PyPI - remdb - Versions diffs - 0.3.133__py3-none-any.whl → 0.3.157__py3-none-any.whl - Mend

remdb 0.3.133py3-none-any.whl → 0.3.157py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

rem/agentic/agents/__init__.py +16 -0
rem/agentic/agents/agent_manager.py +310 -0
rem/agentic/context_builder.py +5 -3
rem/agentic/mcp/tool_wrapper.py +48 -6
rem/agentic/providers/phoenix.py +91 -21
rem/agentic/providers/pydantic_ai.py +77 -43
rem/api/deps.py +2 -2
rem/api/main.py +1 -1
rem/api/mcp_router/server.py +2 -0
rem/api/mcp_router/tools.py +90 -0
rem/api/routers/auth.py +208 -4
rem/api/routers/chat/streaming.py +77 -22
rem/auth/__init__.py +13 -3
rem/auth/middleware.py +66 -1
rem/auth/providers/__init__.py +4 -1
rem/auth/providers/email.py +215 -0
rem/cli/commands/configure.py +3 -4
rem/cli/commands/experiments.py +50 -49
rem/cli/commands/session.py +336 -0
rem/cli/dreaming.py +2 -2
rem/cli/main.py +2 -0
rem/models/core/experiment.py +4 -14
rem/models/entities/__init__.py +4 -0
rem/models/entities/ontology.py +1 -1
rem/models/entities/ontology_config.py +1 -1
rem/models/entities/subscriber.py +175 -0
rem/models/entities/user.py +1 -0
rem/schemas/agents/core/agent-builder.yaml +134 -0
rem/schemas/agents/examples/contract-analyzer.yaml +1 -1
rem/schemas/agents/examples/contract-extractor.yaml +1 -1
rem/schemas/agents/examples/cv-parser.yaml +1 -1
rem/services/__init__.py +3 -1
rem/services/content/service.py +4 -3
rem/services/email/__init__.py +10 -0
rem/services/email/service.py +459 -0
rem/services/email/templates.py +360 -0
rem/services/postgres/README.md +38 -0
rem/services/postgres/diff_service.py +19 -3
rem/services/postgres/pydantic_to_sqlalchemy.py +45 -13
rem/services/session/compression.py +113 -50
rem/services/session/reload.py +14 -7
rem/settings.py +191 -4
rem/sql/migrations/002_install_models.sql +91 -91
rem/sql/migrations/005_schema_update.sql +145 -0
rem/utils/README.md +45 -0
rem/utils/files.py +157 -1
rem/utils/vision.py +1 -1
{remdb-0.3.133.dist-info → remdb-0.3.157.dist-info}/METADATA +7 -5
{remdb-0.3.133.dist-info → remdb-0.3.157.dist-info}/RECORD +51 -42
{remdb-0.3.133.dist-info → remdb-0.3.157.dist-info}/WHEEL +0 -0
{remdb-0.3.133.dist-info → remdb-0.3.157.dist-info}/entry_points.txt +0 -0

rem/auth/__init__.py CHANGED Viewed

@@ -1,26 +1,36 @@
 """
 REM Authentication Module.
-OAuth 2.1 compliant authentication with support for:
+Authentication with support for:
+- Email passwordless login (verification codes)
 - Google OAuth
 - Microsoft Entra ID (Azure AD) OIDC
 - Custom OIDC providers
 Design Pattern:
 - Provider-agnostic base classes
-- PKCE (Proof Key for Code Exchange) for all flows
+- PKCE (Proof Key for Code Exchange) for OAuth flows
 - State parameter for CSRF protection
 - Nonce for ID token replay protection
 - Token validation with JWKS
-- Clean separation: providers/ for OAuth logic, middleware.py for FastAPI integration
+- Clean separation: providers/ for auth logic, middleware.py for FastAPI integration
+Email Auth Flow:
+1. POST /api/auth/email/send-code with {email}
+2. User receives code via email
+3. POST /api/auth/email/verify with {email, code}
+4. Session created, user authenticated
 """
 from .providers.base import OAuthProvider
+from .providers.email import EmailAuthProvider, EmailAuthResult
 from .providers.google import GoogleOAuthProvider
 from .providers.microsoft import MicrosoftOAuthProvider
 __all__ = [
     "OAuthProvider",
+    "EmailAuthProvider",
+    "EmailAuthResult",
     "GoogleOAuthProvider",
     "MicrosoftOAuthProvider",
 ]

