PyPI - remdb - Versions diffs - 0.3.171__py3-none-any.whl → 0.3.230__py3-none-any.whl - Mend

remdb 0.3.171py3-none-any.whl → 0.3.230py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

rem/agentic/README.md +36 -2
rem/agentic/context.py +173 -0
rem/agentic/context_builder.py +12 -2
rem/agentic/mcp/tool_wrapper.py +39 -16
rem/agentic/providers/pydantic_ai.py +78 -45
rem/agentic/schema.py +6 -5
rem/agentic/tools/rem_tools.py +11 -0
rem/api/main.py +1 -1
rem/api/mcp_router/resources.py +75 -14
rem/api/mcp_router/server.py +31 -24
rem/api/mcp_router/tools.py +621 -166
rem/api/routers/admin.py +30 -4
rem/api/routers/auth.py +114 -15
rem/api/routers/chat/child_streaming.py +379 -0
rem/api/routers/chat/completions.py +74 -37
rem/api/routers/chat/sse_events.py +7 -3
rem/api/routers/chat/streaming.py +352 -257
rem/api/routers/chat/streaming_utils.py +327 -0
rem/api/routers/common.py +18 -0
rem/api/routers/dev.py +7 -1
rem/api/routers/feedback.py +9 -1
rem/api/routers/messages.py +176 -38
rem/api/routers/models.py +9 -1
rem/api/routers/query.py +12 -1
rem/api/routers/shared_sessions.py +16 -0
rem/auth/jwt.py +19 -4
rem/auth/middleware.py +42 -28
rem/cli/README.md +62 -0
rem/cli/commands/ask.py +61 -81
rem/cli/commands/db.py +148 -70
rem/cli/commands/process.py +171 -43
rem/models/entities/ontology.py +91 -101
rem/schemas/agents/rem.yaml +1 -1
rem/services/content/service.py +18 -5
rem/services/email/service.py +11 -2
rem/services/embeddings/worker.py +26 -12
rem/services/postgres/__init__.py +28 -3
rem/services/postgres/diff_service.py +57 -5
rem/services/postgres/programmable_diff_service.py +635 -0
rem/services/postgres/pydantic_to_sqlalchemy.py +2 -2
rem/services/postgres/register_type.py +12 -11
rem/services/postgres/repository.py +39 -29
rem/services/postgres/schema_generator.py +5 -5
rem/services/postgres/sql_builder.py +6 -5
rem/services/session/__init__.py +8 -1
rem/services/session/compression.py +40 -2
rem/services/session/pydantic_messages.py +292 -0
rem/settings.py +34 -0
rem/sql/background_indexes.sql +5 -0
rem/sql/migrations/001_install.sql +157 -10
rem/sql/migrations/002_install_models.sql +160 -132
rem/sql/migrations/004_cache_system.sql +7 -275
rem/sql/migrations/migrate_session_id_to_uuid.sql +45 -0
rem/utils/model_helpers.py +101 -0
rem/utils/schema_loader.py +79 -51
{remdb-0.3.171.dist-info → remdb-0.3.230.dist-info}/METADATA +2 -2
{remdb-0.3.171.dist-info → remdb-0.3.230.dist-info}/RECORD +59 -53
{remdb-0.3.171.dist-info → remdb-0.3.230.dist-info}/WHEEL +0 -0
{remdb-0.3.171.dist-info → remdb-0.3.230.dist-info}/entry_points.txt +0 -0

rem/api/routers/admin.py CHANGED Viewed

@@ -31,6 +31,8 @@ from fastapi import APIRouter, Depends, Header, HTTPException, Query, Background
 from loguru import logger
 from pydantic import BaseModel
+from .common import ErrorResponse
 from ..deps import require_admin
 from ...models.entities import Message, Session, SessionMode
 from ...services.postgres import Repository
@@ -103,7 +105,13 @@ class SystemStats(BaseModel):
 # =============================================================================
-@router.get("/users", response_model=UserListResponse)
+@router.get(
+    "/users",
+    response_model=UserListResponse,
+    responses={
+        503: {"model": ErrorResponse, "description": "Database not enabled"},
+    },
+)
 async def list_all_users(
     user: dict = Depends(require_admin),
     limit: int = Query(default=50, ge=1, le=100),
@@ -155,7 +163,13 @@ async def list_all_users(
     return UserListResponse(data=summaries, total=total, has_more=has_more)
-@router.get("/sessions", response_model=SessionListResponse)
