kairo-code 0.1.0__py3-none-any.whl

kairo/backend/app.py

@@ -0,0 +1,297 @@
+import asyncio
+import logging
+import re
+import time
+from contextlib import asynccontextmanager
+from pathlib import Path
+
+import httpx
+from fastapi import FastAPI, Request
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.responses import FileResponse, JSONResponse
+from fastapi.staticfiles import StaticFiles
+from starlette.types import ASGIApp, Receive, Scope, Send
+
+from backend.core.database import init_db
+from backend.core.logging import setup_logging
+from backend.api.auth import router as auth_router
+from backend.api.billing import router as billing_router
+from backend.api.chat import router as chat_router
+from backend.api.conversations import router as conversations_router
+from backend.api.health import router as health_router
+from backend.api.projects import router as projects_router
+from backend.api.usage import router as usage_router
+from backend.api.webhooks import router as webhooks_router
+from backend.api.api_keys import router as api_keys_router
+from backend.api.agents import router as agents_router
+from backend.api.images import router as images_router
+from backend.api.openai_compat import router as openai_compat_router
+from backend.api.admin import router as admin_router
+from backend.api.device_auth import router as device_auth_router
+from backend.api.files import router as files_router
+
+logger = logging.getLogger(__name__)
+
+# Regex to redact passwords from DB URLs
+_DB_URL_RE = re.compile(r"(://\w+:)[^@]+(@)")
+
+
+def _redact_url(url: str) -> str:
+    return _DB_URL_RE.sub(r"\1***\2", url)
+
+
+class RequestLoggingMiddleware:
+    """Pure ASGI middleware — does not wrap StreamingResponse body."""
+
+    def __init__(self, app: ASGIApp):
+        self.app = app
+
+    async def __call__(self, scope: Scope, receive: Receive, send: Send):
+        if scope["type"] != "http":
+            await self.app(scope, receive, send)
+            return
+
+        start = time.perf_counter()
+        status_code = 0
+
+        async def send_wrapper(message):
+            nonlocal status_code
+            if message["type"] == "http.response.start":
+                status_code = message["status"]
+            await send(message)
+
+        path = scope.get("path", "")
+        await self.app(scope, receive, send_wrapper)
+
+        if path.startswith("/api"):
+            elapsed_ms = (time.perf_counter() - start) * 1000
+            method = scope.get("method", "?")
+            logger.info(
+                "%s %s → %d (%.0fms)", method, path, status_code, elapsed_ms,
+            )
+
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    from backend.config import settings
+
+    setup_logging(settings.LOG_LEVEL)
+
+    # Ensure data directory exists
+    Path(settings.DATA_DIR).mkdir(parents=True, exist_ok=True)
+
+    logger.info("Kairo starting up")
+    logger.info("Data dir: %s", Path(settings.DATA_DIR).resolve())
+    logger.info("Database: %s", _redact_url(settings.DATABASE_URL))
+    logger.info("vLLM: %s", settings.VLLM_BASE_URL)
+    if settings.VLLM_LITE_BASE_URL:
+        logger.info("vLLM Lite: %s", settings.VLLM_LITE_BASE_URL)
+    await init_db()
+    logger.info("Database initialized")
+
+    # Shared LLM client
+    from backend.services.llm_service import LLMService
+    app.state.llm_service = LLMService()
+    logger.info("LLM client initialized")
+
+    # Background health checker for primary and lite vLLM
+    async def _health_check_loop():
+        llm: LLMService = app.state.llm_service
+        while True:
+            try:
+                await llm.check_primary_health()
+                await llm.check_lite_health()
+            except Exception as e:
+                logger.warning("Health check loop error: %s", e)
+            await asyncio.sleep(30)
+
+    health_task = asyncio.create_task(_health_check_loop())
+    logger.info("vLLM health check started (primary + lite, 30s interval)")
+
