Spaces:
Running
Running
File size: 73,956 Bytes
b42dfef c6abd4e b42dfef c6abd4e b42dfef 4d53e2b c6abd4e 63db11a b42dfef c6abd4e b42dfef 0498411 3eb00a5 613b744 e13574c 625984c 613b744 625984c 15e93d6 d1c02ef 35022df 613b744 625984c d1c02ef 35022df 613b744 d1c02ef 35022df 625984c 613b744 625984c 613b744 625984c 613b744 625984c 35022df 625984c e13574c 625984c 7523755 990c944 35022df 990c944 b42dfef 304b69a cd45927 db72a16 b42dfef 990c944 b42dfef 90a15f5 51bcded 90a15f5 ebdc25f b42dfef ebdc25f b42dfef 90a15f5 b42dfef c6abd4e b42dfef 4d53e2b b42dfef cd45927 b42dfef 8f21cf3 e19eb49 db72a16 b42dfef fe27a3c b42dfef fe27a3c 3aef00d b42dfef 3eb00a5 2218d34 3eb00a5 2218d34 3eb00a5 0827363 2b0cf6a b42dfef 0fb9638 b42dfef 0fb9638 b42dfef 0fb9638 b42dfef 0fb9638 b42dfef 0fb9638 5a38e32 9acce26 5a38e32 9acce26 5a38e32 0fb9638 5db8e53 0fb9638 b42dfef c6abd4e 9acce26 4d53e2b c6abd4e 4d53e2b 9acce26 fe27a3c c6abd4e 9acce26 c6abd4e 4d53e2b c6abd4e 4d53e2b c6abd4e b42dfef 4d53e2b b42dfef 4d53e2b b42dfef 4d53e2b b42dfef 63db11a ccf0e98 a35ce25 ccf0e98 a35ce25 63db11a 53813c1 b42dfef 53813c1 b42dfef 53813c1 b42dfef 0498411 b42dfef 990c944 b42dfef 990c944 b42dfef 0498411 b42dfef 990c944 b42dfef 15e93d6 990c944 b42dfef 0498411 b42dfef 990c944 db72a16 b42dfef 0498411 d4d57c4 cd45927 304b69a cd45927 0498411 b42dfef 7523755 990c944 c77d732 cd45927 b42dfef cd45927 c77d732 cd45927 b42dfef 63db11a 990c944 b42dfef 990c944 b42dfef e19eb49 cd2780c e19eb49 cd2780c 5ac5919 8f21cf3 cd2780c 8f21cf3 cd2780c 8f21cf3 cd2780c 5ac5919 cd2780c 5ac5919 cd2780c 5ac5919 cd2780c b42dfef 3c247ba b42dfef 3c247ba b42dfef 3c247ba b42dfef 3c247ba b42dfef 4748143 b42dfef 4748143 b42dfef 9acce26 b42dfef 9acce26 b42dfef ba8977c b42dfef ba8977c b42dfef 0fb9638 b42dfef ba8977c b42dfef 0fb9638 b42dfef 0fb9638 fe566fd b42dfef 5a38e32 fe27a3c 5c91796 fe27a3c 3aef00d 5a38e32 deb8b94 5a38e32 deb8b94 3aef00d deb8b94 3aef00d deb8b94 3aef00d deb8b94 3aef00d deb8b94 3aef00d 5a38e32 3aef00d deb8b94 5a38e32 deb8b94 3aef00d fe27a3c dba0810 fe27a3c 5c91796 fe27a3c 5c91796 3aef00d fe27a3c 5c91796 3aef00d fe27a3c ba8977c 5c91796 5a38e32 5c91796 ba8977c 5a38e32 ba8977c fe27a3c ba8977c b42dfef ba8977c fe566fd 5c91796 fe566fd fe27a3c dba0810 fe27a3c 5c91796 fe27a3c 5c91796 fe27a3c 5c91796 fe27a3c 5c91796 fe27a3c b42dfef fe27a3c fe566fd b42dfef ba8977c b42dfef 0fb9638 b42dfef 0fb9638 ba8977c b42dfef 0827363 2b0cf6a 3eb00a5 2218d34 3eb00a5 2218d34 3eb00a5 b42dfef 254f500 b42dfef |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 |
"""
FastAPI backend for AnyCoder - provides REST API endpoints
"""
from fastapi import FastAPI, HTTPException, Header, WebSocket, WebSocketDisconnect, Request, Response
from fastapi.middleware.cors import CORSMiddleware
from fastapi.responses import StreamingResponse, RedirectResponse, JSONResponse
from pydantic import BaseModel
from typing import Optional, List, Dict, AsyncGenerator
import json
import asyncio
from datetime import datetime, timedelta
import secrets
import base64
import urllib.parse
import re
# Import only what we need, avoiding Gradio UI imports
import sys
import os
from huggingface_hub import InferenceClient
import httpx
# Import model handling from backend_models
from backend_models import (
get_inference_client,
get_real_model_id,
create_gemini3_messages,
is_native_sdk_model,
is_mistral_model
)
# Import project importer for importing from HF/GitHub
from project_importer import ProjectImporter
# Import system prompts from standalone backend_prompts.py
# No dependencies on Gradio or heavy libraries
print("[Startup] Loading system prompts from backend_prompts...")
try:
from backend_prompts import (
HTML_SYSTEM_PROMPT,
TRANSFORMERS_JS_SYSTEM_PROMPT,
STREAMLIT_SYSTEM_PROMPT,
REACT_SYSTEM_PROMPT,
REACT_FOLLOW_UP_SYSTEM_PROMPT, # Import React followup prompt
get_gradio_system_prompt, # Import the function to get dynamic prompt
get_comfyui_system_prompt, # Import the function to get dynamic ComfyUI prompt
JSON_SYSTEM_PROMPT,
GENERIC_SYSTEM_PROMPT
)
# Get the Gradio system prompt (includes full Gradio 6 documentation)
GRADIO_SYSTEM_PROMPT = get_gradio_system_prompt()
# Get the ComfyUI system prompt (includes full ComfyUI documentation)
COMFYUI_SYSTEM_PROMPT = get_comfyui_system_prompt()
print("[Startup] β
All system prompts loaded successfully from backend_prompts.py")
print(f"[Startup] π Gradio system prompt loaded with full documentation ({len(GRADIO_SYSTEM_PROMPT)} chars)")
print(f"[Startup] π ComfyUI system prompt loaded with full documentation ({len(COMFYUI_SYSTEM_PROMPT)} chars)")
except Exception as e:
import traceback
print(f"[Startup] β ERROR: Could not import from backend_prompts: {e}")
print(f"[Startup] Traceback: {traceback.format_exc()}")
print("[Startup] Using minimal fallback prompts")
# Define minimal fallback prompts
HTML_SYSTEM_PROMPT = "You are an expert web developer. Create complete HTML applications with CSS and JavaScript."
TRANSFORMERS_JS_SYSTEM_PROMPT = "You are an expert at creating transformers.js applications. Generate complete working code."
STREAMLIT_SYSTEM_PROMPT = "You are an expert Streamlit developer. Create complete Streamlit applications."
REACT_SYSTEM_PROMPT = "You are an expert React developer. Create complete React applications with Next.js."
GRADIO_SYSTEM_PROMPT = "You are an expert Gradio developer. Create complete, working Gradio applications."
COMFYUI_SYSTEM_PROMPT = "You are an expert ComfyUI developer. Generate clean, valid JSON workflows for ComfyUI based on the user's request. READ THE USER'S REQUEST CAREFULLY and create a workflow that matches their specific needs."
