react-agent-harness 0.2.0__tar.gz → 0.3.0__tar.gz

{react_agent_harness-0.2.0/react_agent_harness.egg-info → react_agent_harness-0.3.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: react-agent-harness
-Version: 0.2.0
+Version: 0.3.0
 Summary: Multi-agent LLM orchestration: hybrid DAG planning, two-tier memory, streaming
 Requires-Python: >=3.10
 License-File: LICENSE

{react_agent_harness-0.2.0 → react_agent_harness-0.3.0}/README.md

@@ -74,6 +74,7 @@ explicit control.
 | `examples/executor_bridge_demo.py` | `ExecutorBridge` backends side-by-side: allowlist, env scrubbing, Docker network/fs isolation, timeout, positional-arg tools. | `ah-executor` and/or Docker |
 | `examples/durable_memory_demo.py` | Redis (semantic) + LanceDB (episodic) memory persistence across two related goals. | `OPENAI_API_KEY`, `[openai,redis,lance]`, Redis reachable |
 | `examples/mcp_demo.py` | Connects to an MCP filesystem server and gives the agent its tools. | `OPENAI_API_KEY`, `[openai,mcp]`, `npx` |
+| `examples/subscription_auth_demo.py` | Runs an agent through subscription-backed providers: direct `openai-codex` OAuth or direct `claude-code` OAuth. | `agent-harness login openai-codex` or `agent-harness login claude-code` |
 