+    # Background task to mark stale agents as offline
+    async def _agent_staleness_loop():
+        from backend.core.database import async_session
+        from backend.services.agent_service import AgentService
+        while True:
+            try:
+                async with async_session() as db:
+                    svc = AgentService(db)
+                    await svc.mark_stale_agents_offline(settings.AGENT_OFFLINE_THRESHOLD_SECONDS)
+            except Exception as e:
+                logger.warning("Agent staleness check error: %s", e)
+            await asyncio.sleep(60)
+
+    agent_task = asyncio.create_task(_agent_staleness_loop())
+    logger.info("Agent staleness checker started (60s interval)")
+
+    # Background task to clean up expired device codes
+    async def _device_code_cleanup_loop():
+        from backend.core.database import async_session
+        from backend.services.device_auth_service import DeviceAuthService
+        while True:
+            try:
+                async with async_session() as db:
+                    svc = DeviceAuthService(db)
+                    await svc.cleanup_expired()
+            except Exception as e:
+                logger.warning("Device code cleanup error: %s", e)
+            await asyncio.sleep(300)  # every 5 minutes
+
+    device_cleanup_task = asyncio.create_task(_device_code_cleanup_loop())
+    logger.info("Device code cleanup started (300s interval)")
+
+    # Background task to record uptime snapshots every hour
+    async def _uptime_recording_loop():
+        import uuid
+        from datetime import date as date_type, datetime as dt, UTC as utc_tz
+        from sqlalchemy import select
+        from backend.core.database import async_session as uptime_session
+        from backend.models.uptime_record import UptimeRecord
+
+        # Wait 60s on startup before first snapshot
+        await asyncio.sleep(60)
+
+        while True:
+            try:
+                llm: LLMService = app.state.llm_service
+                today = date_type.today()
+
+                # Determine current component health
+                components = {
+                    "API": True,  # If this code is running, API is up
+                    "Models": getattr(llm, "primary_healthy", False) or getattr(llm, "lite_healthy", False),
+                    "Database": True,  # If we can write records, DB is up
+                }
+
+                # Check image generation health
+                if settings.FEATURE_IMAGE_GEN_ENABLED and settings.FLUX_BASE_URL:
+                    try:
+                        async with httpx.AsyncClient(timeout=5.0) as hc:
+                            resp = await hc.get(f"{settings.FLUX_BASE_URL}/health")
+                            components["Image Generation"] = resp.status_code == 200
+                    except Exception:
+                        components["Image Generation"] = False
+                else:
+                    components["Image Generation"] = False
+
+                async with uptime_session() as db:
+                    for comp_name, is_healthy in components.items():
+                        # Check if a record already exists for this component+date
+                        stmt = (
+                            select(UptimeRecord)
+                            .where(UptimeRecord.component == comp_name, UptimeRecord.date == today)
+                        )
+                        result = await db.execute(stmt)
+                        record = result.scalar_one_or_none()
+
+                        if record:
+                            # Update: running average of uptime checks
+                            # Each check is either 100% (healthy) or 0% (down)
+                            # We weight the new check into the existing average
+                            check_value = 100.0 if is_healthy else 0.0
+                            # Simple exponential moving average with ~24 samples/day
+                            record.uptime_percent = round(
