agentstack-cli 0.4.1rc1__tar.gz → 0.4.2__tar.gz

{agentstack_cli-0.4.1rc1 → agentstack_cli-0.4.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: agentstack-cli
-Version: 0.4.1rc1
+Version: 0.4.2
 Summary: Agent Stack CLI
 Author: IBM Corp.
 Requires-Dist: anyio~=4.10.0

{agentstack_cli-0.4.1rc1 → agentstack_cli-0.4.2}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "agentstack-cli"
-version = "0.4.1-rc1"
+version = "0.4.2"
 description = "Agent Stack CLI"
 readme = "README.md"
 authors = [{ name = "IBM Corp." }]

agentstack_cli-0.4.2/src/agentstack_cli/__init__.py

@@ -0,0 +1,119 @@
+# Copyright 2025 © BeeAI a Series of LF Projects, LLC
+# SPDX-License-Identifier: Apache-2.0
+
+import logging
+import typing
+from copy import deepcopy
+
+import typer
+
+import agentstack_cli.commands.agent
+import agentstack_cli.commands.build
+import agentstack_cli.commands.mcp
+import agentstack_cli.commands.model
+import agentstack_cli.commands.platform
+import agentstack_cli.commands.self
+import agentstack_cli.commands.server
+from agentstack_cli.async_typer import AliasGroup, AsyncTyper
+from agentstack_cli.configuration import Configuration
+
+logging.basicConfig(level=logging.INFO if Configuration().debug else logging.FATAL)
+logging.getLogger("httpx").setLevel(logging.WARNING)  # not sure why this is necessary
+
+
+class RootHelpGroup(AliasGroup):
+    def get_help(self, ctx):
+        return """\
+Usage: agentstack [OPTIONS] COMMAND [ARGS]...
+
+╭─ Getting Started ──────────────────────────────────────────────────────────╮
+│ ui       Launch the web interface                                          │
+│ list     View all available agents                                         │
+│ run      Run an agent interactively                                        │
+╰────────────────────────────────────────────────────────────────────────────╯
+
+╭─ Agent Management ─────────────────────────────────────────────────────────╮
+│ add                               Install an agent (Docker, GitHub)        │
+│ remove                            Uninstall an agent                       │
+│ update                            Update an agent                          │
+│ info                              Show agent details                       │
+│ logs                              Stream agent execution logs              │
+│ env                               Manage agent environment variables       │
+│ build                             Build an agent remotely                  │
+│ client-side-build                 Build an agent container image locally   │
+╰────────────────────────────────────────────────────────────────────────────╯
+
+╭─ Platform & Configuration ─────────────────────────────────────────────────╮
+│ model           Configure 15+ LLM providers                                │
+│ platform        Start, stop, or delete local platform                      │
+│ server          Connect to remote Agent Stack servers                      │
+│ self version    Show Agent Stack CLI and Platform version                  │
+│ self upgrade    Upgrade Agent Stack CLI and Platform                       │
+│ self uninstall  Uninstall Agent Stack CLI and Platform                     │
+╰────────────────────────────────────────────────────────────────────────────╯
+
+╭─ Options ──────────────────────────────────────────────────────────────────╮
+│ --help                Show this help message                               │
+│ --show-completion     Show tab completion script                           │
+│ --install-completion  Enable tab completion for commands                   │
+╰────────────────────────────────────────────────────────────────────────────╯
+"""
+
+
+app = AsyncTyper(no_args_is_help=True, cls=RootHelpGroup)
+app.add_typer(agentstack_cli.commands.model.app, name="model", no_args_is_help=True, help="Manage model providers.")
+app.add_typer(agentstack_cli.commands.agent.app, name="agent", no_args_is_help=True, help="Manage agents.")
+app.add_typer(
+    agentstack_cli.commands.platform.app, name="platform", no_args_is_help=True, help="Manage Agent Stack platform."
+)
+app.add_typer(
+    agentstack_cli.commands.mcp.app, name="mcp", no_args_is_help=True, help="Manage MCP servers and toolkits."
+)
+app.add_typer(agentstack_cli.commands.build.app, name="", no_args_is_help=True, help="Build agent images.")
+app.add_typer(
+    agentstack_cli.commands.server.app,
+    name="server",
+    no_args_is_help=True,
+    help="Manage Agent Stack servers and authentication.",
+)
+app.add_typer(
+    agentstack_cli.commands.self.app,
+    name="self",
+    no_args_is_help=True,
+    help="Manage Agent Stack installation.",
+    hidden=True,
+)
+
+
+agent_alias = deepcopy(agentstack_cli.commands.agent.app)
+for cmd in agent_alias.registered_commands:
+    cmd.rich_help_panel = "Agent commands"
+
+app.add_typer(agent_alias, name="", no_args_is_help=True)
+
+
+@app.command("version")
+async def version(
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
+):
+    """Print version of the Agent Stack CLI."""
+    import agentstack_cli.commands.self
+
+    await agentstack_cli.commands.self.version(verbose=verbose)
+
+
+@app.command("ui")
+async def ui():
+    """Launch the graphical interface."""
+    import webbrowser
+
+    import agentstack_cli.commands.model
+
+    await agentstack_cli.commands.model.ensure_llm_provider()
+    webbrowser.open(
+        "http://localhost:8334"
+    )  # TODO: This always opens the local UI, how to open the UI of a logged in server instead?
+
+
+if __name__ == "__main__":
+    app()

