remdb 0.3.171__py3-none-any.whl → 0.3.230__py3-none-any.whl

rem/agentic/README.md

@@ -716,11 +716,45 @@ curl -X POST http://localhost:8000/api/v1/chat/completions \
 
 See `rem/api/README.md` for full SSE event protocol documentation.
 
+## Multi-Agent Orchestration
+
+Agents can delegate work to other agents via the `ask_agent` tool. This enables orchestrator patterns where a parent agent routes to specialists.
+
+### How It Works
+
+1. **Parent agent** calls `ask_agent(agent_name, input_text)`
+2. **Child agent** executes and streams its response
+3. **Child events** bubble up to parent via an event sink (asyncio.Queue in ContextVar)
+4. **All tool calls** are saved to the database for the session
+
+### Key Components
+
+| Component | Location | Purpose |
+|-----------|----------|---------|
+| `ask_agent` tool | `mcp_router/tools.py` | Loads child agent, runs with streaming, pushes events to sink |
+| Event sink | `context.py` | ContextVar holding asyncio.Queue for child→parent event flow |
+| Streaming controller | `streaming.py` | Drains event sink, emits SSE events, saves to DB |
+
+### Event Types
+
+Child agents emit events that the parent streams to the client:
+
+- **`child_tool_start`**: Child is calling a tool (logged, streamed, saved to DB)
+- **`child_content`**: Child's text response (streamed as SSE content delta)
+- **`child_tool_result`**: Tool completed with result (metadata extraction)
+
+### Testing
+
+Integration tests in `tests/integration/test_ask_agent_streaming.py` verify:
+- Child content streams correctly to client
+- Tool calls are persisted to database
+- Multi-turn conversations save all messages
+
 ## Future Work
 
 - [ ] Phoenix evaluator integration
 - [ ] Agent schema registry (load schemas by URI)
 - [ ] Schema validation and versioning
-- [ ] Multi-turn conversation management
-- [ ] Agent composition (agents calling agents)
+- [x] Multi-turn conversation management
+- [x] Agent composition (agents calling agents)
 - [ ] Alternative provider implementations (if needed)

rem/agentic/context.py

@@ -22,14 +22,153 @@ Key Design Pattern:
 - Enables session tracking across API, CLI, and test execution
 - Supports header-based configuration override (model, schema URI)
 - Clean separation: context (who/what) vs agent (how)
+
+Multi-Agent Context Propagation:
+- ContextVar (_current_agent_context) threads context through nested agent calls
+- Parent context is automatically available to child agents via get_current_context()
+- Use agent_context_scope() context manager for scoped context setting
+- Child agents inherit user_id, tenant_id, session_id, is_eval from parent
 """
 
+import asyncio
+from contextlib import contextmanager
+from contextvars import ContextVar
+from typing import Any, Generator
+
 from loguru import logger
 from pydantic import BaseModel, Field
 
