Cortex-Inara

Scott.Idem/Cortex-Inara

Fork 0

Commit Graph

Author	SHA1	Message	Date
Scott Idem	0c1cf3989a	feat: aider multi-provider credentials + test suite green (182/182) aider_run multi-provider credentials (tools/aider.py): - _resolve_credentials() — general credential resolver; replaces the previous OpenRouter-only injection; resolution priority: Anthropic model hint → explicit host_label → model prefix (openrouter/, groq/, deepseek/*, …) → OpenRouter default → Anthropic API key → any keyed cloud host → local/generic host - _host_flags() — generates --api-key slug=key for known cloud providers (OpenRouter, OpenAI, Groq, Together, Fireworks, X.ai, DeepSeek, Mistral); generates --openai-api-base + --openai-api-key for generic/local hosts (Open WebUI, Ollama); appends /api suffix for openwebui host_type; auto-prefixes model with 'openai/' for generic endpoints when model has no / prefix - Anthropic API keys from providers.anthropic.credentials (not a host entry) - host_label param added to aider_run and FunctionDeclaration — pick a configured host by partial label match (e.g. 'OpenRouter', 'Local', 'scott-lt-i7-rtx') - 16 unit tests for _resolve_credentials covering all resolution paths main.py: move @app.get("/health") before app.include_router(ui.router) — the /{username} catch-all in ui.router was swallowing the /health path Test suite: 37 pre-existing failures → 182/182 passing - test_tools.py: _task_list() missing priority arg (6 callsites); cron ID regex c_\w+ → c_[\w-]+ (token_urlsafe includes '-', causing intermittent truncation) - test_webhooks.py: rewritten for per-user channel config architecture — patch routers.nextcloud_talk/google_chat.get_user_channels instead of removed settings fields; corrected endpoints /webhook/nextcloud/scott and /channels/google-chat/scott; non-empty cfg dicts so falsy-guard passes - test_health.py: test_unknown_route_404 now uses 3-segment path (/{u}/{p}/x) since single-segment paths hit the /{username} UI catch-all - test_api_files.py: removed '../config.py' from not-in-allowed test (ASGI normalizes it to /config.py which hits /{username} catch-all, not files router) - test_security.py: same webhook patch target fix; per-user endpoint URLs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-03 23:00:45 -04:00
Scott Idem	a9bbb668b5	feat: session auth + per-user/persona UI at /{user}/{persona} Replaces nginx basic auth with a proper per-user session system: - auth_utils.py: bcrypt password hashing, JWT cookie creation/decode - auth_middleware.py: validates JWT cookie on all routes except /login, /health, /static/, and webhook endpoints (/channels/, /webhook/) - routers/ui.py: GET /login, POST /login, POST /logout, GET /{username}/{persona} — serves index.html with CORTEX_CONFIG injected - static/login.html: minimal login form (dark theme, matches UI) - main.py: registers SessionAuthMiddleware + ui.router - config.py: jwt_secret, jwt_expire_days settings - manage_passwords.py: CLI tool to set/check/list user passwords - app.js: reads window.CORTEX_CONFIG (user + persona), sends both on every /chat and /orchestrate request; persona name shown in header; logout button (⏏) added to header - requirements.txt: bcrypt, PyJWT, python-multipart - .env.default: JWT_SECRET, JWT_EXPIRE_DAYS documented - tests: client fixture injects JWT cookie; security test assertions updated for URL-normalized path traversal paths (still secure, codes differ) All 80 tests pass. Setup for a new user: python manage_passwords.py set scott python manage_passwords.py set holly Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-20 22:54:12 -04:00
Scott Idem	92a8f5d894	test: add Cortex test suite (77 tests, no LLM calls) Tests cover: - Smoke: /health, /auth/status, /distill/status (test_health.py) - Persona validation: path traversal, bad names, list_personas (test_persona.py) - Chat API: persona routing, session persistence, error handling (test_api_chat.py) - Files API: ALLOWED set enforcement, read/write, missing files (test_api_files.py) - Webhooks: NC Talk HMAC accept/reject, Google Chat JWT (test_webhooks.py) - Tools: scratch read/write/append/clear, tasks CRUD, cron parser + tools (test_tools.py) - Security: path traversal, replay attack, known gaps documented (test_security.py) All LLM calls mocked — suite runs in ~1.4s. Run: cd cortex && .venv/bin/pytest Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-20 22:03:42 -04:00