{agentstack_cli-0.4.1rc1 → agentstack_cli-0.4.2}/src/agentstack_cli/api.py

@@ -1,17 +1,18 @@
 # Copyright 2025 © BeeAI a Series of LF Projects, LLC
 # SPDX-License-Identifier: Apache-2.0
-
+import json
 import re
 import urllib
 import urllib.parse
 from collections.abc import AsyncIterator
 from contextlib import asynccontextmanager
 from datetime import timedelta
+from textwrap import indent
 from typing import Any
 
 import httpx
 import openai
-from a2a.client import Client, ClientConfig, ClientFactory
+from a2a.client import A2AClientHTTPError, Client, ClientConfig, ClientFactory
 from a2a.types import AgentCard
 from httpx import HTTPStatusError
 from httpx._types import RequestFiles
@@ -43,7 +44,7 @@ async def api_request(
             timeout=60,
             headers=(
                 {"Authorization": f"Bearer {token}"}
-                if use_auth and (token := config.auth_manager.load_auth_token())
+                if use_auth and (token := await config.auth_manager.load_auth_token())
                 else {}
             ),
         )
@@ -82,7 +83,7 @@ async def api_stream(
             timeout=timedelta(hours=1).total_seconds(),
             headers=(
                 {"Authorization": f"Bearer {token}"}
-                if use_auth and (token := config.auth_manager.load_auth_token())
+                if use_auth and (token := await config.auth_manager.load_auth_token())
                 else {}
             ),
         ) as response,
@@ -103,16 +104,29 @@ async def api_stream(
 
 @asynccontextmanager
 async def a2a_client(agent_card: AgentCard, use_auth: bool = True) -> AsyncIterator[Client]:
-    async with httpx.AsyncClient(
-        headers=(
-            {"Authorization": f"Bearer {token}"}
-            if use_auth and (token := config.auth_manager.load_auth_token())
-            else {}
-        ),
-        follow_redirects=True,
-        timeout=timedelta(hours=1).total_seconds(),
-    ) as httpx_client:
-        yield ClientFactory(ClientConfig(httpx_client=httpx_client, use_client_preference=True)).create(card=agent_card)
+    try:
+        async with httpx.AsyncClient(
+            headers=(
+                {"Authorization": f"Bearer {token}"}
+                if use_auth and (token := await config.auth_manager.load_auth_token())
+                else {}
+            ),
+            follow_redirects=True,
+            timeout=timedelta(hours=1).total_seconds(),
+        ) as httpx_client:
+            yield ClientFactory(ClientConfig(httpx_client=httpx_client, use_client_preference=True)).create(
+                card=agent_card
+            )
+    except A2AClientHTTPError as ex:
+        card_data = json.dumps(
+            agent_card.model_dump(include={"url", "additional_interfaces", "preferred_transport"}), indent=2
+        )
+        raise RuntimeError(
+            f"The agent is not reachable, please check that the agent card is configured properly.\n"
+            f"Agent connection info:\n{indent(card_data, prefix='  ')}\n"
+            "Full Error:\n"
+            f"{indent(str(ex), prefix='  ')}"
+        ) from ex
 
 
 @asynccontextmanager

{agentstack_cli-0.4.1rc1 → agentstack_cli-0.4.2}/src/agentstack_cli/async_typer.py

