recovering old backend code

ai_gateway.py

@@ -0,0 +1,483 @@
+# ============================================================
+#  Ethrix-Forge — Agentic AI Gateway
+#  Drop-in module for main.py  (FastAPI + google-genai + httpx)
+#  Author-ready: copy the imports + constants + functions below
+# ============================================================
+
+# ── REQUIRED IMPORTS (merge into your existing main.py imports) ──────────────
+import os
+import json
+import asyncio
+import logging
+from typing import Any
+
+import httpx
+from google import genai                        # pip install google-genai
+from google.genai import types as genai_types
+from fastapi import HTTPException
+from pydantic import BaseModel
+
+# ── LOGGING ──────────────────────────────────────────────────────────────────
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger("ethrix_forge.ai_gateway")
+
+
+# ══════════════════════════════════════════════════════════════════════════════
+#  PYDANTIC REQUEST / RESPONSE SCHEMAS
+# ══════════════════════════════════════════════════════════════════════════════
+
+class ExistingFile(BaseModel):
+    """A file already open in the editor that the AI can read as context."""
+    filename: str
+    language: str
+    code: str
+
+
+class AgentRequest(BaseModel):
+    """
+    POST body your React frontend must send to  /api/agent/generate
+    {
+        "prompt": "Add a dark-mode toggle to the Navbar",
+        "existing_files": [
+            {"filename": "index.html",  "language": "html",       "code": "..."},
+            {"filename": "style.css",   "language": "css",        "code": "..."}
+        ],
+        "model_preference": "gemini"   // optional: "gemini" | "openrouter" | "groq"
+    }
+    """
+    prompt: str
+    existing_files: list[ExistingFile] = []
+    model_preference: str = "gemini"
+
+
+class GeneratedFile(BaseModel):
+    filename: str
+    language: str
+    code: str
+
+
+class AgentResponse(BaseModel):
+    files: list[GeneratedFile]
+    provider_used: str          # which provider actually answered
+    total_files_changed: int
+
+
+# ══════════════════════════════════════════════════════════════════════════════
+#  SYSTEM PROMPT  (the "brain" of the agentic workflow)
+# ══════════════════════════════════════════════════════════════════════════════
+
+AGENTIC_SYSTEM_PROMPT = """
+You are Ethrix, an elite AI Software Architect and Senior Full-Stack Developer
+embedded inside the Ethrix-Forge Cloud Code Editor.
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+WORKFLOW  (Think → Plan → Execute)
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+STEP 1 – THINK (internal, do not output)
+  • Re-read the user's request and ALL existing files carefully.
+  • Understand the full project structure, dependencies, and intent.
+  • Identify EXACTLY which files need to be created or modified.
+
+STEP 2 – PLAN (internal, do not output)
+  • List the minimal set of files that must change.
+  • Never touch files that are unaffected by the request.
+  • If a new file is needed (e.g., a component, a utility), create it.
+
+STEP 3 – EXECUTE (this is your ONLY output)
+  • Respond with a VALID JSON array — nothing else.
+  • No markdown code fences, no explanations, no preamble.
+  • Each element in the array is an object with exactly these three keys:
+      "filename"  — relative path e.g. "components/Navbar.js"
+      "language"  — lowercase language id e.g. "javascript", "python", "css"
+      "code"      — the complete, production-ready file content as a string
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+STRICT RULES
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+1. OUTPUT FORMAT: Your entire response MUST be a JSON array.
+   ✅ CORRECT:  [ {"filename": "...", "language": "...", "code": "..."} ]
+   ❌ WRONG:    Any text, markdown, or explanation outside the JSON array.
+
+2. SELECTIVE EDITING: Only include files you actually changed or created.
+   If index.html is unchanged, DO NOT include it in your response.
+
+3. COMPLETE FILES: Each "code" value must contain the full file content —
+   never use placeholders like "// rest of code here".
+
+4. FOLDER SUPPORT: Use forward-slash paths for nested files:
+   "src/components/Button.jsx", "assets/css/theme.css"
+
+5. LANGUAGE IDS: Use standard lowercase identifiers:
+   html, css, javascript, typescript, python, json, markdown, etc.
+
+6. QUALITY: Write production-grade code. Use modern best practices,
+   clean variable names, and add brief inline comments where helpful.
+""".strip()
+
+
+# ══════════════════════════════════════════════════════════════════════════════
+#  PROVIDER CONFIG  — loaded from environment variables
+# ══════════════════════════════════════════════════════════════════════════════
+
+def _get_gemini_keys() -> list[str]:
+    """
+    Collect all GEMINI_API_KEY, GEMINI_API_KEY_2, GEMINI_API_KEY_3, …
+    from environment variables in order.
+    """
+    keys: list[str] = []
+    # Primary key
+    primary = os.getenv("GEMINI_API_KEY", "")
+    if primary:
+        keys.append(primary)
+    # Numbered backups: GEMINI_API_KEY_2 … GEMINI_API_KEY_10
+    for i in range(2, 11):
+        k = os.getenv(f"GEMINI_API_KEY_{i}", "")
+        if k:
+            keys.append(k)
+    return keys
+
+
+OPENROUTER_API_KEY: str = os.getenv("OPENROUTER_API_KEY", "")
+GROQ_API_KEY:       str = os.getenv("GROQ_API_KEY", "")
+
+GEMINI_MODEL      = os.getenv("GEMINI_MODEL",      "gemini-2.0-flash")
+OPENROUTER_MODEL  = os.getenv("OPENROUTER_MODEL",  "deepseek/deepseek-chat-v3-0324:free")
+GROQ_MODEL        = os.getenv("GROQ_MODEL",        "llama-3.3-70b-versatile")
+
+# Errors that should trigger a key / provider switch
+_RATE_LIMIT_PHRASES = (
+    "429",
+    "resource_exhausted",
+    "rate limit",
+    "quota exceeded",
+    "too many requests",
+)
+
+
+# ══════════════════════════════════════════════════════════════════════════════
+#  PROMPT BUILDER  — assembles the full user message with context
+# ══════════════════════════════════════════════════════════════════════════════
+
+def _build_user_message(prompt: str, existing_files: list[ExistingFile]) -> str:
+    """
+    Wraps the user's instruction with the current file context so the AI
+    understands what already exists before making changes.
+    """
+    parts: list[str] = []
+
+    if existing_files:
+        parts.append("=== EXISTING PROJECT FILES (read-only context) ===\n")
+        for f in existing_files:
+            parts.append(
+                f"FILE: {f.filename}  [language: {f.language}]\n"
+                f"```{f.language}\n{f.code}\n```\n"
+            )
+        parts.append("=== END OF EXISTING FILES ===\n\n")
+
+    parts.append(f"USER REQUEST:\n{prompt}")
+    return "\n".join(parts)
+
+
+# ══════════════════════════════════════════════════════════════════════════════
+#  JSON PARSER  — robust extraction from raw LLM text
+# ══════════════════════════════════════════════════════════════════════════════
+
+def _parse_files_from_response(raw: str) -> list[dict]:
+    """
+    Tries multiple strategies to extract the JSON array from LLM output.
+    Strategy 1 — direct json.loads (ideal: model obeyed instructions).
+    Strategy 2 — find the first '[' … last ']' and parse that slice.
+    Strategy 3 — strip markdown fences then retry.
+    """
+    text = raw.strip()
+
+    # Strategy 1: Direct parse
+    try:
+        data = json.loads(text)
+        if isinstance(data, list):
+            return data
+    except json.JSONDecodeError:
+        pass
+
+    # Strategy 2: Bracket slicing
+    start = text.find("[")
+    end   = text.rfind("]")
+    if start != -1 and end != -1 and end > start:
+        try:
+            data = json.loads(text[start : end + 1])
+            if isinstance(data, list):
+                logger.warning("JSON extracted via bracket-slice strategy.")
+                return data
+        except json.JSONDecodeError:
+            pass
+
+    # Strategy 3: Strip markdown code fences
+    import re
+    cleaned = re.sub(r"```(?:json)?", "", text).strip()
+    try:
+        data = json.loads(cleaned)
+        if isinstance(data, list):
+            logger.warning("JSON extracted after stripping markdown fences.")
+            return data
+    except json.JSONDecodeError:
+        pass
+
+    logger.error("All JSON parse strategies failed. Raw response:\n%s", raw[:2000])
+    raise ValueError("AI response could not be parsed as a JSON array of files.")
