Update app.py

app.py

@@ -1,10 +1,8 @@
-
 import os, json, time, hmac, hashlib, sqlite3, base64, secrets
 from typing import Any, Dict, List, Optional, Tuple
 
 import gradio as gr
 from jsonschema import validate, ValidationError
-import jwt
 import stripe
 from fastapi import FastAPI, Request, HTTPException
 from fastapi.responses import JSONResponse
@@ -18,7 +16,7 @@ import ast, operator as op, datetime as dt
 APP_TITLE = "Inner I Studio — Secure Agent Hub"
 DB_PATH = os.getenv("INNERI_DB_PATH", "inneri_studio.db")
 RECEIPT_SIGNING_KEY = os.getenv("INNERI_RECEIPT_SIGNING_KEY", "dev_only_change_me")
-JWT_SIGNING_KEY = os.getenv("INNERI_JWT_SIGNING_KEY", "dev_jwt_change_me")
+JWT_SIGNING_KEY = os.getenv("INNERI_JWT_SIGNING_KEY", "dev_jwt_change_me")  # reserved for future API auth
 ADMIN_PASSWORD = os.getenv("INNERI_ADMIN_PASSWORD", "admin")
 
 # Stripe (optional)
@@ -96,22 +94,24 @@ def gen_ed25519_keypair() -> Tuple[str, str]:
     ).decode("utf-8")
     return priv_pem, pub_pem
 
-def seed_tools(conn: sqlite3.Connection):
+def seed_tools(conn: sqlite3.Connection) -> None:
     tools = [
         ("echo", "Echo", "Returns the provided text.", "low",
-         {"type":"object","properties":{"text":{"type":"string","maxLength":2000}},"required":["text"],"additionalProperties":False}),
+         {"type": "object", "properties": {"text": {"type": "string", "maxLength": 2000}}, "required": ["text"], "additionalProperties": False}),
         ("time_now", "Time Now", "Returns server time (UTC).", "low",
-         {"type":"object","properties":{},"additionalProperties":False}),
+         {"type": "object", "properties": {}, "additionalProperties": False}),
         ("math_eval", "Math Eval", "Evaluates a simple arithmetic expression.", "med",
-         {"type":"object","properties":{"expression":{"type":"string","maxLength":200}},"required":["expression"],"additionalProperties":False}),
+         {"type": "object", "properties": {"expression": {"type": "string", "maxLength": 200}}, "required": ["expression"], "additionalProperties": False}),
     ]
     cur = conn.cursor()
     for t in tools:
-        cur.execute("INSERT OR IGNORE INTO tools(tool_id,name,description,risk,json_schema,enabled,version) VALUES(?,?,?,?,?,?,?)",
-                    (t[0], t[1], t[2], t[3], json.dumps(t[4]), 1, 1))
+        cur.execute(
+            "INSERT OR IGNORE INTO tools(tool_id,name,description,risk,json_schema,enabled,version) VALUES(?,?,?,?,?,?,?)",
+            (t[0], t[1], t[2], t[3], json.dumps(t[4]), 1, 1),
+        )
     conn.commit()
 
-def init_db():
+def init_db() -> None:
     conn = db()
     cur = conn.cursor()
     cur.executescript("""
@@ -184,8 +184,10 @@ def init_db():
     cur.execute("SELECT user_id FROM users WHERE email=?", ("admin@local",))
     if not cur.fetchone():
         ph = sha256_hex("admin@local:" + ADMIN_PASSWORD)
-        cur.execute("INSERT INTO users(email,password_hash,role,tier,credits,created_at) VALUES(?,?,?,?,?,?)",
-                    ("admin@local", ph, "admin", "pro", 0, now_unix()))
+        cur.execute(
+            "INSERT INTO users(email,password_hash,role,tier,credits,created_at) VALUES(?,?,?,?,?,?)",
+            ("admin@local", ph, "admin", "pro", 0, now_unix()),
+        )
         conn.commit()
 
     # seed tools
@@ -197,24 +199,43 @@ def init_db():
     cur.execute("SELECT agent_id FROM agents WHERE agent_id='agent_public_01'")
     if not cur.fetchone():
         _, pub = gen_ed25519_keypair()
-        cur.execute("INSERT INTO agents(agent_id,display_name,verification_level,risk_tier,public_key_pem,created_at) VALUES(?,?,?,?,?,?)",
-                    ("agent_public_01", "Inner I Public Agent", "none", "low", pub, now_unix()))
-        cur.execute("INSERT OR IGNORE INTO reputations(agent_id,score,updated_at) VALUES(?,?,?)",
-                    ("agent_public_01", 50, now_unix()))
+        cur.execute(
+            "INSERT INTO agents(agent_id,display_name,verification_level,risk_tier,public_key_pem,created_at) VALUES(?,?,?,?,?,?)",
+            ("agent_public_01", "Inner I Public Agent", "none", "low", pub, now_unix()),
+        )
+        cur.execute(
+            "INSERT OR IGNORE INTO reputations(agent_id,score,updated_at) VALUES(?,?,?)",
+            ("agent_public_01", 50, now_unix()),
+        )
         conn.commit()
 
     conn.close()
 
