PyPI - atlas-chat - Versions diffs - 0.1.0__py3-none-any.whl - Mend

atlas-chat 0.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (250) hide show

atlas/__init__.py +40 -0
atlas/application/__init__.py +7 -0
atlas/application/chat/__init__.py +7 -0
atlas/application/chat/agent/__init__.py +10 -0
atlas/application/chat/agent/act_loop.py +179 -0
atlas/application/chat/agent/factory.py +142 -0
atlas/application/chat/agent/protocols.py +46 -0
atlas/application/chat/agent/react_loop.py +338 -0
atlas/application/chat/agent/think_act_loop.py +171 -0
atlas/application/chat/approval_manager.py +151 -0
atlas/application/chat/elicitation_manager.py +191 -0
atlas/application/chat/events/__init__.py +1 -0
atlas/application/chat/events/agent_event_relay.py +112 -0
atlas/application/chat/modes/__init__.py +1 -0
atlas/application/chat/modes/agent.py +125 -0
atlas/application/chat/modes/plain.py +74 -0
atlas/application/chat/modes/rag.py +81 -0
atlas/application/chat/modes/tools.py +179 -0
atlas/application/chat/orchestrator.py +213 -0
atlas/application/chat/policies/__init__.py +1 -0
atlas/application/chat/policies/tool_authorization.py +99 -0
atlas/application/chat/preprocessors/__init__.py +1 -0
atlas/application/chat/preprocessors/message_builder.py +92 -0
atlas/application/chat/preprocessors/prompt_override_service.py +104 -0
atlas/application/chat/service.py +454 -0
atlas/application/chat/utilities/__init__.py +6 -0
atlas/application/chat/utilities/error_handler.py +367 -0
atlas/application/chat/utilities/event_notifier.py +546 -0
atlas/application/chat/utilities/file_processor.py +613 -0
atlas/application/chat/utilities/tool_executor.py +789 -0
atlas/atlas_chat_cli.py +347 -0
atlas/atlas_client.py +238 -0
atlas/core/__init__.py +0 -0
atlas/core/auth.py +205 -0
atlas/core/authorization_manager.py +27 -0
atlas/core/capabilities.py +123 -0
atlas/core/compliance.py +215 -0
atlas/core/domain_whitelist.py +147 -0
atlas/core/domain_whitelist_middleware.py +82 -0
atlas/core/http_client.py +28 -0
atlas/core/log_sanitizer.py +102 -0
atlas/core/metrics_logger.py +59 -0
atlas/core/middleware.py +131 -0
atlas/core/otel_config.py +242 -0
atlas/core/prompt_risk.py +200 -0
atlas/core/rate_limit.py +0 -0
atlas/core/rate_limit_middleware.py +64 -0
atlas/core/security_headers_middleware.py +51 -0
atlas/domain/__init__.py +37 -0
atlas/domain/chat/__init__.py +1 -0
atlas/domain/chat/dtos.py +85 -0
atlas/domain/errors.py +96 -0
atlas/domain/messages/__init__.py +12 -0
atlas/domain/messages/models.py +160 -0
atlas/domain/rag_mcp_service.py +664 -0
atlas/domain/sessions/__init__.py +7 -0
atlas/domain/sessions/models.py +36 -0
atlas/domain/unified_rag_service.py +371 -0
atlas/infrastructure/__init__.py +10 -0
atlas/infrastructure/app_factory.py +135 -0
atlas/infrastructure/events/__init__.py +1 -0
atlas/infrastructure/events/cli_event_publisher.py +140 -0
atlas/infrastructure/events/websocket_publisher.py +140 -0
atlas/infrastructure/sessions/in_memory_repository.py +56 -0
atlas/infrastructure/transport/__init__.py +7 -0
atlas/infrastructure/transport/websocket_connection_adapter.py +33 -0
atlas/init_cli.py +226 -0
atlas/interfaces/__init__.py +15 -0
atlas/interfaces/events.py +134 -0
atlas/interfaces/llm.py +54 -0
atlas/interfaces/rag.py +40 -0
atlas/interfaces/sessions.py +75 -0
atlas/interfaces/tools.py +57 -0
atlas/interfaces/transport.py +24 -0
atlas/main.py +564 -0
atlas/mcp/api_key_demo/README.md +76 -0
atlas/mcp/api_key_demo/main.py +172 -0
atlas/mcp/api_key_demo/run.sh +56 -0
atlas/mcp/basictable/main.py +147 -0
atlas/mcp/calculator/main.py +149 -0
atlas/mcp/code-executor/execution_engine.py +98 -0
atlas/mcp/code-executor/execution_environment.py +95 -0
atlas/mcp/code-executor/main.py +528 -0
atlas/mcp/code-executor/result_processing.py +276 -0
atlas/mcp/code-executor/script_generation.py +195 -0
atlas/mcp/code-executor/security_checker.py +140 -0
atlas/mcp/corporate_cars/main.py +437 -0
atlas/mcp/csv_reporter/main.py +545 -0
atlas/mcp/duckduckgo/main.py +182 -0
atlas/mcp/elicitation_demo/README.md +171 -0
atlas/mcp/elicitation_demo/main.py +262 -0
