Upload folder using huggingface_hub

PLAN.md

@@ -1,87 +1,7 @@
-# Roadmap (P0–P3)
+# Plan
 
-This file is the repo-level roadmap for `autonomy-labs`. It’s intentionally opinionated and ordered by risk reduction first, then maintainability, then feature expansion.
+This repo’s roadmap lives in `PLANS.md`.
 
-## P0 — Security + correctness (blockers)
-- Gate **all dangerous endpoints** server-side (not just UI):
-  - `/ws/terminal`
-  - `/api/codex*`
-  - `/api/mcp*`
-  - any indexing endpoints (docs/web/GitHub)
-- Define a clear auth transport for WebSockets (cookie or token) and verify on the server.
-- Add capability flags with safe defaults:
-  - `ENABLE_TERMINAL`, `ENABLE_CODEX`, `ENABLE_MCP`, `ENABLE_INDEXING`
-- Add `SECURITY.md` with threat model + safe deployment guidance.
-
-## P1 — Backend refactor + lifecycle
-- Split `main.py` into routers/services:
-  - `app/auth.py`, `app/chat.py`, `app/terminal.py`, `app/codex.py`, `app/mcp.py`, `app/settings.py`, `app/admin.py`, `app/indexing.py`
-- Add FastAPI lifespan management:
-  - subprocess lifecycle (Codex MCP server)
-  - cleanup policies (device-login attempts, job registries)
-- Unify Codex integration (prefer CLI-first for device-auth consistency; keep SDK only if needed).
-- Standardize API error schema (UI should not parse strings to detect failure modes).
-
-## P2 — UI/UX, settings, admin, landing
-- Split `static/dashboard.html` into modules:
-  - `static/dashboard.js`, `static/terminal.js`, `static/agent.js`, `static/settings.js`, `static/admin.js`, `static/mcp.js`, `static/rag.js`
-  - `static/theme.css`
-- Fix UI inconsistencies:
-  - theme tokens shared across login + dashboard
-  - consistent spacing, typography, button states, error banners
-  - terminal sizing/fit reliability (debounce + visible-only fitting)
-- Separate Settings vs Admin dashboard:
-  - Settings: provider configs, tokens status, terminal layout, workspace directory, MCP registry
-  - Admin: user/role management, global toggles, indexing jobs, audit logs
-- Create a “blazing” landing page:
-  - `/` marketing/intro + CTA
-  - keep `/login` and `/app` as dedicated routes (or similar)
-
-## P2 — Provider auth parity (Codex/Gemini/Claude)
-- Keep provider auth out of git; source from env/HF Secrets.
-- Support “Codex-like” auth file generation when a CLI requires it:
-  - Codex: `~/.codex/.auth.json` and `~/.codex/auth.json` from `CODEX_*` (or fallback envs).
-  - Gemini/Claude: prefer env (`GEMINI_API_KEY`, `ANTHROPIC_API_KEY`); add file-based auth only if required and documented.
-- Optional: SSH key support via Secrets:
-  - `SSH_PRIVATE_KEY` (+ optional `SSH_PUBLIC_KEY`, `SSH_KNOWN_HOSTS`)
-
-## P2 — Codex workspace directory (UI)
-- Add a per-user “workspace directory” setting.
-- Enforce an allowlisted root (e.g. `/data/codex/workspace/<user>`), prevent traversal, ensure it exists.
-
-## P2 — Stream Codex events in Agent mode
-- Use `/api/codex/cli/stream` for agent execution.
-- UI: render streaming events progressively (agent text, tool events, final summary + usage).
-- Add stop/reconnect handling.
-
-## P2/P3 — MCP registry
-- Add a first-class MCP registry:
-  - per-user servers + optional global templates
-  - “test connection”, “list tools”, allow/deny tool lists
-  - import/export `mcp.json`
-
-## P3 — RAG + indexing (docs/web/GitHub) + “password manager”
-- Clarify “password manager” scope:
-  - secure vault for secrets (high-risk; encryption + audit required), or
-  - indexed notes (lower-risk but still private)
-- Implement indexing connectors:
-  - document uploads
-  - website crawl (depth, allowlist, robots, rate limits)
-  - GitHub repo indexing (branch/path filters, token support via Secrets)
-- Build a jobs UI: progress, retries, errors, and access controls.
-
-## P3 — P2P pubsub chat + account manager
-- Implement account manager concepts:
-  - identities/devices, room/topic membership, permissions, moderation tools
-- Transport:
-  - WebRTC DataChannel (P2P) + server signaling
-  - fallback to server pubsub when P2P fails
-- UX:
-  - rooms, presence, delivery status, network mode indicators
-
-## Engineering hygiene (ongoing)
-- Add `.env.example`, `docs/TROUBLESHOOTING.md`, `docs/ARCHITECTURE.md`, `docs/SECURITY_DEPLOYMENT.md`
-- Add lint/tests + CI:
-  - Python: `ruff`, `pytest`
-  - basic security smoke tests for endpoint gating
+- Roadmap: `PLANS.md`
+- Status checklist: `TASKS.md`
 

