initial commit. migrated from LangConnect-Client

Author: teddylee777

.dockerignore

@@ -0,0 +1,52 @@
+# Git
+.git
+.gitignore
+.github
+
+# Docker
+.dockerignore
+Dockerfile
+docker-compose.yml
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# Virtual Environment
+venv/
+.env
+.venv
+ENV/
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# OS
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db

.env.example

@@ -0,0 +1,29 @@
+# API key for the embeddings model. Defaults to OpenAI embeddings
+OPENAI_API_KEY=
+
+# PostgreSQL configuration
+POSTGRES_HOST=teddynote
+POSTGRES_PORT=5432
+POSTGRES_USER=teddynote
+POSTGRES_PASSWORD=teddynote
+POSTGRES_DB=teddynote_db
+
+# CORS configuration. Must be a JSON array of strings
+ALLOW_ORIGINS=["*"]
+
+# Testing mode (set to true for simple authentication)
+IS_TESTING=false
+
+# For production authentication (optional)
+SUPABASE_URL=
+# This must be the service role key
+SUPABASE_KEY=
+
+# API configuration
+API_BASE_URL=http://localhost:8080
+
+# MCP SSE Server configuration
+SSE_PORT=8765
+# To use MCP servers, you need to provide a valid Supabase JWT access token
+# You can get this token after signing in through the Streamlit UI
+SUPABASE_JWT_SECRET=

.gitignore

@@ -0,0 +1,167 @@
+.vs/
+.vscode/
+.idea/
+.claude/
+.pnpm-store/
+CLAUDE.md
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Swp files
+*.swp
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Google GitHub Actions credentials files created by:
+# https://github.com/google-github-actions/auth
+#
+# That action recommends adding this gitignore to prevent accidentally committing keys.
+gha-creds-*.json
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+.codspeed/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+docs/docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+notebooks/
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.envrc
+.venv*
+venv*
+env/
+ENV/
+env.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.mypy_cache_test/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# macOS display setting files
+.DS_Store
+
+# Wandb directory
+wandb/
+
+# asdf tool versions
+.tool-versions
+/.ruff_cache/
+
+node_modules
+_dist
+
+prof
+virtualenv/
+
+# MCP configuration with sensitive data
+mcp/mcp_config.json

AUTH_README.md

@@ -0,0 +1,141 @@
+# Supabase Authentication Setup
+
+This document explains how to use Supabase authentication with LangConnect.
+
+## Prerequisites
+
+1. Supabase project with URL and anon key configured in `.env`:
+   ```
+   SUPABASE_URL=https://your-project.supabase.co
+   SUPABASE_KEY=your-anon-key
+   ```
+
+2. Set `IS_TESTING=false` in your `.env` file to enable authentication
+
+## API Endpoints
+
+### Authentication Endpoints
+
+- **POST /auth/signup** - Create a new user account
+  ```json
+  {
+    "email": "user@example.com",
+    "password": "password123"
+  }
+  ```
+
+- **POST /auth/signin** - Sign in with existing account
+  ```json
+  {
+    "email": "user@example.com", 
+    "password": "password123"
+  }
+  ```
+
+- **POST /auth/signout** - Sign out (client-side cleanup)
+
+- **POST /auth/refresh** - Refresh access token
+  ```json
+  {
+    "refresh_token": "your-refresh-token"
+  }
+  ```
+
+- **GET /auth/me** - Get current user info (requires authentication)
+
+### Response Format
+
+Successful authentication returns:
+```json
+{
+  "access_token": "jwt-token",
+  "refresh_token": "refresh-token",
+  "user_id": "user-uuid",
+  "email": "user@example.com"
+}
+```
+
+## Using Authentication
+
+### In API Requests
+
+Include the access token in the Authorization header:
+```
+Authorization: Bearer your-access-token
+```
+
+### In Streamlit App
+
+The Streamlit app (`Main.py`) now includes:
+- Sign in/Sign up forms
+- Automatic token management
+- Session persistence
+- Sign out functionality
+
+### Testing Authentication
+
+Run the test script:
+```bash
+python test_supabase_auth.py
+```
+
+This will test:
+1. User signup
+2. User signin
+3. Authenticated API requests
+4. Getting current user info
+
+## Security Notes
+
+1. The `SUPABASE_KEY` in `.env` should be the **anon** key, not the service role key
+2. Tokens expire after a certain period - use the refresh endpoint to get new tokens
+3. All API endpoints (except /health and /auth/*) require authentication when `IS_TESTING=false`
+
+## Authentication Persistence
+
+### Keeping Login State After Page Refresh
+
+The Streamlit app supports two methods to persist authentication:
+
+1. **Automatic File-Based Storage** (Default)
+   - Authentication tokens are automatically saved to `~/.langconnect_auth_cache`
+   - Tokens remain valid for 7 days
+   - Automatically loads on app restart
+
+2. **Environment Variables** (Optional)
+   - Add these to your `.env` file:
+   ```
+   LANGCONNECT_TOKEN=your-access-token
+   LANGCONNECT_EMAIL=your-email@example.com
+   ```
+   - Useful for development or shared environments
+
+### Security Notes
+- The auth cache file is stored in your home directory
+- Tokens expire after 7 days for security
+- Use environment variables only in secure environments
+
+## Important Notes
+
+### Email Confirmation
+
+By default, Supabase requires email confirmation for new signups. When a user signs up:
+1. They will receive a confirmation email
+2. They must click the link in the email to confirm their account
+3. Only then can they sign in
+
+To disable email confirmation (for testing only):
+1. Go to your Supabase project dashboard
+2. Navigate to Authentication → Settings
+3. Under "Email Auth" disable "Confirm email"
+
+### Testing with Docker
+
+When running with Docker Compose, ensure `IS_TESTING=false` in docker-compose.yml to enable authentication.
+
+## Troubleshooting
+
+- **"Authentication endpoints are disabled in testing mode"** - Set `IS_TESTING=false` in `.env` or docker-compose.yml
+- **"Email not confirmed"** - Check your email for confirmation link, or disable email confirmation in Supabase dashboard
+- **"Invalid token or user not found"** - Check that your token is valid and not expired
+- **Connection errors** - Verify SUPABASE_URL and SUPABASE_KEY are correct