JSON_SYSTEM_PROMPT = "You are an expert at generating JSON configurations. Create valid, well-structured JSON."
GENERIC_SYSTEM_PROMPT = "You are an expert {language} developer. Create complete, working {language} applications."
print("[Startup] System prompts initialization complete")
# Cache system prompts map for fast lookup (created once at startup)
SYSTEM_PROMPT_CACHE = {
"html": HTML_SYSTEM_PROMPT,
"gradio": GRADIO_SYSTEM_PROMPT,
"streamlit": STREAMLIT_SYSTEM_PROMPT,
"transformers.js": TRANSFORMERS_JS_SYSTEM_PROMPT,
"react": REACT_SYSTEM_PROMPT,
"comfyui": COMFYUI_SYSTEM_PROMPT, # Use ComfyUI-specific prompt with documentation
}
# Client connection pool for reuse (thread-safe)
import threading
_client_pool = {}
_client_pool_lock = threading.Lock()
def get_cached_client(model_id: str, provider: str = "auto"):
"""Get or create a cached API client for reuse"""
cache_key = f"{model_id}:{provider}"
with _client_pool_lock:
if cache_key not in _client_pool:
_client_pool[cache_key] = get_inference_client(model_id, provider)
return _client_pool[cache_key]
# Define models and languages here to avoid importing Gradio UI
AVAILABLE_MODELS = [
{"name": "Devstral Medium 2512", "id": "devstral-medium-2512", "description": "Mistral Devstral 2512 - Expert code generation model via OpenRouter (Default)", "supports_images": False},
{"name": "GLM-4.6V ποΈ", "id": "zai-org/GLM-4.6V:zai-org", "description": "GLM-4.6V vision model - supports image uploads for visual understanding", "supports_images": True},
{"name": "DeepSeek V3.2", "id": "deepseek-ai/DeepSeek-V3.2-Exp", "description": "DeepSeek V3.2 Experimental - Fast model for code generation via HuggingFace Router with Novita provider", "supports_images": False},
{"name": "DeepSeek R1", "id": "deepseek-ai/DeepSeek-R1-0528", "description": "DeepSeek R1 model for code generation", "supports_images": False},
{"name": "Gemini 3.0 Pro", "id": "gemini-3.0-pro", "description": "Google Gemini 3.0 Pro via Poe with advanced reasoning", "supports_images": False},
{"name": "Grok 4.1 Fast", "id": "x-ai/grok-4.1-fast", "description": "Grok 4.1 Fast model via OpenRouter (20 req/min on free tier)", "supports_images": False},
{"name": "MiniMax M2", "id": "MiniMaxAI/MiniMax-M2", "description": "MiniMax M2 model via HuggingFace InferenceClient with Novita provider", "supports_images": False},
{"name": "GPT-5.1", "id": "gpt-5.1", "description": "OpenAI GPT-5.1 model via Poe for advanced code generation and general tasks", "supports_images": False},
{"name": "GPT-5.1 Instant", "id": "gpt-5.1-instant", "description": "OpenAI GPT-5.1 Instant model via Poe for fast responses", "supports_images": False},
{"name": "GPT-5.1 Codex", "id": "gpt-5.1-codex", "description": "OpenAI GPT-5.1 Codex model via Poe optimized for code generation", "supports_images": False},
{"name": "Claude-Opus-4.5", "id": "claude-opus-4.5", "description": "Anthropic Claude Opus 4.5 via Poe (OpenAI-compatible)", "supports_images": False},
{"name": "Claude-Sonnet-4.5", "id": "claude-sonnet-4.5", "description": "Anthropic Claude Sonnet 4.5 via Poe (OpenAI-compatible)", "supports_images": False},
{"name": "Claude-Haiku-4.5", "id": "claude-haiku-4.5", "description": "Anthropic Claude Haiku 4.5 via Poe (OpenAI-compatible)", "supports_images": False},
{"name": "Kimi K2 Thinking", "id": "moonshotai/Kimi-K2-Thinking", "description": "Moonshot Kimi K2 Thinking model via HuggingFace with Together AI provider", "supports_images": False},
{"name": "GLM-4.6", "id": "zai-org/GLM-4.6", "description": "GLM-4.6 model via HuggingFace with Cerebras provider", "supports_images": False},
]
# Cache model lookup for faster access (built after AVAILABLE_MODELS is defined)
MODEL_CACHE = {model["id"]: model for model in AVAILABLE_MODELS}
print(f"[Startup] β
Performance optimizations loaded: {len(SYSTEM_PROMPT_CACHE)} cached prompts, {len(MODEL_CACHE)} cached models, client pooling enabled")
LANGUAGE_CHOICES = ["html", "gradio", "transformers.js", "streamlit", "comfyui", "react"]
app = FastAPI(title="AnyCoder API", version="1.0.0")
# OAuth and environment configuration (must be before CORS)
OAUTH_CLIENT_ID = os.getenv("OAUTH_CLIENT_ID", "")
OAUTH_CLIENT_SECRET = os.getenv("OAUTH_CLIENT_SECRET", "")
OAUTH_SCOPES = os.getenv("OAUTH_SCOPES", "openid profile manage-repos write-discussions")
OPENID_PROVIDER_URL = os.getenv("OPENID_PROVIDER_URL", "https://huggingface.co")
SPACE_HOST = os.getenv("SPACE_HOST", "localhost:7860")
# Configure CORS - allow all origins in production, specific in dev
# In Docker Space, requests come from the same domain via Next.js proxy
ALLOWED_ORIGINS = os.getenv("ALLOWED_ORIGINS", "*").split(",") if os.getenv("ALLOWED_ORIGINS") else [
"http://localhost:3000",
"http://localhost:3001",
"http://localhost:7860",
f"https://{SPACE_HOST}" if SPACE_HOST and not SPACE_HOST.startswith("localhost") else "http://localhost:7860"
]
app.add_middleware(
CORSMiddleware,
allow_origins=ALLOWED_ORIGINS if ALLOWED_ORIGINS != ["*"] else ["*"],
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
allow_origin_regex=r"https://.*\.hf\.space" if SPACE_HOST and not SPACE_HOST.startswith("localhost") else None,
)
# In-memory store for OAuth states (in production, use Redis or similar)
oauth_states = {}
# In-memory store for user sessions
user_sessions = {}
def is_session_expired(session_data: dict) -> bool:
"""Check if session has expired"""
expires_at = session_data.get("expires_at")
if not expires_at:
# If no expiration info, check if session is older than 8 hours
timestamp = session_data.get("timestamp", datetime.now())
return (datetime.now() - timestamp) > timedelta(hours=8)
return datetime.now() >= expires_at
# Background task for cleaning up expired sessions
async def cleanup_expired_sessions():
"""Periodically clean up expired sessions"""
while True:
try:
await asyncio.sleep(3600) # Run every hour
expired_sessions = []
for session_token, session_data in user_sessions.items():
if is_session_expired(session_data):
expired_sessions.append(session_token)
for session_token in expired_sessions:
user_sessions.pop(session_token, None)
print(f"[Auth] Cleaned up expired session: {session_token[:10]}...")
