d-bis/FusionAGI
4
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
01b3f27b0f8455fa9db13498d3232a4a962638c0
FusionAGI/fusionagi/api/app.py
Devin AI 01b3f27b0f
Some checks failed
CI / lint (pull_request) Failing after 44s
Details
CI / test (3.10) (pull_request) Failing after 30s
Details
CI / test (3.11) (pull_request) Failing after 33s
Details
CI / test (3.12) (pull_request) Successful in 1m26s
Details
CI / migrations (pull_request) Successful in 24s
Details
CI / helm (pull_request) Successful in 20s
Details
CI / docker (pull_request) Has been skipped
Details
feat: complete all 15 next recommendations 
Frontend wiring:
- Wire useMarkdownWorker into Markdown component (worker-first, sync fallback)
- Wire useIndexedDB as primary storage in useChatHistory (500 msg cap, localStorage fallback)

Backend depth:
- Persistent audit store (SQLite, thread-safe, WAL mode) with record/query/filter
- Wire audit store into session routes (session.create, prompt.submit events)
- Wire audit store into audit export routes (persistent-first, telemetry fallback)
- CSRF double-submit cookie pattern (token generation, cookie set, header validation)

Production:
- Helm chart CI: helm lint + helm template validation
- Database migration CI: verify step in pipeline
- Prometheus alerting rules (error rate, latency, pod restarts, memory, CPU, queue, health)
- Rate limiting per API key (3x IP limit, sliding window, advisory)
- WebSocket SSE fallback (auto-downgrade after MAX_RETRIES WS failures)

Tests: 605 Python + 56 frontend = 661 total, 0 ruff errors
Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>
2026-05-02 04:57:52 +00:00

