PyPI - llms-py - Versions diffs - 2.0.18__py3-none-any.whl → 2.0.33__py3-none-any.whl - Mend

llms-py 2.0.18py3-none-any.whl → 2.0.33py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

llms/index.html +17 -1
llms/llms.json +1132 -1075
llms/main.py +561 -103
llms/ui/Analytics.mjs +115 -104
llms/ui/App.mjs +81 -4
llms/ui/Avatar.mjs +61 -4
llms/ui/Brand.mjs +29 -11
llms/ui/ChatPrompt.mjs +163 -16
llms/ui/Main.mjs +177 -94
llms/ui/ModelSelector.mjs +28 -10
llms/ui/OAuthSignIn.mjs +92 -0
llms/ui/ProviderStatus.mjs +12 -12
llms/ui/Recents.mjs +13 -13
llms/ui/SettingsDialog.mjs +65 -65
llms/ui/Sidebar.mjs +24 -19
llms/ui/SystemPromptEditor.mjs +5 -5
llms/ui/SystemPromptSelector.mjs +26 -6
llms/ui/Welcome.mjs +2 -2
llms/ui/ai.mjs +69 -5
llms/ui/app.css +548 -34
llms/ui/lib/servicestack-vue.mjs +9 -9
llms/ui/markdown.mjs +8 -8
llms/ui/tailwind.input.css +2 -0
llms/ui/threadStore.mjs +39 -0
llms/ui/typography.css +54 -36
{llms_py-2.0.18.dist-info → llms_py-2.0.33.dist-info}/METADATA +403 -47
llms_py-2.0.33.dist-info/RECORD +48 -0
{llms_py-2.0.18.dist-info → llms_py-2.0.33.dist-info}/licenses/LICENSE +1 -2
llms/__pycache__/__init__.cpython-312.pyc +0 -0
llms/__pycache__/__init__.cpython-313.pyc +0 -0
llms/__pycache__/__init__.cpython-314.pyc +0 -0
llms/__pycache__/__main__.cpython-312.pyc +0 -0
llms/__pycache__/__main__.cpython-314.pyc +0 -0
llms/__pycache__/llms.cpython-312.pyc +0 -0
llms/__pycache__/main.cpython-312.pyc +0 -0
llms/__pycache__/main.cpython-313.pyc +0 -0
llms/__pycache__/main.cpython-314.pyc +0 -0
llms_py-2.0.18.dist-info/RECORD +0 -56
{llms_py-2.0.18.dist-info → llms_py-2.0.33.dist-info}/WHEEL +0 -0
{llms_py-2.0.18.dist-info → llms_py-2.0.33.dist-info}/entry_points.txt +0 -0
{llms_py-2.0.18.dist-info → llms_py-2.0.33.dist-info}/top_level.txt +0 -0

llms/main.py CHANGED Viewed

@@ -1,5 +1,8 @@
 #!/usr/bin/env python
+# Copyright (c) Demis Bellot, ServiceStack <https://servicestack.net>
+# License: https://github.com/ServiceStack/llms/blob/main/LICENSE
 # A lightweight CLI tool and OpenAI-compatible server for querying multiple Large Language Model (LLM) providers.
 # Docs: https://github.com/ServiceStack/llms
@@ -14,7 +17,10 @@ import mimetypes
 import traceback
 import sys
 import site
-from urllib.parse import parse_qs
+import secrets
+import re
+from io import BytesIO
+from urllib.parse import parse_qs, urlencode
 import aiohttp
 from aiohttp import web
@@ -22,7 +28,13 @@ from aiohttp import web
 from pathlib import Path
 from importlib import resources   # Py≥3.9  (pip install importlib_resources for 3.7/3.8)
-VERSION = "2.0.18"
+try:
+    from PIL import Image
+    HAS_PIL = True
+except ImportError:
+    HAS_PIL = False
+VERSION = "2.0.33"
 _ROOT = None
 g_config_path = None
 g_ui_path = None
@@ -31,6 +43,8 @@ g_handlers = {}
 g_verbose = False
 g_logprefix=""
 g_default_model=""
+g_sessions = {}  # OAuth session storage: {session_token: {userId, userName, displayName, profileUrl, email, created}}
+g_oauth_states = {}  # CSRF protection: {state: {created, redirect_uri}}
 def _log(message):
     """Helper method for logging from the global polling task."""