-def audit_append(actor_agent_id: Optional[str], actor_user_id: Optional[int], action: str, request_obj: Dict[str, Any], result_obj: Dict[str, Any]) -> Dict[str, Any]:
+def audit_append(
+    actor_agent_id: Optional[str],
+    actor_user_id: Optional[int],
+    action: str,
+    request_obj: Dict[str, Any],
+    result_obj: Dict[str, Any],
+) -> Dict[str, Any]:
     conn = db()
     cur = conn.cursor()
     cur.execute("SELECT row_hash FROM audit_log ORDER BY id DESC LIMIT 1")
     row = cur.fetchone()
     prev_hash = row["row_hash"] if row else None
-    row_obj = {"actor_agent_id": actor_agent_id, "actor_user_id": actor_user_id, "action": action, "request": request_obj, "result": result_obj, "prev_hash": prev_hash}
+    row_obj = {
+        "actor_agent_id": actor_agent_id,
+        "actor_user_id": actor_user_id,
+        "action": action,
+        "request": request_obj,
+        "result": result_obj,
+        "prev_hash": prev_hash,
+    }
     row_hash = sha256_hex(canonical_json(row_obj))
-    cur.execute("INSERT INTO audit_log(ts,actor_agent_id,actor_user_id,action,request_json,result_json,prev_hash,row_hash) VALUES(?,?,?,?,?,?,?,?)",
-                (now_unix(), actor_agent_id, actor_user_id, action, json.dumps(request_obj), json.dumps(result_obj), prev_hash, row_hash))
+    cur.execute(
+        "INSERT INTO audit_log(ts,actor_agent_id,actor_user_id,action,request_json,result_json,prev_hash,row_hash) VALUES(?,?,?,?,?,?,?,?)",
+        (now_unix(), actor_agent_id, actor_user_id, action, json.dumps(request_obj), json.dumps(result_obj), prev_hash, row_hash),
+    )
     conn.commit()
     audit_id = cur.lastrowid
     conn.close()
@@ -230,11 +251,14 @@ def signup(email: str, password: str) -> str:
         raise gr.Error("Enter a valid email")
     if len(password) < 8:
         raise gr.Error("Password must be 8+ chars")
+
     conn = db()
     cur = conn.cursor()
     try:
-        cur.execute("INSERT INTO users(email,password_hash,role,tier,credits,created_at) VALUES(?,?,?,?,?,?)",
-                    (email, hash_pw(email, password), "user", "free", 0, now_unix()))
+        cur.execute(
+            "INSERT INTO users(email,password_hash,role,tier,credits,created_at) VALUES(?,?,?,?,?,?)",
+            (email, hash_pw(email, password), "user", "free", 0, now_unix()),
+        )
         conn.commit()
     except sqlite3.IntegrityError:
         conn.close()
@@ -249,16 +273,22 @@ def login(email: str, password: str) -> Tuple[str, str]:
     cur.execute("SELECT user_id,password_hash FROM users WHERE email=?", (email,))
     row = cur.fetchone()
     conn.close()
+
     if not row:
         return "", "❌ user_not_found"
     if hash_pw(email, password) != row["password_hash"]:
         return "", "❌ bad_password"
+
     token = b64url(secrets.token_bytes(24))
     now = now_unix()
     exp = now + 3600 * 8
+
     conn = db()
     cur = conn.cursor()
-    cur.execute("INSERT INTO sessions(token,user_id,created_at,expires_at) VALUES(?,?,?,?)", (token, row["user_id"], now, exp))
+    cur.execute(
+        "INSERT INTO sessions(token,user_id,created_at,expires_at) VALUES(?,?,?,?)",
+        (token, row["user_id"], now, exp),
+    )
     conn.commit()
     conn.close()
     return token, "✅ logged_in"
@@ -266,11 +296,14 @@ def login(email: str, password: str) -> Tuple[str, str]:
 def get_session_user(session_token: str) -> Dict[str, Any]:
     conn = db()
     cur = conn.cursor()
-    cur.execute("""
+    cur.execute(
+        """
         SELECT u.user_id,u.email,u.role,u.tier,u.credits,u.subscription_status,s.expires_at
         FROM sessions s JOIN users u ON u.user_id=s.user_id
         WHERE s.token=?
-    """, (session_token,))
+        """,
+        (session_token,),
+    )
     row = cur.fetchone()
     conn.close()
     if not row:
@@ -295,17 +328,18 @@ def check_and_increment_run(user: Dict[str, Any]) -> None:
 
     conn = db()
     cur = conn.cursor()
+
     cur.execute("INSERT OR IGNORE INTO usage_daily(user_id,day,runs) VALUES(?,?,0)", (user["user_id"], day))
     cur.execute("SELECT runs FROM usage_daily WHERE user_id=? AND day=?", (user["user_id"], day))
     runs = int(cur.fetchone()["runs"])
 