atlas/mcp/env-demo/README.md +158 -0
atlas/mcp/env-demo/main.py +199 -0
atlas/mcp/file_size_test/main.py +284 -0
atlas/mcp/filesystem/main.py +348 -0
atlas/mcp/image_demo/main.py +113 -0
atlas/mcp/image_demo/requirements.txt +4 -0
atlas/mcp/logging_demo/README.md +72 -0
atlas/mcp/logging_demo/main.py +103 -0
atlas/mcp/many_tools_demo/main.py +50 -0
atlas/mcp/order_database/__init__.py +0 -0
atlas/mcp/order_database/main.py +369 -0
atlas/mcp/order_database/signal_data.csv +1001 -0
atlas/mcp/pdfbasic/main.py +394 -0
atlas/mcp/pptx_generator/main.py +760 -0
atlas/mcp/pptx_generator/requirements.txt +13 -0
atlas/mcp/pptx_generator/run_test.sh +1 -0
atlas/mcp/pptx_generator/test_pptx_generator_security.py +169 -0
atlas/mcp/progress_demo/main.py +167 -0
atlas/mcp/progress_updates_demo/QUICKSTART.md +273 -0
atlas/mcp/progress_updates_demo/README.md +120 -0
atlas/mcp/progress_updates_demo/main.py +497 -0
atlas/mcp/prompts/main.py +222 -0
atlas/mcp/public_demo/main.py +189 -0
atlas/mcp/sampling_demo/README.md +169 -0
atlas/mcp/sampling_demo/main.py +234 -0
atlas/mcp/thinking/main.py +77 -0
atlas/mcp/tool_planner/main.py +240 -0
atlas/mcp/ui-demo/badmesh.png +0 -0
atlas/mcp/ui-demo/main.py +383 -0
atlas/mcp/ui-demo/templates/button_demo.html +32 -0
atlas/mcp/ui-demo/templates/data_visualization.html +32 -0
atlas/mcp/ui-demo/templates/form_demo.html +28 -0
atlas/mcp/username-override-demo/README.md +320 -0
atlas/mcp/username-override-demo/main.py +308 -0
atlas/modules/__init__.py +0 -0
atlas/modules/config/__init__.py +34 -0
atlas/modules/config/cli.py +231 -0
atlas/modules/config/config_manager.py +1096 -0
atlas/modules/file_storage/__init__.py +22 -0
atlas/modules/file_storage/cli.py +330 -0
atlas/modules/file_storage/content_extractor.py +290 -0
atlas/modules/file_storage/manager.py +295 -0
atlas/modules/file_storage/mock_s3_client.py +402 -0
atlas/modules/file_storage/s3_client.py +417 -0
atlas/modules/llm/__init__.py +19 -0
atlas/modules/llm/caller.py +287 -0
atlas/modules/llm/litellm_caller.py +675 -0
atlas/modules/llm/models.py +19 -0
atlas/modules/mcp_tools/__init__.py +17 -0
atlas/modules/mcp_tools/client.py +2123 -0
atlas/modules/mcp_tools/token_storage.py +556 -0
atlas/modules/prompts/prompt_provider.py +130 -0
atlas/modules/rag/__init__.py +24 -0
atlas/modules/rag/atlas_rag_client.py +336 -0
atlas/modules/rag/client.py +129 -0
atlas/routes/admin_routes.py +865 -0
atlas/routes/config_routes.py +484 -0
atlas/routes/feedback_routes.py +361 -0
atlas/routes/files_routes.py +274 -0
atlas/routes/health_routes.py +40 -0
atlas/routes/mcp_auth_routes.py +223 -0
atlas/server_cli.py +164 -0
atlas/tests/conftest.py +20 -0
atlas/tests/integration/test_mcp_auth_integration.py +152 -0
atlas/tests/manual_test_sampling.py +87 -0
atlas/tests/modules/mcp_tools/test_client_auth.py +226 -0
atlas/tests/modules/mcp_tools/test_client_env.py +191 -0
atlas/tests/test_admin_mcp_server_management_routes.py +141 -0
atlas/tests/test_agent_roa.py +135 -0
atlas/tests/test_app_factory_smoke.py +47 -0
atlas/tests/test_approval_manager.py +439 -0
atlas/tests/test_atlas_client.py +188 -0
atlas/tests/test_atlas_rag_client.py +447 -0
atlas/tests/test_atlas_rag_integration.py +224 -0
atlas/tests/test_attach_file_flow.py +287 -0
atlas/tests/test_auth_utils.py +165 -0
atlas/tests/test_backend_public_url.py +185 -0
atlas/tests/test_banner_logging.py +287 -0
atlas/tests/test_capability_tokens_and_injection.py +203 -0
atlas/tests/test_compliance_level.py +54 -0
atlas/tests/test_compliance_manager.py +253 -0
atlas/tests/test_config_manager.py +617 -0
atlas/tests/test_config_manager_paths.py +12 -0
atlas/tests/test_core_auth.py +18 -0
atlas/tests/test_core_utils.py +190 -0
atlas/tests/test_docker_env_sync.py +202 -0
atlas/tests/test_domain_errors.py +329 -0
atlas/tests/test_domain_whitelist.py +359 -0
atlas/tests/test_elicitation_manager.py +408 -0
atlas/tests/test_elicitation_routing.py +296 -0
atlas/tests/test_env_demo_server.py +88 -0
atlas/tests/test_error_classification.py +113 -0
atlas/tests/test_error_flow_integration.py +116 -0
atlas/tests/test_feedback_routes.py +333 -0
