synth-ai 0.2.8.dev13__py3-none-any.whl → 0.2.9.dev1__py3-none-any.whl

synth_ai/demos/demo_task_apps/math/config.toml

@@ -1,129 +1,74 @@
-[model]
-name = "Qwen/Qwen3-0.6B"
-dtype = "bfloat16"
-seed = 42
-trainer_mode = "full"
-
-[lora]
-r = 16
-alpha = 32
-dropout = 0.05
-target_modules = [
-  "q_proj", "k_proj", "v_proj", "o_proj",
-  "gate_proj", "up_proj", "down_proj",
-]
-
-[rdma]
-enabled = false
-ifname = "eth0"
-ip_type = "ipv4"
-p2p_disable = 0
-shm_disable = 0
-fast_nccl = false
-
-gid_index = 3
-cross_nic = 0
-collnet_enable = 0
-net_gdr_level = 2
-
-nsocks_perthread = 4
-socket_nthreads = 2
+[algorithm]
+type = "online"
+method = "policy_gradient"
+variety = "gspo"
 
-algo = "Ring"
-proto = "Simple"
-p2p_level = "SYS"
-debug = "INFO"
+[services]
+task_url = "http://localhost:8101"
 
-[reference]
-placement = "dedicated"
-gpu_index = 1
-port = 8002
-tp = 1
-health_max_wait_s = 180
-health_interval_ms = 300
+[model]
+base = "Qwen/Qwen3-1.7B"
 
-[topology]
-type = "single_node_split"
-gpu_type = "H100:4"
-use_rdma = false
-gpus_for_vllm = 2
-gpus_for_training = 1
-gpus_for_ref = 1
-tensor_parallel = 2
+[policy]
+model = "Qwen/Qwen3-1.7B"
+inference_url = "http://localhost:8000/api/inference"
+max_tokens = 1028
+temperature = 0.2
+
+[data]
+split = "train"
+seed_start = 0
+episodes_per_iteration = 1280  # 8 per group * 4 groups per batch * 2 batches per step * 20 steps
+evaluation_split = "validation"
+evaluation_episodes = 50
 
 [training]
-num_epochs = 1
-iterations_per_epoch = 2
-batch_size = 1
-group_size = 8
+max_turns = 1
+ops = ["agent", "env"]
+batch_size = 2
+group_size = 16
+reward_positive = 1.0
+reward_negative_no_tool = -1.0
+reward_negative_no_answer = -0.5
 learning_rate = 5e-6
-max_grad_norm = 0.5
 log_interval = 1
-update_reference_interval = 0
 weight_sync_interval = 1
 
 [training.weight_sync]
 enable = true
 targets = ["policy"]
 
-[vllm]
-tensor_parallel_size = 2
-gpu_memory_utilization = 0.9
-max_model_len = 8192
-max_num_seqs = 32
-enforce_eager = false
-max_parallel_generations = 4
+[compute]
+gpu_type = "H100"
+gpu_count = 4
 
-[evaluation]
-seeds = [0, 1, 2, 3, 4, 5, 6, 7]
-rollouts_per_seed = 1
-instances = 0
-max_concurrent_rollouts = 4
-thinking_mode = "think"
-every_n_iters = 5
-
-[rollout]
-env_name = "math"
-policy_name = "math-react"
-env_config = {}
-max_steps_per_episode = 5
-sampling_temperature = 0.3
-sampling_top_p = 0.95
-max_tokens = 1024
-max_concurrent_rollouts = 4
-ops_per_rollout = 14
-on_done = "reset"
-thinking_mode = "think"
-thinking_budget = 512
+[topology]
+type = "single_node_split"
+gpus_for_vllm = 2
+gpus_for_training = 1
+gpus_for_ref = 1
+tensor_parallel = 1
 
