PyPI - remdb - Versions diffs - 0.3.14__py3-none-any.whl → 0.3.157__py3-none-any.whl - Mend

remdb 0.3.14py3-none-any.whl → 0.3.157py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (112) hide show

rem/agentic/README.md +76 -0
rem/agentic/__init__.py +15 -0
rem/agentic/agents/__init__.py +32 -2
rem/agentic/agents/agent_manager.py +310 -0
rem/agentic/agents/sse_simulator.py +502 -0
rem/agentic/context.py +51 -27
rem/agentic/context_builder.py +5 -3
rem/agentic/llm_provider_models.py +301 -0
rem/agentic/mcp/tool_wrapper.py +155 -18
rem/agentic/otel/setup.py +93 -4
rem/agentic/providers/phoenix.py +371 -108
rem/agentic/providers/pydantic_ai.py +280 -57
rem/agentic/schema.py +361 -21
rem/agentic/tools/rem_tools.py +3 -3
rem/api/README.md +215 -1
rem/api/deps.py +255 -0
rem/api/main.py +132 -40
rem/api/mcp_router/resources.py +1 -1
rem/api/mcp_router/server.py +28 -5
rem/api/mcp_router/tools.py +555 -7
rem/api/routers/admin.py +494 -0
rem/api/routers/auth.py +278 -4
rem/api/routers/chat/completions.py +402 -20
rem/api/routers/chat/models.py +88 -10
rem/api/routers/chat/otel_utils.py +33 -0
rem/api/routers/chat/sse_events.py +542 -0
rem/api/routers/chat/streaming.py +697 -45
rem/api/routers/dev.py +81 -0
rem/api/routers/feedback.py +268 -0
rem/api/routers/messages.py +473 -0
rem/api/routers/models.py +78 -0
rem/api/routers/query.py +360 -0
rem/api/routers/shared_sessions.py +406 -0
rem/auth/__init__.py +13 -3
rem/auth/middleware.py +186 -22
rem/auth/providers/__init__.py +4 -1
rem/auth/providers/email.py +215 -0
rem/cli/commands/README.md +237 -64
rem/cli/commands/cluster.py +1808 -0
rem/cli/commands/configure.py +4 -7
rem/cli/commands/db.py +386 -143
rem/cli/commands/experiments.py +468 -76
rem/cli/commands/process.py +14 -8
rem/cli/commands/schema.py +97 -50
rem/cli/commands/session.py +336 -0
rem/cli/dreaming.py +2 -2
rem/cli/main.py +29 -6
rem/config.py +10 -3
rem/models/core/core_model.py +7 -1
rem/models/core/experiment.py +58 -14
rem/models/core/rem_query.py +5 -2
rem/models/entities/__init__.py +25 -0
rem/models/entities/domain_resource.py +38 -0
rem/models/entities/feedback.py +123 -0
rem/models/entities/message.py +30 -1
rem/models/entities/ontology.py +1 -1
rem/models/entities/ontology_config.py +1 -1
rem/models/entities/session.py +83 -0
rem/models/entities/shared_session.py +180 -0
rem/models/entities/subscriber.py +175 -0
rem/models/entities/user.py +1 -0
rem/registry.py +10 -4
rem/schemas/agents/core/agent-builder.yaml +134 -0
rem/schemas/agents/examples/contract-analyzer.yaml +1 -1
rem/schemas/agents/examples/contract-extractor.yaml +1 -1
rem/schemas/agents/examples/cv-parser.yaml +1 -1
rem/schemas/agents/rem.yaml +7 -3
rem/services/__init__.py +3 -1
rem/services/content/service.py +92 -19
rem/services/email/__init__.py +10 -0
rem/services/email/service.py +459 -0
rem/services/email/templates.py +360 -0
rem/services/embeddings/api.py +4 -4
rem/services/embeddings/worker.py +16 -16
rem/services/phoenix/client.py +154 -14
rem/services/postgres/README.md +197 -15
rem/services/postgres/__init__.py +2 -1
rem/services/postgres/diff_service.py +547 -0