atlas/tests/test_file_content_extraction.py +1134 -0
atlas/tests/test_file_extraction_routes.py +158 -0
atlas/tests/test_file_library.py +107 -0
atlas/tests/test_file_manager_unit.py +18 -0
atlas/tests/test_health_route.py +49 -0
atlas/tests/test_http_client_stub.py +8 -0
atlas/tests/test_imports_smoke.py +30 -0
atlas/tests/test_interfaces_llm_response.py +9 -0
atlas/tests/test_issue_access_denied_fix.py +136 -0
atlas/tests/test_llm_env_expansion.py +836 -0
atlas/tests/test_log_level_sensitive_data.py +285 -0
atlas/tests/test_mcp_auth_routes.py +341 -0
atlas/tests/test_mcp_client_auth.py +331 -0
atlas/tests/test_mcp_data_injection.py +270 -0
atlas/tests/test_mcp_get_authorized_servers.py +95 -0
atlas/tests/test_mcp_hot_reload.py +512 -0
atlas/tests/test_mcp_image_content.py +424 -0
atlas/tests/test_mcp_logging.py +172 -0
atlas/tests/test_mcp_progress_updates.py +313 -0
atlas/tests/test_mcp_prompt_override_system_prompt.py +102 -0
atlas/tests/test_mcp_prompts_server.py +39 -0
atlas/tests/test_mcp_tool_result_parsing.py +296 -0
atlas/tests/test_metrics_logger.py +56 -0
atlas/tests/test_middleware_auth.py +379 -0
atlas/tests/test_prompt_risk_and_acl.py +141 -0
atlas/tests/test_rag_mcp_aggregator.py +204 -0
atlas/tests/test_rag_mcp_service.py +224 -0
atlas/tests/test_rate_limit_middleware.py +45 -0
atlas/tests/test_routes_config_smoke.py +60 -0
atlas/tests/test_routes_files_download_token.py +41 -0
atlas/tests/test_routes_files_health.py +18 -0
atlas/tests/test_runtime_imports.py +53 -0
atlas/tests/test_sampling_integration.py +482 -0
atlas/tests/test_security_admin_routes.py +61 -0
atlas/tests/test_security_capability_tokens.py +65 -0
atlas/tests/test_security_file_stats_scope.py +21 -0
atlas/tests/test_security_header_injection.py +191 -0
atlas/tests/test_security_headers_and_filename.py +63 -0
atlas/tests/test_shared_session_repository.py +101 -0
atlas/tests/test_system_prompt_loading.py +181 -0
atlas/tests/test_token_storage.py +505 -0
atlas/tests/test_tool_approval_config.py +93 -0
atlas/tests/test_tool_approval_utils.py +356 -0
atlas/tests/test_tool_authorization_group_filtering.py +223 -0
atlas/tests/test_tool_details_in_config.py +108 -0
atlas/tests/test_tool_planner.py +300 -0
atlas/tests/test_unified_rag_service.py +398 -0
atlas/tests/test_username_override_in_approval.py +258 -0
atlas/tests/test_websocket_auth_header.py +168 -0
atlas/version.py +6 -0
atlas_chat-0.1.0.data/data/.env.example +253 -0
atlas_chat-0.1.0.data/data/config/defaults/compliance-levels.json +44 -0
atlas_chat-0.1.0.data/data/config/defaults/domain-whitelist.json +123 -0
atlas_chat-0.1.0.data/data/config/defaults/file-extractors.json +74 -0
atlas_chat-0.1.0.data/data/config/defaults/help-config.json +198 -0
atlas_chat-0.1.0.data/data/config/defaults/llmconfig-buggy.yml +11 -0
atlas_chat-0.1.0.data/data/config/defaults/llmconfig.yml +19 -0
atlas_chat-0.1.0.data/data/config/defaults/mcp.json +138 -0
atlas_chat-0.1.0.data/data/config/defaults/rag-sources.json +17 -0
atlas_chat-0.1.0.data/data/config/defaults/splash-config.json +16 -0
atlas_chat-0.1.0.dist-info/METADATA +236 -0
atlas_chat-0.1.0.dist-info/RECORD +250 -0
atlas_chat-0.1.0.dist-info/WHEEL +5 -0
atlas_chat-0.1.0.dist-info/entry_points.txt +4 -0
atlas_chat-0.1.0.dist-info/top_level.txt +1 -0

atlas/domain/rag_mcp_service.py ADDED Viewed

@@ -0,0 +1,664 @@
+"""RAG MCP Aggregator Service (Phase 1: Discovery)
+Aggregates discovery of RAG resources from authorized MCP servers that expose
+the `rag_discover_resources` tool. Returns a flat list of data source IDs for
+backward-compatible UI, with server-qualified IDs to avoid collisions.
+Future phases will add search/synthesis and richer shapes.
+"""
+from __future__ import annotations
+import logging
+from typing import Any, Dict, List, Optional
+from atlas.core.compliance import get_compliance_manager
+from atlas.core.log_sanitizer import sanitize_for_logging
+from atlas.core.prompt_risk import calculate_prompt_injection_risk, log_high_risk_event
+logger = logging.getLogger(__name__)
+class RAGMCPService:
+    """Aggregator for RAG over MCP servers."""