+                                record.uptime_percent * 0.96 + check_value * 0.04, 2
+                            )
+                        else:
+                            # First record for this component+date
+                            record = UptimeRecord(
+                                id=str(uuid.uuid4()),
+                                component=comp_name,
+                                date=today,
+                                uptime_percent=100.0 if is_healthy else 0.0,
+                                incidents_count=0,
+                                created_at=dt.now(utc_tz),
+                            )
+                            db.add(record)
+
+                    await db.commit()
+                    logger.debug("Uptime snapshot recorded for %s", today)
+
+            except Exception as e:
+                logger.warning("Uptime recording loop error: %s", e)
+
+            await asyncio.sleep(3600)  # Every hour
+
+    uptime_task = asyncio.create_task(_uptime_recording_loop())
+    logger.info("Uptime recording started (3600s interval)")
+
+    yield
+
+    health_task.cancel()
+    agent_task.cancel()
+    device_cleanup_task.cancel()
+    uptime_task.cancel()
+    await app.state.llm_service.close()
+    logger.info("Kairo shutting down")
+
+
+def create_app() -> FastAPI:
+    from backend.config import settings
+
+    app = FastAPI(title="Kairo", version="0.1.0", lifespan=lifespan)
+
+    # CORS — configurable via env
+    origins = [o.strip() for o in settings.CORS_ORIGINS.split(",") if o.strip()]
+    app.add_middleware(
+        CORSMiddleware,
+        allow_origins=origins,
+        allow_credentials=True,
+        allow_methods=["*"],
+        allow_headers=["*"],
+    )
+
+    # Pure ASGI logging middleware (safe for SSE streaming)
+    app.add_middleware(RequestLoggingMiddleware)
+
+    # Global error handler
+    @app.exception_handler(Exception)
+    async def global_exception_handler(request: Request, exc: Exception):
+        logger.error("Unhandled error on %s %s: %s", request.method, request.url.path, exc)
+        return JSONResponse(
+            status_code=500,
+            content={"detail": "Internal server error"},
+        )
+
+    # API routes
+    app.include_router(auth_router, prefix="/api")
+    app.include_router(billing_router, prefix="/api")
+    app.include_router(chat_router, prefix="/api")
+    app.include_router(conversations_router, prefix="/api/conversations")
+    app.include_router(projects_router, prefix="/api/projects")
+    app.include_router(health_router, prefix="/api")
+    app.include_router(usage_router, prefix="/api")
+    app.include_router(webhooks_router, prefix="/api")
+    app.include_router(api_keys_router, prefix="/api")
+    app.include_router(agents_router, prefix="/api")
+    app.include_router(images_router, prefix="/api")
+    app.include_router(openai_compat_router)  # mounted at /v1, no /api prefix
+    app.include_router(admin_router, prefix="/api")
+    app.include_router(device_auth_router, prefix="/api")
+    app.include_router(files_router, prefix="/api")
+
+    # Serve static frontend build
+    static_dir = Path(__file__).parent / "static"
+    if static_dir.exists():
+        app.mount("/assets", StaticFiles(directory=static_dir / "assets"), name="assets")
+
+        @app.get("/{full_path:path}")
+        async def serve_spa(full_path: str):
+            file_path = (static_dir / full_path).resolve()
+            # Path traversal guard
+            if not str(file_path).startswith(str(static_dir.resolve())):
+                return FileResponse(static_dir / "index.html")
+            if file_path.is_file():
+                return FileResponse(file_path)
+            return FileResponse(static_dir / "index.html")
+
+    return app
+
+
+app = create_app()
+
+if __name__ == "__main__":
+    import uvicorn
+    from backend.config import settings
+
+    uvicorn.run("backend.app:app", host=settings.HOST, port=settings.PORT, reload=True)