rem/auth/middleware.py CHANGED Viewed

@@ -6,6 +6,7 @@ Supports anonymous access with rate limiting when allow_anonymous=True.
 MCP endpoints are always protected unless explicitly disabled.
 Design Pattern:
+- Check X-API-Key header first (if API key auth enabled)
 - Check session for user on protected paths
 - Check Bearer token for dev token (non-production only)
 - MCP paths always require authentication (protected service)
@@ -20,6 +21,12 @@ Access Modes (configured in settings.auth):
 - mcp_requires_auth=true (default): MCP always requires login regardless of allow_anonymous
 - mcp_requires_auth=false: MCP follows normal allow_anonymous rules (dev only)
+API Key Authentication (configured in settings.api):
+- api_key_enabled=true: Require X-API-Key header for protected endpoints
+- api_key: The secret key to validate against
+- Provides simple programmatic access without OAuth flow
+- X-API-Key header takes precedence over session auth
 Dev Token Support (non-production only):
 - GET /api/auth/dev/token returns a Bearer token for test-user
 - Include as: Authorization: Bearer dev_<signature>
@@ -82,6 +89,39 @@ class AuthMiddleware(BaseHTTPMiddleware):
         self.mcp_requires_auth = mcp_requires_auth
         self.mcp_path = mcp_path
+    def _check_api_key(self, request: Request) -> dict | None:
+        """
+        Check for valid X-API-Key header.
+        Returns:
+            API key user dict if valid, None otherwise
+        """
+        # Only check if API key auth is enabled
+        if not settings.api.api_key_enabled:
+            return None
+        # Check for X-API-Key header
+        api_key = request.headers.get("x-api-key")
+        if not api_key:
+            return None
+        # Validate against configured API key
+        if settings.api.api_key and api_key == settings.api.api_key:
+            logger.debug("X-API-Key authenticated")
+            return {
+                "id": "api-key-user",
+                "email": "api@rem.local",
+                "name": "API Key User",
+                "provider": "api-key",
+                "tenant_id": "default",
+                "tier": "pro",  # API key users get full access
+                "roles": ["user"],
+            }
+        # Invalid API key
+        logger.warning("Invalid X-API-Key provided")
+        return None
     def _check_dev_token(self, request: Request) -> dict | None:
         """
         Check for valid dev token in Authorization header (non-production only).
@@ -105,7 +145,7 @@ class AuthMiddleware(BaseHTTPMiddleware):
         # Verify dev token
         from ..api.routers.dev import verify_dev_token
         if verify_dev_token(token):
-            logger.debug(f"Dev token authenticated as test-user")
+            logger.debug("Dev token authenticated as test-user")
             return {
                 "id": "test-user",
                 "email": "test@rem.local",
@@ -142,6 +182,31 @@ class AuthMiddleware(BaseHTTPMiddleware):
         if not is_protected or is_excluded:
             return await call_next(request)
+        # Check for X-API-Key header first (if enabled)
+        api_key_user = self._check_api_key(request)
+        if api_key_user:
+            request.state.user = api_key_user
+            request.state.is_anonymous = False
+            return await call_next(request)
+        # If API key auth is enabled but no valid key provided, reject immediately
+        if settings.api.api_key_enabled:
+            # Check if X-API-Key header was provided but invalid
+            if request.headers.get("x-api-key"):
+                logger.warning(f"Invalid X-API-Key for: {path}")
+                return JSONResponse(
+                    status_code=401,
+                    content={"detail": "Invalid API key"},
+                    headers={"WWW-Authenticate": 'ApiKey realm="REM API"'},
+                )
+            # No API key provided when required
+            logger.debug(f"Missing X-API-Key for: {path}")
+            return JSONResponse(
+                status_code=401,
+                content={"detail": "API key required. Include X-API-Key header."},
+                headers={"WWW-Authenticate": 'ApiKey realm="REM API"'},
+            )
         # Check for dev token (non-production only)
         dev_user = self._check_dev_token(request)
         if dev_user:

rem/auth/providers/__init__.py CHANGED Viewed

@@ -1,6 +1,7 @@
-"""OAuth provider implementations."""
+"""Authentication provider implementations."""
 from .base import OAuthProvider, OAuthTokens, OAuthUserInfo
+from .email import EmailAuthProvider, EmailAuthResult
 from .google import GoogleOAuthProvider
 from .microsoft import MicrosoftOAuthProvider
@@ -8,6 +9,8 @@ __all__ = [
     "OAuthProvider",
     "OAuthTokens",
     "OAuthUserInfo",
+    "EmailAuthProvider",
+    "EmailAuthResult",
     "GoogleOAuthProvider",
     "MicrosoftOAuthProvider",
 ]

rem/auth/providers/email.py ADDED Viewed

@@ -0,0 +1,215 @@
+"""
+Email Authentication Provider.
+Passwordless authentication using email verification codes.
+Unlike OAuth providers, this handles the full flow internally.
+Flow:
+1. User requests login with email address
+2. System generates code, upserts user, sends email
+3. User enters code
+4. System verifies code and creates session
+Design:
+- Uses EmailService for sending codes
+- Creates users with deterministic UUID from email hash
+- Stores challenge in user metadata
+- No external OAuth dependencies
+"""
+from typing import TYPE_CHECKING
+from pydantic import BaseModel, Field
+from loguru import logger
+from ...services.email import EmailService
+if TYPE_CHECKING:
+    from ...services.postgres import PostgresService
+class EmailAuthResult(BaseModel):
+    """Result of email authentication operations."""
+    success: bool = Field(description="Whether operation succeeded")
+    email: str = Field(description="Email address")
+    user_id: str | None = Field(default=None, description="User ID if authenticated")
+    error: str | None = Field(default=None, description="Error message if failed")
+    message: str | None = Field(default=None, description="User-friendly message")
+class EmailAuthProvider:
+    """
+    Email-based passwordless authentication provider.
+    Handles the complete email login flow:
+    1. send_code() - Generate and send verification code
+    2. verify_code() - Verify code and return user info
+    """
+    def __init__(
+        self,
+        email_service: EmailService | None = None,
+        template_kwargs: dict | None = None,
+    ):
+        """
+        Initialize EmailAuthProvider.
+        Args:
+            email_service: EmailService instance (creates new one if not provided)
+            template_kwargs: Customization for email templates (colors, branding, etc.)
+        """
+        self._email_service = email_service or EmailService()
+        self._template_kwargs = template_kwargs or {}
+    @property
+    def is_configured(self) -> bool:
+        """Check if email auth is properly configured."""
+        return self._email_service.is_configured
+    async def send_code(
+        self,
+        email: str,
+        db: "PostgresService",
+        tenant_id: str = "default",
+    ) -> EmailAuthResult:
+        """
+        Send a verification code to an email address.
+        Creates user if not exists (using deterministic UUID from email).
+        Stores code in user metadata.
+        Args:
+            email: Email address to send code to
+            db: PostgresService instance
+            tenant_id: Tenant identifier
+        Returns:
+            EmailAuthResult with success status
+        """
+        if not self.is_configured:
+            return EmailAuthResult(
+                success=False,
+                email=email,
+                error="Email service not configured",
+                message="Email login is not available. Please try another method.",
+            )
+        try:
+            result = await self._email_service.send_login_code(
+                email=email,
+                db=db,
+                tenant_id=tenant_id,
+                template_kwargs=self._template_kwargs,
+            )
+            if result["success"]:
+                return EmailAuthResult(
+                    success=True,
+                    email=email,
+                    user_id=result["user_id"],
+                    message=f"Verification code sent to {email}. Check your inbox.",
+                )
+            else:
+                return EmailAuthResult(
+                    success=False,
+                    email=email,
+                    error=result.get("error", "Failed to send code"),
+                    message="Failed to send verification code. Please try again.",
+                )
+        except Exception as e:
+            logger.error(f"Error sending login code: {e}")
+            return EmailAuthResult(
+                success=False,
+                email=email,
+                error=str(e),
+                message="An error occurred. Please try again.",
+            )
+    async def verify_code(
+        self,
+        email: str,
+        code: str,
+        db: "PostgresService",
+        tenant_id: str = "default",
+    ) -> EmailAuthResult:
+        """
+        Verify a login code and authenticate user.
+        Args:
+            email: Email address
+            code: 6-digit verification code
+            db: PostgresService instance
+            tenant_id: Tenant identifier
+        Returns:
+            EmailAuthResult with user_id if successful
+        """
+        try:
+            result = await self._email_service.verify_login_code(
+                email=email,
+                code=code,
+                db=db,
+                tenant_id=tenant_id,
+            )
+            if result["valid"]:
+                return EmailAuthResult(
+                    success=True,
+                    email=email,
+                    user_id=result["user_id"],
+                    message="Successfully authenticated!",
+                )
+            else:
+                error = result.get("error", "Invalid code")
+                # User-friendly error messages
+                if error == "Login code expired":
+                    message = "Your code has expired. Please request a new one."
+                elif error == "Invalid login code":
+                    message = "Invalid code. Please check and try again."
+                elif error == "No login code requested":
+                    message = "No code was requested for this email. Please request a new code."
+                elif error == "User not found":
+                    message = "Email not found. Please request a login code first."
+                else:
+                    message = "Verification failed. Please try again."
+                return EmailAuthResult(
+                    success=False,
+                    email=email,
+                    error=error,
+                    message=message,
+                )
+        except Exception as e:
+            logger.error(f"Error verifying login code: {e}")
+            return EmailAuthResult(
+                success=False,
+                email=email,
+                error=str(e),
+                message="An error occurred. Please try again.",
+            )
+    def get_user_dict(self, email: str, user_id: str) -> dict:
+        """
+        Create a user dict for session storage.
+        Compatible with OAuth user format for consistent session handling.
+        Args:
+            email: User's email
+            user_id: User's UUID
+        Returns:
+            User dict for session
+        """
+        return {
+            "id": user_id,
+            "email": email,
+            "email_verified": True,  # Email is verified through code
+            "name": email.split("@")[0],  # Use email prefix as name
+            "provider": "email",
+            "tenant_id": "default",
+            "tier": "free",  # Email users start at free tier
+            "roles": ["user"],
+        }

rem/cli/commands/configure.py CHANGED Viewed

@@ -110,7 +110,7 @@ def prompt_llm_config(use_defaults: bool = False) -> dict:
     config = {}
     # Default values
-    default_model = "anthropic:claude-sonnet-4-5-20250929"
+    default_model = "openai:gpt-4.1"
     default_temperature = 0.5
     if use_defaults:
@@ -124,9 +124,9 @@ def prompt_llm_config(use_defaults: bool = False) -> dict:
         # Default model
         click.echo("\nDefault LLM model (format: provider:model-id)")
         click.echo("Examples:")
+        click.echo("  - openai:gpt-4.1")
         click.echo("  - anthropic:claude-sonnet-4-5-20250929")
-        click.echo("  - openai:gpt-4o")
-        click.echo("  - openai:gpt-4o-mini")
+        click.echo("  - openai:gpt-4.1-mini")
         config["default_model"] = click.prompt(
             "Default model", default=default_model
@@ -422,7 +422,6 @@ def configure_command(install: bool, claude_desktop: bool, show: bool, edit: boo
         try:
             import shutil
-            from pathlib import Path
             from fastmcp.mcp_config import update_config_file, StdioMCPServer
             # Find Claude Desktop config path

