forked from phoenix-oss/llama-stack-mirror
c91e3552a3
Create a new agent: ``` curl --request POST \ --url http://localhost:8321/v1/agents \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --data '{ "agent_config": { "sampling_params": { "strategy": { "type": "greedy" }, "max_tokens": 0, "repetition_penalty": 1 }, "input_shields": [ "string" ], "output_shields": [ "string" ], "toolgroups": [ "string" ], "client_tools": [ { "name": "string", "description": "string", "parameters": [ { "name": "string", "parameter_type": "string", "description": "string", "required": true, "default": null } ], "metadata": { "property1": null, "property2": null } } ], "tool_choice": "auto", "tool_prompt_format": "json", "tool_config": { "tool_choice": "auto", "tool_prompt_format": "json", "system_message_behavior": "append" }, "max_infer_iters": 10, "model": "string", "instructions": "string", "enable_session_persistence": false, "response_format": { "type": "json_schema", "json_schema": { "property1": null, "property2": null } } } }' ``` Get agent: ``` curl http://127.0.0.1:8321/v1/agents/9abad4ab-2c77-45f9-9d16-46b79d2bea1f {"agent_id":"9abad4ab-2c77-45f9-9d16-46b79d2bea1f","agent_config":{"sampling_params":{"strategy":{"type":"greedy"},"max_tokens":0,"repetition_penalty":1.0},"input_shields":["string"],"output_shields":["string"],"toolgroups":["string"],"client_tools":[{"name":"string","description":"string","parameters":[{"name":"string","parameter_type":"string","description":"string","required":true,"default":null}],"metadata":{"property1":null,"property2":null}}],"tool_choice":"auto","tool_prompt_format":"json","tool_config":{"tool_choice":"auto","tool_prompt_format":"json","system_message_behavior":"append"},"max_infer_iters":10,"model":"string","instructions":"string","enable_session_persistence":false,"response_format":{"type":"json_schema","json_schema":{"property1":null,"property2":null}}},"created_at":"2025-03-12T16:18:28.369144Z"}% ``` List agents: ``` curl http://127.0.0.1:8321/v1/agents|jq % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1680 100 1680 0 0 498k 0 --:--:-- --:--:-- --:--:-- 546k { "data": [ { "agent_id": "9abad4ab-2c77-45f9-9d16-46b79d2bea1f", "agent_config": { "sampling_params": { "strategy": { "type": "greedy" }, "max_tokens": 0, "repetition_penalty": 1.0 }, "input_shields": [ "string" ], "output_shields": [ "string" ], "toolgroups": [ "string" ], "client_tools": [ { "name": "string", "description": "string", "parameters": [ { "name": "string", "parameter_type": "string", "description": "string", "required": true, "default": null } ], "metadata": { "property1": null, "property2": null } } ], "tool_choice": "auto", "tool_prompt_format": "json", "tool_config": { "tool_choice": "auto", "tool_prompt_format": "json", "system_message_behavior": "append" }, "max_infer_iters": 10, "model": "string", "instructions": "string", "enable_session_persistence": false, "response_format": { "type": "json_schema", "json_schema": { "property1": null, "property2": null } } }, "created_at": "2025-03-12T16:18:28.369144Z" }, { "agent_id": "a6643aaa-96dd-46db-a405-333dc504b168", "agent_config": { "sampling_params": { "strategy": { "type": "greedy" }, "max_tokens": 0, "repetition_penalty": 1.0 }, "input_shields": [ "string" ], "output_shields": [ "string" ], "toolgroups": [ "string" ], "client_tools": [ { "name": "string", "description": "string", "parameters": [ { "name": "string", "parameter_type": "string", "description": "string", "required": true, "default": null } ], "metadata": { "property1": null, "property2": null } } ], "tool_choice": "auto", "tool_prompt_format": "json", "tool_config": { "tool_choice": "auto", "tool_prompt_format": "json", "system_message_behavior": "append" }, "max_infer_iters": 10, "model": "string", "instructions": "string", "enable_session_persistence": false, "response_format": { "type": "json_schema", "json_schema": { "property1": null, "property2": null } } }, "created_at": "2025-03-12T16:17:12.811273Z" } ] } ``` Create sessions: ``` curl --request POST \ --url http://localhost:8321/v1/agents/{agent_id}/session \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --data '{ "session_name": "string" }' ``` List sessions: ``` curl http://127.0.0.1:8321/v1/agents/9abad4ab-2c77-45f9-9d16-46b79d2bea1f/sessions|jq % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 263 100 263 0 0 90099 0 --:--:-- --:--:-- --:--:-- 128k [ { "session_id": "2b15c4fc-e348-46c1-ae32-f6d424441ac1", "session_name": "string", "turns": [], "started_at": "2025-03-12T17:19:17.784328" }, { "session_id": "9432472d-d483-4b73-b682-7b1d35d64111", "session_name": "string", "turns": [], "started_at": "2025-03-12T17:19:19.885834" } ] ``` Signed-off-by: Sébastien Han <seb@redhat.com>
