router-maestro 0.1.2__py3-none-any.whl

router_maestro/__init__.py

@@ -0,0 +1,3 @@
+"""Router-Maestro: Multi-model routing and load balancing system."""
+
+__version__ = "0.1.2"

router_maestro/__main__.py

@@ -0,0 +1,6 @@
+"""CLI entry point for router-maestro."""
+
+from router_maestro.cli.main import app
+
+if __name__ == "__main__":
+    app()

router_maestro/auth/__init__.py

@@ -0,0 +1,18 @@
+"""Auth module for router-maestro."""
+
+from router_maestro.auth.manager import AuthManager, run_async
+from router_maestro.auth.storage import (
+    ApiKeyCredential,
+    AuthStorage,
+    AuthType,
+    OAuthCredential,
+)
+
+__all__ = [
+    "AuthManager",
+    "AuthStorage",
+    "AuthType",
+    "OAuthCredential",
+    "ApiKeyCredential",
+    "run_async",
+]

router_maestro/auth/github_oauth.py

@@ -0,0 +1,181 @@
+"""GitHub OAuth Device Flow implementation for Copilot."""
+
+import time
+from dataclasses import dataclass
+
+import httpx
+
+# GitHub OAuth constants (from copilot-api)
+GITHUB_CLIENT_ID = "Iv1.b507a08c87ecfe98"
+GITHUB_DEVICE_CODE_URL = "https://github.com/login/device/code"
+GITHUB_ACCESS_TOKEN_URL = "https://github.com/login/oauth/access_token"
+COPILOT_TOKEN_URL = "https://api.github.com/copilot_internal/v2/token"
+
+DEFAULT_POLL_INTERVAL = 5  # seconds
+
+
+@dataclass
+class DeviceCodeResponse:
+    """Response from device code request."""
+
+    device_code: str
+    user_code: str
+    verification_uri: str
+    expires_in: int
+    interval: int
+
+
+@dataclass
+class AccessTokenResponse:
+    """Response from access token request."""
+
+    access_token: str
+    token_type: str
+    scope: str
+
+
+@dataclass
+class CopilotTokenResponse:
+    """Response from Copilot token request."""
+
+    token: str
+    expires_at: int
+    refresh_in: int
+
+
+class GitHubOAuthError(Exception):
+    """Error during GitHub OAuth flow."""
+
+    pass
+
+
+async def request_device_code(client: httpx.AsyncClient) -> DeviceCodeResponse:
+    """Request a device code from GitHub.
+
+    Args:
+        client: HTTP client
+
+    Returns:
+        Device code response with user_code and verification_uri
+    """
+    response = await client.post(
+        GITHUB_DEVICE_CODE_URL,
+        json={"client_id": GITHUB_CLIENT_ID, "scope": "read:user"},
+        headers={"Accept": "application/json", "Content-Type": "application/json"},
+    )
+    response.raise_for_status()
+    data = response.json()
+
+    return DeviceCodeResponse(
+        device_code=data["device_code"],
+        user_code=data["user_code"],
+        verification_uri=data["verification_uri"],
+        expires_in=data["expires_in"],
+        interval=data.get("interval", DEFAULT_POLL_INTERVAL),
+    )
+
+
+async def poll_access_token(
+    client: httpx.AsyncClient,
+    device_code: str,
+    interval: int = DEFAULT_POLL_INTERVAL,
+    timeout: int = 900,
+) -> AccessTokenResponse:
+    """Poll GitHub for access token after user authorization.
+
+    Args:
+        client: HTTP client
+        device_code: Device code from request_device_code
+        interval: Polling interval in seconds
+        timeout: Maximum time to wait in seconds
+
+    Returns:
+        Access token response
+
+    Raises:
+        GitHubOAuthError: If authorization fails or times out
+    """
+    start_time = time.time()
+
+    while time.time() - start_time < timeout:
+        response = await client.post(
+            GITHUB_ACCESS_TOKEN_URL,
+            json={
+                "client_id": GITHUB_CLIENT_ID,
+                "device_code": device_code,
+                "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
+            },
+            headers={"Accept": "application/json", "Content-Type": "application/json"},
+        )
+        response.raise_for_status()
+        data = response.json()
+
+        if "access_token" in data:
+            return AccessTokenResponse(
+                access_token=data["access_token"],
+                token_type=data["token_type"],
+                scope=data["scope"],
+            )
+
+        error = data.get("error")
+        if error == "authorization_pending":
+            # User hasn't authorized yet, keep polling
+            await _async_sleep(interval)
+        elif error == "slow_down":
+            # We're polling too fast, increase interval
+            interval += 5
+            await _async_sleep(interval)
+        elif error == "expired_token":
+            raise GitHubOAuthError("Device code expired. Please try again.")
+        elif error == "access_denied":
+            raise GitHubOAuthError("Authorization denied by user.")
+        else:
+            raise GitHubOAuthError(f"Unknown error: {error}")
+
+    raise GitHubOAuthError("Authorization timed out. Please try again.")
+
+
+async def get_copilot_token(
+    client: httpx.AsyncClient,
+    github_token: str,
+) -> CopilotTokenResponse:
+    """Exchange GitHub token for Copilot token.
+
+    Args:
+        client: HTTP client
+        github_token: GitHub access token
+
+    Returns:
+        Copilot token response
+    """
+    # Headers matching copilot-api's githubHeaders
+    headers = {
+        "Authorization": f"token {github_token}",
+        "Accept": "application/json",
+        "Content-Type": "application/json",
+        "Editor-Version": "vscode/1.104.3",
+        "Editor-Plugin-Version": "copilot-chat/0.26.7",
+        "User-Agent": "GitHubCopilotChat/0.26.7",
+        "X-GitHub-Api-Version": "2025-04-01",
+        "X-Vscode-User-Agent-Library-Version": "electron-fetch",
+    }
+
+    response = await client.get(
+        COPILOT_TOKEN_URL,
+        headers=headers,
+    )
+    response.raise_for_status()
+    data = response.json()
+
+    return CopilotTokenResponse(
+        token=data["token"],
+        expires_at=data["expires_at"],
+        refresh_in=data.get("refresh_in", 1800000),  # Default 30 minutes in ms
+    )
+
+
+async def _async_sleep(seconds: float) -> None:
+    """Async sleep helper."""
+    import asyncio
+
+    await asyncio.sleep(seconds)

router_maestro/auth/manager.py

@@ -0,0 +1,136 @@
+"""Authentication manager for all providers."""
+
+import asyncio
+
+import httpx
+from rich.console import Console
+
+from router_maestro.auth.github_oauth import (
+    GitHubOAuthError,
+    get_copilot_token,
+    poll_access_token,
+    request_device_code,
+)
+from router_maestro.auth.storage import (
+    ApiKeyCredential,
+    AuthStorage,
+    OAuthCredential,
+)
+
+console = Console()
+
+
+class AuthManager:
+    """Manager for authentication with various providers."""
+
+    def __init__(self) -> None:
+        self.storage = AuthStorage.load()
+
+    def save(self) -> None:
+        """Save credentials to storage."""
+        self.storage.save()
+
+    def list_authenticated(self) -> list[str]:
+        """List all authenticated providers."""
+        return self.storage.list_providers()
+
+    def is_authenticated(self, provider: str) -> bool:
+        """Check if a provider is authenticated."""
+        return self.storage.get(provider) is not None
+
+    def get_credential(self, provider: str):
+        """Get credential for a provider."""
+        return self.storage.get(provider)
+
+    def logout(self, provider: str) -> bool:
+        """Log out from a provider."""
+        result = self.storage.remove(provider)
+        if result:
+            self.save()
+        return result
+
+    async def login_copilot(self) -> bool:
+        """Authenticate with GitHub Copilot using Device Flow.
+
+        Returns:
+            True if authentication was successful
+        """
+        async with httpx.AsyncClient() as client:
+            # Step 1: Request device code
+            console.print("[yellow]Requesting device code from GitHub...[/yellow]")
+            try:
+                device_code = await request_device_code(client)
+            except httpx.HTTPError as e:
+                console.print(f"[red]Failed to get device code: {e}[/red]")
+                return False
+
+            # Step 2: Show user code and verification URL
+            console.print()
+            console.print(
+                "[bold green]Please visit the following URL and enter the code:[/bold green]"
+            )
+            uri = device_code.verification_uri
+            console.print(f"  URL: [link={uri}]{uri}[/link]")
+            console.print(f"  Code: [bold cyan]{device_code.user_code}[/bold cyan]")
+            console.print()
+            console.print("[dim]Waiting for authorization...[/dim]")
+
+            # Step 3: Poll for access token
+            try:
+                access_token = await poll_access_token(
+                    client,
+                    device_code.device_code,
+                    interval=device_code.interval,
+                )
+            except GitHubOAuthError as e:
+                console.print(f"[red]Authorization failed: {e}[/red]")
+                return False
+
+            console.print("[green]GitHub authorization successful![/green]")
+
+            # Step 4: Get Copilot token
+            console.print("[yellow]Getting Copilot token...[/yellow]")
+            try:
+                copilot_token = await get_copilot_token(client, access_token.access_token)
+            except httpx.HTTPError as e:
+                console.print(f"[red]Failed to get Copilot token: {e}[/red]")
+                console.print(
+                    "[dim]Note: Make sure you have an active GitHub Copilot subscription.[/dim]"
+                )
+                return False
+
+            # Step 5: Save credentials
+            self.storage.set(
+                "github-copilot",
+                OAuthCredential(
+                    refresh=access_token.access_token,  # GitHub token for refresh
+                    access=copilot_token.token,  # Copilot token for API calls
+                    expires=copilot_token.expires_at,
+                ),
+            )
+            self.save()
+
+            console.print(
+                "[bold green]Successfully authenticated with GitHub Copilot![/bold green]"
+            )
+            return True
+
+    def login_api_key(self, provider: str, api_key: str) -> bool:
+        """Authenticate with an API key.
+
+        Args:
+            provider: Provider name (e.g., "openai", "anthropic")
+            api_key: API key
+
+        Returns:
+            True if authentication was successful
+        """
+        self.storage.set(provider, ApiKeyCredential(key=api_key))
+        self.save()
+        console.print(f"[green]Successfully saved API key for {provider}[/green]")
+        return True
+
+
+def run_async(coro):
+    """Run an async coroutine in sync context."""
+    return asyncio.get_event_loop().run_until_complete(coro)

router_maestro/auth/storage.py

@@ -0,0 +1,91 @@
+"""Auth storage for credentials."""
+
+import json
+from enum import Enum
+from pathlib import Path
+
+from pydantic import BaseModel, Field
+
+from router_maestro.config.paths import AUTH_FILE
+
+
+class AuthType(str, Enum):
+    """Authentication type."""
+
+    OAUTH = "oauth"
+    API_KEY = "api"
+
+
+class OAuthCredential(BaseModel):
+    """OAuth credential storage."""
+
+    type: AuthType = AuthType.OAUTH
+    refresh: str = Field(..., description="Refresh token")
+    access: str = Field(..., description="Access token")
+    expires: int = Field(default=0, description="Expiration timestamp (0 = never)")
+
+
+class ApiKeyCredential(BaseModel):
+    """API key credential storage."""
+
+    type: AuthType = AuthType.API_KEY
+    key: str = Field(..., description="API key")
+
+
+Credential = OAuthCredential | ApiKeyCredential
+
+
+class AuthStorage(BaseModel):
+    """Root storage for all credentials."""
+
+    credentials: dict[str, Credential] = Field(default_factory=dict)
+
+    @classmethod
+    def load(cls, path: Path = AUTH_FILE) -> "AuthStorage":
+        """Load credentials from file."""
+        if not path.exists():
+            return cls()
+
+        with open(path, encoding="utf-8") as f:
+            data = json.load(f)
+
+        # Parse credentials based on type
+        credentials = {}
+        for name, cred_data in data.items():
+            if cred_data.get("type") == "oauth":
+                credentials[name] = OAuthCredential.model_validate(cred_data)
+            elif cred_data.get("type") == "api":
+                credentials[name] = ApiKeyCredential.model_validate(cred_data)
+
+        return cls(credentials=credentials)
+
+    def save(self, path: Path = AUTH_FILE) -> None:
+        """Save credentials to file."""
+        path.parent.mkdir(parents=True, exist_ok=True)
+
+        # Convert to dict format matching the spec
+        data = {}
+        for name, cred in self.credentials.items():
+            data[name] = cred.model_dump(mode="json")
+
+        with open(path, "w", encoding="utf-8") as f:
+            json.dump(data, f, indent=2, ensure_ascii=False)
+
+    def get(self, provider: str) -> Credential | None:
+        """Get credential for a provider."""
+        return self.credentials.get(provider)
+
+    def set(self, provider: str, credential: Credential) -> None:
+        """Set credential for a provider."""
+        self.credentials[provider] = credential
+
+    def remove(self, provider: str) -> bool:
+        """Remove credential for a provider. Returns True if removed."""
+        if provider in self.credentials:
+            del self.credentials[provider]
+            return True
+        return False
+
+    def list_providers(self) -> list[str]:
+        """List all authenticated providers."""
+        return list(self.credentials.keys())

router_maestro/cli/__init__.py

@@ -0,0 +1 @@
+"""CLI module for router-maestro."""

router_maestro/cli/auth.py

@@ -0,0 +1,167 @@
+"""Authentication management commands."""
+
+import asyncio
+
+import typer
+from rich.console import Console
+from rich.prompt import Prompt
+from rich.table import Table
+
+from router_maestro.cli.client import AdminClient, ServerNotRunningError, get_admin_client
+
+app = typer.Typer(no_args_is_help=True)
+console = Console()
+
+PROVIDERS = {
+    "github-copilot": {"name": "GitHub Copilot", "auth_type": "oauth"},
+    "openai": {"name": "OpenAI", "auth_type": "api"},
+    "anthropic": {"name": "Anthropic", "auth_type": "api"},
+}
+
+
+def _handle_server_error(e: Exception) -> None:
+    """Handle server connection errors."""
+    if isinstance(e, ServerNotRunningError):
+        console.print(f"[red]{e}[/red]")
+    else:
+        console.print(f"[red]Error: {e}[/red]")
+    raise typer.Exit(1)
+
+
+@app.command()
+def login(
+    provider: str = typer.Argument(None, help="Provider to authenticate with"),
+) -> None:
+    """Authenticate with a provider (interactive selection if not specified)."""
+    client = get_admin_client()
+
+    if provider is None:
+        # Interactive selection - get current status from server
+        try:
+            authenticated = asyncio.run(client.list_auth())
+            auth_providers = {p["provider"] for p in authenticated}
+        except Exception as e:
+            _handle_server_error(e)
+            return
+
+        console.print("\n[bold]Available providers:[/bold]")
+        for i, (key, info) in enumerate(PROVIDERS.items(), 1):
+            status = "[green]✓[/green]" if key in auth_providers else "[dim]○[/dim]"
+            console.print(f"  {i}. {status} {info['name']} ({key})")
+
+        console.print()
+        choice = Prompt.ask(
+            "Select provider",
+            choices=[str(i) for i in range(1, len(PROVIDERS) + 1)],
+        )
+        provider = list(PROVIDERS.keys())[int(choice) - 1]
+
+    if provider not in PROVIDERS:
+        console.print(f"[red]Unknown provider: {provider}[/red]")
+        console.print(f"[dim]Available: {', '.join(PROVIDERS.keys())}[/dim]")
+        raise typer.Exit(1)
+
+    provider_info = PROVIDERS[provider]
+    console.print(f"\n[bold]Authenticating with {provider_info['name']}...[/bold]\n")
+
+    asyncio.run(_do_login(client, provider, provider_info))
+
+
+async def _do_login(client: AdminClient, provider: str, provider_info: dict) -> None:
+    """Handle authentication flow via HTTP API."""
+    try:
+        if provider_info["auth_type"] == "oauth":
+            # OAuth device flow
+            result = await client.login_oauth(provider)
+
+            console.print(
+                "[bold green]Please visit the following URL and enter the code:[/bold green]"
+            )
+            uri = result["verification_uri"]
+            console.print(f"  URL: [link={uri}]{uri}[/link]")
+            console.print(f"  Code: [bold cyan]{result['user_code']}[/bold cyan]")
+            console.print()
+            console.print("[dim]Waiting for authorization...[/dim]")
+
+            # Poll for completion
+            session_id = result["session_id"]
+            while True:
+                await asyncio.sleep(5)
+                status = await client.poll_oauth_status(session_id)
+
+                if status["status"] == "complete":
+                    console.print("[bold green]Successfully authenticated![/bold green]")
+                    break
+                elif status["status"] in ("error", "expired"):
+                    error_msg = status.get("error", "Authentication failed")
+                    console.print(f"[red]{error_msg}[/red]")
+                    raise typer.Exit(1)
+                # status == "pending" - continue polling
+        else:
+            # API key auth
+            api_key = Prompt.ask(f"Enter API key for {provider_info['name']}", password=True)
+            if not api_key:
+                console.print("[red]API key cannot be empty[/red]")
+                raise typer.Exit(1)
+
+            success = await client.login_api_key(provider, api_key)
+            if success:
+                console.print(f"[green]Successfully saved API key for {provider}[/green]")
+            else:
+                console.print(f"[red]Failed to save API key for {provider}[/red]")
+                raise typer.Exit(1)
+
+    except ServerNotRunningError as e:
+        console.print(f"[red]{e}[/red]")
+        raise typer.Exit(1)
+    except typer.Exit:
+        raise
+    except Exception as e:
+        console.print(f"[red]Failed to authenticate: {e}[/red]")
+        raise typer.Exit(1)
+
+
+@app.command()
+def logout(
+    provider: str = typer.Argument(..., help="Provider to log out from"),
+) -> None:
+    """Log out from a provider."""
+    client = get_admin_client()
+
+    try:
+        success = asyncio.run(client.logout(provider))
+        if success:
+            console.print(f"[green]Successfully logged out from {provider}[/green]")
+        else:
+            console.print(f"[yellow]Not authenticated with {provider}[/yellow]")
+    except Exception as e:
+        _handle_server_error(e)
+
+
+@app.command(name="list")
+def list_auth() -> None:
+    """List all authenticated providers."""
+    client = get_admin_client()
+
+    try:
+        authenticated = asyncio.run(client.list_auth())
+    except Exception as e:
+        _handle_server_error(e)
+        return
+
+    if not authenticated:
+        console.print("[dim]No providers authenticated yet.[/dim]")
+        console.print("[dim]Use 'router-maestro auth login' to authenticate.[/dim]")
+        return
+
+    table = Table(title="Authenticated Providers")
+    table.add_column("Provider", style="cyan")
+    table.add_column("Type", style="magenta")
+    table.add_column("Status", style="green")
+
+    for provider_info in authenticated:
+        auth_type = "OAuth" if provider_info["auth_type"] == "oauth" else "API Key"
+        status = "✓ Active" if provider_info["status"] == "active" else "⚠ Expired"
+        table.add_row(provider_info["provider"], auth_type, status)
+
+    console.print(table)