rem/cli/commands/experiments.py CHANGED Viewed

@@ -125,19 +125,17 @@ def create(
         # Resolve base path: CLI arg > EXPERIMENTS_HOME env var > default "experiments"
         if base_path is None:
             base_path = os.getenv("EXPERIMENTS_HOME", "experiments")
-        # Build dataset reference
+        # Build dataset reference (format auto-detected from file extension)
         if dataset_location == "git":
             dataset_ref = DatasetReference(
                 location=DatasetLocation.GIT,
                 path="ground-truth/dataset.csv",
-                format="csv",
                 description="Ground truth Q&A dataset for evaluation"
             )
         else:  # s3 or hybrid
             dataset_ref = DatasetReference(
                 location=DatasetLocation(dataset_location),
                 path=f"s3://rem-experiments/{name}/datasets/ground_truth.parquet",
-                format="parquet",
                 schema_path="datasets/schema.yaml" if dataset_location == "hybrid" else None,
                 description="Ground truth dataset for evaluation"
             )
@@ -915,58 +913,61 @@ def run(
                 click.echo(f"  Last error: {evaluator_load_error}")
             raise click.Abort()
-        # Load dataset using Polars
-        import polars as pl
+        # Validate evaluator credentials before running expensive agent tasks
+        if evaluator_fn is not None and not only_vibes:
+            from rem.agentic.providers.phoenix import validate_evaluator_credentials
+            click.echo("Validating evaluator credentials...")
+            is_valid, error_msg = validate_evaluator_credentials()
+            if not is_valid:
+                click.echo(click.style(f"\n⚠️  Evaluator validation failed: {error_msg}", fg="yellow"))
+                click.echo("\nOptions:")
+                click.echo("  1. Fix the credentials issue and re-run")
+                click.echo("  2. Run with --only-vibes to skip LLM evaluation")
+                click.echo("  3. Use --evaluator-model to specify a different model")
+                raise click.Abort()
+            click.echo("✓ Evaluator credentials validated")
+        # Load dataset using read_dataframe utility (auto-detects format from extension)
+        from rem.utils.files import read_dataframe
         click.echo(f"Loading dataset: {list(config.datasets.keys())[0]}")
         dataset_ref = list(config.datasets.values())[0]
-        if dataset_ref.location.value == "git":
-            # Load from Git (local filesystem)
-            dataset_path = Path(base_path) / name / dataset_ref.path
-            if not dataset_path.exists():
-                click.echo(f"Error: Dataset not found: {dataset_path}")
-                raise click.Abort()
+        try:
+            if dataset_ref.location.value == "git":
+                # Load from Git (local filesystem)
+                dataset_path = Path(base_path) / name / dataset_ref.path
+                if not dataset_path.exists():
+                    click.echo(f"Error: Dataset not found: {dataset_path}")
+                    raise click.Abort()
-            if dataset_ref.format == "csv":
-                dataset_df = pl.read_csv(dataset_path)
-            elif dataset_ref.format == "parquet":
-                dataset_df = pl.read_parquet(dataset_path)
-            elif dataset_ref.format == "jsonl":
-                dataset_df = pl.read_ndjson(dataset_path)
-            else:
-                click.echo(f"Error: Format '{dataset_ref.format}' not yet supported")
-                raise click.Abort()
-        elif dataset_ref.location.value in ["s3", "hybrid"]:
-            # Load from S3 using FS provider
-            from rem.services.fs import FS
-            from io import BytesIO
+                dataset_df = read_dataframe(dataset_path)
-            fs = FS()