+
+
+# ══════════════════════════════════════════════════════════════════════════════
+#  PROVIDER CALLS
+# ══════════════════════════════════════════════════════════════════════════════
+
+def _is_rate_limit_error(exc: Exception) -> bool:
+    msg = str(exc).lower()
+    return any(phrase in msg for phrase in _RATE_LIMIT_PHRASES)
+
+
+# ── Gemini ────────────────────────────────────────────────────────────────────
+
+def _sync_call_gemini(api_key: str, user_message: str) -> str:
+    """
+    Synchronous Gemini call using the new google-genai SDK.
+    Wrapped with asyncio.to_thread() at the call site so FastAPI never blocks.
+    """
+    client = genai.Client(api_key=api_key)
+    response = client.models.generate_content(
+        model=GEMINI_MODEL,
+        contents=user_message,
+        config=genai_types.GenerateContentConfig(
+            system_instruction=AGENTIC_SYSTEM_PROMPT,
+            temperature=0.2,        # lower = more deterministic / structured
+            max_output_tokens=8192,
+        ),
+    )
+    return response.text
+
+
+async def _call_gemini_with_fallback(user_message: str) -> tuple[str, str]:
+    """
+    Tries every available Gemini API key in sequence.
+    Returns (raw_text, key_label) or raises RuntimeError if all keys fail.
+    """
+    keys = _get_gemini_keys()
+    if not keys:
+        raise RuntimeError("No GEMINI_API_KEY found in environment.")
+
+    last_exc: Exception | None = None
+    for idx, key in enumerate(keys):
+        key_label = "GEMINI_API_KEY" if idx == 0 else f"GEMINI_API_KEY_{idx + 1}"
+        try:
+            logger.info("Trying Gemini with %s …", key_label)
+            text = await asyncio.to_thread(_sync_call_gemini, key, user_message)
+            logger.info("Gemini (%s) succeeded.", key_label)
+            return text, key_label
+        except Exception as exc:
+            last_exc = exc
+            if _is_rate_limit_error(exc):
+                logger.warning(
+                    "%s hit rate/quota limit (%s). Switching to next key …",
+                    key_label, exc
+                )
+                continue          # try next key
+            else:
+                logger.error("Gemini (%s) non-retryable error: %s", key_label, exc)
+                raise             # hard failure — don't retry other keys
+
+    raise RuntimeError(
+        f"All Gemini keys exhausted. Last error: {last_exc}"
+    )
+
+
+# ── OpenRouter ────────────────────────────────────────────────────────────────
+
+async def _call_openrouter(user_message: str) -> str:
+    """Async OpenRouter call via httpx."""
+    if not OPENROUTER_API_KEY:
+        raise RuntimeError("OPENROUTER_API_KEY not configured.")
+
+    payload = {
+        "model": OPENROUTER_MODEL,
+        "messages": [
+            {"role": "system",  "content": AGENTIC_SYSTEM_PROMPT},
+            {"role": "user",    "content": user_message},
+        ],
+        "temperature": 0.2,
+        "max_tokens": 8192,
+    }
+    headers = {
+        "Authorization": f"Bearer {OPENROUTER_API_KEY}",
+        "Content-Type":  "application/json",
+        "HTTP-Referer":  "https://ethrix-forge.app",   # your app URL
+        "X-Title":       "Ethrix-Forge",
+    }
+
+    async with httpx.AsyncClient(timeout=90) as client:
+        resp = client.post(
+            "https://openrouter.ai/api/v1/chat/completions",
+            json=payload,
+            headers=headers,
+        )
+        resp = await resp  if asyncio.iscoroutine(resp) else resp   # compatibility shim
+        resp.raise_for_status()
+        data = resp.json()
+        return data["choices"][0]["message"]["content"]
+
+
+async def _call_openrouter_safe(user_message: str) -> tuple[str, str]:
+    logger.info("Trying OpenRouter (%s) …", OPENROUTER_MODEL)
+    text = await _call_openrouter(user_message)
+    logger.info("OpenRouter succeeded.")
+    return text, f"openrouter/{OPENROUTER_MODEL}"
+
+
+# ── Groq ──────────────────────────────────────────────────────────────────────
+
+async def _call_groq(user_message: str) -> str:
+    """Async Groq call via httpx."""
+    if not GROQ_API_KEY:
+        raise RuntimeError("GROQ_API_KEY not configured.")
+
+    payload = {
+        "model": GROQ_MODEL,
+        "messages": [
+            {"role": "system",  "content": AGENTIC_SYSTEM_PROMPT},
+            {"role": "user",    "content": user_message},
+        ],
+        "temperature": 0.2,
+        "max_tokens": 8192,
+    }
+    headers = {
+        "Authorization": f"Bearer {GROQ_API_KEY}",
+        "Content-Type":  "application/json",
+    }
+
+    async with httpx.AsyncClient(timeout=90) as client:
+        resp = await client.post(
+            "https://api.groq.com/openai/v1/chat/completions",
+            json=payload,
+            headers=headers,
+        )
+        resp.raise_for_status()
+        data = resp.json()
+        return data["choices"][0]["message"]["content"]
+
+
+async def _call_groq_safe(user_message: str) -> tuple[str, str]:
+    logger.info("Trying Groq (%s) …", GROQ_MODEL)
+    text = await _call_groq(user_message)
+    logger.info("Groq succeeded.")
+    return text, f"groq/{GROQ_MODEL}"
+
+
+# ══════════════════════════════════════════════════════════════════════════════
+#  MASTER ORCHESTRATOR  — Think → Plan → Execute with full fallback chain
+# ══════════════════════════════════════════════════════════════════════════════
+
+async def run_agentic_workflow(request: AgentRequest) -> AgentResponse:
+    """
+    Core agentic pipeline:
+      1. Build the context-aware user message.
+      2. Try providers in preferred order with automatic fallback.
+      3. Parse the JSON response into structured GeneratedFile objects.
+      4. Return only the files that were actually changed / created.
+    """
+    user_message = _build_user_message(request.prompt, request.existing_files)
+
+    # ── Build the provider call order based on user preference ────────────────
+    async def try_gemini()      -> tuple[str, str]: return await _call_gemini_with_fallback(user_message)
+    async def try_openrouter()  -> tuple[str, str]: return await _call_openrouter_safe(user_message)
+    async def try_groq()        -> tuple[str, str]: return await _call_groq_safe(user_message)
+
+    preference = request.model_preference.lower()
+    if preference == "openrouter":
+        provider_order = [try_openrouter, try_gemini,     try_groq]
+    elif preference == "groq":
+        provider_order = [try_groq,       try_gemini,     try_openrouter]
+    else:  # default: gemini first
+        provider_order = [try_gemini,     try_openrouter, try_groq]
+
+    # ── Try each provider, moving on only if rate-limited or unavailable ──────
+    raw_text: str       = ""
+    provider_used: str  = "unknown"
+    last_error: Exception | None = None
+
+    for provider_fn in provider_order:
+        try:
+            raw_text, provider_used = await provider_fn()
+            break                   # success — stop trying fallbacks
+        except RuntimeError as exc:
+            # RuntimeError = "no key configured" or "all keys exhausted"
+            logger.warning("Provider unavailable: %s", exc)
+            last_error = exc
+            continue
+        except Exception as exc:
+            if _is_rate_limit_error(exc):
+                logger.warning("Rate limit on provider, falling back: %s", exc)
+                last_error = exc
+                continue
+            # Unexpected non-rate-limit error — still try next provider
+            logger.error("Unexpected provider error, falling back: %s", exc)
+            last_error = exc
+            continue
+    else:
+        # All providers failed
+        raise HTTPException(
+            status_code=503,
+            detail=f"All AI providers failed. Last error: {last_error}",
+        )
+
+    # ── Parse response ────────────────────────────────────────────────────────
+    try:
+        files_data = _parse_files_from_response(raw_text)
+    except ValueError as exc:
+        raise HTTPException(
+            status_code=500,
+            detail=f"AI returned unparseable output: {exc}",
+        )
+
+    # ── Validate & build response objects ─────────────────────────────────────
+    generated_files: list[GeneratedFile] = []
+    for item in files_data:
+        if not isinstance(item, dict):
+            logger.warning("Skipping non-dict item in AI response: %s", item)
+            continue
+        fn = item.get("filename", "").strip()
+        lang = item.get("language", "").strip().lower()
+        code = item.get("code", "")
+        if not fn or code is None:
+            logger.warning("Skipping incomplete file entry: %s", item)
+            continue
+        generated_files.append(GeneratedFile(filename=fn, language=lang, code=code))
+
+    if not generated_files:
+        raise HTTPException(
+            status_code=500,
+            detail="AI returned an empty list of files. No changes were made.",
+        )
+
+    return AgentResponse(
+        files=generated_files,
+        provider_used=provider_used,
+        total_files_changed=len(generated_files),
+    )
+
+
+# ══════════════════════════════════════════════════════════════════════════════
+#  FASTAPI ROUTE  — add this to your main.py router
+# ══════════════════════════════════════════════════════════════════════════════
+#
+#   from fastapi import APIRouter
+#   router = APIRouter()
+#
+#   @router.post("/api/agent/generate", response_model=AgentResponse)
+#   async def agent_generate(request: AgentRequest):
+#       """
+#       Agentic code generation / editing endpoint for Ethrix-Forge.