if expired_sessions:
print(f"[Auth] Cleaned up {len(expired_sessions)} expired session(s)")
except Exception as e:
print(f"[Auth] Cleanup error: {e}")
# Start cleanup task on app startup
@app.on_event("startup")
async def startup_event():
"""Run startup tasks"""
asyncio.create_task(cleanup_expired_sessions())
print("[Startup] β
Session cleanup task started")
# Pydantic models for request/response
class CodeGenerationRequest(BaseModel):
query: str
language: str = "html"
model_id: str = "devstral-medium-2512"
provider: str = "auto"
history: List[List[str]] = []
agent_mode: bool = False
existing_repo_id: Optional[str] = None # For auto-deploy to update existing space
skip_auto_deploy: bool = False # Skip auto-deploy (for PR creation)
image_url: Optional[str] = None # For vision models like GLM-4.6V
class DeploymentRequest(BaseModel):
code: str
space_name: Optional[str] = None
language: str
requirements: Optional[str] = None
existing_repo_id: Optional[str] = None # For updating existing spaces
commit_message: Optional[str] = None
history: List[Dict] = [] # Chat history for tracking deployed spaces
class AuthStatus(BaseModel):
authenticated: bool
username: Optional[str] = None
message: str
class ModelInfo(BaseModel):
name: str
id: str
description: str
class CodeGenerationResponse(BaseModel):
code: str
history: List[List[str]]
status: str
class ImportRequest(BaseModel):
url: str
prefer_local: bool = False
username: Optional[str] = None # Username of authenticated user for ownership check
class ImportResponse(BaseModel):
status: str
message: str
code: str
language: str
url: str
metadata: Dict
owned_by_user: bool = False # True if user owns the imported repo
repo_id: Optional[str] = None # The repo ID (username/repo-name) if applicable
class PullRequestRequest(BaseModel):
repo_id: str # username/space-name
code: str
language: str
pr_title: Optional[str] = None
pr_description: Optional[str] = None
class PullRequestResponse(BaseModel):
success: bool
message: str
pr_url: Optional[str] = None
class DuplicateSpaceRequest(BaseModel):
from_space_id: str # username/space-name
to_space_name: Optional[str] = None # Just the name, not full ID
private: bool = False
class DuplicateSpaceResponse(BaseModel):
success: bool
message: str
space_url: Optional[str] = None
space_id: Optional[str] = None
# Mock authentication for development
# In production, integrate with HuggingFace OAuth
class MockAuth:
def __init__(self, token: Optional[str] = None, username: Optional[str] = None):
self.token = token
self.username = username
def is_authenticated(self):
return bool(self.token)
def get_auth_from_header(authorization: Optional[str] = None):
"""Extract authentication from header or session token"""
if not authorization:
return MockAuth(None, None)
# Handle "Bearer " prefix
if authorization.startswith("Bearer "):
token = authorization.replace("Bearer ", "")
else:
token = authorization
# Check if this is a session token (UUID format)
if token and "-" in token and len(token) > 20:
# Look up the session to get user info
if token in user_sessions:
session = user_sessions[token]
username = session.get("username")
# If username is missing from session (e.g., old session), try to fetch it
if not username and session.get("user_info"):
user_info = session["user_info"]
# Use same order as OAuth callback for consistency
username = (
user_info.get("preferred_username") or
user_info.get("name") or
user_info.get("sub") or
user_info.get("username") or
"user"
)
# Update the session with the username for future requests
session["username"] = username
print(f"[Auth] Extracted and cached username from user_info: {username}")
return MockAuth(session["access_token"], username)
# Dev token format: dev_token_<username>_<timestamp>
if token and token.startswith("dev_token_"):
parts = token.split("_")
username = parts[2] if len(parts) > 2 else "user"
return MockAuth(token, username)
# Regular OAuth access token passed directly - try to fetch username from HF
# This happens when frontend sends OAuth token after OAuth callback
if token and len(token) > 20:
try:
from huggingface_hub import HfApi
hf_api = HfApi(token=token)
user_info = hf_api.whoami()
username = (
user_info.get("preferred_username") or
user_info.get("name") or
user_info.get("sub") or
"user"
)
print(f"[Auth] Fetched username from OAuth token: {username}")
return MockAuth(token, username)
except Exception as e:
print(f"[Auth] Could not fetch username from OAuth token: {e}")
# Return with token but no username - deployment will try to fetch it
return MockAuth(token, None)
# Fallback: token with no username
return MockAuth(token, None)
@app.get("/")
async def root():
"""Health check endpoint"""
return {"status": "ok", "message": "AnyCoder API is running"}
@app.get("/api/models", response_model=List[ModelInfo])
async def get_models():
"""Get available AI models"""
return [
ModelInfo(
name=model["name"],
id=model["id"],
description=model["description"]
)
for model in AVAILABLE_MODELS
]
@app.get("/api/languages")
async def get_languages():
"""Get available programming languages/frameworks"""
return {"languages": LANGUAGE_CHOICES}
@app.get("/api/auth/login")
async def oauth_login(request: Request):
"""Initiate OAuth login flow"""
# Generate a random state to prevent CSRF
state = secrets.token_urlsafe(32)
oauth_states[state] = {"timestamp": datetime.now()}
# Build redirect URI
protocol = "https" if SPACE_HOST and not SPACE_HOST.startswith("localhost") else "http"
redirect_uri = f"{protocol}://{SPACE_HOST}/api/auth/callback"
# Build authorization URL
auth_url = (
f"{OPENID_PROVIDER_URL}/oauth/authorize"
f"?client_id={OAUTH_CLIENT_ID}"
f"&redirect_uri={urllib.parse.quote(redirect_uri)}"
f"&scope={urllib.parse.quote(OAUTH_SCOPES)}"
f"&state={state}"
f"&response_type=code"
)
return JSONResponse({"login_url": auth_url, "state": state})
@app.get("/api/auth/callback")
async def oauth_callback(code: str, state: str, request: Request):
"""Handle OAuth callback"""
# Verify state to prevent CSRF
if state not in oauth_states:
raise HTTPException(status_code=400, detail="Invalid state parameter")
# Clean up old states
oauth_states.pop(state, None)
# Exchange code for tokens
protocol = "https" if SPACE_HOST and not SPACE_HOST.startswith("localhost") else "http"
redirect_uri = f"{protocol}://{SPACE_HOST}/api/auth/callback"
# Prepare authorization header
auth_string = f"{OAUTH_CLIENT_ID}:{OAUTH_CLIENT_SECRET}"
auth_bytes = auth_string.encode('utf-8')
auth_b64 = base64.b64encode(auth_bytes).decode('utf-8')
async with httpx.AsyncClient() as client:
try:
token_response = await client.post(
f"{OPENID_PROVIDER_URL}/oauth/token",
data={
"client_id": OAUTH_CLIENT_ID,
"code": code,
"grant_type": "authorization_code",
"redirect_uri": redirect_uri,
},
headers={
"Authorization": f"Basic {auth_b64}",
"Content-Type": "application/x-www-form-urlencoded",
},
)
token_response.raise_for_status()
token_data = token_response.json()
# Get user info
access_token = token_data.get("access_token")
userinfo_response = await client.get(
f"{OPENID_PROVIDER_URL}/oauth/userinfo",
headers={"Authorization": f"Bearer {access_token}"},
)
userinfo_response.raise_for_status()
user_info = userinfo_response.json()
# Extract username - try multiple possible fields
username = (
user_info.get("preferred_username") or # Primary HF field
user_info.get("name") or # Alternative field
user_info.get("sub") or # OpenID subject
user_info.get("username") or # Generic username
"user" # Fallback
)
print(f"[OAuth] User info received: {user_info}")
print(f"[OAuth] Extracted username: {username}")
# Calculate token expiration
# OAuth tokens typically have expires_in in seconds
expires_in = token_data.get("expires_in", 28800) # Default 8 hours
expires_at = datetime.now() + timedelta(seconds=expires_in)
# Create session
session_token = secrets.token_urlsafe(32)
user_sessions[session_token] = {
"access_token": access_token,
"user_info": user_info,
"timestamp": datetime.now(),
"expires_at": expires_at,
"username": username,
"deployed_spaces": [] # Track deployed spaces for follow-up updates
}
print(f"[OAuth] Session created: {session_token[:10]}... for user: {username}")
# Redirect to frontend with session token
frontend_url = f"{protocol}://{SPACE_HOST}/?session={session_token}"
return RedirectResponse(url=frontend_url)
except httpx.HTTPError as e:
print(f"OAuth error: {e}")
raise HTTPException(status_code=500, detail=f"OAuth failed: {str(e)}")
async def validate_token_with_hf(access_token: str) -> bool:
"""Validate token with HuggingFace API"""
try:
async with httpx.AsyncClient() as client:
response = await client.get(
f"{OPENID_PROVIDER_URL}/oauth/userinfo",
headers={"Authorization": f"Bearer {access_token}"},
timeout=5.0
)
return response.status_code == 200
except Exception as e:
print(f"[Auth] Token validation error: {e}")
return False
@app.get("/api/auth/session")
async def get_session(session: str):
"""Get user info from session token"""
if session not in user_sessions:
raise HTTPException(status_code=401, detail="Invalid session")
session_data = user_sessions[session]
# Check if session has expired
if is_session_expired(session_data):
# Clean up expired session
user_sessions.pop(session, None)
raise HTTPException(status_code=401, detail="Session expired. Please sign in again.")
