agentstack-cli 0.6.0rc1__py3-none-manylinux_2_34_aarch64.whl

agentstack_cli/__init__.py

@@ -0,0 +1,164 @@
+# Copyright 2025 © BeeAI a Series of LF Projects, LLC
+# SPDX-License-Identifier: Apache-2.0
+
+import logging
+import re
+import typing
+from copy import deepcopy
+
+import typer
+
+import agentstack_cli.commands.agent
+import agentstack_cli.commands.build
+import agentstack_cli.commands.connector
+import agentstack_cli.commands.model
+import agentstack_cli.commands.platform
+import agentstack_cli.commands.self
+import agentstack_cli.commands.server
+
+# import agentstack_cli.commands.user
+from agentstack_cli.async_typer import AsyncTyper
+from agentstack_cli.configuration import Configuration
+
+logging.basicConfig(level=logging.INFO if Configuration().debug else logging.FATAL)
+logging.getLogger("httpx").setLevel(logging.WARNING)  # not sure why this is necessary
+
+
+HELP_TEXT = """\
+Usage: agentstack [OPTIONS] COMMAND [ARGS]...
+
+╭─ Getting Started ──────────────────────────────────────────────────────────╮
+│ ui       Launch the web interface                                          │
+│ list     View all available agents                                         │
+│ info     Show agent details                                                │
+│ run      Run an agent interactively                                        │
+╰────────────────────────────────────────────────────────────────────────────╯
+
+╭─ Agent Management [Admin only] ────────────────────────────────────────────╮
+│ add                               Install an agent (Docker, GitHub)        │
+│ remove                            Uninstall an agent                       │
+│ update                            Update an agent                          │
+│ logs                              Stream agent execution logs              │
+│ env                               Manage agent environment variables       │
+│ build                             Build an agent remotely                  │
+│ client-side-build                 Build an agent container image locally   │
+╰────────────────────────────────────────────────────────────────────────────╯
+
+╭─ Platform & Configuration ─────────────────────────────────────────────────╮
+| connector       Manage connectors to external services                     │
+│ model           Configure 15+ LLM providers [Admin only]                   │
+│ platform        Start, stop, or delete local platform [Local only]         │
+│ server          Connect to remote Agent Stack servers                      │
+│ user            Manage users and roles [Admin only]                        │
+│ self version    Show Agent Stack CLI and Platform version                  │
+│ self upgrade    Upgrade Agent Stack CLI and Platform [Local only]          │
+│ self uninstall  Uninstall Agent Stack CLI and Platform [Local only]        │
+╰────────────────────────────────────────────────────────────────────────────╯
+
+╭─ Options ──────────────────────────────────────────────────────────────────╮
+│ --help                Show this help message                               │
+│ --show-completion     Show tab completion script                           │
+│ --install-completion  Enable tab completion for commands                   │
+╰────────────────────────────────────────────────────────────────────────────╯
+"""
+
+
+app = AsyncTyper()
+
+
+@app.callback(invoke_without_command=True)
+def main(
+    ctx: typer.Context,
+    help: bool = typer.Option(False, "--help", help="Show this message and exit."),
+):
+    if help or ctx.invoked_subcommand is None:
+        typer.echo(HELP_TEXT)
+        raise typer.Exit()
+
+
+app.add_typer(
+    agentstack_cli.commands.model.app, name="model", no_args_is_help=True, help="Manage model providers. [Admin only]"
+)
+app.add_typer(
+    agentstack_cli.commands.agent.app,
+    name="agent",
+    no_args_is_help=True,
+    help="Manage agents. Some commands are [Admin only].",
+)
+app.add_typer(
+    agentstack_cli.commands.connector.app,
+    name="connector",
+    no_args_is_help=True,
+    help="Manage connectors to external services.",
+)
+app.add_typer(
+    agentstack_cli.commands.platform.app,
+    name="platform",
+    no_args_is_help=True,
+    help="Manage Agent Stack platform. [Local only]",
+)
+app.add_typer(agentstack_cli.commands.build.app, name="", no_args_is_help=True, help="Build agent images.")