-    # Always increment the run counter once we allow the run.
     if runs >= limit and user["role"] != "admin":
-        # Free tier may continue using credits (optional)
+        # Free tier may continue using credits (burst mode)
         if user["tier"] == "free" and user["credits"] >= RUN_CREDIT_COST:
-            # consume credits (pay-as-you-go burst)
-            cur.execute("UPDATE users SET credits=credits-? WHERE user_id=? AND credits>=?",
-                        (RUN_CREDIT_COST, user["user_id"], RUN_CREDIT_COST))
+            cur.execute(
+                "UPDATE users SET credits=credits-? WHERE user_id=? AND credits>=?",
+                (RUN_CREDIT_COST, user["user_id"], RUN_CREDIT_COST),
+            )
             if cur.rowcount != 1:
                 conn.close()
                 raise gr.Error(f"Daily limit reached ({limit}). Upgrade to {PLANS['pro']['name']} or buy credits.")
@@ -316,30 +350,32 @@ def check_and_increment_run(user: Dict[str, Any]) -> None:
     cur.execute("UPDATE usage_daily SET runs=runs+1 WHERE user_id=? AND day=?", (user["user_id"], day))
     conn.commit()
     conn.close()
-    raise gr.Error(f"Daily limit reached ({limit}). Upgrade to Pro.")
-    cur.execute("UPDATE usage_daily SET runs=runs+1 WHERE user_id=? AND day=?", (user["user_id"], day))
-    conn.commit()
-    conn.close()
-
-def maybe_charge_credit(user: Dict[str, Any]) -> None:
-    # Credits are consumed only when a free user exceeds the daily limit (burst mode).
-    return
-    raise gr.Error("No credits left. Buy a credit pack or upgrade to Pro.")
-    conn.commit()
-    conn.close()
 
 # ---------------- Policy + tools ----------------
 def policy_decide(agent: Dict[str, Any], request: Dict[str, Any]) -> Dict[str, Any]:
     if "secret" in (request.get("data_scopes") or []):
         return {"allow": False, "mode": "deny", "reasons": ["secret_scope_blocked"]}
+
     tools = request.get("tools") or []
     if agent.get("risk_tier") == "high" or any(t.get("risk") == "high" for t in tools):
         return {"allow": False, "mode": "deny", "reasons": ["high_risk_blocked"]}
+
     if agent.get("verification_level") == "none" or any(t.get("risk") == "med" for t in tools):
         return {"allow": True, "mode": "sandbox", "reasons": ["sandbox_unverified_or_med"]}
+
     return {"allow": True, "mode": "normal", "reasons": []}
 
-_OPS = {ast.Add: op.add, ast.Sub: op.sub, ast.Mult: op.mul, ast.Div: op.truediv, ast.Pow: op.pow, ast.USub: op.neg, ast.Mod: op.mod, ast.FloorDiv: op.floordiv}
+_OPS = {
+    ast.Add: op.add,
+    ast.Sub: op.sub,
+    ast.Mult: op.mul,
+    ast.Div: op.truediv,
+    ast.Pow: op.pow,
+    ast.USub: op.neg,
+    ast.Mod: op.mod,
+    ast.FloorDiv: op.floordiv,
+}
+
 def _eval(node):
     if isinstance(node, ast.Num):
         return node.n
@@ -361,8 +397,10 @@ def run_tool(tool_id: str, args: Dict[str, Any]) -> Dict[str, Any]:
 
 def secure_call(user: Dict[str, Any], agent_id: str, intent: str, tools: List[Dict[str, Any]]) -> Dict[str, Any]:
     check_and_increment_run(user)
+
     conn = db()
     cur = conn.cursor()
+
     cur.execute("SELECT * FROM agents WHERE agent_id=?", (agent_id,))
     a = cur.fetchone()
     if not a:
@@ -370,7 +408,7 @@ def secure_call(user: Dict[str, Any], agent_id: str, intent: str, tools: List[Di
         raise gr.Error("agent_not_found")
     agent = dict(a)
 
-    tools_meta = []
+    tools_meta: List[Dict[str, Any]] = []
     for tc in tools:
         cur.execute("SELECT * FROM tools WHERE tool_id=?", (tc["tool_id"],))
         t = cur.fetchone()
@@ -379,78 +417,60 @@ def secure_call(user: Dict[str, Any], agent_id: str, intent: str, tools: List[Di
             raise gr.Error(f"tool_not_found_or_disabled: {tc['tool_id']}")
         tools_meta.append({"tool_id": t["tool_id"], "risk": t["risk"], "schema": json.loads(t["json_schema"])})
 