# Validate token with HuggingFace
if not await validate_token_with_hf(session_data["access_token"]):
# Token is invalid, clean up session
user_sessions.pop(session, None)
raise HTTPException(status_code=401, detail="Authentication expired. Please sign in again.")
return {
"access_token": session_data["access_token"],
"user_info": session_data["user_info"],
}
@app.get("/api/auth/status")
async def auth_status(authorization: Optional[str] = Header(None)):
"""Check authentication status and validate token"""
auth = get_auth_from_header(authorization)
if not auth.is_authenticated():
return AuthStatus(
authenticated=False,
username=None,
message="Not authenticated"
)
# For dev tokens, skip validation
if auth.token and auth.token.startswith("dev_token_"):
return AuthStatus(
authenticated=True,
username=auth.username,
message=f"Authenticated as {auth.username} (dev mode)"
)
# For session tokens, check expiration and validate
token = authorization.replace("Bearer ", "") if authorization else None
if token and "-" in token and len(token) > 20 and token in user_sessions:
session_data = user_sessions[token]
# Check if session has expired
if is_session_expired(session_data):
# Clean up expired session
user_sessions.pop(token, None)
return AuthStatus(
authenticated=False,
username=None,
message="Session expired"
)
# Validate token with HuggingFace
if not await validate_token_with_hf(session_data["access_token"]):
# Token is invalid, clean up session
user_sessions.pop(token, None)
return AuthStatus(
authenticated=False,
username=None,
message="Authentication expired"
)
return AuthStatus(
authenticated=True,
username=auth.username,
message=f"Authenticated as {auth.username}"
)
# For direct OAuth tokens, validate with HF
if auth.token:
is_valid = await validate_token_with_hf(auth.token)
if is_valid:
return AuthStatus(
authenticated=True,
username=auth.username,
message=f"Authenticated as {auth.username}"
)
else:
return AuthStatus(
authenticated=False,
username=None,
message="Token expired or invalid"
)
return AuthStatus(
authenticated=False,
username=None,
message="Not authenticated"
)
def cleanup_generated_code(code: str, language: str) -> str:
"""Remove LLM explanatory text and extract only the actual code"""
try:
original_code = code
# Special handling for transformers.js - don't clean, pass through as-is
# The parser will handle extracting the files from === markers
if language == "transformers.js":
return code
# Special handling for ComfyUI JSON
if language == "comfyui":
# Try to parse as JSON first
try:
json.loads(code)
return code # If it parses, return as-is
except json.JSONDecodeError:
pass
# Find the last } in the code
last_brace = code.rfind('}')
if last_brace != -1:
# Extract everything up to and including the last }
potential_json = code[:last_brace + 1]
# Try to find where the JSON actually starts
json_start = 0
if '```json' in potential_json:
match = re.search(r'```json\s*\n', potential_json)
if match:
json_start = match.end()
elif '```' in potential_json:
match = re.search(r'```\s*\n', potential_json)
if match:
json_start = match.end()
# Extract the JSON
cleaned_json = potential_json[json_start:].strip()
cleaned_json = re.sub(r'```\s*$', '', cleaned_json).strip()
# Validate
try:
json.loads(cleaned_json)
return cleaned_json
except json.JSONDecodeError:
pass
# General cleanup for code languages
# Remove markdown code blocks and extract code
if '```' in code:
# Pattern to match code blocks with language specifiers
patterns = [
r'```(?:html|HTML)\s*\n([\s\S]+?)(?:\n```|$)',
r'```(?:python|py|Python)\s*\n([\s\S]+?)(?:\n```|$)',
r'```(?:javascript|js|jsx|JavaScript)\s*\n([\s\S]+?)(?:\n```|$)',
r'```(?:typescript|ts|tsx|TypeScript)\s*\n([\s\S]+?)(?:\n```|$)',
r'```\s*\n([\s\S]+?)(?:\n```|$)', # Generic code block
]
for pattern in patterns:
match = re.search(pattern, code, re.IGNORECASE)
if match:
code = match.group(1).strip()
break
# Remove common LLM explanatory patterns
# Remove lines that start with explanatory text
lines = code.split('\n')
cleaned_lines = []
in_code = False
for line in lines:
stripped = line.strip()
# Skip common explanatory patterns at the start
if not in_code and (
stripped.lower().startswith('here') or
stripped.lower().startswith('this') or
stripped.lower().startswith('the above') or
stripped.lower().startswith('note:') or
stripped.lower().startswith('explanation:') or
stripped.lower().startswith('to use') or
stripped.lower().startswith('usage:') or
stripped.lower().startswith('instructions:') or
stripped.startswith('===') and '===' in stripped # Section markers
):
continue
# Once we hit actual code, we're in
if stripped and not stripped.startswith('#') and not stripped.startswith('//'):
in_code = True
cleaned_lines.append(line)
code = '\n'.join(cleaned_lines).strip()
# Remove trailing explanatory text after the code ends
# For HTML: remove everything after final closing tag
if language == "html":
# Find last </html> or </body> or </div> at root level
last_html = code.rfind('</html>')
last_body = code.rfind('</body>')
last_tag = max(last_html, last_body)
if last_tag != -1:
# Check if there's significant text after
after_tag = code[last_tag + 7:].strip() # +7 for </html> length
if after_tag and len(after_tag) > 100: # Significant explanatory text
code = code[:last_tag + 7].strip()
# For Python: remove text after the last function/class definition or code block
elif language in ["gradio", "streamlit"]:
# Find the last line that looks like actual code (not comments or blank)
lines = code.split('\n')
last_code_line = -1
for i in range(len(lines) - 1, -1, -1):
stripped = lines[i].strip()
if stripped and not stripped.startswith('#') and not stripped.startswith('"""') and not stripped.startswith("'''"):
# This looks like actual code
last_code_line = i
break
if last_code_line != -1 and last_code_line < len(lines) - 5:
# If there are more than 5 lines after last code, likely explanatory
code = '\n'.join(lines[:last_code_line + 1])
# Return cleaned code or original if cleaning made it too short
if len(code) > 50:
return code
else:
return original_code