@@ -67,7 +67,8 @@ class AliasGroup(TyperGroup):
 
 class AsyncTyper(typer.Typer):
     def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs, cls=AliasGroup)
+        kwargs["cls"] = kwargs.get("cls", AliasGroup)
+        super().__init__(*args, **kwargs)
 
     def command(self, *args, **kwargs):
         parent_decorator = super().command(*args, **kwargs)

agentstack_cli-0.4.2/src/agentstack_cli/auth_manager.py

@@ -0,0 +1,241 @@
+# Copyright 2025 © BeeAI a Series of LF Projects, LLC
+# SPDX-License-Identifier: Apache-2.0
+import pathlib
+import time
+import typing
+from collections import defaultdict
+from typing import Any
+
+import httpx
+from pydantic import BaseModel, Field
+
+
+class AuthToken(BaseModel):
+    access_token: str
+    token_type: str = "Bearer"
+    expires_in: int | None = None
+    expires_at: int | None = None
+    refresh_token: str | None = None
+    scope: str | None = None
+
+
+class AuthServer(BaseModel):
+    client_id: str = "df82a687-d647-4247-838b-7080d7d83f6c"  # Backwards compatibility default
+    client_secret: str | None = None
+    token: AuthToken | None = None
+    registration_token: str | None = None
+
+
+class Server(BaseModel):
+    authorization_servers: dict[str, AuthServer] = Field(default_factory=dict)
+
+
+class Auth(BaseModel):
+    version: typing.Literal[1] = 1
+    servers: defaultdict[str, typing.Annotated[Server, Field(default_factory=Server)]] = Field(
+        default_factory=lambda: defaultdict(Server)
+    )
+    active_server: str | None = None
+    active_auth_server: str | None = None
+
+
+@typing.final
+class AuthManager:
+    def __init__(self, config_path: pathlib.Path):
+        self._auth_path = config_path
+        self._auth = self._load()
+
+    def _load(self) -> Auth:
+        if not self._auth_path.exists():
+            return Auth()
+        return Auth.model_validate_json(self._auth_path.read_bytes())
+
+    def _save(self) -> None:
+        self._auth_path.write_text(self._auth.model_dump_json(indent=2))
+
+    def save_auth_token(
+        self,
+        server: str,
+        auth_server: str | None = None,
+        client_id: str | None = None,
+        client_secret: str | None = None,
+        token: dict[str, Any] | None = None,
+        registration_token: str | None = None,
+    ) -> None:
+        if auth_server is not None and client_id is not None and token is not None:
+            if token["access_token"]:
+                usetimestamp = int(time.time()) + int(token["expires_in"])
+                token["expires_at"] = usetimestamp
+            self._auth.servers[server].authorization_servers[auth_server] = AuthServer(
+                client_id=client_id,
+                client_secret=client_secret,
+                token=AuthToken(**token),
+                registration_token=registration_token,
+            )
+        else:
+            self._auth.servers[server]  # touch
+        self._save()
+
+    async def exchange_refresh_token(self, auth_server: str, token: AuthToken) -> dict[str, Any] | None:
+        """
+        This method exchanges a refresh token for a new access token.
+        """
+        async with httpx.AsyncClient(headers={"Accept": "application/json"}) as client:
+            resp = None
+            try:
+                resp = await client.get(f"{auth_server}/.well-known/openid-configuration")
+                resp.raise_for_status()
+                oidc = resp.json()
+            except Exception as e:
+                if resp:
+                    error_details = resp.json()
+                    print(f"error: {error_details['error']} error description: {error_details['error_description']}")
+                raise RuntimeError(f"OIDC discovery failed: {e}") from e
+
+            token_endpoint = oidc["token_endpoint"]
+            try:
+                client_id = (
+                    self._auth.servers[self._auth.active_server or ""].authorization_servers[auth_server].client_id
+                )
+                client_secret = (
+                    self._auth.servers[self._auth.active_server or ""].authorization_servers[auth_server].client_secret
+                )
+                resp = await client.post(
+                    f"{token_endpoint}",
+                    data={
+                        "grant_type": "refresh_token",
+                        "refresh_token": token.refresh_token,
+                        "scope": token.scope,
+                        "client_id": client_id,
+                        "client_secret": client_secret,
+                    },
+                )
+                resp.raise_for_status()
+                new_token = resp.json()
+            except Exception as e:
+                if resp:
+                    error_details = resp.json()
+                    print(f"error: {error_details['error']} error description: {error_details['error_description']}")
+                raise RuntimeError(f"Failed to refresh token: {e}") from e
+            self.save_auth_token(
+                self._auth.active_server or "",
+                self._auth.active_auth_server or "",
+                self._auth.servers[self._auth.active_server or ""].authorization_servers[auth_server].client_id or "",
+                self._auth.servers[self._auth.active_server or ""].authorization_servers[auth_server].client_secret
