PyPI - llamactl - Versions diffs - 0.2.7a1__tar.gz → 0.3.0__tar.gz - Mend

llamactl 0.2.7a1tar.gz → 0.3.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

{llamactl-0.2.7a1 → llamactl-0.3.0}/PKG-INFO RENAMED Viewed

@@ -1,21 +1,24 @@
 Metadata-Version: 2.3
 Name: llamactl
-Version: 0.2.7a1
+Version: 0.3.0
 Summary: A command-line interface for managing LlamaDeploy projects and deployments
 Author: Adrian Lyjak
 Author-email: Adrian Lyjak <adrianlyjak@gmail.com>
 License: MIT
-Requires-Dist: llama-deploy-core>=0.2.7a1,<0.3.0
-Requires-Dist: llama-deploy-appserver>=0.2.7a1,<0.3.0
-Requires-Dist: httpx>=0.24.0
+Requires-Dist: llama-deploy-core[client]>=0.3.0,<0.4.0
+Requires-Dist: llama-deploy-appserver>=0.3.0,<0.4.0
+Requires-Dist: httpx>=0.24.0,<1.0.0
 Requires-Dist: rich>=13.0.0
 Requires-Dist: questionary>=2.0.0
 Requires-Dist: click>=8.2.1
 Requires-Dist: python-dotenv>=1.0.0
 Requires-Dist: tenacity>=9.1.2
-Requires-Dist: textual>=4.0.0
+Requires-Dist: textual>=6.0.0
 Requires-Dist: aiohttp>=3.12.14
-Requires-Python: >=3.12, <4
+Requires-Dist: copier>=9.9.0
+Requires-Dist: pyjwt[crypto]>=2.10.1
+Requires-Dist: vibe-llama>=0.4.2,<0.5.0
+Requires-Python: >=3.11, <4
 Description-Content-Type: text/markdown
 # llamactl

{llamactl-0.2.7a1 → llamactl-0.3.0}/pyproject.toml RENAMED Viewed

@@ -1,24 +1,27 @@
 [project]
 name = "llamactl"
-version = "0.2.7a1"
+version = "0.3.0"
 description = "A command-line interface for managing LlamaDeploy projects and deployments"
 readme = "README.md"
 license = { text = "MIT" }
 authors = [
     { name = "Adrian Lyjak", email = "adrianlyjak@gmail.com" }
 ]
-requires-python = ">=3.12, <4"
+requires-python = ">=3.11, <4"
 dependencies = [
-    "llama-deploy-core>=0.2.7a1,<0.3.0",
-    "llama-deploy-appserver>=0.2.7a1,<0.3.0",
-    "httpx>=0.24.0",
+    "llama-deploy-core[client]>=0.3.0,<0.4.0",
+    "llama-deploy-appserver>=0.3.0,<0.4.0",
+    "httpx>=0.24.0,<1.0.0",
     "rich>=13.0.0",
     "questionary>=2.0.0",
     "click>=8.2.1",
     "python-dotenv>=1.0.0",
     "tenacity>=9.1.2",
-    "textual>=4.0.0",
+    "textual>=6.0.0",
     "aiohttp>=3.12.14",
+    "copier>=9.9.0",
+    "pyjwt[crypto]>=2.10.1",
+    "vibe-llama>=0.4.2,<0.5.0",
 ]
 [project.scripts]
@@ -33,6 +36,9 @@ dev = [
     "pytest>=8.3.4",
     "pytest-asyncio>=0.25.3",
     "respx>=0.22.0",
+    "pytest-xdist>=3.8.0",
+    "ty>=0.0.1a19",
+    "ruff>=0.12.9",
 ]
 [tool.uv.build-backend]
@@ -40,3 +46,4 @@ module-name = "llama_deploy.cli"
 [tool.uv.sources]
 llama-deploy-appserver = { workspace = true }
+llama-deploy-core = { workspace = true }

llamactl-0.3.0/src/llama_deploy/cli/__init__.py ADDED Viewed

@@ -0,0 +1,19 @@
+from llama_deploy.cli.commands.auth import auth
+from llama_deploy.cli.commands.deployment import deployments
+from llama_deploy.cli.commands.env import env_group
+from llama_deploy.cli.commands.init import init
+from llama_deploy.cli.commands.serve import serve
+from .app import app
+# Main entry point function (called by the script)
+def main() -> None:
+    app()
+__all__ = ["app", "deployments", "auth", "serve", "init", "env_group"]
+if __name__ == "__main__":
+    app()

