eggpool 0.1.2__tar.gz → 0.1.4__tar.gz

{eggpool-0.1.2 → eggpool-0.1.4}/CHANGELOG.md

@@ -5,6 +5,32 @@ All notable changes to EggPool are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.1.4] - 2026-06-23
+
+### Fixed
+
+- Fix `eggpool serve` crash on Linux/macOS: Granian worker processes
+  failed to start due to unpicklable local closure in `target_loader`.
+  Moved `_app_loader` to module level for multiprocessing compatibility.
+- Install script now invokes pipx through the detected Python version
+  (`python3.x -m pipx`) to avoid using the wrong interpreter when
+  system Python differs from the detected version.
+
+## [0.1.3] - 2026-06-23
+
+### Changed
+
+- `eggpool onboard` now creates a minimal config and generates a server
+  API key on fresh installs, eliminating the need for `init-config`.
+- Install script recommends `eggpool onboard` instead of `init-config`.
+- `init-config` shows a helpful warning when config exists, recommending
+  `eggpool onboard` for provider setup.
+
+### Fixed
+
+- Onboard flow now works deterministically on fresh installs without
+  requiring manual config creation first.
+
 ## [0.1.2] - 2026-06-23
 
 ### Fixed

{eggpool-0.1.2 → eggpool-0.1.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: eggpool
-Version: 0.1.2
+Version: 0.1.4
 Summary: A lightweight proxy that aggregates multiple LLM provider accounts behind one OpenAI-compatible endpoint
 Project-URL: Homepage, https://github.com/eggstack/eggpool
 Project-URL: Repository, https://github.com/eggstack/eggpool

{eggpool-0.1.2 → eggpool-0.1.4}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "eggpool"
-version = "0.1.2"
+version = "0.1.4"
 description = "A lightweight proxy that aggregates multiple LLM provider accounts behind one OpenAI-compatible endpoint"
 readme = "README.md"
 requires-python = ">=3.11"

{eggpool-0.1.2 → eggpool-0.1.4}/scripts/install.sh

@@ -84,12 +84,12 @@ if command -v eggpool >/dev/null 2>&1; then
     exec eggpool accounts status
 fi
 
-# Check for pipx
+# Check for pipx (invoke via detected Python to ensure correct version)
 echo "Checking for pipx..."
-if command -v pipx >/dev/null 2>&1; then
-    echo "Installing eggpool via pipx..."
-    pipx install eggpool
-    echo "Installation complete. Run 'eggpool init-config' to start."
+if "$PYTHON" -m pipx --version >/dev/null 2>&1; then
+    echo "Installing eggpool via pipx (Python $PYTHON_VERSION)..."
+    "$PYTHON" -m pipx install eggpool
+    echo "Installation complete. Run 'eggpool onboard' to start."
     exec eggpool accounts status
 fi
 

{eggpool-0.1.2 → eggpool-0.1.4}/scripts/verify_upstream_auth.py

@@ -29,6 +29,8 @@ from typing import Any, cast
 
 import httpx
 
+from eggpool.providers.auth import has_auth_scheme_prefix, render_auth_headers
+
 DEFAULT_TIMEOUT = 30.0
 
 OPENAI_FAMILY = "openai"
@@ -57,18 +59,6 @@ def _require_env(name: str) -> str:
     return value
 
 
-def _build_auth_headers(
-    mode: str, header: str, scheme: str, key: str
-) -> dict[str, str]:
-    """Build auth headers from contract config."""
-    if mode == "none":
-        return {}
-    if mode in ("api_key", "raw_authorization"):
-        return {header: key}
-    # bearer mode (default)
-    return {header: f"{scheme} {key}"}
-
-
 def _compose_url(base_url: str, path: str) -> str:
     """Compose absolute URL from base and path."""
     return f"{base_url.rstrip('/')}/{path.lstrip('/')}"
@@ -331,9 +321,9 @@ def _verify_config_provider(
     auth_header = auth_cfg.get("header", "Authorization")
     auth_scheme = auth_cfg.get("scheme", "Bearer")
 
-    # Reject keys that already include the Bearer scheme so the
+    # Reject keys that already include the configured scheme so the
     # operator gets an actionable error before any upstream call.
-    if auth_mode == "bearer" and api_key.strip().lower().startswith("bearer "):
+    if auth_mode == "bearer" and has_auth_scheme_prefix(api_key, str(auth_scheme)):
         return [
             _AuthCheckResult(
                 provider_id=provider_id,
@@ -345,13 +335,18 @@ def _verify_config_provider(
                 resolved_url="",
                 auth_shape=f"{auth_header}: {auth_scheme} ***",
                 detail=(
-                    "raw key must not include Bearer prefix; "
-                    "EggPool adds the Bearer scheme automatically"
+                    f"raw key must not include {auth_scheme} prefix; "
+                    f"EggPool adds the {auth_scheme} scheme automatically"
                 ),
             )
         ]
 
