arize-phoenix 4.35.2__py3-none-any.whl → 5.0.0__py3-none-any.whl

phoenix/logging/_config.py

@@ -0,0 +1,90 @@
+import atexit
+import logging
+import logging.config
+import logging.handlers
+import queue
+from sys import stderr, stdout
+
+from typing_extensions import assert_never
+
+from phoenix.config import LoggingMode
+from phoenix.logging._filter import NonErrorFilter
+from phoenix.settings import Settings
+
+from ._formatter import PhoenixJSONFormatter
+
+
+def setup_logging() -> None:
+    """
+    Configures logging for the specified logging mode.
+    """
+    logging_mode = Settings.logging_mode
+    if logging_mode is LoggingMode.DEFAULT:
+        _setup_library_logging()
+    elif logging_mode is LoggingMode.STRUCTURED:
+        _setup_application_logging()
+    else:
+        assert_never(logging_mode)
+
+
+def _setup_library_logging() -> None:
+    """
+    Configures logging if Phoenix is used as a library
+    """
+    logger = logging.getLogger("phoenix")
+    logger.setLevel(Settings.logging_level)
+    db_logger = logging.getLogger("sqlalchemy")
+    db_logger.setLevel(Settings.db_logging_level)
+    logger.info("Default logging ready")
+
+
+def _setup_application_logging() -> None:
+    """
+    Configures logging if Phoenix is used as an application
+    """
+    sql_engine_logger = logging.getLogger("sqlalchemy.engine.Engine")
+    # Remove all existing handlers
+    for handler in sql_engine_logger.handlers[:]:
+        sql_engine_logger.removeHandler(handler)
+        handler.close()
+
+    phoenix_logger = logging.getLogger("phoenix")
+    phoenix_logger.setLevel(Settings.logging_level)
+    phoenix_logger.propagate = False  # Do not pass records to the root logger
+    sql_logger = logging.getLogger("sqlalchemy")
+    sql_logger.setLevel(Settings.db_logging_level)
+    sql_logger.propagate = False  # Do not pass records to the root logger
+
+    log_queue = queue.Queue()  # type:ignore
+    queue_handler = logging.handlers.QueueHandler(log_queue)
+    phoenix_logger.addHandler(queue_handler)
+    sql_logger.addHandler(queue_handler)
+
+    fmt_keys = {
+        "level": "levelname",
+        "message": "message",
+        "timestamp": "timestamp",
+        "logger": "name",
+        "module": "module",
+        "function": "funcName",
+        "line": "lineno",
+        "thread_name": "threadName",
+    }
+    formatter = PhoenixJSONFormatter(fmt_keys=fmt_keys)
+
+    # stdout handler
+    stdout_handler = logging.StreamHandler(stdout)
+    stdout_handler.setFormatter(formatter)
+    stdout_handler.setLevel(Settings.logging_level)
+    stdout_handler.addFilter(NonErrorFilter())
+
+    # stderr handler
+    stderr_handler = logging.StreamHandler(stderr)
+    stderr_handler.setFormatter(formatter)
+    stderr_handler.setLevel(logging.WARNING)
+
+    queue_listener = logging.handlers.QueueListener(log_queue, stdout_handler, stderr_handler)
+    if queue_listener is not None:
+        queue_listener.start()
+        atexit.register(queue_listener.stop)
+    phoenix_logger.info("Structured logging ready")

phoenix/logging/_filter.py

@@ -0,0 +1,6 @@
+import logging
+
+
+class NonErrorFilter(logging.Filter):
+    def filter(self, record: logging.LogRecord) -> bool:
+        return record.levelno <= logging.INFO

phoenix/logging/_formatter.py

@@ -0,0 +1,69 @@
+import datetime as dt
+import json
+import logging
+from typing import Dict, Optional
+
+LOG_RECORD_BUILTIN_ATTRS = {
+    "args",
+    "asctime",
+    "created",
+    "exc_info",
+    "exc_text",
+    "filename",
+    "funcName",
+    "levelname",
+    "levelno",
+    "lineno",
+    "module",
+    "msecs",
+    "message",
+    "msg",
+    "name",
+    "pathname",
+    "process",
+    "processName",
+    "relativeCreated",
+    "stack_info",
+    "thread",
+    "threadName",
+    "taskName",
+}
+
+
+class PhoenixJSONFormatter(logging.Formatter):
+    def __init__(
+        self,
+        *,
+        fmt_keys: Optional[Dict[str, str]] = None,
+    ):
+        super().__init__()
+        self.fmt_keys = fmt_keys if fmt_keys is not None else {}
+
+    def format(self, record: logging.LogRecord) -> str:
+        message = self._prepare_log_dict(record)
+        return json.dumps(message, default=str)
+
+    def _prepare_log_dict(self, record: logging.LogRecord) -> Dict[str, str]:
+        always_fields = {
+            "message": record.getMessage(),
+            "timestamp": dt.datetime.fromtimestamp(record.created, tz=dt.timezone.utc).isoformat(),
+        }
+        if record.exc_info is not None:
+            always_fields["exc_info"] = self.formatException(record.exc_info)
+
+        if record.stack_info is not None:
+            always_fields["stack_info"] = self.formatStack(record.stack_info)
+
+        message = {
+            key: msg_val
+            if (msg_val := always_fields.pop(val, None)) is not None
+            else getattr(record, val)
+            for key, val in self.fmt_keys.items()
+        }
+        message.update(always_fields)
+
+        for key, val in record.__dict__.items():
+            if key not in LOG_RECORD_BUILTIN_ATTRS:
+                message[key] = val
+
+        return message

phoenix/metrics/__init__.py

@@ -10,7 +10,6 @@ import pandas as pd
 from phoenix.core.model_schema import Column
 
 logger = logging.getLogger(__name__)
-logger.addHandler(logging.NullHandler())
 
 
 @dataclass(frozen=True)

phoenix/otel/settings.py

@@ -1,10 +1,10 @@
+import logging
 import os
 import urllib
-from logging import getLogger
 from re import compile
 from typing import Dict, List, Optional
 
-_logger = getLogger(__name__)
+logger = logging.getLogger(__name__)
 
 # Environment variables specific to the subpackage
 ENV_PHOENIX_COLLECTOR_ENDPOINT = "PHOENIX_COLLECTOR_ENDPOINT"
@@ -72,13 +72,13 @@ def parse_env_headers(s: str) -> Dict[str, str]:
             encoded_header = f"{urllib.parse.quote(name)}={urllib.parse.quote(value)}"
             match = _HEADER_PATTERN.fullmatch(encoded_header.strip())
             if not match:
-                _logger.warning(
+                logger.warning(
                     "Header format invalid! Header values in environment variables must be "
                     "URL encoded: %s",
                     f"{name}: ****",
                 )
                 continue
-            _logger.warning(
+            logger.warning(
                 "Header values in environment variables should be URL encoded, attempting to "
                 "URL encode header: {name}: ****"
             )

phoenix/server/api/README.md

@@ -0,0 +1,28 @@
+# Permission Matrix for GraphQL API
+
+## Mutations
+
+| Action                       | Admin | Member |
+|:-----------------------------|:-----:|:------:|
+| Create User                  |  Yes  |   No   |
+| Delete User                  |  Yes  |   No   |
+| Change Own Password          |  Yes  |  Yes   |
+| Change Other's Password      |  Yes  |   No   |
+| Change Own Username          |  Yes  |  Yes   |
+| Change Other's Username      |  Yes  |   No   |
+| Change Own Email             |  No   |   No   |
+| Change Other's Email         |  No   |   No   |
+| Create System API Keys       |  Yes  |   No   |
+| Delete System API Keys       |  Yes  |   No   |
+| Create Own User API Keys     |  Yes  |  Yes   |
+| Delete Own User API Keys     |  Yes  |  Yes   |
+| Delete Other's User API Keys |  Yes  |   No   |
+
+## Queries
+
+| Action                               | Admin | Member |
+|:-------------------------------------|:-----:|:------:|
+| List All System API Keys             |  Yes  |   No   |
+| List All User API Keys               |  Yes  |   No   |
+| List All Users                       |  Yes  |   No   |
+| Fetch Other User's Info, e.g. emails |  Yes  |   No   |

phoenix/server/api/auth.py

@@ -0,0 +1,32 @@
+from abc import ABC
+from typing import Any
+
+from strawberry import Info
+from strawberry.permission import BasePermission
+
+from phoenix.server.api.exceptions import Unauthorized
+from phoenix.server.bearer_auth import PhoenixUser
+
+
+class Authorization(BasePermission, ABC):
+    def on_unauthorized(self) -> None:
+        raise Unauthorized(self.message)
+
+
+class IsNotReadOnly(Authorization):
+    message = "Application is read-only"
+
+    def has_permission(self, source: Any, info: Info, **kwargs: Any) -> bool:
+        return not info.context.read_only
+
+
+MSG_ADMIN_ONLY = "Only admin can perform this action"
+
+
+class IsAdmin(Authorization):
+    message = MSG_ADMIN_ONLY
+
+    def has_permission(self, source: Any, info: Info, **kwargs: Any) -> bool:
+        if not info.context.auth_enabled:
+            return False
+        return isinstance((user := info.context.user), PhoenixUser) and user.is_admin

phoenix/server/api/context.py

@@ -1,11 +1,18 @@
+from asyncio import get_running_loop
 from dataclasses import dataclass
+from functools import cached_property, partial
 from pathlib import Path
-from typing import Any, Optional
+from typing import Any, Optional, cast
 
+from starlette.requests import Request as StarletteRequest
 from starlette.responses import Response as StarletteResponse
 from strawberry.fastapi import BaseContext
 
+from phoenix.auth import (
+    compute_password_hash,
+)
 from phoenix.core.model_schema import Model
+from phoenix.db import models
 from phoenix.server.api.dataloaders import (
     AnnotationSummaryDataLoader,
     AverageExperimentRunLatencyDataLoader,
@@ -30,9 +37,18 @@ from phoenix.server.api.dataloaders import (
     SpanProjectsDataLoader,
     TokenCountDataLoader,
     TraceRowIdsDataLoader,
+    UserRolesDataLoader,
+    UsersDataLoader,
 )
+from phoenix.server.bearer_auth import PhoenixUser
 from phoenix.server.dml_event import DmlEvent
-from phoenix.server.types import CanGetLastUpdatedAt, CanPutItem, DbSessionFactory
+from phoenix.server.types import (
+    CanGetLastUpdatedAt,
+    CanPutItem,
+    DbSessionFactory,
+    TokenStore,
+    UserId,
+)
 
 
 @dataclass
@@ -59,6 +75,8 @@ class DataLoaders:
     token_counts: TokenCountDataLoader
     trace_row_ids: TraceRowIdsDataLoader
     project_by_name: ProjectByNameDataLoader
+    users: UsersDataLoader
+    user_roles: UserRolesDataLoader
 
 
 class _NoOp:
@@ -77,7 +95,9 @@ class Context(BaseContext):
     event_queue: CanPutItem[DmlEvent] = _NoOp()
     corpus: Optional[Model] = None
     read_only: bool = False
+    auth_enabled: bool = False
     secret: Optional[str] = None
+    token_store: Optional[TokenStore] = None
 
     def get_secret(self) -> str:
         """A type-safe way to get the application secret. Throws an error if the secret is not set.
@@ -92,6 +112,14 @@ class Context(BaseContext):
             )
         return self.secret
 
+    def get_request(self) -> StarletteRequest:
+        """
+        A type-safe way to get the request object. Throws an error if the request is not set.
+        """
+        if not isinstance(request := self.request, StarletteRequest):
+            raise ValueError("no request is set")
+        return request
+
     def get_response(self) -> StarletteResponse:
         """
         A type-safe way to get the response object. Throws an error if the response is not set.
@@ -99,3 +127,23 @@ class Context(BaseContext):
         if (response := self.response) is None:
             raise ValueError("no response is set")
         return response
+
+    async def is_valid_password(self, password: str, user: models.User) -> bool:
+        return (
+            (hash_ := user.password_hash) is not None
+            and (salt := user.password_salt) is not None
+            and hash_ == await self.hash_password(password, salt)
+        )
+
+    @staticmethod
+    async def hash_password(password: str, salt: bytes) -> bytes:
+        compute = partial(compute_password_hash, password=password, salt=salt)
+        return await get_running_loop().run_in_executor(None, compute)
+
+    async def log_out(self, user_id: int) -> None:
+        assert self.token_store is not None
+        await self.token_store.log_out(UserId(user_id))
+
+    @cached_property
+    def user(self) -> PhoenixUser:
+        return cast(PhoenixUser, self.get_request().user)

phoenix/server/api/dataloaders/__init__.py

@@ -25,6 +25,8 @@ from .span_descendants import SpanDescendantsDataLoader
 from .span_projects import SpanProjectsDataLoader
 from .token_counts import TokenCountCache, TokenCountDataLoader
 from .trace_row_ids import TraceRowIdsDataLoader
+from .user_roles import UserRolesDataLoader
+from .users import UsersDataLoader
 
 __all__ = [
     "CacheForDataLoaders",
@@ -50,6 +52,8 @@ __all__ = [
     "TraceRowIdsDataLoader",
     "ProjectByNameDataLoader",
     "SpanAnnotationsDataLoader",
+    "UsersDataLoader",
+    "UserRolesDataLoader",
 ]
 
 

phoenix/server/api/dataloaders/user_roles.py

@@ -0,0 +1,30 @@
+from collections import defaultdict
+from typing import DefaultDict, List, Optional
+
+from sqlalchemy import select
+from strawberry.dataloader import DataLoader
+from typing_extensions import TypeAlias
+
+from phoenix.db import models
+from phoenix.server.types import DbSessionFactory
+
+UserRoleId: TypeAlias = int
+Key: TypeAlias = UserRoleId
+Result: TypeAlias = Optional[models.UserRole]
+
+
+class UserRolesDataLoader(DataLoader[Key, Result]):
+    """DataLoader that batches together user roles by their ids."""
+
+    def __init__(self, db: DbSessionFactory) -> None:
+        super().__init__(load_fn=self._load_fn)
+        self._db = db
+
+    async def _load_fn(self, keys: List[Key]) -> List[Result]:
+        user_roles_by_id: DefaultDict[Key, Result] = defaultdict(None)
+        async with self._db() as session:
+            data = await session.stream_scalars(select(models.UserRole))
+            async for user_role in data:
+                user_roles_by_id[user_role.id] = user_role
+
+        return [user_roles_by_id.get(role_id) for role_id in keys]

phoenix/server/api/dataloaders/users.py

@@ -0,0 +1,33 @@
+from collections import defaultdict
+from typing import DefaultDict, List, Optional
+
+from sqlalchemy import select
+from strawberry.dataloader import DataLoader
+from typing_extensions import TypeAlias
+
+from phoenix.db import models
+from phoenix.server.types import DbSessionFactory
+
+UserId: TypeAlias = int
+Key: TypeAlias = UserId
+Result: TypeAlias = Optional[models.User]
+
+
+class UsersDataLoader(DataLoader[Key, Result]):
+    """DataLoader that batches together users by their ids."""
+
+    def __init__(self, db: DbSessionFactory) -> None:
+        super().__init__(load_fn=self._load_fn)
+        self._db = db
+
+    async def _load_fn(self, keys: List[Key]) -> List[Result]:
+        user_ids = list(set(keys))
+        users_by_id: DefaultDict[Key, Result] = defaultdict(None)
+        async with self._db() as session:
+            data = await session.stream_scalars(
+                select(models.User).where(models.User.id.in_(user_ids))
+            )
+            async for user in data:
+                users_by_id[user.id] = user
+
+        return [users_by_id.get(user_id) for user_id in keys]

phoenix/server/api/exceptions.py

@@ -27,6 +27,13 @@ class Unauthorized(CustomGraphQLError):
     """
 
 
+class Conflict(CustomGraphQLError):
+    """
+    An error raised when a mutation cannot be completed due to a conflict with
+    the current state of one or more resources.
+    """
+
+
 def get_mask_errors_extension() -> MaskErrors:
     return MaskErrors(
         should_mask_error=_should_mask_error,

phoenix/server/api/mutations/__init__.py

@@ -1,7 +1,6 @@
 import strawberry
 
 from phoenix.server.api.mutations.api_key_mutations import ApiKeyMutationMixin
-from phoenix.server.api.mutations.auth_mutations import AuthMutationMixin
 from phoenix.server.api.mutations.dataset_mutations import DatasetMutationMixin
 from phoenix.server.api.mutations.experiment_mutations import ExperimentMutationMixin
 from phoenix.server.api.mutations.export_events_mutations import ExportEventsMutationMixin
@@ -14,7 +13,6 @@ from phoenix.server.api.mutations.user_mutations import UserMutationMixin
 @strawberry.type
 class Mutation(
     ApiKeyMutationMixin,
-    AuthMutationMixin,
     DatasetMutationMixin,
     ExperimentMutationMixin,
     ExportEventsMutationMixin,