except Exception as e:
print(f"[Code Cleanup] Error for {language}: {e}")
return code
@app.post("/api/generate")
async def generate_code(
request: CodeGenerationRequest,
authorization: Optional[str] = Header(None)
):
"""Generate code based on user query - returns streaming response"""
# Dev mode: No authentication required - just use server's HF_TOKEN
# In production, you would check real OAuth tokens here
# Extract parameters from request body
query = request.query
language = request.language
model_id = request.model_id
provider = request.provider
async def event_stream() -> AsyncGenerator[str, None]:
"""Stream generated code chunks"""
# Use the model_id from outer scope
selected_model_id = model_id
try:
# Fast model lookup using cache
selected_model = MODEL_CACHE.get(selected_model_id)
if not selected_model:
# Fallback to first available model (shouldn't happen often)
selected_model = AVAILABLE_MODELS[0]
selected_model_id = selected_model["id"]
# Track generated code
generated_code = ""
# Fast system prompt lookup using cache
system_prompt = SYSTEM_PROMPT_CACHE.get(language)
if not system_prompt:
# Format generic prompt only if needed
system_prompt = GENERIC_SYSTEM_PROMPT.format(language=language)
# Detect if this is a followup request for React apps
# Check if there's existing code in the conversation history
is_followup = False
if language == "react" and request.history:
# Check if there's any previous assistant message with code (indicating a followup)
for msg in request.history:
if isinstance(msg, dict):
role = msg.get('role', '')
content = msg.get('content', '')
elif isinstance(msg, list) and len(msg) >= 2:
role = msg[0]
content = msg[1]
else:
continue
# If we find previous code from assistant, this is a followup
if role == 'assistant' and ('===' in content or 'Dockerfile' in content or 'package.json' in content):
is_followup = True
print(f"[Generate] Detected React followup request")
break
# Use followup prompt for React if detected
if is_followup and language == "react":
system_prompt = REACT_FOLLOW_UP_SYSTEM_PROMPT
print(f"[Generate] Using React followup system prompt for targeted fixes")
# Get cached client (reuses connections)
client = get_cached_client(selected_model_id, provider)
# Get the real model ID with provider suffixes
actual_model_id = get_real_model_id(selected_model_id)
# Prepare messages (optimized - no string concatenation in hot path)
# Check if this is a vision model and we have an image
if request.image_url and selected_model_id == "zai-org/GLM-4.6V:zai-org":
# Vision model with image - use multi-modal format
user_content = [
{
"type": "text",
"text": f"Generate a {language} application: {query}"
},
{
"type": "image_url",
"image_url": {
"url": request.image_url
}
}
]
messages = [
{"role": "system", "content": system_prompt},
{"role": "user", "content": user_content}
]
else:
# Regular text-only model
user_content = f"Generate a {language} application: {query}"
messages = [
{"role": "system", "content": system_prompt},
{"role": "user", "content": user_content}
]
# Stream the response
try:
# Handle Mistral models with different API
if is_mistral_model(selected_model_id):
print(f"[Generate] Using Mistral SDK for {selected_model_id}")
# Mistral models use the standard chat.stream API
stream = client.chat.stream(
model=actual_model_id,
messages=messages,
max_tokens=10000
)
# All other models use OpenAI-compatible API
else:
stream = client.chat.completions.create(
model=actual_model_id,
messages=messages,
temperature=0.7,
max_tokens=10000,
stream=True
)
chunk_count = 0
is_mistral = is_mistral_model(selected_model_id)
# Only process stream if it exists (not None for Conversations API)
if stream:
# Optimized chunk processing - reduce attribute lookups
for chunk in stream:
chunk_content = None
if is_mistral:
# Mistral format: chunk.data.choices[0].delta.content
try:
if chunk.data and chunk.data.choices and chunk.data.choices[0].delta.content:
chunk_content = chunk.data.choices[0].delta.content
except (AttributeError, IndexError):
continue
else:
# OpenAI format: chunk.choices[0].delta.content
try:
if chunk.choices and chunk.choices[0].delta.content:
chunk_content = chunk.choices[0].delta.content
except (AttributeError, IndexError):
continue
if chunk_content:
generated_code += chunk_content
chunk_count += 1
# Send chunk immediately - optimized JSON serialization
# Only yield control every 5 chunks to reduce overhead
if chunk_count % 5 == 0:
await asyncio.sleep(0)
# Build event data efficiently
event_data = json.dumps({
"type": "chunk",
"content": chunk_content
})
yield f"data: {event_data}\n\n"
# Clean up generated code (remove LLM explanatory text and markdown)
generated_code = cleanup_generated_code(generated_code, language)
# Send completion event (optimized - no timestamp in hot path)
completion_data = json.dumps({
"type": "complete",
"code": generated_code
})
yield f"data: {completion_data}\n\n"
# Auto-deploy after code generation (if authenticated and not skipped)
auth = get_auth_from_header(authorization)
if request.skip_auto_deploy:
print(f"[Auto-Deploy] Skipped - PR creation will be handled by frontend")
if auth.is_authenticated() and not (auth.token and auth.token.startswith("dev_token_")) and not request.skip_auto_deploy:
try:
# Send deploying status
deploying_data = json.dumps({
"type": "deploying",
"message": "π Deploying your app to HuggingFace Spaces..."
})
yield f"data: {deploying_data}\n\n"
# Import deployment function
from backend_deploy import deploy_to_huggingface_space
# Convert history to the format expected by deploy function
# History comes from frontend as [[role, content], ...]
history_list = []
if request.history:
for msg in request.history:
if isinstance(msg, list) and len(msg) >= 2:
# Already in correct format [[role, content], ...]
history_list.append([msg[0], msg[1]])
elif isinstance(msg, dict):
# Convert dict format to list format
role = msg.get('role', '')
content = msg.get('content', '')
if role and content:
history_list.append([role, content])
print(f"[Auto-Deploy] Starting deployment...")
print(f"[Auto-Deploy] - Language: {language}")
print(f"[Auto-Deploy] - History items: {len(history_list)}")
print(f"[Auto-Deploy] - Username: {auth.username}")
print(f"[Auto-Deploy] - Code length: {len(generated_code)}")
print(f"[Auto-Deploy] - Existing repo ID from request: {request.existing_repo_id}")
# Deploy the code (update existing space if provided)
success, message, space_url = deploy_to_huggingface_space(
code=generated_code,
language=language,
token=auth.token,
username=auth.username,
existing_repo_id=request.existing_repo_id, # Use duplicated/imported space
history=history_list
)
print(f"[Auto-Deploy] Deployment result:")
print(f"[Auto-Deploy] - Success: {success}")
print(f"[Auto-Deploy] - Message: {message}")
print(f"[Auto-Deploy] - Space URL: {space_url}")
if success and space_url:
# Send deployment success
deploy_success_data = json.dumps({
"type": "deployed",
"message": message,
"space_url": space_url
})
yield f"data: {deploy_success_data}\n\n"
else:
# Send deployment error (non-blocking - code generation still succeeded)
deploy_error_data = json.dumps({
"type": "deploy_error",
"message": f"β οΈ Deployment failed: {message}"
})
yield f"data: {deploy_error_data}\n\n"
except Exception as deploy_error:
# Log deployment error but don't fail the generation
import traceback
print(f"[Auto-Deploy] ========== DEPLOYMENT EXCEPTION ==========")
print(f"[Auto-Deploy] Exception type: {type(deploy_error).__name__}")
print(f"[Auto-Deploy] Error message: {str(deploy_error)}")
print(f"[Auto-Deploy] Full traceback:")
traceback.print_exc()
print(f"[Auto-Deploy] ==========================================")
deploy_error_data = json.dumps({
"type": "deploy_error",
"message": f"β οΈ Deployment error: {str(deploy_error)}"
})
yield f"data: {deploy_error_data}\n\n"
else:
print(f"[Auto-Deploy] Skipped - authenticated: {auth.is_authenticated()}, token_exists: {auth.token is not None}, is_dev: {auth.token.startswith('dev_token_') if auth.token else False}")
except Exception as e:
# Handle rate limiting and other API errors
error_message = str(e)
is_rate_limit = False
error_type = type(e).__name__
# Check for OpenAI SDK rate limit errors
if error_type == "RateLimitError" or "rate_limit" in error_type.lower():
is_rate_limit = True
# Check if this is a rate limit error (429 status code)
elif hasattr(e, 'status_code') and e.status_code == 429:
is_rate_limit = True
# Check error message for rate limit indicators
elif "429" in error_message or "rate limit" in error_message.lower() or "too many requests" in error_message.lower():
is_rate_limit = True
if is_rate_limit:
# Try to extract retry-after header or message
retry_after = None
if hasattr(e, 'response') and e.response:
retry_after = e.response.headers.get('Retry-After') or e.response.headers.get('retry-after')
# Also check if the error object has retry_after
elif hasattr(e, 'retry_after'):
retry_after = str(e.retry_after)
if selected_model_id == "x-ai/grok-4.1-fast" or selected_model_id.startswith("openrouter/"):
error_message = "β±οΈ Rate limit exceeded for OpenRouter model"
if retry_after:
error_message += f". Please wait {retry_after} seconds before trying again."
else:
error_message += ". Free tier allows up to 20 requests per minute. Please wait a moment and try again."
else:
error_message = f"β±οΈ Rate limit exceeded. Please wait before trying again."
if retry_after:
error_message += f" Retry after {retry_after} seconds."
# Check for other common API errors
elif hasattr(e, 'status_code'):
if e.status_code == 401:
error_message = "β Authentication failed. Please check your API key."
elif e.status_code == 403:
error_message = "β Access forbidden. Please check your API key permissions."
elif e.status_code == 500 or e.status_code == 502 or e.status_code == 503:
error_message = "β Service temporarily unavailable. Please try again later."
error_data = json.dumps({
"type": "error",
"message": error_message
})
yield f"data: {error_data}\n\n"
except Exception as e:
# Fallback error handling
error_message = str(e)
# Check if it's a rate limit error in the exception message
if "429" in error_message or "rate limit" in error_message.lower() or "too many requests" in error_message.lower():
if selected_model_id == "x-ai/grok-4.1-fast" or selected_model_id.startswith("openrouter/"):
error_message = "β±οΈ Rate limit exceeded for OpenRouter model. Free tier allows up to 20 requests per minute. Please wait a moment and try again."
else:
error_message = "β±οΈ Rate limit exceeded. Please wait before trying again."
error_data = json.dumps({
"type": "error",
"message": f"Generation error: {error_message}"
})
yield f"data: {error_data}\n\n"
return StreamingResponse(
event_stream(),
media_type="text/event-stream",
headers={
"Cache-Control": "no-cache, no-transform",
"Connection": "keep-alive",
"X-Accel-Buffering": "no",
"Content-Encoding": "none",
"Transfer-Encoding": "chunked"
}
)
@app.post("/api/deploy")
async def deploy(
request: DeploymentRequest,
authorization: Optional[str] = Header(None)
):
"""Deploy generated code to HuggingFace Spaces"""
print(f"[Deploy] ========== NEW DEPLOYMENT REQUEST ==========")
print(f"[Deploy] Authorization header present: {authorization is not None}")
if authorization:
auth_preview = authorization[:20] + "..." if len(authorization) > 20 else authorization
print(f"[Deploy] Authorization preview: {auth_preview}")
auth = get_auth_from_header(authorization)
print(f"[Deploy] Auth object - is_authenticated: {auth.is_authenticated()}, username: {auth.username}, has_token: {auth.token is not None}")
if not auth.is_authenticated():
raise HTTPException(status_code=401, detail="Authentication required")
# Check if this is dev mode (no real token)
if auth.token and auth.token.startswith("dev_token_"):
# In dev mode, open HF Spaces creation page
from backend_deploy import detect_sdk_from_code
base_url = "https://huggingface.co/new-space"
sdk = detect_sdk_from_code(request.code, request.language)
params = urllib.parse.urlencode({
"name": request.space_name or "my-anycoder-app",
"sdk": sdk
})
# Prepare file content based on language
if request.language in ["html", "transformers.js", "comfyui"]:
file_path = "index.html"
else:
file_path = "app.py"
files_params = urllib.parse.urlencode({
"files[0][path]": file_path,
"files[0][content]": request.code
})
space_url = f"{base_url}?{params}&{files_params}"
return {
"success": True,
"space_url": space_url,
"message": "Dev mode: Please create the space manually",
"dev_mode": True
}
# Production mode with real OAuth token
try:
from backend_deploy import deploy_to_huggingface_space
# Get user token - should be the access_token from OAuth session
user_token = auth.token if auth.token else os.getenv("HF_TOKEN")
if not user_token:
raise HTTPException(status_code=401, detail="No HuggingFace token available. Please sign in first.")
print(f"[Deploy] Attempting deployment with token (first 10 chars): {user_token[:10]}...")
print(f"[Deploy] Request parameters - language: {request.language}, space_name: {request.space_name}, existing_repo_id: {request.existing_repo_id}")
# If username is missing, fetch it from HuggingFace API
username = auth.username
if not username:
print(f"[Deploy] Username not found in auth, fetching from HuggingFace API...")
try:
from huggingface_hub import HfApi
hf_api = HfApi(token=user_token)
user_info = hf_api.whoami()
username = user_info.get("name") or user_info.get("preferred_username") or "user"
print(f"[Deploy] Fetched username from HF API: {username}")
except Exception as e:
print(f"[Deploy] Warning: Could not fetch username from HF API: {e}")
# Continue without username - the deploy function will try to fetch it again
# Check for existing deployed space in this session
session_token = authorization.replace("Bearer ", "") if authorization else None
existing_repo_id = request.existing_repo_id
# PRIORITY 1: Check history for deployed/imported spaces (like Gradio version does)
# This is more reliable than session tracking since history persists in frontend
if request.history and username:
print(f"[Deploy] ========== CHECKING HISTORY ==========")
print(f"[Deploy] History length: {len(request.history)} messages")
print(f"[Deploy] Username: {username}")
# Log each message in history for debugging
for i, msg in enumerate(request.history):
role = msg.get('role', 'unknown')
content = msg.get('content', '')
content_preview = content[:100] if content else ''
print(f"[Deploy] Message {i+1}: role={role}, content_preview='{content_preview}...'")
print(f"[Deploy] ==========================================")
for msg in request.history:
role = msg.get('role', '')
content = msg.get('content', '')
# Check for deployment confirmations
if role == 'assistant' and ('β
Deployed!' in content or 'β
Updated!' in content):
import re
print(f"[Deploy] π Found deployment message in history!")
print(f"[Deploy] Content: {content[:200]}")
match = re.search(r'huggingface\.co/spaces/([^/\s\)]+/[^/\s\)]+)', content)
if match:
history_space_id = match.group(1)
print(f"[Deploy] β
EXTRACTED space ID from history: {history_space_id}")
if not existing_repo_id:
existing_repo_id = history_space_id
print(f"[Deploy] β
WILL UPDATE EXISTING SPACE: {existing_repo_id}")
break
else:
print(f"[Deploy] β οΈ Deployment message found but couldn't extract space ID")
# Check for imports
elif role == 'user' and 'import' in content.lower():
import re
match = re.search(r'huggingface\.co/spaces/([^/\s\)]+/[^/\s\)]+)', content)
if match:
imported_space = match.group(1)
# Only use if user owns it
if imported_space.startswith(f"{username}/"):
print(f"[Deploy] β
Found imported space in history (user owns it): {imported_space}")
if not existing_repo_id:
existing_repo_id = imported_space
break
else:
if not request.history:
print(f"[Deploy] β οΈ No history provided in request")
if not username:
print(f"[Deploy] β οΈ No username available")
# PRIORITY 2: Check session for previously deployed spaces (fallback)
# This helps when history isn't passed from frontend
if not existing_repo_id and session_token and session_token in user_sessions:
session = user_sessions[session_token]
# Ensure deployed_spaces exists (for backward compatibility with old sessions)
if "deployed_spaces" not in session:
session["deployed_spaces"] = []
deployed_spaces = session.get("deployed_spaces", [])
print(f"[Deploy] Checking session for existing spaces. Found {len(deployed_spaces)} deployed spaces.")
for i, space in enumerate(deployed_spaces):
print(f"[Deploy] Space {i+1}: repo_id={space.get('repo_id')}, language={space.get('language')}, timestamp={space.get('timestamp')}")
# Find the most recent space for this language
for space in reversed(deployed_spaces):
if space.get("language") == request.language:
session_space_id = space.get("repo_id")
print(f"[Deploy] β
Found existing space in session for {request.language}: {session_space_id}")
existing_repo_id = session_space_id
break
if not existing_repo_id:
print(f"[Deploy] β οΈ No existing space found for language: {request.language}")
elif not existing_repo_id:
print(f"[Deploy] β οΈ No session found and no history provided. session_token: {session_token[:10] if session_token else 'None'}")
# Use the standalone deployment function
print(f"[Deploy] ========== CALLING deploy_to_huggingface_space ==========")
print(f"[Deploy] existing_repo_id: {existing_repo_id}")
print(f"[Deploy] space_name: {request.space_name}")
print(f"[Deploy] language: {request.language}")
print(f"[Deploy] username: {username}")
print(f"[Deploy] ==========================================================")
success, message, space_url = deploy_to_huggingface_space(
code=request.code,
language=request.language,
space_name=request.space_name,
token=user_token,
username=username,
description=request.description if hasattr(request, 'description') else None,
private=False,
existing_repo_id=existing_repo_id,
commit_message=request.commit_message
)
if success:
# Extract repo_id from space_url
repo_id = space_url.split("/spaces/")[-1] if space_url else None
print(f"[Deploy] β
Success! Repo ID: {repo_id}")
print(f"[Deploy] Space URL: {space_url}")
print(f"[Deploy] Message: {message}")
# Track deployed space in session for follow-up updates
if session_token and session_token in user_sessions:
if repo_id:
session = user_sessions[session_token]
# Ensure deployed_spaces exists
if "deployed_spaces" not in session:
session["deployed_spaces"] = []
deployed_spaces = session.get("deployed_spaces", [])
print(f"[Deploy] π Tracking space in session...")
print(f"[Deploy] Current deployed_spaces count: {len(deployed_spaces)}")
# Update or add the space
space_entry = {
"repo_id": repo_id,
"language": request.language,
"timestamp": datetime.now()
}
# Remove old entry for same repo_id if exists
old_count = len(deployed_spaces)
deployed_spaces = [s for s in deployed_spaces if s.get("repo_id") != repo_id]
if old_count != len(deployed_spaces):
print(f"[Deploy] Removed old entry for {repo_id}")
# Also remove old entries for same language (keep only most recent per language)
# This ensures we always update the same space for a given language
deployed_spaces = [s for s in deployed_spaces if s.get("language") != request.language]
deployed_spaces.append(space_entry)
session["deployed_spaces"] = deployed_spaces
print(f"[Deploy] β
Tracked space in session: {repo_id}")
print(f"[Deploy] New deployed_spaces count: {len(deployed_spaces)}")
print(f"[Deploy] All deployed spaces: {[s.get('repo_id') for s in deployed_spaces]}")
else:
print(f"[Deploy] β οΈ Could not extract repo_id from space_url: {space_url}")
else:
if not session_token:
print(f"[Deploy] β οΈ No session_token provided for tracking")
elif session_token not in user_sessions:
print(f"[Deploy] β οΈ Session not found: {session_token[:10]}...")
print(f"[Deploy] Available sessions: {[k[:10] for k in list(user_sessions.keys())[:5]]}")
return {
"success": True,
"space_url": space_url,
"message": message,
"repo_id": repo_id
}
else:
# Provide user-friendly error message based on the error
if "401" in message or "Unauthorized" in message:
raise HTTPException(
status_code=401,
detail="Authentication failed. Please sign in again with HuggingFace."
)
elif "403" in message or "Forbidden" in message or "Permission" in message:
raise HTTPException(
status_code=403,
detail="Permission denied. Your HuggingFace token may not have the required permissions (manage-repos scope)."
)
else:
raise HTTPException(
status_code=500,
detail=message
)
except HTTPException:
# Re-raise HTTP exceptions as-is
raise
except Exception as e:
# Log the full error for debugging
import traceback
error_details = traceback.format_exc()
print(f"[Deploy] Deployment error: {error_details}")
raise HTTPException(
status_code=500,
detail=f"Deployment failed: {str(e)}"
)
@app.post("/api/create-pr", response_model=PullRequestResponse)
async def create_pull_request(
request: PullRequestRequest,
authorization: Optional[str] = Header(None)
):
"""Create a Pull Request on an existing HuggingFace Space with redesigned code"""
print(f"[PR] ========== NEW PULL REQUEST ==========")
print(f"[PR] Repo ID: {request.repo_id}")
print(f"[PR] Language: {request.language}")
print(f"[PR] PR Title: {request.pr_title}")
auth = get_auth_from_header(authorization)
if not auth.is_authenticated():
raise HTTPException(status_code=401, detail="Authentication required")
# Check if this is dev mode
if auth.token and auth.token.startswith("dev_token_"):
return PullRequestResponse(
success=False,
message="Dev mode: PR creation not available in dev mode. Please use production authentication.",
pr_url=None
)
# Production mode with real OAuth token
try:
from backend_deploy import create_pull_request_on_space
user_token = auth.token if auth.token else os.getenv("HF_TOKEN")
if not user_token:
raise HTTPException(status_code=401, detail="No HuggingFace token available. Please sign in first.")
print(f"[PR] Creating PR with token (first 10 chars): {user_token[:10]}...")
# Create the pull request
success, message, pr_url = create_pull_request_on_space(
repo_id=request.repo_id,
code=request.code,
language=request.language,
token=user_token,
pr_title=request.pr_title,
pr_description=request.pr_description
)
print(f"[PR] Result:")
print(f"[PR] - Success: {success}")
print(f"[PR] - Message: {message}")
print(f"[PR] - PR URL: {pr_url}")
if success:
return PullRequestResponse(
success=True,
message=message,
pr_url=pr_url
)
else:
# Provide user-friendly error messages
if "401" in message or "Unauthorized" in message:
raise HTTPException(
status_code=401,
detail="Authentication failed. Please sign in again with HuggingFace."