kairo/backend/config.py

@@ -0,0 +1,179 @@
+import logging
+import os
+import secrets
+
+from pydantic_settings import BaseSettings
+
+_logger = logging.getLogger(__name__)
+
+
+def _stable_jwt_secret(data_dir: str = "./data") -> str:
+    """Return a stable JWT secret: env var > file > generate-and-persist."""
+    env_val = os.environ.get("KAIRO_JWT_SECRET_KEY")
+    if env_val:
+        return env_val
+    os.makedirs(data_dir, exist_ok=True)
+    secret_path = os.path.join(data_dir, ".jwt_secret")
+    try:
+        with open(secret_path) as f:
+            return f.read().strip()
+    except FileNotFoundError:
+        secret = secrets.token_urlsafe(32)
+        with open(secret_path, "w") as f:
+            f.write(secret)
+        os.chmod(secret_path, 0o600)
+        _logger.info("Generated new JWT secret at %s", secret_path)
+        return secret
+
+
+class Settings(BaseSettings):
+    DATABASE_URL: str = "postgresql+asyncpg://kairo:kairo@localhost:5432/kairo"
+    VLLM_BASE_URL: str = "http://localhost:8000"
+    VLLM_LITE_BASE_URL: str = ""
+    VLLM_API_KEY: str = ""
+    HOST: str = "0.0.0.0"
+    PORT: int = 3000
+    LOG_LEVEL: str = "INFO"
+    DATA_DIR: str = "./data"
+
+    # Auth
+    JWT_SECRET_KEY: str = ""
+    JWT_EXPIRE_HOURS: int = 24
+
+    # Usage limits (Free tier defaults)
+    DEFAULT_DAILY_TOKEN_LIMIT: int = 100_000
+    DEFAULT_MONTHLY_TOKEN_LIMIT: int = 2_000_000
+
+    # Pro tier limits
+    PRO_DAILY_TOKEN_LIMIT: int = 1_000_000
+    PRO_MONTHLY_TOKEN_LIMIT: int = 30_000_000
+
+    # Max tier limits
+    MAX_DAILY_TOKEN_LIMIT: int = 5_000_000
+    MAX_MONTHLY_TOKEN_LIMIT: int = 150_000_000
+
+    # API token rates (per 1M tokens, in cents)
+    API_RATE_NYX_INPUT: int = 100       # $1.00 per 1M
+    API_RATE_NYX_OUTPUT: int = 300      # $3.00 per 1M
+    API_RATE_NYX_LITE_INPUT: int = 50   # $0.50 per 1M
+    API_RATE_NYX_LITE_OUTPUT: int = 150 # $1.50 per 1M
+    API_MAX_DISCOUNT_PERCENT: int = 50  # Max tier gets 50% off
+
+    # API tier limits (separate pool from chat)
+    API_DAILY_TOKEN_LIMIT: int = 500_000
+    API_MONTHLY_TOKEN_LIMIT: int = 10_000_000
+    API_PRO_DAILY_TOKEN_LIMIT: int = 5_000_000
+    API_PRO_MONTHLY_TOKEN_LIMIT: int = 100_000_000
+
+    # CLI usage limits (separate from chat/API)
+    CLI_DAILY_TOKEN_LIMIT: int = 10_000_000
+    CLI_MONTHLY_TOKEN_LIMIT: int = 300_000_000
+
+    # Image generation
+    FLUX_BASE_URL: str = ""
+    FLUX_API_KEY: str = ""
+    S3_IMAGES_BUCKET: str = ""
+    S3_IMAGES_REGION: str = "us-east-1"
+
+    # Image limits (per plan)
+    PRO_DAILY_IMAGE_LIMIT: int = 20
+    PRO_MONTHLY_IMAGE_LIMIT: int = 200
+    MAX_DAILY_IMAGE_LIMIT: int = 100
+    MAX_MONTHLY_IMAGE_LIMIT: int = 1000
+
+    # Feature flags
+    FEATURE_KAIRO_API_ENABLED: bool = False
+    FEATURE_KAIRO_AGENTS_ENABLED: bool = False
+    FEATURE_IMAGE_GEN_ENABLED: bool = False
+
+    # Admin
+    ADMIN_FEATURE_FLAG_ALLOWLIST: list[str] = [
+        "FEATURE_KAIRO_API_ENABLED",
+        "FEATURE_KAIRO_AGENTS_ENABLED",
+        "FEATURE_IMAGE_GEN_ENABLED",
+    ]
+
+    # Agent heartbeat
+    AGENT_OFFLINE_THRESHOLD_SECONDS: int = 120
+
+    # Stripe
+    STRIPE_SECRET_KEY: str = ""
+    STRIPE_PUBLISHABLE_KEY: str = ""
+    STRIPE_WEBHOOK_SECRET: str = ""
+    STRIPE_PRO_PRICE_ID: str = ""
+
+    # SMTP (Gmail app password)
+    SMTP_HOST: str = "smtp.gmail.com"
+    SMTP_PORT: int = 587
+    SMTP_USERNAME: str = ""
+    SMTP_PASSWORD: str = ""
+    SMTP_FROM_EMAIL: str = ""
+    SMTP_FROM_NAME: str = "Kairo"
+
+    # App
+    APP_BASE_URL: str = "http://localhost:3000"
+
+    # CORS
+    CORS_ORIGINS: str = "http://localhost:5173,http://localhost:3000,http://kaironlabs.io,https://kaironlabs.io,http://app.kaironlabs.io,https://app.kaironlabs.io,http://www.kaironlabs.io,https://www.kaironlabs.io"
+
+    # Context window limits per model (in estimated tokens).
+    # Reserve space for system prompt + response.