TASKS.md

@@ -0,0 +1,64 @@
+# Tasks Checklist
+
+This file tracks the implementation status of `PLANS.md`. Update this checklist as work progresses.
+
+Legend:
+- [x] done
+- [ ] pending
+- [~] in progress
+
+## P0 — Security + correctness
+- [x] Gate dangerous endpoints server-side (`/ws/terminal`, `/api/codex*`, `/api/mcp*`).
+- [x] Define WebSocket auth transport (token in query string for `/ws/terminal`).
+- [x] Add capability flags (`ENABLE_TERMINAL`, `ENABLE_CODEX`, `ENABLE_MCP`, `ENABLE_INDEXING`) with safe defaults.
+- [x] Add `SECURITY.md` with threat model + guidance.
+
+## P1 — Backend refactor + lifecycle
+- [x] Refactor backend into modules under `app/` and keep `uvicorn main:app` working.
+- [x] Add FastAPI lifespan management for MCP subprocess and device-login cleanup.
+- [ ] Unify Codex integration further (decide SDK vs CLI as primary, remove redundant paths if safe).
+- [ ] Standardize API error schema across endpoints (single shape for UI).
+
+## P2 — UI/UX, settings, admin, landing
+- [~] Landing + route split (`/` landing, `/login`, `/app`) and UI redirects updated.
+- [ ] Split `static/dashboard.html` into JS/CSS modules.
+- [ ] Theme tokens shared across login + dashboard (single source of truth).
+- [ ] Separate Settings vs Admin dashboard (dedicated pages/sections + RBAC).
+
+## P2 — Provider auth parity (Codex/Gemini/Claude)
+- [x] Codex auth file generation from env/secrets (`~/.codex/.auth.json` and `~/.codex/auth.json`).
+- [ ] Gemini auth file parity (only if CLI requires; otherwise env-only with docs).
+- [ ] Claude auth file parity (only if CLI requires; otherwise env-only with docs).
+- [x] Optional SSH key support via Secrets (`SSH_PRIVATE_KEY`, `SSH_PUBLIC_KEY`, `SSH_KNOWN_HOSTS`).
+
+## P2 — Codex workspace directory (UI)
+- [x] Add UI setting for Codex working directory.
+- [x] Enforce allowlisted root server-side and create directories as needed.
+
+## P2 — Stream Codex events in Agent mode
+- [x] Use `/api/codex/cli/stream` for agent execution.
+- [x] UI renders streaming events + partial text (agent mode and chat target).
+- [ ] Stop/reconnect improvements (resume stream after transient disconnects).
+
+## P2/P3 — MCP registry
+- [ ] First-class MCP registry storage (per-user + templates).
+- [ ] “Test connection”, “list tools”, tool allow/deny UI.
+- [ ] Import/export `mcp.json` via UI with validation.
+
+## P3 — RAG + indexing (docs/web/GitHub) + “password manager”
+- [ ] Clarify “password manager” scope and threat model.
+- [ ] Document upload indexing connector.
+- [ ] Website crawler indexing (depth/allowlist/robots/rate limits).
+- [ ] GitHub repo indexing connector (branch/path filters + token support).
+- [ ] Jobs UI (progress/retries/errors/access controls).
+
+## P3 — P2P pubsub chat + account manager
+- [ ] Account manager: identities/devices, memberships, permissions, moderation.
+- [ ] Transport: WebRTC DataChannel + signaling, with server pubsub fallback.
+- [ ] UX: rooms, presence, delivery status, network mode indicators.
+
+## Engineering hygiene
+- [x] Add `.env.example`.
+- [x] Add `docs/ARCHITECTURE.md`, `docs/SECURITY_DEPLOYMENT.md`, `docs/TROUBLESHOOTING.md`.
+- [x] Add lint/tests + CI (`ruff`, `pytest`, `.github/workflows/ci.yml`).
+