+#       Accepts the user prompt + existing project files as context,
+#       returns only the files that were created or modified.
+#       """
+#       return await run_agentic_workflow(request)
+#
+# ══════════════════════════════════════════════════════════════════════════════

main.py

@@ -1,202 +1,1093 @@
+"""
+╔══════════════════════════════════════════════════════════════════════════════╗
+║         ETHRIX-FORGE — FASTAPI CLOUD SYNC & BACKEND ENGINE                  ║
+║         main.py  |  Deployed on Hugging Face Spaces (Docker)                ║
+║                                                                              ║
+║  Modules:                                                                    ║
+║    1. MongoDB  — Workspace & Chat History persistence (motor)                ║
+║    2. GitHub   — Clone / Commit / Push via PyGithub + GitPython              ║
+║    3. Google Drive — OAuth2 ZIP upload                                       ║
+║    4. AI Gateway — Secure proxy for Gemini & Groq (keys from HF env)        ║
+╚══════════════════════════════════════════════════════════════════════════════╝
+
+HUGGING FACE SPACE ENVIRONMENT VARIABLES (set in Space Settings → Variables):
+  MONGODB_URI           — MongoDB Atlas connection string
+  GEMINI_API_KEY        — Google AI Studio key
+  GROQ_API_KEY          — Groq Cloud key
+  GITHUB_TOKEN          — GitHub Personal Access Token (optional default)
+  GOOGLE_CLIENT_ID      — Google OAuth2 Client ID
+  GOOGLE_CLIENT_SECRET  — Google OAuth2 Client Secret
+  GOOGLE_REDIRECT_URI   — OAuth2 callback URL (e.g. https://your-space.hf.space/drive/callback)
+  SECRET_KEY            — Random secret for session signing (generate with: openssl rand -hex 32)
+"""
+
 import os
+import io
+import re
 import json
+import uuid
 import asyncio
+import zipfile
+import tempfile
 import logging
-from typing import Any, List
-from fastapi import FastAPI, HTTPException, Request
-from fastapi.middleware.cors import CORSMiddleware
-from pydantic import BaseModel
+import shutil
+from datetime import datetime, timezone
+from typing import Optional, List, Any, Dict
+
 import httpx
-from google import genai
+from fastapi import FastAPI, HTTPException, Request, BackgroundTasks, Depends, Header
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.responses import JSONResponse, RedirectResponse, StreamingResponse
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from contextlib import asynccontextmanager
+from pydantic import BaseModel, Field
+
+# ── Database ──────────────────────────────────────────────────────────────────
+import motor.motor_asyncio
+from bson import ObjectId
+from bson.errors import InvalidId
 
-# ── LOGGING SETUP ──
-logging.basicConfig(level=logging.INFO)
+# ── GitHub ────────────────────────────────────────────────────────────────────
+from github import Github, GithubException
+import git  # GitPython
+
+# ── Google OAuth / Drive ──────────────────────────────────────────────────────
+from google_auth_oauthlib.flow import Flow
+from google.oauth2.credentials import Credentials
+from googleapiclient.discovery import build
+from googleapiclient.http import MediaIoBaseUpload
+from google.auth.transport.requests import Request as GoogleRequest
+from google import genai
+import asyncio
+import logging
+from ai_gateway import AgentRequest, AgentResponse, run_agentic_workflow
+sys.path.append(os.path.dirname(os.path.abspath(__file__)))
+# ─────────────────────────────────────────────────────────────────────────────
+# LOGGING
+# ─────────────────────────────────────────────────────────────────────────────
+logging.basicConfig(
+    level=logging.INFO,
+    format="%(asctime)s  %(levelname)-8s  %(name)s — %(message)s",
+    datefmt="%Y-%m-%d %H:%M:%S",
+)
 log = logging.getLogger("ethrix-forge")
 
-app = FastAPI(title="Ethrix-Forge AI Gateway")
+# ─────────────────────────────────────────────────────────────────────────────
+# ENVIRONMENT VARIABLES
+# ─────────────────────────────────────────────────────���───────────────────────
+MONGODB_URI          = os.getenv("MONGODB_URI", "mongodb://localhost:27017")
+GEMINI_API_KEY       = os.getenv("GEMINI_API_KEY", "")
+GROQ_API_KEY         = os.getenv("GROQ_API_KEY", "")
+GITHUB_TOKEN         = os.getenv("GITHUB_TOKEN", "")           # optional server-side default
+GOOGLE_CLIENT_ID     = os.getenv("GOOGLE_CLIENT_ID", "")
+GOOGLE_CLIENT_SECRET = os.getenv("GOOGLE_CLIENT_SECRET", "")
+GOOGLE_REDIRECT_URI  = os.getenv("GOOGLE_REDIRECT_URI", "http://localhost:8000/drive/callback")
+SECRET_KEY           = os.getenv("SECRET_KEY", uuid.uuid4().hex)  # fallback for dev only
 
+# Hugging Face Spaces runs on port 7860 by default
+PORT = int(os.getenv("PORT", 7860))
+
+# ─────────────────────────────────────────────────────────────────────────────
+# MONGODB CLIENT  (module-level; initialised in lifespan)
+# ─────────────────────────────────────────────────────────────────────────────
+_mongo_client: Optional[motor.motor_asyncio.AsyncIOMotorClient] = None
+
+
+def get_db() -> motor.motor_asyncio.AsyncIOMotorDatabase:
+    """Dependency: returns the 'ethrix_forge' database handle."""
+    if _mongo_client is None:
+        raise HTTPException(status_code=503, detail="Database not initialised yet.")
+    return _mongo_client["ethrix_forge"]
+
+
+# ─────────────────────────────────────────────────────────────────────────────
+# IN-MEMORY GOOGLE OAUTH SESSION STORE
+# For production, replace with Redis or a DB-backed store.
+# ─────────────────────────────────────────────────────────────────────────────
+_drive_sessions: Dict[str, dict] = {}   # state_token → credentials dict
+
+
+# ─────────────────────────────────────────────────────────────────────────────
+# LIFESPAN — startup / shutdown
+# ─────────────────────────────────────────────────────────────────────────────
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    global _mongo_client
+    log.info("🔌 Connecting to MongoDB…")
+    try:
+        _mongo_client = motor.motor_asyncio.AsyncIOMotorClient(
+            MONGODB_URI,
+            serverSelectionTimeoutMS=5_000,
+        )
+        # Ping to verify connection
+        await _mongo_client.admin.command("ping")
+        log.info("✅ MongoDB connected.")
+        # Create indexes
+        db = _mongo_client["ethrix_forge"]
+        await db.workspaces.create_index("user_id")
+        await db.workspaces.create_index("updated_at")
+        await db.chat_history.create_index("workspace_id")
+        await db.chat_history.create_index("user_id")
+        log.info("✅ MongoDB indexes ensured.")
+    except Exception as exc:
+        log.error(f"❌ MongoDB connection failed: {exc}")
+        # Don't crash — endpoints will return 503 gracefully
+
+    yield  # ← app runs here
+
+    if _mongo_client:
+        _mongo_client.close()
+        log.info("🔌 MongoDB disconnected.")
+
+
+# ─────────────────────────────────────────────────────────────────────────────
+# FASTAPI APP
+# ─────────────────────────────────────────────────────────────────────────────
+app = FastAPI(
+    title="Ethrix-Forge Backend",
+    description="Cloud Sync, GitHub, Google Drive & AI Gateway for Ethrix-Forge IDE",
+    version="1.0.0",
+    lifespan=lifespan,
+)
+
+# ── CORS ──────────────────────────────────────────────────────────────────────
+# In production, restrict allow_origins to your HF Space / Vercel URL.
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=["*"],
+    allow_origins=["*"],          # ← tighten this in production
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],
 )
 
-# ═══════════════════��══════════════════════════════════════════════════════════
-#  CLAUDE'S AGENTIC WORKFLOW CODE (Directly inside main.py!)
