Upload folder using huggingface_hub

Dockerfile

@@ -0,0 +1,26 @@
+# Use the official Python image
+FROM python:3.10-slim
+
+# Set the working directory
+WORKDIR /app
+
+# Copy requirements and install dependencies
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy the rest of the application code
+COPY . .
+
+# Create a non-root user for security (Hugging Face Spaces often run as user 1000)
+RUN useradd -m -u 1000 user
+USER user
+ENV PATH="/home/user/.local/bin:$PATH"
+
+# Expose the port Hugging Face Spaces expects (7860)
+EXPOSE 7860
+
+# Command to run the application
+# We use uvicorn to run the app
+# host 0.0.0.0 is required for container networking
+# port 7860 is required by Hugging Face Spaces
+CMD ["uvicorn", "src.main:app", "--host", "0.0.0.0", "--port", "7860"]

check_function_tool_type.py

@@ -0,0 +1,3 @@
+import agents
+print(f"agents.function_tool is: {type(agents.function_tool)}")
+print(f"agents.FunctionTool is: {type(agents.FunctionTool)}")

init_db.py

@@ -0,0 +1,20 @@
+import asyncio
+import sys
+from src.database import init_db
+from src.models import User, Task, Session, Account, Verification, Conversation, Message # Ensure all models are registered
+from src.database import engine
+from sqlmodel import SQLModel
+
+async def recreate_db():
+    print("Dropping existing tables...")
+    async with engine.begin() as conn:
+        await conn.run_sync(SQLModel.metadata.drop_all)
+    print("Initializing database...")
+    async with engine.begin() as conn:
+        await conn.run_sync(SQLModel.metadata.create_all)
+    print("Database initialized successfully with Better Auth tables.")
+
+if __name__ == "__main__":
+    if sys.platform == 'win32':
+        asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())
+    asyncio.run(recreate_db())

pyproject.toml

@@ -0,0 +1,18 @@
+[project]
+name = "mytodo-backend"
+version = "0.1.0"
+description = "MyTodoApp Backend"
+requires-python = ">=3.10"
+
+[tool.ruff]
+line-length = 88
+target-version = "py310"
+
+[tool.black]
+line-length = 88
+target-version = ['py310']
+
+[tool.pytest.ini_options]
+asyncio_mode = "auto"
+testpaths = ["tests"]
+python_files = ["test_*.py"]

requirements.txt

@@ -0,0 +1,18 @@
+fastapi>=0.115.0
+uvicorn[standard]>=0.30.0
+sqlmodel>=0.0.22
+psycopg[binary]>=3.2.0
+asyncpg>=0.29.0
+pydantic-settings>=2.5.0
+python-jose[cryptography]>=3.3.0
+passlib[bcrypt]>=1.7.4
+python-multipart>=0.0.12
+pytest>=8.0.0
+pytest-asyncio>=0.24.0
+httpx>=0.27.0
+openai-agents
+mcp
+openai
+sqlalchemy>=2.0.0
+greenlet
+python-dotenv