rem/services/postgres/pydantic_to_sqlalchemy.py +470 -140
rem/services/postgres/repository.py +132 -0
rem/services/postgres/schema_generator.py +205 -4
rem/services/postgres/service.py +6 -6
rem/services/rem/parser.py +44 -9
rem/services/rem/service.py +36 -2
rem/services/session/compression.py +137 -51
rem/services/session/reload.py +15 -8
rem/settings.py +515 -27
rem/sql/background_indexes.sql +21 -16
rem/sql/migrations/001_install.sql +387 -54
rem/sql/migrations/002_install_models.sql +2304 -377
rem/sql/migrations/003_optional_extensions.sql +326 -0
rem/sql/migrations/004_cache_system.sql +548 -0
rem/sql/migrations/005_schema_update.sql +145 -0
rem/utils/README.md +45 -0
rem/utils/__init__.py +18 -0
rem/utils/date_utils.py +2 -2
rem/utils/files.py +157 -1
rem/utils/model_helpers.py +156 -1
rem/utils/schema_loader.py +220 -22
rem/utils/sql_paths.py +146 -0
rem/utils/sql_types.py +3 -1
rem/utils/vision.py +1 -1
rem/workers/__init__.py +3 -1
rem/workers/db_listener.py +579 -0
rem/workers/unlogged_maintainer.py +463 -0
{remdb-0.3.14.dist-info → remdb-0.3.157.dist-info}/METADATA +340 -229
{remdb-0.3.14.dist-info → remdb-0.3.157.dist-info}/RECORD +109 -80
{remdb-0.3.14.dist-info → remdb-0.3.157.dist-info}/WHEEL +1 -1
rem/sql/002_install_models.sql +0 -1068
rem/sql/install_models.sql +0 -1051
rem/sql/migrations/003_seed_default_user.sql +0 -48
{remdb-0.3.14.dist-info → remdb-0.3.157.dist-info}/entry_points.txt +0 -0

rem/api/routers/auth.py CHANGED Viewed

@@ -1,20 +1,68 @@
 """
-OAuth 2.1 Authentication Router.
+Authentication Router.
-Leverages Authlib for standards-compliant OAuth/OIDC implementation.
-Minimal custom code - Authlib handles PKCE, token validation, JWKS.
+Supports multiple authentication methods:
+1. Email (passwordless): POST /api/auth/email/send-code, POST /api/auth/email/verify
+2. OAuth (Google, Microsoft): GET /api/auth/{provider}/login, GET /api/auth/{provider}/callback
 Endpoints:
+- POST /api/auth/email/send-code     - Send login code to email
+- POST /api/auth/email/verify        - Verify code and create session
 - GET  /api/auth/{provider}/login    - Initiate OAuth flow
 - GET  /api/auth/{provider}/callback - OAuth callback
 - POST /api/auth/logout              - Clear session
 - GET  /api/auth/me                  - Current user info
 Supported providers:
+- email: Passwordless email login
 - google: Google OAuth 2.0 / OIDC
 - microsoft: Microsoft Entra ID OIDC
-Design Pattern (OAuth 2.1 + PKCE):
+=============================================================================
+Email Authentication Access Control
+=============================================================================
+The email auth provider implements a tiered access control system:
+Access Control Flow (send-code):
+    User requests login code
+    ├── User exists in database?
+    │   ├── Yes → Check user.tier
+    │   │   ├── tier == BLOCKED → Reject "Account is blocked"
+    │   │   └── tier != BLOCKED → Allow (send code, existing users grandfathered)
+    │   └── No (new user) → Check EMAIL__TRUSTED_EMAIL_DOMAINS
+    │       ├── Setting configured → domain in trusted list?
+    │       │   ├── Yes → Create user & send code
+    │       │   └── No → Reject "Email domain not allowed for signup"
+    │       └── Not configured (empty) → Create user & send code (no restrictions)
+Key Behaviors:
+- Existing users: Always allowed to login (unless tier=BLOCKED)
+- New users: Must have email from trusted domain (if EMAIL__TRUSTED_EMAIL_DOMAINS is set)
+- No restrictions: Leave EMAIL__TRUSTED_EMAIL_DOMAINS empty to allow all domains
+User Tiers (models.entities.UserTier):
+- BLOCKED: Cannot login (rejected at send-code)
+- ANONYMOUS: Rate-limited anonymous access
+- FREE: Standard free tier
+- BASIC/PRO: Paid tiers with additional features
+Configuration:
+    # Allow only specific domains for new signups
+    EMAIL__TRUSTED_EMAIL_DOMAINS=siggymd.ai,example.com
+    # Allow all domains (no restrictions)
+    EMAIL__TRUSTED_EMAIL_DOMAINS=
+Example blocking a user:
+    user = await user_repo.get_by_id(user_id, tenant_id="default")
+    user.tier = UserTier.BLOCKED
+    await user_repo.upsert(user)
+=============================================================================
+OAuth Design Pattern (OAuth 2.1 + PKCE)
+=============================================================================
 1. User clicks "Login with Google"
 2. /login generates state + PKCE code_verifier
 3. Store code_verifier in session
@@ -37,6 +85,7 @@ Environment variables:
     AUTH__MICROSOFT__CLIENT_ID=<microsoft-client-id>
     AUTH__MICROSOFT__CLIENT_SECRET=<microsoft-client-secret>
     AUTH__MICROSOFT__TENANT=common
+    EMAIL__TRUSTED_EMAIL_DOMAINS=example.com  # Optional: restrict new signups
 References:
 - Authlib: https://docs.authlib.org/en/latest/
@@ -46,11 +95,13 @@ References:
 from fastapi import APIRouter, HTTPException, Request
 from fastapi.responses import RedirectResponse
 from authlib.integrations.starlette_client import OAuth
+from pydantic import BaseModel, EmailStr
 from loguru import logger
 from ...settings import settings
 from ...services.postgres.service import PostgresService
 from ...services.user_service import UserService
+from ...auth.providers.email import EmailAuthProvider
 router = APIRouter(prefix="/api/auth", tags=["auth"])
@@ -87,6 +138,159 @@ if settings.auth.microsoft.client_id:
     logger.info(f"Microsoft OAuth provider registered (tenant: {tenant})")
+# =============================================================================
+# Email Authentication Endpoints
+# =============================================================================
+class EmailSendCodeRequest(BaseModel):
+    """Request to send login code."""
+    email: EmailStr
+class EmailVerifyRequest(BaseModel):
+    """Request to verify login code."""
+    email: EmailStr
+    code: str
+@router.post("/email/send-code")
+async def send_email_code(request: Request, body: EmailSendCodeRequest):
+    """
+    Send a login code to an email address.
+    Creates user if not exists (using deterministic UUID from email).
+    Stores code in user metadata with expiry.
+    Args:
+        request: FastAPI request
+        body: EmailSendCodeRequest with email
+    Returns:
+        Success status and message
+    """
+    if not settings.email.is_configured:
+        raise HTTPException(
+            status_code=501,
+            detail="Email authentication is not configured"
+        )
+    # Get database connection
+    if not settings.postgres.enabled:
+        raise HTTPException(
+            status_code=501,
+            detail="Database is required for email authentication"
+        )
+    db = PostgresService()
+    try:
+        await db.connect()
+        # Initialize email auth provider
+        email_auth = EmailAuthProvider()
+        # Send code
+        result = await email_auth.send_code(
+            email=body.email,
+            db=db,
+        )
+        if result.success:
+            return {
+                "success": True,
+                "message": result.message,
+                "email": result.email,
+            }
+        else:
+            raise HTTPException(
+                status_code=400,
+                detail=result.message or result.error
+            )
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error sending login code: {e}")
+        raise HTTPException(status_code=500, detail="Failed to send login code")
+    finally:
+        await db.disconnect()
+@router.post("/email/verify")
+async def verify_email_code(request: Request, body: EmailVerifyRequest):
+    """
+    Verify login code and create session.
+    Args:
+        request: FastAPI request
+        body: EmailVerifyRequest with email and code
+    Returns:
+        Success status with user info
+    """
+    if not settings.email.is_configured:
+        raise HTTPException(
+            status_code=501,
+            detail="Email authentication is not configured"
+        )
+    if not settings.postgres.enabled:
+        raise HTTPException(
+            status_code=501,
+            detail="Database is required for email authentication"
+        )
+    db = PostgresService()
+    try:
+        await db.connect()
+        # Initialize email auth provider
+        email_auth = EmailAuthProvider()
+        # Verify code
+        result = await email_auth.verify_code(
+            email=body.email,
+            code=body.code,
+            db=db,
+        )
+        if not result.success:
+            raise HTTPException(
+                status_code=400,
+                detail=result.message or result.error
+            )
+        # Create session - compatible with OAuth session format
+        user_dict = email_auth.get_user_dict(
+            email=result.email,
+            user_id=result.user_id,
+        )
+        # Store user in session
+        request.session["user"] = user_dict
+        logger.info(f"User authenticated via email: {result.email}")
+        return {
+            "success": True,
+            "message": result.message,
+            "user": user_dict,
+        }
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error verifying login code: {e}")
+        raise HTTPException(status_code=500, detail="Failed to verify login code")
+    finally:
+        await db.disconnect()
+# =============================================================================
+# OAuth Authentication Endpoints
+# =============================================================================
 @router.get("/{provider}/login")
 async def login(provider: str, request: Request):
     """
@@ -281,3 +485,73 @@ async def me(request: Request):
         raise HTTPException(status_code=401, detail="Not authenticated")
     return user
+# =============================================================================
+# Development Token Endpoints (non-production only)
+# =============================================================================
+def generate_dev_token() -> str:
+    """
+    Generate a dev token for testing.
+    Token format: dev_<hmac_signature>
+    The signature is based on the session secret to ensure only valid tokens work.
+    """
+    import hashlib
+    import hmac
+    # Use session secret as key
+    secret = settings.auth.session_secret or "dev-secret"
+    message = "test-user:dev-token"
+    signature = hmac.new(
+        secret.encode(),
+        message.encode(),
+        hashlib.sha256
+    ).hexdigest()[:32]
+    return f"dev_{signature}"
+def verify_dev_token(token: str) -> bool:
+    """Verify a dev token is valid."""
+    expected = generate_dev_token()
+    return token == expected
+@router.get("/dev/token")
+async def get_dev_token(request: Request):
+    """
+    Get a development token for testing (non-production only).
+    This token can be used as a Bearer token to authenticate as the
+    test user (test-user / test@rem.local) without going through OAuth.
+    Usage:
+        curl -H "Authorization: Bearer <token>" http://localhost:8000/api/v1/...
+    Returns:
+        401 if in production environment
+        Token and usage instructions otherwise
+    """
+    if settings.environment == "production":
+        raise HTTPException(
+            status_code=401,
+            detail="Dev tokens are not available in production"
+        )
+    token = generate_dev_token()
+    return {
+        "token": token,
+        "type": "Bearer",
+        "user": {
+            "id": "test-user",
+            "email": "test@rem.local",
+            "name": "Test User",
+        },
+        "usage": f'curl -H "Authorization: Bearer {token}" http://localhost:8000/api/v1/...',
+        "warning": "This token is for development/testing only and will not work in production.",
+    }

remdb 0.3.14__py3-none-any.whl → 0.3.157__py3-none-any.whl

remdb 0.3.14py3-none-any.whl → 0.3.157py3-none-any.whl