+    def __init__(self, mcp_manager, config_manager, auth_check_func) -> None:
+        self.mcp_manager = mcp_manager
+        self.config_manager = config_manager
+        self.auth_check_func = auth_check_func
+    async def _get_authorized_rag_servers(self, username: str, rag_servers: dict) -> List[str]:
+        """Get list of RAG servers the user is authorized to access.
+        This checks authorization directly against rag_mcp_config servers,
+        independent of mcp_manager.servers_config (which excludes RAG servers
+        to keep them separate from the tools panel).
+        """
+        authorized = []
+        for server_name, server_config in rag_servers.items():
+            if not server_config.enabled:
+                continue
+            required_groups = server_config.groups or []
+            if not required_groups:
+                # No group restriction - available to all
+                authorized.append(server_name)
+                continue
+            # Check if user is in any of the required groups
+            group_checks = [
+                await self.auth_check_func(username, group)
+                for group in required_groups
+            ]
+            if any(group_checks):
+                authorized.append(server_name)
+        return authorized
+    async def discover_data_sources(self, username: str, user_compliance_level: Optional[str] = None) -> List[str]:
+        """Discover data sources across authorized MCP RAG servers.
+        Phase 1 returns a flat list of strings for backward compatibility.
+        Uses server-qualified IDs: "{server}:{resource_id}" to avoid collisions.
+        """
+        # Ensure RAG servers are initialized from rag_mcp_config, without polluting tool inventory
+        try:
+            rag_servers = self.config_manager.rag_mcp_config.servers
+            # If these servers aren't in mcp_manager.clients, initialize just these
+            missing = [name for name in rag_servers.keys() if name not in getattr(self.mcp_manager, "clients", {})]
+            if missing:
+                # Temporarily extend servers_config with rag servers and initialize them
+                original = dict(getattr(self.mcp_manager, "servers_config", {}))
+                try:
+                    self.mcp_manager.servers_config.update({name: cfg.model_dump() for name, cfg in rag_servers.items()})
+                    await self.mcp_manager.initialize_clients()
+                    await self.mcp_manager.discover_tools()
+                finally:
+                    # Restore original list for general tools panel separation
+                    self.mcp_manager.servers_config = original
+        except Exception:
+            # If anything goes wrong, fallback silently to existing clients
+            pass
+        try:
+            # Determine RAG servers current user can see
+            # Use rag_mcp_config directly since servers_config was restored above
+            rag_servers = self.config_manager.rag_mcp_config.servers
+            authorized_servers: List[str] = await self._get_authorized_rag_servers(
+                username, rag_servers
+            )
+            if not authorized_servers:
+                logger.info("No authorized MCP servers for user %s", sanitize_for_logging(username))
+                return []
+            # --- Compliance Filtering (Step 2) ---
+            if user_compliance_level:
+                compliance_mgr = get_compliance_manager()
+                filtered_servers = []
+                for server in authorized_servers:
+                    cfg = (self.mcp_manager.available_tools.get(server) or {}).get("config", {})
+                    server_compliance_level = cfg.get("compliance_level")
+                    if compliance_mgr.is_accessible(
+                        user_level=user_compliance_level, resource_level=server_compliance_level
+                    ):
+                        filtered_servers.append(server)
+                    else:
+                        logger.info(
+                            "Skipping RAG server %s due to compliance level mismatch (user: %s, server: %s)",
+                            sanitize_for_logging(server),
+                            sanitize_for_logging(user_compliance_level),
+                            sanitize_for_logging(server_compliance_level),
+                        )
+                authorized_servers = filtered_servers
+                if not authorized_servers:
+                    logger.info("No authorized MCP servers remain after compliance filtering for user %s", sanitize_for_logging(username))
+                    return []
+            # -------------------------------------
+            # Filter to servers that advertise the discovery tool
+            servers_with_discovery: List[str] = []
+            for server in authorized_servers:
+                server_data = self.mcp_manager.available_tools.get(server)
+                tool_list = (server_data or {}).get("tools", [])
+                if any(getattr(t, "name", None) == "rag_discover_resources" for t in tool_list):
+                    servers_with_discovery.append(server)
+            if not servers_with_discovery:
+                logger.info("No servers implement rag_discover_resources for user %s", sanitize_for_logging(username))
+                return []
+            # Fan out discovery calls
+            sources: List[str] = []
+            for server in servers_with_discovery:
+                try:
+                    raw = await self.mcp_manager.call_tool(
+                        server_name=server,
+                        tool_name="rag_discover_resources",
+                        arguments={"username": username},
+                    )
+                    structured = self._extract_structured_result(raw)
+                    resources = self._extract_resources(structured)
+                    for r in resources:
+                        rid = r.get("id") or r.get("name")
+                        if not isinstance(rid, str):
+                            continue
+                        # Qualify with server to avoid collisions across providers
+                        sources.append(f"{server}:{rid}")
+                except Exception as e:
+                    logger.warning(
+                        "Discovery failed on server %s for user %s: %s",
+                        sanitize_for_logging(server),
+                        sanitize_for_logging(username),
+                        e,
+                    )
+            # De-dupe while preserving order
+            seen = set()
+            deduped = []
+            for s in sources:
+                if s not in seen:
+                    seen.add(s)
+                    deduped.append(s)
+            return deduped
+        except Exception as e:
+            logger.error("Error during RAG MCP discovery: %s", e, exc_info=True)
+            return []
+    async def discover_servers(self, username: str, user_compliance_level: Optional[str] = None) -> List[Dict[str, Any]]:
+        """Return richer per-server discovery structure for UI (rag_servers).