-# ══════════════════════════════════════════════════════════════════════════════
-
-class ExistingFile(BaseModel):
-    filename: str
-    language: str
-    code: str
-
-class AgentRequest(BaseModel):
-    prompt: str
-    existing_files: List[ExistingFile] = []
-    model_preference: str = "gemini"
-
-class GeneratedFile(BaseModel):
-    filename: str
-    language: str
-    code: str
-
-class AgentResponse(BaseModel):
-    files: List[GeneratedFile]
-    provider_used: str
-    total_files_changed: int
-
-AGENTIC_SYSTEM_PROMPT = """
-You are Ethrix, an elite Expert Senior Software Architect. 
-Your goal is to fulfill the user's request by analyzing the existing codebase and returning ONLY the files that need to be created or modified.
-
-STRICT RULES:
-1. You MUST respond with ONLY a valid JSON array of objects.
-2. NO markdown formatting, NO backticks (```json), NO explanations, NO preambles.
-3. Each object in the array MUST have exactly three string keys: "filename", "language", and "code".
-4. If a file does not need changes, DO NOT include it in the output.
-5. Provide complete code for the files you do output (no "..." or "insert here" placeholders).
-
-Expected Output Format exactly like this:
-[
-  {
-    "filename": "index.html",
-    "language": "html",
-    "code": "<!DOCTYPE html>..."
-  }
-]
-"""
 
-def _get_gemini_keys():
-    keys = []
-    base_key = os.getenv("GEMINI_API_KEY")
-    if base_key: keys.append(base_key)
-    for i in range(2, 10):
-        k = os.getenv(f"GEMINI_API_KEY_{i}")
-        if k: keys.append(k)
-    return keys
-
-async def _call_gemini_with_fallback(full_prompt: str) -> tuple[str, str]:
-    keys = _get_gemini_keys()
-    if not keys:
-        raise ValueError("No Gemini keys found")
-        
-    models_to_try = ["gemini-2.5-flash", "gemini-2.0-flash", "gemini-1.5-flash"]
-    
-    for key in keys:
-        client = genai.Client(api_key=key)
-        for model in models_to_try:
-            try:
-                def sync_call():
-                    return client.models.generate_content(
-                        model=model, 
-                        contents=full_prompt
-                    )
-                response = await asyncio.to_thread(sync_call)
-                return response.text, f"gemini ({model})"
-            except Exception as e:
-                err_str = str(e)
-                log.warning(f"Gemini {model} failed with key ending in ...{key[-4:]}: {err_str}")
-                if "429" in err_str or "RESOURCE_EXHAUSTED" in err_str:
-                    break # Switch to next API Key
-    raise ValueError("All Gemini keys and models exhausted.")
-
-async def _call_openrouter_safe(full_prompt: str) -> tuple[str, str]:
-    api_key = os.getenv("OPENROUTER_API_KEY")
-    if not api_key: raise ValueError("OpenRouter key missing")
-    
-    async with httpx.AsyncClient(timeout=45.0) as client:
-        res = await client.post(
-            "[https://openrouter.ai/api/v1/chat/completions](https://openrouter.ai/api/v1/chat/completions)",
-            headers={"Authorization": f"Bearer {api_key}"},
-            json={
-                "model": "qwen/qwen-2.5-coder-32b-instruct:free",
-                "messages": [{"role": "user", "content": full_prompt}]
-            }
+# ─────────────────────────────────────────────────────────────────────────────
+# HELPERS
+# ─────────────────────────────────────────────────────────────────────────────
+
+def _serialize_doc(doc: dict) -> dict:
+    """Convert MongoDB ObjectId → str for JSON serialisation."""
+    if doc is None:
+        return {}
+    out = {}
+    for k, v in doc.items():
+        if isinstance(v, ObjectId):
+            out[k] = str(v)
+        elif isinstance(v, datetime):
+            out[k] = v.isoformat()
+        elif isinstance(v, dict):
+            out[k] = _serialize_doc(v)
+        elif isinstance(v, list):
+            out[k] = [_serialize_doc(i) if isinstance(i, dict) else i for i in v]
+        else:
+            out[k] = v
+    return out
+
+
+def _now() -> datetime:
+    return datetime.now(timezone.utc)
+
+
+def _validate_object_id(oid: str) -> ObjectId:
+    try:
+        return ObjectId(oid)
+    except (InvalidId, Exception):
+        raise HTTPException(status_code=400, detail=f"Invalid document ID: '{oid}'")
+
+
+# ════════════════════════════���════════════════════════════════════════════════
+# ███  MODULE 1 — MONGODB  ████████████████████████████████████████████████████
+# ═════════════════════════════════════════════════════════════════════════════
+
+# ── Pydantic Models ──────────────────────────────────────────────────────────
+
+class FileObject(BaseModel):
+    """A single code file in the workspace."""
+    filename: str = Field(..., example="index.html")
+    language: str = Field(..., example="html")
+    code:     str = Field(..., example="<!DOCTYPE html>...")
+
+
+class WorkspaceSaveRequest(BaseModel):
+    """Payload to save/update a workspace."""
+    user_id:    str             = Field(..., example="user_abc123")
+    name:       str             = Field(..., example="My Landing Page")
+    files:      List[FileObject]
+    metadata:   Optional[dict]  = Field(default_factory=dict)
+
+
+class WorkspaceResponse(BaseModel):
+    workspace_id: str
+    user_id:      str
+    name:         str
+    files:        List[dict]
+    metadata:     dict
+    created_at:   str
+    updated_at:   str
+
+
+class ChatMessage(BaseModel):
+    """A single chat message in the AI conversation history."""
+    role:    str = Field(..., example="user")       # "user" | "assistant" | "system"
+    content: str
+    timestamp: Optional[str] = None
+
+
+class ChatHistorySaveRequest(BaseModel):
+    workspace_id: str
+    user_id:      str
+    messages:     List[ChatMessage]
+
+
+# ── Endpoints ────────────────────────────────────────────────────────────────
+
+@app.post("/workspace/save", tags=["MongoDB"])
+async def save_workspace(
+    payload: WorkspaceSaveRequest,
+    db=Depends(get_db),
+):
+    """
+    Create or update a workspace (files + metadata).
+    If a workspace already exists for this user_id + name, it is overwritten.
+    Returns the workspace_id.
+    """
+    now = _now()
+    doc = {
+        "user_id":    payload.user_id,
+        "name":       payload.name,
+        "files":      [f.model_dump() for f in payload.files],
+        "metadata":   payload.metadata or {},
+        "updated_at": now,
+    }
+
+    # Upsert by user_id + name so the user doesn't accumulate duplicate workspaces
+    result = await db.workspaces.find_one_and_update(
+        {"user_id": payload.user_id, "name": payload.name},
+        {
+            "$set": doc,
+            "$setOnInsert": {"created_at": now},
+        },
+        upsert=True,
+        return_document=True,
+    )
+
+    if result is None:
+        # Upsert inserted a new doc — fetch it
+        result = await db.workspaces.find_one(
+            {"user_id": payload.user_id, "name": payload.name}
         )
-        res.raise_for_status()
-        return res.json()["choices"][0]["message"]["content"], "openrouter (qwen-2.5)"
-
-async def _call_groq_safe(full_prompt: str) -> tuple[str, str]:
-    api_key = os.getenv("GROQ_API_KEY")
-    if not api_key: raise ValueError("Groq key missing")
-    
-    async with httpx.AsyncClient(timeout=30.0) as client:
-        res = await client.post(
-            "[https://api.groq.com/openai/v1/chat/completions](https://api.groq.com/openai/v1/chat/completions)",
-            headers={"Authorization": f"Bearer {api_key}"},
-            json={
-                "model": "llama-3.3-70b-versatile",
-                "messages": [{"role": "user", "content": full_prompt}]
-            }
+
+    workspace_id = str(result["_id"])
+    log.info(f"Workspace saved: {workspace_id} for user {payload.user_id}")
+    return {"workspace_id": workspace_id, "message": "Workspace saved successfully."}
+
+
+@app.get("/workspace/{workspace_id}", tags=["MongoDB"])
+async def load_workspace(workspace_id: str, db=Depends(get_db)):
+    """Load a full workspace by its MongoDB ObjectId."""
+    oid = _validate_object_id(workspace_id)
+    doc = await db.workspaces.find_one({"_id": oid})
+    if not doc:
+        raise HTTPException(status_code=404, detail=f"Workspace '{workspace_id}' not found.")