-    auth_headers = _build_auth_headers(auth_mode, auth_header, auth_scheme, api_key)
+    auth_headers = render_auth_headers(
+        mode=str(auth_mode),
+        header=str(auth_header),
+        scheme=str(auth_scheme),
+        api_key=api_key,
+    )
     static_headers, sensitive_headers = _build_static_headers(provider_cfg)
     contract_headers = {**static_headers, **auth_headers}
     if auth_mode != "none":

{eggpool-0.1.2 → eggpool-0.1.4}/src/eggpool/api/proxy_request.py

@@ -181,7 +181,7 @@ async def handle_proxy_request(
         started_at=time.time(),
         provider_id=provider_id,
         client_ip=get_client_ip(request),
-        upstream_body=_rewrite_provider_model(payload, model_id, provider_id),
+        upstream_body=_rewrite_upstream_model(payload, model_id),
     )
 
     logger.info(
@@ -226,16 +226,15 @@ async def handle_proxy_request(
     return render_proxy_response(result)
 
 
-def _rewrite_provider_model(
+def _rewrite_upstream_model(
     payload: dict[str, Any],
     model_id: str,
-    provider_id: str | None,
 ) -> bytes | None:
-    """Remove EggPool's provider suffix before upstream dispatch.
+    """Forward the normalized, provider-free model ID upstream.
 
     ``None`` means the original request body can be forwarded byte-for-byte.
     """
-    if provider_id is None:
+    if payload.get("model") == model_id:
         return None
     upstream_payload = dict(payload)
     upstream_payload["model"] = model_id

{eggpool-0.1.2 → eggpool-0.1.4}/src/eggpool/cli.py

@@ -67,6 +67,17 @@ class _ConfigPathGroup(click.Group):
 # Re-apply the group class after the decorator
 cli.__class__ = _ConfigPathGroup
 
+# Module-level app reference for Granian's multiprocessing pickling.
+# Granian spawns worker processes via multiprocessing which requires
+# serializable target_loader callables. Local functions (closures) cannot
+# be pickled, so _app_loader must live at module level.
+_app: Any = None
+
+
+def _app_loader(_target: str) -> Any:  # noqa: ARG001
+    """Return the pre-built ASGI app for Granian workers."""
+    return _app
+
 
 @cli.command()
 @click.pass_context
@@ -101,12 +112,8 @@ def serve(ctx: click.Context) -> None:
 
     from eggpool.app import create_app
 
-    app = create_app(config, config_path=config_path)
-
-    # Granian requires a string target but we need the pre-built app.
-    # Use target_loader to inject our app, bypassing string resolution.
-    def _app_loader(_target: str) -> object:  # noqa: ARG001
-        return app
+    global _app  # noqa: PLW0603
+    _app = create_app(config, config_path=config_path)
 
     log_level = config.server.log_level.lower()
     Granian(
@@ -334,7 +341,7 @@ def edit(ctx: click.Context) -> None:
         sys.exit(1)
 
 
-def _generate_api_key() -> str:
+def generate_api_key() -> str:
     """Generate a cryptographically secure API key."""
     import secrets
 
@@ -383,7 +390,7 @@ def _detect_lan_ip() -> str:
         return "127.0.0.1"
 
 
-def _write_server_api_key(config_path: str, new_key: str) -> None:
+def write_server_api_key(config_path: str, new_key: str) -> None:
     """Write a server API key to the [server] section of the config.
 
     If the [server] section declares ``api_key_env`` instead of an inline
@@ -443,8 +450,8 @@ def newkey(ctx: click.Context) -> None:
 
     config_path: str = ctx.obj["config_path"]
     old_key = _read_server_api_key(config_path)
-    new_key = _generate_api_key()
-    _write_server_api_key(config_path, new_key)
+    new_key = generate_api_key()
+    write_server_api_key(config_path, new_key)
 
