remdb 0.3.157__py3-none-any.whl → 0.3.180__py3-none-any.whl

rem/api/mcp_router/resources.py

@@ -349,6 +349,53 @@ def register_agent_resources(mcp: FastMCP):
         except Exception as e:
             return f"# Available Agents\n\nError listing agents: {e}"
 
+    @mcp.resource("rem://agents/{agent_name}")
+    def get_agent_schema(agent_name: str) -> str:
+        """
+        Get a specific agent schema by name.
+
+        Args:
+            agent_name: Name of the agent (e.g., "ask_rem", "agent-builder")
+
+        Returns:
+            Full agent schema as YAML string, or error message if not found.
+        """
+        import importlib.resources
+        import yaml
+        from pathlib import Path
+
+        try:
+            # Find packaged agent schemas
+            agents_ref = importlib.resources.files("rem") / "schemas" / "agents"
+            agents_dir = Path(str(agents_ref))
+
+            if not agents_dir.exists():
+                return f"# Agent Not Found\n\nNo agent schemas directory found."
+
+            # Search for agent file (try multiple extensions)
+            for ext in [".yaml", ".yml", ".json"]:
+                # Try exact match first
+                agent_file = agents_dir / f"{agent_name}{ext}"
+                if agent_file.exists():
+                    with open(agent_file, "r") as f:
+                        content = f.read()
+                    return f"# Agent Schema: {agent_name}\n\n```yaml\n{content}\n```"
+
+                # Try recursive search
+                matches = list(agents_dir.rglob(f"{agent_name}{ext}"))
+                if matches:
+                    with open(matches[0], "r") as f:
+                        content = f.read()
+                    return f"# Agent Schema: {agent_name}\n\n```yaml\n{content}\n```"
+
+            # Not found - list available agents
+            available = [f.stem for f in agents_dir.rglob("*.yaml")] + \
+                       [f.stem for f in agents_dir.rglob("*.yml")]
+            return f"# Agent Not Found\n\nAgent '{agent_name}' not found.\n\nAvailable agents: {', '.join(sorted(set(available)))}"
+
+        except Exception as e:
+            return f"# Error\n\nError loading agent '{agent_name}': {e}"
+
 
 def register_file_resources(mcp: FastMCP):
     """
@@ -501,10 +548,11 @@ async def load_resource(uri: str) -> dict | str:
     Load an MCP resource by URI.
 
     This function is called by the read_resource tool to dispatch to
-    registered resource handlers.
+    registered resource handlers. Supports both regular resources and
+    parameterized resource templates (e.g., rem://agents/{agent_name}).
 
     Args:
-        uri: Resource URI (e.g., "rem://schemas", "rem://status")
+        uri: Resource URI (e.g., "rem://agents", "rem://agents/ask_rem", "rem://status")
 
     Returns:
         Resource data (dict or string)
@@ -512,9 +560,10 @@ async def load_resource(uri: str) -> dict | str:
     Raises:
         ValueError: If URI is invalid or resource not found
     """
-    # Create temporary MCP instance with resources
+    import inspect
     from fastmcp import FastMCP
 
+    # Create temporary MCP instance with resources
     mcp = FastMCP(name="temp")
 
     # Register all resources
@@ -523,14 +572,26 @@ async def load_resource(uri: str) -> dict | str:
     register_file_resources(mcp)
     register_status_resources(mcp)
 