-    decision = policy_decide(agent, {"intent": intent, "tools": [{"tool_id": tm["tool_id"], "risk": tm["risk"]} for tm in tools_meta], "data_scopes": ["public"]})
+    decision = policy_decide(
+        agent,
+        {"intent": intent, "tools": [{"tool_id": tm["tool_id"], "risk": tm["risk"]} for tm in tools_meta], "data_scopes": ["public"]},
+    )
     if not decision["allow"]:
         conn.close()
         audit_append(agent_id, user["user_id"], "secure_call.deny", {"intent": intent, "tools": tools}, {"decision": decision})
         return {"denied": True, "decision": decision}
 
     mode = decision["mode"]
-    outputs = []
-# Tier-based tool risk gating (monetization + safety)
-tier = user["tier"] if user["role"] != "admin" else "enterprise"
-if tier not in PLANS:
-    tier = "free"
-tier_max = PLANS[tier]["max_tool_risk"]
-risk_rank = {"low": 1, "med": 2, "high": 3}
-tier_max_rank = risk_rank[tier_max]
-for tc, tm in zip(tools, tools_meta):
+    outputs: List[Dict[str, Any]] = []
+
+    # Tier-based tool risk gating
+    tier = user["tier"] if user["role"] != "admin" else "enterprise"
+    if tier not in PLANS:
+        tier = "free"
+    tier_max = PLANS[tier]["max_tool_risk"]
+    risk_rank = {"low": 1, "med": 2, "high": 3}
+    tier_max_rank = risk_rank[tier_max]
+
+    for tc, tm in zip(tools, tools_meta):
         try:
             validate(instance=tc.get("args", {}), schema=tm["schema"])
         except ValidationError:
             conn.close()
             raise gr.Error(f"args_schema_invalid: {tm['tool_id']}")
 
-        # Plan gating: block tools above tier max risk
-    if risk_rank.get(tm["risk"], 3) > tier_max_rank:
-        outputs.append({
-            "tool_id": tm["tool_id"],
-            "blocked": True,
-            "reason": "plan_blocks_{tm['risk']}_risk"
-        })
-        continue
-
-    # Sandbox gating (policy-based)
-    if mode == "sandbox" and tm["risk"] != "low":
-        outputs.append({
-            "tool_id": tm["tool_id"],
-            "blocked": True,
-            "reason": "sandbox_mode"
-        })
-        continue
+        if risk_rank.get(tm["risk"], 3) > tier_max_rank:
+            outputs.append({"tool_id": tm["tool_id"], "blocked": True, "reason": f"plan_blocks_{tm['risk']}_risk"})
+            continue
 
-    try:
-        outputs.append({
-            "tool_id": tm["tool_id"],
-            "output": run_tool(tm["tool_id"], tc.get("args", {}))
-        })
-    except Exception as e:
-        outputs.append({
-            "tool_id": tm["tool_id"],
-            "error": str(e)
-        })
-
-# receipts + audit chain (MUST be after the loop)
-receipt = {
-    "ts_unix": now_unix(),
-    "agent_id": agent_id,
-    "user_id": user["user_id"],
-    "intent": intent,
-    "mode": mode,
-    "decision": decision,
-    "outputs_hash": sha256_hex(canonical_json(outputs)),
-}
-receipt["signature"] = sign_hmac(receipt, RECEIPT_SIGNING_KEY)
-audit = audit_append(
-    agent_id,
-    user["user_id"],
-    "secure_call.run",
-    {"intent": intent, "tools": tools},
-    {"outputs": outputs, "receipt": receipt},
-)
-
-conn.close()
-return {"outputs": outputs, "receipt": receipt, "audit": audit}
+        if mode == "sandbox" and tm["risk"] != "low":
+            outputs.append({"tool_id": tm["tool_id"], "blocked": True, "reason": "sandbox_mode"})
+            continue
+
+        try:
+            outputs.append({"tool_id": tm["tool_id"], "output": run_tool(tm["tool_id"], tc.get("args", {}))})
+        except Exception as e:
+            outputs.append({"tool_id": tm["tool_id"], "error": str(e)})
+
+    receipt = {
+        "ts_unix": now_unix(),
+        "agent_id": agent_id,
+        "user_id": user["user_id"],
+        "intent": intent,
+        "mode": mode,
+        "decision": decision,
+        "outputs_hash": sha256_hex(canonical_json(outputs)),
+    }
+    receipt["signature"] = sign_hmac(receipt, RECEIPT_SIGNING_KEY)
+    audit = audit_append(agent_id, user["user_id"], "secure_call.run", {"intent": intent, "tools": tools}, {"outputs": outputs, "receipt": receipt})
+
+    conn.close()
+    return {"outputs": outputs, "receipt": receipt, "audit": audit}
 