+    return _serialize_doc(doc)
+
+
+@app.get("/workspace/user/{user_id}", tags=["MongoDB"])
+async def list_workspaces(user_id: str, db=Depends(get_db)):
+    """
+    List all workspaces belonging to a user (without file contents for efficiency).
+    """
+    cursor = db.workspaces.find(
+        {"user_id": user_id},
+        {"files": 0},           # Exclude file blobs from listing
+    ).sort("updated_at", -1)
+
+    docs = await cursor.to_list(length=100)
+    return {"workspaces": [_serialize_doc(d) for d in docs]}
+
+
+@app.delete("/workspace/{workspace_id}", tags=["MongoDB"])
+async def delete_workspace(workspace_id: str, db=Depends(get_db)):
+    """Permanently delete a workspace and its associated chat history."""
+    oid = _validate_object_id(workspace_id)
+    ws_result = await db.workspaces.delete_one({"_id": oid})
+    chat_result = await db.chat_history.delete_many({"workspace_id": workspace_id})
+
+    if ws_result.deleted_count == 0:
+        raise HTTPException(status_code=404, detail=f"Workspace '{workspace_id}' not found.")
+
+    return {
+        "message": "Workspace deleted.",
+        "files_deleted": ws_result.deleted_count,
+        "chat_messages_deleted": chat_result.deleted_count,
+    }
+
+
+# ── Chat History ─────────────────────────────────────────────────────────────
+
+@app.post("/chat/save", tags=["MongoDB"])
+async def save_chat_history(payload: ChatHistorySaveRequest, db=Depends(get_db)):
+    """
+    Overwrite (replace) the chat history for a given workspace.
+    Each save replaces the full message array — the frontend manages the list.
+    """
+    now = _now()
+    messages_with_ts = []
+    for msg in payload.messages:
+        m = msg.model_dump()
+        if not m.get("timestamp"):
+            m["timestamp"] = now.isoformat()
+        messages_with_ts.append(m)
+
+    await db.chat_history.find_one_and_update(
+        {"workspace_id": payload.workspace_id, "user_id": payload.user_id},
+        {
+            "$set": {
+                "messages":   messages_with_ts,
+                "updated_at": now,
+            },
+            "$setOnInsert": {"created_at": now},
+        },
+        upsert=True,
+    )
+    return {"message": "Chat history saved.", "message_count": len(messages_with_ts)}
+
+
+@app.get("/chat/{workspace_id}", tags=["MongoDB"])
+async def load_chat_history(workspace_id: str, db=Depends(get_db)):
+    """Load the full chat history for a workspace."""
+    doc = await db.chat_history.find_one({"workspace_id": workspace_id})
+    if not doc:
+        return {"messages": [], "workspace_id": workspace_id}
+    return _serialize_doc(doc)
+
+
+@app.delete("/chat/{workspace_id}", tags=["MongoDB"])
+async def clear_chat_history(workspace_id: str, db=Depends(get_db)):
+    """Delete all chat messages for a workspace."""
+    result = await db.chat_history.delete_many({"workspace_id": workspace_id})
+    return {"message": "Chat history cleared.", "deleted_count": result.deleted_count}
+
+
+# ═════════════════════════════════════════════════════════════════════════════
+# ███  MODULE 2 — GITHUB  █████████████████████████████████████████████████████
+# ═════════════════════════════════════════════════════════════════════════════
+
+class GitHubCloneRequest(BaseModel):
+    """Clone a GitHub repository into the workspace."""
+    repo_url:     str  = Field(..., example="https://github.com/owner/repo")
+    token:        Optional[str] = Field(None, description="GitHub PAT. Falls back to server GITHUB_TOKEN.")
+    branch:       Optional[str] = Field("main", description="Branch to clone")
+    workspace_id: Optional[str] = Field(None, description="Auto-save to this workspace after cloning")
+    user_id:      Optional[str] = None
+
+
+class GitHubCommitRequest(BaseModel):
+    """Commit and push files to a GitHub repository."""
+    repo_full_name: str  = Field(..., example="owner/repo")  # e.g. "torvalds/linux"
+    branch:         str  = Field("main")
+    commit_message: str  = Field(..., example="feat: update from Ethrix-Forge")
+    files:          List[FileObject]
+    token:          Optional[str] = None
+
+
+class GitHubRepoInfoRequest(BaseModel):
+    token:         Optional[str] = None
+    repo_full_name: str
+
+
+# ── Helper: resolve token ─────────────────────────────────────────────────────
+
+def _resolve_github_token(request_token: Optional[str]) -> str:
+    token = request_token or GITHUB_TOKEN
+    if not token:
+        raise HTTPException(
+            status_code=400,
+            detail="No GitHub token provided and GITHUB_TOKEN env var is not set."
         )
-        res.raise_for_status()
-        return res.json()["choices"][0]["message"]["content"], "groq (llama-3.3)"
-
-def _parse_files_from_response(raw_text: str) -> list[dict]:
-    text = raw_text.strip()
-    if text.startswith("```json"): text = text[7:]
-    if text.startswith("```"): text = text[3:]
-    if text.endswith("```"): text = text[:-3]
-    text = text.strip()
-    
+    return token
+
+
+# ── Endpoints ────────────────────────────────────────────────────────────────
+
+@app.post("/github/clone", tags=["GitHub"])
+async def github_clone(payload: GitHubCloneRequest, db=Depends(get_db)):
+    """
+    Clone a GitHub repository into a temp directory, read all text files,
+    and return them as a FileObject array (optionally auto-saving to MongoDB).
+    """
+    token = _resolve_github_token(payload.token)
+
+    # Inject token into URL for private repo support
+    authenticated_url = _inject_token_into_git_url(payload.repo_url, token)
+
+    tmp_dir = tempfile.mkdtemp(prefix="ethrix_clone_")
     try:
-        start = text.find('[')
-        end = text.rfind(']')
-        if start != -1 and end != -1:
-            return json.loads(text[start:end+1])
-        return json.loads(text)
-    except json.JSONDecodeError as e:
-        log.error(f"Failed to parse JSON: {e}\nRaw Output: {text[:200]}...")
-        raise ValueError("AI did not return valid JSON.")
-
-async def run_agentic_workflow(request: AgentRequest) -> AgentResponse:
-    # 1. Build Context
-    context_str = "\n".join(
-        f"File: {f.filename}\n```{f.language}\n{f.code}\n```" 
-        for f in request.existing_files
-    )
-    full_prompt = f"{AGENTIC_SYSTEM_PROMPT}\n\n--- EXISTING FILES ---\n{context_str}\n\n--- TASK ---\n{request.prompt}"
+        log.info(f"Cloning {payload.repo_url} (branch: {payload.branch}) → {tmp_dir}")
+        git.Repo.clone_from(
+            authenticated_url,
+            tmp_dir,
+            branch=payload.branch,
+            depth=1,   # Shallow clone — faster, no full history needed
+        )
+        files = _read_directory_as_files(tmp_dir)
+        log.info(f"Cloned {len(files)} files from {payload.repo_url}")
+
+    except git.exc.GitCommandError as e:
+        raise HTTPException(
+            status_code=422,
+            detail=f"Git clone failed: {e.stderr.strip() if e.stderr else str(e)}"
+        )
+    finally:
+        shutil.rmtree(tmp_dir, ignore_errors=True)
+
+    # Optional: auto-save to MongoDB
+    workspace_id = None
+    if payload.workspace_id and payload.user_id:
+        save_payload = WorkspaceSaveRequest(
+            user_id=payload.user_id,
+            name=f"[GitHub] {payload.repo_url.split('/')[-1]}",
+            files=[FileObject(**f) for f in files],
+        )
+        result = await save_workspace(save_payload, db)
+        workspace_id = result["workspace_id"]
+
+    return {
+        "message":      f"Cloned {len(files)} files successfully.",
+        "files":        files,
+        "workspace_id": workspace_id,
+    }
+
+
+@app.post("/github/commit-push", tags=["GitHub"])
+async def github_commit_push(payload: GitHubCommitRequest):
+    """
+    Commit files to a GitHub repository using the GitHub Contents API.
+    Creates or updates each file, then creates a commit.
+    Works without needing a local git installation.
+    """
+    token = _resolve_github_token(payload.token)
 
-    # 2. Try Providers
-    raw_response, provider = "", ""
     try:
-        raw_response, provider = await _call_gemini_with_fallback(full_prompt)
-    except Exception as e1:
-        log.warning(f"Gemini chain failed: {e1}. Trying OpenRouter...")