+@router.get(
+    "/sessions",
+    response_model=SessionListResponse,
+    responses={
+        503: {"model": ErrorResponse, "description": "Database not enabled"},
+    },
+)
 async def list_all_sessions(
     user: dict = Depends(require_admin),
     user_id: str | None = Query(default=None, description="Filter by user ID"),
@@ -202,7 +216,13 @@ async def list_all_sessions(
     return SessionListResponse(data=sessions, total=total, has_more=has_more)
-@router.get("/messages", response_model=MessageListResponse)
+@router.get(
+    "/messages",
+    response_model=MessageListResponse,
+    responses={
+        503: {"model": ErrorResponse, "description": "Database not enabled"},
+    },
+)
 async def list_all_messages(
     user: dict = Depends(require_admin),
     user_id: str | None = Query(default=None, description="Filter by user ID"),
@@ -252,7 +272,13 @@ async def list_all_messages(
     return MessageListResponse(data=messages, total=total, has_more=has_more)
-@router.get("/stats", response_model=SystemStats)
+@router.get(
+    "/stats",
+    response_model=SystemStats,
+    responses={
+        503: {"model": ErrorResponse, "description": "Database not enabled"},
+    },
+)
 async def get_system_stats(
     user: dict = Depends(require_admin),
 ) -> SystemStats:

rem/api/routers/auth.py CHANGED Viewed

@@ -30,14 +30,17 @@ Access Control Flow (send-code):
     │   ├── Yes → Check user.tier
     │   │   ├── tier == BLOCKED → Reject "Account is blocked"
     │   │   └── tier != BLOCKED → Allow (send code, existing users grandfathered)
-    │   └── No (new user) → Check EMAIL__TRUSTED_EMAIL_DOMAINS
-    │       ├── Setting configured → domain in trusted list?
-    │       │   ├── Yes → Create user & send code
-    │       │   └── No → Reject "Email domain not allowed for signup"
-    │       └── Not configured (empty) → Create user & send code (no restrictions)
+    │   └── No (new user) → Check subscriber list first
+    │       ├── Email in subscribers table? → Allow (create user & send code)
+    │       └── Not a subscriber → Check EMAIL__TRUSTED_EMAIL_DOMAINS
+    │           ├── Setting configured → domain in trusted list?
+    │           │   ├── Yes → Create user & send code
+    │           │   └── No → Reject "Email domain not allowed for signup"
+    │           └── Not configured (empty) → Create user & send code (no restrictions)
 Key Behaviors:
 - Existing users: Always allowed to login (unless tier=BLOCKED)
+- Subscribers: Always allowed to login (regardless of email domain)
 - New users: Must have email from trusted domain (if EMAIL__TRUSTED_EMAIL_DOMAINS is set)
 - No restrictions: Leave EMAIL__TRUSTED_EMAIL_DOMAINS empty to allow all domains
@@ -98,6 +101,8 @@ from authlib.integrations.starlette_client import OAuth
 from pydantic import BaseModel, EmailStr
 from loguru import logger
+from .common import ErrorResponse
 from ...settings import settings
 from ...services.postgres.service import PostgresService
 from ...services.user_service import UserService
@@ -156,7 +161,14 @@ class EmailVerifyRequest(BaseModel):
     code: str
-@router.post("/email/send-code")
+@router.post(
+    "/email/send-code",
+    responses={
+        400: {"model": ErrorResponse, "description": "Invalid request or email rejected"},
+        500: {"model": ErrorResponse, "description": "Failed to send login code"},
+        501: {"model": ErrorResponse, "description": "Email auth or database not configured"},
+    },
+)
 async def send_email_code(request: Request, body: EmailSendCodeRequest):
     """
     Send a login code to an email address.