src/agents/__init__.py

@@ -0,0 +1 @@
+# Agents module

src/agents/chatbot.py

@@ -0,0 +1,119 @@
+import os
+import asyncio
+from typing import List, Optional, Dict, Any
+from openai import AsyncOpenAI
+from agents import Agent, Runner, set_default_openai_client, function_tool, ModelSettings, set_tracing_disabled, OpenAIChatCompletionsModel
+from src.config import settings
+from src.agents.tools import (
+    create_task_tool, 
+    list_tasks_tool, 
+    update_task_tool, 
+    delete_task_tool
+)
+
+# Configure Gemini via OpenAI SDK (OpenRouter)
+GEMINI_API_KEY = settings.GEMINI_API_KEY
+client = None
+if GEMINI_API_KEY:
+    # Disable tracing to avoid 401 errors from OpenAI-specific telemetry
+    set_tracing_disabled(True)
+    
+    # Set default client for the entire process (using OpenRouter)
+    client = AsyncOpenAI(
+        api_key=GEMINI_API_KEY,
+        base_url="https://openrouter.ai/api/v1",
+        default_headers={
+            "HTTP-Referer": "http://localhost:3000",
+            "X-Title": "MyTodoApp",
+        }
+    )
+    set_default_openai_client(client)
+    # Set OPENAI_API_KEY to satisfy internal SDK requirements
+    os.environ["OPENAI_API_KEY"] = GEMINI_API_KEY
+
+class TodoChatbot:
+    def __init__(self, db, user_id: str):
+        self.db = db
+        self.user_id = user_id
+        # Lock to ensure sequential database access per chatbot instance
+        self.lock = asyncio.Lock()
+        
+        # Define local functions that wrap the tools with session, user context, and Lock
+        async def create_task(title: str, description: Optional[str] = None, status: str = "TODO", priority: str = "MEDIUM") -> str:
+            """
+            Create a new task for the user.
+            Args:
+                title: The title of the task.
+                description: A detailed description of the task.
+                status: The status of the task (TODO, IN_PROGRESS, DONE).
+                priority: The priority of the task (LOW, MEDIUM, HIGH).
+            """
+            async with self.lock:
+                return await create_task_tool(self.db, self.user_id, title, description, status, priority)
+
+        async def list_tasks(status: Optional[str] = None) -> str:
+            """
+            List tasks for the user.
+            Args:
+                status: Optional filter by status (TODO, IN_PROGRESS, DONE).
+            """
+            async with self.lock:
+                return await list_tasks_tool(self.db, self.user_id, status)
+
+        async def update_task(task_id: str, title: Optional[str] = None, description: Optional[str] = None, status: Optional[str] = None, priority: Optional[str] = None) -> str:
+            """
+            Update an existing task.
+            Args:
+                task_id: The UUID of the task to update.
+                title: New title for the task.
+                description: New description for the task.
+                status: New status for the task.
+                priority: New priority for the task.
+            """
+            async with self.lock:
+                return await update_task_tool(self.db, self.user_id, task_id, title, description, status, priority)
+
+        async def delete_task(task_id: str) -> str:
+            """
+            Delete a task.
+            Args:
+                task_id: The UUID of the task to delete.
+            """
+            async with self.lock:
+                return await delete_task_tool(self.db, self.user_id, task_id)
+
+        # Wrap OpenRouter model to bypass SDK prefix validation
+        gemini_model = OpenAIChatCompletionsModel(
+            model="google/gemini-2.0-flash-001",
+            openai_client=client
+        ) if client else "gpt-4o"
+
+        self.agent = Agent(
+            name="TodoBot",
+            model=gemini_model,
+            instructions=(
+                "You are an extremely concise Todo List assistant. "
+                "Actions: Create, List, Update (Mark Done), Delete. "
+                "Instructions: "
+                "1. BE BRIEF. No conversational filler like 'Sure, I can help'. "
+                "2. When asked to update/complete/delete a task, ALWAYS call 'list_tasks' first to find the ID. "
+                "3. To mark a task as DONE, use 'update_task' with status='DONE'. "
+                "4. Confirm actions with a single short sentence: 'Done: Task marked complete.' or 'Task created.' "
+                "5. Never ask follow-up questions unless the request is truly ambiguous."
+            ),
+            tools=[
+                function_tool(create_task), 
+                function_tool(list_tasks), 
+                function_tool(update_task), 
+                function_tool(delete_task)
+            ],
+            model_settings=ModelSettings(temperature=0.1, max_tokens=1024, parallel_tool_calls=False)
+        )
+
+    async def get_response(self, messages: List[Dict[str, Any]]) -> Any:
+        """
+        Process a list of messages and return the agent's response.
+        """
+        runner = Runner()
+        result = await runner.run(self.agent, messages)
+        return result

