PyPI - remdb - Versions diffs - 0.3.180__py3-none-any.whl → 0.3.258__py3-none-any.whl - Mend

remdb 0.3.180py3-none-any.whl → 0.3.258py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

rem/agentic/README.md +36 -2
rem/agentic/__init__.py +10 -1
rem/agentic/context.py +185 -1
rem/agentic/context_builder.py +56 -35
rem/agentic/mcp/tool_wrapper.py +2 -2
rem/agentic/providers/pydantic_ai.py +303 -111
rem/agentic/schema.py +2 -2
rem/api/main.py +1 -1
rem/api/mcp_router/resources.py +223 -0
rem/api/mcp_router/server.py +4 -0
rem/api/mcp_router/tools.py +608 -166
rem/api/routers/admin.py +30 -4
rem/api/routers/auth.py +219 -20
rem/api/routers/chat/child_streaming.py +393 -0
rem/api/routers/chat/completions.py +77 -40
rem/api/routers/chat/sse_events.py +7 -3
rem/api/routers/chat/streaming.py +381 -291
rem/api/routers/chat/streaming_utils.py +325 -0
rem/api/routers/common.py +18 -0
rem/api/routers/dev.py +7 -1
rem/api/routers/feedback.py +11 -3
rem/api/routers/messages.py +176 -38
rem/api/routers/models.py +9 -1
rem/api/routers/query.py +17 -15
rem/api/routers/shared_sessions.py +16 -0
rem/auth/jwt.py +19 -4
rem/auth/middleware.py +42 -28
rem/cli/README.md +62 -0
rem/cli/commands/ask.py +205 -114
rem/cli/commands/db.py +55 -31
rem/cli/commands/experiments.py +1 -1
rem/cli/commands/process.py +179 -43
rem/cli/commands/query.py +109 -0
rem/cli/commands/session.py +117 -0
rem/cli/main.py +2 -0
rem/models/core/experiment.py +1 -1
rem/models/entities/ontology.py +18 -20
rem/models/entities/session.py +1 -0
rem/schemas/agents/core/agent-builder.yaml +1 -1
rem/schemas/agents/rem.yaml +1 -1
rem/schemas/agents/test_orchestrator.yaml +42 -0
rem/schemas/agents/test_structured_output.yaml +52 -0
rem/services/content/providers.py +151 -49
rem/services/content/service.py +18 -5
rem/services/embeddings/worker.py +26 -12
rem/services/postgres/__init__.py +28 -3
rem/services/postgres/diff_service.py +57 -5
rem/services/postgres/programmable_diff_service.py +635 -0
rem/services/postgres/pydantic_to_sqlalchemy.py +2 -2
rem/services/postgres/register_type.py +11 -10
rem/services/postgres/repository.py +39 -28
rem/services/postgres/schema_generator.py +5 -5
rem/services/postgres/sql_builder.py +6 -5
rem/services/rem/README.md +4 -3
rem/services/rem/parser.py +7 -10
rem/services/rem/service.py +47 -0
rem/services/session/__init__.py +8 -1
rem/services/session/compression.py +47 -5
rem/services/session/pydantic_messages.py +310 -0
rem/services/session/reload.py +2 -1
rem/settings.py +92 -7
rem/sql/migrations/001_install.sql +125 -7
rem/sql/migrations/002_install_models.sql +159 -149
rem/sql/migrations/004_cache_system.sql +10 -276
rem/sql/migrations/migrate_session_id_to_uuid.sql +45 -0
rem/utils/schema_loader.py +180 -120
{remdb-0.3.180.dist-info → remdb-0.3.258.dist-info}/METADATA +7 -6
{remdb-0.3.180.dist-info → remdb-0.3.258.dist-info}/RECORD +70 -61
{remdb-0.3.180.dist-info → remdb-0.3.258.dist-info}/WHEEL +0 -0
{remdb-0.3.180.dist-info → remdb-0.3.258.dist-info}/entry_points.txt +0 -0

rem/api/routers/admin.py CHANGED Viewed

@@ -31,6 +31,8 @@ from fastapi import APIRouter, Depends, Header, HTTPException, Query, Background
 from loguru import logger
 from pydantic import BaseModel
+from .common import ErrorResponse
 from ..deps import require_admin
 from ...models.entities import Message, Session, SessionMode
 from ...services.postgres import Repository
@@ -103,7 +105,13 @@ class SystemStats(BaseModel):
 # =============================================================================
-@router.get("/users", response_model=UserListResponse)
+@router.get(
+    "/users",
+    response_model=UserListResponse,
+    responses={
+        503: {"model": ErrorResponse, "description": "Database not enabled"},
+    },
+)
 async def list_all_users(
     user: dict = Depends(require_admin),
     limit: int = Query(default=50, ge=1, le=100),
@@ -155,7 +163,13 @@ async def list_all_users(
     return UserListResponse(data=summaries, total=total, has_more=has_more)
-@router.get("/sessions", response_model=SessionListResponse)
+@router.get(
+    "/sessions",
+    response_model=SessionListResponse,
+    responses={
+        503: {"model": ErrorResponse, "description": "Database not enabled"},
+    },
+)
 async def list_all_sessions(
     user: dict = Depends(require_admin),
     user_id: str | None = Query(default=None, description="Filter by user ID"),
@@ -202,7 +216,13 @@ async def list_all_sessions(
     return SessionListResponse(data=sessions, total=total, has_more=has_more)
-@router.get("/messages", response_model=MessageListResponse)
+@router.get(
+    "/messages",
+    response_model=MessageListResponse,
+    responses={
+        503: {"model": ErrorResponse, "description": "Database not enabled"},
+    },
+)
 async def list_all_messages(
     user: dict = Depends(require_admin),
     user_id: str | None = Query(default=None, description="Filter by user ID"),
@@ -252,7 +272,13 @@ async def list_all_messages(
     return MessageListResponse(data=messages, total=total, has_more=has_more)
-@router.get("/stats", response_model=SystemStats)
+@router.get(
+    "/stats",
+    response_model=SystemStats,
+    responses={
+        503: {"model": ErrorResponse, "description": "Database not enabled"},
+    },
+)
 async def get_system_stats(
     user: dict = Depends(require_admin),
 ) -> SystemStats:

rem/api/routers/auth.py CHANGED Viewed

@@ -3,11 +3,12 @@ Authentication Router.
 Supports multiple authentication methods:
 1. Email (passwordless): POST /api/auth/email/send-code, POST /api/auth/email/verify
-2. OAuth (Google, Microsoft): GET /api/auth/{provider}/login, GET /api/auth/{provider}/callback
+2. Pre-approved codes: POST /api/auth/email/verify (with pre-approved code, no send-code needed)
+3. OAuth (Google, Microsoft): GET /api/auth/{provider}/login, GET /api/auth/{provider}/callback
 Endpoints:
 - POST /api/auth/email/send-code     - Send login code to email
-- POST /api/auth/email/verify        - Verify code and create session
+- POST /api/auth/email/verify        - Verify code and create session (supports pre-approved codes)
 - GET  /api/auth/{provider}/login    - Initiate OAuth flow
 - GET  /api/auth/{provider}/callback - OAuth callback
 - POST /api/auth/logout              - Clear session
@@ -15,9 +16,39 @@ Endpoints:
 Supported providers:
 - email: Passwordless email login
+- preapproved: Pre-approved codes (bypass email, set via AUTH__PREAPPROVED_CODES)
 - google: Google OAuth 2.0 / OIDC
 - microsoft: Microsoft Entra ID OIDC
+=============================================================================
+Pre-Approved Code Authentication
+=============================================================================
+Pre-approved codes allow login without email verification. Useful for:
+- Demo accounts
+- Testing
+- Beta access codes
+- Admin provisioning
+Configuration:
+    AUTH__PREAPPROVED_CODES=A12345,A67890,B11111,B22222
+Code prefixes:
+    A = Admin role (e.g., A12345, AADMIN1)
+    B = Normal user role (e.g., B11111, BUSER1)
+Flow:
+    1. User enters email + pre-approved code (no send-code step needed)
+    2. POST /api/auth/email/verify with email and code
+    3. System validates code against AUTH__PREAPPROVED_CODES
+    4. Creates user if not exists, sets role based on prefix
+    5. Returns JWT tokens (same as email auth)
+Example:
+    curl -X POST http://localhost:8000/api/auth/email/verify \
+      -H "Content-Type: application/json" \
+      -d '{"email": "admin@example.com", "code": "A12345"}'
 =============================================================================
 Email Authentication Access Control
 =============================================================================
@@ -52,7 +83,7 @@ User Tiers (models.entities.UserTier):
 Configuration:
     # Allow only specific domains for new signups
-    EMAIL__TRUSTED_EMAIL_DOMAINS=siggymd.ai,example.com
+    EMAIL__TRUSTED_EMAIL_DOMAINS=mycompany.com,example.com
     # Allow all domains (no restrictions)
     EMAIL__TRUSTED_EMAIL_DOMAINS=
@@ -101,6 +132,8 @@ from authlib.integrations.starlette_client import OAuth
 from pydantic import BaseModel, EmailStr
 from loguru import logger
+from .common import ErrorResponse
 from ...settings import settings
 from ...services.postgres.service import PostgresService
 from ...services.user_service import UserService
@@ -159,7 +192,14 @@ class EmailVerifyRequest(BaseModel):
     code: str
-@router.post("/email/send-code")
+@router.post(
+    "/email/send-code",
+    responses={
+        400: {"model": ErrorResponse, "description": "Invalid request or email rejected"},
+        500: {"model": ErrorResponse, "description": "Failed to send login code"},
+        501: {"model": ErrorResponse, "description": "Email auth or database not configured"},
+    },
+)
 async def send_email_code(request: Request, body: EmailSendCodeRequest):
     """
     Send a login code to an email address.
@@ -221,11 +261,24 @@ async def send_email_code(request: Request, body: EmailSendCodeRequest):
         await db.disconnect()
-@router.post("/email/verify")
+@router.post(
+    "/email/verify",
+    responses={
+        400: {"model": ErrorResponse, "description": "Invalid or expired code"},
+        500: {"model": ErrorResponse, "description": "Failed to verify login code"},
+        501: {"model": ErrorResponse, "description": "Email auth or database not configured"},
+    },
+)
 async def verify_email_code(request: Request, body: EmailVerifyRequest):
     """
     Verify login code and create session with JWT tokens.
+    Supports two authentication methods:
+    1. Pre-approved codes: Codes from AUTH__PREAPPROVED_CODES bypass email verification.
+       - A prefix = admin role, B prefix = normal user role
+       - Creates user if not exists, logs in directly
+    2. Email verification: Standard 6-digit code sent via email
     Args:
         request: FastAPI request
         body: EmailVerifyRequest with email and code
@@ -233,12 +286,6 @@ async def verify_email_code(request: Request, body: EmailVerifyRequest):
     Returns:
         Success status with user info and JWT tokens
     """
-    if not settings.email.is_configured:
-        raise HTTPException(
-            status_code=501,
-            detail="Email authentication is not configured"
-        )
     if not settings.postgres.enabled:
         raise HTTPException(
             status_code=501,
@@ -248,6 +295,79 @@ async def verify_email_code(request: Request, body: EmailVerifyRequest):
     db = PostgresService()
     try:
         await db.connect()
+        user_service = UserService(db)
+        # Check for pre-approved code first
+        preapproved = settings.auth.check_preapproved_code(body.code)
+        if preapproved:
+            logger.info(f"Pre-approved code login attempt for {body.email} (role: {preapproved['role']})")
+            # Get or create user with pre-approved role
+            user_id = email_to_user_id(body.email)
+            user_entity = await user_service.get_user_by_id(user_id)
+            if not user_entity:
+                # Create new user with role from pre-approved code
+                user_entity = await user_service.get_or_create_user(
+                    email=body.email,
+                    name=body.email.split("@")[0],
+                    tenant_id="default",
+                )
+                # Update role based on pre-approved code prefix
+                user_entity.role = preapproved["role"]
+                from ...services.postgres.repository import Repository
+                from ...models.entities.user import User
+                user_repo = Repository(User, "users", db=db)
+                await user_repo.upsert(user_entity)
+                logger.info(f"Created user {body.email} with role={preapproved['role']} via pre-approved code")
+            else:
+                # Update existing user's role if admin code used
+                if preapproved["role"] == "admin" and user_entity.role != "admin":
+                    user_entity.role = "admin"
+                    from ...services.postgres.repository import Repository
+                    from ...models.entities.user import User
+                    user_repo = Repository(User, "users", db=db)
+                    await user_repo.upsert(user_entity)
+                    logger.info(f"Upgraded user {body.email} to admin via pre-approved code")
+            # Build user dict for session/JWT
+            user_dict = {
+                "id": str(user_entity.id),
+                "email": body.email,
+                "email_verified": True,
+                "name": user_entity.name or body.email.split("@")[0],
+                "provider": "preapproved",
+                "tenant_id": user_entity.tenant_id or "default",
+                "tier": user_entity.tier.value if user_entity.tier else "free",
+                "role": user_entity.role or preapproved["role"],
+                "roles": [user_entity.role or preapproved["role"]],
+            }
+            # Generate JWT tokens
+            jwt_service = get_jwt_service()
+            tokens = jwt_service.create_tokens(user_dict)
+            # Store user in session
+            request.session["user"] = user_dict
+            logger.info(f"User authenticated via pre-approved code: {body.email} (role: {user_dict['role']})")
+            return {
+                "success": True,
+                "message": "Successfully authenticated with pre-approved code!",
+                "user": user_dict,
+                "access_token": tokens["access_token"],
+                "refresh_token": tokens["refresh_token"],
+                "token_type": tokens["token_type"],
+                "expires_in": tokens["expires_in"],
+            }
+        # Standard email verification flow
+        if not settings.email.is_configured:
+            raise HTTPException(
+                status_code=501,
+                detail="Email authentication is not configured"
+            )
         # Initialize email auth provider
         email_auth = EmailAuthProvider()
@@ -272,7 +392,6 @@ async def verify_email_code(request: Request, body: EmailVerifyRequest):
         )
         # Fetch actual user data from database to get role/tier
-        user_service = UserService(db)
         try:
             user_entity = await user_service.get_user_by_id(result.user_id)
             if user_entity:
@@ -319,7 +438,13 @@ async def verify_email_code(request: Request, body: EmailVerifyRequest):
 # =============================================================================
-@router.get("/{provider}/login")
+@router.get(
+    "/{provider}/login",
+    responses={
+        400: {"model": ErrorResponse, "description": "Unknown OAuth provider"},
+        501: {"model": ErrorResponse, "description": "Authentication is disabled"},
+    },
+)
 async def login(provider: str, request: Request):
     """
     Initiate OAuth flow with provider.
@@ -361,7 +486,13 @@ async def login(provider: str, request: Request):
     return await client.authorize_redirect(request, redirect_uri)
-@router.get("/{provider}/callback")
+@router.get(
+    "/{provider}/callback",
+    responses={
+        400: {"model": ErrorResponse, "description": "Authentication failed or unknown provider"},
+        501: {"model": ErrorResponse, "description": "Authentication is disabled"},
+    },
+)
 async def callback(provider: str, request: Request):
     """
     OAuth callback endpoint.
@@ -498,7 +629,12 @@ async def logout(request: Request):
     return {"message": "Logged out successfully"}
-@router.get("/me")
+@router.get(
+    "/me",
+    responses={
+        401: {"model": ErrorResponse, "description": "Not authenticated"},
+    },
+)
 async def me(request: Request):
     """
     Get current user information from session or JWT.
@@ -536,11 +672,19 @@ class TokenRefreshRequest(BaseModel):
     refresh_token: str
-@router.post("/token/refresh")
+@router.post(
+    "/token/refresh",
+    responses={
+        401: {"model": ErrorResponse, "description": "Invalid or expired refresh token"},
+    },
+)
 async def refresh_token(body: TokenRefreshRequest):
     """
     Refresh access token using refresh token.
+    Fetches the user's current role/tier from the database to ensure
+    the new access token reflects their actual permissions.
     Args:
         body: TokenRefreshRequest with refresh_token
@@ -548,7 +692,46 @@ async def refresh_token(body: TokenRefreshRequest):
         New access token or 401 if refresh token is invalid
     """
     jwt_service = get_jwt_service()
-    result = jwt_service.refresh_access_token(body.refresh_token)
+    # First decode the refresh token to get user_id (without full verification yet)
+    payload = jwt_service.decode_without_verification(body.refresh_token)
+    if not payload:
+        raise HTTPException(
+            status_code=401,
+            detail="Invalid refresh token format"
+        )
+    user_id = payload.get("sub")
+    if not user_id:
+        raise HTTPException(
+            status_code=401,
+            detail="Invalid refresh token: missing user ID"
+        )
+    # Fetch user from database to get current role/tier
+    user_override = None
+    if settings.postgres.enabled:
+        db = PostgresService()
+        try:
+            await db.connect()
+            user_service = UserService(db)
+            user_entity = await user_service.get_user_by_id(user_id)
+            if user_entity:
+                user_override = {
+                    "role": user_entity.role or "user",
+                    "roles": [user_entity.role] if user_entity.role else ["user"],
+                    "tier": user_entity.tier.value if user_entity.tier else "free",
+                    "name": user_entity.name,
+                }
+                logger.debug(f"Refresh token: fetched user {user_id} with role={user_override['role']}, tier={user_override['tier']}")
+        except Exception as e:
+            logger.warning(f"Could not fetch user for token refresh: {e}")
+            # Continue without override - will use defaults
+        finally:
+            await db.disconnect()
+    # Now do the actual refresh with proper verification
+    result = jwt_service.refresh_access_token(body.refresh_token, user_override=user_override)
     if not result:
         raise HTTPException(
@@ -559,7 +742,12 @@ async def refresh_token(body: TokenRefreshRequest):
     return result
-@router.post("/token/verify")
+@router.post(
+    "/token/verify",
+    responses={
+        401: {"model": ErrorResponse, "description": "Missing, invalid, or expired token"},
+    },
+)
 async def verify_token(request: Request):
     """
     Verify an access token is valid.
@@ -623,7 +811,12 @@ def verify_dev_token(token: str) -> bool:
     return token == expected
-@router.get("/dev/token")
+@router.get(
+    "/dev/token",
+    responses={
+        401: {"model": ErrorResponse, "description": "Dev tokens not available in production"},
+    },
+)
 async def get_dev_token(request: Request):
     """
     Get a development token for testing (non-production only).
@@ -659,7 +852,13 @@ async def get_dev_token(request: Request):
     }
-@router.get("/dev/mock-code/{email}")
+@router.get(
+    "/dev/mock-code/{email}",
+    responses={
+        401: {"model": ErrorResponse, "description": "Mock codes not available in production"},
+        404: {"model": ErrorResponse, "description": "No code found for email"},
+    },
+)
 async def get_mock_code(email: str, request: Request):
     """
     Get the mock login code for testing (non-production only).

remdb 0.3.180__py3-none-any.whl → 0.3.258__py3-none-any.whl

remdb 0.3.180py3-none-any.whl → 0.3.258py3-none-any.whl