Author

SHA1

Message

Date

Scott Idem

0c1cf3989a

feat: aider multi-provider credentials + test suite green (182/182)

aider_run multi-provider credentials (tools/aider.py):
- _resolve_credentials() — general credential resolver; replaces the previous
  OpenRouter-only injection; resolution priority: Anthropic model hint → explicit
  host_label → model prefix (openrouter/*, groq/*, deepseek/*, …) → OpenRouter
  default → Anthropic API key → any keyed cloud host → local/generic host
- _host_flags() — generates --api-key slug=key for known cloud providers (OpenRouter,
  OpenAI, Groq, Together, Fireworks, X.ai, DeepSeek, Mistral); generates
  --openai-api-base + --openai-api-key for generic/local hosts (Open WebUI, Ollama);
  appends /api suffix for openwebui host_type; auto-prefixes model with 'openai/'
  for generic endpoints when model has no / prefix
- Anthropic API keys from providers.anthropic.credentials (not a host entry)
- host_label param added to aider_run and FunctionDeclaration — pick a configured
  host by partial label match (e.g. 'OpenRouter', 'Local', 'scott-lt-i7-rtx')
- 16 unit tests for _resolve_credentials covering all resolution paths

main.py: move @app.get("/health") before app.include_router(ui.router) — the
/{username} catch-all in ui.router was swallowing the /health path

Test suite: 37 pre-existing failures → 182/182 passing
- test_tools.py: _task_list() missing priority arg (6 callsites); cron ID regex
  c_\w+ → c_[\w-]+ (token_urlsafe includes '-', causing intermittent truncation)
- test_webhooks.py: rewritten for per-user channel config architecture —
  patch routers.nextcloud_talk/google_chat.get_user_channels instead of removed
  settings fields; corrected endpoints /webhook/nextcloud/scott and
  /channels/google-chat/scott; non-empty cfg dicts so falsy-guard passes
- test_health.py: test_unknown_route_404 now uses 3-segment path (/{u}/{p}/x)
  since single-segment paths hit the /{username} UI catch-all
- test_api_files.py: removed '../config.py' from not-in-allowed test (ASGI
  normalizes it to /config.py which hits /{username} catch-all, not files router)
- test_security.py: same webhook patch target fix; per-user endpoint URLs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-06-03 23:00:45 -04:00

Scott Idem

a9bbb668b5

feat: session auth + per-user/persona UI at /{user}/{persona}

Replaces nginx basic auth with a proper per-user session system:

- auth_utils.py: bcrypt password hashing, JWT cookie creation/decode
- auth_middleware.py: validates JWT cookie on all routes except /login,
  /health, /static/, and webhook endpoints (/channels/, /webhook/)
- routers/ui.py: GET /login, POST /login, POST /logout,
  GET /{username}/{persona} — serves index.html with CORTEX_CONFIG injected
- static/login.html: minimal login form (dark theme, matches UI)
- main.py: registers SessionAuthMiddleware + ui.router
- config.py: jwt_secret, jwt_expire_days settings
- manage_passwords.py: CLI tool to set/check/list user passwords
- app.js: reads window.CORTEX_CONFIG (user + persona), sends both on
  every /chat and /orchestrate request; persona name shown in header;
  logout button (⏏) added to header
- requirements.txt: bcrypt, PyJWT, python-multipart
- .env.default: JWT_SECRET, JWT_EXPIRE_DAYS documented
- tests: client fixture injects JWT cookie; security test assertions
  updated for URL-normalized path traversal paths (still secure, codes differ)

All 80 tests pass.

Setup for a new user:
  python manage_passwords.py set scott
  python manage_passwords.py set holly

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-20 22:54:12 -04:00

Scott Idem

92a8f5d894

test: add Cortex test suite (77 tests, no LLM calls)

Tests cover:
  - Smoke: /health, /auth/status, /distill/status (test_health.py)
  - Persona validation: path traversal, bad names, list_personas (test_persona.py)
  - Chat API: persona routing, session persistence, error handling (test_api_chat.py)
  - Files API: ALLOWED set enforcement, read/write, missing files (test_api_files.py)
  - Webhooks: NC Talk HMAC accept/reject, Google Chat JWT (test_webhooks.py)
  - Tools: scratch read/write/append/clear, tasks CRUD, cron parser + tools (test_tools.py)
  - Security: path traversal, replay attack, known gaps documented (test_security.py)

All LLM calls mocked — suite runs in ~1.4s.
Run: cd cortex && .venv/bin/pytest

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-20 22:03:42 -04:00

3 Commits