     if old_key:
         click.echo(f"Old key (expired): {old_key}")
@@ -633,8 +640,8 @@ def configsetup_opencode(ctx: click.Context) -> None:
     key = _read_server_api_key(config_path)
     if not key:
         try:
-            key = _generate_api_key()
-            _write_server_api_key(config_path, key)
+            key = generate_api_key()
+            write_server_api_key(config_path, key)
             click.echo("Generated new server API key.", err=True)
         except OSError as exc:
             click.echo(
@@ -828,8 +835,8 @@ def configsetup_claude_code(ctx: click.Context) -> None:
     key = _read_server_api_key(config_path)
     if not key:
         try:
-            key = _generate_api_key()
-            _write_server_api_key(config_path, key)
+            key = generate_api_key()
+            write_server_api_key(config_path, key)
             click.echo("Generated new server API key.", err=True)
         except OSError as exc:
             click.echo(
@@ -1740,7 +1747,11 @@ def restart(ctx: click.Context, timeout: float) -> None:
 @click.option("--force", is_flag=True, help="Overwrite existing config file.")
 @click.pass_context
 def init_config(ctx: click.Context, target: str | None, force: bool) -> None:
-    """Write config.example.toml into the current directory (or TARGET)."""
+    """Write config.example.toml into the current directory (or TARGET).
+
+    For fresh installs, prefer 'eggpool onboard' which handles
+    config creation, API key generation, and provider setup.
+    """
     from importlib.resources import as_file, files
 
     ref = files("eggpool._share").joinpath("config.example.toml")
@@ -1753,7 +1764,10 @@ def init_config(ctx: click.Context, target: str | None, force: bool) -> None:
 
         if target_path.exists() and not force:
             click.echo(
-                f"Error: {target_path} already exists. Use --force to overwrite.",
+                f"Warning: {target_path} already exists.\n"
+                "This will overwrite your configuration.\n"
+                "For a fresh config, use --force.\n"
+                "For provider setup, use 'eggpool onboard' instead.",
                 err=True,
             )
             sys.exit(1)

{eggpool-0.1.2 → eggpool-0.1.4}/src/eggpool/models/api.py

@@ -2,7 +2,7 @@
 
 from __future__ import annotations
 
-from pydantic import BaseModel
+from pydantic import BaseModel, Field
 
 
 class HealthResponse(BaseModel):
@@ -29,4 +29,4 @@ class ModelObject(BaseModel):
 
 class ModelListResponse(BaseModel):
     object: str = "list"
-    data: list[ModelObject] = []
+    data: list[ModelObject] = Field(default_factory=list[ModelObject])

{eggpool-0.1.2 → eggpool-0.1.4}/src/eggpool/models/config.py

@@ -22,6 +22,7 @@ from eggpool.constants import (
     DEFAULT_PROVIDER_ID,
 )
 from eggpool.errors import ConfigError
+from eggpool.providers.auth import has_auth_scheme_prefix
 
 _HTTP_HEADER_NAME_RE = re.compile(r"^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$")
 _PROXY_MANAGED_HEADERS = frozenset(
@@ -169,9 +170,11 @@ class DashboardConfig(BaseModel):
 class SecurityConfig(BaseModel):
     model_config = ConfigDict(extra="forbid")
 
-    allowed_hosts: list[str] = []
-    cors_origins: list[str] = []
-    redact_headers: list[str] = ["authorization", "x-api-key"]
+    allowed_hosts: list[str] = Field(default_factory=list)
+    cors_origins: list[str] = Field(default_factory=list)
+    redact_headers: list[str] = Field(
+        default_factory=lambda: ["authorization", "x-api-key"]
+    )
     persist_redacted_error_detail: bool = False
 
 
@@ -277,7 +280,7 @@ class ProviderModelsEndpointConfig(BaseModel):
     method: Literal["GET", "POST", "DISABLED"] = "GET"
     path: str = "/models"
     body: dict[str, Any] | None = None
-    query: dict[str, str] = {}
+    query: dict[str, str] = Field(default_factory=dict)
     required: bool = True
 
 
@@ -312,12 +315,14 @@ class ProviderConfig(BaseModel):
     max_keepalive: int = Field(default=20, gt=0)
     keepalive_timeout_s: float = Field(default=30, ge=0)
     routing_priority: int = Field(default=0, ge=0)
-    accounts: list[AccountConfig] = []
-    model_overrides: dict[str, ModelOverrideConfig] = {}
-    auth: ProviderAuthConfig = ProviderAuthConfig()
-    headers: list[ProviderStaticHeaderConfig] = []
+    accounts: list[AccountConfig] = Field(default_factory=list[AccountConfig])
+    model_overrides: dict[str, ModelOverrideConfig] = Field(default_factory=dict)
+    auth: ProviderAuthConfig = Field(default_factory=ProviderAuthConfig)
+    headers: list[ProviderStaticHeaderConfig] = Field(
+        default_factory=list[ProviderStaticHeaderConfig]
+    )
     models_endpoint: ProviderModelsEndpointConfig | None = None
-    verify: ProviderVerifyConfig = ProviderVerifyConfig()
+    verify: ProviderVerifyConfig = Field(default_factory=ProviderVerifyConfig)
 