@@ -197,6 +211,77 @@ def price_to_string(price: float | int | str | None) -> str | None:
     except (ValueError, TypeError):
         return None
+def convert_image_if_needed(image_bytes, mimetype='image/png'):
+    """
+    Convert and resize image to WebP if it exceeds configured limits.
+    Args:
+        image_bytes: Raw image bytes
+        mimetype: Original image MIME type
+    Returns:
+        tuple: (converted_bytes, new_mimetype) or (original_bytes, original_mimetype) if no conversion needed
+    """
+    if not HAS_PIL:
+        return image_bytes, mimetype
+    # Get conversion config
+    convert_config = g_config.get('convert', {}).get('image', {}) if g_config else {}
+    if not convert_config:
+        return image_bytes, mimetype
+    max_size_str = convert_config.get('max_size', '1536x1024')
+    max_length = convert_config.get('max_length', 1.5*1024*1024) # 1.5MB
+    try:
+        # Parse max_size (e.g., "1536x1024")
+        max_width, max_height = map(int, max_size_str.split('x'))
+        # Open image
+        with Image.open(BytesIO(image_bytes)) as img:
+            original_width, original_height = img.size
+            # Check if image exceeds limits
+            needs_resize = original_width > max_width or original_height > max_height
+            # Check if base64 length would exceed max_length (in KB)
+            # Base64 encoding increases size by ~33%, so check raw bytes * 1.33 / 1024
+            estimated_kb = (len(image_bytes) * 1.33) / 1024
+            needs_conversion = estimated_kb > max_length
+            if not needs_resize and not needs_conversion:
+                return image_bytes, mimetype
+            # Convert RGBA to RGB if necessary (WebP doesn't support transparency in RGB mode)
+            if img.mode in ('RGBA', 'LA', 'P'):
+                # Create a white background
+                background = Image.new('RGB', img.size, (255, 255, 255))
+                if img.mode == 'P':
+                    img = img.convert('RGBA')
+                background.paste(img, mask=img.split()[-1] if img.mode in ('RGBA', 'LA') else None)
+                img = background
+            elif img.mode != 'RGB':
+                img = img.convert('RGB')
+            # Resize if needed (preserve aspect ratio)
+            if needs_resize:
+                img.thumbnail((max_width, max_height), Image.Resampling.LANCZOS)
+                _log(f"Resized image from {original_width}x{original_height} to {img.size[0]}x{img.size[1]}")
+            # Convert to WebP
+            output = BytesIO()
+            img.save(output, format='WEBP', quality=85, method=6)
+            converted_bytes = output.getvalue()
+            _log(f"Converted image to WebP: {len(image_bytes)} bytes -> {len(converted_bytes)} bytes ({len(converted_bytes)*100//len(image_bytes)}%)")
+            return converted_bytes, 'image/webp'
+    except Exception as e:
+        _log(f"Error converting image: {e}")
+        # Return original if conversion fails
+        return image_bytes, mimetype
 async def process_chat(chat):
     if not chat:
         raise Exception("No chat provided")
@@ -227,19 +312,31 @@ async def process_chat(chat):
                                     mimetype = get_file_mime_type(get_filename(url))
                                     if 'Content-Type' in response.headers:
                                         mimetype = response.headers['Content-Type']
+                                    # convert/resize image if needed
+                                    content, mimetype = convert_image_if_needed(content, mimetype)
                                     # convert to data uri
                                     image_url['url'] = f"data:{mimetype};base64,{base64.b64encode(content).decode('utf-8')}"
                             elif is_file_path(url):
                                 _log(f"Reading image: {url}")
                                 with open(url, "rb") as f:
                                     content = f.read()
-                                    ext = os.path.splitext(url)[1].lower().lstrip('.') if '.' in url else 'png'
                                     # get mimetype from file extension
                                     mimetype = get_file_mime_type(get_filename(url))
+                                    # convert/resize image if needed
+                                    content, mimetype = convert_image_if_needed(content, mimetype)
                                     # convert to data uri
                                     image_url['url'] = f"data:{mimetype};base64,{base64.b64encode(content).decode('utf-8')}"
                             elif url.startswith('data:'):
-                                pass
+                                # Extract existing data URI and process it
+                                if ';base64,' in url:
+                                    prefix = url.split(';base64,')[0]
+                                    mimetype = prefix.split(':')[1] if ':' in prefix else 'image/png'