)
elif "403" in message or "Forbidden" in message or "Permission" in message:
raise HTTPException(
status_code=403,
detail="Permission denied. You may not have write access to this space."
)
else:
raise HTTPException(
status_code=500,
detail=message
)
except HTTPException:
raise
except Exception as e:
import traceback
error_details = traceback.format_exc()
print(f"[PR] Error: {error_details}")
raise HTTPException(
status_code=500,
detail=f"Failed to create pull request: {str(e)}"
)
@app.post("/api/duplicate-space", response_model=DuplicateSpaceResponse)
async def duplicate_space_endpoint(
request: DuplicateSpaceRequest,
authorization: Optional[str] = Header(None)
):
"""Duplicate a HuggingFace Space to the user's account"""
print(f"[Duplicate] ========== DUPLICATE SPACE REQUEST ==========")
print(f"[Duplicate] From: {request.from_space_id}")
print(f"[Duplicate] To: {request.to_space_name or 'auto'}")
print(f"[Duplicate] Private: {request.private}")
auth = get_auth_from_header(authorization)
if not auth.is_authenticated():
raise HTTPException(status_code=401, detail="Authentication required")
# Check if this is dev mode
if auth.token and auth.token.startswith("dev_token_"):
return DuplicateSpaceResponse(
success=False,
message="Dev mode: Space duplication not available in dev mode. Please use production authentication.",
space_url=None,
space_id=None
)
# Production mode with real OAuth token
try:
from backend_deploy import duplicate_space_to_user
user_token = auth.token if auth.token else os.getenv("HF_TOKEN")
if not user_token:
raise HTTPException(status_code=401, detail="No HuggingFace token available. Please sign in first.")
print(f"[Duplicate] Duplicating space with token (first 10 chars): {user_token[:10]}...")
# Duplicate the space
success, message, space_url = duplicate_space_to_user(
from_space_id=request.from_space_id,
to_space_name=request.to_space_name,
token=user_token,
private=request.private
)
print(f"[Duplicate] Result:")
print(f"[Duplicate] - Success: {success}")
print(f"[Duplicate] - Message: {message}")
print(f"[Duplicate] - Space URL: {space_url}")
if success:
# Extract space_id from URL
space_id = space_url.split("/spaces/")[-1] if space_url else None
return DuplicateSpaceResponse(
success=True,
message=message,
space_url=space_url,
space_id=space_id
)
else:
# Provide user-friendly error messages
if "401" in message or "Unauthorized" in message:
raise HTTPException(
status_code=401,
detail="Authentication failed. Please sign in again with HuggingFace."
)
elif "403" in message or "Forbidden" in message or "Permission" in message:
raise HTTPException(
status_code=403,
detail="Permission denied. You may not have access to this space."
)
elif "404" in message or "not found" in message.lower():
raise HTTPException(
status_code=404,
detail="Space not found. Please check the URL and try again."
)
else:
raise HTTPException(
status_code=500,
detail=message
)
except HTTPException:
raise
except Exception as e:
import traceback
error_details = traceback.format_exc()
print(f"[Duplicate] Error: {error_details}")
raise HTTPException(
status_code=500,
detail=f"Failed to duplicate space: {str(e)}"
)
@app.post("/api/import", response_model=ImportResponse)
async def import_project(request: ImportRequest):
"""
Import a project from HuggingFace Space, HuggingFace Model, or GitHub repo
Supports URLs like:
- https://huggingface.co/spaces/username/space-name
- https://huggingface.co/username/model-name
- https://github.com/username/repo-name
"""
try:
importer = ProjectImporter()
result = importer.import_from_url(request.url)
# Handle model-specific prefer_local flag
if request.prefer_local and result.get('metadata', {}).get('has_alternatives'):
# Switch to local code if available
local_code = result['metadata'].get('local_code')
if local_code:
result['code'] = local_code
result['metadata']['code_type'] = 'local'
result['message'] = result['message'].replace('inference', 'local')
# Check if user owns this repo (for HuggingFace Spaces)
owned_by_user = False
repo_id = None
if request.username and result['status'] == 'success':
# Extract repo_id from URL
url = result.get('url', '')
if 'huggingface.co/spaces/' in url:
# Extract username/repo from URL
match = re.search(r'huggingface\.co/spaces/([^/]+/[^/?#]+)', url)
if match:
repo_id = match.group(1)
# Check if user owns this space
if repo_id.startswith(f"{request.username}/"):
owned_by_user = True
print(f"[Import] User {request.username} owns the imported space: {repo_id}")
# Add ownership info to response
result['owned_by_user'] = owned_by_user
result['repo_id'] = repo_id
return ImportResponse(**result)
except Exception as e:
return ImportResponse(
status="error",
message=f"Import failed: {str(e)}",
code="",
language="unknown",
url=request.url,
metadata={},
owned_by_user=False,
repo_id=None
)
@app.get("/api/import/space/{username}/{space_name}")
async def import_space(username: str, space_name: str):
"""Import a specific HuggingFace Space by username and space name"""
try:
importer = ProjectImporter()
result = importer.import_space(username, space_name)
return result
except Exception as e:
return {
"status": "error",
"message": f"Failed to import space: {str(e)}",
"code": "",
"language": "unknown",
"url": f"https://huggingface.co/spaces/{username}/{space_name}",
"metadata": {}
}
@app.get("/api/import/model/{path:path}")
async def import_model(path: str, prefer_local: bool = False):
"""
Import a specific HuggingFace Model by model ID
Example: /api/import/model/meta-llama/Llama-3.2-1B-Instruct
"""
try:
importer = ProjectImporter()
result = importer.import_model(path, prefer_local=prefer_local)
return result
except Exception as e:
return {
"status": "error",
"message": f"Failed to import model: {str(e)}",
"code": "",
"language": "python",
"url": f"https://huggingface.co/{path}",
"metadata": {}
}
@app.get("/api/import/github/{owner}/{repo}")
async def import_github(owner: str, repo: str):
"""Import a GitHub repository by owner and repo name"""
try:
importer = ProjectImporter()
result = importer.import_github_repo(owner, repo)
return result
except Exception as e:
return {
"status": "error",
"message": f"Failed to import repository: {str(e)}",
"code": "",
"language": "python",
"url": f"https://github.com/{owner}/{repo}",
"metadata": {}
}
@app.websocket("/ws/generate")
async def websocket_generate(websocket: WebSocket):
"""WebSocket endpoint for real-time code generation"""
await websocket.accept()
try:
while True:
# Receive message from client
data = await websocket.receive_json()
query = data.get("query")
language = data.get("language", "html")
model_id = data.get("model_id", "claude-opus-4.5")
# Send acknowledgment
await websocket.send_json({
"type": "status",
"message": "Generating code..."
})
# Mock code generation for now
await asyncio.sleep(0.5)
# Send generated code in chunks
sample_code = f"<!-- Generated {language} code -->\n<h1>Hello from AnyCoder!</h1>"
for i, char in enumerate(sample_code):
await websocket.send_json({
"type": "chunk",
"content": char,
"progress": (i + 1) / len(sample_code) * 100
})
await asyncio.sleep(0.01)
# Send completion
await websocket.send_json({
"type": "complete",
"code": sample_code
})
except WebSocketDisconnect:
print("Client disconnected")
except Exception as e:
await websocket.send_json({
"type": "error",
"message": str(e)
})
await websocket.close()
if __name__ == "__main__":
import uvicorn
uvicorn.run("backend_api:app", host="0.0.0.0", port=8000, reload=True)
|