🔒 Secure API token management via environment variables

app.py

@@ -6,19 +6,25 @@ from datetime import datetime
 
 class HuggingFaceRealAPI:
     def __init__(self):
-        # API-Token aus Environment oder direkt einsetzen
-        self.api_token = os.getenv("HF_TOKEN", None)  # ← Token hier einsetzen
+        # Token aus Environment Variable (sicher)
+        self.api_token = os.getenv("HF_TOKEN")
         self.api_url = "https://api-inference.huggingface.co/models/"
         
-        # Models die definitiv funktionieren
+        # Verfügbare Models
         self.available_models = [
             "gpt2",
             "distilgpt2",
             "microsoft/DialoGPT-small"
         ]
         
+        # Token-Status prüfen
+        self.token_available = self.api_token is not None
+        
     def query_model(self, model_name, prompt):
         """Echter API Call mit Authentication"""
+        if not self.token_available:
+            raise Exception("HF_TOKEN nicht verfügbar - in Space Secrets konfigurieren")
+            
         url = f"{self.api_url}{model_name}"
         
         headers = {
@@ -35,7 +41,7 @@ class HuggingFaceRealAPI:
                 "return_full_text": False
             },
             "options": {
-                "wait_for_model": True  # Wichtig: Warten bis Model geladen ist
+                "wait_for_model": True
             }
         }
         
@@ -45,6 +51,13 @@ class HuggingFaceRealAPI:
     def test_agent_response(self, prompt, model_name, agent_role="General"):
         """Echter HuggingFace API Test"""
         
+        if not self.token_available:
+            return {
+                "status": "❌ HF_TOKEN nicht konfiguriert in Space Secrets",
+                "time": "0.00s",
+                "setup_instructions": "Gehe zu Settings → Repository secrets → Füge HF_TOKEN hinzu"
+            }
+        
         saap_prompts = {
             "Jane": f"Als KI-Architektin für Multi-Agent-Systeme:\nFrage: {prompt}\nAntwort:",
             "John": f"Als Softwareentwickler für AGI-Architekturen:\nFrage: {prompt}\nAntwort:", 
@@ -63,7 +76,8 @@ class HuggingFaceRealAPI:
             if response.status_code == 200:
                 result = response.json()
                 
-                # Handle verschiedene Response-Formate
+                # Response-Format handling
+                response_text = ""
                 if isinstance(result, list) and len(result) > 0:
                     if 'generated_text' in result[0]:
                         response_text = result[0]['generated_text']
@@ -71,16 +85,9 @@ class HuggingFaceRealAPI:
                         response_text = str(result[0])
                 elif isinstance(result, dict):
                     if 'generated_text' in result:
-                        response_text = result['generated_text'] 
-                    elif 'error' in result:
-                        return {
-                            "status": f"❌ API Error: {result['error']}",
-                            "time": f"{response_time:.2f}s"
-                        }
+                        response_text = result['generated_text']
                     else:
                         response_text = str(result)
-                else:
-                    response_text = str(result)
                 
                 return {
                     "response": response_text,
@@ -103,11 +110,6 @@ class HuggingFaceRealAPI:
                     "time": f"{response_time:.2f}s"
                 }
                 
-        except requests.exceptions.Timeout:
-            return {
-                "status": "❌ Timeout - Model zu langsam",
-                "time": f"{time.time() - start_time:.2f}s"
-            }
         except Exception as e:
             return {
                 "status": f"❌ Error: {str(e)[:50]}",
@@ -118,29 +120,32 @@ class HuggingFaceRealAPI:
 benchmark = HuggingFaceRealAPI()
 
 def run_cloud_benchmark(prompt, selected_models, agent_role):
-    """Echter Cloud Benchmark mit HuggingFace API"""
+    """Echter Cloud Benchmark mit sicherer Token-Verwaltung"""
     if not prompt.strip():
         return "⚠️ **Bitte Test-Prompt eingeben**"
     
     if not selected_models:
         return "⚠️ **Bitte mindestens ein Model auswählen**"
     
-    # Token-Check
-    if "YOUR_TOKEN_HERE" in benchmark.api_token:
+    # Token-Status prüfen
+    if not benchmark.token_available:
         return """
-        ## ❌ HuggingFace API Token benötigt
-        
-        **Für echte API-Calls:**
-        1. Gehe zu https://huggingface.co/settings/tokens
-        2. Erstelle neuen "Read" Token  
-        3. Ersetze `hf_YOUR_TOKEN_HERE` in der app.py
-        4. Neu deployen
-        
-        **Ohne Token sind nur lokale Tests möglich.**
+        ## ❌ HuggingFace API Token Setup erforderlich
+        
+        **Konfiguration in HuggingFace Space:**
+        1. Gehe zu Space Settings ⚙️
+        2. Scroll zu "Repository secrets"
+        3. Füge Secret hinzu: Name: `HF_TOKEN`, Value: [dein Token]
+        4. Space wird automatisch neu starten
+        
+        **Token generieren:**
+        1. https://huggingface.co/settings/tokens
+        2. "New token" → "Read" permissions
+        3. Token kopieren und in Space Secret einfügen
         """
     
     results = []
-    results.append("# ☁️ SAAP Cloud Performance Benchmark (ECHT)")
+    results.append("# ☁️ SAAP Authentischer Cloud Benchmark")
     results.append("**Platform:** HuggingFace Inference API | **Echte GPU-Cluster**")
     results.append(f"**🤖 Agent Role:** {agent_role}")
     results.append(f"**📝 Test Prompt:** {prompt}")
@@ -157,8 +162,15 @@ def run_cloud_benchmark(prompt, selected_models, agent_role):
         results.append(f"## ☁️ {model_name}")
         results.append(f"**Status:** {result.get('status', '❌ Error')}")
         results.append(f"**Response Time:** {result.get('time', 'N/A')}")
-        results.append(f"**Environment:** {result.get('environment', '☁️ HuggingFace')}")
-        results.append(f"**Tokens Generated:** {result.get('tokens', 0)}")
+        
+        if 'setup_instructions' in result:
+            results.append(f"**Setup:** {result['setup_instructions']}")
+        
+        if 'environment' in result:
+            results.append(f"**Environment:** {result['environment']}")
+            
+        if 'tokens' in result:
+            results.append(f"**Tokens:** {result['tokens']}")
         
         if 'response' in result and result['response']:
             preview = result['response'][:120].replace('\n', ' ')
@@ -166,7 +178,7 @@ def run_cloud_benchmark(prompt, selected_models, agent_role):
         
         results.append("---")
         
-        # Statistics nur bei Success
+        # Statistics
         if result.get('status', '').startswith('✅'):
             successful_tests += 1
             try:
@@ -175,47 +187,36 @@ def run_cloud_benchmark(prompt, selected_models, agent_role):
             except:
                 pass
     
-    # Performance Summary mit echten Daten
+    # Performance Summary
     if successful_tests > 0:
         avg_time = total_time / successful_tests
-        results.append(f"## 📊 Echte Cloud Performance")
+        results.append(f"## 📊 Authentische Cloud Performance")
         results.append(f"**Average Response Time:** {avg_time:.2f}s")
         results.append(f"**Successful Tests:** {successful_tests}/{len(selected_models)}")
-        results.append(f"**Authentisch:** ✅ Echte HuggingFace GPU-Inferenz")
-        
-        # Echter Vergleich mit deinen lokalen Daten
-        results.append(f"\n## 🆚 **Authentischer Performance-Vergleich**")
         
-        results.append(f"### 🏠 **On-Premise (Deine gemessenen Werte):**")
-        results.append(f"- **qwen2:1.5b:** 25.94s")
-        results.append(f"- **tinyllama:** 17.96s")
-        results.append(f"- **Durchschnitt:** ~22s")
+        # Echter Vergleich
+        results.append(f"\n## 🆚 **Echter Performance-Vergleich**")
+        results.append(f"**🏠 On-Premise:** ~22s (deine CachyOS Daten)")
+        results.append(f"**☁️ Cloud:** {avg_time:.2f}s (echte HuggingFace API)")
         
-        results.append(f"### ☁️ **Cloud (Echte HuggingFace API):**")
-        results.append(f"- **Durchschnitt:** {avg_time:.2f}s")
-        
-        # Echter Speedup-Vergleich
         speedup = 22 / avg_time if avg_time > 0 else 1
-        results.append(f"\n**🎓 Authentische Thesis-Ergebnisse:**")
-        results.append(f"**Performance-Faktor:** {speedup:.1f}x ({'Cloud schneller' if speedup > 1 else 'On-Premise schneller'})")
+        results.append(f"**Performance-Faktor:** {speedup:.1f}x")
         
-        if speedup > 5:
-            results.append(f"**Fazit:** ☁️ Cloud deutlich überlegen ({speedup:.1f}x), aber Kosten/Datenschutz beachten")
-        elif speedup > 2:
-            results.append(f"**Fazit:** ☁️ Cloud schneller, On-Premise für Datenschutz/Kosten besser")
+        if speedup > 3:
+            results.append(f"**🎓 Thesis-Fazit:** ☁️ Cloud deutlich schneller, aber On-Premise für Datenschutz/Kosten")
         else:
-            results.append(f"**Fazit:** 🏠 On-Premise konkurrenzfähig + Datenschutz + Kostenvorteile")
-    
-    else:
-        results.append("## ❌ Keine erfolgreichen API-Calls")
-        results.append("**Mögliche Ursachen:** Token-Problem, Model-Loading, Rate-Limits")
+            results.append(f"**🎓 Thesis-Fazit:** 🏠 On-Premise konkurrenzfähig mit Datenschutz-Vorteilen")
     
     return "\n".join(results)
 
 # Gradio Interface
-with gr.Blocks(title="SAAP Real Cloud Benchmark", theme=gr.themes.Soft()) as demo:
-    gr.Markdown("# ☁️ SAAP Echter Cloud Performance Benchmark")
-    gr.Markdown("**Master Thesis:** Hanan Wandji Danga | **Echte HuggingFace API vs. On-Premise**")
+with gr.Blocks(title="SAAP Authentischer Cloud Benchmark") as demo:
+    gr.Markdown("# ☁️ SAAP Authentischer Cloud Performance Benchmark")
+    gr.Markdown("**Master Thesis:** Hanan Wandji Danga | **Echte API vs. On-Premise**")
+    
+    # Token Status anzeigen
+    token_status = "✅ HF_TOKEN konfiguriert" if benchmark.token_available else "❌ HF_TOKEN fehlt - Setup erforderlich"
+    gr.Markdown(f"**API Status:** {token_status}")
     
     with gr.Row():
         with gr.Column(scale=2):
@@ -227,7 +228,7 @@ with gr.Blocks(title="SAAP Real Cloud Benchmark", theme=gr.themes.Soft()) as dem
             
             agent_role = gr.Dropdown(
                 choices=["General", "Jane", "John", "Justus"],
-                label="Agent Role Simulation",
+                label="Agent Role",
                 value="Jane"
             )
             
@@ -235,39 +236,18 @@ with gr.Blocks(title="SAAP Real Cloud Benchmark", theme=gr.themes.Soft()) as dem
             model_selection = gr.CheckboxGroup(
                 choices=benchmark.available_models,
                 label="☁️ Echte Cloud Models",
-                value=["gpt2"]  # Start mit einem Model
+                value=["gpt2"]
             )
             
-            benchmark_btn = gr.Button("☁️ Run ECHTER Cloud Benchmark", variant="primary", size="lg")
+            benchmark_btn = gr.Button("☁️ Run Authentischen Benchmark", variant="primary")
     
-    results_output = gr.Markdown(label="Echte Benchmark Results")
+    results_output = gr.Markdown()
     
     benchmark_btn.click(
         run_cloud_benchmark,
         inputs=[prompt_input, model_selection, agent_role],
         outputs=results_output
     )
-    
-    with gr.Accordion("🎓 Authentische SAAP Thesis-Daten", open=False):
-        gr.Markdown("""
-        ### ⚡ Echter API vs. Simulation
-        
-        **Vorher:** Simulierte 1.5s (unrealistisch)
-        **Jetzt:** Echte HuggingFace GPU-Cluster Performance
-        
-        ### 📊 Erwartete echte Ergebnisse:
-        - **gpt2:** ~3-8s (abhängig von Server-Last)
-        - **distilgpt2:** ~2-5s (kleineres Model)
-        - **DialoGPT:** ~4-10s (Dialog-optimiert)
-        
-        ### 🎯 Authentische Thesis-Daten:
-        - ✅ Echte Cloud-Performance-Messwerte
-        - ✅ Vergleichbar mit deinen On-Premise Daten (17-26s)
-        - ✅ Realistische Kostenabschätzung möglich
-        - ✅ Echte API-Latenz und Zuverlässigkeit
-        
-        **Lokale App:** http://127.0.0.1:7860
-        """)
 
 if __name__ == "__main__":
     demo.launch()