solace-agent-mesh 1.1.0__py3-none-any.whl → 1.3.0__py3-none-any.whl

solace_agent_mesh/gateway/http_sse/routers/artifacts.py

@@ -2,77 +2,81 @@
 FastAPI router for managing session-specific artifacts via REST endpoints.
 """
 
-from typing import (
-    List,
-    Dict,
-    Optional,
-    Union,
-    Any,
-    TYPE_CHECKING,
-)
+from collections.abc import Callable
+from typing import TYPE_CHECKING, Any
 
 from fastapi import (
     APIRouter,
     Depends,
-    HTTPException,
-    UploadFile,
     File,
+    Form,
+    HTTPException,
     Path,
+    UploadFile,
     status,
-    Form,
 )
-from fastapi.responses import StreamingResponse, Response
-from google.adk.artifacts import BaseArtifactService
+from fastapi.responses import Response, StreamingResponse
+
+try:
+    from google.adk.artifacts import BaseArtifactService
+except ImportError:
+
+    class BaseArtifactService:
+        pass
+
+
 import io
 import json
 from datetime import datetime, timezone
-from urllib.parse import urlparse, parse_qs, quote
-
-from ..dependencies import (
-    get_shared_artifact_service,
-    get_sac_component,
-    ensure_session_id,
-    get_user_id,
-    get_config_resolver,
-    get_user_config,
-)
+from urllib.parse import parse_qs, quote, urlparse
 
 from solace_ai_connector.common.log import log
 
-from ....common.middleware import ConfigResolver
 from ....common.a2a.types import ArtifactInfo
-from ....common.utils.mime_helpers import is_text_based_mime_type
+from ....common.middleware import ConfigResolver
 from ....common.utils.embeds import (
-    resolve_embeds_recursively_in_string,
-    evaluate_embed,
     LATE_EMBED_TYPES,
+    evaluate_embed,
+    resolve_embeds_recursively_in_string,
+)
+from ....common.utils.mime_helpers import is_text_based_mime_type
+from ..dependencies import (
+    get_config_resolver,
+    get_sac_component,
+    get_session_validator,
+    get_shared_artifact_service,
+    get_user_config,
+    get_user_id,
 )
-
 
 if TYPE_CHECKING:
     from ....gateway.http_sse.component import WebUIBackendComponent
+
 from ....agent.utils.artifact_helpers import (
-    get_artifact_info_list,
-    save_artifact_with_metadata,
-    load_artifact_content_or_metadata,
     DEFAULT_SCHEMA_MAX_KEYS,
     format_artifact_uri,
+    get_artifact_info_list,
+    load_artifact_content_or_metadata,
+    save_artifact_with_metadata,
 )
 
 router = APIRouter()
 
 
 @router.get(
-    "/{filename}/versions",
-    response_model=List[int],
+    "/{session_id}/{filename}/versions",
+    response_model=list[int],
     summary="List Artifact Versions",
     description="Retrieves a list of available version numbers for a specific artifact.",
 )
 async def list_artifact_versions(
+    session_id: str = Path(
+        ..., title="Session ID", description="The session ID to get artifacts from"
+    ),
     filename: str = Path(..., title="Filename", description="The name of the artifact"),
     artifact_service: BaseArtifactService = Depends(get_shared_artifact_service),
     user_id: str = Depends(get_user_id),
-    session_id: str = Depends(ensure_session_id),
+    validate_session: Callable[[str, str], bool] = Depends(get_session_validator),
     component: "WebUIBackendComponent" = Depends(get_sac_component),
     config_resolver: ConfigResolver = Depends(get_config_resolver),
     user_config: dict = Depends(get_user_config),
@@ -91,6 +95,14 @@ async def list_artifact_versions(
     log_prefix = f"[ArtifactRouter:ListVersions:{filename}] User={user_id}, Session={session_id} -"
     log.info("%s Request received.", log_prefix)
 
+    # Validate session exists and belongs to user
+    if not validate_session(session_id, user_id):
+        log.warning("%s Session validation failed or access denied.", log_prefix)
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Session not found or access denied.",
+        )
+
     if artifact_service is None:
         log.error("%s Artifact service is not configured or available.", log_prefix)
         raise HTTPException(
@@ -134,23 +146,32 @@ async def list_artifact_versions(
         )
 
 
+@router.get(
+    "/{session_id}",
+    response_model=list[ArtifactInfo],
+    summary="List Artifact Information",
+    description="Retrieves detailed information for artifacts available for the specified user session.",
+)
 @router.get(
     "/",
-    response_model=List[ArtifactInfo],
+    response_model=list[ArtifactInfo],
     summary="List Artifact Information",
     description="Retrieves detailed information for artifacts available for the current user session.",
 )
 async def list_artifacts(
+    session_id: str = Path(
+        ..., title="Session ID", description="The session ID to list artifacts for"
+    ),
     artifact_service: BaseArtifactService = Depends(get_shared_artifact_service),
     user_id: str = Depends(get_user_id),
-    session_id: str = Depends(ensure_session_id),
+    validate_session: Callable[[str, str], bool] = Depends(get_session_validator),
     component: "WebUIBackendComponent" = Depends(get_sac_component),
     config_resolver: ConfigResolver = Depends(get_config_resolver),
     user_config: dict = Depends(get_user_config),
 ):
     """
     Lists detailed information (filename, size, type, modified date, uri)
-    for all artifacts associated with the current user and session ID
+    for all artifacts associated with the specified user and session ID
     by calling the artifact helper function.
     """
     if not config_resolver.is_feature_enabled(
@@ -161,6 +182,19 @@ async def list_artifacts(
     log_prefix = f"[ArtifactRouter:ListInfo] User={user_id}, Session={session_id} -"
     log.info("%s Request received.", log_prefix)
 
+    # Validate session exists and belongs to user
+    if not validate_session(session_id, user_id):
+        log.warning(
+            "%s Session validation failed for session_id=%s, user_id=%s",
+            log_prefix,
+            session_id,
+            user_id,
+        )
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Session not found or access denied.",
+        )
+
     if artifact_service is None:
         log.error("%s Artifact service is not configured or available.", log_prefix)
         raise HTTPException(
@@ -194,15 +228,18 @@ async def list_artifacts(
 
 
 @router.get(
-    "/{filename}",
+    "/{session_id}/{filename}",
     summary="Get Latest Artifact Content",
     description="Retrieves the content of the latest version of a specific artifact.",
 )
 async def get_latest_artifact(
+    session_id: str = Path(
+        ..., title="Session ID", description="The session ID to get artifacts from"
+    ),
     filename: str = Path(..., title="Filename", description="The name of the artifact"),
     artifact_service: BaseArtifactService = Depends(get_shared_artifact_service),
     user_id: str = Depends(get_user_id),
-    session_id: str = Depends(ensure_session_id),
+    validate_session: Callable[[str, str], bool] = Depends(get_session_validator),
     component: "WebUIBackendComponent" = Depends(get_sac_component),
     config_resolver: ConfigResolver = Depends(get_config_resolver),
     user_config: dict = Depends(get_user_config),
@@ -331,20 +368,23 @@ async def get_latest_artifact(
 
 
 @router.get(
-    "/{filename}/versions/{version}",
+    "/{session_id}/{filename}/versions/{version}",
     summary="Get Specific Artifact Version Content",
     description="Retrieves the content of a specific version of an artifact.",
 )
 async def get_specific_artifact_version(
+    session_id: str = Path(
+        ..., title="Session ID", description="The session ID to get artifacts from"
+    ),
     filename: str = Path(..., title="Filename", description="The name of the artifact"),
-    version: Union[int, str] = Path(
+    version: int | str = Path(
         ...,
         title="Version",
         description="The specific version number to retrieve, or 'latest'",
     ),
     artifact_service: BaseArtifactService = Depends(get_shared_artifact_service),
     user_id: str = Depends(get_user_id),
-    session_id: str = Depends(ensure_session_id),
+    validate_session: Callable[[str, str], bool] = Depends(get_session_validator),
     component: "WebUIBackendComponent" = Depends(get_sac_component),
     config_resolver: ConfigResolver = Depends(get_config_resolver),
     user_config: dict = Depends(get_user_config),
@@ -362,6 +402,14 @@ async def get_specific_artifact_version(
     log_prefix = f"[ArtifactRouter:GetVersion:{filename} v{version}] User={user_id}, Session={session_id} -"
     log.info("%s Request received.", log_prefix)
 
+    # Validate session exists and belongs to user
+    if not validate_session(session_id, user_id):
+        log.warning("%s Session validation failed or access denied.", log_prefix)
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Session not found or access denied.",
+        )
+
     if artifact_service is None:
         log.error("%s Artifact service is not configured or available.", log_prefix)
         raise HTTPException(
@@ -381,7 +429,7 @@ async def get_specific_artifact_version(
             version=version,
             load_metadata_only=False,
             return_raw_bytes=True,
-            log_identifier_prefix=f"[ArtifactRouter:GetVersion]",
+            log_identifier_prefix="[ArtifactRouter:GetVersion]",
         )
 
         if load_result.get("status") != "success":
@@ -404,7 +452,6 @@ async def get_specific_artifact_version(
         mime_type = load_result.get("mime_type", "application/octet-stream")
         resolved_version_from_helper = load_result.get("version")
         if data_bytes is None:
-
             log.error(
                 "%s Helper (with return_raw_bytes=True) returned success but no raw_bytes for '%s' v%s (resolved to %s).",
                 log_prefix,
@@ -529,7 +576,7 @@ async def get_artifact_by_uri(
     This allows fetching artifacts from any context, not just the current user's session,
     after performing an authorization check.
     """
-    log_id_prefix = f"[ArtifactRouter:by-uri]"
+    log_id_prefix = "[ArtifactRouter:by-uri]"
     log.info(
         "%s Received request for URI: %s from user: %s",
         log_id_prefix,
@@ -632,23 +679,26 @@ async def get_artifact_by_uri(
 
 
 @router.post(
-    "/{filename}",
+    "/{session_id}/{filename}",
     status_code=status.HTTP_201_CREATED,
-    response_model=Dict[str, Any],
+    response_model=dict[str, Any],
     summary="Upload Artifact (Create/Update Version with Metadata)",
     description="Uploads file content and optional metadata to create or update an artifact version.",
 )
 async def upload_artifact(
+    session_id: str = Path(
+        ..., title="Session ID", description="The session ID to upload artifacts to"
+    ),
     filename: str = Path(
         ..., title="Filename", description="The name of the artifact to create/update"
     ),
     upload_file: UploadFile = File(..., description="The file content to upload"),
-    metadata_json: Optional[str] = Form(
+    metadata_json: str | None = Form(
         None, description="JSON string of artifact metadata (e.g., description, source)"
     ),
     artifact_service: BaseArtifactService = Depends(get_shared_artifact_service),
     user_id: str = Depends(get_user_id),
-    session_id: str = Depends(ensure_session_id),
+    validate_session: Callable[[str, str], bool] = Depends(get_session_validator),
     component: "WebUIBackendComponent" = Depends(get_sac_component),
     config_resolver: ConfigResolver = Depends(get_config_resolver),
     user_config: dict = Depends(get_user_config),
@@ -665,12 +715,20 @@ async def upload_artifact(
         f"[ArtifactRouter:Post:{filename}] User={user_id}, Session={session_id} -"
     )
     log.info(
-        "%s Request received. Upload filename: '%s', content type: %s",
+        "%s Request received. Upload filename: '%s', content type: %s, Metadata provided: %s",
         log_prefix,
         upload_file.filename,
         upload_file.content_type,
     )
 
+    # Validate session exists and belongs to user
+    if not validate_session(session_id, user_id):
+        log.warning("%s Session validation failed or access denied.", log_prefix)
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Session not found or access denied.",
+        )
+
     if artifact_service is None:
         log.error("%s Artifact service is not configured or available.", log_prefix)
         raise HTTPException(
@@ -777,24 +835,26 @@ async def upload_artifact(
             detail=f"Failed to save artifact: {str(e)}",
         )
     finally:
-
         await upload_file.close()
         log.debug("%s Upload file closed.", log_prefix)
 
 
 @router.delete(
-    "/{filename}",
+    "/{session_id}/{filename}",
     status_code=status.HTTP_204_NO_CONTENT,
     summary="Delete Artifact",
     description="Deletes an artifact and all its versions.",
 )
 async def delete_artifact(
+    session_id: str = Path(
+        ..., title="Session ID", description="The session ID to delete artifacts from"
+    ),
     filename: str = Path(
         ..., title="Filename", description="The name of the artifact to delete"
     ),
     artifact_service: BaseArtifactService = Depends(get_shared_artifact_service),
     user_id: str = Depends(get_user_id),
-    session_id: str = Depends(ensure_session_id),
+    validate_session: Callable[[str, str], bool] = Depends(get_session_validator),
     component: "WebUIBackendComponent" = Depends(get_sac_component),
     config_resolver: ConfigResolver = Depends(get_config_resolver),
     user_config: dict = Depends(get_user_config),
@@ -812,6 +872,14 @@ async def delete_artifact(
     )
     log.info("%s Request received.", log_prefix)
 
+    # Validate session exists and belongs to user
+    if not validate_session(session_id, user_id):
+        log.warning("%s Session validation failed or access denied.", log_prefix)
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Session not found or access denied.",
+        )
+
     if artifact_service is None:
         log.error("%s Artifact service is not configured or available.", log_prefix)
         raise HTTPException(
@@ -833,7 +901,6 @@ async def delete_artifact(
         return Response(status_code=status.HTTP_204_NO_CONTENT)
 
     except Exception as e:
-
         log.exception("%s Error deleting artifact: %s", log_prefix, e)
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,

solace_agent_mesh/gateway/http_sse/routers/config.py

@@ -7,7 +7,7 @@ from typing import Dict, Any
 
 from solace_ai_connector.common.log import log
 
-from ....gateway.http_sse.dependencies import get_sac_component
+from ....gateway.http_sse.dependencies import get_sac_component, get_api_config
 from typing import TYPE_CHECKING
 
 if TYPE_CHECKING:
@@ -19,6 +19,7 @@ router = APIRouter()
 @router.get("/config", response_model=Dict[str, Any])
 async def get_app_config(
     component: "WebUIBackendComponent" = Depends(get_sac_component),
+    api_config: Dict[str, Any] = Depends(get_api_config),
 ):
     """
     Provides configuration settings needed by the frontend application.
@@ -42,6 +43,7 @@ async def get_app_config(
                 "frontend_collect_feedback", False
             ),
             "frontend_bot_name": component.get_config("frontend_bot_name", "A2A Agent"),
+            "persistence_enabled": api_config.get("persistence_enabled", False),
         }
         log.info("%sReturning frontend configuration.", log_prefix)
         return config_data

solace_agent_mesh/gateway/http_sse/routers/tasks.py

@@ -76,19 +76,99 @@ async def _submit_task(
         )
 
         client_id = session_manager.get_a2a_client_id(request)
-        session_id = session_manager.ensure_a2a_session(request)
+        
+        # Use session ID from frontend request (contextId) instead of cookie-based session
+        # Handle various falsy values: None, empty string, whitespace-only string
+        log.info("%s[DEBUG] payload.params.message: %s", log_prefix, payload.params.message)
+        log.info("%s[DEBUG] hasattr context_id: %s", log_prefix, hasattr(payload.params.message, 'context_id'))
+        if hasattr(payload.params.message, 'context_id'):
+            log.info("%s[DEBUG] context_id value: %s", log_prefix, payload.params.message.context_id)
+        
+        frontend_session_id = None
+        if hasattr(payload.params.message, 'context_id') and payload.params.message.context_id:
+            context_id = payload.params.message.context_id
+            if isinstance(context_id, str) and context_id.strip():
+                frontend_session_id = context_id.strip()
+                log.info("%s[DEBUG] Extracted frontend_session_id: %s", log_prefix, frontend_session_id)
+        
+        if frontend_session_id:
+            session_id = frontend_session_id
+            log.info("%sUsing session ID from frontend request: %s", log_prefix, session_id)
+        else:
+            # Create new session when frontend doesn't provide one (None, empty, or whitespace-only)
+            session_id = session_manager.create_new_session_id(request)
+            log.info("%sNo valid session ID from frontend, created new session: %s", log_prefix, session_id)
 
         log.info(
             "%sUsing ClientID: %s, SessionID: %s", log_prefix, client_id, session_id
         )
 
+        # Store message in persistence layer if available
+        user_id = user_identity.get("id")
+        if is_streaming and hasattr(component, "persistence_service") and component.persistence_service:
+            try:
+                from ....gateway.http_sse.dependencies import get_session_service
+                from ....gateway.http_sse.shared.enums import SenderType
+                
+                session_service = get_session_service(component)
+                
+                # First ensure session exists in database - create it with the SessionManager's ID
+                # Handle race condition where multiple requests might try to create the same session
+                existing_session = session_service.get_session(session_id=session_id, user_id=user_id)
+                if not existing_session:
+                    log.info("%sCreating new session in database: %s", log_prefix, session_id)
+                    try:
+                        session_service.create_session(
+                            user_id=user_id,
+                            agent_id=agent_name,
+                            name=None,  # Will be auto-generated if needed
+                            session_id=session_id  # Use the SessionManager's session ID
+                        )
+                    except Exception as create_error:
+                        # Another request may have created the session concurrently
+                        log.warning("%sSession creation failed, checking if session exists: %s", log_prefix, create_error)
+                        existing_session = session_service.get_session(session_id=session_id, user_id=user_id)
+                        if not existing_session:
+                            # If session still doesn't exist, re-raise the original error
+                            raise create_error
+                        log.info("%sSession was created by another request: %s", log_prefix, session_id)
+                
+                # Extract text content from the message for storage
+                message_text = ""
+                if payload.params and payload.params.message:
+                    parts = a2a.get_parts_from_message(payload.params.message)
+                    for part in parts:
+                        if hasattr(part, 'text'):
+                            message_text = part.text
+                            break
+                
+                # Now store the message in the existing session
+                message_domain = session_service.add_message_to_session(
+                    session_id=session_id,
+                    user_id=user_id,
+                    message=message_text or "Task submitted",
+                    sender_type=SenderType.USER,
+                    sender_name=user_id or "user",
+                    agent_id=agent_name,
+                )
+                
+                if message_domain:
+                    log.info("%sMessage stored in session %s", log_prefix, session_id)
+                else:
+                    log.warning("%sFailed to store message in session %s", log_prefix, session_id)
+            except Exception as e:
+                log.error("%sFailed to store message in session service: %s", log_prefix, e)
+                # Don't fail the request, just log the error
+        else:
+            log.debug("%sNo persistence available or non-streaming - skipping message storage", log_prefix)
+
         # Use the helper to get the unwrapped parts from the incoming message.
         a2a_parts = a2a.get_parts_from_message(payload.params.message)
 
         external_req_ctx = {
             "app_name_for_artifacts": component.gateway_id,
             "user_id_for_artifacts": client_id,
-            "a2a_session_id": session_id,
+            "a2a_session_id": session_id,  # This may have been updated by persistence layer
             "user_id_for_a2a": client_id,
             "target_agent_name": agent_name,
         }
@@ -110,6 +190,7 @@ async def _submit_task(
         )
 
         if is_streaming:
+            # The task_object already contains the contextId from create_initial_task
             return a2a.create_send_streaming_message_success_response(
                 result=task_object, request_id=payload.id
             )

solace_agent_mesh/gateway/http_sse/routers/visualization.py

@@ -212,19 +212,19 @@ def _resolve_user_identity_for_authorization(
         return user_identity
 
     if not user_identity:
-        default_user_identity = component.get_config("default_user_identity")
-        if default_user_identity:
-            user_identity = default_user_identity
+        use_authorization = component.get_config("frontend_use_authorization", False)
+        if not use_authorization:
+            user_identity = "sam_dev_user"
             log.info(
-                "%s No user_identity provided, using configured default_user_identity: '%s' for visualization",
+                "%s No user_identity provided and auth is disabled, using sam_dev_user for visualization",
                 log_id_prefix,
-                user_identity,
             )
         else:
-            log.warning(
-                "%s No user_identity and no default_user_identity configured for visualization",
+            log.error(
+                "%s No user_identity provided but authorization is enabled. This should not happen.",
                 log_id_prefix,
             )
+            raise ValueError("No user identity available when authorization is required")
 
     return user_identity