-[policy]
-config = {}
+[vllm]
+tensor_parallel_size = 1
+max_model_len = 4096
 
-[hyperparams]
-epsilon_low = 0.1
-epsilon_high = 0.3
-delta = 5.0
-beta = 0.01
-kl_penalty = 0.01
-advantage_normalization = true
-group_normalization = true
-num_inner_steps = 1
-clip_epsilon = 0.2
-completion_only = false
+[reference]
+placement = "dedicated"
+port = 8002
+tp = 1
+health_max_wait_s = 180
+health_interval_ms = 300
 
-[step_rewards]
-enabled = false
-mode = "off"
-step_beta = 0.0
-indicator_lambda = 0.0
+[rollout]
+policy_name = "math-single-step"
+max_turns = 1
+episodes_per_batch = 32  # group_size * batch_size
 
-[trainer]
-allow_ref_fallback = false
+[evaluation]
+instances = 32
+every_n_iters = 10
+seeds = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]
 
-[checkpoint]
-interval = 10
-directory = "/checkpoints"
-keep_last_n = 3
-save_optimizer = true
-save_scheduler = true
-enabled = true
+[tags]
+experiment = "math_single_step_qwen17"

synth_ai/demos/demo_task_apps/math/modal_task_app.py

@@ -7,6 +7,9 @@ from pathlib import Path
 
 from modal import App, Image, Secret, asgi_app
 from functools import lru_cache
+from typing import Iterable
+
+from starlette.requests import Request
 
 try:  # Backward compatibility with older installed SDKs
     from synth_ai.demos.demo_task_apps.core import DEFAULT_TASK_APP_SECRET_NAME
@@ -95,18 +98,77 @@ app = App("hendrycks-math-task-app")
 def fastapi_app():
     import httpx
     from fastapi import Body, HTTPException, status
-    from fastapi import FastAPI, Request, Header
+    from fastapi import FastAPI
     from fastapi.middleware.cors import CORSMiddleware
     from fastapi.responses import JSONResponse
+    try:
+        from synth_ai.task.auth import (
+            is_api_key_header_authorized,
+            normalize_environment_api_key,
+        )
+    except Exception:  # pragma: no cover - fallback for older synth-ai builds
+        def _normalize_env_key_fallback() -> str | None:
+            key = os.getenv("ENVIRONMENT_API_KEY")
+            if key:
+                return key
+            for alias in ("dev_environment_api_key", "DEV_ENVIRONMENT_API_KEY"):
+                candidate = os.getenv(alias)
+                if candidate:
+                    os.environ["ENVIRONMENT_API_KEY"] = candidate
+                    return candidate
+            return None
+
+        def normalize_environment_api_key() -> str | None:  # type: ignore[override]
+            return _normalize_env_key_fallback()
+
+        def _header_values(request: Request, header: str) -> Iterable[str]:
+            raw = request.headers.get(header) or request.headers.get(header.lower())
+            return [raw] if raw is not None else []
+
+        def _split(values: Iterable[str]) -> list[str]:
+            parts: list[str] = []
+            for value in values:
+                if not isinstance(value, str):
+                    continue
+                for chunk in value.split(','):
+                    chunk = chunk.strip()
+                    if chunk:
+                        parts.append(chunk)
+            return parts
+
+        def is_api_key_header_authorized(request: Request) -> bool:  # type: ignore[override]
+            expected = normalize_environment_api_key()
+            if not expected:
+                return False
+            single = _header_values(request, "x-api-key")
+            multi = _header_values(request, "x-api-keys")
+            auth = _header_values(request, "authorization")
+            bearer = []
+            for token in auth:
+                if isinstance(token, str) and token.lower().startswith("bearer "):
+                    bearer.append(token.split(" ", 1)[1].strip())
+            candidates = _split(single + multi + bearer)
+            return any(candidate == expected for candidate in candidates)
 