llamactl-0.3.0/src/llama_deploy/cli/app.py ADDED Viewed

@@ -0,0 +1,69 @@
+from importlib.metadata import PackageNotFoundError
+from importlib.metadata import version as pkg_version
+import click
+from llama_deploy.cli.commands.aliased_group import AliasedGroup
+from llama_deploy.cli.config.env_service import service
+from llama_deploy.cli.options import global_options
+from rich import print as rprint
+from rich.console import Console
+from rich.text import Text
+console = Console(highlight=False)
+def print_version(ctx: click.Context, param: click.Option, value: bool) -> None:
+    """Print the version of llama_deploy"""
+    if not value or ctx.resilient_parsing:
+        return
+    try:
+        ver = pkg_version("llamactl")
+        console.print(Text.assemble("client version: ", (ver, "green")))
+        # If there is an active profile, attempt to query server version
+        auth_service = service.current_auth_service()
+        if auth_service:
+            try:
+                data = auth_service.fetch_server_version()
+                server_ver = data.version
+                console.print(
+                    Text.assemble(
+                        "server version: ",
+                        (
+                            server_ver or "unknown",
+                            "bright_yellow" if server_ver is None else "green",
+                        ),
+                    )
+                )
+            except Exception as e:
+                console.print(
+                    Text.assemble(
+                        "server version: ",
+                        ("unavailable", "bright_yellow"),
+                        (f" - {e}", "dim"),
+                    )
+                )
+    except PackageNotFoundError:
+        rprint("[red]Package 'llamactl' not found[/red]")
+        raise click.Abort()
+    except Exception as e:
+        rprint(f"[red]Error: {e}[/red]")
+        raise click.Abort()
+    ctx.exit()
+# Main CLI application
+@click.group(
+    help="Create, develop, and deploy LlamaIndex workflow based apps", cls=AliasedGroup
+)
+@click.option(
+    "--version",
+    is_flag=True,
+    callback=print_version,
+    expose_value=False,
+    is_eager=True,
+    help="Print client and server versions of LlamaDeploy",
+)
+@global_options
+def app():
+    pass