+app.add_typer(
+    agentstack_cli.commands.server.app,
+    name="server",
+    no_args_is_help=True,
+    help="Manage Agent Stack servers and authentication.",
+)
+app.add_typer(
+    agentstack_cli.commands.self.app,
+    name="self",
+    no_args_is_help=True,
+    help="Manage Agent Stack installation.",
+    hidden=True,
+)
+# TODO: Implement keycloak integration
+# app.add_typer(
+#     agentstack_cli.commands.user.app,
+#     name="user",
+#     no_args_is_help=True,
+#     help="Manage users. [Admin only]",
+# )
+
+
+agent_alias = deepcopy(agentstack_cli.commands.agent.app)
+for cmd in agent_alias.registered_commands:
+    cmd.rich_help_panel = "Agent commands"
+
+app.add_typer(agent_alias, name="", no_args_is_help=True)
+
+
+@app.command("version")
+async def version(
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
+):
+    """Print version of the Agent Stack CLI."""
+    import agentstack_cli.commands.self
+
+    await agentstack_cli.commands.self.version(verbose=verbose)
+
+
+@app.command("ui")
+async def ui():
+    """Launch the graphical interface."""
+    import webbrowser
+
+    import agentstack_cli.commands.model
+
+    await agentstack_cli.commands.model.ensure_llm_provider()
+
+    config = Configuration()
+    active_server = config.auth_manager.active_server
+
+    if active_server:
+        if re.search(r"(localhost|127\.0\.0\.1):8333", active_server):
+            ui_url = re.sub(r":8333", ":8334", active_server)
+        else:
+            ui_url = active_server
+    else:
+        ui_url = "http://localhost:8334"
+
+    webbrowser.open(ui_url)
+
+
+if __name__ == "__main__":
+    app()

agentstack_cli/api.py

@@ -0,0 +1,160 @@
+# Copyright 2025 © BeeAI a Series of LF Projects, LLC
+# SPDX-License-Identifier: Apache-2.0
+import json
+import logging
+import re
+import urllib
+import urllib.parse
+from collections.abc import AsyncIterator
+from contextlib import asynccontextmanager
+from datetime import timedelta
+from textwrap import indent
+from typing import Any
+
+import httpx
+import openai
+import pydantic
+from a2a.client import A2AClientHTTPError, Client, ClientConfig, ClientFactory
+from a2a.types import AgentCard
+from agentstack_sdk.platform.context import ContextToken
+from httpx import HTTPStatusError
+from httpx._types import RequestFiles
+
+from agentstack_cli import configuration
+from agentstack_cli.configuration import Configuration
+
+logger = logging.getLogger(__name__)
+
+config = Configuration()
+
+API_BASE_URL = "api/v1/"
+
+
+async def api_request(
+    method: str,
+    path: str,
+    json: dict | None = None,
+    files: RequestFiles | None = None,
+    params: dict[str, Any] | None = None,
+    use_auth: bool = True,
+) -> dict | None:
+    """Make an API request to the server."""
+    async with configuration.use_platform_client() as client:
+        response = await client.request(
+            method,
+            urllib.parse.urljoin(API_BASE_URL, path),
+            json=json,
+            files=files,
+            params=params,
+            timeout=60,
+            headers=(
+                {"Authorization": f"Bearer {token}"}
+                if use_auth and (token := await config.auth_manager.load_auth_token())
+                else {}
+            ),
+        )
+        if response.is_error:
+            error = ""
+            try:
+                error = response.json()
+                error = error.get("detail", str(error))
+            except Exception:
+                response.raise_for_status()
+            if response.status_code == 401:
+                message = f'{error}\nexport AGENTSTACK__ADMIN_PASSWORD="<PASSWORD>" to set the admin password.'
+                raise HTTPStatusError(message=message, request=response.request, response=response)
+            raise HTTPStatusError(message=error, request=response.request, response=response)
+        if response.content:
+            return response.json()
+
+
+async def api_stream(
+    method: str,
+    path: str,
+    json: dict | None = None,
+    params: dict[str, Any] | None = None,
+    use_auth: bool = True,
+) -> AsyncIterator[dict[str, Any]]:
+    """Make a streaming API request to the server."""
+    import json as jsonlib
+
+    async with (
+        configuration.use_platform_client() as client,
+        client.stream(
+            method,
+            urllib.parse.urljoin(API_BASE_URL, path),
+            json=json,
+            params=params,
+            timeout=timedelta(hours=1).total_seconds(),
+            headers=(
+                {"Authorization": f"Bearer {token}"}
+                if use_auth and (token := await config.auth_manager.load_auth_token())
+                else {}
+            ),
+        ) as response,
+    ):
+        response: httpx.Response
+        if response.is_error:
+            error = ""
+            try:
+                [error] = [jsonlib.loads(message) async for message in response.aiter_text()]
+                error = error.get("detail", str(error))
+            except Exception:
+                response.raise_for_status()
+            raise HTTPStatusError(message=error, request=response.request, response=response)
+        async for line in response.aiter_lines():
+            if line:
+                yield jsonlib.loads(re.sub("^data:", "", line).strip())
+
+
+async def fetch_server_version() -> str | None:
+    """Fetch server version from OpenAPI schema."""
+
+    class OpenAPIInfo(pydantic.BaseModel):
+        version: str
+
+    class OpenAPISchema(pydantic.BaseModel):
+        info: OpenAPIInfo
+
+    try:
+        response = await api_request("GET", "openapi.json", use_auth=False)
+        if not response:
+            return None
+        schema = OpenAPISchema.model_validate(response)
+        return schema.info.version
+    except Exception as e:
+        logger.warning("Failed to fetch server version: %s", e)
+        return None
+
+
+@asynccontextmanager
+async def a2a_client(agent_card: AgentCard, context_token: ContextToken) -> AsyncIterator[Client]:
+    try:
+        async with httpx.AsyncClient(
+            headers={"Authorization": f"Bearer {context_token.token.get_secret_value()}"},
+            follow_redirects=True,
+            timeout=timedelta(hours=1).total_seconds(),
+        ) as httpx_client:
+            yield ClientFactory(ClientConfig(httpx_client=httpx_client, use_client_preference=True)).create(
+                card=agent_card
+            )
+    except A2AClientHTTPError as ex:
+        card_data = json.dumps(
+            agent_card.model_dump(include={"url", "additional_interfaces", "preferred_transport"}), indent=2
+        )
+        raise RuntimeError(
+            f"The agent is not reachable, please check that the agent card is configured properly.\n"
+            f"Agent connection info:\n{indent(card_data, prefix='  ')}\n"
+            "Full Error:\n"
+            f"{indent(str(ex), prefix='  ')}"
+        ) from ex
+
+
+@asynccontextmanager
+async def openai_client() -> AsyncIterator[openai.AsyncOpenAI]:
+    async with Configuration().use_platform_client() as platform_client:
+        yield openai.AsyncOpenAI(
+            api_key=platform_client.headers.get("Authorization", "").removeprefix("Bearer ") or "dummy",
+            base_url=urllib.parse.urljoin(str(platform_client.base_url), urllib.parse.urljoin(API_BASE_URL, "openai")),
+            default_headers=platform_client.headers,
+        )

agentstack_cli/async_typer.py

@@ -0,0 +1,113 @@
+# Copyright 2025 © BeeAI a Series of LF Projects, LLC
+# SPDX-License-Identifier: Apache-2.0
+
+import asyncio
+import functools
+import inspect
+import re
+import sys
+from collections.abc import Iterator
+from contextlib import contextmanager
+
+import rich.text
+import typer
+from rich.console import RenderResult
+from rich.markdown import Heading, Markdown
+from rich.table import Table
+from typer.core import TyperGroup
+
+from agentstack_cli.configuration import Configuration
+from agentstack_cli.console import console, err_console
+from agentstack_cli.utils import extract_messages, format_error
+
+DEBUG = Configuration().debug
+
+
+class _LeftAlignedHeading(Heading):
+    def __rich_console__(self, *args, **kwargs) -> RenderResult:
+        for elem in super().__rich_console__(*args, **kwargs):
+            if isinstance(elem, rich.text.Text):
+                elem.justify = "left"
+            yield elem
+
+
+Markdown.elements["heading_open"] = _LeftAlignedHeading
+
+
+@contextmanager
+def create_table(*args, no_wrap: bool = True, **kwargs) -> Iterator[Table]:
+    table = Table(*args, **kwargs, box=None, pad_edge=False, width=console.width, show_header=True)
+    yield table
+    for column in table.columns:
+        column.no_wrap = no_wrap
+        column.overflow = "ellipsis"
+        assert isinstance(column.header, str)
+        column.header = column.header.upper()
+
+    if not table.rows:
+        table._render = lambda *args, **kwargs: [rich.text.Text("<No items found>", style="italic")]
+
+
+class AliasGroup(TyperGroup):
+    """Taken from https://github.com/fastapi/typer/issues/132#issuecomment-2417492805"""
+
+    _CMD_SPLIT_P = re.compile(r" ?[,|] ?")
+
+    def get_command(self, ctx, cmd_name):
+        cmd_name = self._group_cmd_name(cmd_name)
+        return super().get_command(ctx, cmd_name)
+
+    def _group_cmd_name(self, default_name):
+        for cmd in self.commands.values():
+            name = cmd.name
+            if name and default_name in self._CMD_SPLIT_P.split(name):
+                return name
+        return default_name
+
+
+class AsyncTyper(typer.Typer):
+    def __init__(self, *args, **kwargs):
+        kwargs["cls"] = kwargs.get("cls", AliasGroup)
+        super().__init__(*args, **kwargs)
+
+    def command(self, *args, **kwargs):
+        parent_decorator = super().command(*args, **kwargs)
+
+        def decorator(f):
+            @functools.wraps(f)
+            def wrapped_f(*args, **kwargs):
+                try:
+                    if inspect.iscoroutinefunction(f):
+                        return asyncio.run(f(*args, **kwargs))
+                    else:
+                        return f(*args, **kwargs)
+                except* Exception as ex:
+                    is_permission_error = False
+                    is_connect_error = False
+                    for exc_type, message in extract_messages(ex):
+                        err_console.print(format_error(exc_type, message))
+                        is_connect_error = is_connect_error or exc_type in ["ConnectionError", "ConnectError"]
+                        is_permission_error = is_permission_error or (
+                            exc_type == "HTTPStatusError" and "403" in message
+                        )
+                        err_console.print()
+                    if is_connect_error:
+                        err_console.hint(
+                            "Start the Agent Stack platform using: [green]agentstack platform start[/green]. If that does not help, run [green]agentstack platform delete[/green] to clean up, then [green]agentstack platform start[/green] again."
+                        )
+                    elif is_permission_error:
+                        err_console.hint(
+                            "This command requires higher permissions than your account currently has. Contact your administrator for assistance."
+                        )
+                    else:
+                        err_console.hint(
+                            "Are you having consistent problems? If so, try these troubleshooting steps: [green]agentstack platform delete[/green] to remove the platform, and [green]agentstack platform start[/green] to recreate it."
+                        )
+                    if DEBUG:
+                        raise
+                    sys.exit(1)
+
+            parent_decorator(wrapped_f)
+            return f
+
+        return decorator

agentstack_cli/auth_manager.py

@@ -0,0 +1,242 @@
+# Copyright 2025 © BeeAI a Series of LF Projects, LLC
+# SPDX-License-Identifier: Apache-2.0
+import pathlib
+import time
+import typing
+from collections import defaultdict
+from typing import Any
+
+import httpx
+from pydantic import BaseModel, Field
+
+
+class AuthToken(BaseModel):
+    access_token: str
+    token_type: str = "Bearer"
+    expires_in: int | None = None
+    expires_at: int | None = None
+    refresh_token: str | None = None
+    scope: str | None = None
+
+
+class AuthServer(BaseModel):
+    client_id: str = "df82a687-d647-4247-838b-7080d7d83f6c"  # Backwards compatibility default
+    client_secret: str | None = None
+    token: AuthToken | None = None
+    registration_token: str | None = None
+
+
+class Server(BaseModel):
+    authorization_servers: dict[str, AuthServer] = Field(default_factory=dict)
+
+
+class Auth(BaseModel):
+    version: typing.Literal[1] = 1
+    servers: defaultdict[str, typing.Annotated[Server, Field(default_factory=Server)]] = Field(
+        default_factory=lambda: defaultdict(Server)
+    )
+    active_server: str | None = None
+    active_auth_server: str | None = None
+
+
+@typing.final
+class AuthManager:
+    def __init__(self, config_path: pathlib.Path):
+        self._auth_path = config_path
+        self._auth = self._load()
+
+    def _load(self) -> Auth:
+        if not self._auth_path.exists():
+            return Auth()
+        return Auth.model_validate_json(self._auth_path.read_bytes())
+
+    def _save(self) -> None:
+        self._auth_path.write_text(self._auth.model_dump_json(indent=2))
+
+    def save_auth_token(
+        self,
+        server: str,
+        auth_server: str | None = None,
+        client_id: str | None = None,
+        client_secret: str | None = None,
+        token: dict[str, Any] | None = None,
+        registration_token: str | None = None,
+    ) -> None:
+        if auth_server is not None and client_id is not None and token is not None:
+            if token["access_token"]:
+                usetimestamp = int(time.time()) + int(token["expires_in"])
+                token["expires_at"] = usetimestamp
+            self._auth.servers[server].authorization_servers[auth_server] = AuthServer(
+                client_id=client_id,
+                client_secret=client_secret,
+                token=AuthToken(**token),
+                registration_token=registration_token,
+            )
+        else:
+            self._auth.servers[server]  # touch
+        self._save()
+
+    async def exchange_refresh_token(self, auth_server: str, token: AuthToken) -> dict[str, Any] | None:
+        """
+        This method exchanges a refresh token for a new access token.
+        """
+
+        async with httpx.AsyncClient(headers={"Accept": "application/json"}) as client:
+            resp = None
+            try:
+                resp = await client.get(f"{auth_server}/.well-known/openid-configuration")
+                resp.raise_for_status()
+                oidc = resp.json()
+            except Exception as e:
+                if resp:
+                    error_details = resp.json()
+                    print(f"error: {error_details['error']} error description: {error_details['error_description']}")
+                raise RuntimeError(f"OIDC discovery failed: {e}") from e
+
+            token_endpoint = oidc["token_endpoint"]
+            try:
+                client_id = (
+                    self._auth.servers[self._auth.active_server or ""].authorization_servers[auth_server].client_id
+                )
+                client_secret = (
+                    self._auth.servers[self._auth.active_server or ""].authorization_servers[auth_server].client_secret
+                )
+                resp = await client.post(
+                    f"{token_endpoint}",
+                    data={
+                        "grant_type": "refresh_token",
+                        "refresh_token": token.refresh_token,
+                        "scope": token.scope,
+                        "client_id": client_id,
+                    }
+                    | ({"client_secret": client_secret} if client_secret else {}),
+                )
+                resp.raise_for_status()
+                new_token = resp.json()
+            except Exception as e:
+                if resp:
+                    error_details = resp.json()
+                    print(f"error: {error_details['error']} error description: {error_details['error_description']}")
+                raise RuntimeError(f"Failed to refresh token: {e}") from e
+            self.save_auth_token(
+                self._auth.active_server or "",
+                self._auth.active_auth_server or "",
+                self._auth.servers[self._auth.active_server or ""].authorization_servers[auth_server].client_id or "",
+                self._auth.servers[self._auth.active_server or ""].authorization_servers[auth_server].client_secret
+                or "",
+                token=new_token,
+            )
+            return new_token
+
+    async def load_auth_token(self) -> str | None:
+        active_res = self._auth.active_server
+        active_auth_server = self._auth.active_auth_server
+        if not active_res or not active_auth_server:
+            return None
+        server = self._auth.servers.get(active_res)
+        if not server:
+            return None
+
+        auth_server = server.authorization_servers.get(active_auth_server)
+        if not auth_server or not auth_server.token:
+            return None
+
+        if (auth_server.token.expires_at or 0) - 60 < time.time():
+            new_token = await self.exchange_refresh_token(active_auth_server, auth_server.token)
+            if new_token:
+                return new_token["access_token"]
+            return None
+
+        return auth_server.token.access_token
+
+    async def deregister_client(self, auth_server, client_id, registration_token) -> None:
+        async with httpx.AsyncClient(headers={"Accept": "application/json"}) as client:
+            resp = None
+            try:
+                resp = await client.get(f"{auth_server}/.well-known/openid-configuration")
+                resp.raise_for_status()
+                oidc = resp.json()
+                registration_endpoint = oidc["registration_endpoint"]
+            except Exception as e:
+                if resp:
+                    error_details = resp.json()
+                    print(f"error: {error_details['error']} error description: {error_details['error_description']}")
+                raise RuntimeError(f"OIDC discovery failed: {e}") from e
+
+            try:
+                if client_id is not None and client_id != "" and registration_token is not None:
+                    headers = {"authorization": f"bearer {registration_token}"}
+                    resp = await client.delete(f"{registration_endpoint}/{client_id}", headers=headers)
+                    resp.raise_for_status()
+
+            except Exception as e:
+                if resp:
+                    error_details = resp.json()
+                    print(f"error: {error_details['error']} error description: {error_details['error_description']}")
+                raise RuntimeError(f"Dynamic client de-registration failed. {e}") from e
+
+    async def clear_auth_token(self, all: bool = False) -> None:
+        if all:
+            for server in self._auth.servers:
+                for auth_server in self._auth.servers[server].authorization_servers:
+                    await self.deregister_client(
+                        auth_server,
+                        self._auth.servers[server].authorization_servers[auth_server].client_id,
+                        self._auth.servers[server].authorization_servers[auth_server].registration_token,
+                    )
+
+            self._auth.servers = defaultdict(Server)
+        else:
+            if self._auth.active_server and self._auth.active_auth_server:
+                if (
+                    self._auth.servers[self._auth.active_server]
+                    .authorization_servers[self._auth.active_auth_server]
+                    .client_id
+                ):
+                    await self.deregister_client(
+                        self._auth.active_auth_server,
+                        self._auth.servers[self._auth.active_server]
+                        .authorization_servers[self._auth.active_auth_server]
+                        .client_id,
+                        self._auth.servers[self._auth.active_server]
+                        .authorization_servers[self._auth.active_auth_server]
+                        .registration_token,
+                    )
+                del self._auth.servers[self._auth.active_server].authorization_servers[self._auth.active_auth_server]
+            if self._auth.active_server and not self._auth.servers[self._auth.active_server].authorization_servers:
+                del self._auth.servers[self._auth.active_server]
+        self._auth.active_server = None
+        self._auth.active_auth_server = None
+        self._save()
+
+    def get_server(self, server: str) -> Server | None:
+        return self._auth.servers.get(server)
+
+    @property
+    def servers(self) -> list[str]:
+        return list(self._auth.servers.keys())
+
+    @property
+    def active_server(self) -> str | None:
+        return self._auth.active_server
+
+    @active_server.setter
+    def active_server(self, server: str | None) -> None:
+        if server is not None and server not in self._auth.servers:
+            raise ValueError(f"Server {server} not found")
+        self._auth.active_server = server
+        self._save()
+
+    @property
+    def active_auth_server(self) -> str | None:
+        return self._auth.active_auth_server
+
+    @active_auth_server.setter
+    def active_auth_server(self, auth_server: str | None) -> None:
+        if auth_server is not None and (
+            self._auth.active_server not in self._auth.servers
+            or auth_server not in self._auth.servers[self._auth.active_server].authorization_servers
+        ):
+            raise ValueError(f"Auth server {auth_server} not found in active server")
+        self._auth.active_auth_server = auth_server
+        self._save()

agentstack_cli/commands/__init__.py

@@ -0,0 +1,3 @@
+# Copyright 2025 © BeeAI a Series of LF Projects, LLC
+# SPDX-License-Identifier: Apache-2.0
+