stravinsky 0.2.67__py3-none-any.whl → 0.4.66__py3-none-any.whl

mcp_bridge/__init__.py

@@ -1 +1 @@
-__version__ = "0.2.67"
+__version__ = "0.4.66"

mcp_bridge/auth/__init__.py

@@ -1,18 +1,28 @@
 # Authentication module
-from .token_store import TokenStore, TokenData
 from .oauth import (
-    perform_oauth_flow as gemini_oauth_flow,
-    refresh_access_token as gemini_refresh_token,
     ANTIGRAVITY_CLIENT_ID,
-    ANTIGRAVITY_SCOPES,
     ANTIGRAVITY_HEADERS,
+    ANTIGRAVITY_SCOPES,
+)
+from .oauth import (
+    perform_oauth_flow as gemini_oauth_flow,
+)
+from .oauth import (
+    refresh_access_token as gemini_refresh_token,
 )
 from .openai_oauth import (
-    perform_oauth_flow as openai_oauth_flow,
-    refresh_access_token as openai_refresh_token,
     CLIENT_ID as OPENAI_CLIENT_ID,
+)
+from .openai_oauth import (
     OPENAI_CALLBACK_PORT,
 )
+from .openai_oauth import (
+    perform_oauth_flow as openai_oauth_flow,
+)
+from .openai_oauth import (
+    refresh_access_token as openai_refresh_token,
+)
+from .token_store import TokenData, TokenStore
 
 __all__ = [
     # Token Store

mcp_bridge/auth/cli.py

@@ -14,16 +14,26 @@ Usage:
 """
 
 import argparse
+import json
 import sys
 import time
+from pathlib import Path
 
-from .token_store import TokenStore
 from ..tools.init import bootstrap_repo
-from .oauth import perform_oauth_flow as gemini_oauth, refresh_access_token as gemini_refresh
+from .oauth import perform_oauth_flow as gemini_oauth
+from .oauth import refresh_access_token as gemini_refresh
 from .openai_oauth import (
     perform_oauth_flow as openai_oauth,
+)
+from .openai_oauth import (
     refresh_access_token as openai_refresh,
 )
+from .token_store import TokenStore
+
+try:
+    from ..routing import get_provider_tracker
+except ImportError:
+    get_provider_tracker = None  # type: ignore
 
 
 def cmd_login(provider: str, token_store: TokenStore) -> int:
@@ -34,7 +44,7 @@ def cmd_login(provider: str, token_store: TokenStore) -> int:
     For OpenAI: Uses OpenAI OAuth (ChatGPT Plus/Pro subscription)
     """
     if provider == "gemini":
-        print(f"Starting Google OAuth for Gemini...")
+        print("Starting Google OAuth for Gemini...")
 
         try:
             result = gemini_oauth()
@@ -57,7 +67,7 @@ def cmd_login(provider: str, token_store: TokenStore) -> int:
             return 1
 
     elif provider == "openai":
-        print(f"Starting OpenAI OAuth for ChatGPT Plus/Pro...")
+        print("Starting OpenAI OAuth for ChatGPT Plus/Pro...")
         print("Note: Requires ChatGPT Plus/Pro subscription and port 1455 available")
 
         try:
@@ -72,7 +82,7 @@ def cmd_login(provider: str, token_store: TokenStore) -> int:
                 expires_at=expires_at,
             )
 
-            print(f"\n✓ Successfully authenticated with OpenAI")
+            print("\n✓ Successfully authenticated with OpenAI")
             print(f"  Token expires in: {result.expires_in // 60} minutes")
             return 0
 
@@ -116,20 +126,156 @@ def cmd_status(token_store: TokenStore) -> int:
                     minutes = (remaining % 3600) // 60
                     print(f"    Expires in: {hours}h {minutes}m")
                 else:
-                    print(f"    Token expired")
+                    print("    Token expired")
 
     print()
     return 0
 
 
 def cmd_refresh(provider: str, token_store: TokenStore) -> int:
-    """Refresh access token for a provider."""
-    token = token_store.get_token(provider)
-    if not token or not token.get("refresh_token"):
-        print(f"No refresh token found for {provider}")
-        print(f"Please run: python -m mcp_bridge.auth.cli login {provider}")
+    """Manually refresh an access token."""
+    try:
+        token = token_store.get_token(provider)
+        if not token:
+            print(f"Not logged in to {provider}. Run 'stravinsky-auth login {provider}' first.")
+            return 1
+
+        print(f"Refreshing {provider} access token...")
+
+        if provider == "gemini":
+            result = gemini_refresh(token["refresh_token"])
+        elif provider == "openai":
+            result = openai_refresh(token["refresh_token"])
+        else:
+            print(f"Refresh not supported for {provider}")
+            return 1
+
+        expires_at = int(time.time()) + result.expires_in
+
+        token_store.set_token(
+            provider=provider,
+            access_token=result.access_token,
+            refresh_token=result.refresh_token or token["refresh_token"],
+            expires_at=expires_at,
+        )
+
+        print(f"✓ Token refreshed, expires in {result.expires_in // 60} minutes")
+        return 0
+
+    except Exception as e:
+        print(f"✗ Refresh failed: {e}", file=sys.stderr)
+        return 1
+
+
+def cmd_routing_status() -> int:
+    """Show current routing provider states."""
+    if not get_provider_tracker or not callable(get_provider_tracker):
+        print("✗ Routing module not available", file=sys.stderr)
         return 1
 