+                                    base64_data = url.split(';base64,')[1]
+                                    content = base64.b64decode(base64_data)
+                                    # convert/resize image if needed
+                                    content, mimetype = convert_image_if_needed(content, mimetype)
+                                    # update data uri with potentially converted image
+                                    image_url['url'] = f"data:{mimetype};base64,{base64.b64encode(content).decode('utf-8')}"
                             else:
                                 raise Exception(f"Invalid image: {url}")
                     elif item['type'] == 'input_audio' and 'input_audio' in item:
@@ -354,7 +451,7 @@ class OpenAiProvider:
     @classmethod
     def test(cls, base_url=None, api_key=None, models={}, **kwargs):
-        return base_url is not None and api_key is not None and len(models) > 0
+        return base_url and api_key and len(models) > 0
     async def load(self):
         pass
@@ -425,6 +522,8 @@ class OpenAiProvider:
         chat = await process_chat(chat)
         _log(f"POST {self.chat_url}")
         _log(chat_summary(chat))
+        # remove metadata if any (conflicts with some providers, e.g. Z.ai)
+        chat.pop('metadata', None)
         async with aiohttp.ClientSession() as session:
             started_at = time.time()
@@ -467,7 +566,7 @@ class OllamaProvider(OpenAiProvider):
     @classmethod
     def test(cls, base_url=None, models={}, all_models=False, **kwargs):
-        return base_url is not None and (len(models) > 0 or all_models)
+        return base_url and (len(models) > 0 or all_models)
 class GoogleOpenAiProvider(OpenAiProvider):
     def __init__(self, api_key, models, **kwargs):
@@ -476,7 +575,7 @@ class GoogleOpenAiProvider(OpenAiProvider):
     @classmethod
     def test(cls, api_key=None, models={}, **kwargs):
-        return api_key is not None and len(models) > 0
+        return api_key and len(models) > 0
 class GoogleProvider(OpenAiProvider):
     def __init__(self, models, api_key, safety_settings=None, thinking_config=None, curl=False, **kwargs):
@@ -912,7 +1011,7 @@ async def load_llms():
         await provider.load()
 def save_config(config):
-    global g_config
+    global g_config, g_config_path
     g_config = config
     with open(g_config_path, "w") as f:
         json.dump(g_config, f, indent=4)
@@ -921,29 +1020,27 @@ def save_config(config):
 def github_url(filename):
     return f"https://raw.githubusercontent.com/ServiceStack/llms/refs/heads/main/llms/{filename}"
-async def save_text(url, save_path):
+async def get_text(url):
     async with aiohttp.ClientSession() as session:
         _log(f"GET {url}")
         async with session.get(url) as resp:
             text = await resp.text()
             if resp.status >= 400:
                 raise HTTPError(resp.status, reason=resp.reason, body=text, headers=dict(resp.headers))
-            os.makedirs(os.path.dirname(save_path), exist_ok=True)
-            with open(save_path, "w") as f:
-                f.write(text)
             return text
+async def save_text_url(url, save_path):
+    text = await get_text(url)
+    os.makedirs(os.path.dirname(save_path), exist_ok=True)
+    with open(save_path, "w") as f:
+        f.write(text)
+    return text
 async def save_default_config(config_path):
     global g_config
-    config_json = await save_text(github_url("llms.json"), config_path)
+    config_json = await save_text_url(github_url("llms.json"), config_path)
     g_config = json.loads(config_json)
-async def update_llms():
-    """
-    Update llms.py from GitHub
-    """
-    await save_text(github_url("llms.py"), __file__)
 def provider_status():
     enabled = list(g_handlers.keys())
     disabled = [provider for provider in g_config['providers'].keys() if provider not in enabled]
@@ -1262,8 +1359,119 @@ async def check_models(provider_name, model_names=None):
     print()
+def text_from_resource(filename):
+    global _ROOT
+    resource_path = _ROOT / filename
+    if resource_exists(resource_path):
+        try:
+            return read_resource_text(resource_path)
+        except (OSError, AttributeError) as e:
+            _log(f"Error reading resource config {filename}: {e}")
+    return None
+def text_from_file(filename):
+    if os.path.exists(filename):
+        with open(filename, "r") as f:
+            return f.read()
+    return None
+async def text_from_resource_or_url(filename):
+    text = text_from_resource(filename)
+    if not text:
+        try:
+            resource_url = github_url(filename)
+            text = await get_text(resource_url)
+        except Exception as e:
+            _log(f"Error downloading JSON from {resource_url}: {e}")
+            raise e
+    return text
+async def save_home_configs():
+    home_config_path = home_llms_path("llms.json")
+    home_ui_path = home_llms_path("ui.json")
+    if os.path.exists(home_config_path) and os.path.exists(home_ui_path):