 ## Adding a new domain (3 steps)
 
@@ -109,6 +110,102 @@ llm = OpenAILLM(model="gpt-4o-mini")                # reads OPENAI_API_KEY from
 runtime = AgentRuntime(..., llm=llm)
 ```
 
+Credential-backed adapters can also plug into the same contract. This is the
+shape used for provider-specific subscription or OAuth flows without teaching
+agents about auth:
+
+```bash
+agent-harness login openai-codex
+agent-harness auth status openai-codex
+agent-harness login claude-code
+agent-harness auth status claude-code
+```
+
+> **⚠️ Subscription adapters are experimental — use the metered API in production.**
+>
+> `OpenAICodexLLM` and `ClaudeCodeLLM` bridge **ChatGPT / Claude
+> subscription OAuth credentials** into the harness by talking to
+> internal CLI endpoints with CLI-shaped User-Agent and billing headers.
+> This route:
+>
+> - **May violate OpenAI's and Anthropic's Terms of Service.** Both
+>   providers prohibit using subscription accounts (ChatGPT Plus/Pro,
+>   Claude Pro/Max) for arbitrary programmatic access — subscriptions
+>   price for the official CLI's intended use only.
+> - **May result in account suspension** if abuse detection classifies
+>   harness traffic as misuse.
+> - **Depends on undocumented internal endpoints**
+>   (`/backend-api/codex/responses`, the Anthropic Messages API with
+>   `claude-code-*` beta flags) that providers can change or revoke at
+>   any time.
+>
+> **Use these adapters only for personal research on accounts you own.**
+> Do not use them to serve other users. For anything else, prefer the
+> metered API path:
+>
+> - `OpenAILLM` with `OPENAI_API_KEY` (optionally routed through a
+>   gateway like LiteLLM/Helicone for cost headers).
+> - The standard Anthropic Messages API with an Anthropic API key.
+
+Direct `openai-codex` OAuth follows the Codex/Pi-style ChatGPT
+subscription route rather than the stable OpenAI Platform API. The
+Codex OAuth client id can be overridden with
+`AGENT_HARNESS_OPENAI_CODEX_CLIENT_ID`.
+
+```python
+from harness.llm.openai_codex import OpenAICodexLLM
+
+llm = OpenAICodexLLM(
+    model="gpt-5.5",
+    auth_file="~/.agent-harness/auth/auth.json",  # Pi-shaped openai-codex OAuth entry
+)
+runtime = AgentRuntime(..., llm=llm)
+```
+
+`OpenAICodexLLM` calls the Codex backend directly
+(`https://chatgpt.com/backend-api/codex/responses`) with OAuth credentials.
+The stable fallback remains `OpenAILLM` with `OPENAI_API_KEY`.
+
+For Claude Code-style setups, use `ClaudeCodeLLM` with Claude Pro/Max OAuth
+credentials stored in the same auth file. It calls the Anthropic Messages API
+directly with Claude-Code-compatible OAuth headers:
+
+```bash
+agent-harness login claude-code
+python examples/subscription_auth_demo.py claude-code
+```
+
+```python
+from harness.llm.claude_code import ClaudeCodeLLM
+
+llm = ClaudeCodeLLM(
+    model="claude-sonnet-4-6",
+    auth_file="~/.agent-harness/auth/auth.json",
+)
+```
+
+`ClaudeCodeLLM` reads a `claude-code` OAuth entry, refreshes it automatically
+when expired, and retries once after `401`/`403`. This mirrors Pi's Claude
+Pro/Max extension approach rather than shelling out to the Claude CLI. The
+default model is the current canonical Sonnet release ID, `claude-sonnet-4-6`;
+set `CLAUDE_CODE_MODEL` or pass `model="claude-opus-4-7"` to choose another
+model.
+
+Both adapters stream incrementally — `stream_complete()` yields each
+SSE delta token as it arrives, and `complete()` consumes the same
+stream and returns the concatenated text once finished. Cost / token
+usage is captured from the final stream event into `last_usage`.
+
+The Claude billing header's `cc_version` is read from
+`CLAUDE_CODE_VERSION` (env) or from `claude --version` if the CLI is
+installed; falls back to `unknown` otherwise. Pinning a specific
+version with `CLAUDE_CODE_VERSION=2.1.150` is recommended if you want
+stable behavior across CLI upgrades.
+
+Do not copy browser/app refresh tokens into repo files. Store OAuth auth files
+under `~/.agent-harness/auth` or reuse an existing Pi auth file with private
+file permissions (`0600`).
+
 To use Anthropic / Gemini / Ollama / a local SGLang or vLLM server / anything
 else — write a 30-line adapter implementing those two methods. See
 `harness/llm/openai.py` for the reference shape; the harness never imports a

react_agent_harness-0.3.0/harness/cli.py

@@ -0,0 +1,137 @@
+from __future__ import annotations
+
+import argparse
+import asyncio
+import json
+import os
+import sys
+from pathlib import Path
+
+from harness.llm.auth import (
+    AnthropicClaudeCodeOAuthClient,
+    AuthFileOAuthProvider,
+    OAuthCredential,
+    OpenAICodexOAuthClient,
+    default_auth_file,
+)
+
+PROVIDERS = ["openai-codex", "claude-code"]
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(prog="agent-harness", description="agent-harness utilities")
+    sub = parser.add_subparsers(dest="command", required=True)
+
+    login = sub.add_parser("login", help="log in to a provider")
+    login.add_argument("provider", choices=PROVIDERS)
+    login.add_argument("--auth-file", default=str(default_auth_file()))
+
+    status = sub.add_parser("auth", help="inspect or clear provider auth")
+    status_sub = status.add_subparsers(dest="auth_command", required=True)
+    status_cmd = status_sub.add_parser("status", help="show auth status")
+    status_cmd.add_argument("provider", choices=PROVIDERS)
+    status_cmd.add_argument("--auth-file", default=str(default_auth_file()))
+    logout_cmd = status_sub.add_parser("logout", help="remove auth credentials")
+    logout_cmd.add_argument("provider", choices=PROVIDERS)
+    logout_cmd.add_argument("--auth-file", default=str(default_auth_file()))
+
+    args = parser.parse_args()
+    try:
+        if args.command == "login":
+            if args.provider == "openai-codex":
+                return asyncio.run(_login_openai_codex(Path(args.auth_file).expanduser()))
+            if args.provider == "claude-code":
+                return asyncio.run(_login_claude_code(Path(args.auth_file).expanduser()))
+        if args.command == "auth" and args.auth_command == "status":
