m17hr1l/neuronetz-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
27b7012ec9a24577b9a86f2e0f1fc738e9205a29
neuronetz-gateway/pyproject.toml
Stephan Berbig c9e11c3486
Some checks failed
CI / ruff (push) Has been cancelled
Details
CI / mypy --strict (push) Has been cancelled
Details
CI / pytest (push) Has been cancelled
Details
CI / bandit (push) Has been cancelled
Details
CI / pip-audit (push) Has been cancelled
Details
cli: add add-backend / remove-backend / list-backends commands 
So nobody ever has to hand-write the OLLAMA_BACKENDS JSON again.

  # add a backend, probe it, print the resulting .env line:
  neuronetz-gateway add-backend embedded     http://ollama:11434
  neuronetz-gateway add-backend neuro-ollama http://neuro-ollama:11434 --token ABC

  # update one (e.g. rotate token):
  neuronetz-gateway add-backend neuro-ollama http://neuro-ollama:11434 --token XYZ --replace

  # remove:
  neuronetz-gateway remove-backend neuro-ollama

  # peek (tokens redacted):
  neuronetz-gateway list-backends

  # write directly to a .env file (atomic temp-file + rename):
  neuronetz-gateway add-backend foo http://foo:11434 --token T --write-env /app/.env

  # show what would change without doing it:
  neuronetz-gateway add-backend foo http://foo:11434 --token T --dry-run

What each command does:

- `add-backend NAME URL` (+ optional --token / --header / --scheme / --replace
  / --no-validate / --write-env / --dry-run): builds a new backend list (current
  list parsed from OLLAMA_BACKENDS env, or synthesized from the single-backend
  fallback if unset), validates the new backend by probing /api/tags with the
  same headers the gateway will use at runtime (`build_backend_headers`), then
  prints the resulting OLLAMA_BACKENDS=... line ready to paste — or writes it
  in place if --write-env is given. Refuses to overwrite an existing name
  unless --replace is passed.
- `remove-backend NAME` (+ --write-env / --dry-run): mirror of add-backend for
  removal.
- `list-backends`: shows the configured backends with tokens redacted to
  "***" via `redacted_dump`. Useful sanity check after editing .env.

All the JSON manipulation is in a new pure-helpers module
`cli/backends.py` (parse / serialize / add_or_replace / remove /
update_env_file). The Typer commands in `cli/manage.py` are thin shells
on top — the logic is unit-tested directly without spinning up Typer or
the network. The token is unwrapped from SecretStr exactly once at the
serialization boundary (`to_dict`) and never logged.

New tests (16): full coverage of the helpers — round-trip serialize/parse,
duplicate-name rejection, replace-in-place order preservation, remove
on unknown name, redaction, atomic env-file rewrite (insert / replace /
idempotent re-apply / create-when-missing).

ruff (incl. the per-file ignore add for tests' S105/S106 — placeholder
"tok123"-style strings are inputs, not credentials) + mypy --strict (68
source files) clean. pytest: 76 passed + 39 skipped (the 16 new tests +
no regressions on the existing 60).
2026-05-27 22:59:53 +02:00

97 lines
2.4 KiB
TOML
Raw Blame History

[project]
name = "neuronetz-gateway"
version = "0.1.0"
description = "Secure multi-tenant API gateway in front of Ollama for the Neuronetz platform."
readme = "README.md"
license = { text = "Apache-2.0" }
requires-python = ">=3.12"
authors = [{ name = "Neuronetz", email = "ops@neuronetz.ai" }]
dependencies = [
"fastapi>=0.115",
"uvicorn[standard]>=0.30",
"httpx>=0.27",
"sqlalchemy[asyncio]>=2.0",
"asyncpg>=0.29",
"redis[hiredis]>=5.0",
"structlog>=24.1",
"pydantic>=2.9",
"pydantic-settings>=2.4",
"argon2-cffi>=23.1",
"typer>=0.12",
"prometheus-client>=0.20",
"alembic>=1.13",
]
[project.scripts]
neuronetz-gateway = "neuronetz_gateway.cli.manage:app"
[project.optional-dependencies]
dev = [
"ruff>=0.6",
"mypy>=1.11",
"bandit>=1.7",
"pip-audit>=2.7",
"pytest>=8.3",
"pytest-asyncio>=0.24",
"pytest-cov>=5.0",
"testcontainers>=4.8",
"respx>=0.21",
"locust>=2.31",
]
[build-system]
requires = ["hatchling"]
build-backend = "hatchling.build"
[tool.hatch.build.targets.wheel]
packages = ["src/neuronetz_gateway"]
[tool.ruff]
target-version = "py312"
line-length = 100
src = ["src", "tests"]
[tool.ruff.lint]
select = ["E", "F", "I", "B", "UP", "S", "ASYNC"]
[tool.ruff.lint.per-file-ignores]
# Tests may use assert, bind to all interfaces in fixtures, and use obvious
# fake-token strings as inputs (S105/S106 fire on any literal that looks like
# a credential — fine in test inputs).
"tests/**" = ["S101", "S104", "S105", "S106"]
[tool.mypy]
python_version = "3.12"
strict = true
mypy_path = "src"
plugins = ["pydantic.mypy"]
namespace_packages = true
explicit_package_bases = true
[[tool.mypy.overrides]]
# argon2 ships types but some transitive deps may not; keep strictness elsewhere.
# asyncpg ships no stubs/py.typed marker; it is used in revocation.py only.
module = ["testcontainers.*", "locust.*", "asyncpg", "asyncpg.*"]
ignore_missing_imports = true
[tool.pytest.ini_options]
asyncio_mode = "auto"
testpaths = ["tests"]
pythonpath = ["src"]
addopts = "--cov=neuronetz_gateway --cov-report=term-missing"
[tool.coverage.run]
source = ["src/neuronetz_gateway"]
branch = true
omit = [
"src/neuronetz_gateway/__main__.py",
"src/neuronetz_gateway/cli/*",
]
[tool.coverage.report]
# Phase 1: coverage is reported but non-blocking. Later phases set fail_under.
show_missing = true
[tool.bandit]
exclude_dirs = ["tests"]
Reference in New Issue View Git Blame Copy Permalink