src/agents/tools.py

@@ -0,0 +1,147 @@
+import json
+import uuid
+from typing import List, Optional, Any
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy.future import select
+from src.models import Task, TaskStatus, TaskPriority
+
+class ToolResult:
+    def __init__(self, success: bool, data: Any = None, error: str = None):
+        self.success = success
+        self.data = data
+        self.error = error
+
+    def to_json(self) -> str:
+        return json.dumps({
+            "success": self.success,
+            "data": self.data,
+            "error": self.error
+        })
+
+# Base MCP Tool Wrapper
+# In a real MCP setup, these would be registered with an MCP server.
+# For this implementation, they will be used by the OpenAI Agents SDK.
+
+def format_task(task: Task) -> dict:
+    return {
+        "id": str(task.id),
+        "title": task.title,
+        "description": task.description,
+        "status": task.status,
+        "priority": task.priority,
+        "created_at": task.created_at.isoformat()
+    }
+
+async def create_task_tool(db: AsyncSession, user_id: str, title: str, description: Optional[str] = None, status: str = "TODO", priority: str = "MEDIUM") -> str:
+
+    """Create a new task for the authenticated user."""
+
+    print(f"Tool [create_task]: user={user_id} title='{title}' status={status}")
+
+    # Explicitly convert strings to Enums
+
+    task_status = TaskStatus(status.upper()) if isinstance(status, str) else status
+
+    task_priority = TaskPriority(priority.upper()) if isinstance(priority, str) else priority
+
+    
+
+    task = Task(title=title, description=description, status=task_status, priority=task_priority, owner_id=user_id)
+
+    db.add(task)
+
+    await db.commit()
+
+    await db.refresh(task)
+
+    return json.dumps(format_task(task))
+
+
+
+async def list_tasks_tool(db: AsyncSession, user_id: str, status: Optional[str] = None) -> str:
+
+    """List all tasks for the authenticated user, optionally filtered by status."""
+
+    print(f"Tool [list_tasks]: user={user_id} status_filter={status}")
+
+    statement = select(Task).where(Task.owner_id == user_id)
+
+    if status:
+
+        task_status = TaskStatus(status.upper()) if isinstance(status, str) else status
+
+        statement = statement.where(Task.status == task_status)
+
+    result = await db.execute(statement)
+
+    tasks = result.scalars().all()
+
+    return json.dumps([format_task(t) for t in tasks])
+
+
+
+async def update_task_tool(db: AsyncSession, user_id: str, task_id: str, title: Optional[str] = None, description: Optional[str] = None, status: Optional[str] = None, priority: Optional[str] = None) -> str:
+
+    """Update an existing task for the authenticated user."""
+
+    print(f"Tool [update_task]: id={task_id} status_update={status}")
+
+    try:
+
+        task_uuid = uuid.UUID(task_id)
+
+    except ValueError:
+
+        return json.dumps({"error": "Invalid task ID format"})
+
+        
+
+    statement = select(Task).where(Task.id == task_uuid, Task.owner_id == user_id)
+
+    result = await db.execute(statement)
+
+    task = result.scalars().first()
+
+    if not task:
+
+        print(f"Tool [update_task]: Task {task_id} NOT FOUND for user {user_id}")
+
+        return json.dumps({"error": "Task not found or access denied"})
+
+    
+
+    if title is not None:
+
+        task.title = title
+
+    if description is not None:
+
+        task.description = description
+
+    if status is not None:
+
+        task.status = TaskStatus(status.upper()) if isinstance(status, str) else status
+
+    if priority is not None:
+
+        task.priority = TaskPriority(priority.upper()) if isinstance(priority, str) else priority
+
+        
+
+    db.add(task)
+
+    await db.commit()
+
+    await db.refresh(task)
+
+    print(f"Tool [update_task]: Task {task_id} UPDATED successfully. New status: {task.status}")
+
+    return json.dumps(format_task(task))
+
+
+
+async def delete_task_tool(db: AsyncSession, user_id: str, task_id: str) -> str:
+
+    """Delete a task for the authenticated user."""
+
+    print(f"Tool [delete_task]: id={task_id}")