 # ---------------- Admin actions ----------------
 def create_agent_admin(session_token: str, agent_id: str, display_name: str, risk_tier: str, verification_level: str):
@@ -458,8 +478,10 @@ def create_agent_admin(session_token: str, agent_id: str, display_name: str, ris
     priv_pem, pub_pem = gen_ed25519_keypair()
     conn = db()
     cur = conn.cursor()
-    cur.execute("INSERT INTO agents(agent_id,display_name,verification_level,risk_tier,public_key_pem,created_at) VALUES(?,?,?,?,?,?)",
-                (agent_id, display_name, verification_level, risk_tier, pub_pem, now_unix()))
+    cur.execute(
+        "INSERT INTO agents(agent_id,display_name,verification_level,risk_tier,public_key_pem,created_at) VALUES(?,?,?,?,?,?)",
+        (agent_id, display_name, verification_level, risk_tier, pub_pem, now_unix()),
+    )
     conn.commit()
     conn.close()
     return "✅ agent_created (save private key)", priv_pem, pub_pem
@@ -480,7 +502,7 @@ def list_tools_admin(session_token: str):
     cur.execute("SELECT tool_id,name,risk,enabled,version,description FROM tools ORDER BY tool_id")
     rows = cur.fetchall()
     conn.close()
-    return [[r["tool_id"], r["name"], r["risk"], "yes" if int(r["enabled"])==1 else "no", str(r["version"]), r["description"]] for r in rows]
+    return [[r["tool_id"], r["name"], r["risk"], "yes" if int(r["enabled"]) == 1 else "no", str(r["version"]), r["description"]] for r in rows]
 
 def upsert_tool_admin(session_token: str, tool_id: str, name: str, description: str, risk: str, enabled: bool, schema_json: str):
     require_admin(session_token)
@@ -490,12 +512,15 @@ def upsert_tool_admin(session_token: str, tool_id: str, name: str, description:
             raise ValueError("schema.type must be object")
     except Exception as e:
         raise gr.Error(f"Invalid schema JSON: {e}")
+
     conn = db()
     cur = conn.cursor()
     cur.execute("SELECT version FROM tools WHERE tool_id=?", (tool_id,))
     row = cur.fetchone()
     version = (int(row["version"]) + 1) if row else 1
-    cur.execute("""
+
+    cur.execute(
+        """
         INSERT INTO tools(tool_id,name,description,risk,json_schema,enabled,version)
         VALUES(?,?,?,?,?,?,?)
         ON CONFLICT(tool_id) DO UPDATE SET
@@ -505,7 +530,9 @@ def upsert_tool_admin(session_token: str, tool_id: str, name: str, description:
           json_schema=excluded.json_schema,
           enabled=excluded.enabled,
           version=?
-    """, (tool_id, name, description, risk, json.dumps(schema), 1 if enabled else 0, version, version))
+        """,
+        (tool_id, name, description, risk, json.dumps(schema), 1 if enabled else 0, version, version),
+    )
     conn.commit()
     conn.close()
     return f"✅ saved_tool `{tool_id}` v{version}"
@@ -522,8 +549,8 @@ def read_audit_admin(session_token: str, limit: int):
 def admin_set_user_tier(session_token: str, email: str, tier: str) -> str:
     require_admin(session_token)
     email = email.strip().lower()
-    if tier not in ("free","pro"):
-        raise gr.Error("tier must be free or pro")
+    if tier not in ("free", "pro", "enterprise"):
+        raise gr.Error("tier must be free, pro, or enterprise")
     conn = db()
     cur = conn.cursor()
     cur.execute("UPDATE users SET tier=? WHERE email=?", (tier, email))
@@ -535,23 +562,23 @@ def admin_set_user_tier(session_token: str, email: str, tier: str) -> str:
 # ---------------- Billing ----------------
 def user_me(session_token: str) -> str:
     u = get_session_user(session_token)
-    safe = {k: u[k] for k in ["user_id","email","role","tier","credits","subscription_status"]}
-safe["plan_name"] = PLANS.get(safe["tier"], PLANS["free"])["name"] if safe["role"] != "admin" else PLANS["enterprise"]["name"]
-safe["stripe_enabled"] = STRIPE_ENABLED
-return json.dumps(safe, indent=2)
+    safe = {k: u[k] for k in ["user_id", "email", "role", "tier", "credits", "subscription_status"]}
+    safe["plan_name"] = PLANS.get(safe["tier"], PLANS["free"])["name"] if safe["role"] != "admin" else PLANS["enterprise"]["name"]
+    safe["stripe_enabled"] = STRIPE_ENABLED
+    return json.dumps(safe, indent=2)
 
 def create_checkout_session(session_token: str, kind: str) -> str:
     if not STRIPE_ENABLED:
         raise gr.Error("Stripe not configured (set STRIPE_SECRET_KEY + PUBLIC_BASE_URL).")
     u = get_session_user(session_token)
 
-    # Subscriptions
     if kind == "pro":
         if not STRIPE_PRICE_PRO:
             raise gr.Error("STRIPE_PRICE_PRO not set")
         line_items = [{"price": STRIPE_PRICE_PRO, "quantity": 1}]
         mode = "subscription"
         meta = {"user_id": str(u["user_id"]), "kind": "pro"}
+
     elif kind == "enterprise":
         if not STRIPE_PRICE_ENTERPRISE:
             raise gr.Error("STRIPE_PRICE_ENTERPRISE not set")
@@ -559,7 +586,6 @@ def create_checkout_session(session_token: str, kind: str) -> str:
         mode = "subscription"
         meta = {"user_id": str(u["user_id"]), "kind": "enterprise"}
 