llamactl-0.3.0/src/llama_deploy/cli/auth/client.py ADDED Viewed

@@ -0,0 +1,362 @@
+from __future__ import annotations
+import asyncio
+import logging
+from types import TracebackType
+from typing import Any, AsyncContextManager, AsyncGenerator, Awaitable, Callable, Self
+import httpx
+import jwt
+from jwt.algorithms import RSAAlgorithm  # type: ignore[possibly-unbound-import]
+from llama_deploy.cli.config.schema import DeviceOIDC
+from pydantic import BaseModel
+logger = logging.getLogger(__name__)
+class OidcDiscoveryResponse(BaseModel):
+    discovery_url: str
+    client_ids: dict[str, str] | None = None
+class OidcProviderConfiguration(BaseModel):
+    device_authorization_endpoint: str | None = None
+    token_endpoint: str | None = None
+    scopes_supported: list[str] | None = None
+    jwks_uri: str | None = None
+class JsonWebKey(BaseModel):
+    kty: str
+    kid: str | None = None
+    use: str | None = None
+    alg: str | None = None
+    n: str | None = None
+    e: str | None = None
+    x5c: list[str] | None = None
+    x5t: str | None = None
+    x5t_s256: str | None = None
+class JsonWebKeySet(BaseModel):
+    keys: list[JsonWebKey]
+class AuthMeResponse(BaseModel):
+    id: str
+    email: str | None = None
+    last_login_provider: str | None = None
+    name: str | None = None
+    first_name: str | None = None
+    last_name: str | None = None
+    claims: dict[str, Any] | None = None
+    restrict: Any | None = None
+    created_at: str | None = None
+class ClientContextManager(AsyncContextManager):
+    def __init__(self, base_url: str | None, auth: httpx.Auth | None = None) -> None:
+        self.base_url = base_url.rstrip("/") if base_url else None
+        if self.base_url:
+            self.client = httpx.AsyncClient(base_url=self.base_url, auth=auth)
+        else:
+            self.client = httpx.AsyncClient(auth=auth)
+    async def close(self) -> None:
+        try:
+            await self.client.aclose()
+        except Exception:
+            pass
+    async def __aenter__(self) -> Self:
+        return self
+    async def __aexit__(
+        self,
+        exc_type: type | None,
+        exc_value: BaseException | None,
+        traceback: TracebackType | None,
+    ) -> None:
+        await self.close()
+class PlatformAuthDiscoveryClient(ClientContextManager):
+    """Client for ad hoc auth endpoints under /api/v1/auth."""
+    def __init__(self, base_url: str) -> None:
+        super().__init__(base_url)
+    async def oidc_discovery(self) -> OidcDiscoveryResponse:
+        resp = await self.client.get("/api/v1/auth/oidc/discovery", timeout=10.0)
+        resp.raise_for_status()
+        return OidcDiscoveryResponse.model_validate(resp.json())
+class APIToken(BaseModel):
+    token: str
+    id: str
+class PlatformAuthClient(ClientContextManager):
+    """Client for user introspection under /api/v1/auth/me."""
+    def __init__(
+        self, base_url: str, id_token: str | None = None, auth: httpx.Auth | None = None
+    ) -> None:
+        self.id_token = id_token
+        super().__init__(base_url, auth=auth)
+    async def me(self) -> AuthMeResponse:
+        headers = (
+            {"Authorization": f"Bearer {self.id_token}"} if self.id_token else None
+        )
+        resp = await self.client.get("/api/v1/auth/me", headers=headers, timeout=10.0)
+        resp.raise_for_status()
+        return AuthMeResponse.model_validate(resp.json())
+    async def create_agent_api_key(self, name: str) -> APIToken:
+        resp = await self.client.post(
+            "/api/v1/api-keys",
+            json={"name": name, "project_id": None},
+        )
+        resp.raise_for_status()
+        json = resp.json()
+        token = json["redacted_api_key"]
+        id = json["id"]
+        return APIToken(token=token, id=id)
+    async def delete_api_key(self, id: str) -> None:
+        response = await self.client.delete(f"/api/v1/api-keys/{id}")
+        response.raise_for_status()
+class RefreshMiddleware(httpx.Auth):
+    def __init__(
+        self,
+        device_oidc: DeviceOIDC,
+        on_refresh: Callable[[DeviceOIDC], Awaitable[None]],
+    ) -> None:
+        self.device_oidc = device_oidc
+        self.on_refresh = on_refresh
+        self.lock = asyncio.Lock()
+    async def _refresh_and_update(self) -> None:
+        new_device_oidc = await refresh(self.device_oidc)
+        self.device_oidc = new_device_oidc
+        try:
+            await self.on_refresh(new_device_oidc)
+        except Exception:
+            logger.exception("Error in on_refresh callback")
+    async def async_auth_flow(
+        self, request: httpx.Request
+    ) -> AsyncGenerator[httpx.Request, httpx.Response]:
+        token = self.device_oidc.device_access_token
+        request.headers["Authorization"] = f"Bearer {token}"
+        response = yield request
+        if response.status_code == 401:
+            async with self.lock:
+                if token == self.device_oidc.device_access_token:
+                    await self._refresh_and_update()
+                    request.headers["Authorization"] = (
+                        f"Bearer {self.device_oidc.device_access_token}"
+                    )
+                yield request
+class DeviceAuthorizationRequest(BaseModel):
+    client_id: str
+    scope: str
+class DeviceAuthorizationResponse(BaseModel):
+    device_code: str
+    user_code: str
+    verification_uri: str
+    verification_uri_complete: str | None = None
+    expires_in: int
+    interval: int | None = None
+class TokenRequestDeviceCode(BaseModel):
+    grant_type: str = "urn:ietf:params:oauth:grant-type:device_code"
+    device_code: str
+    client_id: str
+class TokenResponse(BaseModel):
+    # Success fields
+    id_token: str | None = None
+    access_token: str | None = None
+    refresh_token: str | None = None
+    expires_in: int | None = None
+    token_type: str | None = None
+    scope: str | None = None
+    # Error fields