     @field_validator("models_method", mode="before")
     @classmethod
@@ -468,18 +473,18 @@ class ModelOverrideConfig(ModelLimitOverrideConfig):
 class AppConfig(BaseModel):
     model_config = ConfigDict(extra="forbid")
 
-    server: ServerConfig = ServerConfig()
-    upstream: UpstreamConfig = UpstreamConfig()
-    database: DatabaseConfig = DatabaseConfig()
-    models: ModelsConfig = ModelsConfig()
-    routing: RoutingConfig = RoutingConfig()
-    limits: LimitsConfig = LimitsConfig()
-    dashboard: DashboardConfig = DashboardConfig()
-    security: SecurityConfig = SecurityConfig()
-    proxies: dict[str, ProxyConfig] = {}
-    accounts: list[AccountConfig] = []
-    providers: dict[str, ProviderConfig] = {}
-    model_overrides: dict[str, ModelOverrideConfig] = {}
+    server: ServerConfig = Field(default_factory=ServerConfig)
+    upstream: UpstreamConfig = Field(default_factory=UpstreamConfig)
+    database: DatabaseConfig = Field(default_factory=DatabaseConfig)
+    models: ModelsConfig = Field(default_factory=ModelsConfig)
+    routing: RoutingConfig = Field(default_factory=RoutingConfig)
+    limits: LimitsConfig = Field(default_factory=LimitsConfig)
+    dashboard: DashboardConfig = Field(default_factory=DashboardConfig)
+    security: SecurityConfig = Field(default_factory=SecurityConfig)
+    proxies: dict[str, ProxyConfig] = Field(default_factory=dict)
+    accounts: list[AccountConfig] = Field(default_factory=list[AccountConfig])
+    providers: dict[str, ProviderConfig] = Field(default_factory=dict)
+    model_overrides: dict[str, ModelOverrideConfig] = Field(default_factory=dict)
 
     @model_validator(mode="after")
     def _normalize_providers(self) -> AppConfig:
@@ -572,17 +577,17 @@ class AppConfig(BaseModel):
                         f"Provider {provider_id!r} account {acct.name!r}: "
                         f"{source} contains CR, LF, or NUL"
                     )
-                if (
-                    provider.auth.mode == "bearer"
-                    and raw_key.strip().lower().startswith("bearer ")
+                if provider.auth.mode == "bearer" and has_auth_scheme_prefix(
+                    raw_key, provider.auth.scheme
                 ):
                     source = (
                         "api_key" if acct.api_key else f"env var {acct.api_key_env!r}"
                     )
                     raise ConfigError(
                         f"Provider {provider_id!r} account {acct.name!r}: "
-                        f"{source} must be the raw token, not 'Bearer <token>'. "
-                        "EggPool adds the Bearer scheme automatically."
+                        f"{source} must be the raw token, not "
+                        f"'{provider.auth.scheme} <token>'. EggPool adds the "
+                        f"{provider.auth.scheme} scheme automatically."
                     )
 
                 if not raw_key.strip():

{eggpool-0.1.2 → eggpool-0.1.4}/src/eggpool/models/domain.py

@@ -5,7 +5,7 @@ from __future__ import annotations
 from enum import Enum
 from typing import TYPE_CHECKING
 
-from pydantic import BaseModel
+from pydantic import BaseModel, Field
 
 from eggpool.constants import DEFAULT_PROVIDER_ID
 
@@ -53,7 +53,7 @@ class ModelDescriptor(BaseModel):
     model_id: str
     display_name: str | None = None
     protocol: str = "openai"
-    capabilities: dict[str, object] = {}
-    source_metadata: dict[str, object] = {}
+    capabilities: dict[str, object] = Field(default_factory=dict)
+    source_metadata: dict[str, object] = Field(default_factory=dict)
     first_seen_at: datetime
     last_seen_at: datetime

{eggpool-0.1.2 → eggpool-0.1.4}/src/eggpool/onboard.py

@@ -54,15 +54,63 @@ def _prompt_add_another() -> bool:
     return _prompt_yn("Add another provider?")
 
