "Welcome to AgentGear"
+                html = f"""
+                <p>Hello {user.username},</p>
+                <p>You have been invited to AgentGear.</p>
+                <p><strong>Username:</strong> {user.username}</p>
+                <p><strong>Password:</strong> {payload.password}</p>
+                <p><a href="{request.base_url}">Login here</a></p>
+                """
+                send_email(smtp, [user.email], subject, html)
+    except Exception as e:
+        # Log but don't fail the request
+        import logging
+        logging.error(f"Failed to send invite email: {e}")
+
+    return user
+
+
+@router.delete("/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
+def delete_user(user_id: str, request: Request, db: Session = Depends(get_db)):
+    # RBAC: Only admin
+    if not hasattr(request.state, "role") or request.state.role != "admin":
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Admin access required")
+
+    user = db.query(User).filter(User.id == user_id).first()
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    
+    db.delete(user)
+    db.commit()
+
+
+@router.put("/{user_id}/password", status_code=status.HTTP_204_NO_CONTENT)
+def change_password(user_id: str, payload: schemas.UserPasswordReset, request: Request, db: Session = Depends(get_db)):
+    # RBAC: Only admin (implied by requirement "allow admin to... change password")
+    if not hasattr(request.state, "role") or request.state.role != "admin":
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Admin access required")
+
+    user = db.query(User).filter(User.id == user_id).first()
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    salt = secrets.token_hex(8)
+    password_hash = hash_password(payload.password, salt)
+    user.password_hash = password_hash
+    user.salt = salt
+    
+    db.add(user)
+    db.commit()

agentgear/server/app/auth.py

@@ -0,0 +1,80 @@
+import hashlib
+import secrets
+from datetime import datetime
+from typing import Optional
+
+from fastapi import HTTPException, Request, status
+from fastapi.responses import JSONResponse
+from starlette.middleware.base import BaseHTTPMiddleware
+
+from agentgear.server.app.config import get_settings
+from agentgear.server.app.db import SessionLocal
+from agentgear.server.app.models import APIKey, Project
+
+HEADER_NAME = "X-AgentGear-Key"
+
+
+def hash_token(token: str) -> str:
+    return hashlib.sha256(token.encode("utf-8")).hexdigest()
+
+
+def hash_password(password: str, salt: str) -> str:
+    return hashlib.sha256(f"{salt}:{password}".encode("utf-8")).hexdigest()
+
+
+def generate_token() -> tuple[str, str]:
+    raw = secrets.token_urlsafe(32)
+    return raw, hash_token(raw)
+
+
+class TokenAuthMiddleware(BaseHTTPMiddleware):
+    def __init__(self, app):
+        super().__init__(app)
+        self.settings = get_settings()
+
+    async def dispatch(self, request: Request, call_next):
+        path = request.url.path
+        # Allow unauthenticated access for non-API routes and auth endpoints
+        if not path.startswith("/api") or path.startswith("/api/auth") or path.startswith("/api/seed"):
+            response = await call_next(request)
+            return response
+        if self.settings.local_mode:
+            response = await call_next(request)
+            return response
+
+        token_value = request.headers.get(HEADER_NAME)
+        request.state.project_id = None
+        request.state.token_scopes = []
+
+        if not token_value:
+            if self.settings.local_mode:
+                response = await call_next(request)
+                return response
+            return JSONResponse(status_code=status.HTTP_401_UNAUTHORIZED, content={"detail": "Missing API key"})
+
+        token_hash = hash_token(token_value)
+        db = SessionLocal()
+        try:
+            api_key: Optional[APIKey] = db.query(APIKey).filter(APIKey.key_hash == token_hash).first()
+            if not api_key or api_key.revoked:
+                return JSONResponse(status_code=status.HTTP_401_UNAUTHORIZED, content={"detail": "Invalid API key"})
+
+            project: Optional[Project] = (
+                db.query(Project).filter(Project.id == api_key.project_id).first()
+                if api_key
+                else None
+            )
+            if not project:
+                return JSONResponse(status_code=status.HTTP_401_UNAUTHORIZED, content={"detail": "Project not found"})
+
+            api_key.last_used_at = datetime.utcnow()
+            db.add(api_key)
+            db.commit()
+            request.state.project_id = project.id
+            request.state.token_scopes = api_key.scopes or []
+            request.state.role = api_key.role or "user"
+        finally:
+            db.close()
+
+        response = await call_next(request)
+        return response

agentgear/server/app/config.py

@@ -0,0 +1,26 @@
+from functools import lru_cache
+from pydantic import BaseModel
+from pydantic_settings import BaseSettings, SettingsConfigDict
+
+
+class Settings(BaseSettings):
+    model_config = SettingsConfigDict(env_prefix="AGENTGEAR_", env_file=".env", env_file_encoding="utf-8")
+
+    database_url: str = "sqlite:///~/.agentgear/agentgear.db"
+    api_host: str = "0.0.0.0"
+    api_port: int = 8000
+    secret_key: str = "agentgear-dev-secret"
+    allow_origins: list[str] = ["*"]
+    local_mode: bool = False
+    admin_username: str | None = None
+    admin_password: str | None = None
+
+
+class VersionInfo(BaseModel):
+    version: str = "0.1.9"
+    name: str = "AgentGear"
+
+
+@lru_cache
+def get_settings() -> Settings:
+    return Settings()