app/routes/base.py

@@ -25,10 +25,19 @@ async def get_config():
 
 @router.get("/")
 async def read_index():
+    return FileResponse(str(_STATIC / "landing.html"))
+
+
+@router.get("/login")
+async def read_login():
     return FileResponse(str(_STATIC / "index.html"))
 
 
+@router.get("/app")
+async def read_app():
+    return FileResponse(str(_STATIC / "dashboard.html"))
+
+
 @router.get("/health")
 async def health_check():
     return {"status": "ok"}
-

static/dashboard.html

@@ -1396,7 +1396,7 @@
                 supabase = window.supabase.createClient(config.supabase_url, config.supabase_key);
 
                 const { data: { session } } = await supabase.auth.getSession();
-                if (!session) { window.location.href = '/'; return; }
+                if (!session) { window.location.href = '/login'; return; }
                 window.__sbAccessToken = (session.access_token || '').trim();
                 supabase.auth.onAuthStateChange((_event, nextSession) => {
                     window.__sbAccessToken = (nextSession?.access_token || '').trim();
@@ -1463,7 +1463,7 @@
 
                 document.getElementById('logout-btn').addEventListener('click', async () => {
                     await supabase.auth.signOut();
-                    window.location.href = '/';
+                    window.location.href = '/login';
                 });
 
                 initProviderPresets();

static/index.html

@@ -60,7 +60,7 @@
                 // Check if already logged in
                 const { data: { session } } = await supabase.auth.getSession();
                 if (session) {
-                    window.location.href = '/static/dashboard.html';
+                    window.location.href = '/app';
                 }
             } catch (error) {
                 console.error('Error initializing Supabase:', error);
@@ -103,12 +103,12 @@
                 if (type === 'register') {
                     if (result.data && result.data.session) {
                         // Email verification is disabled, user is logged in
-                        window.location.href = '/static/dashboard.html';
+                        window.location.href = '/app';
                     } else {
                         showAlert('Registration successful! Please check your email to verify (if enabled) or try logging in.', 'success');
                     }
                 } else {
-                    window.location.href = '/static/dashboard.html';
+                    window.location.href = '/app';
                 }
             } catch (error) {
                 showAlert(error.message);