+        gh   = Github(token)
+        repo = gh.get_repo(payload.repo_full_name)
+    except GithubException as e:
+        raise HTTPException(
+            status_code=422,
+            detail=f"GitHub API error accessing '{payload.repo_full_name}': {e.data.get('message', str(e))}"
+        )
+
+    committed_files = []
+    errors = []
+
+    for file_obj in payload.files:
         try:
-            raw_response, provider = await _call_openrouter_safe(full_prompt)
-        except Exception as e2:
-            log.warning(f"OpenRouter failed: {e2}. Trying Groq...")
+            file_content = file_obj.code.encode("utf-8")
+            file_path    = file_obj.filename
+
+            # Try to get existing file SHA (required for updates)
             try:
-                raw_response, provider = await _call_groq_safe(full_prompt)
-            except Exception as e3:
-                raise HTTPException(status_code=502, detail="All AI providers exhausted.")
+                existing = repo.get_contents(file_path, ref=payload.branch)
+                repo.update_file(
+                    path=file_path,
+                    message=payload.commit_message,
+                    content=file_content,
+                    sha=existing.sha,
+                    branch=payload.branch,
+                )
+                action = "updated"
+            except GithubException as ge:
+                if ge.status == 404:
+                    repo.create_file(
+                        path=file_path,
+                        message=payload.commit_message,
+                        content=file_content,
+                        branch=payload.branch,
+                    )
+                    action = "created"
+                else:
+                    raise
+
+            committed_files.append({"filename": file_path, "action": action})
+            log.info(f"GitHub: {action} '{file_path}' in {payload.repo_full_name}")
+
+        except GithubException as e:
+            errors.append({
+                "filename": file_obj.filename,
+                "error":    e.data.get("message", str(e)),
+            })
+
+    return {
+        "message":         f"Committed {len(committed_files)} files to {payload.repo_full_name}@{payload.branch}.",
+        "committed_files": committed_files,
+        "errors":          errors,
+        "repo_url":        f"https://github.com/{payload.repo_full_name}",
+    }
 
-    # 3. Parse JSON
+
+@app.post("/github/repo-info", tags=["GitHub"])
+async def github_repo_info(payload: GitHubRepoInfoRequest):
+    """Fetch basic repository metadata (name, stars, branches, last commit)."""
+    token = _resolve_github_token(payload.token)
+    try:
+        gh   = Github(token)
+        repo = gh.get_repo(payload.repo_full_name)
+        branches = [b.name for b in repo.get_branches()]
+        commit = repo.get_commits()[0]
+        return {
+            "name":          repo.full_name,
+            "description":   repo.description,
+            "private":       repo.private,
+            "default_branch": repo.default_branch,
+            "branches":      branches,
+            "stars":         repo.stargazers_count,
+            "last_commit":   {
+                "sha":     commit.sha[:7],
+                "message": commit.commit.message.split("\n")[0],
+                "author":  commit.commit.author.name,
+                "date":    commit.commit.author.date.isoformat(),
+            },
+            "html_url":      repo.html_url,
+        }
+    except GithubException as e:
+        raise HTTPException(status_code=422, detail=e.data.get("message", str(e)))
+
+
+# ── Git helpers ───────────────────────────────────────────────────────────────
+
+def _inject_token_into_git_url(url: str, token: str) -> str:
+    """Turn https://github.com/... → https://TOKEN@github.com/..."""
+    return re.sub(r"https://", f"https://{token}@", url)
+
+
+# Text-based extensions we'll read when importing a cloned repo
+_TEXT_EXTENSIONS = {
+    ".js", ".jsx", ".ts", ".tsx", ".html", ".htm", ".css", ".scss", ".sass",
+    ".json", ".md", ".txt", ".py", ".rb", ".go", ".rs", ".java", ".c", ".cpp",
+    ".h", ".sh", ".bash", ".yml", ".yaml", ".xml", ".sql", ".php", ".kt",
+    ".swift", ".dart", ".vue", ".svelte", ".toml", ".ini", ".env.example",
+    ".gitignore", ".dockerignore", "dockerfile", "makefile",
+}
+
+_SKIP_DIRS = {".git", "node_modules", "__pycache__", ".venv", "venv", "dist", "build", ".next"}
+
+
+def _read_directory_as_files(root: str, max_files: int = 200) -> List[dict]:
+    """Walk a directory and return text files as FileObject-compatible dicts."""
+    results = []
+    for dirpath, dirnames, filenames in os.walk(root):
+        # Prune skipped directories in-place
+        dirnames[:] = [d for d in dirnames if d not in _SKIP_DIRS]
+
+        for filename in filenames:
+            if len(results) >= max_files:
+                break
+            full_path = os.path.join(dirpath, filename)
+            rel_path  = os.path.relpath(full_path, root).replace("\\", "/")
+            ext       = os.path.splitext(filename)[1].lower()
+
+            if ext not in _TEXT_EXTENSIONS and filename.lower() not in _TEXT_EXTENSIONS:
+                continue
+
+            try:
+                with open(full_path, "r", encoding="utf-8", errors="ignore") as fh:
+                    code = fh.read()
+                results.append({
+                    "filename": rel_path,
+                    "language": _ext_to_language(ext),
+                    "code":     code,
+                })
+            except OSError:
+                continue
+
+    return results
+
+
+def _ext_to_language(ext: str) -> str:
+    mapping = {
+        ".js": "javascript", ".jsx": "javascript",
+        ".ts": "typescript", ".tsx": "typescript",
+        ".html": "html", ".htm": "html",
+        ".css": "css", ".scss": "scss", ".sass": "sass",
+        ".json": "json", ".md": "markdown",
+        ".py": "python", ".rb": "ruby", ".go": "go",
+        ".rs": "rust", ".java": "java", ".c": "c",
+        ".cpp": "cpp", ".sh": "shell", ".bash": "shell",
+        ".yml": "yaml", ".yaml": "yaml", ".xml": "xml",
+        ".sql": "sql", ".php": "php", ".kt": "kotlin",
+        ".swift": "swift", ".dart": "dart",
+        ".vue": "html", ".svelte": "html",
+        ".toml": "ini", ".ini": "ini",
+    }
+    return mapping.get(ext, "plaintext")
+
+
+# ═════════════════════════════════════════════════════════════════════════════
+# ███  MODULE 3 — GOOGLE DRIVE  ███████████████████████████████████████████████
+# ═════════════════════════════════════════════════════════════════════════════
+
+# Drive scopes required
+_DRIVE_SCOPES = ["https://www.googleapis.com/auth/drive.file"]
+
+
+def _build_oauth_flow() -> Flow:
+    """Construct a google-auth-oauthlib Flow from environment credentials."""
+    if not GOOGLE_CLIENT_ID or not GOOGLE_CLIENT_SECRET:
+        raise HTTPException(
+            status_code=503,
+            detail="Google OAuth2 is not configured. Set GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET."
+        )
+    client_config = {
+        "web": {
+            "client_id":                  GOOGLE_CLIENT_ID,
+            "client_secret":              GOOGLE_CLIENT_SECRET,
+            "auth_uri":                   "https://accounts.google.com/o/oauth2/auth",
+            "token_uri":                  "https://oauth2.googleapis.com/token",
+            "redirect_uris":              [GOOGLE_REDIRECT_URI],
+        }
+    }
+    flow = Flow.from_client_config(client_config, scopes=_DRIVE_SCOPES)
+    flow.redirect_uri = GOOGLE_REDIRECT_URI
+    return flow
+
+
+# ── Endpoints ────────────────────────────────────────────────────────────────
+
+@app.get("/drive/auth", tags=["Google Drive"])
+async def drive_auth_start():
+    """
+    Step 1 of OAuth2: generate the Google authorisation URL.
+    The frontend redirects the user to the returned `auth_url`.
+    A `state` token is stored server-side to validate the callback.
+    """
+    flow = _build_oauth_flow()
+    auth_url, state = flow.authorization_url(
+        access_type="offline",
+        include_granted_scopes="true",
+        prompt="consent",
+    )
+    # Store state so the callback can verify it
+    _drive_sessions[state] = {"status": "pending"}
+    return {"auth_url": auth_url, "state": state}
+
+
+@app.get("/drive/callback", tags=["Google Drive"])
+async def drive_auth_callback(code: str, state: str):
+    """
+    Step 2 of OAuth2: Google redirects here with an auth code.
+    Exchange it for tokens and store them against the state key.
+    The frontend polls /drive/token/{state} to retrieve credentials.
+    """
+    if state not in _drive_sessions:
+        raise HTTPException(status_code=400, detail="Invalid or expired OAuth state token.")