agentgear/server/app/db.py

@@ -0,0 +1,41 @@
+import os
+from pathlib import Path
+
+from sqlalchemy import create_engine
+from sqlalchemy.orm import sessionmaker, declarative_base
+
+from agentgear.server.app.config import get_settings
+
+settings = get_settings()
+
+def _normalize_sqlite_url(url: str) -> str:
+    if not url.startswith("sqlite"):
+        return url
+    prefix = "sqlite:///"
+    path = url[len(prefix) :] if url.startswith(prefix) else url.removeprefix("sqlite:")
+    path = os.path.expanduser(path)
+    p = Path(path)
+    if not p.is_absolute():
+        p = Path.cwd() / p
+    p.parent.mkdir(parents=True, exist_ok=True)
+    return f"sqlite:///{p}"
+
+
+db_url = _normalize_sqlite_url(settings.database_url)
+
+engine = create_engine(
+    db_url,
+    connect_args={"check_same_thread": False} if db_url.startswith("sqlite") else {},
+)
+
+SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
+
+Base = declarative_base()
+
+
+def get_db():
+    db = SessionLocal()
+    try:
+        yield db
+    finally:
+        db.close()

agentgear/server/app/deps.py

@@ -0,0 +1,46 @@
+from typing import Callable, Iterable, Optional
+
+from fastapi import Depends, HTTPException, Request, status
+from sqlalchemy.orm import Session
+
+from agentgear.server.app.config import get_settings
+from agentgear.server.app.db import get_db
+from agentgear.server.app.models import Project
+
+
+def require_project(
+    request: Request, db: Session = Depends(get_db), project_id: Optional[str] = None
+) -> Project:
+    settings = get_settings()
+    state_project_id = getattr(request.state, "project_id", None)
+    if state_project_id:
+        project = db.query(Project).filter(Project.id == state_project_id).first()
+        if not project:
+            raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Project not found")
+        if project_id and project.id != project_id:
+            raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Project mismatch")
+        return project
+
+    if settings.local_mode:
+        if not project_id:
+            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Project required")
+        project = db.query(Project).filter(Project.id == project_id).first()
+        if not project:
+            raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Project not found")
+        return project
+
+    raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Unauthorized")
+
+
+def require_scopes(required: Iterable[str]) -> Callable:
+    required_set = set(required)
+
+    def dependency(request: Request):
+        settings = get_settings()
+        if settings.local_mode:
+            return
+        token_scopes = set(getattr(request.state, "token_scopes", []) or [])
+        if not required_set.issubset(token_scopes):
+            raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Insufficient scope")
+
+    return dependency

agentgear/server/app/main.py

@@ -0,0 +1,77 @@
+from pathlib import Path
+
+from fastapi import FastAPI, HTTPException
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.responses import FileResponse
+from fastapi.staticfiles import StaticFiles
+
+from agentgear.server.app.api import auth, metrics, projects, prompts, runs, spans, tokens, users, llm_models, seed, settings as settings_api, datasets, evaluations, evaluators
+from agentgear.server.app.auth import TokenAuthMiddleware
+from agentgear.server.app.config import VersionInfo, get_settings
+from agentgear.server.app.db import Base, engine
+from agentgear.server.app.migrations import apply_migrations
+
+
+def create_app() -> FastAPI:
+    settings = get_settings()
+    Base.metadata.create_all(bind=engine)
+    apply_migrations(engine)
+
+    app = FastAPI(title="AgentGear", version=VersionInfo().version)
+    app.add_middleware(TokenAuthMiddleware)
+    app.add_middleware(
+        CORSMiddleware,
+        allow_origins=settings.allow_origins,
+        allow_credentials=True,
+        allow_methods=["*"],
+        allow_headers=["*"],
+    )
+
+    app.include_router(projects.router)
+    app.include_router(tokens.router)
+    app.include_router(prompts.router)
+    app.include_router(runs.router)
+    app.include_router(spans.router)
+    app.include_router(metrics.router)
+    app.include_router(auth.router)
+    app.include_router(users.router)
+    app.include_router(llm_models.router)
+    app.include_router(settings_api.router)
+    app.include_router(seed.router)
+    app.include_router(datasets.router)
+    app.include_router(evaluations.router)
+    app.include_router(evaluators.router)
+
+    @app.get("/api/health")
+    def health():
+        return {"status": "ok", "version": VersionInfo().version}
+
+    # Serve bundled React build (emitted to agentgear/server/static)
+    static_dir = Path(__file__).parent.parent / "static"
+    assets_dir = static_dir / "assets"
+    if assets_dir.exists():
+        app.mount("/assets", StaticFiles(directory=assets_dir), name="assets")
+
+    @app.get("/", include_in_schema=False)
+    def serve_index():
+        index_path = static_dir / "index.html"
+        if index_path.exists():
+            return FileResponse(index_path)
+        raise HTTPException(status_code=404, detail="Dashboard not built")
+
+    @app.get("/{full_path:path}", include_in_schema=False)
+    def spa_routes(full_path: str):
+        if full_path.startswith(("api", "docs", "openapi.json", "redoc")):
+            raise HTTPException(status_code=404, detail="Not found")
+        candidate = static_dir / full_path
+        if candidate.exists() and candidate.is_file():
+            return FileResponse(candidate)
+        index_path = static_dir / "index.html"
+        if index_path.exists():
+            return FileResponse(index_path)
+        raise HTTPException(status_code=404, detail="Dashboard not built")
+
+    return app
+
+
+app = create_app()

