Upload folder using huggingface_hub

.github/scripts/deploy.py

@@ -1,4 +1,5 @@
 import os
+
 from huggingface_hub import HfApi
 
 token = os.environ["HF_TOKEN"]

app/mcp_client.py

@@ -2,7 +2,6 @@ from __future__ import annotations
 
 import asyncio
 import json
-from typing import Optional
 
 from fastapi import HTTPException
 
@@ -10,11 +9,11 @@ from fastapi import HTTPException
 class McpStdioClient:
     def __init__(self, command: list[str]):
         self.command = command
-        self.proc: Optional[asyncio.subprocess.Process] = None
+        self.proc: asyncio.subprocess.Process | None = None
         self._lock = asyncio.Lock()
         self._pending: dict[int, asyncio.Future] = {}
         self._next_id = 1
-        self._reader_task: Optional[asyncio.Task] = None
+        self._reader_task: asyncio.Task | None = None
         self._initialized = False
 
     async def start(self) -> None:
@@ -69,7 +68,7 @@ class McpStdioClient:
             if fut and not fut.done():
                 fut.set_result(msg)
 
-    async def _rpc(self, method: str, params: Optional[dict] = None) -> dict:
+    async def _rpc(self, method: str, params: dict | None = None) -> dict:
         await self.start()
         assert self.proc and self.proc.stdin
         async with self._lock:
@@ -111,4 +110,3 @@ class McpStdioClient:
 
     async def call_tool(self, name: str, arguments: dict) -> dict:
         return await self._rpc("tools/call", {"name": name, "arguments": arguments})
-

app/routes/admin.py

@@ -48,7 +48,7 @@ async def get_mcp_templates(http_request: Request):
     except FileNotFoundError:
         return {"version": 1, "templates": []}
     except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
+        raise HTTPException(status_code=500, detail=str(e)) from e
 
 
 @router.put("/api/admin/mcp-templates")
@@ -73,5 +73,4 @@ async def put_mcp_templates(body: McpTemplates, http_request: Request):
         path.write_text(json.dumps(payload, indent=2, ensure_ascii=False) + "\n", encoding="utf-8")
         return {"ok": True, "count": len(templates)}
     except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
-
+        raise HTTPException(status_code=500, detail=str(e)) from e

app/routes/chat.py

@@ -1,7 +1,7 @@
 from __future__ import annotations
 
 import os
-from typing import Any, List, Optional, Union
+from typing import Any
 
 from fastapi import APIRouter, HTTPException
 from fastapi.responses import StreamingResponse
@@ -14,14 +14,14 @@ router = APIRouter()
 class ChatMessage(BaseModel):
     role: str
     # OpenAI-compatible: content can be plain text or an array of multimodal parts.
-    content: Union[str, List[Any]]
+    content: str | list[Any]
 
 
 class ChatRequest(BaseModel):
-    messages: List[ChatMessage]
-    apiKey: Optional[str] = None
-    baseUrl: Optional[str] = None
-    model: Optional[str] = "gpt-3.5-turbo"
+    messages: list[ChatMessage]
+    apiKey: str | None = None
+    baseUrl: str | None = None
+    model: str | None = "gpt-3.5-turbo"
 
 
 @router.post("/api/chat")
@@ -51,8 +51,8 @@ async def chat_endpoint(request: ChatRequest):
 
 
 class ModelsRequest(BaseModel):
-    apiKey: Optional[str] = None
-    baseUrl: Optional[str] = None
+    apiKey: str | None = None
+    baseUrl: str | None = None
 
 
 @router.post("/api/proxy/models")
@@ -80,5 +80,4 @@ async def proxy_models(request: ModelsRequest):
     except HTTPException:
         raise
     except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
-
+        raise HTTPException(status_code=500, detail=str(e)) from e

app/routes/codex.py

@@ -6,7 +6,6 @@ import os
 import uuid
 from dataclasses import dataclass, field
 from pathlib import Path
-from typing import List, Optional
 
 from fastapi import APIRouter, HTTPException, Request
 from fastapi.responses import StreamingResponse
@@ -21,14 +20,14 @@ router = APIRouter()
 
 class CodexRequest(BaseModel):
     message: str
-    threadId: Optional[str] = None
-    model: Optional[str] = None
-    sandboxMode: Optional[str] = "workspace-write"
-    approvalPolicy: Optional[str] = "never"
-    apiKey: Optional[str] = None
-    baseUrl: Optional[str] = None
-    modelReasoningEffort: Optional[str] = "minimal"
-    workingDirectory: Optional[str] = None
+    threadId: str | None = None
+    model: str | None = None
+    sandboxMode: str | None = "workspace-write"
+    approvalPolicy: str | None = "never"
+    apiKey: str | None = None
+    baseUrl: str | None = None
+    modelReasoningEffort: str | None = "minimal"
+    workingDirectory: str | None = None
 
