rossum-agent 1.0.0rc0__py3-none-any.whl

rossum_agent/api/cli.py

@@ -0,0 +1,51 @@
+"""CLI for testing API SSE events."""
+
+from __future__ import annotations
+
+import argparse
+import os
+import sys
+
+import httpx
+
+
+def main() -> None:
+    """Send a prompt to the API and print SSE events."""
+    parser = argparse.ArgumentParser(description="Test Rossum Agent API SSE events")
+    parser.add_argument("prompt", nargs="?", help="Prompt to send")
+    parser.add_argument("--api-url", default="http://127.0.0.1:8000", help="API base URL")
+    args = parser.parse_args()
+
+    token = os.environ.get("ROSSUM_API_TOKEN")
+    rossum_url = os.environ.get("ROSSUM_API_BASE_URL")
+
+    if not token:
+        print("Error: ROSSUM_API_TOKEN is required.", file=sys.stderr)
+        sys.exit(1)
+    if not rossum_url:
+        print("Error: ROSSUM_API_BASE_URL is required.", file=sys.stderr)
+        sys.exit(1)
+    assert token and rossum_url
+
+    prompt = args.prompt or input("Prompt: ")
+    headers: dict[str, str] = {"X-Rossum-Token": token, "X-Rossum-Api-Url": rossum_url}
+
+    with httpx.Client(timeout=300) as client:
+        resp = client.post(f"{args.api_url}/api/v1/chats", headers=headers)
+        resp.raise_for_status()
+        data = resp.json()
+        chat_id = data.get("id") or data.get("chat_id")
+        print(f"Created chat: {chat_id} (response: {data})\n")
+
+        print(f"{'=' * 60}\nSSE EVENTS:\n{'=' * 60}")
+        with client.stream(
+            "POST", f"{args.api_url}/api/v1/chats/{chat_id}/messages", headers=headers, json={"content": prompt}
+        ) as response:
+            response.raise_for_status()
+            for line in response.iter_lines():
+                if line:
+                    print(line)
+
+
+if __name__ == "__main__":
+    main()