+            if args.provider == "openai-codex":
+                return _status_oauth_provider(Path(args.auth_file).expanduser(), "openai-codex")
+            if args.provider == "claude-code":
+                return _status_oauth_provider(Path(args.auth_file).expanduser(), "claude-code")
+        if args.command == "auth" and args.auth_command == "logout":
+            if args.provider == "openai-codex":
+                return _logout_oauth_provider(Path(args.auth_file).expanduser(), "openai-codex")
+            if args.provider == "claude-code":
+                return _logout_oauth_provider(Path(args.auth_file).expanduser(), "claude-code")
+    except Exception as e:
+        print(f"agent-harness: {e}", file=sys.stderr)
+        return 1
+    parser.error("unsupported command")
+    return 2
+
+
+async def _login_openai_codex(path: Path) -> int:
+    client = OpenAICodexOAuthClient()
+    try:
+        device = await client.request_device_code()
+        print("OpenAI Codex login")
+        print(f"Open: {device.verification_uri}")
+        print(f"Code: {device.user_code}")
+        print("Waiting for authorization...")
+        cred = await client.poll_device_code(device)
+    finally:
+        await client.aclose()
+    _write_oauth_credential(path, cred)
+    print(f"Logged in to openai-codex. Credentials saved to {path}")
+    return 0
+
+
+async def _login_claude_code(path: Path) -> int:
+    client = AnthropicClaudeCodeOAuthClient()
+    try:
+        login = client.begin_login()
+        print("Claude Code login")
+        print(f"Open: {login.url}")
+        print("Paste the final callback URL, or the code#state value.")
+        callback_input = input("Callback: ")
+        cred = await client.finish_login(login, callback_input)
+    finally:
+        await client.aclose()
+    _write_oauth_credential(path, cred)
+    print(f"Logged in to claude-code. Credentials saved to {path}")
+    return 0
+
+
+def _status_oauth_provider(path: Path, provider_name: str) -> int:
+    provider = AuthFileOAuthProvider(path, provider=provider_name)
+    try:
+        cred = provider._read_credential()
+    except FileNotFoundError:
+        print(f"Not logged in: {path} does not exist")
+        return 1
+    except Exception as e:
+        print(f"Not logged in: {e}")
+        return 1
+    status = {
+        "provider": provider_name,
+        "auth_file": str(path),
+        "account_id": cred.account_id,
+        "expires_at": cred.expires_at.isoformat() if cred.expires_at else None,
+        "expired": cred.is_expired(),
+    }
+    print(json.dumps(status, indent=2))
+    return 0
+
+
+def _logout_oauth_provider(path: Path, provider_name: str) -> int:
+    provider = AuthFileOAuthProvider(
+        path, provider=provider_name, require_private_permissions=False
+    )
+    provider.clear()
+    print(f"Removed {provider_name} credentials from {path}")
+    return 0
+
+
+def _write_oauth_credential(path: Path, cred: OAuthCredential) -> None:
+    provider = AuthFileOAuthProvider(
+        path, provider=cred.provider, require_private_permissions=False
+    )
+    path.parent.mkdir(parents=True, exist_ok=True)
+    if not path.exists():
+        path.write_text("{}")
+        if os.name != "nt":
+            path.chmod(0o600)
+    provider._write_credential(cred)
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

react_agent_harness-0.3.0/harness/llm/__init__.py

@@ -0,0 +1,19 @@
+"""LLM adapter helpers."""
+
+from harness.llm.auth import (
+    AnthropicClaudeCodeOAuthClient,
+    AuthFileOAuthProvider,
+    OAuthCredential,
+    OpenAICodexOAuthClient,
+)
+from harness.llm.claude_code import ClaudeCodeLLM
+from harness.llm.openai_codex import OpenAICodexLLM
+
+__all__ = [
+    "AnthropicClaudeCodeOAuthClient",
+    "AuthFileOAuthProvider",
+    "ClaudeCodeLLM",
+    "OAuthCredential",
+    "OpenAICodexLLM",
+    "OpenAICodexOAuthClient",
+]

react_agent_harness-0.3.0/harness/llm/_streaming.py

@@ -0,0 +1,56 @@
+"""Shared SSE helpers for streaming-capable LLM adapters."""
+
+from __future__ import annotations
+
+from collections.abc import AsyncGenerator
+from typing import Any
+
+
+async def aiter_sse_events(response: Any) -> AsyncGenerator[tuple[str, str], None]:
+    """Yield (event_type, data) pairs from an SSE response.
+
+    Parses the standard `event:` / `data:` line format. Blank lines
+    terminate events. The default event type for unlabelled events is
+    `"message"`. Trailing buffered data (no terminating blank line) is
+    flushed when the stream ends.
+    """
+    current_event = "message"
+    data_lines: list[str] = []
+    async for raw_line in response.aiter_lines():
+        line = raw_line.rstrip("\r")
+        if not line:
+            if data_lines:
+                yield current_event, "\n".join(data_lines)
+                current_event = "message"
+                data_lines = []
+            continue
+        if line.startswith("event:"):
+            current_event = line[len("event:") :].strip()
+        elif line.startswith("data:"):
+            data_lines.append(line[len("data:") :].strip())
+    if data_lines:
+        yield current_event, "\n".join(data_lines)
+
+
+async def read_error_body(response: Any) -> bytes:
+    """Drain the body of an error response, returning at most 4 KiB."""
+    out: list[bytes] = []
+    total = 0
+    async for chunk in response.aiter_bytes():
+        if total >= 4096:
+            break
+        out.append(chunk)
+        total += len(chunk)
+    return b"".join(out)[:4096]
+
+
+def format_streaming_error(status_code: int, body: bytes, *, provider: str) -> str:
+    """Build a user-facing error message from an error response body.
+
+    Truncates aggressively because error bodies sometimes echo request
+    payloads — we don't want bearer tokens or full prompts in tracebacks.
+    """
+    text = body.decode(errors="replace").strip()
+    if not text:
+        return f"{provider} backend returned HTTP {status_code}"
+    return f"{provider} backend returned {status_code}: {text[:500]}"