 
+def _ensure_config_with_api_key(config_path: str) -> None:
+    """Create config if missing and ensure a server API key exists.
+
+    This is called at the start of onboarding so fresh installs get a
+    working config with a real API key before any provider is connected.
+    """
+    from pathlib import Path
+
+    path = Path(config_path)
+
+    if not path.exists():
+        minimal = (
+            "[server]\n"
+            'host = "0.0.0.0"\n'
+            "port = 11300\n"
+            'log_level = "INFO"\n'
+            "\n"
+            "[database]\n"
+            'path = "usage.sqlite3"\n'
+            "\n"
+            "[models]\n"
+            "refresh_interval_s = 300\n"
+        )
+        path.write_text(minimal, encoding="utf-8")
+        sys.stdout.write(f"  Created {config_path}\n")
+
+    # Generate a server API key if one doesn't exist
+    import tomllib
+
+    with open(path, "rb") as f:
+        raw = tomllib.load(f)
+
+    server = raw.get("server", {})
+    existing_key = server.get("api_key", "")
+
+    if not existing_key:
+        from eggpool.cli import generate_api_key, write_server_api_key
+
+        new_key = generate_api_key()
+        write_server_api_key(config_path, new_key)
+        sys.stdout.write("  Generated server API key\n")
+
+
 def run_onboarding(config_path: str, providers_path: str | None = None) -> None:
     """Run the interactive onboarding flow.
 
-    1. Loop: connect a provider, ask if they want another
-    2. Run check-config
-    3. Start the server (if not already running)
+    1. Ensure config exists with a server API key
+    2. Loop: connect a provider, ask if they want another
+    3. Run check-config
+    4. Start the server (if not already running)
     """
     sys.stdout.write("\n=== EggPool Onboarding ===\n\n")
 
+    # Ensure we have a config file with a server API key
+    sys.stdout.write("--- Setting Up Configuration ---\n")
+    _ensure_config_with_api_key(config_path)
+
     from eggpool.providers.connect import connect as do_connect
 
     # Interactive provider connection loop

eggpool-0.1.4/src/eggpool/providers/auth.py

@@ -0,0 +1,29 @@
+"""Upstream provider authentication utilities."""
+
+from __future__ import annotations
+
+
+def render_auth_headers(
+    *,
+    mode: str,
+    header: str,
+    scheme: str,
+    api_key: str,
+) -> dict[str, str]:
+    """Render upstream auth headers from provider contract primitives."""
+    if mode == "none":
+        return {}
+    if mode in {"api_key", "raw_authorization"}:
+        return {header: api_key}
+    return {header: f"{scheme} {api_key}"}
+
+
+def has_auth_scheme_prefix(api_key: str, scheme: str) -> bool:
+    """Return whether a key already starts with its configured auth scheme.
+
+    Splitting on arbitrary whitespace catches values such as ``Bearer\tkey``
+    as well as the more usual ``Bearer key``. A bare scheme is also rejected:
+    prepending the configured scheme would still produce an invalid header.
+    """
+    parts = api_key.strip().split(maxsplit=1)
+    return bool(parts) and parts[0].casefold() == scheme.casefold()

{eggpool-0.1.2 → eggpool-0.1.4}/src/eggpool/providers/contract.py

@@ -6,6 +6,7 @@ import os
 from typing import TYPE_CHECKING
 
 from eggpool.errors import ConfigError
+from eggpool.providers.auth import render_auth_headers
 
 # Provider verification status tiers.  Used by the CLI and interactive
 # connect flow to label each provider with a symbol and human description.
@@ -45,12 +46,12 @@ def build_auth_headers(provider: ProviderConfig, api_key: str) -> dict[str, str]
     Returns an empty dict when auth mode is ``none``.
     """
     auth = provider.auth
-    if auth.mode == "none":
-        return {}
-    if auth.mode in ("api_key", "raw_authorization"):
-        return {auth.header: api_key}
-    # bearer mode (default)
-    return {auth.header: f"{auth.scheme} {api_key}"}
+    return render_auth_headers(
+        mode=auth.mode,
+        header=auth.header,
+        scheme=auth.scheme,
+        api_key=api_key,
+    )
 
 
 def resolve_static_header_value(header: ProviderStaticHeaderConfig) -> str | None:

{eggpool-0.1.2 → eggpool-0.1.4}/uv.lock

@@ -196,7 +196,7 @@ wheels = [
 
 [[package]]
 name = "eggpool"
-version = "0.1.2"
+version = "0.1.4"
 source = { editable = "." }
 dependencies = [
     { name = "aiosqlite" },