-    # Get resource handlers from MCP internal registry
-    # FastMCP stores resources in a dict by URI
-    if hasattr(mcp, "_resources"):
-        if uri in mcp._resources:
-            handler = mcp._resources[uri]
-            if callable(handler):
-                result = handler()
-                return result if result else {"error": "Resource returned None"}
-
-    # If not found, raise error
-    raise ValueError(f"Resource not found: {uri}. Available resources: {list(mcp._resources.keys()) if hasattr(mcp, '_resources') else 'unknown'}")
+    # 1. Try exact match in regular resources
+    resources = await mcp.get_resources()
+    if uri in resources:
+        resource = resources[uri]
+        result = resource.fn()
+        if inspect.iscoroutine(result):
+            result = await result
+        return result if result else {"error": "Resource returned None"}
+
+    # 2. Try matching against parameterized resource templates
+    templates = await mcp.get_resource_templates()
+    for template_uri, template in templates.items():
+        params = template.matches(uri)
+        if params is not None:
+            # Template matched - call function with extracted parameters
+            result = template.fn(**params)
+            if inspect.iscoroutine(result):
+                result = await result
+            return result if result else {"error": "Resource returned None"}
+
+    # 3. Not found - include both resources and templates in error
+    available = list(resources.keys()) + list(templates.keys())
+    raise ValueError(f"Resource not found: {uri}. Available resources: {available}")

rem/api/mcp_router/server.py

@@ -1,7 +1,7 @@
 """
 MCP server creation and configuration for REM.
 
-Design Pattern 
+Design Pattern
 1. Create FastMCP server with tools and resources
 2. Register tools using @mcp.tool() decorator
 3. Register resources using resource registration functions
@@ -20,10 +20,30 @@ FastMCP Features:
 """
 
 import importlib.metadata
+from functools import wraps
 
 from fastmcp import FastMCP
+from loguru import logger
 
 from ...settings import settings
+from .prompts import register_prompts
+from .resources import (
+    register_agent_resources,
+    register_file_resources,
+    register_schema_resources,
+    register_status_resources,
+)
+from .tools import (
+    ask_rem_agent,
+    get_schema,
+    ingest_into_rem,
+    list_schema,
+    read_resource,
+    register_metadata,
+    save_agent,
+    search_rem,
+    test_error_handling,
+)
 
 # Get package version
 try:
@@ -174,18 +194,7 @@ def create_mcp_server(is_local: bool = False) -> FastMCP:
         ),
     )
 
-    # Register REM tools
-    from .tools import (
-        ask_rem_agent,
-        get_schema,
-        ingest_into_rem,
-        list_schema,
-        read_resource,
-        register_metadata,
-        save_agent,
-        search_rem,
-    )
-
+    # Register core REM tools
     mcp.tool()(search_rem)
     mcp.tool()(ask_rem_agent)
     mcp.tool()(read_resource)
@@ -194,10 +203,13 @@ def create_mcp_server(is_local: bool = False) -> FastMCP:
     mcp.tool()(get_schema)
     mcp.tool()(save_agent)
 
+    # Register test tool only in development environment (not staging/production)
+    if settings.environment not in ("staging", "production"):
+        mcp.tool()(test_error_handling)
+        logger.debug("Registered test_error_handling tool (dev environment only)")
+
     # File ingestion tool (with local path support for local servers)
     # Wrap to inject is_local parameter
-    from functools import wraps
-
     @wraps(ingest_into_rem)
     async def ingest_into_rem_wrapper(
         file_uri: str,
@@ -216,18 +228,9 @@ def create_mcp_server(is_local: bool = False) -> FastMCP:
     mcp.tool()(ingest_into_rem_wrapper)
 
     # Register prompts
-    from .prompts import register_prompts
-
     register_prompts(mcp)
 
     # Register schema resources
-    from .resources import (
-        register_agent_resources,
-        register_file_resources,
-        register_schema_resources,
-        register_status_resources,
-    )
-
     register_schema_resources(mcp)
     register_agent_resources(mcp)
     register_file_resources(mcp)

rem/api/mcp_router/tools.py

@@ -116,7 +116,8 @@ def mcp_tool_error_handler(func: Callable) -> Callable:
             # Otherwise wrap in success response
             return {"status": "success", **result}
         except Exception as e:
-            logger.error(f"{func.__name__} failed: {e}", exc_info=True)
+            # Use %s format to avoid issues with curly braces in error messages
+            logger.opt(exception=True).error("{} failed: {}", func.__name__, str(e))
             return {
                 "status": "error",
                 "error": str(e),
@@ -380,9 +381,10 @@ async def ask_rem_agent(
     from ...utils.schema_loader import load_agent_schema
 