+        Shape:
+        [
+          {
+            "server": "docsRag",
+            "displayName": "docsRag",
+            "icon": <optional>,
+            "sources": [
+               {"id": "handbook", "name": "Employee Handbook", "authRequired": False, "selected": False}
+            ]
+          }
+        ]
+        """
+        # Ensure RAG servers are initialized from rag_mcp_config, without polluting tool inventory
+        try:
+            rag_cfg_servers = self.config_manager.rag_mcp_config.servers
+            missing = [name for name in rag_cfg_servers.keys() if name not in getattr(self.mcp_manager, "clients", {})]
+            if missing:
+                original = dict(getattr(self.mcp_manager, "servers_config", {}))
+                try:
+                    self.mcp_manager.servers_config.update({name: cfg.model_dump() for name, cfg in rag_cfg_servers.items()})
+                    await self.mcp_manager.initialize_clients()
+                    await self.mcp_manager.discover_tools()
+                finally:
+                    self.mcp_manager.servers_config = original
+        except Exception:
+            # Fallback silently if RAG config init fails; we'll just return empty set
+            pass
+        rag_servers: List[Dict[str, Any]] = []
+        try:
+            compliance_mgr = get_compliance_manager() if user_compliance_level else None
+            # Use rag_mcp_config directly since servers_config was restored above
+            rag_cfg_servers = self.config_manager.rag_mcp_config.servers
+            authorized_servers: List[str] = await self._get_authorized_rag_servers(
+                username, rag_cfg_servers
+            )
+            # --- Compliance Filtering (Step 2) ---
+            if compliance_mgr:
+                filtered_servers = []
+                for server in authorized_servers:
+                    cfg = (self.mcp_manager.available_tools.get(server) or {}).get("config", {})
+                    server_compliance_level = cfg.get("compliance_level")
+                    if compliance_mgr.is_accessible(
+                        user_level=user_compliance_level, resource_level=server_compliance_level
+                    ):
+                        filtered_servers.append(server)
+                    else:
+                        logger.info(
+                            "Skipping RAG server %s due to compliance level mismatch (user: %s, server: %s)",
+                            sanitize_for_logging(server),
+                            sanitize_for_logging(user_compliance_level),
+                            sanitize_for_logging(server_compliance_level),
+                        )
+                authorized_servers = filtered_servers
+            # -------------------------------------
+            for server in authorized_servers:
+                server_data = self.mcp_manager.available_tools.get(server)
+                tools = (server_data or {}).get("tools", [])
+                if not any(getattr(t, "name", None) == "rag_discover_resources" for t in tools):
+                    continue
+                # Call discovery
+                try:
+                    raw = await self.mcp_manager.call_tool(
+                        server_name=server,
+                        tool_name="rag_discover_resources",
+                        arguments={"username": username},
+                    )
+                    structured = self._extract_structured_result(raw)
+                    resources = self._extract_resources(structured)
+                except Exception as e:
+                    logger.warning("Discovery failed for server %s: %s", server, e)
+                    resources = []
+                # Build UI sources array
+                ui_sources: List[Dict[str, Any]] = []
+                for r in resources:
+                    rid = r.get("id") or r.get("name")
+                    if not isinstance(rid, str):
+                        continue
+                    # --- Compliance Filtering (Step 3) ---
+                    # Check for both camelCase (MCP standard) and snake_case (RAG mock standard)
+                    resource_compliance_level = r.get("complianceLevel") or r.get("compliance_level")
+                    if compliance_mgr and not compliance_mgr.is_accessible(
+                        user_level=user_compliance_level, resource_level=resource_compliance_level
+                    ):
+                        logger.info(
+                            "Skipping RAG resource %s:%s due to compliance level mismatch (user: %s, resource: %s)",
+                            sanitize_for_logging(server),
+                            sanitize_for_logging(rid),
+                            sanitize_for_logging(user_compliance_level),
+                            sanitize_for_logging(resource_compliance_level),
+                        )
+                        continue
+                    # -------------------------------------
+                    ui_sources.append({
+                        "id": rid,
+                        "name": r.get("name") or rid,
+                        # New contract: authRequired expected true; pass-through in case of legacy servers
+                        "authRequired": bool(r.get("authRequired", True)),
+                        # New: include per-resource groups when provided
+                        "groups": list(r.get("groups", [])) if isinstance(r.get("groups"), list) else None,
+                        "selected": bool(r.get("defaultSelected", False)),
+                        # Include compliance_level from resource or inherit from server
+                        "complianceLevel": resource_compliance_level if resource_compliance_level else None,
+                    })
+                # Optional config-driven icon/name and compliance level
+                cfg = (self.mcp_manager.available_tools.get(server) or {}).get("config", {})
+                display_name = cfg.get("displayName") or server
+                icon = (cfg.get("ui") or {}).get("icon") if isinstance(cfg.get("ui"), dict) else None
+                compliance_level = cfg.get("compliance_level")
+                rag_servers.append({
+                    "server": server,
+                    "displayName": display_name,
+                    "icon": icon,
+                    "complianceLevel": compliance_level,
+                    "sources": ui_sources,
+                })
+        except Exception as e:
+            logger.error("discover_servers error: %s", e, exc_info=True)
+        return rag_servers
+    async def search_raw(
+        self,
+        username: str,
+        query: str,
+        sources: List[str],
+        top_k: int = 8,
+        filters: Optional[Dict[str, Any]] = None,
+        ranking: Optional[Dict[str, Any]] = None,
+    ) -> Dict[str, Any]:
+        """Call rag_get_raw_results across servers and merge results.