-    # Credit packs (one-time)
     elif kind in CREDIT_PACKS:
         pack = CREDIT_PACKS[kind]
         price_id = os.getenv(pack["price_env"], "")
@@ -590,25 +616,28 @@ init_db()
 
 def chat_turn(session_token: str, agent_id: str, user_msg: str, tool_plan_json: str, history):
     u = get_session_user(session_token)
-    tools = []
+
+    tools: List[Dict[str, Any]] = []
     if tool_plan_json.strip():
         try:
-            tools = json.loads(tool_plan_json)
-            if not isinstance(tools, list):
+            tool_plan = json.loads(tool_plan_json)
+            if not isinstance(tool_plan, list):
                 raise ValueError("tool_plan must be a JSON list")
-            tools = [{"tool_id": t["tool_id"], "args": t.get("args", {})} for t in tools]
+            tools = [{"tool_id": t["tool_id"], "args": t.get("args", {})} for t in tool_plan]
         except Exception as e:
             raise gr.Error(f"Bad tool_plan JSON: {e}")
+
     if not tools:
-        tools = [{"tool_id":"echo","args":{"text": user_msg}}]
+        tools = [{"tool_id": "echo", "args": {"text": user_msg}}]
 
     res = secure_call(u, agent_id=agent_id, intent="studio_chat_turn", tools=tools)
-    reply = {"tier": u["tier"], "outputs": res["outputs"], "receipt": res["receipt"], "audit": res["audit"]}
+    reply = {"tier": u["tier"], "outputs": res.get("outputs"), "receipt": res.get("receipt"), "audit": res.get("audit")}
     history = history + [(user_msg, json.dumps(reply, indent=2))]
     return history, ""
 
 with gr.Blocks(title=APP_TITLE) as demo:
-    gr.Markdown(f"# {APP_TITLE}\nPublic users: chat + workflows. Admin: control plane + audit.")
+    gr.Markdown(f"# {APP_TITLE}
+Public users: chat + workflows. Admin: control plane + audit.")
 
     with gr.Tab("Account"):
         gr.Markdown("### Signup")
@@ -633,8 +662,11 @@ with gr.Blocks(title=APP_TITLE) as demo:
 
     with gr.Tab("Studio Chat"):
         agent_id = gr.Textbox(label="Agent ID", value="agent_public_01")
-        tool_plan = gr.Textbox(label="tool_plan (optional JSON list)", lines=6,
-                               value='[{"tool_id":"echo","args":{"text":"Hello from Inner I Studio"}}]')
+        tool_plan = gr.Textbox(
+            label="tool_plan (optional JSON list)",
+            lines=6,
+            value='[{"tool_id":"echo","args":{"text":"Hello from Inner I Studio"}}]',
+        )
         chat = gr.Chatbot(height=420)
         msg = gr.Textbox(label="Message")
         send = gr.Button("Send")
@@ -645,76 +677,88 @@ with gr.Blocks(title=APP_TITLE) as demo:
 