+    CONTEXT_LIMITS: dict[str, int] = {
+        "nyx": 6000,       # 8k context, reserve 2k for response
+        "nyx-lite": 4000,  # 8k context, conservative reserve for 14B
+        "theron": 14000,   # 16k+ context
+        "helios": 14000,   # 16k+ context
+    }
+    SUMMARY_TRIGGER_TOKENS: int = 4000  # Summarize history when it exceeds this
+
+    MODEL_MAP: dict[str, str] = {
+        "nyx": "nyx",
+        "nyx-lite": "nyx-lite",
+    }
+
+    MODEL_INFO: list[dict] = [
+        {"id": "nyx", "name": "Nyx 1.0", "description": "Fast, lightweight"},
+        {"id": "nyx-lite", "name": "Nyx Lite", "description": "Lightweight fallback"},
+    ]
+
+    _NYX_SYSTEM_PROMPT: str = (
+        "You are Kairo, a helpful AI assistant powered by {model_label}, a model developed by Kairon Labs. "
+            "IMPORTANT RULES:\n"
+            "1. Only respond to what the user actually asked. Never assume or invent what the user wants.\n"
+            "2. You are the ASSISTANT. Never generate text as if you are the user. Never put words in the user's mouth.\n"
+            "3. If the user asks a general question like 'what can you do', explain your capabilities briefly.\n"
+            "4. Answer directly and concisely. Provide concrete answers, code, or explanations.\n"
+            "5. Do not hedge or refuse without strong reason.\n"
+            "6. If asked about your model or architecture, say you are {model_label} by Kairon Labs. Do not claim to be GPT, Claude, Llama, Mistral, or any other AI.\n"
+            "7. NEVER fabricate API endpoints, URLs, library functions, or documentation. Do NOT invent URLs to documentation, "
+            "readthedocs pages, Postman collections, or other resources. If you want to reference a URL, use your web_search tool "
+            "to find the real URL first. Only share URLs you have verified through search results.\n"
+            "8. You have access to a web_search tool. Use it when you need current information, real-time data, recent events, "
+            "or to verify facts you are unsure about. When search results are returned, use them as your primary source of truth. "
+            "Do not make up search results or pretend to search — use the tool.\n"
+            "9. YOUR TRAINING DATA MAY BE OUTDATED. For any question about current events, politics, people in office, "
+            "recent news, prices, scores, or anything that changes over time — ALWAYS use your web_search tool first. "
+            "NEVER rely on your training knowledge for time-sensitive facts. When search results contradict your training data, "
+            "the search results are correct. Do not mix outdated training knowledge with fresh search results.\n"
+            "10. When a user asks about a specific third-party API, service, library, or tool — ALWAYS use your web_search tool "
+            "to look up the actual documentation BEFORE answering. Do NOT guess how an API works, whether it requires signup, "
+            "whether it costs money, or what its endpoints are. Search first, then answer based on what you find.\n"
+            "11. NEVER repeat or duplicate content within a single response. If you have already shown a code block, "
+            "do NOT paste it again at the end. Each piece of information or code should appear exactly once.\n"
+            "12. ALWAYS respond entirely in English unless the user explicitly requests another language. "
+            "Never mix languages within a response."
+    )
+
+    @property
+    def SYSTEM_PROMPTS(self) -> dict[str, str]:
+        return {
+            "nyx": self._NYX_SYSTEM_PROMPT.format(model_label="Nyx 1.0"),
+            "nyx-lite": self._NYX_SYSTEM_PROMPT.format(model_label="Nyx Lite"),
+        }
+
+    model_config = {"env_prefix": "KAIRO_"}
+
+
+settings = Settings()
+if not settings.JWT_SECRET_KEY:
+    settings.JWT_SECRET_KEY = _stable_jwt_secret(settings.DATA_DIR)