+        sources are server-qualified (server:id). We group by server.
+        """
+        logger.debug(
+            "[MCP-RAG] search_raw called: user=%s, query_preview=%s..., sources=%s, top_k=%d",
+            sanitize_for_logging(username),
+            sanitize_for_logging(query[:100]) if query else "(empty)",
+            sources,
+            top_k,
+        )
+        filters = filters or {}
+        ranking = ranking or {}
+        by_server: Dict[str, List[str]] = {}
+        for s in sources or []:
+            if isinstance(s, str) and ":" in s:
+                srv, rid = s.split(":", 1)
+                by_server.setdefault(srv, []).append(rid)
+        logger.debug("[MCP-RAG] search_raw sources grouped by server: %s", by_server)
+        all_hits: List[Dict[str, Any]] = []
+        meta: Dict[str, Any] = {"providers": {}, "top_k": top_k}
+        for server, rids in by_server.items():
+            logger.debug("[MCP-RAG] search_raw processing server=%s, resource_ids=%s", server, rids)
+            try:
+                # Check tool availability
+                server_data = self.mcp_manager.available_tools.get(server) or {}
+                tool_list = server_data.get("tools", [])
+                if not any(getattr(t, "name", None) == "rag_get_raw_results" for t in tool_list):
+                    logger.debug("[MCP-RAG] Server %s lacks rag_get_raw_results tool, skipping", server)
+                    continue
+                logger.debug("[MCP-RAG] Calling rag_get_raw_results on server %s", server)
+                raw = await self.mcp_manager.call_tool(
+                    server_name=server,
+                    tool_name="rag_get_raw_results",
+                    arguments={
+                        "username": username,
+                        "query": query,
+                        "sources": rids,
+                        "top_k": top_k,
+                        "filters": filters,
+                        "ranking": ranking,
+                    },
+                )
+                logger.debug("[MCP-RAG] Server %s raw response type: %s", server, type(raw).__name__)
+                payload = self._extract_structured_result(raw) or {}
+                results = payload.get("results") or {}
+                hits = results.get("hits") or []
+                logger.debug("[MCP-RAG] Server %s returned %d hits", server, len(hits))
+                # Annotate with server for provenance
+                for h in hits:
+                    if isinstance(h, dict):
+                        h.setdefault("server", server)
+                all_hits.extend([h for h in hits if isinstance(h, dict)])
+                meta["providers"][server] = {
+                    "returned": len(hits),
+                    "error": None,
+                }
+            except Exception as e:
+                logger.error("[MCP-RAG] Server %s search_raw error: %s", server, e, exc_info=True)
+                meta["providers"][server] = {"returned": 0, "error": str(e)}
+        # Merge + rerank (simple): sort by score desc if present
+        def score_of(h: Dict[str, Any]) -> float:
+            try:
+                return float(h.get("score", 0.0))
+            except Exception:
+                return 0.0
+        all_hits.sort(key=score_of, reverse=True)
+        merged = all_hits[: top_k or len(all_hits)]
+        logger.info(
+            "[MCP-RAG] search_raw complete: total_hits=%d, merged_count=%d, providers=%s",
+            len(all_hits),
+            len(merged),
+            list(meta["providers"].keys()),
+        )
+        # Prompt-injection risk check on retrieved snippets (observe + log)
+        try:
+            for h in merged:
+                if not isinstance(h, dict):
+                    continue
+                text = h.get("snippet") or h.get("chunk") or h.get("text") or ""
+                if not isinstance(text, str) or not text.strip():
+                    continue
+                pi = calculate_prompt_injection_risk(text, mode="general")
+                if pi.get("risk_level") in ("medium", "high"):
+                    log_high_risk_event(
+                        source="rag_chunk",
+                        user=username,
+                        content=text,
+                        score=int(pi.get("score", 0)),
+                        risk_level=str(pi.get("risk_level")),
+                        triggers=list(pi.get("triggers", [])),
+                        extra={
+                            "server": h.get("server"),
+                            "resourceId": h.get("resourceId"),
+                        },
+                    )
+        except Exception:
+            logger.debug("Prompt risk check failed (RAG results)", exc_info=True)
+        return {
+            "results": {
+                "hits": merged,
+                "stats": {
+                    "total_found": len(all_hits),
+                    "top_k": top_k,
+                },
+            },
+            "meta_data": meta,
+        }
+    async def synthesize(
+        self,
+        username: str,
+        query: str,
+        sources: List[str],
+        top_k: Optional[int] = None,
+        synthesis_params: Optional[Dict[str, Any]] = None,
+        provided_context: Optional[Dict[str, Any]] = None,
+    ) -> Dict[str, Any]:
+        """Call rag_get_synthesized_results across servers when available.