 from ..settings import settings
 
 
+# Thread-local context for current agent execution
+# This enables context propagation through nested agent calls (multi-agent)
+_current_agent_context: ContextVar["AgentContext | None"] = ContextVar(
+    "current_agent_context", default=None
+)
+
+# Event sink for streaming child agent events to parent
+# When set, child agents (via ask_agent) should push their events here
+# for the parent's streaming loop to proxy to the client
+_parent_event_sink: ContextVar["asyncio.Queue | None"] = ContextVar(
+    "parent_event_sink", default=None
+)
+
+
+def get_current_context() -> "AgentContext | None":
+    """
+    Get the current agent context from context var.
+
+    Used by MCP tools (like ask_agent) to inherit context from parent agent.
+    Returns None if no context is set (e.g., direct CLI invocation without context).
+
+    Example:
+        # In an MCP tool
+        parent_context = get_current_context()
+        if parent_context:
+            # Inherit user_id, session_id, etc. from parent
+            child_context = parent_context.child_context(agent_schema_uri="child-agent")
+    """
+    return _current_agent_context.get()
+
+
+def set_current_context(ctx: "AgentContext | None") -> None:
+    """
+    Set the current agent context.
+
+    Called by streaming layer before agent execution.
+    Should be cleared (set to None) after execution completes.
+    """
+    _current_agent_context.set(ctx)
+
+
+@contextmanager
+def agent_context_scope(ctx: "AgentContext") -> Generator["AgentContext", None, None]:
+    """
+    Context manager for scoped context setting.
+
+    Automatically restores previous context when exiting scope.
+    Safe for nested agent calls - each level preserves its parent's context.
+
+    Example:
+        context = AgentContext(user_id="user-123")
+        with agent_context_scope(context):
+            # Context is available via get_current_context()
+            result = await agent.run(...)
+        # Previous context (or None) is restored
+    """
+    previous = _current_agent_context.get()
+    _current_agent_context.set(ctx)
+    try:
+        yield ctx
+    finally:
+        _current_agent_context.set(previous)
+
+
+# =============================================================================
+# Event Sink for Streaming Multi-Agent Delegation
+# =============================================================================
+
+
+def get_event_sink() -> "asyncio.Queue | None":
+    """
+    Get the parent's event sink for streaming child events.
+
+    Used by ask_agent to push child agent events to the parent's stream.
+    Returns None if not in a streaming context.
+    """
+    return _parent_event_sink.get()
+
+
+def set_event_sink(sink: "asyncio.Queue | None") -> None:
+    """Set the event sink for child agents to push events to."""
+    _parent_event_sink.set(sink)
+
+
+@contextmanager
+def event_sink_scope(sink: "asyncio.Queue") -> Generator["asyncio.Queue", None, None]:
+    """
+    Context manager for scoped event sink setting.
+
+    Used by streaming layer to set up event proxying before tool execution.
+    Child agents (via ask_agent) will push their events to this sink.
+
+    Example:
+        event_queue = asyncio.Queue()
+        with event_sink_scope(event_queue):
+            # ask_agent will push child events to event_queue
+            async for event in tools_stream:
+                ...
+            # Also consume from event_queue
+    """
+    previous = _parent_event_sink.get()
+    _parent_event_sink.set(sink)
+    try:
+        yield sink
+    finally:
+        _parent_event_sink.set(previous)
+
+
+async def push_event(event: Any) -> bool:
+    """
+    Push an event to the parent's event sink (if available).
+
+    Used by ask_agent to proxy child agent events to the parent's stream.
+    Returns True if event was pushed, False if no sink available.
+
+    Args:
+        event: Any streaming event (ToolCallEvent, content chunk, etc.)
+
+    Returns:
+        True if event was pushed to sink, False otherwise
+    """
+    sink = _parent_event_sink.get()
+    if sink is not None:
+        await sink.put(event)
+        return True
+    return False
+
+
 class AgentContext(BaseModel):
     """
     Session and configuration context for agent execution.
@@ -85,6 +224,40 @@ class AgentContext(BaseModel):
 
     model_config = {"populate_by_name": True}
 
+    def child_context(
+        self,
+        agent_schema_uri: str | None = None,
+        model_override: str | None = None,
+    ) -> "AgentContext":
+        """
+        Create a child context for nested agent calls.
+
+        Inherits user_id, tenant_id, session_id, is_eval from parent.
+        Allows overriding agent_schema_uri and default_model for the child.
+
+        Args:
+            agent_schema_uri: Agent schema for the child agent (required for lineage)
+            model_override: Optional model override for child agent
+
+        Returns:
+            New AgentContext for the child agent
+
+        Example:
+            parent_context = get_current_context()
+            child_context = parent_context.child_context(
+                agent_schema_uri="sentiment-analyzer"
+            )
+            agent = await create_agent(context=child_context)
+        """
+        return AgentContext(
+            user_id=self.user_id,
+            tenant_id=self.tenant_id,
+            session_id=self.session_id,
+            default_model=model_override or self.default_model,
+            agent_schema_uri=agent_schema_uri or self.agent_schema_uri,
+            is_eval=self.is_eval,
+        )
+
     @staticmethod
     def get_user_id_or_default(
         user_id: str | None,

rem/agentic/context_builder.py

@@ -217,11 +217,21 @@ class ContextBuilder:
                 )
 
                 # Convert to ContextMessage format
+                # For tool messages, wrap content with clear markers so the agent
+                # can see previous tool results when the prompt is concatenated
                 for msg_dict in session_history:
+                    role = msg_dict["role"]
+                    content = msg_dict["content"]
+
+                    if role == "tool":
+                        # Wrap tool results with clear markers for visibility
+                        tool_name = msg_dict.get("tool_name", "unknown")
+                        content = f"[TOOL RESULT: {tool_name}]\n{content}\n[/TOOL RESULT]"
+
                     messages.append(
                         ContextMessage(
-                            role=msg_dict["role"],
-                            content=msg_dict["content"],
+                            role=role,
+                            content=content,
                         )
                     )
 

rem/agentic/mcp/tool_wrapper.py

@@ -116,7 +116,7 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
     the artificial MCP distinction between tools and resources.
 