-            try:
-                if dataset_ref.format == "csv":
-                    content = fs.read(dataset_ref.path)
-                    dataset_df = pl.read_csv(BytesIO(content.encode() if isinstance(content, str) else content))
-                elif dataset_ref.format == "parquet":
-                    content_bytes = fs.read(dataset_ref.path)
-                    dataset_df = pl.read_parquet(BytesIO(content_bytes if isinstance(content_bytes, bytes) else content_bytes.encode()))
-                elif dataset_ref.format == "jsonl":
-                    content = fs.read(dataset_ref.path)
-                    dataset_df = pl.read_ndjson(BytesIO(content.encode() if isinstance(content, str) else content))
-                else:
-                    click.echo(f"Error: Format '{dataset_ref.format}' not yet supported")
-                    raise click.Abort()
+            elif dataset_ref.location.value in ["s3", "hybrid"]:
+                # Load from S3 using FS provider
+                from rem.services.fs import FS
+                fs = FS()
+                content = fs.read(dataset_ref.path)
+                # Ensure we have bytes
+                if isinstance(content, str):
+                    content = content.encode()
+                dataset_df = read_dataframe(content, filename=dataset_ref.path)
                 click.echo(f"✓ Loaded dataset from S3")
-            except Exception as e:
-                logger.error(f"Failed to load dataset from S3: {e}")
-                click.echo(f"Error: Could not load dataset from S3")
-                click.echo(f"  Path: {dataset_ref.path}")
-                click.echo(f"  Format: {dataset_ref.format}")
+            else:
+                click.echo(f"Error: Unknown dataset location: {dataset_ref.location.value}")
                 raise click.Abort()
-        else:
-            click.echo(f"Error: Unknown dataset location: {dataset_ref.location.value}")
+        except ValueError as e:
+            # Unsupported format error from read_dataframe
+            click.echo(f"Error: {e}")
+            raise click.Abort()
+        except Exception as e:
+            logger.error(f"Failed to load dataset: {e}")
+            click.echo(f"Error: Could not load dataset")
+            click.echo(f"  Path: {dataset_ref.path}")
             raise click.Abort()
         click.echo(f"✓ Loaded dataset: {len(dataset_df)} examples")
@@ -1286,7 +1287,7 @@ def prompt():
 @click.option("--system-prompt", "-s", required=True, help="System prompt text")
 @click.option("--description", "-d", help="Prompt description")
 @click.option("--model-provider", default="OPENAI", help="Model provider (OPENAI, ANTHROPIC)")
-@click.option("--model-name", "-m", help="Model name (e.g., gpt-4o, claude-sonnet-4-5)")
+@click.option("--model-name", "-m", help="Model name (e.g., gpt-4.1, claude-sonnet-4-5)")
 @click.option("--type", "-t", "prompt_type", default="Agent", help="Prompt type (Agent or Evaluator)")
 def prompt_create(
     name: str,
@@ -1302,7 +1303,7 @@ def prompt_create(
         # Create agent prompt
         rem experiments prompt create hello-world \\
             --system-prompt "You are a helpful assistant." \\
-            --model-name gpt-4o
+            --model-name gpt-4.1
         # Create evaluator prompt
         rem experiments prompt create correctness-evaluator \\
@@ -1320,7 +1321,7 @@ def prompt_create(
     try:
         # Set default model if not specified
         if not model_name:
-            model_name = "gpt-4o" if model_provider == "OPENAI" else "claude-sonnet-4-5-20250929"
+            model_name = "gpt-4.1" if model_provider == "OPENAI" else "claude-sonnet-4-5-20250929"
         # Get config
         phoenix_client = PhoenixClient()

remdb 0.3.133__py3-none-any.whl → 0.3.157__py3-none-any.whl

remdb 0.3.133py3-none-any.whl → 0.3.157py3-none-any.whl