+        If not available, fall back to raw search and concatenate snippets.
+        """
+        logger.debug(
+            "[MCP-RAG] synthesize called: user=%s, query_preview=%s..., sources=%s, top_k=%s",
+            sanitize_for_logging(username),
+            sanitize_for_logging(query[:100]) if query else "(empty)",
+            sources,
+            top_k,
+        )
+        synthesis_params = synthesis_params or {}
+        provided_context = provided_context or {}
+        by_server: Dict[str, List[str]] = {}
+        for s in sources or []:
+            if isinstance(s, str) and ":" in s:
+                srv, rid = s.split(":", 1)
+                by_server.setdefault(srv, []).append(rid)
+        logger.debug("[MCP-RAG] Sources grouped by server: %s", by_server)
+        answers: List[str] = []
+        citations: List[Dict[str, Any]] = []
+        meta: Dict[str, Any] = {"providers": {}}
+        used_fallback = False
+        for server, rids in by_server.items():
+            logger.debug(
+                "[MCP-RAG] Processing server=%s, resource_ids=%s",
+                server,
+                rids,
+            )
+            try:
+                server_data = self.mcp_manager.available_tools.get(server) or {}
+                tool_list = server_data.get("tools", [])
+                tool_names = [getattr(t, "name", None) for t in tool_list]
+                logger.debug("[MCP-RAG] Server %s available tools: %s", server, tool_names)
+                has_synth = any(getattr(t, "name", None) == "rag_get_synthesized_results" for t in tool_list)
+                if has_synth:
+                    logger.debug("[MCP-RAG] Server %s has rag_get_synthesized_results, calling...", server)
+                    raw = await self.mcp_manager.call_tool(
+                        server_name=server,
+                        tool_name="rag_get_synthesized_results",
+                        arguments={
+                            "username": username,
+                            "query": query,
+                            "sources": rids,
+                            **({"top_k": top_k} if top_k is not None else {}),
+                            "synthesis_params": synthesis_params,
+                            "provided_context": provided_context,
+                        },
+                    )
+                    logger.debug("[MCP-RAG] Server %s raw response type: %s", server, type(raw).__name__)
+                    payload = self._extract_structured_result(raw) or {}
+                    logger.debug("[MCP-RAG] Server %s extracted payload keys: %s", server, list(payload.keys()))
+                    logger.debug("[MCP-RAG] Server %s full payload: %s", server, sanitize_for_logging(str(payload)[:1000]))
+                    results = payload.get("results") or {}
+                    logger.debug("[MCP-RAG] Server %s results type: %s, results keys: %s", server, type(results).__name__, list(results.keys()) if isinstance(results, dict) else "N/A")
+                    logger.debug("[MCP-RAG] Server %s results content: %s", server, sanitize_for_logging(str(results)[:500]))
+                    ans = results.get("answer")
+                    if isinstance(ans, str) and ans:
+                        logger.debug(
+                            "[MCP-RAG] Server %s answer length=%d, preview=%s...",
+                            server,
+                            len(ans),
+                            sanitize_for_logging(ans[:200]),
+                        )
+                        answers.append(ans)
+                    cits = results.get("citations") or []
+                    if isinstance(cits, list):
+                        for c in cits:
+                            if isinstance(c, dict):
+                                c.setdefault("server", server)
+                        citations.extend([c for c in cits if isinstance(c, dict)])
+                    meta["providers"][server] = {"used_synth": True, "error": None}
+                    logger.info("[MCP-RAG] Server %s synthesis complete: answer_length=%d", server, len(ans) if ans else 0)
+                else:
+                    logger.debug("[MCP-RAG] Server %s lacks rag_get_synthesized_results, using fallback search_raw", server)
+                    used_fallback = True
+                    raw_payload = await self.search_raw(username, query, [f"{server}:{rid}" for rid in rids], top_k=top_k or 8)
+                    # Build a rudimentary answer from snippets
+                    hits = ((raw_payload.get("results") or {}).get("hits") or [])
+                    logger.debug("[MCP-RAG] Server %s fallback search returned %d hits", server, len(hits))
+                    snippet_texts = [h.get("snippet") or h.get("chunk") or "" for h in hits if isinstance(h, dict)]
+                    if snippet_texts:
+                        answers.append("\n\n".join(snippet_texts[:3]))
+                    meta["providers"][server] = {"used_synth": False, "error": None}
+            except Exception as e:
+                logger.error("[MCP-RAG] Server %s synthesis error: %s", server, e, exc_info=True)
+                meta["providers"][server] = {"used_synth": False, "error": str(e)}
+        final_answer = "\n\n---\n\n".join([a for a in answers if a]) if answers else ""
+        logger.info(
+            "[MCP-RAG] synthesize complete: total_answers=%d, final_answer_length=%d, used_fallback=%s",
+            len(answers),
+            len(final_answer),
+            used_fallback,
+        )
+        return {
+            "results": {
+                "answer": final_answer,
+                "citations": citations or None,
+                "limits": {"truncated": False} if final_answer else None,
+            },
+            "meta_data": {**meta, "fallback_used": used_fallback},
+        }
+    # --- helpers ---------------------------------------------------------
+    def _extract_structured_result(self, raw: Any) -> Dict[str, Any]:
+        """Best-effort extraction of a structured payload from FastMCP result."""