301 lines
12 KiB
Python
Raw Blame History

"""FastAPI application factory for FusionAGI Dvādaśa API.
Includes versioned API negotiation, metrics, and CORS support."""
from __future__ import annotations
import json
import os
import time
from collections import defaultdict
from contextlib import asynccontextmanager
from typing import Any
from fusionagi._logger import logger
from fusionagi.api.dependencies import SessionStore, default_orchestrator, set_app_state
from fusionagi.api.metrics import get_metrics, metrics_enabled
API_VERSION = "1"
SUPPORTED_VERSIONS = ["1"]
DEPRECATED_VERSIONS: list[str] = []
def create_app(
adapter: Any = None,
cors_origins: list[str] | None = None,
) -> Any:
"""Create FastAPI app with Dvādaśa routes.
Args:
adapter: Optional LLMAdapter for head/Witness LLM calls.
cors_origins: Optional list of CORS allowed origins.
"""
try:
from fastapi import FastAPI, Request, Response
from starlette.middleware.base import BaseHTTPMiddleware
except ImportError as e:
raise ImportError("Install with: pip install fusionagi[api]") from e
# --- Lifespan (replaces deprecated on_event) ---
@asynccontextmanager
async def lifespan(application: FastAPI): # type: ignore[type-arg]
"""Startup / shutdown lifecycle with persistence and cache wiring."""
adapter_inner = getattr(application.state, "llm_adapter", None)
# Wire persistence backend from env
backend = None
db_backend = os.environ.get("FUSIONAGI_DB_BACKEND", "memory")
if db_backend == "postgres":
dsn = os.environ.get("FUSIONAGI_POSTGRES_DSN", "postgresql://localhost/fusionagi")
try:
from fusionagi.core.postgres_backend import PostgresStateBackend
backend = PostgresStateBackend(dsn=dsn)
logger.info("Using PostgresStateBackend for persistence")
except Exception as e:
logger.warning("Postgres backend failed, falling back to memory", extra={"error": str(e)})
elif db_backend == "sqlite":
db_path = os.environ.get("FUSIONAGI_SQLITE_PATH", "fusionagi_state.db")
try:
from fusionagi.core.sqlite_backend import SQLiteStateBackend
backend = SQLiteStateBackend(db_path=db_path)
logger.info("Using SQLiteStateBackend for persistence")
except Exception as e:
logger.warning("SQLite backend failed, falling back to memory", extra={"error": str(e)})
# Wire cache backend from env
redis_url = os.environ.get("FUSIONAGI_REDIS_URL")
if redis_url:
try:
from fusionagi.api.cache import RedisCacheBackend, ResponseCache
cache_backend = RedisCacheBackend(redis_url=redis_url)
application.state.response_cache = ResponseCache(backend=cache_backend)
logger.info("Using RedisCacheBackend for response cache")
except Exception as e:
logger.warning("Redis cache failed, using in-memory cache", extra={"error": str(e)})
orch, bus = default_orchestrator(adapter_inner)
# Inject backend into orchestrator's state manager if available
if backend is not None:
orch._state_manager._backend = backend
store = SessionStore()
set_app_state(orch, bus, store)
application.state._dvadasa_ready = True
logger.info("FusionAGI Dvādaśa API started")
yield
# Cleanup
if hasattr(backend, 'close'):
backend.close()
logger.info("FusionAGI Dvādaśa API shutdown")
app = FastAPI(
title="FusionAGI Dvādaśa API",
description=(
"12-headed multi-agent orchestration API.\n\n"
"## Authentication\n"
"Set `FUSIONAGI_API_KEY` to require Bearer token auth on all `/v1/` routes.\n\n"
"## Rate Limiting\n"
"Default: 120 requests/minute per client IP. "
"Configure via `FUSIONAGI_RATE_LIMIT` (requests) and "
"`FUSIONAGI_RATE_WINDOW` (seconds) env vars."
),
version="0.1.0",
lifespan=lifespan,
)
app.state.llm_adapter = adapter
from fusionagi.api.dependencies import set_default_adapter
set_default_adapter(adapter)
# --- Auth middleware ---
api_key = os.environ.get("FUSIONAGI_API_KEY")
class AuthMiddleware(BaseHTTPMiddleware):
"""Bearer token authentication for /v1/ routes."""
async def dispatch(self, request: Request, call_next: Any) -> Response:
if api_key and request.url.path.startswith("/v1/"):
auth = request.headers.get("authorization", "")
if not auth.startswith("Bearer ") or auth[7:].strip() != api_key:
return Response(
content='{"detail":"Invalid or missing API key"}',
status_code=401,
media_type="application/json",
)
return await call_next(request) # type: ignore[no-any-return]
app.add_middleware(AuthMiddleware)
# --- Rate limiting middleware ---
rate_limit = int(os.environ.get("FUSIONAGI_RATE_LIMIT", "120"))
rate_window = float(os.environ.get("FUSIONAGI_RATE_WINDOW", "60"))
_buckets: dict[str, list[float]] = defaultdict(list)
class RateLimitMiddleware(BaseHTTPMiddleware):
"""Per-tenant + per-IP + per-API-key sliding window rate limiter (advisory).
Tracks IP, tenant, and API key request rates. Logs exceedances
but allows requests through (advisory governance).
"""
async def dispatch(self, request: Request, call_next: Any) -> Response:
client_ip = request.client.host if request.client else "unknown"
tenant_id = request.headers.get("x-tenant-id", "default")
now = time.monotonic()