src/auth.py

@@ -0,0 +1,40 @@
+from datetime import datetime
+from fastapi import Depends, HTTPException, status
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy.future import select
+from src.database import get_session
+from src.models import User, Session
+
+security = HTTPBearer()
+
+async def get_current_user(auth: HTTPAuthorizationCredentials = Depends(security), session: AsyncSession = Depends(get_session)) -> User:
+    token = auth.credentials
+    
+    # Query Better Auth session table
+    stmt = select(Session).where(Session.token == token)
+    result = await session.execute(stmt)
+    db_session = result.scalars().first()
+    
+    if not db_session:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid session token",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    
+    if db_session.expiresAt < datetime.utcnow():
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Session expired",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+        
+    user = await session.get(User, db_session.userId)
+    if user is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="User not found",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    return user

src/config.py

@@ -0,0 +1,15 @@
+from pydantic_settings import BaseSettings
+from typing import Optional
+
+class Settings(BaseSettings):
+    DATABASE_URL: str = "postgresql+asyncpg://user:password@localhost/mytodo_db"
+    SECRET_KEY: str = "your-secret-key-must-be-changed-in-production"
+    ALGORITHM: str = "HS256"
+    ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
+    GEMINI_API_KEY: Optional[str] = None
+
+    class Config:
+        env_file = ".env"
+        extra = "ignore"
+
+settings = Settings()

src/database.py

@@ -0,0 +1,26 @@
+from sqlmodel import SQLModel, create_engine
+from sqlalchemy.ext.asyncio import AsyncSession, create_async_engine
+from sqlalchemy.orm import sessionmaker
+from src.config import settings
+
+DATABASE_URL = settings.DATABASE_URL
+
+# Pass SSL mode explicitly for asyncpg
+engine = create_async_engine(
+    DATABASE_URL, 
+    echo=True, 
+    future=True,
+    connect_args={"ssl": "require"}
+)
+
+async def get_session() -> AsyncSession:
+    async_session = sessionmaker(
+        engine, class_=AsyncSession, expire_on_commit=False
+    )
+    async with async_session() as session:
+        yield session
+
+async def init_db():
+    async with engine.begin() as conn:
+        # await conn.run_sync(SQLModel.metadata.drop_all)
+        await conn.run_sync(SQLModel.metadata.create_all)

src/main.py

@@ -0,0 +1,45 @@
+import os
+import asyncio
+from fastapi import FastAPI, Request
+from fastapi.responses import JSONResponse
+from fastapi.middleware.cors import CORSMiddleware
+from src.config import settings
+from src.routes import tasks, chat
+
+# Set event loop policy for Windows to support asyncpg/SQLAlchemy correctly
+if os.name == 'nt':
+    asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())
+
+app = FastAPI(title="MyTodoApp Backend", version="0.1.0")
+
+# CORS
+# In production, set BACKEND_CORS_ORIGINS="https://your-frontend.vercel.app"
+origins = settings.BACKEND_CORS_ORIGINS.split(",") if hasattr(settings, "BACKEND_CORS_ORIGINS") and settings.BACKEND_CORS_ORIGINS else [
+    "http://localhost:3000",
+    "http://127.0.0.1:3000",
+    "*" # Allow all for hackathon/testing ease - REMOVE in strict production
+]
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=origins,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+app.include_router(tasks.router)
+app.include_router(chat.router)
+
+@app.exception_handler(Exception)
+async def global_exception_handler(request: Request, exc: Exception):
+    # Print exception for debugging
+    print(f"Global exception: {exc}")
+    return JSONResponse(
+        status_code=500,
+        content={"detail": str(exc)},
+    )
+
+@app.get("/health")
+async def health_check():
+    return {"status": "ok"}