     # Inline, self-contained FastAPI app (math-only)
     @lru_cache(maxsize=1)
     def _hf_split(subject: str, split: str, slice_spec: str | None = None):
         from datasets import load_dataset  # type: ignore
+
         s = split
         if slice_spec:
             s = f"{s}{slice_spec}"
-        return load_dataset("nlile/hendrycks-MATH-benchmark", subject, split=s)
+
+        try:
+            return load_dataset("nlile/hendrycks-MATH-benchmark", subject, split=s)
+        except ValueError:
+            base = load_dataset("nlile/hendrycks-MATH-benchmark", split=s)
+            if subject and subject not in {"", "default"}:
+                if "subject" in base.column_names:
+                    base = base.filter(lambda ex: ex.get("subject") == subject)
+                elif isinstance(base, list):
+                    base = [ex for ex in base if ex.get("subject") == subject]
+            return base
 
     def _normalize_answer_text(s: str) -> str:
         import re as _re
@@ -121,6 +183,9 @@ def fastapi_app():
         subj = subject or os.getenv("HENDRYCKS_MATH_CONFIG", "default")
         ds = _hf_split(subj, os.getenv("HENDRYCKS_MATH_SPLIT", "test"), os.getenv("HENDRYCKS_MATH_SLICE"))
         n = len(ds) if hasattr(ds, "__len__") else 0
+        if n == 0 and subject not in {"", "default"}:
+            ds = _hf_split("default", os.getenv("HENDRYCKS_MATH_SPLIT", "test"), os.getenv("HENDRYCKS_MATH_SLICE"))
+            n = len(ds) if hasattr(ds, "__len__") else 0
         if n == 0:
             raise RuntimeError("Hendrycks MATH dataset loaded empty")
         idx = abs(int(seed)) % n
@@ -158,6 +223,53 @@ def fastapi_app():
             logger.info(msg)
             return prefix
 
+        def _resolve_env_keys() -> set[str]:
+            keys: set[str] = set()
+            for alias in ("ENVIRONMENT_API_KEY", "dev_environment_api_key", "DEV_ENVIRONMENT_API_KEY"):
+                value = os.environ.get(alias)
+                if value:
+                    os.environ.setdefault("ENVIRONMENT_API_KEY", value)
+                    keys.add(value)
+            alias_env = os.environ.get("ENVIRONMENT_API_KEY_ALIASES", "")
+            for chunk in alias_env.split(","):
+                trimmed = chunk.strip()
+                if trimmed:
+                    keys.add(trimmed)
+            return keys
+
+        def _extract_header_candidates(
+            request: Request,
+            x_api_key: str | None,
+            x_api_keys: str | None,
+            authorization: str | None,
+        ) -> list[str]:
+            headers = request.headers
+            candidates: list[str] = []
+            primary = x_api_key or headers.get("x-api-key")
+            if primary:
+                candidates.append(primary.strip())
+            secondary = x_api_keys or headers.get("x-api-keys")
+            if secondary:
+                candidates.extend([value.strip() for value in secondary.split(",") if value.strip()])
+            auth_header = authorization or headers.get("authorization") or headers.get("Authorization")
+            if auth_header and auth_header.lower().startswith("bearer "):
+                token = auth_header.split(" ", 1)[1].strip()
+                if token:
+                    candidates.append(token)
+            return [c for c in candidates if c]
+
+        def _is_authorized(
+            request: Request,
+            x_api_key: str | None,
+            x_api_keys: str | None,
+            authorization: str | None,
+        ) -> bool:
+            keys = _resolve_env_keys()
+            if not keys:
+                return False
+            candidates = _extract_header_candidates(request, x_api_key, x_api_keys, authorization)
+            return any(candidate in keys for candidate in candidates)
+
         @app.get("/info")
         async def info():
             return {
@@ -166,42 +278,47 @@ def fastapi_app():
             }
 
