| # User Service API |
| |
| This document describes the HTTP surface of the user-service FastAPI app. The service powers provider discovery, chat orchestration, agent lifecycle management, demo generation, and deployment management. All routes are relative to the service root (e.g., `http://localhost:8000`). |
| |
| ## Authentication and headers |
| The auth provider is selected by `APP_ENV` (and the per-provider config under `auth/`). Three modes: |
| - **Dev (default):** session-cookie auth via the `dev_stub` provider. The browser-side login flow is `GET /auth/login/dev_stub` → backend picker → callback sets the `gofannon_sid` httpOnly cookie. API calls then carry the cookie automatically. |
| - **Real OAuth deployments:** the same session model with Google/Microsoft/GitHub/ASF/etc. providers in place of `dev_stub`. Same cookie carries the session. |
| - **Firebase deployments:** send `Authorization: Bearer <ID token>`; the token is verified with Firebase and the decoded user is attached to `request.state.user`. |
| |
| Most routes rely on dependency injection for authorization (`get_current_user`); admin-only routes require `require_admin_access`. |
| |
| ## Error handling |
| - Standard FastAPI error responses are returned with a JSON body shaped as `{"detail": <message>}` when validation or downstream services fail. |
| - Background tasks (e.g., chat processing) store status and errors in the database; clients should poll for completion. |
| |
| ## Endpoint summary |
| - **Service metadata:** `GET /`, `GET /health` |
| - **Logging:** `POST /log/client` |
| - **Provider catalog:** `GET /providers`, `/providers/{provider}`, `/providers/{provider}/models`, `/providers/{provider}/models/{model}` |
| - **User profile & usage:** `GET /users/me`, `PUT /users/me/monthly-allowance`, `PUT /users/me/allowance-reset-date`, `PUT /users/me/spend-remaining`, `POST /users/me/usage`, `POST /users/me/reset-allowance` |
| - **Admin users:** `GET /admin/users`, `PUT /admin/users/{user_id}` |
| - **Chat:** `POST /chat`, `GET /chat/{ticket_id}` |
| - **Session configuration:** `POST /sessions/{session_id}/config`, `GET /sessions/{session_id}/config`, `DELETE /sessions/{session_id}` |
| - **Agents:** CRUD at `/agents` plus `POST /agents/generate-code`, `POST /agents/run-code` |
| - **Deployments:** `POST /agents/{agent_id}/deploy`, `DELETE /agents/{agent_id}/undeploy`, `GET /agents/{agent_id}/deployment`, `GET /deployments`, `POST /rest/{friendly_name}` |
| - **MCP connectors:** `POST /mcp/tools` |
| - **Specs:** `POST /specs/fetch` |
| - **Demos:** `POST /demos/generate-code`, CRUD at `/demos` |
| |
| ## Endpoint details |
| |
| ### Service metadata |
| - `GET /` → Simple heartbeat payload with service name. |
| - `GET /health` → `{ "status": "healthy", "service": "user-service" }` for readiness probes. |
| |
| ### Logging |
| - `POST /log/client` |
| - Body: `{ "eventType": string, "message": string, "level": "INFO"|"WARN"|..., "metadata": object? }` |
| - Behavior: Enriches metadata with `client_host` and `user_agent`, then writes to observability service. Returns `{ "status": "logged" }`. |
| |
| ### Provider catalog |
| - `GET /providers` → Map of provider configurations keyed by provider slug. |
| - `GET /providers/{provider}` → Provider config, 404 if missing. |
| - `GET /providers/{provider}/models` → List of model slugs for the provider. |
| - `GET /providers/{provider}/models/{model}` → Model configuration, 404 if provider or model missing. |
| |
| ### User profile & usage |
| - `GET /users/me` → Current user profile (`User` schema with `basicInfo`, `billingInfo`, `usageInfo`). |
| - `PUT /users/me/monthly-allowance` |
| - Body: `{ "monthlyAllowance": number }` |
| - Effect: Updates allowance limit. |
| - `PUT /users/me/allowance-reset-date` |
| - Body: `{ "allowanceResetDate": number }` |
| - Effect: Updates reset timestamp. |
| - `PUT /users/me/spend-remaining` |
| - Body: `{ "spendRemaining": number }` |
| - Effect: Updates remaining spend. |