src/models.py

@@ -0,0 +1,132 @@
+import uuid
+from datetime import datetime
+from typing import Optional, List
+from enum import Enum
+from sqlmodel import Field, SQLModel, Relationship
+
+class TaskStatus(str, Enum):
+    TODO = "TODO"
+    IN_PROGRESS = "IN_PROGRESS"
+    DONE = "DONE"
+
+class TaskPriority(str, Enum):
+    LOW = "LOW"
+    MEDIUM = "MEDIUM"
+    HIGH = "HIGH"
+
+# Better Auth Compatible Models
+class UserBase(SQLModel):
+    email: str = Field(unique=True, index=True)
+    name: Optional[str] = None
+    image: Optional[str] = None
+
+class User(UserBase, table=True):
+    id: str = Field(primary_key=True)
+    emailVerified: bool = Field(default=False)
+    createdAt: datetime = Field(default_factory=datetime.utcnow)
+    updatedAt: datetime = Field(default_factory=datetime.utcnow)
+    
+    tasks: List["Task"] = Relationship(back_populates="owner")
+    sessions: List["Session"] = Relationship(back_populates="user")
+    conversations: List["Conversation"] = Relationship(back_populates="user")
+
+class UserCreate(UserBase):
+    id: Optional[str] = Field(default_factory=lambda: str(uuid.uuid4()))
+    password: str
+
+class UserRead(UserBase):
+    id: str
+    createdAt: datetime
+    updatedAt: datetime
+
+class Session(SQLModel, table=True):
+    id: str = Field(primary_key=True)
+    expiresAt: datetime
+    token: str
+    createdAt: datetime = Field(default_factory=datetime.utcnow)
+    updatedAt: datetime = Field(default_factory=datetime.utcnow)
+    ipAddress: Optional[str] = None
+    userAgent: Optional[str] = None
+    userId: str = Field(foreign_key="user.id")
+    
+    user: User = Relationship(back_populates="sessions")
+
+class Account(SQLModel, table=True):
+    id: str = Field(primary_key=True)
+    accountId: str
+    providerId: str
+    userId: str = Field(foreign_key="user.id")
+    accessToken: Optional[str] = None
+    refreshToken: Optional[str] = None
+    idToken: Optional[str] = None
+    accessTokenExpiresAt: Optional[datetime] = None
+    refreshTokenExpiresAt: Optional[datetime] = None
+    scope: Optional[str] = None
+    password: Optional[str] = None
+    createdAt: datetime = Field(default_factory=datetime.utcnow)
+    updatedAt: datetime = Field(default_factory=datetime.utcnow)
+
+class Verification(SQLModel, table=True):
+    id: str = Field(primary_key=True)
+    identifier: str
+    value: str
+    expiresAt: datetime
+    createdAt: datetime = Field(default_factory=datetime.utcnow)
+    updatedAt: datetime = Field(default_factory=datetime.utcnow)
+
+class TaskBase(SQLModel):
+    title: str = Field(index=True)
+    description: Optional[str] = None
+    status: TaskStatus = Field(default=TaskStatus.TODO)
+    priority: Optional[TaskPriority] = Field(default=TaskPriority.MEDIUM)
+
+class Task(TaskBase, table=True):
+    id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)
+    created_at: datetime = Field(default_factory=datetime.utcnow)
+    updated_at: datetime = Field(default_factory=datetime.utcnow)
+    owner_id: str = Field(foreign_key="user.id")
+    
+    owner: User = Relationship(back_populates="tasks")
+
+class TaskCreate(TaskBase):
+    pass
+
+class TaskUpdate(SQLModel):
+    title: Optional[str] = None
+    description: Optional[str] = None
+    status: Optional[TaskStatus] = None
+    priority: Optional[TaskPriority] = None
+
+class TaskRead(TaskBase):
+    id: uuid.UUID
+    created_at: datetime
+    updated_at: datetime
+    owner_id: str
+
+class MessageRole(str, Enum):
+    USER = "user"
+    ASSISTANT = "assistant"
+    SYSTEM = "system"
+    TOOL = "tool"
+
+class Conversation(SQLModel, table=True):
+    id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)
+    user_id: str = Field(foreign_key="user.id")
+    title: Optional[str] = None
+    created_at: datetime = Field(default_factory=datetime.utcnow)
+    updated_at: datetime = Field(default_factory=datetime.utcnow)
+    
+    user: User = Relationship(back_populates="conversations")
+    messages: List["Message"] = Relationship(back_populates="conversation")
+
+class Message(SQLModel, table=True):
+    id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)
+    conversation_id: uuid.UUID = Field(foreign_key="conversation.id")
+    role: MessageRole
+    content: Optional[str] = None
+    tool_calls: Optional[str] = None  # Store as JSON string
+    tool_call_id: Optional[str] = None # For 'tool' role messages
+    name: Optional[str] = None # Name of the tool called
+    created_at: datetime = Field(default_factory=datetime.utcnow)
+    
+    conversation: Conversation = Relationship(back_populates="messages")