         @app.get("/health")
-        async def health(x_api_key: str | None = Header(default=None, alias="X-API-Key")):
-            env_key = os.environ.get("ENVIRONMENT_API_KEY")
+        async def health(request: Request):
+            env_keys = _resolve_env_keys()
+            env_key = next(iter(env_keys), None)
             if not env_key:
                 return JSONResponse(status_code=503, content={"status": "unhealthy", "detail": "Missing ENVIRONMENT_API_KEY"})
-            if x_api_key is not None and x_api_key != env_key:
+            # Authorize using all header variants; avoid typed Header params to prevent 422s
+            authorized = is_api_key_header_authorized(request)
+            if not authorized:
                 prefix = _log_env_key_prefix("health", env_key)
-                content = {"status": "unauthorized", "detail": "Invalid API key"}
-                headers = None
+                content = {
+                    "status": "healthy",
+                    "authorized": False,
+                }
                 if prefix:
-                    content["detail"] = f"Invalid API key (expected prefix: {prefix})"
                     content["expected_api_key_prefix"] = prefix
-                    headers = {"X-Expected-API-Key-Prefix": prefix}
-                return JSONResponse(status_code=401, content=content, headers=headers)
-            return {"status": "healthy"}
+                return JSONResponse(status_code=200, content=content)
+            return {"status": "healthy", "authorized": True}
 
         # Optional rollout-specific health for CLI compatibility
         @app.get("/health/rollout")
-        async def health_rollout(x_api_key: str | None = Header(default=None, alias="X-API-Key")):
-            env_key = os.environ.get("ENVIRONMENT_API_KEY")
+        async def health_rollout(request: Request):
+            env_keys = _resolve_env_keys()
+            env_key = next(iter(env_keys), None)
             if not env_key:
                 return JSONResponse(status_code=503, content={"status": "unhealthy", "detail": "Missing ENVIRONMENT_API_KEY"})
-            if not x_api_key or x_api_key != env_key:
+            authorized = is_api_key_header_authorized(request)
+            if not authorized:
                 prefix = _log_env_key_prefix("health/rollout", env_key)
-                content = {"status": "unauthorized", "detail": "Invalid or missing API key"}
-                headers = None
+                content = {
+                    "status": "healthy",
+                    "authorized": False,
+                }
                 if prefix:
-                    content["detail"] = f"Invalid or missing API key (expected prefix: {prefix})"
                     content["expected_api_key_prefix"] = prefix
-                    headers = {"X-Expected-API-Key-Prefix": prefix}
-                return JSONResponse(status_code=401, content=content, headers=headers)
-            return {"ok": True}
+                return JSONResponse(status_code=200, content=content)
+            return {"ok": True, "authorized": True}
 
         # _load_hendrycks_problem is defined at fastapi_app scope
 
         @app.get("/task_info")
-        async def task_info(seed: int = 0, subject: str = "algebra"):
+        async def task_info(seed: int = 0, subject: str = "default"):
             """Return Hendrycks MATH problem/answer and tool schema for a seed."""
             q, a = _load_hendrycks_problem(int(seed), subject=subject)
             tools = [{
@@ -229,6 +346,25 @@ def fastapi_app():
 
     api = create_app()
 
+    # Always log and surface 422 validation errors with header presence snapshot
+    from fastapi.exceptions import RequestValidationError
+
+    @api.exception_handler(RequestValidationError)
+    async def _on_validation_error(request: Request, exc: RequestValidationError):
+        try:
+            hdr = request.headers
+            snapshot = {
+                "path": str(getattr(request, "url").path),
+                "have_x_api_key": bool(hdr.get("x-api-key")),
+                "have_x_api_keys": bool(hdr.get("x-api-keys")),
+                "have_authorization": bool(hdr.get("authorization")),
+                "errors": exc.errors()[:5],
+            }
+            print("[422] validation", snapshot, flush=True)
+        except Exception:
+            pass
+        return JSONResponse(status_code=422, content={"status": "invalid", "detail": exc.errors()[:5]})
+
     @api.get("/")
     async def root_probe():
         return {"status": "ok", "service": "math"}

synth_ai/demos/demo_task_apps/math/task_app_entry.py

@@ -0,0 +1,39 @@
+"""Task app registry entry for the math demo Modal deployment."""
+
+from __future__ import annotations
+
+from synth_ai.task.apps import ModalDeploymentConfig, TaskAppEntry, register_task_app
+from synth_ai.task.apps.math_single_step import build_config as base_build_config
+
+
+DEMO_MODAL_CONFIG = ModalDeploymentConfig(
+    app_name="hendrycks-math-task-app",
+    pip_packages=(
+        "fastapi>=0.110.0",
+        "uvicorn>=0.23.0",
+        "pydantic>=2.6.0",
+        "httpx>=0.24.0",
+        "numpy>=1.24.0",
+        "aiohttp>=3.8.0",
+        "datasets>=2.16.0",
+        "synth-ai",
+    ),
+)
+
+
+def build_config():
+    """Reuse the shared math single-step TaskAppConfig."""
+
+    return base_build_config()
+
+
+register_task_app(
+    entry=TaskAppEntry(
+        app_id="hendrycks-math-demo",
+        description="Demo math task app (Modal-focused) shipping with synth-ai demos.",
+        config_factory=build_config,
+        env_files=("examples/rl/.env",),
+        modal=DEMO_MODAL_CONFIG,
+    )
+)
+

synth_ai/task/auth.py

@@ -3,7 +3,7 @@ from __future__ import annotations
 """Authentication helpers shared by Task Apps."""
 
 import os
-from typing import Iterable, Optional, Any
+from typing import Iterable, Optional, Any, Set
 
 from .errors import http_exception
 
@@ -12,6 +12,7 @@ _DEV_API_KEY_ENVS = ("dev_environment_api_key", "DEV_ENVIRONMENT_API_KEY")
 _API_KEY_HEADER = "x-api-key"
 _API_KEYS_HEADER = "x-api-keys"
 _AUTH_HEADER = "authorization"
+_API_KEY_ALIASES_ENV = "ENVIRONMENT_API_KEY_ALIASES"  # comma-separated list of additional valid keys
 
 
 def _mask(value: str, *, prefix: int = 4) -> str:
@@ -42,6 +43,26 @@ def normalize_environment_api_key() -> Optional[str]:
     return None
 
 
+def allowed_environment_api_keys() -> Set[str]:
+    """Return the set of valid environment API keys for this Task App.
+
+    Includes:
+    - The primary ENVIRONMENT_API_KEY (normalized from dev fallbacks if needed)
+    - Any comma-separated aliases from ENVIRONMENT_API_KEY_ALIASES
+    """
+    keys: set[str] = set()
+    primary = normalize_environment_api_key()
+    if primary:
+        keys.add(primary)
+    aliases = (os.getenv(_API_KEY_ALIASES_ENV) or "").strip()
+    if aliases:
+        for part in aliases.split(","):
+            trimmed = part.strip()
+            if trimmed:
+                keys.add(trimmed)
+    return keys
+
+
 def _header_values(request: Any, header: str) -> Iterable[str]:
     header_lower = header.lower()
     if request is None:
@@ -78,10 +99,10 @@ def _split_csv(values: Iterable[str]) -> list[str]:
 
 
 def is_api_key_header_authorized(request: Any) -> bool:
-    """Return True if `request` carries an authorised API key header."""
+    """Return True if any header-provided key matches any allowed environment key."""
 
-    expected = normalize_environment_api_key()
-    if not expected:
+    allowed = allowed_environment_api_keys()
+    if not allowed:
         return False
     single = list(_header_values(request, _API_KEY_HEADER))
     multi = list(_header_values(request, _API_KEYS_HEADER))
@@ -91,14 +112,14 @@ def is_api_key_header_authorized(request: Any) -> bool:
         if isinstance(a, str) and a.lower().startswith("bearer "):
             bearer.append(a.split(" ", 1)[1].strip())
     candidates = _split_csv(single + multi + bearer)
-    return any(candidate == expected for candidate in candidates)
+    return any(candidate in allowed for candidate in candidates)
 
 
 def require_api_key_dependency(request: Any) -> None:
     """FastAPI dependency enforcing Task App authentication headers."""
 
-    expected = normalize_environment_api_key()
-    if not expected:
+    allowed = allowed_environment_api_keys()
+    if not allowed:
         raise http_exception(503, "missing_environment_api_key", "ENVIRONMENT_API_KEY is not configured")
     # Build candidate list for verbose diagnostics
     single = list(_header_values(request, _API_KEY_HEADER))
@@ -109,12 +130,12 @@ def require_api_key_dependency(request: Any) -> None:
         if isinstance(a, str) and a.lower().startswith("bearer "):
             bearer.append(a.split(" ", 1)[1].strip())
     candidates = _split_csv(single + multi + bearer)
-    if expected not in candidates:
+    if not any(candidate in allowed for candidate in candidates):
         try:
             print({
                 "task_auth_failed": True,
-                "expected_first15": expected[:15],
-                "expected_len": len(expected),
+                "allowed_first15": [k[:15] for k in allowed],
+                "allowed_count": len(allowed),
                 "got_first15": [c[:15] for c in candidates],
                 "got_lens": [len(c) for c in candidates],
                 "have_x_api_key": bool(single),
@@ -125,8 +146,8 @@ def require_api_key_dependency(request: Any) -> None:
             pass
         # Use 400 to make failures unmistakable during preflight
         raise http_exception(400, "unauthorised", "API key missing or invalid", extra={
-            "expected_first15": expected[:15],
-            "expected_len": len(expected),
+            "allowed_first15": [k[:15] for k in allowed],
+            "allowed_count": len(allowed),
             "got_first15": [c[:15] for c in candidates],
             "got_lens": [len(c) for c in candidates],
         })

synth_ai/task/client.py

@@ -4,6 +4,7 @@ from __future__ import annotations
 
 import asyncio
 from typing import Any, Dict, Iterable, List, Optional
+import os
 
 import httpx
 from pydantic import BaseModel
@@ -54,8 +55,24 @@ class TaskAppClient:
 
     def _headers(self) -> Dict[str, str]:
         headers: Dict[str, str] = {}
-        if self.api_key:
-            headers["X-API-Key"] = self.api_key
+        # Primary key
+        primary = (self.api_key or "").strip()
+        if primary:
+            headers["X-API-Key"] = primary
+            # Also set Authorization for clients that read bearer tokens
+            headers.setdefault("Authorization", f"Bearer {primary}")
+        # Include ALL available environment keys via CSV in X-API-Keys
+        keys: list[str] = []
+        if primary:
+            keys.append(primary)
+        aliases = (os.getenv("ENVIRONMENT_API_KEY_ALIASES") or "").strip()
+        if aliases:
+            for part in aliases.split(","):
+                trimmed = part.strip()
+                if trimmed and trimmed not in keys:
+                    keys.append(trimmed)
+        if keys:
+            headers["X-API-Keys"] = ",".join(keys)
         return headers
 
     async def aclose(self) -> None:
@@ -68,7 +85,7 @@ class TaskAppClient:
         method: str,
         path: str,
         *,
-        params: Optional[Iterable[tuple[str, Any]] | Dict[str, Any]] = None,
+        params: Optional[Dict[str, Any] | List[tuple[str, Any]]] = None,
         json_payload: Any = None,
     ) -> httpx.Response:
         client = await self._ensure_client()

{synth_ai-0.2.8.dev13.dist-info → synth_ai-0.2.9.dev1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: synth-ai
-Version: 0.2.8.dev13
+Version: 0.2.9.dev1
 Summary: RL as a service SDK - Core AI functionality and tracing
 Author-email: Synth AI <josh@usesynth.ai>
 License-Expression: MIT