+    try:
+        tracker = get_provider_tracker()
+        status = tracker.get_status()
+
+        print("\n📊 Provider Routing Status\n")
+        for provider_name, state in status.items():
+            available = "✓ Available" if state["available"] else "⏳ In Cooldown"
+            print(f"{provider_name.title():10} {available}")
+
+            if state["cooldown_remaining"]:
+                mins = int(state["cooldown_remaining"] / 60)
+                secs = int(state["cooldown_remaining"] % 60)
+                print(f"           Cooldown: {mins}m {secs}s remaining")
+
+            print(f"           Requests: {state['total_requests']}")
+            print(f"           Failures: {state['total_failures']}")
+
+            if state["last_error"]:
+                print(f"           Last error: {state['last_error']}")
+
+            print()
+
+        return 0
+
+    except Exception as e:
+        print(f"✗ Failed to get routing status: {e}", file=sys.stderr)
+        return 1
+
+
+def cmd_routing_reset(provider: str | None = None) -> int:
+    """Reset provider cooldown states."""
+    if not get_provider_tracker or not callable(get_provider_tracker):
+        print("✗ Routing module not available", file=sys.stderr)
+        return 1
+
+    try:
+        tracker = get_provider_tracker()
+
+        if provider:
+            tracker.reset_provider(provider)
+            print(f"✓ Reset cooldown state for {provider}")
+        else:
+            tracker.reset_all()
+            print("✓ Reset all provider cooldown states")
+
+        return 0
+
+    except Exception as e:
+        print(f"✗ Failed to reset routing state: {e}", file=sys.stderr)
+        return 1
+
+
+def cmd_routing_init() -> int:
+    """Create default routing.json configuration."""
+    config_path = Path(".stravinsky/routing.json")
+
+    if config_path.exists():
+        response = input(f"{config_path} already exists. Overwrite? [y/N]: ")
+        if response.lower() != "y":
+            print("Cancelled.")
+            return 0
+
+    config_path.parent.mkdir(parents=True, exist_ok=True)
+
+    default_config = {
+        "routing": {
+            "task_routing": {
+                "code_generation": {
+                    "provider": "openai",
+                    "model": "gpt-5-codex",
+                    "description": "Complex code generation tasks",
+                },
+                "debugging": {
+                    "provider": "openai",
+                    "model": "gpt-5-codex",
+                    "description": "Code analysis and debugging",
+                },
+                "documentation": {
+                    "provider": "gemini",
+                    "model": "gemini-3-flash",
+                    "description": "Documentation writing",
+                },
+                "code_search": {
+                    "provider": "gemini",
+                    "model": "gemini-3-flash",
+                    "description": "Finding code patterns",
+                },
+            },
+            "fallback": {
+                "enabled": True,
+                "chain": ["claude", "openai", "gemini"],
+                "cooldown_seconds": 300,
+            },
+        }
+    }
+
+    with open(config_path, "w") as f:
+        json.dump(default_config, f, indent=2)
+
+    print(f"✓ Created {config_path}")
+    print("\nEdit this file to customize routing behavior for this project.")
+    return 0
+
     try:
         print(f"Refreshing {provider} token...")
 
@@ -226,6 +372,41 @@ def main():
         description="Creates .stravinsky/ directory structure and copies default configuration files.",
     )
 
+    # routing command
+    routing_parser = subparsers.add_parser(
+        "routing",
+        help="Manage provider routing and fallback",
+        description="View and manage provider routing states, cooldowns, and configuration.",
+    )
+    routing_subparsers = routing_parser.add_subparsers(
+        dest="routing_command", help="Routing subcommands", metavar="SUBCOMMAND"
+    )
+
+    routing_subparsers.add_parser(
+        "status",
+        help="Show current provider routing states",
+        description="Display availability, cooldown timers, and error counts for all providers.",
+    )
+
+    routing_reset_parser = routing_subparsers.add_parser(
+        "reset",
+        help="Reset provider cooldown states",
+        description="Clear cooldown timers for one or all providers.",
+    )
+    routing_reset_parser.add_argument(
+        "provider",
+        nargs="?",
+        choices=["claude", "openai", "gemini"],
+        metavar="PROVIDER",
+        help="Provider to reset (omit to reset all)",
+    )
+
+    routing_subparsers.add_parser(
+        "init",
+        help="Create default routing.json configuration",
+        description="Generate .stravinsky/routing.json with default task-based routing rules.",
+    )
+
     args = parser.parse_args()
 
     if not args.command:
@@ -245,6 +426,16 @@ def main():
     elif args.command == "init":
         print(bootstrap_repo())
         return 0
+    elif args.command == "routing":
+        if not args.routing_command:
+            routing_parser.print_help()
+            return 1
+        if args.routing_command == "status":
+            return cmd_routing_status()
+        elif args.routing_command == "reset":
+            return cmd_routing_reset(args.provider if hasattr(args, "provider") else None)
+        elif args.routing_command == "init":
+            return cmd_routing_init()
 
     return 0
 

mcp_bridge/auth/oauth.py

@@ -13,13 +13,12 @@ import secrets
 import threading
 import webbrowser
 from dataclasses import dataclass
-from http.server import HTTPServer, BaseHTTPRequestHandler
+from http.server import BaseHTTPRequestHandler, HTTPServer
 from typing import Any
 from urllib.parse import parse_qs, urlencode, urlparse
 
 import httpx
 
-
 # OAuth 2.0 Client Credentials (from constants.ts)
 ANTIGRAVITY_CLIENT_ID = "1071006060591-tmhssin2h21lcre235vtolojh4g403ep.apps.googleusercontent.com"
 ANTIGRAVITY_CLIENT_SECRET = "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"

mcp_bridge/auth/openai_oauth.py

@@ -9,19 +9,16 @@ Port from: https://github.com/numman-ali/opencode-openai-codex-auth/blob/main/li
 
 import base64
 import hashlib
-import json
 import secrets
 import threading
 import webbrowser
 from dataclasses import dataclass
-from http.server import HTTPServer, BaseHTTPRequestHandler
+from http.server import BaseHTTPRequestHandler, HTTPServer
 from typing import Any
 from urllib.parse import parse_qs, urlencode, urlparse
-import time
 
 import httpx
 
-
 # OAuth constants (from openai/codex via opencode-openai-codex-auth)
 CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann"
 AUTHORIZE_URL = "https://auth.openai.com/oauth/authorize"  # Note: /oauth/authorize
@@ -303,8 +300,8 @@ def perform_oauth_flow(timeout: int = 300) -> TokenResult:
     try:
         auth_url, verifier, state = build_auth_url(redirect_uri)
         
-        print(f"\n🔐 Opening browser for OpenAI authentication...")
-        print(f"\nIf browser doesn't open, visit:")
+        print("\n🔐 Opening browser for OpenAI authentication...")
+        print("\nIf browser doesn't open, visit:")
         print(f"{auth_url}\n")
         
         webbrowser.open(auth_url)
@@ -329,7 +326,7 @@ def perform_oauth_flow(timeout: int = 300) -> TokenResult:
         print("📝 Exchanging code for tokens...")
         tokens = exchange_code(result["code"], verifier, redirect_uri)
         
-        print(f"✓ Successfully authenticated with OpenAI")
+        print("✓ Successfully authenticated with OpenAI")
         
         return tokens
         

mcp_bridge/auth/token_store.py

@@ -9,9 +9,10 @@ Stores OAuth tokens securely using the OS keyring:
 
 import json
 import time
+from pathlib import Path
 from typing import TypedDict
 
-import keyring
+from cryptography.fernet import Fernet
 
 
 class TokenData(TypedDict, total=False):
@@ -26,13 +27,15 @@ class TokenData(TypedDict, total=False):
 
 class TokenStore:
     """
-    Secure storage for OAuth tokens using system keyring.
+    Secure storage for OAuth tokens using system keyring with encrypted file fallback.
 
     Each provider (gemini, openai) stores its tokens separately.
     Tokens are serialized as JSON for storage.
+    Falls back to encrypted file storage if keyring fails.
     """
 
     SERVICE_NAME = "stravinsky"
+    FALLBACK_DIR = Path.home() / ".stravinsky" / "tokens"
 
