revert merge from remote branch

.github/config/uds-config.yaml

@@ -0,0 +1,3 @@
+variables:
+  core-slim-dev:
+    INSECURE_ADMIN_PASSWORD_GENERATION: "true"

.github/scripts/createUser.sh

@@ -0,0 +1,57 @@
+KEYCLOAK_ADMIN_PASSWORD=$(uds zarf tools kubectl get secret -n keycloak keycloak-admin-password -o jsonpath={.data.password} | base64 -d)
+echo "::add-mask::$KEYCLOAK_ADMIN_PASSWORD"
+
+KEYCLOAK_ADMIN_TOKEN=$(curl --location "https://keycloak.admin.uds.dev/realms/master/protocol/openid-connect/token" \
+	--http1.1 \
+	--header "Content-Type: application/x-www-form-urlencoded" \
+	--data-urlencode "username=admin" \
+	--data-urlencode "password=${KEYCLOAK_ADMIN_PASSWORD}" \
+	--data-urlencode "client_id=admin-cli" \
+	--data-urlencode "grant_type=password" | uds zarf tools yq .access_token)
+echo "::add-mask::$KEYCLOAK_ADMIN_TOKEN"
+
+curl --location "https://keycloak.admin.uds.dev/admin/realms/uds/users" \
+	--http1.1 \
+	--header "Content-Type: application/json" \
+	--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" \
+	--data "{
+  \"username\": \"doug\",
+  \"firstName\": \"Doug\",
+  \"lastName\": \"Unicorn\",
+  \"email\": \"doug@uds.dev\",
+  \"attributes\": {
+    \"mattermostid\": \"1\"
+  },
+  \"emailVerified\": true,
+  \"enabled\": true,
+  \"requiredActions\": [],
+  \"credentials\": [
+    {
+      \"type\": \"password\",
+      \"value\": \"${FAKE_E2E_USER_PASSWORD}\",
+      \"temporary\": false
+    }
+  ]
+}"
+
+CONDITIONAL_OTP_ID=$(curl --location "https://keycloak.admin.uds.dev/admin/realms/uds/authentication/flows/Authentication/executions" \
+	--http1.1 \
+	--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" | uds zarf tools yq '.[] | select(.displayName == "Conditional OTP") | .id')
+
+curl --location --request PUT "https://keycloak.admin.uds.dev/admin/realms/uds/authentication/flows/Authentication/executions" \
+	--http1.1 \
+	--header "Content-Type: application/json" \
+	--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}" \
+	--data "{
+\"id\": \"${CONDITIONAL_OTP_ID}\",
+\"requirement\": \"DISABLED\"
+}"
+
+USER=$(
+	curl --location "https://keycloak.admin.uds.dev/admin/realms/uds/users?user=doug" \
+		--http1.1 \
+		--header "Content-Type: application/json" \
+		--header "Authorization: Bearer ${KEYCLOAK_ADMIN_TOKEN}"
+)
+
+echo "User: $USER"

packages/api/chart/templates/_helpers.tpl

@@ -0,0 +1,63 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "chart.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "chart.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "chart.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "chart.labels" -}}
+helm.sh/chart: {{ include "chart.chart" . }}
+{{ include "chart.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+app: {{ include "chart.fullname" . }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "chart.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "chart.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "chart.serviceAccountName" -}}
+{{- if .Values.api.serviceAccount.create }}
+{{- default (include "chart.fullname" .) .Values.api.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.api.serviceAccount.name }}
+{{- end }}
+{{- end }}

packages/api/common/zarf.yaml

@@ -0,0 +1,28 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/zarf-dev/zarf/main/zarf.schema.json
+
+kind: ZarfPackageConfig
+metadata:
+  description: "LeapfrogAI API common"
+  name: leapfrogai-api-common
+  version: "###ZARF_PKG_TMPL_IMAGE_VERSION###"
+
+components:
+  - name: leapfrogai-api
+    description: "The LeapfrogAI Python API that shadows the OpenAI API specification"
+    required: true
+    charts:
+      - name: leapfrogai
+        namespace: leapfrogai
+        localPath: ../chart
+        # x-release-please-start-version
+        version: 0.11.0
+        # x-release-please-end
+    actions:
+      onDeploy:
+        after:
+          - wait:
+              cluster:
+                kind: Job
+                name: leapfrogai-api-migrations-###ZARF_PKG_TMPL_IMAGE_VERSION###
+                namespace: leapfrogai
+                condition: complete

packages/api/values/registry1-values.yaml

@@ -0,0 +1,17 @@
+api:
+  image:
+    repository: registry1.dso.mil/ironbank/opensource/defenseunicorns/leapfrogai/api
+    # x-release-please-start-version
+    tag: v0.11.0
+    # x-release-please-end
+
+  migration:
+    image:
+      # TODO: replace with Ironbank image once hardened: registry1.dso.mil/ironbank/opensource/defenseunicorns/leapfrogai/api/migrations
+      repository: ghcr.io/defenseunicorns/leapfrogai/api-migrations
+      tag: ###ZARF_CONST_IMAGE_VERSION###
+
+kiwigrid:
+  image:
+    repository: registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar
+    tag: 1.23.3

packages/api/values/upstream-values.yaml

@@ -0,0 +1,14 @@
+api:
+  image:
+    repository: ghcr.io/defenseunicorns/leapfrogai/leapfrogai-api
+    tag: ###ZARF_CONST_IMAGE_VERSION###
+
+  migration:
+    image:
+      repository: ghcr.io/defenseunicorns/leapfrogai/api-migrations
+      tag: ###ZARF_CONST_IMAGE_VERSION###
+
+kiwigrid:
+  image:
+    repository: kiwigrid/k8s-sidecar
+    tag: 1.23.3

packages/supabase/chart/templates/supabase-realtime-secret.yaml

@@ -0,0 +1,18 @@
+{{- $dbEncKey := randAlphaNum 16 }} # This needs to be exactly 16 characters
+{{- $existingSecret := (lookup "v1" "Secret" .Release.Namespace "supabase-realtime-extra") }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: supabase-realtime-extra
+ namespace: {{ .Release.Namespace }}
+ {{- if $existingSecret }}
+ annotations:
+   "helm.sh/resource-policy": keep
+ {{- end }}
+type: Opaque
+data:
+ {{- if $existingSecret }}
+ dbEncKey: {{ $existingSecret.data.dbEncKey }}
+ {{- else }}
+ dbEncKey: {{ $dbEncKey | b64enc | quote }}
+ {{- end }}

packages/supabase/migrations/20240808093300_v0.10.0_realtime_tenant.sql

@@ -0,0 +1,22 @@
+-- Disable the foreign key constraint
+ALTER TABLE _realtime.extensions
+DROP CONSTRAINT extensions_tenant_external_id_fkey;
+
+-- Update the external_id and name for the realtime tenant
+UPDATE _realtime.tenants
+SET external_id = 'supabase-realtime',
+    name = 'supabase-realtime'
+WHERE external_id = 'realtime-dev'
+  AND name = 'realtime-dev';
+
+-- Update the tenant_external_id for the realtime extension
+UPDATE _realtime.extensions
+SET tenant_external_id = 'supabase-realtime'
+WHERE tenant_external_id = 'realtime-dev';
+
+-- Re-enable the foreign key constraint
+ALTER TABLE _realtime.extensions
+ADD CONSTRAINT extensions_tenant_external_id_fkey
+FOREIGN KEY (tenant_external_id)
+REFERENCES _realtime.tenants(external_id)
+ON DELETE CASCADE;

tests/conformance/test_conformance_assistants.py

@@ -0,0 +1,22 @@
+import pytest
+from openai.types.beta.assistant import Assistant
+
+from .utils import client_config_factory
+
+
+@pytest.mark.parametrize("client_name", ["openai", "leapfrogai"])
+def test_assistant(client_name):
+    config = client_config_factory(client_name)
+    client = config["client"]
+
+    vector_store = client.beta.vector_stores.create(name="Test data")
+
+    assistant = client.beta.assistants.create(
+        name="Test Assistant",
+        instructions="You must provide a response based on the attached files.",
+        model=config["model"],
+        tools=[{"type": "file_search"}],
+        tool_resources={"file_search": {"vector_store_ids": [vector_store.id]}},
+    )
+
+    assert isinstance(assistant, Assistant)