+
+    flow = _build_oauth_flow()
+    try:
+        flow.fetch_token(code=code)
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=f"Token exchange failed: {str(e)}")
+
+    creds = flow.credentials
+    _drive_sessions[state] = {
+        "status":        "authenticated",
+        "token":         creds.token,
+        "refresh_token": creds.refresh_token,
+        "token_uri":     creds.token_uri,
+        "client_id":     creds.client_id,
+        "client_secret": creds.client_secret,
+        "scopes":        list(creds.scopes or _DRIVE_SCOPES),
+    }
+    log.info(f"Drive OAuth2 completed for state={state[:8]}…")
+    # Redirect to a frontend page that shows "Connected!" and closes the popup
+    return RedirectResponse(url="/?drive_connected=1")
+
+
+@app.get("/drive/token/{state}", tags=["Google Drive"])
+async def get_drive_token(state: str):
+    """
+    Frontend polls this endpoint after redirecting the user to /drive/auth.
+    Returns credential data when auth is complete.
+    """
+    session = _drive_sessions.get(state)
+    if not session:
+        raise HTTPException(status_code=404, detail="State token not found.")
+    return session
+
+
+class DriveUploadRequest(BaseModel):
+    """Upload the workspace as a ZIP to Google Drive."""
+    files:        List[FileObject]
+    zip_filename: str             = Field("ethrix-forge-workspace.zip")
+    folder_id:    Optional[str]   = Field(None, description="Google Drive folder ID. Uploads to root if None.")
+    # Credentials returned by /drive/token/{state}
+    token:         str
+    refresh_token: Optional[str]  = None
+    token_uri:     str             = "https://oauth2.googleapis.com/token"
+    client_id:     Optional[str]  = None
+    client_secret: Optional[str]  = None
+    scopes:        Optional[List[str]] = None
+
+
+@app.post("/drive/upload-workspace", tags=["Google Drive"])
+async def drive_upload_workspace(payload: DriveUploadRequest):
+    """
+    Create a ZIP archive of all workspace files in memory and upload it
+    directly to the user's Google Drive. Returns the Drive file ID and URL.
+    """
+    # Build credentials
     try:
-        files_data = _parse_files_from_response(raw_response)
-        generated_files = [
-            GeneratedFile(filename=f["filename"], language=f["language"], code=f["code"])
-            for f in files_data if "filename" in f and "code" in f
-        ]
-        return AgentResponse(
-            files=generated_files,
-            provider_used=provider,
-            total_files_changed=len(generated_files)
+        creds = Credentials(
+            token=payload.token,
+            refresh_token=payload.refresh_token,
+            token_uri=payload.token_uri,
+            client_id=payload.client_id or GOOGLE_CLIENT_ID,
+            client_secret=payload.client_secret or GOOGLE_CLIENT_SECRET,
+            scopes=payload.scopes or _DRIVE_SCOPES,
         )
+        # Refresh if expired
+        if creds.expired and creds.refresh_token:
+            creds.refresh(GoogleRequest())
+    except Exception as e:
+        raise HTTPException(status_code=401, detail=f"Invalid or expired Google credentials: {str(e)}")
+
+    # Build ZIP in memory
+    zip_buffer = io.BytesIO()
+    with zipfile.ZipFile(zip_buffer, mode="w", compression=zipfile.ZIP_DEFLATED) as zf:
+        for file_obj in payload.files:
+            zf.writestr(file_obj.filename, file_obj.code)
+    zip_buffer.seek(0)
+
+    # Upload to Drive
+    try:
+        service  = build("drive", "v3", credentials=creds, cache_discovery=False)
+        metadata = {"name": payload.zip_filename}
+        if payload.folder_id:
+            metadata["parents"] = [payload.folder_id]
+
+        media = MediaIoBaseUpload(zip_buffer, mimetype="application/zip", resumable=True)
+        result = service.files().create(
+            body=metadata,
+            media_body=media,
+            fields="id, name, webViewLink, size",
+        ).execute()
+
+        log.info(f"Drive upload: {result.get('name')} (id={result.get('id')})")
+        return {
+            "message":      "Workspace uploaded to Google Drive successfully.",
+            "file_id":      result.get("id"),
+            "file_name":    result.get("name"),
+            "web_view_link": result.get("webViewLink"),
+            "size_bytes":   result.get("size"),
+        }
+    except Exception as e:
+        log.error(f"Drive upload failed: {e}")
+        raise HTTPException(status_code=500, detail=f"Google Drive upload failed: {str(e)}")
+
+
+@app.get("/drive/files", tags=["Google Drive"])
+async def drive_list_files(
+    token:         str,
+    refresh_token: Optional[str] = None,
+    folder_id:     Optional[str] = None,
+):
+    """List ZIP files in Google Drive (or a specific folder)."""
+    try:
+        creds = Credentials(
+            token=token,
+            refresh_token=refresh_token,
+            token_uri="https://oauth2.googleapis.com/token",
+            client_id=GOOGLE_CLIENT_ID,
+            client_secret=GOOGLE_CLIENT_SECRET,
+            scopes=_DRIVE_SCOPES,
+        )
+        if creds.expired and creds.refresh_token:
+            creds.refresh(GoogleRequest())
+
+        service = build("drive", "v3", credentials=creds, cache_discovery=False)
+        query = "mimeType='application/zip' and trashed=false"
+        if folder_id:
+            query += f" and '{folder_id}' in parents"
+
+        results = service.files().list(
+            q=query,
+            fields="files(id, name, size, createdTime, webViewLink)",
+            orderBy="createdTime desc",
+            pageSize=50,
+        ).execute()
+
+        return {"files": results.get("files", [])}
     except Exception as e:
         raise HTTPException(status_code=500, detail=str(e))
 
-# ══════════════════════════════════════════════════════════════════════════════
-#  FASTAPI ENDPOINTS
-# ══════════════════════════════════════════════════════════════════════════════
 
-@app.get("/")
-def read_root():
-    return {"status": "Ethrix-Forge API is Running (Agentic Mode)"}
+# ═════════════════════════════════════════════════════════════════════════════
+# ███  MODULE 4 — SECURE AI GATEWAY  ██████████████████████████████████████████
+# ═════════════════════════════════════════════════════════════════════════════
+#
+# The React frontend sends prompts here. The backend appends the real API keys
+# (stored as HF Secrets) before forwarding to the AI providers.
+# The frontend NEVER sees the raw API keys.
+# ────────────────────────────────────────────────────────────────────────────���
+
+# ── Strict JSON Auto-Coding System Prompt ────────────────────────────────────
+# (Mirrors useAIService.js for consistency — the gateway can also be used
+#  as a backend-only generation path without the frontend SDK.)
 
+SYSTEM_PROMPT = """You are Ethrix, an elite autonomous software engineer inside the Ethrix-Forge AI IDE. Your sole function is to generate complete, production-ready source code.
+
+ABSOLUTE OUTPUT RULES — NEVER VIOLATE THESE:
+1. Your response MUST be a single, raw, valid JSON array. Nothing else.
+2. Each element: {"filename": "...", "language": "...", "code": "..."}
+3. NO markdown fences. NO backticks. NO explanation. NO preamble.
+4. All code must be complete and untruncated.
+5. Escape double-quotes inside "code" as \\", newlines as \\n.
+
+You are a JSON-outputting machine. You do not converse."""
+
+# ── Models ────────────────────────────────────────────────────────────────────
+
+class AIGatewayRequest(BaseModel):
+    prompt:   str  = Field(..., description="User's coding request")
+    provider: str  = Field("gemini", description="'gemini' or 'groq'")
+    model:    Optional[str] = None
+
+
+class AIGatewayResponse(BaseModel):
+    files:        List[dict]
+    raw_response: str
+    provider:     str
+    model:        str
+
+
+# ── Naya Gemini SDK Import ──
+log = logging.getLogger("ethrix-forge")
+
+# 🚀 Shantanu's Ultimate Master Fallback Lists
+GEMINI_MODELS = [
+    "gemini-2.5-flash",                    # 🔥 Sabse fast aur powerful! (Top Priority)
+    "gemini-2.0-flash", 
+    "gemini-2.0-flash-lite-preview-02-05", 
+    "gemini-1.5-flash"
+]
+OPENROUTER_MODELS = [
+    "qwen/qwen-2.5-coder-32b-instruct:free", # Free aur best coding
+    "meta-llama/llama-3.3-70b-instruct:free"
+]
+GROQ_MODELS = [
+    "qwen-2.5-coder-32b", 
+    "llama-3.3-70b-versatile"
+]
+
+# Note: Maine naam _call_gemini_gateway hi rakha hai taaki tumhara baaki code na tute,
+# par ab yeh ek MASTER GATEWAY ban chuka hai! 😎
+async def _call_gemini_gateway(prompt: str, requested_model: str) -> str:
+    """The God Mode AI Gateway: Gemini -> OpenRouter -> Groq"""
+    full_prompt = f"{SYSTEM_PROMPT}\n\nUser Request:\n{prompt}"
+    last_error = ""
+
+    # 🟢 STEP 1: GEMINI (First Priority)
+    if GEMINI_API_KEY:
+        client = genai.Client(api_key=GEMINI_API_KEY)
+        for model in GEMINI_MODELS:
+            log.info(f"🔄 Trying Gemini: {model}...")
+            try:
+                def sync_call(m):
+                    return client.models.generate_content(model=m, contents=full_prompt)
+                response = await asyncio.to_thread(sync_call, model)
+                log.info(f"✅ Success with Gemini {model}!")
+                return response.text
+            except Exception as e:
+                log.warning(f"⚠️ Gemini {model} failed: {str(e)}")
+                last_error = f"Gemini Error: {str(e)}"
+
+    # 🔵 STEP 2: OPENROUTER (Second Priority)
+    OPENROUTER_API_KEY = os.getenv("OPENROUTER_API_KEY")
+    if OPENROUTER_API_KEY:
+        async with httpx.AsyncClient(timeout=30.0) as client:
+            for model in OPENROUTER_MODELS:
+                log.info(f"🔄 Trying OpenRouter: {model}...")
+                try:
+                    res = await client.post(
+                        "https://openrouter.ai/api/v1/chat/completions",
+                        headers={"Authorization": f"Bearer {OPENROUTER_API_KEY}"},
+                        json={"model": model, "messages": [{"role": "user", "content": full_prompt}]}
+                    )
+                    res.raise_for_status()
+                    data = res.json()
+                    log.info(f"✅ Success with OpenRouter {model}!")
+                    return data["choices"][0]["message"]["content"]
+                except Exception as e:
+                    log.warning(f"⚠️ OpenRouter {model} failed: {str(e)}")
+                    last_error = f"OpenRouter Error: {str(e)}"
+
+    # 🟠 STEP 3: GROQ (Third Priority - Flash Speed Backup)
+    GROQ_API_KEY = os.getenv("GROQ_API_KEY") # Agar env variable ka naam GROQ_API_KEY hai
+    if GROQ_API_KEY:
+        async with httpx.AsyncClient(timeout=15.0) as client:
+            for model in GROQ_MODELS:
+                log.info(f"🔄 Trying Groq: {model}...")
+                try:
+                    res = await client.post(
+                        "https://api.groq.com/openai/v1/chat/completions",
+                        headers={"Authorization": f"Bearer {GROQ_API_KEY}"},
+                        json={"model": model, "messages": [{"role": "user", "content": full_prompt}]}
+                    )
+                    res.raise_for_status()
+                    data = res.json()
+                    log.info(f"✅ Success with Groq {model}!")
+                    return data["choices"][0]["message"]["content"]
+                except Exception as e:
+                    log.warning(f"⚠️ Groq {model} failed: {str(e)}")
+                    last_error = f"Groq Error: {str(e)}"
+
+    # ❌ FINAL ERROR: Agar duniya ke teeno bade AI down ho jayein (jo ki impossible hai)
+    log.error(f"❌ ALL AI PROVIDERS FAILED! Last error: {last_error}")
+    raise HTTPException(status_code=502, detail="All AI limits exhausted! Please check logs.")
+
+
+async def _call_groq_gateway(prompt: str, model: str) -> str:
+    """Call Groq Chat Completions API."""
+    if not GROQ_API_KEY:
+        raise HTTPException(status_code=503, detail="GROQ_API_KEY is not set on the server.")
+
+    url  = "https://api.groq.com/openai/v1/chat/completions"
+    body = {
+        "model": model,
+        "messages": [
+            {"role": "system", "content": SYSTEM_PROMPT},
+            {"role": "user",   "content": prompt},
+        ],
+        "temperature": 0.2,
+        "max_tokens":  8192,
+        "response_format": {"type": "json_object"},
+    }
+    async with httpx.AsyncClient(timeout=120) as client:
+        resp = await client.post(
+            url, json=body,
+            headers={"Authorization": f"Bearer {GROQ_API_KEY}"}
+        )
+
+    if resp.status_code == 429:
+        raise HTTPException(status_code=429, detail="Groq rate limit exceeded. Please wait and retry.")
+    if resp.status_code in (401, 403):
+        raise HTTPException(status_code=502, detail="Groq API key is invalid or unauthorised.")
+    if not resp.is_success:
+        detail = resp.json().get("error", {}).get("message", resp.text)
+        raise HTTPException(status_code=502, detail=f"Groq error: {detail}")
+
+    data = resp.json()
+    return data.get("choices", [{}])[0].get("message", {}).get("content", "")
+
+
+# ── JSON Parser (mirrors frontend logic) ─────────────────────────────────────
+
+def _parse_gateway_response(raw: str, provider: str) -> List[dict]:
+    if not raw or not raw.strip():
+        raise HTTPException(status_code=502, detail=f"{provider} returned an empty response.")
+
+    text = raw.strip()
+
+    # Strategy 1: direct parse
+    try:
+        parsed = json.loads(text)
+        if isinstance(parsed, list):
+            return parsed
+        # Groq json_object mode may wrap the array in a key
+        if isinstance(parsed, dict):
+            for v in parsed.values():
+                if isinstance(v, list):
+                    return v
+    except json.JSONDecodeError:
+        pass
+
+    # Strategy 2: strip markdown fences
+    fence_match = re.search(r"```(?:json)?\s*([\s\S]*?)```", text)
+    if fence_match:
+        try:
+            parsed = json.loads(fence_match.group(1).strip())
+            if isinstance(parsed, list):
+                return parsed
+        except json.JSONDecodeError:
+            pass
+
+    # Strategy 3: extract first [...] block
+    array_match = re.search(r"\[[\s\S]*\]", text)
+    if array_match:
+        try:
+            return json.loads(array_match.group(0))
+        except json.JSONDecodeError as e:
+            raise HTTPException(
+                status_code=422,
+                detail=f"AI returned malformed JSON from {provider}. Parse error: {str(e)}"
+            )
+
+    raise HTTPException(
+        status_code=422,
+        detail=f"No valid JSON array found in {provider} response. Preview: {text[:300]}"
+    )
+
+
+# ── Default models per provider ───────────────────────────────────────────────
+_GATEWAY_DEFAULT_MODELS = {
+    "gemini": "gemini-2.0-flash",
+    "groq":   "llama-3.3-70b-versatile",
+}
+
+
+# ── Main Gateway Endpoint ─────────────────────────────────────────────────────
+
+# Naya Agentic Endpoint
 @app.post("/api/agent/generate", response_model=AgentResponse)
 async def agent_generate(request: AgentRequest):
-    return await run_agentic_workflow(request)
+    return await run_agentic_workflow(request)
+
+# ═════════════════════════════════════════════════════════════════════════════
+# HEALTH & ROOT
+# ═════════════════════════════════════════════════════════════════════════════
+
+@app.get("/", tags=["Health"])
+async def root():
+    return {
+        "service":    "Ethrix-Forge Backend",
+        "version":    "1.0.0",
+        "status":     "online",
+        "docs":       "/docs",
+        "timestamp":  _now().isoformat(),
+    }
+
+
+@app.get("/health", tags=["Health"])
+async def health_check():
+    """Deep health check — verifies MongoDB connectivity."""
+    db_status = "disconnected"
+    if _mongo_client:
+        try:
+            await _mongo_client.admin.command("ping")
+            db_status = "connected"
+        except Exception:
+            db_status = "error"
+
+    return {
+        "status":   "ok" if db_status == "connected" else "degraded",
+        "database": db_status,
+        "ai_gateway": {
+            "gemini_configured": bool(GEMINI_API_KEY),
+            "groq_configured":   bool(GROQ_API_KEY),
+        },
+        "github_configured": bool(GITHUB_TOKEN),
+        "drive_configured":  bool(GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET),
+    }
+
+
+# ═════════════════════════════════════════════════════════════════════════════
+# ENTRY POINT
+# ═════════════════════════════════════════════════════════════════════════════
+if __name__ == "__main__":
+    import uvicorn
+    uvicorn.run(
+        "main:app",
+        host="0.0.0.0",
+        port=PORT,
+        reload=False,   # Disable in production
+        log_level="info",
+    )