+        import json
+        logger.debug("[MCP-RAG] _extract_structured_result: raw type=%s", type(raw).__name__)
+        try:
+            # Log available attributes for debugging
+            if hasattr(raw, "__dict__"):
+                logger.debug("[MCP-RAG] _extract_structured_result: raw attributes=%s", list(raw.__dict__.keys()) if hasattr(raw, "__dict__") else "N/A")
+            # If raw is already a dict, return it directly
+            if isinstance(raw, dict):
+                logger.debug("[MCP-RAG] _extract_structured_result: raw is already a dict with keys=%s", list(raw.keys()))
+                return raw
+            # Preferred attributes from fastmcp
+            if hasattr(raw, "structured_content") and raw.structured_content:
+                logger.debug("[MCP-RAG] _extract_structured_result: found structured_content")
+                if isinstance(raw.structured_content, dict):
+                    return raw.structured_content
+            if hasattr(raw, "data") and raw.data:
+                logger.debug("[MCP-RAG] _extract_structured_result: found data")
+                if isinstance(raw.data, dict):
+                    return raw.data
+            if hasattr(raw, "content") and raw.content:
+                contents = getattr(raw, "content")
+                logger.debug("[MCP-RAG] _extract_structured_result: found content, type=%s, len=%s", type(contents).__name__, len(contents) if hasattr(contents, '__len__') else "N/A")
+                # content is typically a list of segments with .text
+                if isinstance(contents, list) and contents:
+                    # Try all content items, not just the first
+                    for idx, item in enumerate(contents):
+                        logger.debug("[MCP-RAG] _extract_structured_result: content[%d] type=%s", idx, type(item).__name__)
+                        # Try .text attribute
+                        text = getattr(item, "text", None)
+                        if text is None and isinstance(item, dict):
+                            text = item.get("text")
+                        if text:
+                            logger.debug("[MCP-RAG] _extract_structured_result: text type=%s, preview=%s", type(text).__name__, sanitize_for_logging(str(text)[:300]))
+                            if isinstance(text, str) and text.strip():
+                                try:
+                                    obj = json.loads(text)
+                                    if isinstance(obj, dict):
+                                        logger.debug("[MCP-RAG] _extract_structured_result: parsed JSON with keys=%s", list(obj.keys()))
+                                        return obj
+                                except Exception as json_err:
+                                    logger.debug("[MCP-RAG] _extract_structured_result: JSON parse failed for content[%d]: %s", idx, json_err)
+                        # Try if item is itself a dict with results/meta_data
+                        if isinstance(item, dict):
+                            if "results" in item or "meta_data" in item:
+                                logger.debug("[MCP-RAG] _extract_structured_result: content[%d] is a dict with results/meta_data", idx)
+                                return item
+                # If content is a single string (not list), try to parse as JSON
+                elif isinstance(contents, str) and contents.strip():
+                    logger.debug("[MCP-RAG] _extract_structured_result: content is a string, trying JSON parse")
+                    try:
+                        obj = json.loads(contents)
+                        if isinstance(obj, dict):
+                            logger.debug("[MCP-RAG] _extract_structured_result: parsed content string as JSON with keys=%s", list(obj.keys()))
+                            return obj
+                    except Exception as json_err:
+                        logger.debug("[MCP-RAG] _extract_structured_result: JSON parse of content string failed: %s", json_err)
+            # Try to convert raw to string and parse as JSON (last resort)
+            if hasattr(raw, "__str__"):
+                raw_str = str(raw)
+                # Only try if it looks like JSON
+                if raw_str.strip().startswith("{"):
+                    logger.debug("[MCP-RAG] _extract_structured_result: trying __str__ as JSON: %s...", sanitize_for_logging(raw_str[:200]))
+                    try:
+                        obj = json.loads(raw_str)
+                        if isinstance(obj, dict):
+                            logger.debug("[MCP-RAG] _extract_structured_result: parsed __str__ as JSON with keys=%s", list(obj.keys()))
+                            return obj
+                    except Exception:
+                        pass
+        except Exception as parse_err:  # pragma: no cover - defensive
+            logger.debug("Non-fatal: failed to parse structured result: %s", parse_err)
+        logger.debug("[MCP-RAG] _extract_structured_result: returning empty dict")
+        return {}
+    def _extract_resources(self, payload: Dict[str, Any]) -> List[Dict[str, Any]]:
+        """Extract list of resource dicts from a normalized tool result."""
+        if not isinstance(payload, dict):
+            return []
+        results = payload.get("results") if isinstance(payload.get("results"), dict) else payload
+        # Support both {results: {resources: [...]}} and {results: [...]}
+        # Also support the RAG mock format: {accessible_data_sources: [...]}
+        resources = (
+            (results.get("resources") if isinstance(results, dict) else None)
+            or payload.get("resources")
+            or payload.get("accessible_data_sources") # Added support for RAG mock format
+            or []
+        )
+        if isinstance(resources, list):
+            # ensure each entry is a dict
+            return [r for r in resources if isinstance(r, dict)]
+        return []
+__all__ = ["RAGMCPService"]

atlas/domain/sessions/__init__.py ADDED Viewed

@@ -0,0 +1,7 @@
+"""Domain models for sessions."""
+from .models import Session
+__all__ = [
+    "Session",
+]