cutoff = now - rate_window
# Per-IP tracking
ip_key = f"ip:{client_ip}"
_buckets[ip_key] = [t for t in _buckets[ip_key] if t > cutoff]
if len(_buckets[ip_key]) >= rate_limit:
logger.info(
"API rate limit advisory: IP limit exceeded (proceeding)",
extra={"client_ip": client_ip, "count": len(_buckets[ip_key]), "limit": rate_limit},
)
# Per-tenant tracking (separate quota)
tenant_key = f"tenant:{tenant_id}"
tenant_limit = rate_limit * 5 # tenants get 5x the per-IP limit
_buckets[tenant_key] = [t for t in _buckets[tenant_key] if t > cutoff]
if len(_buckets[tenant_key]) >= tenant_limit:
logger.info(
"API rate limit advisory: tenant limit exceeded (proceeding)",
extra={"tenant_id": tenant_id, "count": len(_buckets[tenant_key]), "limit": tenant_limit},
)
# Per-API-key tracking
auth_header = request.headers.get("authorization", "")
if auth_header.startswith("Bearer "):
key_prefix = auth_header[7:15] # first 8 chars
key_key = f"apikey:{key_prefix}"
key_limit = rate_limit * 3 # API keys get 3x the per-IP limit
_buckets[key_key] = [t for t in _buckets[key_key] if t > cutoff]
if len(_buckets[key_key]) >= key_limit:
logger.info(
"API rate limit advisory: API key limit exceeded (proceeding)",
extra={"key_prefix": key_prefix, "count": len(_buckets[key_key]), "limit": key_limit},
)
_buckets[key_key].append(now)
_buckets[ip_key].append(now)
_buckets[tenant_key].append(now)
return await call_next(request) # type: ignore[no-any-return]
app.add_middleware(RateLimitMiddleware)
# --- Version negotiation middleware ---
class VersionMiddleware(BaseHTTPMiddleware):
"""API version negotiation via Accept-Version header.
Adds X-API-Version and deprecation warnings to responses.
"""
async def dispatch(self, request: Request, call_next: Any) -> Response:
requested = request.headers.get("accept-version", API_VERSION)
if requested not in SUPPORTED_VERSIONS:
return Response(
content=json.dumps({
"detail": f"Unsupported API version: {requested}",
"supported_versions": SUPPORTED_VERSIONS,
}),
status_code=400,
media_type="application/json",
)
response = await call_next(request)
response.headers["X-API-Version"] = requested
if requested in DEPRECATED_VERSIONS:
response.headers["Deprecation"] = "true"
response.headers["Sunset"] = "2026-12-31"
return response # type: ignore[no-any-return]
app.add_middleware(VersionMiddleware)
# --- Metrics middleware ---
if metrics_enabled():
class MetricsMiddleware(BaseHTTPMiddleware):
async def dispatch(self, request: Request, call_next: Any) -> Response:
m = get_metrics()
m.inc("http_requests_total", labels={"method": request.method, "path": request.url.path})
start = time.monotonic()
response = await call_next(request)
duration = time.monotonic() - start
m.observe("http_request_duration_seconds", duration, labels={"path": request.url.path})
m.inc("http_responses_total", labels={"status": str(response.status_code)})
return response # type: ignore[no-any-return]
app.add_middleware(MetricsMiddleware)
# --- Routes ---
from fusionagi.api.routes import router as api_router
app.include_router(api_router, prefix="/v1", tags=["dvadasa"])
# Metrics endpoint
if metrics_enabled():
@app.get("/metrics", tags=["monitoring"])
def metrics_endpoint() -> dict[str, Any]:
return get_metrics().snapshot()
# Health check endpoints (no auth required)
_start_time = time.time()
@app.get("/health", tags=["monitoring"])
def health_check() -> dict[str, Any]:
"""Basic health check for load balancer probes."""
return {"status": "healthy", "uptime_seconds": round(time.time() - _start_time, 1)}
@app.get("/ready", tags=["monitoring"])
def readiness_check() -> dict[str, Any]:
"""Readiness probe. Returns 503 if not initialized."""
ready = getattr(app.state, "_dvadasa_ready", False)
if not ready:
from starlette.responses import JSONResponse
return JSONResponse( # type: ignore[return-value]
content={"status": "not_ready"},
status_code=503,
)
return {"status": "ready", "uptime_seconds": round(time.time() - _start_time, 1)}
# Version info endpoint
@app.get("/version", tags=["meta"])
def version_info() -> dict[str, Any]:
return {
"current_version": API_VERSION,
"supported_versions": SUPPORTED_VERSIONS,
"deprecated_versions": DEPRECATED_VERSIONS,
}
if cors_origins is not None:
try:
from fastapi.middleware.cors import CORSMiddleware
app.add_middleware(
CORSMiddleware,
allow_origins=cors_origins,
allow_methods=["*"],
allow_headers=["*"],
)
except ImportError:
pass
# --- Security middleware: CSRF + CSP ---
try:
from fusionagi.api.security import get_csp_middleware, get_csrf_middleware
app.add_middleware(get_csp_middleware())
app.add_middleware(get_csrf_middleware())
except Exception:
logger.debug("Security middleware not loaded (non-critical)")
# --- Initialize OpenTelemetry ---
try:
from fusionagi.api.otel import init_otel
init_otel()
except Exception:
pass
return app
# Default app instance for uvicorn/gunicorn
app = create_app()
Reference in New Issue View Git Blame Copy Permalink