static/landing.html

@@ -0,0 +1,104 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>autonomy-labs</title>
+  <script src="https://cdn.tailwindcss.com?plugins=typography"></script>
+</head>
+
+<body class="min-h-screen bg-gradient-to-b from-gray-950 via-gray-900 to-gray-950 text-white">
+  <header class="border-b border-white/10">
+    <div class="mx-auto max-w-6xl px-5 py-4 flex items-center justify-between">
+      <div class="flex items-center gap-3">
+        <div class="h-9 w-9 rounded-xl bg-blue-600/20 border border-blue-500/30 flex items-center justify-center">
+          <span class="text-blue-300 font-black">A</span>
+        </div>
+        <div class="leading-tight">
+          <div class="font-semibold tracking-tight">autonomy-labs</div>
+          <div class="text-xs text-gray-400">chat · terminals · autonomous mode</div>
+        </div>
+      </div>
+      <div class="flex items-center gap-2">
+        <a href="/login"
+          class="px-3 py-2 rounded-lg text-sm text-gray-200 hover:text-white hover:bg-white/5 border border-white/10">Login</a>
+        <a href="/app"
+          class="px-3 py-2 rounded-lg text-sm bg-blue-600 hover:bg-blue-700 font-semibold border border-blue-500/40">Open
+          App</a>
+      </div>
+    </div>
+  </header>
+
+  <main class="mx-auto max-w-6xl px-5 py-14">
+    <div class="grid grid-cols-1 lg:grid-cols-2 gap-10 items-center">
+      <div>
+        <div
+          class="inline-flex items-center gap-2 rounded-full border border-white/10 bg-white/5 px-3 py-1 text-xs text-gray-300">
+          <span class="h-2 w-2 rounded-full bg-green-400"></span>
+          FastAPI + Supabase + Docker (HF Spaces)
+        </div>
+        <h1 class="mt-5 text-4xl lg:text-5xl font-black tracking-tight">
+          Build faster with chat, terminals, and autonomous workflows.
+        </h1>
+        <p class="mt-4 text-gray-300 text-lg leading-relaxed">
+          A lightweight UI that combines AI chat, PTY-backed terminals, and an agent mode that can stream execution
+          events.
+          Designed for Hugging Face Spaces and local development.
+        </p>
+        <div class="mt-7 flex flex-wrap gap-3">
+          <a href="/login"
+            class="px-5 py-3 rounded-xl bg-blue-600 hover:bg-blue-700 font-semibold border border-blue-500/40">Get
+            started</a>
+          <a href="/app"
+            class="px-5 py-3 rounded-xl bg-white/5 hover:bg-white/10 border border-white/10 text-gray-200">Open app</a>
+          <a href="/health"
+            class="px-5 py-3 rounded-xl bg-white/5 hover:bg-white/10 border border-white/10 text-gray-200">Health
+            check</a>
+        </div>
+        <div class="mt-8 grid grid-cols-1 sm:grid-cols-2 gap-4">
+          <div class="rounded-2xl border border-white/10 bg-white/5 p-4">
+            <div class="text-sm font-semibold">Secure execution gates</div>
+            <div class="text-sm text-gray-400 mt-1">Terminal/Codex/MCP are server-side gated behind Supabase auth.</div>
+          </div>
+          <div class="rounded-2xl border border-white/10 bg-white/5 p-4">
+            <div class="text-sm font-semibold">Streaming agent UX</div>
+            <div class="text-sm text-gray-400 mt-1">Live progress and partial text rendering for long runs.</div>
+          </div>
+        </div>
+      </div>
+
+      <div class="relative">
+        <div
+          class="absolute -inset-6 bg-gradient-to-tr from-blue-600/30 via-purple-600/20 to-cyan-500/20 blur-3xl rounded-full">
+        </div>
+        <div class="relative rounded-2xl border border-white/10 bg-gray-950/40 p-5 shadow-2xl">
+          <div class="flex items-center justify-between">
+            <div class="text-sm font-semibold text-gray-200">What you get</div>
+            <div class="text-xs text-gray-400">MVP · extensible roadmap</div>
+          </div>
+          <ul class="mt-4 space-y-3 text-sm text-gray-300">
+            <li class="flex gap-3"><span class="text-blue-400">●</span> Chat with markdown + math rendering</li>
+            <li class="flex gap-3"><span class="text-blue-400">●</span> Multi-tab terminals over WebSockets (PTY)</li>
+            <li class="flex gap-3"><span class="text-blue-400">●</span> Agent mode with optional Codex CLI streaming</li>
+            <li class="flex gap-3"><span class="text-blue-400">●</span> MCP tooling hooks (feature-flagged)</li>
+            <li class="flex gap-3"><span class="text-blue-400">●</span> Ready for indexing / P2P / admin features</li>
+          </ul>
+          <div class="mt-6 rounded-xl border border-white/10 bg-white/5 p-4 text-xs text-gray-400">
+            Tip: set secrets in HF Spaces → Settings → Variables and secrets, then restart the Space.
+          </div>
+        </div>
+      </div>
+    </div>
+  </main>
+
+  <footer class="border-t border-white/10">
+    <div class="mx-auto max-w-6xl px-5 py-8 flex flex-col sm:flex-row gap-2 sm:items-center sm:justify-between">
+      <div class="text-sm text-gray-400">autonomy-labs</div>
+      <div class="text-sm text-gray-500">See `PLANS.md` and `TASKS.md` for the roadmap.</div>
+    </div>
+  </footer>
+</body>
+
+</html>
+