rossum_agent/api/dependencies.py

@@ -0,0 +1,190 @@
+"""FastAPI dependencies for the API."""
+
+from __future__ import annotations
+
+import json
+import logging
+import os
+import re
+from dataclasses import dataclass
+from typing import Annotated  # noqa: TC003 - Required at runtime for FastAPI dependency injection
+from urllib.parse import urlparse
+
+import httpx
+from fastapi import Header, HTTPException, status
+
+logger = logging.getLogger(__name__)
+
+# Base allowed hosts pattern
+_BASE_ALLOWED_HOSTS = (
+    r"elis\.rossum\.ai|api\.elis\.rossum\.ai|(.*\.)?api\.rossum\.ai|.*\.rossum\.app|(elis|api\.elis)\.develop\.r8\.lol"
+)
+
+# Additional hosts from environment variable (comma-separated regex patterns)
+# Example: ADDITIONAL_ALLOWED_ROSSUM_HOSTS=".*\.review\.r8\.lol,.*\.staging\.example\.com"
+_ADDITIONAL_HOSTS = os.environ.get("ADDITIONAL_ALLOWED_ROSSUM_HOSTS", "")
+
+
+def _build_allowed_hosts_pattern() -> re.Pattern[str]:
+    """Build the allowed hosts regex pattern including any additional hosts."""
+    patterns = [_BASE_ALLOWED_HOSTS]
+    if _ADDITIONAL_HOSTS:
+        additional = [p.strip() for p in _ADDITIONAL_HOSTS.split(",") if p.strip()]
+        patterns.extend(additional)
+    return re.compile(f"^({'|'.join(patterns)})$")
+
+
+ALLOWED_ROSSUM_HOST_PATTERN = _build_allowed_hosts_pattern()
+
+
+def validate_rossum_api_url(url: str) -> str:
+    """Validate that the Rossum API URL is a trusted Rossum domain.
+
+    This prevents SSRF attacks by ensuring we only make requests to known Rossum endpoints.
+
+    Args:
+        url: The API URL to validate.
+
+    Returns:
+        The validated and normalized API base URL.
+
+    Raises:
+        HTTPException: If the URL is not a valid Rossum API endpoint.
+    """
+    try:
+        parsed = urlparse(url)
+    except ValueError as e:
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid X-Rossum-Api-Url format") from e
+
+    if parsed.scheme != "https":
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="X-Rossum-Api-Url must use HTTPS",
+        )
+
+    if not parsed.hostname:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid X-Rossum-Api-Url: missing hostname"
+        )
+
+    if not ALLOWED_ROSSUM_HOST_PATTERN.match(parsed.hostname):
+        logger.warning(f"Rejected non-Rossum API URL: {parsed.hostname}")
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="X-Rossum-Api-Url must be a valid Rossum API endpoint",
+        )
+
+    api_base = f"{parsed.scheme}://{parsed.hostname}"
+    if parsed.port and parsed.port != 443:
+        api_base = f"{api_base}:{parsed.port}"
+
+    # Preserve /api prefix if present (some Rossum environments use /api/v1 path)
+    if parsed.path:
+        path = parsed.path.rstrip("/")
+        # Strip /v1 suffix to avoid duplication when we append /v1/auth/user
+        if path.endswith("/v1"):
+            path = path[:-3]
+        if path:
+            api_base = f"{api_base}{path}"
+
+    return api_base
+
+
+@dataclass
+class RossumCredentials:
+    """Rossum API credentials extracted from request headers."""
+
+    token: str
+    api_url: str
+    user_id: str | None = None
+
+
+async def get_rossum_credentials(
+    x_rossum_token: Annotated[str, Header(alias="X-Rossum-Token")],
+    x_rossum_api_url: Annotated[str, Header(alias="X-Rossum-Api-Url")],
+) -> RossumCredentials:
+    """Extract and validate Rossum credentials from request headers.
+
+    Args:
+        x_rossum_token: Rossum API token from X-Rossum-Token header.
+        x_rossum_api_url: Rossum API URL from X-Rossum-Api-Url header.
+
+    Returns:
+        RossumCredentials with token and API URL.
+
+    Raises:
+        HTTPException: If credentials are missing or invalid.
+    """
+    if not x_rossum_token:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Missing X-Rossum-Token header")
+    if not x_rossum_api_url:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Missing X-Rossum-Api-Url header")
+
+    return RossumCredentials(token=x_rossum_token, api_url=x_rossum_api_url)
+
+
+async def get_validated_credentials(
+    x_rossum_token: Annotated[str, Header(alias="X-Rossum-Token")],
+    x_rossum_api_url: Annotated[str, Header(alias="X-Rossum-Api-Url")],
+) -> RossumCredentials:
+    """Extract credentials and validate against Rossum API.
+
+    Validates the token by calling the Rossum API /v1/auth/user endpoint.
+    Extracts user ID from the response for user isolation.
+
+    Args:
+        x_rossum_token: Rossum API token from X-Rossum-Token header.
+        x_rossum_api_url: Rossum API URL from X-Rossum-Api-Url header.
+
+    Returns:
+        RossumCredentials with token, API URL, and user_id.
+
+    Raises:
+        HTTPException: If credentials are missing or invalid.
+    """
+    credentials = await get_rossum_credentials(x_rossum_token, x_rossum_api_url)
+
+    # Validate and normalize API URL to prevent SSRF
+    api_base = validate_rossum_api_url(credentials.api_url)
+    # Strip trailing /v1 to avoid duplication (URL might be .../api or .../api/v1)
+    api_base_normalized = api_base.rstrip("/")
+    if api_base_normalized.endswith("/v1"):
+        api_base_normalized = api_base_normalized[:-3]
+
+    try:
+        async with httpx.AsyncClient() as client:
+            response = await client.get(
+                f"{api_base_normalized}/v1/auth/user",
+                headers={"Authorization": f"Bearer {credentials.token}"},
+                timeout=10.0,
+            )
+
+            if response.status_code == 401:
+                raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid Rossum API token")
+
+            if response.status_code != 200:
+                logger.warning(f"Rossum API returned {response.status_code}")
+                raise HTTPException(
+                    status_code=status.HTTP_502_BAD_GATEWAY, detail="Failed to validate token with Rossum API"
+                )
+
+            try:
+                user_data = response.json()
+            except json.JSONDecodeError as e:
+                logger.error(f"Rossum API returned invalid JSON: {e}. Response text: {response.text!r}")
+                raise HTTPException(
+                    status_code=status.HTTP_502_BAD_GATEWAY, detail="Rossum API returned invalid response"
+                ) from e
+
+            user_id = str(user_data.get("id", ""))
+
+            if not user_id:
+                raise HTTPException(
+                    status_code=status.HTTP_502_BAD_GATEWAY, detail="Rossum API did not return user ID"
+                )
+
+            return RossumCredentials(token=credentials.token, api_url=credentials.api_url, user_id=user_id)
+
+    except httpx.RequestError as e:
+        logger.error(f"Failed to connect to Rossum API: {e}")
+        raise HTTPException(status_code=status.HTTP_502_BAD_GATEWAY, detail="Failed to connect to Rossum API") from e