@@ -218,7 +230,14 @@ async def send_email_code(request: Request, body: EmailSendCodeRequest):
         await db.disconnect()
-@router.post("/email/verify")
+@router.post(
+    "/email/verify",
+    responses={
+        400: {"model": ErrorResponse, "description": "Invalid or expired code"},
+        500: {"model": ErrorResponse, "description": "Failed to verify login code"},
+        501: {"model": ErrorResponse, "description": "Email auth or database not configured"},
+    },
+)
 async def verify_email_code(request: Request, body: EmailVerifyRequest):
     """
     Verify login code and create session with JWT tokens.
@@ -316,7 +335,13 @@ async def verify_email_code(request: Request, body: EmailVerifyRequest):
 # =============================================================================
-@router.get("/{provider}/login")
+@router.get(
+    "/{provider}/login",
+    responses={
+        400: {"model": ErrorResponse, "description": "Unknown OAuth provider"},
+        501: {"model": ErrorResponse, "description": "Authentication is disabled"},
+    },
+)
 async def login(provider: str, request: Request):
     """
     Initiate OAuth flow with provider.
@@ -358,7 +383,13 @@ async def login(provider: str, request: Request):
     return await client.authorize_redirect(request, redirect_uri)
-@router.get("/{provider}/callback")
+@router.get(
+    "/{provider}/callback",
+    responses={
+        400: {"model": ErrorResponse, "description": "Authentication failed or unknown provider"},
+        501: {"model": ErrorResponse, "description": "Authentication is disabled"},
+    },
+)
 async def callback(provider: str, request: Request):
     """
     OAuth callback endpoint.
@@ -495,7 +526,12 @@ async def logout(request: Request):
     return {"message": "Logged out successfully"}
-@router.get("/me")
+@router.get(
+    "/me",
+    responses={
+        401: {"model": ErrorResponse, "description": "Not authenticated"},
+    },
+)
 async def me(request: Request):
     """
     Get current user information from session or JWT.
@@ -533,11 +569,19 @@ class TokenRefreshRequest(BaseModel):
     refresh_token: str
-@router.post("/token/refresh")
+@router.post(
+    "/token/refresh",
+    responses={
+        401: {"model": ErrorResponse, "description": "Invalid or expired refresh token"},
+    },
+)
 async def refresh_token(body: TokenRefreshRequest):
     """
     Refresh access token using refresh token.
+    Fetches the user's current role/tier from the database to ensure
+    the new access token reflects their actual permissions.
     Args:
         body: TokenRefreshRequest with refresh_token
@@ -545,7 +589,46 @@ async def refresh_token(body: TokenRefreshRequest):
         New access token or 401 if refresh token is invalid
     """
     jwt_service = get_jwt_service()
-    result = jwt_service.refresh_access_token(body.refresh_token)
+    # First decode the refresh token to get user_id (without full verification yet)
+    payload = jwt_service.decode_without_verification(body.refresh_token)
+    if not payload:
+        raise HTTPException(
+            status_code=401,
+            detail="Invalid refresh token format"
+        )
+    user_id = payload.get("sub")
+    if not user_id:
+        raise HTTPException(
+            status_code=401,
+            detail="Invalid refresh token: missing user ID"
+        )
+    # Fetch user from database to get current role/tier
+    user_override = None
+    if settings.postgres.enabled:
+        db = PostgresService()
+        try:
+            await db.connect()
+            user_service = UserService(db)
+            user_entity = await user_service.get_user_by_id(user_id)
+            if user_entity:
+                user_override = {
+                    "role": user_entity.role or "user",
+                    "roles": [user_entity.role] if user_entity.role else ["user"],
+                    "tier": user_entity.tier.value if user_entity.tier else "free",
+                    "name": user_entity.name,
+                }
+                logger.debug(f"Refresh token: fetched user {user_id} with role={user_override['role']}, tier={user_override['tier']}")
+        except Exception as e:
+            logger.warning(f"Could not fetch user for token refresh: {e}")
+            # Continue without override - will use defaults
+        finally:
+            await db.disconnect()
+    # Now do the actual refresh with proper verification
+    result = jwt_service.refresh_access_token(body.refresh_token, user_override=user_override)
     if not result:
         raise HTTPException(
@@ -556,7 +639,12 @@ async def refresh_token(body: TokenRefreshRequest):
     return result
-@router.post("/token/verify")
+@router.post(
+    "/token/verify",
+    responses={
+        401: {"model": ErrorResponse, "description": "Missing, invalid, or expired token"},
+    },
+)
 async def verify_token(request: Request):
     """
     Verify an access token is valid.