src/routes/chat.py

@@ -0,0 +1,164 @@
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy.future import select
+from src.database import get_session
+from src.auth import get_current_user
+from src.models import User, Conversation, Message, MessageRole
+from src.agents.chatbot import TodoChatbot
+from agents import ToolCallItem
+from pydantic import BaseModel
+import uuid
+from typing import Optional
+from datetime import datetime
+
+router = APIRouter(prefix="/chat", tags=["chat"])
+
+class ChatRequest(BaseModel):
+    message: str
+    conversation_id: Optional[str] = None
+
+@router.post("/")
+async def chat(
+    request: ChatRequest,
+    db: AsyncSession = Depends(get_session),
+    current_user: User = Depends(get_current_user)
+):
+    # 1. Resolve Conversation
+    if request.conversation_id:
+        try:
+            convo_uuid = uuid.UUID(request.conversation_id)
+        except ValueError:
+            raise HTTPException(status_code=400, detail="Invalid conversation_id format")
+        
+        statement = select(Conversation).where(Conversation.id == convo_uuid, Conversation.user_id == current_user.id)
+        result = await db.execute(statement)
+        conversation = result.scalars().first()
+        if not conversation:
+            raise HTTPException(status_code=404, detail="Conversation not found or access denied")
+    else:
+        # Create new conversation
+        conversation = Conversation(user_id=current_user.id)
+        db.add(conversation)
+        await db.commit()
+        await db.refresh(conversation)
+
+    # 2. Store User Message
+    user_msg = Message(
+        conversation_id=conversation.id, 
+        role=MessageRole.USER, 
+        content=request.message
+    )
+    db.add(user_msg)
+    await db.commit()
+
+    # 3. Load History (Last 15 messages for more context)
+    history_statement = select(Message).where(Message.conversation_id == conversation.id).order_by(Message.created_at.desc()).limit(16)
+    result = await db.execute(history_statement)
+    messages_objs = result.scalars().all()
+    messages_objs = list(messages_objs)
+    messages_objs.reverse()
+    
+    agent_messages = []
+    for msg in messages_objs:
+        role_val = msg.role.value
+        m = {
+            "role": role_val,
+            "content": msg.content or ""
+        }
+        
+        # SDK Requirement: 'name' is only for 'tool' (and sometimes 'system')
+        # 'assistant' messages with a 'name' field cause Unhandled item errors.
+        if role_val == "tool":
+            m["tool_call_id"] = msg.tool_call_id
+            m["name"] = msg.name
+        elif role_val == "assistant":
+            if msg.tool_calls:
+                import json
+                m["tool_calls"] = json.loads(msg.tool_calls)
+            # DO NOT add 'name' to assistant role
+        elif role_val == "system":
+            if msg.name:
+                m["name"] = msg.name
+                
+        agent_messages.append(m)
+
+    # 4. Run Agent
+    bot = TodoChatbot(db, current_user.id)
+    try:
+        # Result is a RunResult object
+        result = await bot.get_response(agent_messages)
+        
+        # 5. Identify and Store NEW messages