+        return
+    llms_home = os.path.dirname(home_config_path)
+    os.makedirs(llms_home, exist_ok=True)
+    try:
+        if not os.path.exists(home_config_path):
+            config_json = await text_from_resource_or_url("llms.json")
+            with open(home_config_path, "w") as f:
+                f.write(config_json)
+            _log(f"Created default config at {home_config_path}")
+        if not os.path.exists(home_ui_path):
+            ui_json = await text_from_resource_or_url("ui.json")
+            with open(home_ui_path, "w") as f:
+                f.write(ui_json)
+            _log(f"Created default ui config at {home_ui_path}")
+    except Exception as e:
+        print("Could not create llms.json. Create one with --init or use --config <path>")
+        exit(1)
+async def reload_providers():
+    global g_config, g_handlers
+    g_handlers = init_llms(g_config)
+    await load_llms()
+    _log(f"{len(g_handlers)} providers loaded")
+    return g_handlers
+async def watch_config_files(config_path, ui_path, interval=1):
+    """Watch config files and reload providers when they change"""
+    global g_config
+    config_path = Path(config_path)
+    ui_path = Path(ui_path) if ui_path else None
+    file_mtimes = {}
+    _log(f"Watching config files: {config_path}" + (f", {ui_path}" if ui_path else ""))
+    while True:
+        await asyncio.sleep(interval)
+        # Check llms.json
+        try:
+            if config_path.is_file():
+                mtime = config_path.stat().st_mtime
+                if str(config_path) not in file_mtimes:
+                    file_mtimes[str(config_path)] = mtime
+                elif file_mtimes[str(config_path)] != mtime:
+                    _log(f"Config file changed: {config_path.name}")
+                    file_mtimes[str(config_path)] = mtime
+                    try:
+                        # Reload llms.json
+                        with open(config_path, "r") as f:
+                            g_config = json.load(f)
+                        # Reload providers
+                        await reload_providers()
+                        _log("Providers reloaded successfully")
+                    except Exception as e:
+                        _log(f"Error reloading config: {e}")
+        except FileNotFoundError:
+            pass
+        # Check ui.json
+        if ui_path:
+            try:
+                if ui_path.is_file():
+                    mtime = ui_path.stat().st_mtime
+                    if str(ui_path) not in file_mtimes:
+                        file_mtimes[str(ui_path)] = mtime
+                    elif file_mtimes[str(ui_path)] != mtime:
+                        _log(f"Config file changed: {ui_path.name}")
+                        file_mtimes[str(ui_path)] = mtime
+                        _log("ui.json reloaded - reload page to update")
+            except FileNotFoundError:
+                pass
 def main():
-    global _ROOT, g_verbose, g_default_model, g_logprefix, g_config_path, g_ui_path
+    global _ROOT, g_verbose, g_default_model, g_logprefix, g_config, g_config_path, g_ui_path
     parser = argparse.ArgumentParser(description=f"llms v{VERSION}")
     parser.add_argument('--config',       default=None, help='Path to config file', metavar='FILE')
@@ -1291,10 +1499,12 @@ def main():
     parser.add_argument('--root',         default=None, help='Change root directory for UI files', metavar='PATH')
     parser.add_argument('--logprefix',    default="",   help='Prefix used in log messages', metavar='PREFIX')
     parser.add_argument('--verbose',      action='store_true', help='Verbose output')
-    parser.add_argument('--update',       action='store_true', help='Update to latest version')
     cli_args, extra_args = parser.parse_known_args()
-    if cli_args.verbose:
+    # Check for verbose mode from CLI argument or environment variables
+    verbose_env = os.environ.get('VERBOSE', '').lower()
+    if cli_args.verbose or verbose_env in ('1', 'true'):
         g_verbose = True
         # printdump(cli_args)
     if cli_args.model:
@@ -1302,24 +1512,13 @@ def main():
     if cli_args.logprefix:
         g_logprefix = cli_args.logprefix
-    if cli_args.config is not None:
-        g_config_path = os.path.join(os.path.dirname(__file__), cli_args.config)
-    _ROOT = resolve_root()
-    if cli_args.root:
-        _ROOT = Path(cli_args.root)
+    _ROOT = Path(cli_args.root) if cli_args.root else resolve_root()
     if not _ROOT:
         print("Resource root not found")
         exit(1)
-    g_config_path = os.path.join(os.path.dirname(__file__), cli_args.config) if cli_args.config else get_config_path()
-    g_ui_path = get_ui_path()
     home_config_path = home_llms_path("llms.json")
-    resource_config_path = _ROOT / "llms.json"
     home_ui_path = home_llms_path("ui.json")
-    resource_ui_path = _ROOT / "ui.json"
     if cli_args.init:
         if os.path.exists(home_config_path):
@@ -1331,74 +1530,37 @@ def main():
         if os.path.exists(home_ui_path):