@@ -620,7 +708,12 @@ def verify_dev_token(token: str) -> bool:
     return token == expected
-@router.get("/dev/token")
+@router.get(
+    "/dev/token",
+    responses={
+        401: {"model": ErrorResponse, "description": "Dev tokens not available in production"},
+    },
+)
 async def get_dev_token(request: Request):
     """
     Get a development token for testing (non-production only).
@@ -656,7 +749,13 @@ async def get_dev_token(request: Request):
     }
-@router.get("/dev/mock-code/{email}")
+@router.get(
+    "/dev/mock-code/{email}",
+    responses={
+        401: {"model": ErrorResponse, "description": "Mock codes not available in production"},
+        404: {"model": ErrorResponse, "description": "No code found for email"},
+    },
+)
 async def get_mock_code(email: str, request: Request):
     """
     Get the mock login code for testing (non-production only).

rem/api/routers/chat/child_streaming.py ADDED Viewed

@@ -0,0 +1,379 @@
+"""
+Child Agent Event Handling.
+Handles events from child agents during multi-agent orchestration.
+Event Flow:
+```
+Parent Agent (Siggy)
+      │
+      ▼
+  ask_agent tool
+      │
+      ├──────────────────────────────────┐
+      ▼                                  │
+  Child Agent (intake_diverge)           │
+      │                                  │
+      ├── child_tool_start ──────────────┼──► Event Sink (Queue)
+      ├── child_content ─────────────────┤
+      └── child_tool_result ─────────────┘
+                                         │
+                                         ▼
+                            drain_child_events()
+                                         │
+                                         ├── SSE to client
+                                         └── DB persistence
+```
+IMPORTANT: When child_content is streamed, parent text output should be SKIPPED
+to prevent content duplication.
+"""
+from __future__ import annotations
+import asyncio
+import json
+import uuid
+from typing import TYPE_CHECKING, Any, AsyncGenerator
+from loguru import logger
+from .streaming_utils import StreamingState, build_content_chunk
+from .sse_events import MetadataEvent, ToolCallEvent, format_sse_event
+from ....services.session import SessionMessageStore
+from ....settings import settings
+from ....utils.date_utils import to_iso, utc_now
+if TYPE_CHECKING:
+    from ....agentic.context import AgentContext
+async def handle_child_tool_start(
+    state: StreamingState,
+    child_agent: str,
+    tool_name: str,
+    arguments: dict | None,
+    session_id: str | None,
+    user_id: str | None,
+) -> AsyncGenerator[str, None]:
+    """
+    Handle child_tool_start event.
+    Actions:
+    1. Log the tool call
+    2. Emit SSE event
+    3. Save to database
+    """
+    full_tool_name = f"{child_agent}:{tool_name}"
+    tool_id = f"call_{uuid.uuid4().hex[:8]}"
+    # Normalize arguments
+    if not isinstance(arguments, dict):
+        arguments = None
+    # 1. LOG
+    logger.info(f"🔧 {full_tool_name}")
+    # 2. EMIT SSE
+    yield format_sse_event(ToolCallEvent(
+        tool_name=full_tool_name,
+        tool_id=tool_id,
+        status="started",
+        arguments=arguments,
+    ))
+    # 3. SAVE TO DB
+    if session_id and settings.postgres.enabled:
+        try:
+            store = SessionMessageStore(
+                user_id=user_id or settings.test.effective_user_id
+            )
+            tool_msg = {
+                "role": "tool",
+                "tool_name": full_tool_name,
+                "content": json.dumps(arguments) if arguments else "",
+                "timestamp": to_iso(utc_now()),
+            }
+            await store.store_session_messages(
+                session_id=session_id,
+                messages=[tool_msg],
+                user_id=user_id,
+                compress=False,
+            )
+        except Exception as e:
+            logger.warning(f"Failed to save child tool call: {e}")
+def handle_child_content(
+    state: StreamingState,
+    child_agent: str,
+    content: str,
+) -> str | None:
+    """
+    Handle child_content event.