+        full_history = result.to_input_list()
+        new_messages = full_history[len(agent_messages):]
+        
+        import json
+        for msg in new_messages:
+            try:
+                role_str = msg.get("role", "assistant").lower()
+                # Validate role
+                if role_str not in [r.value for r in MessageRole]:
+                    role_str = "assistant"
+                
+                content = msg.get("content")
+                if isinstance(content, list):
+                    # Flatten text content
+                    text_parts = [item.get("text", "") for item in content if isinstance(item, dict) and item.get("type") == "output_text"]
+                    content = "".join(text_parts).strip()
+                elif content is None:
+                    content = ""
+
+                new_msg = Message(
+                    conversation_id=conversation.id,
+                    role=MessageRole(role_str),
+                    content=content,
+                    tool_calls=json.dumps(msg.get("tool_calls")) if msg.get("tool_calls") else None,
+                    tool_call_id=msg.get("tool_call_id"),
+                    name=msg.get("name")
+                )
+                db.add(new_msg)
+            except Exception as msg_err:
+                print(f"Error processing message for DB: {msg_err}")
+                print(f"Message dict: {msg}")
+        
+        await db.commit()
+
+        # Update conversation timestamp
+        conversation.updated_at = datetime.utcnow()
+        db.add(conversation)
+        await db.commit()
+
+        # Extract the final response text
+        response_text = result.final_output
+        if not response_text and len(new_messages) > 0:
+            last_msg = new_messages[-1]
+            response_text = last_msg.get("content")
+            if isinstance(response_text, list):
+                text_parts = [item.get("text", "") for item in response_text if isinstance(item, dict) and item.get("type") == "output_text"]
+                response_text = "".join(text_parts).strip()
+
+        # Extract tool calls for frontend indicator
+        frontend_tool_calls = []
+        if hasattr(result, "new_items"):
+            for item in result.new_items:
+                if isinstance(item, ToolCallItem):
+                    tool_name = "unknown"
+                    if hasattr(item.raw_item, "name"):
+                        tool_name = item.raw_item.name
+                    elif hasattr(item.raw_item, "function") and hasattr(item.raw_item.function, "name"):
+                        tool_name = item.raw_item.function.name
+                    
+                    frontend_tool_calls.append({"function": {"name": tool_name}})
+
+        return {
+            "conversation_id": str(conversation.id),
+            "response": response_text or "I processed your request.",
+            "tool_calls": frontend_tool_calls
+        }
+        
+    except Exception as e:
+        await db.rollback() # Crucial: Reset session state on error
+        import traceback
+        print(f"Chat Route Error: {e}")
+        traceback.print_exc()
+        raise HTTPException(status_code=500, detail=f"AI Agent failed: {str(e)}")