167 lines
6.1 KiB
Python
167 lines
6.1 KiB
Python
# Copyright (c) Meta Platforms, Inc. and affiliates.
|
|
# All rights reserved.
|
|
#
|
|
# This source code is licensed under the terms described in the LICENSE file in
|
|
# the root directory of this source tree.
|
|
|
|
import uuid
|
|
from datetime import datetime
|
|
from unittest.mock import patch
|
|
|
|
import pytest
|
|
|
|
from llama_stack.apis.agents import Turn
|
|
from llama_stack.apis.inference import CompletionMessage, StopReason
|
|
from llama_stack.distribution.datatypes import AccessAttributes
|
|
from llama_stack.providers.inline.agents.meta_reference.persistence import AgentPersistence, AgentSessionInfo
|
|
|
|
|
|
@pytest.fixture
|
|
async def test_setup(sqlite_kvstore):
|
|
agent_persistence = AgentPersistence(agent_id="test_agent", kvstore=sqlite_kvstore)
|
|
yield agent_persistence
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
@patch("llama_stack.providers.inline.agents.meta_reference.persistence.get_auth_attributes")
|
|
async def test_session_creation_with_access_attributes(mock_get_auth_attributes, test_setup):
|
|
agent_persistence = test_setup
|
|
|
|
# Set creator's attributes for the session
|
|
creator_attributes = {"roles": ["researcher"], "teams": ["ai-team"]}
|
|
mock_get_auth_attributes.return_value = creator_attributes
|
|
|
|
# Create a session
|
|
session_id = await agent_persistence.create_session("Test Session")
|
|
|
|
# Get the session and verify access attributes were set
|
|
session_info = await agent_persistence.get_session_info(session_id)
|
|
assert session_info is not None
|
|
assert session_info.access_attributes is not None
|
|
assert session_info.access_attributes.roles == ["researcher"]
|
|
assert session_info.access_attributes.teams == ["ai-team"]
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
@patch("llama_stack.providers.inline.agents.meta_reference.persistence.get_auth_attributes")
|
|
async def test_session_access_control(mock_get_auth_attributes, test_setup):
|
|
agent_persistence = test_setup
|
|
|
|
# Create a session with specific access attributes
|
|
session_id = str(uuid.uuid4())
|
|
session_info = AgentSessionInfo(
|
|
session_id=session_id,
|
|
session_name="Restricted Session",
|
|
started_at=datetime.now(),
|
|
access_attributes=AccessAttributes(roles=["admin"], teams=["security-team"]),
|
|
turns=[],
|
|
)
|
|
|
|
await agent_persistence.kvstore.set(
|
|
key=f"session:{agent_persistence.agent_id}:{session_id}",
|
|
value=session_info.model_dump_json(),
|
|
)
|
|
|
|
# User with matching attributes can access
|
|
mock_get_auth_attributes.return_value = {"roles": ["admin", "user"], "teams": ["security-team", "other-team"]}
|
|
retrieved_session = await agent_persistence.get_session_info(session_id)
|
|
assert retrieved_session is not None
|
|
assert retrieved_session.session_id == session_id
|
|
|
|
# User without matching attributes cannot access
|
|
mock_get_auth_attributes.return_value = {"roles": ["user"], "teams": ["other-team"]}
|
|
retrieved_session = await agent_persistence.get_session_info(session_id)
|
|
assert retrieved_session is None
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