+    error: str | None = None
+    error_description: str | None = None
+class TokenRequestRefresh(BaseModel):
+    grant_type: str = "refresh_token"
+    refresh_token: str
+    client_id: str
+class OIDCClient(ClientContextManager):
+    def __init__(self) -> None:
+        super().__init__(None)
+    async def fetch_provider_configuration(
+        self, discovery_url: str
+    ) -> OidcProviderConfiguration:
+        resp = await self.client.get(discovery_url, timeout=10.0)
+        resp.raise_for_status()
+        return OidcProviderConfiguration.model_validate(resp.json())
+    async def device_authorization(
+        self, device_endpoint: str, request: DeviceAuthorizationRequest
+    ) -> DeviceAuthorizationResponse:
+        resp = await self.client.post(
+            device_endpoint,
+            data=request.model_dump(),
+            headers={
+                "Accept": "application/json",
+                "Content-Type": "application/x-www-form-urlencoded",
+            },
+            timeout=10.0,
+        )
+        resp.raise_for_status()
+        return DeviceAuthorizationResponse.model_validate(resp.json())
+    async def token_with_device_code(
+        self, token_endpoint: str, request: TokenRequestDeviceCode
+    ) -> TokenResponse:
+        resp = await self.client.post(
+            token_endpoint,
+            data=request.model_dump(),
+            headers={
+                "Accept": "application/json",
+                "Content-Type": "application/x-www-form-urlencoded",
+            },
+            timeout=10.0,
+        )
+        # Do not raise for status; callers inspect error payloads during polling
+        try:
+            payload = resp.json()
+        except Exception:
+            # Fall back to minimal error information
+            return TokenResponse(error="invalid_response", error_description=resp.text)
+        return TokenResponse.model_validate(payload)
+    async def token_with_refresh(
+        self, token_endpoint: str, request: TokenRequestRefresh
+    ) -> TokenResponse:
+        resp = await self.client.post(
+            token_endpoint,
+            data=request.model_dump(),
+            headers={
+                "Accept": "application/json",
+                "Content-Type": "application/x-www-form-urlencoded",
+            },
+            timeout=10.0,
+        )
+        try:
+            payload = resp.json()
+        except Exception:
+            return TokenResponse(error="invalid_response", error_description=resp.text)
+        return TokenResponse.model_validate(payload)
+    async def get_jwks(self, jwks_uri: str) -> JsonWebKeySet:
+        resp = await self.client.get(jwks_uri, timeout=10.0)
+        resp.raise_for_status()
+        return JsonWebKeySet.model_validate(resp.json())
+async def decode_jwt_claims_from_device_oidc(
+    oidc_device: DeviceOIDC,
+    verify_audience: bool = False,
+    verify_expiration: bool = False,
+    audience: str | None = None,
+) -> dict[str, Any]:
+    """Decode JWT claims by discovering provider and verifying via JWKS.
+    Assumes RSA signing. Audience verification can be toggled and, when enabled,
+    an audience value can be provided.
+    """
+    if not oidc_device.device_id_token:
+        raise ValueError("Device ID token is missing. Cannot decode claims.")
+    async with OIDCClient() as oidc:
+        provider = await oidc.fetch_provider_configuration(oidc_device.discovery_url)
+        jwks_uri = provider.jwks_uri
+        if not jwks_uri:
+            raise ValueError("Provider does not expose jwks_uri")
+    return await decode_jwt_claims(
+        oidc_device.device_id_token,
+        jwks_uri,
+        verify_audience,
+        verify_expiration,
+        audience,
+    )
+async def decode_jwt_claims(
+    token: str,
+    jwks_uri: str,
+    verify_audience: bool = False,
+    verify_expiration: bool = False,
+    audience: str | None = None,
+) -> dict[str, Any]:
+    async with OIDCClient() as oidc:
+        jwks = await oidc.get_jwks(jwks_uri)
+    # Select key
+    header = jwt.get_unverified_header(token)
+    kid = header.get("kid")
+    alg = header.get("alg", "RS256")
+    keys = jwks.keys
+    key = next((k for k in keys if k.kid == kid), None) or next(iter(keys), None)
+    if not key:
+        raise ValueError("Signing key not found in JWKS")
+    # Build public key (RSA-only)
+    if key.kty != "RSA":
+        raise ValueError("Unsupported JWK kty; only RSA is supported")
+    key_json = key.model_dump_json()
+    public_key = RSAAlgorithm.from_jwk(key_json)
+    return jwt.decode(
+        token,
+        public_key,
+        algorithms=[alg],
+        options={"verify_aud": verify_audience, "verify_exp": verify_expiration},
+        audience=audience,
+    )
+async def refresh(device_oidc: DeviceOIDC) -> DeviceOIDC:
+    """
+    Run a refresh on the access token, storing updated tokens in a new DeviceOIDC.
+    """
+    async with OIDCClient() as oidc:
+        provider = await oidc.fetch_provider_configuration(device_oidc.discovery_url)
+        token_endpoint = provider.token_endpoint
+        if not token_endpoint:
+            raise ValueError("Provider does not expose token_endpoint")
+        if not device_oidc.device_refresh_token:
+            raise ValueError("Device refresh token is missing. Cannot refresh.")
+        token = await oidc.token_with_refresh(
+            token_endpoint,
+            TokenRequestRefresh(
+                refresh_token=device_oidc.device_refresh_token,
+                client_id=device_oidc.client_id,
+            ),
+        )
+        copy = device_oidc.model_copy()
+        if not token.access_token:
+            raise ValueError("Refresh failed: token response missing access_token")
+        copy.device_access_token = token.access_token
+        copy.device_refresh_token = token.refresh_token or copy.device_refresh_token
+        copy.device_id_token = token.id_token or copy.device_id_token
+        return copy