     Supports both:
-    - Concrete URIs: "rem://schemas" -> tool with no parameters
+    - Concrete URIs: "rem://agents" -> tool with no parameters
     - Template URIs: "patient-profile://field/{field_key}" -> tool with field_key parameter
 
     Args:
@@ -131,7 +131,7 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
 
     Example:
         # Concrete URI -> no-param tool
-        tool = create_resource_tool("rem://schemas", "List all agent schemas")
+        tool = create_resource_tool("rem://agents", "List all agent schemas")
 
         # Template URI -> parameterized tool
         tool = create_resource_tool("patient-profile://field/{field_key}", "Get field definition", mcp_server=mcp)
@@ -161,6 +161,11 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
         param_desc = ", ".join(template_vars)
         description = f"{description}\n\nParameters: {param_desc}"
 
+    # Capture mcp_server reference at tool creation time (for closure)
+    # This ensures the correct server is used even if called later
+    _captured_mcp_server = mcp_server
+    _captured_uri = uri  # Also capture URI for consistent logging
+
     if template_vars:
         # Template URI -> create parameterized tool
         async def wrapper(**kwargs: Any) -> str:
@@ -168,13 +173,17 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
             import asyncio
             import inspect
 
+            logger.debug(f"Resource tool invoked: uri={_captured_uri}, kwargs={kwargs}, mcp_server={'set' if _captured_mcp_server else 'None'}")
+
             # Try to resolve from MCP server's resource templates first
-            if mcp_server is not None:
+            if _captured_mcp_server is not None:
                 try:
                     # Get resource templates from MCP server
-                    templates = await mcp_server.get_resource_templates()
-                    if uri in templates:
-                        template = templates[uri]
+                    templates = await _captured_mcp_server.get_resource_templates()
+                    logger.debug(f"MCP server templates: {list(templates.keys())}")
+                    if _captured_uri in templates:
+                        template = templates[_captured_uri]
+                        logger.debug(f"Found template for {_captured_uri}, calling fn with kwargs={kwargs}")
                         # Call the template's underlying function directly
                         # The fn expects the template variables as kwargs
                         fn_result = template.fn(**kwargs)
@@ -184,17 +193,22 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
                         if isinstance(fn_result, str):
                             return fn_result
                         return json.dumps(fn_result, indent=2)
+                    else:
+                        logger.warning(f"Template {_captured_uri} not found in MCP server templates: {list(templates.keys())}")
                 except Exception as e:
-                    logger.warning(f"Failed to resolve resource {uri} from MCP server: {e}")
+                    logger.warning(f"Failed to resolve resource {_captured_uri} from MCP server: {e}", exc_info=True)
+            else:
+                logger.warning(f"No MCP server provided for resource tool {_captured_uri}, using fallback")
 
             # Fallback: substitute template variables and use load_resource
-            resolved_uri = uri
+            resolved_uri = _captured_uri
             for var in template_vars:
                 if var in kwargs:
                     resolved_uri = resolved_uri.replace(f"{{{var}}}", str(kwargs[var]))
                 else:
                     return json.dumps({"error": f"Missing required parameter: {var}"})
 
+            logger.debug(f"Using fallback load_resource for resolved URI: {resolved_uri}")
             from rem.api.mcp_router.resources import load_resource
             result = await load_resource(resolved_uri)
             if isinstance(result, str):
@@ -208,7 +222,7 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
         wrapper.__annotations__ = {var: str for var in template_vars}
         wrapper.__annotations__['return'] = str
 