rossum_agent/api/main.py

@@ -0,0 +1,180 @@
+"""FastAPI application entry point."""
+
+from __future__ import annotations
+
+import argparse
+import logging
+import os
+import sys
+from contextlib import asynccontextmanager
+from typing import TYPE_CHECKING
+
+from fastapi import FastAPI, Request, status
+
+if TYPE_CHECKING:
+    from collections.abc import AsyncGenerator
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.responses import JSONResponse
+from slowapi import Limiter
+from slowapi.errors import RateLimitExceeded
+from slowapi.util import get_remote_address
+from starlette.middleware.base import BaseHTTPMiddleware
+
+from rossum_agent.api.routes import chats, files, health, messages
+from rossum_agent.api.services.agent_service import AgentService
+from rossum_agent.api.services.chat_service import ChatService
+from rossum_agent.api.services.file_service import FileService
+
+logger = logging.getLogger(__name__)
+
+MAX_REQUEST_SIZE = 10 * 1024 * 1024  # 10 MB (supports image uploads)
+
+limiter = Limiter(key_func=get_remote_address)
+
+
+class RequestSizeLimitMiddleware(BaseHTTPMiddleware):
+    """Middleware to limit request body size."""
+
+    async def dispatch(self, request: Request, call_next):
+        content_length = request.headers.get("content-length")
+        if content_length and int(content_length) > MAX_REQUEST_SIZE:
+            return JSONResponse(
+                status_code=status.HTTP_413_REQUEST_ENTITY_TOO_LARGE,
+                content={"detail": f"Request body too large. Maximum size is {MAX_REQUEST_SIZE // 1024} KB."},
+            )
+        return await call_next(request)
+
+
+def rate_limit_exceeded_handler(request: Request, exc: RateLimitExceeded) -> JSONResponse:
+    """Handle rate limit exceeded errors."""
+    return JSONResponse(
+        status_code=status.HTTP_429_TOO_MANY_REQUESTS,
+        content={"detail": f"Rate limit exceeded: {exc.detail}"},
+    )
+
+
+_chat_service: ChatService | None = None
+_agent_service: AgentService | None = None
+_file_service: FileService | None = None
+
+
+def get_chat_service() -> ChatService:
+    """Get the shared ChatService instance."""
+    global _chat_service
+    if _chat_service is None:
+        _chat_service = ChatService()
+    return _chat_service
+
+
+def get_agent_service() -> AgentService:
+    """Get the shared AgentService instance."""
+    global _agent_service
+    if _agent_service is None:
+        _agent_service = AgentService()
+    return _agent_service
+
+
+def get_file_service() -> FileService:
+    """Get the shared FileService instance."""
+    global _file_service
+    if _file_service is None:
+        _file_service = FileService(get_chat_service().storage)
+    return _file_service
+
+
+@asynccontextmanager
+async def lifespan(app: FastAPI) -> AsyncGenerator[None]:
+    """Lifespan context manager for startup and shutdown events."""
+    logging.basicConfig(level=logging.INFO, format="%(asctime)s - %(name)s - %(levelname)s - %(message)s")
+    logger.info("Rossum Agent API starting up...")
+
+    chat_service = get_chat_service()
+    if chat_service.is_connected():
+        logger.info("Redis connection established")
+    else:
+        logger.warning("Redis connection failed - some features may not work")
+
+    yield
+
+    logger.info("Rossum Agent API shutting down...")
+    if _chat_service is not None:
+        _chat_service.storage.close()
+
+
+app = FastAPI(
+    title="Rossum Agent API",
+    description="REST API for Rossum Agent - AI-powered document processing assistant",
+    version="0.2.0",
+    docs_url="/api/docs",
+    redoc_url="/api/redoc",
+    openapi_url="/api/openapi.json",
+    lifespan=lifespan,
+)
+
+app.state.limiter = limiter
+app.add_exception_handler(RateLimitExceeded, rate_limit_exceeded_handler)
+
+app.add_middleware(RequestSizeLimitMiddleware)
+
+
+def _build_cors_origin_regex() -> str:
+    """Build CORS origin regex including any additional allowed hosts."""
+    patterns = [r".*\.rossum\.app"]
+    additional_hosts = os.environ.get("ADDITIONAL_ALLOWED_ROSSUM_HOSTS", "")
+    if additional_hosts:
+        patterns.extend(p.strip() for p in additional_hosts.split(",") if p.strip())
+    return rf"https://({'|'.join(patterns)})"
+
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=[
+        "https://elis.rossum.ai",
+        "https://elis.develop.r8.lol",
+    ],
+    allow_origin_regex=_build_cors_origin_regex(),
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+health.set_chat_service_getter(get_chat_service)
+chats.set_chat_service_getter(get_chat_service)
+messages.set_chat_service_getter(get_chat_service)
+messages.set_agent_service_getter(get_agent_service)
+files.set_chat_service_getter(get_chat_service)
+files.set_file_service_getter(get_file_service)
+
+app.include_router(health.router, prefix="/api/v1")
+app.include_router(chats.router, prefix="/api/v1")
+app.include_router(messages.router, prefix="/api/v1")
+app.include_router(files.router, prefix="/api/v1")
+
+
+def main() -> None:
+    """CLI entry point for the API server."""
+    parser = argparse.ArgumentParser(description="Run the Rossum Agent API server")
+    parser.add_argument("--host", default="127.0.0.1", help="Host to bind to (default: 127.0.0.1)")
+    parser.add_argument("--port", type=int, default=8000, help="Port to listen on (default: 8000)")
+    parser.add_argument("--reload", action="store_true", help="Enable auto-reload for development")
+    parser.add_argument("--workers", type=int, default=1, help="Number of worker processes (default: 1)")
+
+    args = parser.parse_args()
+
+    try:
+        import uvicorn  # noqa: PLC0415
+    except ImportError:
+        print("Error: uvicorn is required. Install with: uv pip install 'rossum-agent[api]'")
+        sys.exit(1)
+
+    uvicorn.run(
+        "rossum_agent.api.main:app",
+        host=args.host,
+        port=args.port,
+        reload=args.reload,
+        workers=args.workers if not args.reload else 1,
+    )
+
+
+if __name__ == "__main__":
+    main()

rossum_agent/api/models/__init__.py

@@ -0,0 +1 @@
+"""Pydantic models for API requests and responses."""