+    CRITICAL: Sets state.child_content_streamed = True
+    This flag is used to skip parent text output and prevent duplication.
+    Returns:
+        SSE chunk or None if content is empty
+    """
+    if not content:
+        return None
+    # Track that child content was streamed
+    # Parent text output should be SKIPPED when this is True
+    state.child_content_streamed = True
+    state.responding_agent = child_agent
+    return build_content_chunk(state, content)
+async def handle_child_tool_result(
+    state: StreamingState,
+    child_agent: str,
+    result: Any,
+    message_id: str | None,
+    session_id: str | None,
+    agent_schema: str | None,
+) -> AsyncGenerator[str, None]:
+    """
+    Handle child_tool_result event.
+    Actions:
+    1. Log metadata if present
+    2. Emit metadata event if present
+    3. Emit tool completion event
+    """
+    # Check for metadata registration
+    if isinstance(result, dict) and result.get("_metadata_event"):
+        risk = result.get("risk_level", "")
+        conf = result.get("confidence", "")
+        logger.info(f"📊 {child_agent} metadata: risk={risk}, confidence={conf}")
+        # Update responding agent from child
+        if result.get("agent_schema"):
+            state.responding_agent = result.get("agent_schema")
+        # Build extra dict with risk fields
+        extra_data = {}
+        if risk:
+            extra_data["risk_level"] = risk
+        yield format_sse_event(MetadataEvent(
+            message_id=message_id,
+            session_id=session_id,
+            agent_schema=agent_schema,
+            responding_agent=state.responding_agent,
+            confidence=result.get("confidence"),
+            extra=extra_data if extra_data else None,
+        ))
+    # Emit tool completion
+    yield format_sse_event(ToolCallEvent(
+        tool_name=f"{child_agent}:tool",
+        tool_id=f"call_{uuid.uuid4().hex[:8]}",
+        status="completed",
+        result=str(result)[:200] if result else None,
+    ))
+async def drain_child_events(
+    event_sink: asyncio.Queue,
+    state: StreamingState,
+    session_id: str | None = None,
+    user_id: str | None = None,
+    message_id: str | None = None,
+    agent_schema: str | None = None,
+) -> AsyncGenerator[str, None]:
+    """
+    Drain all pending child events from the event sink.
+    This is called during tool execution to process events
+    pushed by child agents via ask_agent.
+    IMPORTANT: When child_content events are processed, this sets
+    state.child_content_streamed = True. Callers should check this
+    flag and skip parent text output to prevent duplication.
+    """
+    while not event_sink.empty():
+        try:
+            child_event = event_sink.get_nowait()
+            async for chunk in process_child_event(
+                child_event, state, session_id, user_id, message_id, agent_schema
+            ):
+                yield chunk
+        except Exception as e:
+            logger.warning(f"Error processing child event: {e}")
+async def process_child_event(
+    child_event: dict,
+    state: StreamingState,
+    session_id: str | None = None,
+    user_id: str | None = None,
+    message_id: str | None = None,
+    agent_schema: str | None = None,
+) -> AsyncGenerator[str, None]:
+    """Process a single child event and yield SSE chunks."""
+    event_type = child_event.get("type", "")
+    child_agent = child_event.get("agent_name", "child")
+    if event_type == "child_tool_start":
+        async for chunk in handle_child_tool_start(
+            state=state,
+            child_agent=child_agent,
+            tool_name=child_event.get("tool_name", "tool"),
+            arguments=child_event.get("arguments"),
+            session_id=session_id,
+            user_id=user_id,
+        ):
+            yield chunk
+    elif event_type == "child_content":
+        chunk = handle_child_content(
+            state=state,
+            child_agent=child_agent,
+            content=child_event.get("content", ""),
+        )
+        if chunk:
+            yield chunk
+    elif event_type == "child_tool_result":
+        async for chunk in handle_child_tool_result(
+            state=state,
+            child_agent=child_agent,
+            result=child_event.get("result"),
+            message_id=message_id,
+            session_id=session_id,
+            agent_schema=agent_schema,
+        ):
+            yield chunk
+async def stream_with_child_events(
+    tools_stream,
+    child_event_sink: asyncio.Queue,
+    state: StreamingState,
+    session_id: str | None = None,
+    user_id: str | None = None,
+    message_id: str | None = None,
+    agent_schema: str | None = None,
+) -> AsyncGenerator[tuple[str, Any], None]:
+    """
+    Multiplex tool events with child events using asyncio.wait().