 
 @router.post("/api/codex")
@@ -83,7 +82,7 @@ async def codex_agent(request: CodexRequest, http_request: Request):
     except HTTPException:
         raise
     except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
+        raise HTTPException(status_code=500, detail=str(e)) from e
 
 
 def _with_codex_agent_prefix(message: str) -> str:
@@ -180,7 +179,7 @@ async def codex_agent_cli(request: CodexRequest, http_request: Request):
     except HTTPException:
         raise
     except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
+        raise HTTPException(status_code=500, detail=str(e)) from e
 
 
 @router.post("/api/codex/cli/stream")
@@ -367,11 +366,11 @@ class DeviceLoginAttempt:
     id: str
     proc: asyncio.subprocess.Process
     created_at: float
-    url: Optional[str] = None
-    code: Optional[str] = None
-    output: List[str] = field(default_factory=list)
+    url: str | None = None
+    code: str | None = None
+    output: list[str] = field(default_factory=list)
     done: bool = False
-    returncode: Optional[int] = None
+    returncode: int | None = None
 
 
 async def _read_device_login_output(attempt: DeviceLoginAttempt) -> None:

app/routes/mcp.py

@@ -18,7 +18,7 @@ async def mcp_tools_list(http_request: Request):
         result = await http_request.app.state.codex_mcp_client.list_tools()
         return result
     except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
+        raise HTTPException(status_code=500, detail=str(e)) from e
 
 
 class McpCallRequest(BaseModel):
@@ -34,5 +34,4 @@ async def mcp_tools_call(request: McpCallRequest, http_request: Request):
     try:
         return await http_request.app.state.codex_mcp_client.call_tool(request.name, request.arguments)
     except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
-
+        raise HTTPException(status_code=500, detail=str(e)) from e

app/routes/terminal.py

@@ -8,7 +8,7 @@ import pty
 import struct
 import subprocess
 import termios
-from datetime import datetime, timezone
+from datetime import UTC, datetime
 
 from fastapi import APIRouter, HTTPException, WebSocket
 
@@ -57,7 +57,7 @@ async def websocket_terminal(websocket: WebSocket):
                     "refresh_token": refresh_token,
                     "account_id": account_id,
                 },
-                "last_refresh": datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ"),
+                "last_refresh": datetime.now(UTC).strftime("%Y-%m-%dT%H:%M:%SZ"),
             }
             for filename in ("auth.json", ".auth.json"):
                 path = os.path.join(codex_home, filename)
@@ -137,4 +137,3 @@ async def websocket_terminal(websocket: WebSocket):
         write_task.cancel()
         p.terminate()
         os.close(master_fd)
-

app/routes/user.py

@@ -2,7 +2,7 @@ from __future__ import annotations
 
 import json
 import os
-from typing import Any, Optional
+from typing import Any
 
 from fastapi import APIRouter, HTTPException, Request
 from pydantic import BaseModel
@@ -61,12 +61,12 @@ async def get_mcp_registry(http_request: Request):
     user = await require_user_from_request(http_request)
     path = _registry_path(str(user.get("id") or ""))
     try:
-        with open(path, "r", encoding="utf-8") as f:
+        with open(path, encoding="utf-8") as f:
             return json.load(f)
     except FileNotFoundError:
         return {"version": 1, "servers": []}
     except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
+        raise HTTPException(status_code=500, detail=str(e)) from e
 
 
 @router.put("/api/user/mcp-registry")
@@ -92,4 +92,4 @@ async def put_mcp_registry(body: McpRegistry, http_request: Request):
             f.write("\n")
         return {"ok": True, "count": len(servers)}
     except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
+        raise HTTPException(status_code=500, detail=str(e)) from e

app/server.py

@@ -9,12 +9,12 @@ from fastapi.middleware.cors import CORSMiddleware
 from fastapi.staticfiles import StaticFiles
 
 from app.mcp_client import McpStdioClient
+from app.routes.admin import router as admin_router
 from app.routes.base import router as base_router
 from app.routes.chat import router as chat_router
 from app.routes.codex import router as codex_router
 from app.routes.mcp import router as mcp_router
 from app.routes.terminal import router as terminal_router
-from app.routes.admin import router as admin_router
 from app.routes.user import router as user_router
 
 _ROOT = Path(__file__).resolve().parent.parent

app/workdir.py

@@ -1,10 +1,10 @@
 from __future__ import annotations
 
 import os
-from typing import Any, Optional
+from typing import Any
 
 
-def safe_user_workdir(user: dict[str, Any], requested: Optional[str]) -> str:
+def safe_user_workdir(user: dict[str, Any], requested: str | None) -> str:
     """
     Restrict Codex workdir to an allowlisted root to prevent traversal.
     """
@@ -28,4 +28,3 @@ def safe_user_workdir(user: dict[str, Any], requested: Optional[str]) -> str:
 
     os.makedirs(user_root, exist_ok=True)
     return user_root
-

tests/test_security_gates.py

@@ -1,5 +1,3 @@
-import os
-
 import pytest
 from fastapi.testclient import TestClient
 from starlette.websockets import WebSocketDisconnect
@@ -47,4 +45,3 @@ def test_features_can_be_disabled(monkeypatch: pytest.MonkeyPatch):
 
     res = c.get("/api/codex/login/status")
     assert res.status_code == 403
-