             print(f"ui.json already exists at {home_ui_path}")
         else:
-            asyncio.run(save_text(github_url("ui.json"), home_ui_path))
+            asyncio.run(save_text_url(github_url("ui.json"), home_ui_path))
             print(f"Created default ui config at {home_ui_path}")
         exit(0)
-    if not g_config_path or not os.path.exists(g_config_path):
-        # copy llms.json and ui.json to llms_home
-        if not os.path.exists(home_config_path):
-            llms_home = os.path.dirname(home_config_path)
-            os.makedirs(llms_home, exist_ok=True)
-            if resource_exists(resource_config_path):
-                try:
-                    # Read config from resource (handle both Path and Traversable objects)
-                    config_json = read_resource_text(resource_config_path)
-                except (OSError, AttributeError) as e:
-                    _log(f"Error reading resource config: {e}")
-            if not config_json:
-                try:
-                    config_json = asyncio.run(save_text(github_url("llms.json"), home_config_path))
-                except Exception as e:
-                    _log(f"Error downloading llms.json: {e}")
-                    print("Could not create llms.json. Create one with --init or use --config <path>")
-                    exit(1)
-            with open(home_config_path, "w") as f:
-                f.write(config_json)
-                _log(f"Created default config at {home_config_path}")
-            # Update g_config_path to point to the copied file
-            g_config_path = home_config_path
-    if not g_config_path or not os.path.exists(g_config_path):
-        print("llms.json not found. Create one with --init or use --config <path>")
-        exit(1)
+    if cli_args.config:
+        # read contents
+        g_config_path = os.path.join(os.path.dirname(__file__), cli_args.config)
+        with open(g_config_path, "r") as f:
+            config_json = f.read()
+            g_config = json.loads(config_json)
-    if not g_ui_path or not os.path.exists(g_ui_path):
-        # Read UI config from resource
-        if not os.path.exists(home_ui_path):
-            llms_home = os.path.dirname(home_ui_path)
-            os.makedirs(llms_home, exist_ok=True)
-            if resource_exists(resource_ui_path):
-                try:
-                    # Read config from resource (handle both Path and Traversable objects)
-                    ui_json = read_resource_text(resource_ui_path)
-                except (OSError, AttributeError) as e:
-                    _log(f"Error reading resource ui config: {e}")
-            if not ui_json:
-                try:
-                    ui_json = asyncio.run(save_text(github_url("ui.json"), home_ui_path))
-                except Exception as e:
-                    _log(f"Error downloading ui.json: {e}")
-                    print("Could not create ui.json. Create one with --init or use --config <path>")
-                    exit(1)
-            with open(home_ui_path, "w") as f:
-                f.write(ui_json)
+        config_dir = os.path.dirname(g_config_path)
+        # look for ui.json in same directory as config
+        ui_path = os.path.join(config_dir, "ui.json")
+        if os.path.exists(ui_path):
+            g_ui_path = ui_path
+        else:
+            if not os.path.exists(home_ui_path):
+                ui_json = text_from_resource("ui.json")
+                with open(home_ui_path, "w") as f:
+                    f.write(ui_json)
                 _log(f"Created default ui config at {home_ui_path}")
-        # Update g_config_path to point to the copied file
+            g_ui_path = home_ui_path
+    else:
+        # ensure llms.json and ui.json exist in home directory
+        asyncio.run(save_home_configs())
+        g_config_path = home_config_path
         g_ui_path = home_ui_path
-    if not g_ui_path or not os.path.exists(g_ui_path):
-        print("ui.json not found. Create one with --init or use --config <path>")
-        exit(1)
+        g_config = json.loads(text_from_file(g_config_path))
-    # read contents
-    with open(g_config_path, "r") as f:
-        config_json = f.read()
-        init_llms(json.loads(config_json))
-        asyncio.run(load_llms())
+    asyncio.run(reload_providers())
     # print names
     _log(f"enabled providers: {', '.join(g_handlers.keys())}")
@@ -1433,15 +1595,85 @@ def main():
         exit(0)
     if cli_args.serve is not None:
+        # Disable inactive providers and save to config before starting server
+        all_providers = g_config['providers'].keys()
+        enabled_providers = list(g_handlers.keys())
+        disable_providers = []
+        for provider in all_providers:
+            provider_config = g_config['providers'][provider]
+            if provider not in enabled_providers:
+                if 'enabled' in provider_config and provider_config['enabled']:
+                    provider_config['enabled'] = False