kairo/backend/core/admin_auth.py

@@ -0,0 +1,24 @@
+from fastapi import Depends, HTTPException
+
+from backend.core.dependencies import get_current_user
+from backend.models.user import User
+
+ROLE_HIERARCHY = {"user": 0, "moderator": 1, "admin": 2, "superadmin": 3}
+
+
+def require_role(minimum_role: str):
+    """FastAPI dependency factory that enforces a minimum role level.
+
+    Usage:
+        dependencies=[Depends(require_role("admin"))]
+    """
+    minimum_level = ROLE_HIERARCHY.get(minimum_role, 0)
+
+    async def _check_role(user: User = Depends(get_current_user)) -> User:
+        user_role = getattr(user, "role", "user")
+        user_level = ROLE_HIERARCHY.get(user_role, 0)
+        if user_level < minimum_level:
+            raise HTTPException(status_code=403, detail="Insufficient permissions")
+        return user
+
+    return _check_role

kairo/backend/core/api_key_auth.py

@@ -0,0 +1,55 @@
+import hashlib
+from datetime import datetime, UTC
+
+from fastapi import Depends, HTTPException, Request
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from backend.core.database import get_db
+from backend.models.api_key import ApiKey
+from backend.models.user import User
+
+
+_KEY_PREFIX = "sk-kairo-"
+_PREFIX_LEN = 20  # enough chars for unique DB lookup
+
+
+def hash_api_key(raw_key: str) -> str:
+    return hashlib.sha256(raw_key.encode()).hexdigest()
+
+
+def extract_prefix(raw_key: str) -> str:
+    return raw_key[:_PREFIX_LEN]
+
+
+async def get_api_key_user(
+    request: Request,
+    db: AsyncSession = Depends(get_db),
+) -> tuple[User, ApiKey]:
+    """Authenticate via API key in Authorization header. Returns (user, api_key)."""
+    auth = request.headers.get("Authorization", "")
+    if not auth.startswith(f"Bearer {_KEY_PREFIX}"):
+        raise HTTPException(status_code=401, detail="Invalid API key")
+
+    raw_key = auth[len("Bearer "):]
+    prefix = extract_prefix(raw_key)
+    key_hash = hash_api_key(raw_key)
+
+    stmt = select(ApiKey).where(ApiKey.key_prefix == prefix, ApiKey.is_active.is_(True))
+    result = await db.execute(stmt)
+    api_key = result.scalar_one_or_none()
+
+    if not api_key or api_key.key_hash != key_hash:
+        raise HTTPException(status_code=401, detail="Invalid API key")
+
+    if api_key.expires_at and api_key.expires_at < datetime.now(UTC):
+        raise HTTPException(status_code=401, detail="API key expired")
+
+    user = await db.get(User, api_key.user_id)
+    if not user:
+        raise HTTPException(status_code=401, detail="User not found")
+
+    api_key.last_used_at = datetime.now(UTC)
+    await db.commit()
+
+    return user, api_key