     with gr.Tab("Billing"):
         gr.Markdown(
-        "### Plans"
-        "- **{PLANS['free']['name']} (Free)**: {PLANS['free']['runs_per_day']} runs/day, low-risk tools"
-        "- **{PLANS['pro']['name']} (Pro)**: {PLANS['pro']['runs_per_day']} runs/day, medium-risk tools"
-        "- **{PLANS['enterprise']['name']} (Enterprise)**: {PLANS['enterprise']['runs_per_day']} runs/day, high-risk tools"
-        "Stripe billing is built-in (optional). If Stripe isn't configured, you can set the Space to Private/Paid as a paywall."
-    )
-    pro_btn = gr.Button("Subscribe — {PLANS['pro']['name']}")
-    ent_btn = gr.Button("Subscribe — {PLANS['enterprise']['name']}")
-    starter_btn = gr.Button("Buy Credits — Starter (250)")
-    creator_btn = gr.Button("Buy Credits — Creator (750)")
-    power_btn = gr.Button("Buy Credits — Power (2500)")
-    pay_url = gr.Textbox(label="Checkout URL", interactive=False)
-
-    pro_btn.click(lambda s: create_checkout_session(s, "pro"), inputs=[session], outputs=[pay_url])
-    ent_btn.click(lambda s: create_checkout_session(s, "enterprise"), inputs=[session], outputs=[pay_url])
-    starter_btn.click(lambda s: create_checkout_session(s, "credits_starter"), inputs=[session], outputs=[pay_url])
-    creator_btn.click(lambda s: create_checkout_session(s, "credits_creator"), inputs=[session], outputs=[pay_url])
-    power_btn.click(lambda s: create_checkout_session(s, "credits_power"), inputs=[session], outputs=[pay_url])
-
-    # Admin-only tabs (enforced server-side by require_admin)
+            "### Plans
+"
+            "- **Observer (Free)**: 25 runs/day, low-risk tools
+"
+            "- **Builder (Pro)**: 500 runs/day, medium-risk tools
+"
+            "- **Sovereign (Enterprise)**: 5000 runs/day, high-risk tools
+
+"
+            "Stripe billing is built-in (optional). If Stripe isn't configured, "
+            "you can set the Space to Private/Paid as a paywall."
+        )
+
+        pro_btn = gr.Button("Subscribe — Builder")
+        ent_btn = gr.Button("Subscribe — Sovereign")
+        starter_btn = gr.Button("Buy Credits — Starter (250)")
+        creator_btn = gr.Button("Buy Credits — Creator (750)")
+        power_btn = gr.Button("Buy Credits — Power (2500)")
+        pay_url = gr.Textbox(label="Checkout URL", interactive=False)
+
+        pro_btn.click(lambda s: create_checkout_session(s, "pro"), inputs=[session], outputs=[pay_url])
+        ent_btn.click(lambda s: create_checkout_session(s, "enterprise"), inputs=[session], outputs=[pay_url])
+        starter_btn.click(lambda s: create_checkout_session(s, "credits_starter"), inputs=[session], outputs=[pay_url])
+        creator_btn.click(lambda s: create_checkout_session(s, "credits_creator"), inputs=[session], outputs=[pay_url])
+        power_btn.click(lambda s: create_checkout_session(s, "credits_power"), inputs=[session], outputs=[pay_url])
+
     with gr.Tab("Admin — Agents"):
         gr.Markdown("Admin only.")
         a_id = gr.Textbox(label="agent_id", value="agent_builder_01")
         a_name = gr.Textbox(label="display_name", value="Inner I Builder Agent")
-        a_risk = gr.Dropdown(["low","med","high"], value="low", label="risk_tier")
-        a_ver = gr.Dropdown(["none","basic","full","continuous"], value="basic", label="verification_level")
+        a_risk = gr.Dropdown(["low", "med", "high"], value="low", label="risk_tier")
+        a_ver = gr.Dropdown(["none", "basic", "full", "continuous"], value="basic", label="verification_level")
         a_create = gr.Button("Create Agent + Keys")
         a_status = gr.Markdown()
         a_priv = gr.Textbox(label="Private Key PEM (SAVE SECURELY)", lines=10)
         a_pub = gr.Textbox(label="Public Key PEM", lines=8)
-        a_create.click(create_agent_admin, inputs=[session,a_id,a_name,a_risk,a_ver], outputs=[a_status,a_priv,a_pub])
+        a_create.click(create_agent_admin, inputs=[session, a_id, a_name, a_risk, a_ver], outputs=[a_status, a_priv, a_pub])
 
         a_refresh = gr.Button("Refresh Agents")
-        a_tbl = gr.Dataframe(headers=["agent_id","display_name","verification","risk","created_at"], interactive=False)
+        a_tbl = gr.Dataframe(headers=["agent_id", "display_name", "verification", "risk", "created_at"], interactive=False)
         a_refresh.click(list_agents_admin, inputs=[session], outputs=[a_tbl])
 
     with gr.Tab("Admin — Tools"):
         gr.Markdown("Admin only.")
         t_refresh = gr.Button("Refresh Tools")
-        t_tbl = gr.Dataframe(headers=["tool_id","name","risk","enabled","version","description"], interactive=False)
+        t_tbl = gr.Dataframe(headers=["tool_id", "name", "risk", "enabled", "version", "description"], interactive=False)
         t_refresh.click(list_tools_admin, inputs=[session], outputs=[t_tbl])
 
         t_id = gr.Textbox(label="tool_id", value="echo")
         t_name = gr.Textbox(label="name", value="Echo")
         t_desc = gr.Textbox(label="description", value="Returns provided text.")
-        t_risk = gr.Dropdown(["low","med","high"], value="low", label="risk")
+        t_risk = gr.Dropdown(["low", "med", "high"], value="low", label="risk")
         t_enabled = gr.Checkbox(value=True, label="enabled")
-        t_schema = gr.Textbox(label="json_schema (JSON)", lines=8, value=json.dumps({
-            "type":"object","properties":{"text":{"type":"string","maxLength":2000}},"required":["text"],"additionalProperties": False
-        }, indent=2))
+        t_schema = gr.Textbox(
+            label="json_schema (JSON)",
+            lines=8,
+            value=json.dumps(
+                {"type": "object", "properties": {"text": {"type": "string", "maxLength": 2000}}, "required": ["text"], "additionalProperties": False},
+                indent=2,
+            ),
+        )
         t_save = gr.Button("Save Tool")
         t_out = gr.Markdown()
-        t_save.click(upsert_tool_admin, inputs=[session,t_id,t_name,t_desc,t_risk,t_enabled,t_schema], outputs=[t_out])
+        t_save.click(upsert_tool_admin, inputs=[session, t_id, t_name, t_desc, t_risk, t_enabled, t_schema], outputs=[t_out])
 