     # Create agent context
+    # Note: tenant_id defaults to "default" if user_id is None
     context = AgentContext(
         user_id=user_id,
-        tenant_id=user_id,  # Set tenant_id to user_id for backward compat
+        tenant_id=user_id or "default",  # Use default tenant for anonymous users
         default_model=settings.llm.default_model,
     )
 
@@ -1130,3 +1132,82 @@ async def save_agent(
         result["message"] = f"Agent '{name}' saved. Use `/custom-agent {name}` to chat with it."
 
     return result
+
+
+# =============================================================================
+# Test/Debug Tools (for development only)
+# =============================================================================
+
+@mcp_tool_error_handler
+async def test_error_handling(
+    error_type: Literal["exception", "error_response", "timeout", "success"] = "success",
+    delay_seconds: float = 0,
+    error_message: str = "Test error occurred",
+) -> dict[str, Any]:
+    """
+    Test tool for simulating different error scenarios.
+
+    **FOR DEVELOPMENT/TESTING ONLY** - This tool helps verify that error
+    handling works correctly through the streaming layer.
+
+    Args:
+        error_type: Type of error to simulate:
+            - "success": Returns successful response (default)
+            - "exception": Raises an exception (tests @mcp_tool_error_handler)
+            - "error_response": Returns {"status": "error", ...} dict
+            - "timeout": Delays for 60 seconds (simulates timeout)
+        delay_seconds: Optional delay before responding (0-10 seconds)
+        error_message: Custom error message for error scenarios
+
+    Returns:
+        Dict with test results or error information
+
+    Examples:
+        # Test successful response
+        test_error_handling(error_type="success")
+
+        # Test exception handling
+        test_error_handling(error_type="exception", error_message="Database connection failed")
+
+        # Test error response format
+        test_error_handling(error_type="error_response", error_message="Resource not found")
+
+        # Test with delay
+        test_error_handling(error_type="success", delay_seconds=2)
+    """
+    import asyncio
+
+    logger.info(f"test_error_handling called: type={error_type}, delay={delay_seconds}")
+
+    # Apply delay (capped at 10 seconds for safety)
+    if delay_seconds > 0:
+        await asyncio.sleep(min(delay_seconds, 10))
+
+    if error_type == "exception":
+        # This tests the @mcp_tool_error_handler decorator
+        raise RuntimeError(f"TEST EXCEPTION: {error_message}")
+
+    elif error_type == "error_response":
+        # This tests how the streaming layer handles error status responses
+        return {
+            "status": "error",
+            "error": error_message,
+            "error_code": "TEST_ERROR",
+            "recoverable": True,
+        }
+
+    elif error_type == "timeout":
+        # Simulate a very long operation (for testing client-side timeouts)
+        await asyncio.sleep(60)
+        return {"status": "success", "message": "Timeout test completed (should not reach here)"}
+
+    else:  # success
+        return {
+            "status": "success",
+            "message": "Test completed successfully",
+            "test_data": {
+                "error_type": error_type,
+                "delay_applied": delay_seconds,
+                "timestamp": str(asyncio.get_event_loop().time()),
+            },
+        }

rem/api/middleware/tracking.py

@@ -102,14 +102,14 @@ class AnonymousTrackingMiddleware(BaseHTTPMiddleware):
             # Tenant ID from header or default
             tenant_id = request.headers.get("X-Tenant-Id", "default")
 
-        # 4. Rate Limiting
-        if settings.postgres.enabled:
+        # 4. Rate Limiting (skip if disabled via settings)
+        if settings.postgres.enabled and settings.api.rate_limit_enabled:
             is_allowed, current, limit = await self.rate_limiter.check_rate_limit(
                 tenant_id=tenant_id,
                 identifier=identifier,
                 tier=tier
             )
-            
+
             if not is_allowed:
                 return JSONResponse(
                     status_code=429,
@@ -141,8 +141,8 @@ class AnonymousTrackingMiddleware(BaseHTTPMiddleware):
                 secure=settings.environment == "production"
             )
             
-        # Add Rate Limit headers
-        if settings.postgres.enabled and 'limit' in locals():
+        # Add Rate Limit headers (only if rate limiting is enabled)
+        if settings.postgres.enabled and settings.api.rate_limit_enabled and 'limit' in locals():
             response.headers["X-RateLimit-Limit"] = str(limit)
             response.headers["X-RateLimit-Remaining"] = str(max(0, limit - current))
             

rem/api/routers/auth.py

@@ -30,14 +30,17 @@ Access Control Flow (send-code):
     │   ├── Yes → Check user.tier
     │   │   ├── tier == BLOCKED → Reject "Account is blocked"
     │   │   └── tier != BLOCKED → Allow (send code, existing users grandfathered)
-    │   └── No (new user) → Check EMAIL__TRUSTED_EMAIL_DOMAINS
-    │       ├── Setting configured → domain in trusted list?
-    │       │   ├── Yes → Create user & send code
-    │       │   └── No → Reject "Email domain not allowed for signup"
-    │       └── Not configured (empty) → Create user & send code (no restrictions)
+    │   └── No (new user) → Check subscriber list first
+    │       ├── Email in subscribers table? → Allow (create user & send code)
+    │       └── Not a subscriber → Check EMAIL__TRUSTED_EMAIL_DOMAINS
+    │           ├── Setting configured → domain in trusted list?
+    │           │   ├── Yes → Create user & send code
+    │           │   └── No → Reject "Email domain not allowed for signup"
+    │           └── Not configured (empty) → Create user & send code (no restrictions)
 
 Key Behaviors:
 - Existing users: Always allowed to login (unless tier=BLOCKED)
+- Subscribers: Always allowed to login (regardless of email domain)
 - New users: Must have email from trusted domain (if EMAIL__TRUSTED_EMAIL_DOMAINS is set)
 - No restrictions: Leave EMAIL__TRUSTED_EMAIL_DOMAINS empty to allow all domains
 
@@ -102,6 +105,8 @@ from ...settings import settings
 from ...services.postgres.service import PostgresService
 from ...services.user_service import UserService
 from ...auth.providers.email import EmailAuthProvider
+from ...auth.jwt import JWTService, get_jwt_service
+from ...utils.user_id import email_to_user_id
 
 router = APIRouter(prefix="/api/auth", tags=["auth"])
 
@@ -219,14 +224,14 @@ async def send_email_code(request: Request, body: EmailSendCodeRequest):
 @router.post("/email/verify")
 async def verify_email_code(request: Request, body: EmailVerifyRequest):
     """
-    Verify login code and create session.
+    Verify login code and create session with JWT tokens.
 
     Args:
         request: FastAPI request
         body: EmailVerifyRequest with email and code
 
     Returns:
-        Success status with user info
+        Success status with user info and JWT tokens
     """
     if not settings.email.is_configured:
         raise HTTPException(
@@ -266,7 +271,25 @@ async def verify_email_code(request: Request, body: EmailVerifyRequest):
             user_id=result.user_id,
         )
 
-        # Store user in session
+        # Fetch actual user data from database to get role/tier
+        user_service = UserService(db)
+        try:
+            user_entity = await user_service.get_user_by_id(result.user_id)
+            if user_entity:
+                # Override defaults with actual database values
+                user_dict["role"] = user_entity.role or "user"
+                user_dict["roles"] = [user_entity.role] if user_entity.role else ["user"]
+                user_dict["tier"] = user_entity.tier.value if user_entity.tier else "free"
+                user_dict["name"] = user_entity.name or user_dict["name"]
+        except Exception as e:
+            logger.warning(f"Could not fetch user details: {e}")
+            # Continue with defaults from get_user_dict
+
+        # Generate JWT tokens
+        jwt_service = get_jwt_service()
+        tokens = jwt_service.create_tokens(user_dict)
+
+        # Store user in session (for backward compatibility)
         request.session["user"] = user_dict
 
         logger.info(f"User authenticated via email: {result.email}")
@@ -275,6 +298,11 @@ async def verify_email_code(request: Request, body: EmailVerifyRequest):
             "success": True,
             "message": result.message,
             "user": user_dict,
+            # JWT tokens for stateless auth
+            "access_token": tokens["access_token"],
+            "refresh_token": tokens["refresh_token"],
+            "token_type": tokens["token_type"],
+            "expires_in": tokens["expires_in"],
         }
 
     except HTTPException:
@@ -405,8 +433,9 @@ async def callback(provider: str, request: Request):
                     await user_service.link_anonymous_session(user_entity, anon_id)
                     
                 # Enrich session user with DB info
+                # user_id = UUID5 hash of email (deterministic, bijection)
                 db_info = {
-                    "id": str(user_entity.id),
+                    "id": email_to_user_id(user_info.get("email")),
                     "tenant_id": user_entity.tenant_id,
                     "tier": user_entity.tier.value if user_entity.tier else "free",
                     "roles": [user_entity.role] if user_entity.role else [],
@@ -472,7 +501,7 @@ async def logout(request: Request):
 @router.get("/me")
 async def me(request: Request):
     """
-    Get current user information from session.
+    Get current user information from session or JWT.
 
     Args:
         request: FastAPI request
@@ -480,6 +509,16 @@ async def me(request: Request):
     Returns:
         User information or 401 if not authenticated
     """
+    # First check for JWT in Authorization header
+    auth_header = request.headers.get("Authorization")
+    if auth_header and auth_header.startswith("Bearer "):
+        token = auth_header[7:]
+        jwt_service = get_jwt_service()
+        user = jwt_service.verify_token(token)
+        if user:
+            return user
+
+    # Fall back to session
     user = request.session.get("user")
     if not user:
         raise HTTPException(status_code=401, detail="Not authenticated")
@@ -487,6 +526,69 @@ async def me(request: Request):
     return user
 
 
+# =============================================================================
+# JWT Token Endpoints
+# =============================================================================
+
+
+class TokenRefreshRequest(BaseModel):
+    """Request to refresh access token."""
+    refresh_token: str
+
+
+@router.post("/token/refresh")
+async def refresh_token(body: TokenRefreshRequest):
+    """
+    Refresh access token using refresh token.
+
+    Args:
+        body: TokenRefreshRequest with refresh_token
+
+    Returns:
+        New access token or 401 if refresh token is invalid
+    """
+    jwt_service = get_jwt_service()
+    result = jwt_service.refresh_access_token(body.refresh_token)
+
+    if not result:
+        raise HTTPException(
+            status_code=401,
+            detail="Invalid or expired refresh token"
+        )
+
+    return result
+
+
+@router.post("/token/verify")
+async def verify_token(request: Request):
+    """
+    Verify an access token is valid.
+
+    Pass the token in the Authorization header: Bearer <token>
+
+    Returns:
+        User info if valid, 401 if invalid
+    """
+    auth_header = request.headers.get("Authorization")
+    if not auth_header or not auth_header.startswith("Bearer "):
+        raise HTTPException(
+            status_code=401,
+            detail="Missing Authorization header"
+        )
+
+    token = auth_header[7:]
+    jwt_service = get_jwt_service()
+    user = jwt_service.verify_token(token)
+
+    if not user:
+        raise HTTPException(
+            status_code=401,
+            detail="Invalid or expired token"
+        )
+
+    return {"valid": True, "user": user}
+
+
 # =============================================================================
 # Development Token Endpoints (non-production only)
 # =============================================================================
@@ -555,3 +657,43 @@ async def get_dev_token(request: Request):
         "usage": f'curl -H "Authorization: Bearer {token}" http://localhost:8000/api/v1/...',
         "warning": "This token is for development/testing only and will not work in production.",
     }
+
+
+@router.get("/dev/mock-code/{email}")
+async def get_mock_code(email: str, request: Request):
+    """
+    Get the mock login code for testing (non-production only).
+
+    This endpoint retrieves the code that was "sent" via email in mock mode.
+    Use this for automated testing without real email delivery.
+
+    Usage:
+        1. POST /api/auth/email/send-code with email
+        2. GET /api/auth/dev/mock-code/{email} to retrieve the code
+        3. POST /api/auth/email/verify with email and code
+
+    Returns:
+        401 if in production environment
+        404 if no code found for the email
+        The code and email otherwise
+    """
+    if settings.environment == "production":
+        raise HTTPException(
+            status_code=401,
+            detail="Mock codes are not available in production"
+        )
+
+    from ...services.email import EmailService
+
+    code = EmailService.get_mock_code(email)
+    if not code:
+        raise HTTPException(
+            status_code=404,
+            detail=f"No mock code found for {email}. Send a code first."
+        )
+
+    return {
+        "email": email,
+        "code": code,
+        "warning": "This endpoint is for testing only and will not work in production.",
+    }

rem/api/routers/chat/completions.py

@@ -97,7 +97,7 @@ Context Building Flow:
    - Long messages include REM LOOKUP hints: "... [REM LOOKUP session-{id}-msg-{index}] ..."
    - Agent can retrieve full content on-demand using REM LOOKUP
 3. User profile provided as REM LOOKUP hint (on-demand by default)
-   - Agent receives: "User ID: {user_id}. To load user profile: Use REM LOOKUP users/{user_id}"
+   - Agent receives: "User: {email}. To load user profile: Use REM LOOKUP \"{email}\""
    - Agent decides whether to load profile based on query
 4. If CHAT__AUTO_INJECT_USER_CONTEXT=true: User profile auto-loaded and injected
 5. Combines: system context + compressed session history + new messages
@@ -330,8 +330,8 @@ async def chat_completions(body: ChatCompletionRequest, request: Request):
     - Useful for A/B testing, model comparison, and feedback collection
     """
     # Load agent schema: use header value from context or default
-    # Extract AgentContext first to get schema name
-    temp_context = AgentContext.from_headers(dict(request.headers))
+    # Extract AgentContext from request (gets user_id from JWT token)
+    temp_context = AgentContext.from_request(request)
     schema_name = temp_context.agent_schema_uri or DEFAULT_AGENT_SCHEMA
 
     # Resolve model: use body.model if provided, otherwise settings default
@@ -350,6 +350,7 @@ async def chat_completions(body: ChatCompletionRequest, request: Request):
         context, messages = await ContextBuilder.build_from_headers(
             headers=dict(request.headers),
             new_messages=new_messages,
+            user_id=temp_context.user_id,  # From JWT token (source of truth)
         )
 
         # Ensure session exists with metadata and eval mode if applicable
@@ -509,6 +510,7 @@ async def chat_completions(body: ChatCompletionRequest, request: Request):
     context, messages = await ContextBuilder.build_from_headers(
         headers=dict(request.headers),
         new_messages=new_messages,
+        user_id=temp_context.user_id,  # From JWT token (source of truth)
     )
 
     logger.info(f"Built context with {len(messages)} total messages (includes history + user context)")

rem/api/routers/chat/streaming.py

@@ -835,3 +835,21 @@ async def stream_openai_response_with_save(
                 )
             except Exception as e:
                 logger.error(f"Failed to save session messages: {e}", exc_info=True)
+
+        # Update session description with session_name (non-blocking, after all yields)
+        for tool_call in tool_calls:
+            if tool_call.get("tool_name") == "register_metadata" and tool_call.get("is_metadata"):
+                session_name = tool_call.get("arguments", {}).get("session_name")
+                if session_name:
+                    try:
+                        from ....models.entities import Session
+                        from ....services.postgres import Repository
+                        repo = Repository(Session, table_name="sessions")
+                        session = await repo.get_by_id(session_id)
+                        if session and session.description != session_name:
+                            session.description = session_name
+                            await repo.update(session)
+                            logger.debug(f"Updated session {session_id} description to '{session_name}'")
+                    except Exception as e:
+                        logger.warning(f"Failed to update session description: {e}")
+                    break