+                    disable_providers.append(provider)
+        if len(disable_providers) > 0:
+            _log(f"Disabled unavailable providers: {', '.join(disable_providers)}")
+            save_config(g_config)
+        # Start server
         port = int(cli_args.serve)
         if not os.path.exists(g_ui_path):
             print(f"UI not found at {g_ui_path}")
             exit(1)
-        app = web.Application()
+        # Validate auth configuration if enabled
+        auth_enabled = g_config.get('auth', {}).get('enabled', False)
+        if auth_enabled:
+            github_config = g_config.get('auth', {}).get('github', {})
+            client_id = github_config.get('client_id', '')
+            client_secret = github_config.get('client_secret', '')
+            # Expand environment variables
+            if client_id.startswith('$'):
+                client_id = os.environ.get(client_id[1:], '')
+            if client_secret.startswith('$'):
+                client_secret = os.environ.get(client_secret[1:], '')
+            if not client_id or not client_secret:
+                print("ERROR: Authentication is enabled but GitHub OAuth is not properly configured.")
+                print("Please set GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET environment variables,")
+                print("or disable authentication by setting 'auth.enabled' to false in llms.json")
+                exit(1)
+            _log("Authentication enabled - GitHub OAuth configured")
+        client_max_size = g_config.get('limits', {}).get('client_max_size', 20*1024*1024) # 20MB max request size (to handle base64 encoding overhead)
+        _log(f"client_max_size set to {client_max_size} bytes ({client_max_size/1024/1024:.1f}MB)")
+        app = web.Application(client_max_size=client_max_size)
+        # Authentication middleware helper
+        def check_auth(request):
+            """Check if request is authenticated. Returns (is_authenticated, user_data)"""
+            if not auth_enabled:
+                return True, None
+            # Check for OAuth session token
+            session_token = request.query.get('session') or request.headers.get('X-Session-Token')
+            if session_token and session_token in g_sessions:
+                return True, g_sessions[session_token]
+            # Check for API key
+            auth_header = request.headers.get('Authorization', '')
+            if auth_header.startswith('Bearer '):
+                api_key = auth_header[7:]
+                if api_key:
+                    return True, {"authProvider": "apikey"}
+            return False, None
         async def chat_handler(request):
+            # Check authentication if enabled
+            is_authenticated, user_data = check_auth(request)
+            if not is_authenticated:
+                return web.json_response({
+                    "error": {
+                        "message": "Authentication required",
+                        "type": "authentication_error",
+                        "code": "unauthorized"
+                    }
+                }, status=401)
             try:
                 chat = await request.json()
                 response = await chat_completion(chat)
@@ -1487,6 +1719,226 @@ def main():
             })
         app.router.add_post('/providers/{provider}', provider_handler)
+        # OAuth handlers
+        async def github_auth_handler(request):
+            """Initiate GitHub OAuth flow"""
+            if 'auth' not in g_config or 'github' not in g_config['auth']:
+                return web.json_response({"error": "GitHub OAuth not configured"}, status=500)
+            auth_config = g_config['auth']['github']
+            client_id = auth_config.get('client_id', '')
+            redirect_uri = auth_config.get('redirect_uri', '')
+            # Expand environment variables
+            if client_id.startswith('$'):
+                client_id = os.environ.get(client_id[1:], '')
+            if redirect_uri.startswith('$'):
+                redirect_uri = os.environ.get(redirect_uri[1:], '')
+            if not client_id:
+                return web.json_response({"error": "GitHub client_id not configured"}, status=500)
+            # Generate CSRF state token
+            state = secrets.token_urlsafe(32)
+            g_oauth_states[state] = {
+                'created': time.time(),
+                'redirect_uri': redirect_uri
+            }
+            # Clean up old states (older than 10 minutes)
+            current_time = time.time()
+            expired_states = [s for s, data in g_oauth_states.items() if current_time - data['created'] > 600]
+            for s in expired_states:
+                del g_oauth_states[s]
+            # Build GitHub authorization URL
+            params = {
+                'client_id': client_id,
+                'redirect_uri': redirect_uri,
+                'state': state,
+                'scope': 'read:user user:email'
+            }
+            auth_url = f"https://github.com/login/oauth/authorize?{urlencode(params)}"
