Scott.Idem/Cortex-Inara
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8aec6aafcc52ff200c4e44d0cf0bfd6289252b66
Cortex-Inara/cortex/config.py
Scott Idem 8aec6aafcc feat: Google OAuth sign-in + per-user Gemini API key 
Users with Google accounts can now sign in without a password.

Auth flow:
- GET /auth/google → Google consent page (CSRF state cookie)
- GET /auth/google/callback → exchange code, lookup user, set JWT
- auth.json gains google_sub + google_email fields
- set_password() no longer overwrites unrelated auth.json fields

Admin setup:
  python manage_passwords.py google-add <username> <email>
  # add GOOGLE_CLIENT_ID + GOOGLE_CLIENT_SECRET to .env

Per-user Gemini key:
- get_user_gemini_key() reads gemini_api_key from auth.json
- orchestrator_engine.run() accepts gemini_api_key param
- orchestrator router passes user's key, falls back to server key

login.html: "Sign in with Google" button above the password form.
manage_passwords.py list: now shows auth method columns (pw / google).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-27 21:01:52 -04:00

110 lines
4.7 KiB
Python
Raw Blame History

from pathlib import Path
from pydantic_settings import BaseSettings, SettingsConfigDict
class Settings(BaseSettings):
anthropic_api_key: str | None = None # not used — claude CLI handles auth
# Google OAuth — "Sign in with Google" for all users
# Create credentials at console.cloud.google.com → APIs & Services → Credentials
# Add https://<your-domain>/auth/google/callback as an authorised redirect URI
google_client_id: str | None = None
google_client_secret: str | None = None
# Orchestrator (Gemini API — separate from Gemini CLI)
# Get a key at: https://aistudio.google.com/apikey (free tier is sufficient)
gemini_api_key: str | None = None
orchestrator_model: str = "gemini-2.5-flash" # model used for tool loop
orchestrator_max_rounds: int = 10 # safety cap on tool iterations
# DuckDuckGo search (used by orchestrator web_search tool)
# Leave blank to use the free unauthenticated tier; set to your API key for higher limits
ddg_api_key: str | None = None
ddg_max_results: int = 5
# Aether Platform API (used by orchestrator ae_journal_* and ae_task_list tools)
ae_api_url: str = "https://dev-api.oneskyit.com"
ae_api_key: str = "" # x-aether-api-key header
ae_account_id: str = "" # x-account-id header
ae_api_timeout: int = 15 # per-request timeout in seconds
# Agent identity — used in prompts, session logs, and memory distillation
# Override in .env for each instance (e.g. AGENT_NAME=Holly, USER_NAME=Holly)
agent_name: str = "Inara"
user_name: str = "Scott"
home_dir: Path = Path("../home")
sessions_dir: Path = Path("./data/sessions")
default_model: str = "claude-sonnet-4-6"
default_tier: int = 2
max_history_messages: int = 40 # rolling window — 20 turns (user + assistant)
primary_backend: str = "claude" # "claude" or "gemini" — other is always fallback
# Per-backend timeouts in seconds
timeout_claude: int = 60
timeout_gemini: int = 120 # frequently slow under load
timeout_local: int = 300 # local models may need to load first
# Google Chat
# JWT audience (aud) claim to verify on inbound webhook requests.
# Google Chat sets aud = the Google Cloud project number (e.g. "741112865538").
# Set to "" to disable verification (dev/testing only).
google_chat_audience: str = ""
# Google Chat must receive a response within 30s or shows an error to the user
google_chat_timeout: int = 25
# Backend forced for Google Chat — Claude is more reliable within the 25s deadline
google_chat_backend: str = "claude"
# Nextcloud Talk bot
nextcloud_url: str = "https://cloud.dgrzone.com"
nextcloud_talk_bot_secret: str = "" # set in .env
nextcloud_talk_timeout: int = 55
# Auto-distillation schedule — override in .env
# AUTO_DISTILL=false disables entirely
scheduler_timezone: str = "America/New_York" # IANA tz — override in .env if needed
auto_distill: bool = True
auto_distill_short: bool = True # daily at 03:00 — rolls session logs → MEMORY_SHORT
auto_distill_mid: bool = True # weekly Sunday at 03:30 — LLM summarizes short → mid
auto_distill_long: bool = False # monthly 1st at 04:00 — off by default (manual review recommended)
# Memory tier token budgets — soft caps used during distillation
# Override in .env: MEMORY_BUDGET_LONG=4000 etc.
memory_budget_long: int = 2000
memory_budget_mid: int = 2000
memory_budget_short: int = 3000
# Session auth
jwt_secret: str = "change-me-in-dotenv" # override in .env: JWT_SECRET=<random>
jwt_expire_days: int = 30
# SMTP — for sending invite emails
smtp_server: str = ""
smtp_port: int = 465
smtp_username: str = ""
smtp_password: str = ""
smtp_from_email: str = "noreply@oneskyit.com"
smtp_from_name: str = "Cortex"
# Base URL used in invite links (no trailing slash)
cortex_base_url: str = "https://cortex.dgrzone.com"
host: str = "0.0.0.0"
port: int = 8000
model_config = SettingsConfigDict(env_file=".env", env_file_encoding="utf-8", extra="ignore")
def home_root(self) -> Path:
"""Resolve home_dir relative to this file's location if not absolute."""
if self.home_dir.is_absolute():
return self.home_dir
return (Path(__file__).parent / self.home_dir).resolve()
def sessions_path(self) -> Path:
"""Resolve sessions_dir relative to this file's location if not absolute."""
if self.sessions_dir.is_absolute():
return self.sessions_dir
return (Path(__file__).parent / self.sessions_dir).resolve()
settings = Settings()
Reference in New Issue View Git Blame Copy Permalink