| - `POST /users/me/usage` |
| - Body: `{ "responseCost": number, "metadata"?: object }` |
| - Effect: Appends usage entry and updates spend remaining. |
| - `POST /users/me/reset-allowance` → Resets usage tracking for the current user. |
| |
| ### Admin users |
| - `GET /admin/users` → Lists all users (admin-only dependency). |
| - `PUT /admin/users/{user_id}` |
| - Body: any combination of `monthlyAllowance`, `allowanceResetDate`, `spendRemaining`. |
| - Effect: Updates targeted user's usage info (admin-only). |
| |
| ### Chat |
| - `POST /chat` |
| - Body: `ChatRequest` containing `messages` (role `user|assistant|system`), `provider`, `model`, optional `parameters`, and `builtInTools`. |
| - Effect: Queues background chat processing and returns `{ "ticket_id": <uuid>, "status": "pending" }`. |
| - `GET /chat/{ticket_id}` → `ChatResponse` with `status`, `result`, and `error` once processing completes. |
| |
| ### Session configuration |
| - `POST /sessions/{session_id}/config` |
| - Body: `ProviderConfig` (`provider`, `model`, `parameters`). |
| - Effect: Creates or updates session document and returns confirmation. |
| - `GET /sessions/{session_id}/config` → Stored `provider_config` for the session. |
| - `DELETE /sessions/{session_id}` → Deletes session and returns `{ "message": "Session deleted" }`. |
| |
| ### Agents |
| - `POST /agents` |
| - Body: `CreateAgentRequest` (name, description, code, optional `friendlyName`, tool metadata, schemas, invokable models, composer metadata). |
| - Effect: Persists agent and returns saved `Agent` with `_id` and `_rev`. |
| - `GET /agents` → List of all agents. |
| - `GET /agents/{agent_id}` → Single agent document. |
| - `PUT /agents/{agent_id}` |
| - Body: `UpdateAgentRequest` (partial updates across the same fields as creation). |
| - Effect: Merges with existing document, preserves creation metadata, returns updated agent. |
| - `DELETE /agents/{agent_id}` → Deletes agent, 204 on success. |
| - `POST /agents/generate-code` |
| - Body: `GenerateCodeRequest` (description, `tools`, input/output schemas, composer `modelConfig`, optional swagger specs and invokable models). |
| - Effect: Returns generated agent code and metadata. |
| - `POST /agents/run-code` |
| - Body: `RunCodeRequest` (`code`, `inputDict`, `tools`, optional `gofannonAgents`). |
| - Effect: Executes code in sandbox; response contains `result` or raises with logged failure details. |
| |
| ### Deployments |
| - `POST /agents/{agent_id}/deploy` → Registers agent for REST exposure; 201 with deployment info. |
| - `DELETE /agents/{agent_id}/undeploy` → Removes deployment; 204 on success. |
| - `GET /agents/{agent_id}/deployment` → Deployment metadata for the agent, or 404 if not deployed. |
| - `GET /deployments` → List of deployed APIs (`DeployedApi` objects). |
| - `POST /rest/{friendly_name}` → Runs a deployed agent by its public name using the JSON body as `input_dict`. |
| |
| ### Specs |
| - `POST /specs/fetch` |
| - Body: `{ "url": string }` |
| - Effect: Fetches and returns OpenAPI/Swagger spec content from a remote URL. |
| |
| ### MCP connectors |
| - `POST /mcp/tools` |
| - Body: `{ "mcp_url": string, "auth_token"?: string }` |
| - Effect: Connects to a remote MCP server and returns `{ "mcp_url": ..., "tools": [...] }`. |
| |
| ### Demo apps |
| - `POST /demos/generate-code` |
| - Body: `GenerateDemoCodeRequest` (user prompt, selected deployed APIs, composer `modelConfig`, optional `builtInTools`). |
| - Effect: Returns generated `html`, `css`, `js`, and optional `thoughts`. |
| - `POST /demos` |
| - Body: `CreateDemoAppRequest` (name, description, selected APIs, composer config, prompt, generated code, optional composer thoughts). |
| - Effect: Saves a demo app and returns the stored `DemoApp`. |
| - `GET /demos` → List of saved demo apps. |
| - `GET /demos/{demo_id}` → Single demo app. |
| - `PUT /demos/{demo_id}` → Replace demo app content using the same schema as creation. |
| - `DELETE /demos/{demo_id}` → Deletes demo app, 204 on success. |