tests/conformance/test_conformance_threads.py

@@ -0,0 +1,44 @@
+import pytest
+from openai.types.beta.thread import Thread
+from openai.types.beta.threads import Message, TextContentBlock, Text
+
+from .utils import client_config_factory
+
+
+def make_mock_message_object(role, message_text):
+    Message(
+        id="",
+        thread_id="",
+        created_at=0,
+        object="thread.message",
+        status="in_progress",
+        role=role,
+        content=[
+            TextContentBlock(text=Text(value=message_text, annotations=[]), type="text")
+        ],
+    )
+
+
+def make_mock_message_simple(role, message_text):
+    return dict(role=role, content=message_text)
+
+
+mock_message = make_mock_message_simple(role="user", message_text="Who is Sam?")
+
+
+@pytest.mark.parametrize(
+    "client_name, test_messages",
+    [
+        ("openai", []),
+        ("openai", [mock_message]),
+        ("leapfrogai", []),
+        ("leapfrogai", [mock_message]),
+    ],
+)
+def test_thread(client_name, test_messages):
+    config = client_config_factory(client_name)
+    client = config["client"]
+
+    thread = client.beta.threads.create(messages=test_messages)
+
+    assert isinstance(thread, Thread)

tests/conformance/test_conformance_tools.py

@@ -0,0 +1,77 @@
+import pytest
+from openai.types.beta.threads.annotation import (
+    FileCitationAnnotation,
+    FilePathAnnotation,
+)
+from openai.types.beta.threads.text import Text
+from openai.types.beta.threads.message import Message
+import re
+
+from .utils import client_config_factory, text_file_path
+
+
+def make_vector_store_with_file(client):
+    vector_store = client.beta.vector_stores.create(name="Test data")
+    with open(text_file_path(), "rb") as file:
+        client.beta.vector_stores.files.upload(
+            vector_store_id=vector_store.id, file=file
+        )
+    return vector_store
+
+
+def make_test_assistant(client, model, vector_store_id):
+    assistant = client.beta.assistants.create(
+        name="Test Assistant",
+        instructions="You must provide a response based on the attached files.",
+        model=model,
+        tools=[{"type": "file_search"}],
+        tool_resources={"file_search": {"vector_store_ids": [vector_store_id]}},
+    )
+    return assistant
+
+
+def make_test_run(client, assistant, thread):
+    run = client.beta.threads.runs.create_and_poll(
+        assistant_id=assistant.id, thread_id=thread.id
+    )
+    return run
+
+
+def validate_annotation_format(annotation):
+    pattern = r"【\d+:\d+†source】"
+    match = re.fullmatch(pattern, annotation)
+    return match is not None
+
+
+@pytest.mark.parametrize("client_name", ["openai", "leapfrogai"])
+def test_thread_file_annotations(client_name):
+    config = client_config_factory(client_name)
+    client = config["client"]  # shorthand
+
+    vector_store = make_vector_store_with_file(client)
+    assistant = make_test_assistant(client, config["model"], vector_store.id)
+    thread = client.beta.threads.create()
+
+    client.beta.threads.messages.create(
+        thread_id=thread.id,
+        role="user",
+        content="Who is Sam?",
+    )
+    run = make_test_run(client, assistant, thread)
+
+    messages = client.beta.threads.messages.list(
+        thread_id=thread.id, run_id=run.id
+    ).data
+
+    # Runs will only have the messages that were generated by the run, not previous messages
+    assert len(messages) == 1
+    assert all(isinstance(message, Message) for message in messages)
+
+    # Get the response content
+    message_content = messages[0].content[0].text
+    assert isinstance(message_content, Text)
+
+    # Check annotations return type
+    for a in message_content.annotations:
+        assert isinstance(a, (FileCitationAnnotation, FilePathAnnotation))
+        assert validate_annotation_format(a.text) is True