+    This is the key fix for child agent streaming - instead of draining
+    the queue synchronously during tool event iteration, we concurrently
+    listen to both sources and yield events as they arrive.
+    Yields:
+        Tuples of (event_type, event_data) where event_type is either
+        "tool" or "child", allowing the caller to handle each appropriately.
+    """
+    tool_iter = tools_stream.__aiter__()
+    # Create initial tasks
+    pending_tool: asyncio.Task | None = None
+    pending_child: asyncio.Task | None = None
+    try:
+        pending_tool = asyncio.create_task(tool_iter.__anext__())
+    except StopAsyncIteration:
+        # No tool events, just drain any remaining child events
+        while not child_event_sink.empty():
+            try:
+                child_event = child_event_sink.get_nowait()
+                yield ("child", child_event)
+            except asyncio.QueueEmpty:
+                break
+        return
+    # Start listening for child events with a short timeout
+    pending_child = asyncio.create_task(
+        _get_child_event_with_timeout(child_event_sink, timeout=0.05)
+    )
+    try:
+        while True:
+            # Wait for either source to produce an event
+            tasks = {t for t in [pending_tool, pending_child] if t is not None}
+            if not tasks:
+                break
+            done, _ = await asyncio.wait(tasks, return_when=asyncio.FIRST_COMPLETED)
+            for task in done:
+                try:
+                    result = task.result()
+                except asyncio.TimeoutError:
+                    # Child queue timeout - restart listener
+                    if task is pending_child:
+                        pending_child = asyncio.create_task(
+                            _get_child_event_with_timeout(child_event_sink, timeout=0.05)
+                        )
+                    continue
+                except StopAsyncIteration:
+                    # Tool stream exhausted
+                    if task is pending_tool:
+                        pending_tool = None
+                        # Final drain of any remaining child events
+                        if pending_child:
+                            pending_child.cancel()
+                            try:
+                                await pending_child
+                            except asyncio.CancelledError:
+                                pass
+                        while not child_event_sink.empty():
+                            try:
+                                child_event = child_event_sink.get_nowait()
+                                yield ("child", child_event)
+                            except asyncio.QueueEmpty:
+                                break
+                        return
+                    continue
+                if task is pending_child and result is not None:
+                    # Got a child event
+                    yield ("child", result)
+                    # Restart child listener
+                    pending_child = asyncio.create_task(
+                        _get_child_event_with_timeout(child_event_sink, timeout=0.05)
+                    )
+                elif task is pending_tool:
+                    # Got a tool event
+                    yield ("tool", result)
+                    # Get next tool event
+                    try:
+                        pending_tool = asyncio.create_task(tool_iter.__anext__())
+                    except StopAsyncIteration:
+                        pending_tool = None
+                elif task is pending_child and result is None:
+                    # Timeout with no event - restart listener
+                    pending_child = asyncio.create_task(
+                        _get_child_event_with_timeout(child_event_sink, timeout=0.05)
+                    )
+    finally:
+        # Cleanup any pending tasks
+        for task in [pending_tool, pending_child]:
+            if task and not task.done():
+                task.cancel()
+                try:
+                    await task
+                except asyncio.CancelledError:
+                    pass
+async def _get_child_event_with_timeout(
+    queue: asyncio.Queue, timeout: float = 0.05
+) -> dict | None:
+    """
+    Get an event from the queue with a timeout.
+    Returns None on timeout (no event available).
+    This allows the multiplexer to check for tool events regularly.
+    """
+    try:
+        return await asyncio.wait_for(queue.get(), timeout=timeout)
+    except asyncio.TimeoutError:
+        return None

remdb 0.3.171__py3-none-any.whl → 0.3.230__py3-none-any.whl

remdb 0.3.171py3-none-any.whl → 0.3.230py3-none-any.whl