Initial Brain3: SFTP Tunnel

Dockerfile

@@ -0,0 +1,26 @@
+# Brain3 Dockerfile: SFTP Tunnel Edition
+FROM python:3.10
+
+# Create user first
+RUN useradd -m -u 1000 user
+
+# Install Cloudflared (No apt-get needed, just curl the binary)
+RUN curl -L --output /usr/local/bin/cloudflared https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 && \
+    chmod +x /usr/local/bin/cloudflared
+
+# Setup workdir
+WORKDIR /app
+
+# Install deps
+COPY --chown=user ./requirements.txt requirements.txt
+RUN pip install --no-cache-dir --upgrade -r requirements.txt
+
+# Copy App
+COPY --chown=user . /app
+
+# Switch to user
+USER user
+ENV PATH="/home/user/.local/bin:$PATH"
+
+# Run App
+CMD ["python", "-m", "uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]

README.md

@@ -0,0 +1,14 @@
+---
+title: Brain3 SFTP Bridge
+emoji: 🌉
+colorFrom: indigo
+colorTo: purple
+sdk: docker
+pinned: false
+app_port: 7860
+---
+
+# Brain3: SFTP Tunnel Bridge
+
+Uses `cloudflared` in TCP mode + `paramiko` to access Azure Storage without FUSE/SSHFS.
+User-space only. No root required.

app.py

@@ -0,0 +1,52 @@
+from fastapi import FastAPI, HTTPException
+from azure_bridge import AzureSFTPBridge
+import os
+import time
+
+app = FastAPI()
+bridge = None
+
+@app.on_event("startup")
+def startup_event():
+    global bridge
+    print("🚀 Starting Brain3...")
+    bridge = AzureSFTPBridge()
+    if os.environ.get("SSH_KEY"):
+        bridge.start_tunnel()
+    else:
+        print("⚠️ SSH_KEY missing. Bridge disabled.")
+
+@app.get("/")
+def home():
+    return {"status": "Brain3 Online", "mode": "SFTP Tunnel"}
+
+@app.get("/test-storage")
+def test_storage():
+    """Writes a test file to Azure and lists directory."""
+    global bridge
+    if not bridge:
+        return {"error": "Bridge not initialized"}
+        
+    try:
+        # 1. Create dummy file
+        filename = f"brain3_probe_{int(time.time())}.txt"
+        with open(filename, "w") as f:
+            f.write(f"Hello from Brain3 via SFTP at {time.time()}")
+            
+        # 2. Upload
+        remote_path = f"/mnt/lightrag/{filename}" # Assuming user has write access here
+        # Or try home dir if unsure: 
+        # remote_path = f"/home/azureuser/{filename}"
+        
+        bridge.upload_file(filename, remote_path)
+        
+        # 3. List
+        files = bridge.list_files("/mnt/lightrag")
+        
+        return {
+            "upload_status": "success",
+            "remote_path": remote_path,
+            "directory_listing": files
+        }
+    except Exception as e:
+        return {"error": str(e)}

azure_bridge.py

@@ -0,0 +1,111 @@
+import os
+import time
+import subprocess
+import socket
+import threading
+import paramiko
+import io
+import logging
+
+# Configure Logging
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger("azure_bridge")
+
+class AzureSFTPBridge:
+    def __init__(self, hostname="ssh.my-robot.dev", local_port=2222, username="azureuser"):
+        self.hostname = hostname
+        self.local_port = local_port
+        self.username = username
+        self.tunnel_process = None
+        self.ssh_key = None
+        self._load_key()
+
+    def _load_key(self):
+        """Load SSH Key from Env Var"""
+        key_content = os.environ.get("SSH_KEY")
+        if not key_content:
+            logger.error("SSH_KEY environment variable not found!")
+            return
+        
+        # Determine key type and load
+        try:
+            self.ssh_key = paramiko.RSAKey.from_private_key(io.StringIO(key_content))
+            logger.info("Loaded RSA Key successfully.")
+        except Exception:
+            try:
+                self.ssh_key = paramiko.Ed25519Key.from_private_key(io.StringIO(key_content))
+                logger.info("Loaded Ed25519 Key successfully.")
+            except Exception as e:
+                logger.error(f"Failed to load SSH Key: {e}")
+
+    def start_tunnel(self):
+        """Starts cloudflared access tcp in background."""
+        logger.info(f"Starting Cloudflare Tunnel to {self.hostname} on localhost:{self.local_port}...")
+        
+        cmd = [
+            "cloudflared", 
+            "access", "tcp", 
+            "--hostname", self.hostname, 
+            "--url", f"tcp://localhost:{self.local_port}"
+        ]
+        
+        self.tunnel_process = subprocess.Popen(
+            cmd, 
+            stdout=subprocess.PIPE, 
+            stderr=subprocess.PIPE
+        )
+        
+        # Wait for port to be open
+        retries = 10
+        for i in range(retries):
+            if self._check_port():
+                logger.info("Tunnel established successfully.")
+                return True
+            time.sleep(1)
+            
+        logger.error("Failed to establish tunnel.")
+        return False
+
+    def _check_port(self):
+        try:
+            with socket.create_connection(("localhost", self.local_port), timeout=1):
+                return True
+        except (socket.timeout, ConnectionRefusedError):
+            return False
+
+    def get_sftp(self):
+        """Connects via Paramiko and returns SFTPClient."""
+        if not self.ssh_key:
+            raise ValueError("SSH Key not loaded.")
+            
+        if not self._check_port():
+            logger.warning("Tunnel port closed. Restarting tunnel...")
+            self.start_tunnel()
+
+        try:
+            logger.info("Connecting to SFTP via Tunnel...")
+            transport = paramiko.Transport(("localhost", self.local_port))
+            transport.connect(username=self.username, pkey=self.ssh_key)
+            
+            sftp = paramiko.SFTPClient.from_transport(transport)
+            logger.info("SFTP Connection Established.")
+            return sftp
+        except Exception as e:
+            logger.error(f"SFTP Connection Failed: {e}")
+            raise
+
+    # --- High Level API ---
+
+    def list_files(self, remote_path):
+        with self.get_sftp() as sftp:
+            return sftp.listdir(remote_path)
+
+    def upload_file(self, local_path, remote_path):
+        with self.get_sftp() as sftp:
+            sftp.put(local_path, remote_path)
+            logger.info(f"Uploaded {local_path} -> {remote_path}")
+
+    def download_file(self, remote_path, local_path):
+        with self.get_sftp() as sftp:
+            sftp.get(remote_path, local_path)
+            logger.info(f"Downloaded {remote_path} -> {local_path}")

requirements.txt

@@ -0,0 +1,4 @@
+fastapi
+uvicorn[standard]
+paramiko
+requests