kairo/backend/core/database.py

@@ -0,0 +1,28 @@
+import logging
+
+from sqlalchemy import text
+from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
+from sqlalchemy.orm import DeclarativeBase
+
+from backend.config import settings
+
+logger = logging.getLogger(__name__)
+
+engine = create_async_engine(settings.DATABASE_URL, echo=False)
+async_session = async_sessionmaker(engine, class_=AsyncSession, expire_on_commit=False)
+
+
+class Base(DeclarativeBase):
+    pass
+
+
+async def get_db():
+    async with async_session() as session:
+        yield session
+
+
+async def init_db():
+    """Verify database connectivity (migrations handle schema)."""
+    async with engine.connect() as conn:
+        await conn.execute(text("SELECT 1"))
+    logger.info("Database connection verified")

kairo/backend/core/dependencies.py

@@ -0,0 +1,70 @@
+from fastapi import Depends, HTTPException, Request
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from backend.core.database import get_db
+from backend.core.security import decode_token
+from backend.models.user import User
+from backend.services.auth_service import AuthService
+from backend.services.conversation_service import ConversationService
+from backend.services.email_service import EmailService
+from backend.services.llm_service import LLMService
+from backend.services.chat_service import ChatService
+from backend.services.project_service import ProjectService
+from backend.services.stripe_service import StripeService
+
+_bearer = HTTPBearer()
+
+
+async def get_auth_service(db: AsyncSession = Depends(get_db)) -> AuthService:
+    return AuthService(db)
+
+
+def get_email_service() -> EmailService:
+    return EmailService()
+
+
+def get_stripe_service() -> StripeService:
+    return StripeService()
+
+
+async def get_current_user(
+    credentials: HTTPAuthorizationCredentials = Depends(_bearer),
+    db: AsyncSession = Depends(get_db),
+) -> User:
+    user_id = decode_token(credentials.credentials)
+    if not user_id:
+        raise HTTPException(status_code=401, detail="Invalid or expired token")
+    auth_service = AuthService(db)
+    user = await auth_service.get_user_by_id(user_id)
+    if not user:
+        raise HTTPException(status_code=401, detail="User not found")
+    if getattr(user, "status", "active") != "active":
+        raise HTTPException(status_code=403, detail="Account suspended")
+    return user
+
+
+async def get_llm_service(request: Request) -> LLMService:
+    return request.app.state.llm_service
+
+
+async def get_conversation_service(
+    db: AsyncSession = Depends(get_db),
+    user: User = Depends(get_current_user),
+) -> ConversationService:
+    return ConversationService(db, user_id=user.id)
+
+
+async def get_project_service(
+    db: AsyncSession = Depends(get_db),
+    user: User = Depends(get_current_user),
+) -> ProjectService:
+    return ProjectService(db, user_id=user.id)
+
+
+async def get_chat_service(
+    db: AsyncSession = Depends(get_db),
+    llm_service: LLMService = Depends(get_llm_service),
+    user: User = Depends(get_current_user),
+) -> ChatService:
+    return ChatService(db, llm_service, user_id=user.id)

kairo/backend/core/logging.py

@@ -0,0 +1,23 @@
+import logging
+import sys
+
+
+def setup_logging(level: str = "INFO") -> None:
+    """Configure structured logging for the application."""
+    formatter = logging.Formatter(
+        fmt="%(asctime)s | %(levelname)-8s | %(name)s | %(message)s",
+        datefmt="%Y-%m-%d %H:%M:%S",
+    )
+
+    handler = logging.StreamHandler(sys.stdout)
+    handler.setFormatter(formatter)
+
+    root = logging.getLogger()
+    root.setLevel(getattr(logging, level.upper(), logging.INFO))
+    root.handlers.clear()
+    root.addHandler(handler)
+
+    # Quiet noisy libraries
+    logging.getLogger("httpx").setLevel(logging.WARNING)
+    logging.getLogger("httpcore").setLevel(logging.WARNING)
+    logging.getLogger("sqlalchemy.engine").setLevel(logging.WARNING)