@patch("llama_stack.providers.inline.agents.meta_reference.persistence.get_auth_attributes")
|
|
async def test_turn_access_control(mock_get_auth_attributes, test_setup):
|
|
agent_persistence = test_setup
|
|
|
|
# Create a session with restricted access
|
|
session_id = str(uuid.uuid4())
|
|
session_info = AgentSessionInfo(
|
|
session_id=session_id,
|
|
session_name="Restricted Session",
|
|
started_at=datetime.now(),
|
|
access_attributes=AccessAttributes(roles=["admin"]),
|
|
turns=[],
|
|
)
|
|
|
|
await agent_persistence.kvstore.set(
|
|
key=f"session:{agent_persistence.agent_id}:{session_id}",
|
|
value=session_info.model_dump_json(),
|
|
)
|
|
|
|
# Create a turn for this session
|
|
turn_id = str(uuid.uuid4())
|
|
turn = Turn(
|
|
session_id=session_id,
|
|
turn_id=turn_id,
|
|
steps=[],
|
|
started_at=datetime.now(),
|
|
input_messages=[],
|
|
output_message=CompletionMessage(
|
|
content="Hello",
|
|
stop_reason=StopReason.end_of_turn,
|
|
),
|
|
)
|
|
|
|
# Admin can add turn
|
|
mock_get_auth_attributes.return_value = {"roles": ["admin"]}
|
|
await agent_persistence.add_turn_to_session(session_id, turn)
|
|
|
|
# Admin can get turn
|
|
retrieved_turn = await agent_persistence.get_session_turn(session_id, turn_id)
|
|
assert retrieved_turn is not None
|
|
assert retrieved_turn.turn_id == turn_id
|
|
|
|
# Regular user cannot get turn
|
|
mock_get_auth_attributes.return_value = {"roles": ["user"]}
|
|
with pytest.raises(ValueError):
|
|
await agent_persistence.get_session_turn(session_id, turn_id)
|
|
|
|
# Regular user cannot get turns for session
|
|
with pytest.raises(ValueError):
|
|
await agent_persistence.get_session_turns(session_id)
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
@patch("llama_stack.providers.inline.agents.meta_reference.persistence.get_auth_attributes")
|
|
async def test_tool_call_and_infer_iters_access_control(mock_get_auth_attributes, test_setup):
|
|
agent_persistence = test_setup
|
|
|
|
# Create a session with restricted access
|
|
session_id = str(uuid.uuid4())
|
|
session_info = AgentSessionInfo(
|
|
session_id=session_id,
|
|
session_name="Restricted Session",
|
|
started_at=datetime.now(),
|
|
access_attributes=AccessAttributes(roles=["admin"]),
|
|
turns=[],
|
|
)
|
|
|
|
await agent_persistence.kvstore.set(
|
|
key=f"session:{agent_persistence.agent_id}:{session_id}",
|
|
value=session_info.model_dump_json(),
|
|
)
|
|
|
|
turn_id = str(uuid.uuid4())
|
|
|
|
# Admin user can set inference iterations
|
|
mock_get_auth_attributes.return_value = {"roles": ["admin"]}
|
|
await agent_persistence.set_num_infer_iters_in_turn(session_id, turn_id, 5)
|
|
|
|
# Admin user can get inference iterations
|
|
infer_iters = await agent_persistence.get_num_infer_iters_in_turn(session_id, turn_id)
|
|
assert infer_iters == 5
|
|
|
|
# Regular user cannot get inference iterations
|
|
mock_get_auth_attributes.return_value = {"roles": ["user"]}
|
|
infer_iters = await agent_persistence.get_num_infer_iters_in_turn(session_id, turn_id)
|
|
assert infer_iters is None
|
|
|
|
# Regular user cannot set inference iterations (should raise ValueError)
|
|
with pytest.raises(ValueError):
|
|
await agent_persistence.set_num_infer_iters_in_turn(session_id, turn_id, 10)
|