+            return web.HTTPFound(auth_url)
+        def validate_user(github_username):
+            auth_config = g_config['auth']['github']
+            # Check if user is restricted
+            restrict_to = auth_config.get('restrict_to', '')
+            # Expand environment variables
+            if restrict_to.startswith('$'):
+                restrict_to = os.environ.get(restrict_to[1:], '')
+            # If restrict_to is configured, validate the user
+            if restrict_to:
+                # Parse allowed users (comma or space delimited)
+                allowed_users = [u.strip() for u in re.split(r'[,\s]+', restrict_to) if u.strip()]
+                # Check if user is in the allowed list
+                if not github_username or github_username not in allowed_users:
+                    _log(f"Access denied for user: {github_username}. Not in allowed list: {allowed_users}")
+                    return web.Response(
+                        text=f"Access denied. User '{github_username}' is not authorized to access this application.",
+                        status=403
+                    )
+            return None
+        async def github_callback_handler(request):
+            """Handle GitHub OAuth callback"""
+            code = request.query.get('code')
+            state = request.query.get('state')
+            if not code or not state:
+                return web.Response(text="Missing code or state parameter", status=400)
+            # Verify state token (CSRF protection)
+            if state not in g_oauth_states:
+                return web.Response(text="Invalid state parameter", status=400)
+            state_data = g_oauth_states.pop(state)
+            if 'auth' not in g_config or 'github' not in g_config['auth']:
+                return web.json_response({"error": "GitHub OAuth not configured"}, status=500)
+            auth_config = g_config['auth']['github']
+            client_id = auth_config.get('client_id', '')
+            client_secret = auth_config.get('client_secret', '')
+            redirect_uri = auth_config.get('redirect_uri', '')
+            # Expand environment variables
+            if client_id.startswith('$'):
+                client_id = os.environ.get(client_id[1:], '')
+            if client_secret.startswith('$'):
+                client_secret = os.environ.get(client_secret[1:], '')
+            if redirect_uri.startswith('$'):
+                redirect_uri = os.environ.get(redirect_uri[1:], '')
+            if not client_id or not client_secret:
+                return web.json_response({"error": "GitHub OAuth credentials not configured"}, status=500)
+            # Exchange code for access token
+            async with aiohttp.ClientSession() as session:
+                token_url = "https://github.com/login/oauth/access_token"
+                token_data = {
+                    'client_id': client_id,
+                    'client_secret': client_secret,
+                    'code': code,
+                    'redirect_uri': redirect_uri
+                }
+                headers = {'Accept': 'application/json'}
+                async with session.post(token_url, data=token_data, headers=headers) as resp:
+                    token_response = await resp.json()
+                    access_token = token_response.get('access_token')
+                    if not access_token:
+                        error = token_response.get('error_description', 'Failed to get access token')
+                        return web.Response(text=f"OAuth error: {error}", status=400)
+                # Fetch user info
+                user_url = "https://api.github.com/user"
+                headers = {
+                    "Authorization": f"Bearer {access_token}",
+                    "Accept": "application/json"
+                }
+                async with session.get(user_url, headers=headers) as resp:
+                    user_data = await resp.json()
+                # Validate user
+                error_response = validate_user(user_data.get('login', ''))
+                if error_response:
+                    return error_response
+            # Create session
+            session_token = secrets.token_urlsafe(32)
+            g_sessions[session_token] = {
+                "userId": str(user_data.get('id', '')),
+                "userName": user_data.get('login', ''),
+                "displayName": user_data.get('name', ''),
+                "profileUrl": user_data.get('avatar_url', ''),
+                "email": user_data.get('email', ''),
+                "created": time.time()
+            }
+            # Redirect to UI with session token
+            return web.HTTPFound(f"/?session={session_token}")
+        async def session_handler(request):
+            """Validate and return session info"""
+            session_token = request.query.get('session') or request.headers.get('X-Session-Token')
+            if not session_token or session_token not in g_sessions:
+                return web.json_response({"error": "Invalid or expired session"}, status=401)
+            session_data = g_sessions[session_token]
+            # Clean up old sessions (older than 24 hours)
+            current_time = time.time()
+            expired_sessions = [token for token, data in g_sessions.items() if current_time - data['created'] > 86400]
+            for token in expired_sessions:
+                del g_sessions[token]
+            return web.json_response({
+                **session_data,
+                "sessionToken": session_token
+            })
+        async def logout_handler(request):
+            """End OAuth session"""
+            session_token = request.query.get('session') or request.headers.get('X-Session-Token')
+            if session_token and session_token in g_sessions:
+                del g_sessions[session_token]
+            return web.json_response({"success": True})
+        async def auth_handler(request):
+            """Check authentication status and return user info"""
+            # Check for OAuth session token
+            session_token = request.query.get('session') or request.headers.get('X-Session-Token')
+            if session_token and session_token in g_sessions:
+                session_data = g_sessions[session_token]
+                return web.json_response({
+                    "userId": session_data.get("userId", ""),
+                    "userName": session_data.get("userName", ""),
+                    "displayName": session_data.get("displayName", ""),
+                    "profileUrl": session_data.get("profileUrl", ""),
+                    "authProvider": "github"
+                })
+            # Check for API key in Authorization header
+            # auth_header = request.headers.get('Authorization', '')
+            # if auth_header.startswith('Bearer '):
+            #     # For API key auth, return a basic response
+            #     # You can customize this based on your API key validation logic
+            #     api_key = auth_header[7:]
+            #     if api_key:  # Add your API key validation logic here
+            #         return web.json_response({
+            #             "userId": "1",
+            #             "userName": "apiuser",
+            #             "displayName": "API User",
+            #             "profileUrl": "",
+            #             "authProvider": "apikey"
+            #         })
+            # Not authenticated - return error in expected format
+            return web.json_response({
+                "responseStatus": {
+                    "errorCode": "Unauthorized",
+                    "message": "Not authenticated"
+                }
+            }, status=401)
+        app.router.add_get('/auth', auth_handler)
+        app.router.add_get('/auth/github', github_auth_handler)
+        app.router.add_get('/auth/github/callback', github_callback_handler)
+        app.router.add_get('/auth/session', session_handler)
+        app.router.add_post('/auth/logout', logout_handler)
         async def ui_static(request: web.Request) -> web.Response:
             path = Path(request.match_info["path"])
@@ -1526,9 +1978,12 @@ def main():
                 enabled, disabled = provider_status()
                 ui['status'] = {
                     "all": list(g_config['providers'].keys()),
-                    "enabled": enabled,
-                    "disabled": disabled
+                    "enabled": enabled,
+                    "disabled": disabled
                 }
+                # Add auth configuration
+                ui['requiresAuth'] = auth_enabled
+                ui['authType'] = 'oauth' if auth_enabled else 'apikey'
                 return web.json_response(ui)
         app.router.add_get('/config', ui_config_handler)
@@ -1547,6 +2002,14 @@ def main():
         # Serve index.html as fallback route (SPA routing)
         app.router.add_route('*', '/{tail:.*}', index_handler)
+        # Setup file watcher for config files
+        async def start_background_tasks(app):
+            """Start background tasks when the app starts"""
+            # Start watching config files in the background
+            asyncio.create_task(watch_config_files(g_config_path, g_ui_path))
+        app.on_startup.append(start_background_tasks)
         print(f"Starting server on port {port}...")
         web.run_app(app, host='0.0.0.0', port=port, print=_log)
         exit(0)
@@ -1617,11 +2080,6 @@ def main():
         print(f"\nDefault model set to: {default_model}")
         exit(0)
-    if cli_args.update:
-        asyncio.run(update_llms())
-        print(f"{__file__} updated")
-        exit(0)
     if cli_args.chat is not None or cli_args.image is not None or cli_args.audio is not None or cli_args.file is not None or len(extra_args) > 0:
         try:
             chat = g_config['defaults']['text']

llms-py 2.0.18__py3-none-any.whl → 2.0.33__py3-none-any.whl

llms-py 2.0.18py3-none-any.whl → 2.0.33py3-none-any.whl