llamactl-0.3.0/src/llama_deploy/cli/client.py ADDED Viewed

@@ -0,0 +1,50 @@
+from contextlib import asynccontextmanager
+from typing import AsyncGenerator
+from llama_deploy.cli.config.env_service import service
+from llama_deploy.core.client.manage_client import ControlPlaneClient, ProjectClient
+from rich import print as rprint
+def get_control_plane_client() -> ControlPlaneClient:
+    auth_svc = service.current_auth_service()
+    profile = service.current_auth_service().get_current_profile()
+    if profile:
+        resolved_base_url = profile.api_url.rstrip("/")
+        resolved_api_key = profile.api_key
+        return ControlPlaneClient(
+            resolved_base_url, resolved_api_key, auth_svc.auth_middleware()
+        )
+    # Fallback: allow env-scoped client construction for env operations
+    env = service.get_current_environment()
+    resolved_base_url = env.api_url.rstrip("/")
+    return ControlPlaneClient(resolved_base_url)
+def get_project_client() -> ProjectClient:
+    auth_svc = service.current_auth_service()
+    profile = auth_svc.get_current_profile()
+    if not profile:
+        rprint("\n[bold red]No profile configured![/bold red]")
+        rprint("\nTo get started, create a profile with:")
+        if auth_svc.env.requires_auth:
+            rprint("[cyan]llamactl auth login[/cyan]")
+        else:
+            rprint("[cyan]llamactl auth token[/cyan]")
+        raise SystemExit(1)
+    return ProjectClient(
+        profile.api_url, profile.project_id, profile.api_key, auth_svc.auth_middleware()
+    )
+@asynccontextmanager
+async def project_client_context() -> AsyncGenerator[ProjectClient, None]:
+    client = get_project_client()
+    try:
+        yield client
+    finally:
+        try:
+            await client.aclose()
+        except Exception:
+            pass

llamactl-0.3.0/src/llama_deploy/cli/commands/aliased_group.py ADDED Viewed

@@ -0,0 +1,33 @@
+"""Fully lifted from https://click.palletsprojects.com/en/stable/extending-click/"""
+import click
+class AliasedGroup(click.Group):
+    """
+    Implements a subclass of Group that accepts a prefix for a command.
+    If there was a command called push, it would accept pus as an alias (so long as it was unique):
+    """
+    def get_command(self, ctx: click.Context, cmd_name: str) -> click.Command | None:
+        rv = super().get_command(ctx, cmd_name)
+        if rv is not None:
+            return rv
+        matches = [x for x in self.list_commands(ctx) if x.startswith(cmd_name)]
+        if not matches:
+            return None
+        if len(matches) == 1:
+            return click.Group.get_command(self, ctx, matches[0])
+        ctx.fail(f"Too many matches: {', '.join(sorted(matches))}")
+    def resolve_command(
+        self, ctx: click.Context, args: list[str]
+    ) -> tuple[str, click.Command, list[str]]:
+        # always return the full command name
+        _, cmd, args = super().resolve_command(ctx, args)
+        return cmd.name, cmd, args

llamactl 0.2.7a1__tar.gz → 0.3.0__tar.gz

llamactl 0.2.7a1tar.gz → 0.3.0tar.gz