-        logger.info(f"Built parameterized resource tool: {func_name} (uri: {uri}, params: {template_vars})")
+        logger.info(f"Built parameterized resource tool: {func_name} (uri: {uri}, params: {template_vars}, mcp_server={'provided' if mcp_server else 'None'})")
     else:
         # Concrete URI -> no-param tool
         async def wrapper(**kwargs: Any) -> str:
@@ -219,12 +233,16 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
             if kwargs:
                 logger.warning(f"Resource tool {func_name} called with unexpected kwargs: {list(kwargs.keys())}")
 
+            logger.debug(f"Concrete resource tool invoked: uri={_captured_uri}, mcp_server={'set' if _captured_mcp_server else 'None'}")
+
             # Try to resolve from MCP server's resources first
-            if mcp_server is not None:
+            if _captured_mcp_server is not None:
                 try:
-                    resources = await mcp_server.get_resources()
-                    if uri in resources:
-                        resource = resources[uri]
+                    resources = await _captured_mcp_server.get_resources()
+                    logger.debug(f"MCP server resources: {list(resources.keys())}")
+                    if _captured_uri in resources:
+                        resource = resources[_captured_uri]
+                        logger.debug(f"Found resource for {_captured_uri}")
                         # Call the resource's underlying function
                         fn_result = resource.fn()
                         if inspect.iscoroutine(fn_result):
@@ -232,12 +250,17 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
                         if isinstance(fn_result, str):
                             return fn_result
                         return json.dumps(fn_result, indent=2)
+                    else:
+                        logger.warning(f"Resource {_captured_uri} not found in MCP server resources: {list(resources.keys())}")
                 except Exception as e:
-                    logger.warning(f"Failed to resolve resource {uri} from MCP server: {e}")
+                    logger.warning(f"Failed to resolve resource {_captured_uri} from MCP server: {e}", exc_info=True)
+            else:
+                logger.warning(f"No MCP server provided for resource tool {_captured_uri}, using fallback")
 
             # Fallback to load_resource
+            logger.debug(f"Using fallback load_resource for URI: {_captured_uri}")
             from rem.api.mcp_router.resources import load_resource
-            result = await load_resource(uri)
+            result = await load_resource(_captured_uri)
             if isinstance(result, str):
                 return result
             return json.dumps(result, indent=2)
@@ -245,6 +268,6 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
         wrapper.__name__ = func_name
         wrapper.__doc__ = description
 
-        logger.info(f"Built resource tool: {func_name} (uri: {uri})")
+        logger.info(f"Built resource tool: {func_name} (uri: {uri}, mcp_server={'provided' if mcp_server else 'None'})")
 
     return Tool(wrapper)

rem/agentic/providers/pydantic_ai.py

@@ -96,6 +96,35 @@ TODO:
 
     Priority: HIGH (blocks production scaling beyond 50 req/sec)
 
+    4. Response Format Control (structured_output enhancement):
+       - Current: structured_output is bool (True=strict schema, False=free-form text)
+       - Missing: OpenAI JSON mode (valid JSON without strict schema enforcement)
+       - Missing: Completions API support (some models only support completions, not chat)
+
+       Proposed schema field values for `structured_output`:
+         - True (default): Strict structured output using provider's native schema support
+         - False: Free-form text response (properties converted to prompt guidance)
+         - "json": JSON mode - ensures valid JSON but no schema enforcement
+                   (OpenAI: response_format={"type": "json_object"})
+         - "text": Explicit free-form text (alias for False)
+
+       Implementation:
+         a) Update AgentSchemaMetadata.structured_output type:
+            structured_output: bool | Literal["json", "text"] = True
+         b) In create_agent(), handle each mode:
+            - True: Use output_type with Pydantic model (current behavior)
+            - False/"text": Convert properties to prompt guidance (current behavior)
+            - "json": Use provider's JSON mode without strict schema
+         c) Provider-specific JSON mode:
+            - OpenAI: model_settings={"response_format": {"type": "json_object"}}
+            - Anthropic: Not supported natively, use prompt guidance
+            - Others: Fallback to prompt guidance with JSON instruction
+
+       Related: Some providers (Cerebras) have completions-only models where
+       structured output isn't available. Consider model capability detection.
+
+       Priority: MEDIUM (enables more flexible output control)
+
 Example Agent Schema:
 {
   "type": "object",
@@ -550,70 +579,73 @@ async def create_agent(
     # Extract schema fields using typed helpers
     from ..schema import get_system_prompt, get_metadata
 
-    # Track whether mcp_servers was explicitly configured (even if empty)
-    mcp_servers_explicitly_set = False
-
     if agent_schema:
         system_prompt = get_system_prompt(agent_schema)
         metadata = get_metadata(agent_schema)
-        # Check if mcp_servers was explicitly set (could be empty list to disable)
-        if hasattr(metadata, 'mcp_servers') and metadata.mcp_servers is not None:
-            mcp_server_configs = [s.model_dump() for s in metadata.mcp_servers]
-            mcp_servers_explicitly_set = True
-        else:
-            mcp_server_configs = []
         resource_configs = metadata.resources if hasattr(metadata, 'resources') else []
 
+        # DEPRECATED: mcp_servers in agent schemas is ignored
+        # MCP servers are now always auto-detected at the application level
+        if hasattr(metadata, 'mcp_servers') and metadata.mcp_servers:
+            logger.warning(
+                "DEPRECATED: mcp_servers in agent schema is ignored. "
+                "MCP servers are auto-detected from tools.mcp_server module. "
+                "Remove mcp_servers from your agent schema."
+            )
+
         if metadata.system_prompt:
             logger.debug("Using custom system_prompt from json_schema_extra")
     else:
         system_prompt = ""
         metadata = None
-        mcp_server_configs = []
         resource_configs = []
 
-    # Auto-detect local MCP server if not explicitly configured
-    # This makes mcp_servers config optional - agents get tools automatically
-    # But if mcp_servers: [] is explicitly set, respect that (no auto-detection)
-    if not mcp_server_configs and not mcp_servers_explicitly_set:
-        import importlib
-        import os
-        import sys
-
-        # Ensure current working directory is in sys.path for local imports
-        cwd = os.getcwd()
-        if cwd not in sys.path:
-            sys.path.insert(0, cwd)
-
-        # Try common local MCP server module paths first
-        auto_detect_modules = [
-            "tools.mcp_server",  # Convention: tools/mcp_server.py
-            "mcp_server",        # Alternative: mcp_server.py in root
-        ]
-        for module_path in auto_detect_modules:
-            try:
-                mcp_module = importlib.import_module(module_path)
-                if hasattr(mcp_module, "mcp"):
-                    logger.info(f"Auto-detected local MCP server: {module_path}")
-                    mcp_server_configs = [{"type": "local", "module": module_path, "id": "auto-detected"}]
-                    break
-            except ImportError:
-                continue
-
-        # Fall back to REM's default MCP server if no local server found
-        if not mcp_server_configs:
-            logger.debug("No local MCP server found, using REM default")
-            mcp_server_configs = [{"type": "local", "module": "rem.mcp_server", "id": "rem"}]
+    # Auto-detect MCP server at application level
+    # Convention: tools/mcp_server.py exports `mcp` FastMCP instance
+    # Falls back to REM's built-in MCP server if no local server found
+    import importlib
+    import os
+    import sys
+
+    # Ensure current working directory is in sys.path for local imports
+    cwd = os.getcwd()
+    if cwd not in sys.path:
+        sys.path.insert(0, cwd)
+
+    mcp_server_configs = []
+    auto_detect_modules = [
+        "tools.mcp_server",  # Convention: tools/mcp_server.py
+        "mcp_server",        # Alternative: mcp_server.py in root
+    ]
+    for module_path in auto_detect_modules:
+        try:
+            mcp_module = importlib.import_module(module_path)
+            if hasattr(mcp_module, "mcp"):
+                logger.info(f"Auto-detected local MCP server: {module_path}")
+                mcp_server_configs = [{"type": "local", "module": module_path, "id": "auto-detected"}]
+                break
+        except ImportError as e:
+            logger.debug(f"MCP server auto-detect: {module_path} not found ({e})")
+            continue
+        except Exception as e:
+            logger.warning(f"MCP server auto-detect: {module_path} failed to load: {e}")
+            continue
+
+    # Fall back to REM's default MCP server if no local server found
+    if not mcp_server_configs:
+        logger.info("No local MCP server found, using REM default (rem.mcp_server)")
+        mcp_server_configs = [{"type": "local", "module": "rem.mcp_server", "id": "rem"}]
 
     # Extract temperature and max_iterations from schema metadata (with fallback to settings defaults)
     if metadata:
         temperature = metadata.override_temperature if metadata.override_temperature is not None else settings.llm.default_temperature
         max_iterations = metadata.override_max_iterations if metadata.override_max_iterations is not None else settings.llm.default_max_iterations
-        use_structured_output = metadata.structured_output
+        # Use schema-level structured_output if set, otherwise fall back to global setting
+        use_structured_output = metadata.structured_output if metadata.structured_output is not None else settings.llm.default_structured_output
     else:
         temperature = settings.llm.default_temperature
         max_iterations = settings.llm.default_max_iterations
-        use_structured_output = True
+        use_structured_output = settings.llm.default_structured_output
 
     # Build list of tools - start with built-in tools
     tools = _get_builtin_tools()
@@ -700,7 +732,7 @@ async def create_agent(
     # the artificial MCP distinction between tools and resources
     #
     # Supports both concrete and template URIs:
-    # - Concrete: "rem://schemas" -> no-param tool
+    # - Concrete: "rem://agents" -> no-param tool
     # - Template: "patient-profile://field/{field_key}" -> tool with field_key param
     from ..mcp.tool_wrapper import create_resource_tool
 
@@ -736,6 +768,7 @@ async def create_agent(
 
     # Create tools from collected resource URIs
     # Pass the loaded MCP server so resources can be resolved from it
+    logger.info(f"Creating {len(resource_uris)} resource tools with mcp_server={'set' if loaded_mcp_server else 'None'}")
     for uri, usage in resource_uris:
         resource_tool = create_resource_tool(uri, usage, mcp_server=loaded_mcp_server)
         tools.append(resource_tool)

rem/agentic/schema.py

@@ -79,7 +79,7 @@ class MCPResourceReference(BaseModel):
 
     Example (exact URI):
         {
-            "uri": "rem://schemas",
+            "uri": "rem://agents",
             "name": "Agent Schemas",
             "description": "List all available agent schemas"
         }
@@ -96,7 +96,7 @@ class MCPResourceReference(BaseModel):
         default=None,
         description=(
             "Exact resource URI or URI with query parameters. "
-            "Examples: 'rem://schemas', 'rem://resources?category=drug.*'"
+            "Examples: 'rem://agents', 'rem://resources?category=drug.*'"
         )
     )
 
@@ -215,12 +215,13 @@ class AgentSchemaMetadata(BaseModel):
     )
 
     # Structured output toggle
-    structured_output: bool = Field(
-        default=True,
+    structured_output: bool | None = Field(
+        default=None,
         description=(
             "Whether to enforce structured JSON output. "
             "When False, the agent produces free-form text and schema properties "
-            "are converted to prompt guidance instead. Default: True (JSON output)."
+            "are converted to prompt guidance instead. "
+            "Default: None (uses LLM__DEFAULT_STRUCTURED_OUTPUT setting, which defaults to False)."
         ),
     )
 

rem/agentic/tools/rem_tools.py

@@ -3,6 +3,17 @@ REM tools for agent execution (CLI and API compatible).
 
 These tools work in both CLI and API contexts by initializing services on-demand.
 They wrap the service layer directly, not MCP tools.
+
+Core tables (always available):
+- resources: Documents, content chunks, artifacts
+- moments: Temporal narratives extracted from resources (usually user-specific)
+- ontologies: Domain entities with semantic links for further lookups (like a wiki)
+
+Other tables (may vary by deployment):
+- users, sessions, messages, files, schemas, feedbacks
+
+Note: Not all tables are populated in all systems. Use FUZZY or SEARCH
+to discover what data exists before assuming specific tables have content.
 """
 
 from typing import Any, Literal, cast

rem/api/main.py

@@ -322,7 +322,7 @@ def create_app() -> FastAPI:
 
     app.add_middleware(
         AuthMiddleware,
-        protected_paths=["/api/v1"],
+        protected_paths=["/api/v1", "/api/admin"],
         excluded_paths=["/api/auth", "/api/dev", "/api/v1/mcp/auth", "/api/v1/slack"],
         # Allow anonymous when auth is disabled, otherwise use setting
         allow_anonymous=(not settings.auth.enabled) or settings.auth.allow_anonymous,