+                or "",
+                token=new_token,
+            )
+            return new_token
+
+    async def load_auth_token(self) -> str | None:
+        active_res = self._auth.active_server
+        active_auth_server = self._auth.active_auth_server
+        if not active_res or not active_auth_server:
+            return None
+        server = self._auth.servers.get(active_res)
+        if not server:
+            return None
+
+        auth_server = server.authorization_servers.get(active_auth_server)
+        if not auth_server or not auth_server.token:
+            return None
+
+        if (auth_server.token.expires_at or 0) - 60 < time.time():
+            new_token = await self.exchange_refresh_token(active_auth_server, auth_server.token)
+            if new_token:
+                return new_token["access_token"]
+            return None
+
+        return auth_server.token.access_token
+
+    async def deregister_client(self, auth_server, client_id, registration_token) -> None:
+        async with httpx.AsyncClient(headers={"Accept": "application/json"}) as client:
+            resp = None
+            try:
+                resp = await client.get(f"{auth_server}/.well-known/openid-configuration")
+                resp.raise_for_status()
+                oidc = resp.json()
+                registration_endpoint = oidc["registration_endpoint"]
+            except Exception as e:
+                if resp:
+                    error_details = resp.json()
+                    print(f"error: {error_details['error']} error description: {error_details['error_description']}")
+                raise RuntimeError(f"OIDC discovery failed: {e}") from e
+
+            try:
+                if client_id is not None and client_id != "" and registration_token is not None:
+                    headers = {"authorization": f"bearer {registration_token}"}
+                    resp = await client.delete(f"{registration_endpoint}/{client_id}", headers=headers)
+                    resp.raise_for_status()
+
+            except Exception as e:
+                if resp:
+                    error_details = resp.json()
+                    print(f"error: {error_details['error']} error description: {error_details['error_description']}")
+                raise RuntimeError(f"Dynamic client de-registration failed. {e}") from e
+
+    async def clear_auth_token(self, all: bool = False) -> None:
+        if all:
+            for server in self._auth.servers:
+                for auth_server in self._auth.servers[server].authorization_servers:
+                    await self.deregister_client(
+                        auth_server,
+                        self._auth.servers[server].authorization_servers[auth_server].client_id,
+                        self._auth.servers[server].authorization_servers[auth_server].registration_token,
+                    )
+
+            self._auth.servers = defaultdict(Server)
+        else:
+            if self._auth.active_server and self._auth.active_auth_server:
+                if (
+                    self._auth.servers[self._auth.active_server]
+                    .authorization_servers[self._auth.active_auth_server]
+                    .client_id
+                ):
+                    await self.deregister_client(
+                        self._auth.active_auth_server,
+                        self._auth.servers[self._auth.active_server]
+                        .authorization_servers[self._auth.active_auth_server]
+                        .client_id,
+                        self._auth.servers[self._auth.active_server]
+                        .authorization_servers[self._auth.active_auth_server]
+                        .registration_token,
+                    )
+                del self._auth.servers[self._auth.active_server].authorization_servers[self._auth.active_auth_server]
+            if self._auth.active_server and not self._auth.servers[self._auth.active_server].authorization_servers:
+                del self._auth.servers[self._auth.active_server]
+        self._auth.active_server = None
+        self._auth.active_auth_server = None
+        self._save()
+
+    def get_server(self, server: str) -> Server | None:
+        return self._auth.servers.get(server)
+
+    @property
+    def servers(self) -> list[str]:
+        return list(self._auth.servers.keys())
+
+    @property
+    def active_server(self) -> str | None:
+        return self._auth.active_server
+
+    @active_server.setter
+    def active_server(self, server: str | None) -> None:
+        if server is not None and server not in self._auth.servers:
+            raise ValueError(f"Server {server} not found")
+        self._auth.active_server = server
+        self._save()
+
+    @property
+    def active_auth_server(self) -> str | None:
+        return self._auth.active_auth_server
+
+    @active_auth_server.setter
+    def active_auth_server(self, auth_server: str | None) -> None:
+        if auth_server is not None and (
+            self._auth.active_server not in self._auth.servers
+            or auth_server not in self._auth.servers[self._auth.active_server].authorization_servers
+        ):
+            raise ValueError(f"Auth server {auth_server} not found in active server")
+        self._auth.active_auth_server = auth_server
+        self._save()