agentgear/server/app/migrations.py

@@ -0,0 +1,88 @@
+"""
+Lightweight, in-process schema migrations for SQLite.
+
+This keeps existing local SQLite databases compatible with newer models
+without requiring Alembic at runtime. Only additive, backward-compatible
+changes are performed here.
+"""
+
+from __future__ import annotations
+
+import logging
+from typing import Dict, Set
+
+from sqlalchemy import Engine, text
+
+logger = logging.getLogger(__name__)
+
+
+def _add_column_if_missing(conn, table: str, column: str, ddl: str, cache: Dict[str, Set[str]]):
+    cols = cache.get(table)
+    if cols is None:
+        rows = conn.execute(text(f'PRAGMA table_info("{table}")')).fetchall()
+        cols = {row[1] for row in rows}  # row[1] = column name
+        cache[table] = cols
+    if column in cols:
+        return
+    logger.info("Adding missing column %s.%s", table, column)
+    conn.execute(text(f'ALTER TABLE "{table}" ADD COLUMN \"{column}\" {ddl}'))
+    cols.add(column)
+
+
+def _create_index_if_missing(conn, name: str, table: str, column: str):
+    conn.execute(text(f'CREATE INDEX IF NOT EXISTS "{name}" ON "{table}" ("{column}")'))
+
+
+def apply_migrations(engine: Engine) -> None:
+    """Apply minimal forward-only migrations for SQLite databases."""
+    if not engine.url.drivername.startswith("sqlite"):
+        return
+
+    with engine.begin() as conn:
+        cache: Dict[str, Set[str]] = {}
+
+        # Runs: backfill trace + telemetry fields added after initial releases.
+        _add_column_if_missing(conn, "runs", "trace_id", "VARCHAR", cache)
+        _add_column_if_missing(conn, "runs", "status", "VARCHAR", cache)
+        _add_column_if_missing(conn, "runs", "model", "VARCHAR", cache)
+        _add_column_if_missing(conn, "runs", "request_payload", "JSON", cache)
+        _add_column_if_missing(conn, "runs", "response_payload", "JSON", cache)
+        _add_column_if_missing(conn, "runs", "error_stack", "TEXT", cache)
+        _add_column_if_missing(conn, "runs", "tags", "JSON", cache)
+        _create_index_if_missing(conn, "ix_runs_trace_id", "runs", "trace_id")
+
+        # Spans: backfill trace linkage + telemetry fields.
+        _add_column_if_missing(conn, "spans", "trace_id", "VARCHAR", cache)
+        _add_column_if_missing(conn, "spans", "status", "VARCHAR", cache)
+        _add_column_if_missing(conn, "spans", "model", "VARCHAR", cache)
+        _add_column_if_missing(conn, "spans", "request_payload", "JSON", cache)
+        _add_column_if_missing(conn, "spans", "response_payload", "JSON", cache)
+        _add_column_if_missing(conn, "spans", "token_input", "INTEGER", cache)
+        _add_column_if_missing(conn, "spans", "token_output", "INTEGER", cache)
+        _add_column_if_missing(conn, "spans", "cost", "FLOAT", cache)
+        _add_column_if_missing(conn, "spans", "error", "TEXT", cache)
+        _add_column_if_missing(conn, "spans", "error_stack", "TEXT", cache)
+        _add_column_if_missing(conn, "spans", "tags", "JSON", cache)
+        _add_column_if_missing(conn, "spans", "tags", "JSON", cache)
+        _create_index_if_missing(conn, "ix_spans_trace_id", "spans", "trace_id")
+
+        # Prompts: add scope and tags
+        _add_column_if_missing(conn, "prompts", "scope", "VARCHAR", cache)
+        _add_column_if_missing(conn, "prompts", "tags", "JSON", cache)
+
+        # APIKeys: add role
+        _add_column_if_missing(conn, "api_keys", "role", "VARCHAR", cache)
+
+        # Evaluators
+        conn.execute(text("""
+            CREATE TABLE IF NOT EXISTS evaluators (
+                id VARCHAR PRIMARY KEY,
+                project_id VARCHAR NOT NULL,
+                name VARCHAR NOT NULL,
+                prompt_template TEXT NOT NULL,
+                model VARCHAR NOT NULL,
+                config JSON,
+                created_at DATETIME DEFAULT (datetime('now', 'localtime')) NOT NULL,
+                FOREIGN KEY(project_id) REFERENCES projects(id)
+            )
+        """))