src/routes/tasks.py

@@ -0,0 +1,115 @@
+from typing import List
+import uuid
+from datetime import datetime
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy.future import select
+from src.database import get_session
+from src.models import Task, TaskCreate, TaskRead, TaskUpdate, User, TaskStatus
+from src.auth import get_current_user
+
+router = APIRouter(prefix="/tasks", tags=["tasks"])
+
+@router.post("/", response_model=TaskRead, status_code=status.HTTP_201_CREATED)
+async def create_task(
+    task: TaskCreate, 
+    current_user: User = Depends(get_current_user),
+    session: AsyncSession = Depends(get_session)
+):
+    print(f"Creating task for user {current_user.id}: {task}")
+    try:
+        new_task = Task(**task.model_dump(), owner_id=current_user.id)
+        session.add(new_task)
+        await session.commit()
+        await session.refresh(new_task)
+        print(f"Task created successfully: {new_task.id}")
+        return new_task
+    except Exception as e:
+        print(f"Error creating task: {e}")
+        await session.rollback()
+        raise HTTPException(status_code=500, detail=str(e))
+
+@router.get("/", response_model=List[TaskRead])
+async def read_tasks(
+    current_user: User = Depends(get_current_user),
+    session: AsyncSession = Depends(get_session)
+):
+    stmt = select(Task).where(Task.owner_id == current_user.id).order_by(Task.created_at.desc())
+    result = await session.execute(stmt)
+    tasks = result.scalars().all()
+    return tasks
+
+@router.get("/{task_id}", response_model=TaskRead)
+async def read_task(
+    task_id: uuid.UUID,
+    current_user: User = Depends(get_current_user),
+    session: AsyncSession = Depends(get_session)
+):
+    stmt = select(Task).where(Task.id == task_id, Task.owner_id == current_user.id)
+    result = await session.execute(stmt)
+    task = result.scalars().first()
+    if not task:
+        raise HTTPException(status_code=404, detail="Task not found")
+    return task
+
+@router.put("/{task_id}", response_model=TaskRead)
+async def update_task(
+    task_id: uuid.UUID,
+    task_update: TaskUpdate,
+    current_user: User = Depends(get_current_user),
+    session: AsyncSession = Depends(get_session)
+):
+    stmt = select(Task).where(Task.id == task_id, Task.owner_id == current_user.id)
+    result = await session.execute(stmt)
+    task = result.scalars().first()
+    if not task:
+        raise HTTPException(status_code=404, detail="Task not found")
+    
+    task_data = task_update.model_dump(exclude_unset=True)
+    for key, value in task_data.items():
+        setattr(task, key, value)
+    
+    task.updated_at = datetime.utcnow()
+    session.add(task)
+    await session.commit()
+    await session.refresh(task)
+    return task
+
+@router.delete("/{task_id}", status_code=status.HTTP_204_NO_CONTENT)
+async def delete_task(
+    task_id: uuid.UUID,
+    current_user: User = Depends(get_current_user),
+    session: AsyncSession = Depends(get_session)
+):
+    stmt = select(Task).where(Task.id == task_id, Task.owner_id == current_user.id)
+    result = await session.execute(stmt)
+    task = result.scalars().first()
+    if not task:
+        raise HTTPException(status_code=404, detail="Task not found")
+    
+    await session.delete(task)
+    await session.commit()
+    return None
+
+@router.patch("/{task_id}/complete", response_model=TaskRead)
+async def toggle_task_completion(
+    task_id: uuid.UUID,
+    current_user: User = Depends(get_current_user),
+    session: AsyncSession = Depends(get_session)
+):
+    stmt = select(Task).where(Task.id == task_id, Task.owner_id == current_user.id)
+    result = await session.execute(stmt)
+    task = result.scalars().first()
+    if not task:
+        raise HTTPException(status_code=404, detail="Task not found")
+    
+    if task.status == TaskStatus.DONE:
+        task.status = TaskStatus.TODO
+    else:
+        task.status = TaskStatus.DONE
+        
+    task.updated_at = datetime.utcnow()
+    session.add(task)
+    await session.commit()
+    await session.refresh(task)
+    return task

tests/integration/test_chat.py

@@ -0,0 +1,12 @@
+import pytest
+from httpx import AsyncClient
+from src.main import app
+from src.models import User
+
+@pytest.mark.asyncio
+async def test_chat_unauthorized():
+    async with AsyncClient(app=app, base_url="http://test") as ac:
+        response = await ac.post("/chat/", json={"message": "hello"})
+    assert response.status_code == 401 # Should fail without JWT
+
+# More tests would involve mocking get_current_user and the AI runner