     def __init__(self, service_name: str | None = None):
         """Initialize the token store.
@@ -41,6 +44,63 @@ class TokenStore:
             service_name: Override the default service name for testing.
         """
         self.service_name = service_name or self.SERVICE_NAME
+        self._init_fallback_storage()
+
+    def _init_fallback_storage(self) -> None:
+        """Initialize encrypted file storage fallback directory."""
+        self.FALLBACK_DIR.mkdir(parents=True, exist_ok=True)
+
+    def _get_fallback_path(self, provider: str) -> Path:
+        """Get the path for encrypted fallback storage."""
+        return self.FALLBACK_DIR / f"{provider}.enc"
+
+    def _get_or_create_key(self) -> bytes:
+        """Get or create encryption key for fallback storage."""
+        key_file = self.FALLBACK_DIR / ".key"
+        if key_file.exists():
+            return key_file.read_bytes()
+        # Create new key and save it
+        key = Fernet.generate_key()
+        key_file.write_bytes(key)
+        key_file.chmod(0o600)  # Read/write for owner only
+        return key
+
+    def _save_encrypted(self, provider: str, data: str) -> None:
+        """Save data to encrypted file."""
+        try:
+            key = self._get_or_create_key()
+            cipher = Fernet(key)
+            encrypted = cipher.encrypt(data.encode())
+            path = self._get_fallback_path(provider)
+            path.write_bytes(encrypted)
+            path.chmod(0o600)
+        except Exception as e:
+            raise RuntimeError(f"Failed to save encrypted token: {e}")
+
+    def _load_encrypted(self, provider: str) -> str | None:
+        """Load data from encrypted file."""
+        try:
+            path = self._get_fallback_path(provider)
+            if not path.exists():
+                return None
+            key = self._get_or_create_key()
+            cipher = Fernet(key)
+            encrypted = path.read_bytes()
+            decrypted = cipher.decrypt(encrypted)
+            return decrypted.decode()
+        except Exception:
+            return None
+
+    def _delete_encrypted(self, provider: str) -> bool:
+        """Delete encrypted token file."""
+        try:
+            path = self._get_fallback_path(provider)
+            if path.exists():
+                path.unlink()
+                return True
+            return False
+        except Exception:
+            return False
 
     def _key(self, provider: str) -> str:
         """Generate the keyring key for a provider."""
@@ -56,13 +116,24 @@ class TokenStore:
         Returns:
             TokenData if found and valid, None otherwise.
         """
+        # Try keyring first (import inside try to catch backend initialization errors)
         try:
+            import keyring
             data = keyring.get_password(self.service_name, self._key(provider))
-            if not data:
-                return None
-            return json.loads(data)
-        except (json.JSONDecodeError, keyring.errors.KeyringError):
-            return None
+            if data:
+                return json.loads(data)
+        except Exception:
+            pass  # Fall back to encrypted file (catches KeyringError, import errors, etc.)
+
+        # Fall back to encrypted file storage
+        try:
+            data = self._load_encrypted(provider)
+            if data:
+                return json.loads(data)
+        except json.JSONDecodeError:
+            pass
+
+        return None
 
     def set_token(
         self,
@@ -77,6 +148,7 @@ class TokenStore:
         Store a token for a provider.
 
         Can be called with a TokenData dict or individual parameters.
+        Falls back to encrypted file storage if keyring fails.
 
         Args:
             provider: The provider name (e.g., 'gemini', 'openai')
@@ -96,7 +168,27 @@ class TokenStore:
             if expires_at:
                 token_data["expires_at"] = expires_at
             data = json.dumps(token_data)
-        keyring.set_password(self.service_name, self._key(provider), data)
+
+        # Try keyring first, but always also write to encrypted storage
+        # Import inside try to catch backend initialization errors (e.g., "No recommended backend")
+        keyring_failed = False
+        try:
+            import keyring
+            keyring.set_password(self.service_name, self._key(provider), data)
+        except Exception:
+            # Keyring failed - fall back to encrypted file
+            keyring_failed = True
+
+        # Always write to encrypted file storage as fallback
+        try:
+            self._save_encrypted(provider, data)
+        except Exception as e:
+            # Only fail if both backends failed
+            if keyring_failed:
+                raise RuntimeError(
+                    f"Failed to save token to both keyring and encrypted storage: {e}"
+                )
+
 
     def delete_token(self, provider: str) -> bool:
         """
@@ -108,11 +200,20 @@ class TokenStore:
         Returns:
             True if deleted, False if not found.
         """
+        # Try keyring first (import inside try to catch backend initialization errors)
+        deleted_from_keyring = False
         try:
+            import keyring
             keyring.delete_password(self.service_name, self._key(provider))
-            return True
-        except keyring.errors.PasswordDeleteError:
-            return False
+            deleted_from_keyring = True
+        except Exception:
+            # Keyring failed (no backend, delete error, etc.) - continue to encrypted file
+            pass
+
+        # Also delete from encrypted file storage
+        deleted_from_file = self._delete_encrypted(provider)
+
+        return deleted_from_keyring or deleted_from_file
 
     def has_valid_token(self, provider: str) -> bool:
         """

mcp_bridge/cli/__init__.py

@@ -1,6 +1,6 @@
 """CLI tools for Stravinsky."""
 
-from .session_report import main as session_report_main
 from .install_hooks import main as install_hooks_main
+from .session_report import main as session_report_main
 
 __all__ = ["session_report_main", "install_hooks_main"]