     with gr.Tab("Admin — Audit"):
         gr.Markdown("Admin only.")
         lim = gr.Slider(10, 200, value=50, step=10, label="rows")
         aud_btn = gr.Button("Load Audit")
-        aud_tbl = gr.Dataframe(headers=["id","ts","actor_agent","actor_user","action","prev_hash","row_hash"], interactive=False)
+        aud_tbl = gr.Dataframe(headers=["id", "ts", "actor_agent", "actor_user", "action", "prev_hash", "row_hash"], interactive=False)
         aud_btn.click(read_audit_admin, inputs=[session, lim], outputs=[aud_tbl])
 
     with gr.Tab("Admin — Users"):
         gr.Markdown("Admin only. Emergency tier changes.")
         u_email = gr.Textbox(label="User email")
-        u_tier = gr.Dropdown(["free","pro"], value="pro", label="Set tier")
+        u_tier = gr.Dropdown(["free", "pro", "enterprise"], value="pro", label="Set tier")
         u_btn = gr.Button("Update tier")
         u_out = gr.Markdown()
-        u_btn.click(admin_set_user_tier, inputs=[session,u_email,u_tier], outputs=[u_out])
+        u_btn.click(admin_set_user_tier, inputs=[session, u_email, u_tier], outputs=[u_out])
 
-    gr.Markdown("---\n**Inner I Principle:** If it can’t be verified, it shouldn’t run.")
+    gr.Markdown("---
+**Inner I Principle:** If it can’t be verified, it shouldn’t run.")
 
 # ---------------- FastAPI + Stripe webhook ----------------
 app = FastAPI()
@@ -732,11 +776,7 @@ async def stripe_webhook(request: Request):
     sig = request.headers.get("stripe-signature", "")
 
     try:
-        event = stripe.Webhook.construct_event(
-            payload=payload,
-            sig_header=sig,
-            secret=STRIPE_WEBHOOK_SECRET,
-        )
+        event = stripe.Webhook.construct_event(payload=payload, sig_header=sig, secret=STRIPE_WEBHOOK_SECRET)
     except Exception as e:
         raise HTTPException(status_code=400, detail=f"bad_signature:{e}")
 
@@ -764,27 +804,15 @@ async def stripe_webhook(request: Request):
 
             if uid:
                 if customer:
-                    cur.execute(
-                        "UPDATE users SET stripe_customer_id=? WHERE user_id=?",
-                        (customer, uid),
-                    )
+                    cur.execute("UPDATE users SET stripe_customer_id=? WHERE user_id=?", (customer, uid))
 
                 if kind == "pro":
-                    cur.execute(
-                        "UPDATE users SET tier='pro', subscription_status='active' WHERE user_id=?",
-                        (uid,),
-                    )
+                    cur.execute("UPDATE users SET tier='pro', subscription_status='active' WHERE user_id=?", (uid,))
                 elif kind == "enterprise":
-                    cur.execute(
-                        "UPDATE users SET tier='enterprise', subscription_status='active' WHERE user_id=?",
-                        (uid,),
-                    )
+                    cur.execute("UPDATE users SET tier='enterprise', subscription_status='active' WHERE user_id=?", (uid,))
                 elif kind in CREDIT_PACKS:
                     amt = CREDIT_PACKS[kind]["credits"]
-                    cur.execute(
-                        "UPDATE users SET credits=credits+? WHERE user_id=?",
-                        (amt, uid),
-                    )
+                    cur.execute("UPDATE users SET credits=credits+? WHERE user_id=?", (amt, uid))
 
             conn.commit()
 
@@ -794,7 +822,6 @@ async def stripe_webhook(request: Request):
 
             if customer:
                 if status in ("active", "trialing"):
-                    # keep enterprise if already, else pro
                     cur.execute("SELECT tier FROM users WHERE stripe_customer_id=?", (customer,))
                     row = cur.fetchone()
                     current = (row["tier"] if row else "free")
@@ -802,19 +829,13 @@ async def stripe_webhook(request: Request):
                 else:
                     new_tier = "free"
 
-                cur.execute(
-                    "UPDATE users SET tier=?, subscription_status=? WHERE stripe_customer_id=?",
-                    (new_tier, status, customer),
-                )
+                cur.execute("UPDATE users SET tier=?, subscription_status=? WHERE stripe_customer_id=?", (new_tier, status, customer))
                 conn.commit()
 
         elif etype == "customer.subscription.deleted":
             customer = data.get("customer")
             if customer:
-                cur.execute(
-                    "UPDATE users SET tier='free', subscription_status='canceled' WHERE stripe_customer_id=?",
-                    (customer,),
-                )
+                cur.execute("UPDATE users SET tier='free', subscription_status='canceled' WHERE stripe_customer_id=?", (customer,))
                 conn.commit()
 
     finally: