fix: CI and added new attestation endpoint

jcabrero · jcabrero · commit 700c26aa7212 · 2025-10-17T12:35:04.000+02:00
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
@@ -107,6 +107,8 @@ services:
     depends_on:
       nilauth-postgres:
         condition: service_healthy
+    volumes:
+      - ./scripts/credit-init.sql:/app/migrations/20251015000006_seed_test_data.sql
     healthcheck:
       test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:3000/health"]
       interval: 30s
diff --git a/nilai-api/pyproject.toml b/nilai-api/pyproject.toml
@@ -35,7 +35,7 @@ dependencies = [
     "trafilatura>=1.7.0",
     "secretvaults",
     "e2b-code-interpreter>=1.0.3",
-    "nilauth-credit-middleware>=0.1.0",
+    "nilauth-credit-middleware>=0.1.1",
 ]
 
 
diff --git a/nilai-api/src/nilai_api/attestation/__init__.py b/nilai-api/src/nilai_api/attestation/__init__.py
@@ -1,34 +1,31 @@
 from fastapi import HTTPException
 import httpx
-from nilai_common import Nonce, AttestationReport, SETTINGS
+from nilai_common import AttestationReport
 from nilai_common.logger import setup_logger
 
 logger = setup_logger(__name__)
 
+ATTESTATION_URL = "http://nilcc-attester/v2/report"
 
-async def get_attestation_report(
-    nonce: Nonce | None,
-) -> AttestationReport:
-    """Get the attestation report for the given nonce"""
-
-    try:
-        attestation_url = f"http://{SETTINGS.attestation_host}:{SETTINGS.attestation_port}/attestation/report"
-        async with httpx.AsyncClient() as client:
-            response: httpx.Response = await client.get(attestation_url, params=nonce)
-            report = AttestationReport(**response.json())
-            return report
-    except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
 
+async def get_attestation_report() -> AttestationReport:
+    """Get the attestation report"""
 
-async def verify_attestation_report(attestation_report: AttestationReport) -> bool:
-    """Verify the attestation report"""
     try:
-        attestation_url = f"http://{SETTINGS.attestation_host}:{SETTINGS.attestation_port}/attestation/verify"
         async with httpx.AsyncClient() as client:
-            response: httpx.Response = await client.get(
-                attestation_url, params=attestation_report.model_dump()
+            response: httpx.Response = await client.get(ATTESTATION_URL)
+            response_json = response.json()
+            return AttestationReport(
+                gpu_attestation=response_json["report"],
+                cpu_attestation=response_json["gpu_token"],
+                verifying_key="",  # Added later by the API
             )
-            return response.json()
+    except httpx.HTTPStatusError as e:
+        raise HTTPException(
+            status_code=e.response.status_code,
+            detail=str("Error getting attestation report" + str(e)),
+        )
     except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
+        raise HTTPException(
+            status_code=500, detail=str("Error getting attestation report" + str(e))
+        )
diff --git a/nilai-api/src/nilai_api/credit.py b/nilai-api/src/nilai_api/credit.py
@@ -92,7 +92,7 @@ class LLMResponse(BaseModel):
 )
 
 
-def user_id_extractor() -> Callable[[Request], Awaitable[str]]:
+def credential_extractor() -> Callable[[Request], Awaitable[str]]:
     if CONFIG.auth.auth_strategy == "nuc":
         return from_nuc_bearer_root_token()
     else:
@@ -145,7 +145,8 @@ async def calculator(request: Request, response_data: dict) -> float:
 
 
 LLMMeter = create_metering_dependency(
-    user_id_extractor=user_id_extractor(),
+    credential_extractor=credential_extractor(),
     estimated_cost=2.0,
     cost_calculator=llm_cost_calculator(MyCostDictionary),
+    public_identifiers=CONFIG.auth.auth_strategy == "nuc",
 )
diff --git a/nilai-api/src/nilai_api/routers/private.py b/nilai-api/src/nilai_api/routers/private.py
@@ -37,7 +37,6 @@
     ModelMetadata,
     MessageAdapter,
     SignedChatCompletion,
-    Nonce,
     Source,
     Usage,
 )
@@ -95,7 +94,6 @@ async def get_usage(auth_info: AuthenticationInfo = Depends(get_auth_info)) -> U
 
 @router.get("/v1/attestation/report", tags=["Attestation"])
 async def get_attestation(
-    nonce: Optional[Nonce] = None,
     auth_info: AuthenticationInfo = Depends(get_auth_info),
 ) -> AttestationReport:
     """
@@ -114,7 +112,7 @@ async def get_attestation(
     Provides cryptographic proof of the service's integrity and environment.
     """
 
-    attestation_report = await get_attestation_report(nonce)
+    attestation_report = await get_attestation_report()
     attestation_report.verifying_key = state.b64_public_key
     return attestation_report
 
diff --git a/nilai-api/src/nilai_api/routers/public.py b/nilai-api/src/nilai_api/routers/public.py
@@ -3,8 +3,7 @@
 from nilai_api.state import state
 
 # Internal libraries
-from nilai_common import HealthCheckResponse, AttestationReport
-from nilai_api.attestation import verify_attestation_report
+from nilai_common import HealthCheckResponse
 
 router = APIRouter()
 
@@ -42,14 +41,3 @@ async def health_check() -> HealthCheckResponse:
     ```
     """
     return HealthCheckResponse(status="ok", uptime=state.uptime)
-
-
-@router.post("/attestation/verify", tags=["Attestation"])
-async def post_attestation(attestation_report: AttestationReport) -> bool:
-    """
-    Verify a cryptographic attestation report.
-
-    - **attestation_report**: Attestation report to verify
-    - **Returns**: True if the attestation report is valid, False otherwise
-    """
-    return await verify_attestation_report(attestation_report)
diff --git a/nilai-models/src/nilai_models/lmstudio_announcer.py b/nilai-models/src/nilai_models/lmstudio_announcer.py
@@ -177,10 +177,10 @@ async def main():
         os.getenv("LMSTUDIO_SUPPORTED_FEATURES", "chat_completion")
     ) or ["chat_completion"]
 
-    tool_default = to_bool(os.getenv("LMSTUDIO_TOOL_SUPPORT_DEFAULT", "false"))
+    tool_default = to_bool(os.getenv("LMSTUDIO_TOOL_SUPPORT_DEFAULT", "true"))
     tool_models = set(_parse_csv(os.getenv("LMSTUDIO_TOOL_SUPPORT_MODELS", "")))
 
-    multimodal_default = to_bool(os.getenv("LMSTUDIO_MULTIMODAL_DEFAULT", "false"))
+    multimodal_default = to_bool(os.getenv("LMSTUDIO_MULTIMODAL_DEFAULT", "true"))
     multimodal_models = set(_parse_csv(os.getenv("LMSTUDIO_MULTIMODAL_MODELS", "")))
 
     version = os.getenv("LMSTUDIO_MODEL_VERSION", "local")
diff --git a/packages/nilai-common/src/nilai_common/__init__.py b/packages/nilai-common/src/nilai_common/__init__.py
@@ -10,7 +10,6 @@
     HealthCheckResponse,
     ModelEndpoint,
     ModelMetadata,
-    Nonce,
     AMDAttestationToken,
     NVAttestationToken,
     SearchResult,
@@ -22,10 +21,10 @@
     Topic,
     Message,
     MessageAdapter,
+    Usage,
 )
 from nilai_common.config import SETTINGS, MODEL_SETTINGS
 from nilai_common.discovery import ModelServiceDiscovery
-from openai.types.completion_usage import CompletionUsage as Usage
 
 __all__ = [
     "Message",
@@ -43,7 +42,6 @@
     "HealthCheckResponse",
     "ModelEndpoint",
     "ModelServiceDiscovery",
-    "Nonce",
     "AMDAttestationToken",
     "NVAttestationToken",
     "SETTINGS",
@@ -55,4 +53,5 @@
     "WebSearchEnhancedMessages",
     "WebSearchContext",
     "ResultContent",
+    "Usage",
 ]
diff --git a/packages/nilai-common/src/nilai_common/api_model.py b/packages/nilai-common/src/nilai_common/api_model.py
@@ -31,6 +31,9 @@
 from openai.types.chat.chat_completion_content_part_image_param import (
     ChatCompletionContentPartImageParam,
 )
+
+from openai.types.completion_usage import CompletionUsage as Usage
+
 from openai.types.chat.chat_completion import Choice as OpenaAIChoice
 from pydantic import BaseModel, Field
 
@@ -41,6 +44,37 @@
 TextContent: TypeAlias = ChatCompletionContentPartTextParam
 Message: TypeAlias = ChatCompletionMessageParam  # SDK union of message shapes
 
+# Explicitly re-export OpenAI types that are part of our public API
+__all__ = [
+    "ChatCompletion",
+    "ChatCompletionMessage",
+    "ChatCompletionMessageToolCall",
+    "ChatToolFunction",
+    "Function",
+    "ImageContent",
+    "TextContent",
+    "Message",
+    "ResultContent",
+    "Choice",
+    "Source",
+    "SearchResult",
+    "Topic",
+    "TopicResponse",
+    "TopicQuery",
+    "MessageAdapter",
+    "WebSearchEnhancedMessages",
+    "WebSearchContext",
+    "ChatRequest",
+    "SignedChatCompletion",
+    "ModelMetadata",
+    "ModelEndpoint",
+    "HealthCheckResponse",
+    "AttestationReport",
+    "AMDAttestationToken",
+    "NVAttestationToken",
+    "Usage",
+]
+
 
 # ---------- Domain-specific objects for web search ----------
 class ResultContent(BaseModel):
@@ -364,14 +398,6 @@ class HealthCheckResponse(BaseModel):
 
 
 # ---------- Attestation ----------
-Nonce = Annotated[
-    str,
-    Field(
-        max_length=64,
-        min_length=64,
-        description="The nonce to be used for the attestation",
-    ),
-]
 
 AMDAttestationToken = Annotated[
     str, Field(description="The attestation token from AMD's attestation service")
@@ -383,7 +409,6 @@ class HealthCheckResponse(BaseModel):
 
 
 class AttestationReport(BaseModel):
-    nonce: Nonce
     verifying_key: Annotated[str, Field(description="PEM encoded public key")]
     cpu_attestation: AMDAttestationToken
     gpu_attestation: NVAttestationToken
diff --git a/pyproject.toml b/pyproject.toml
@@ -24,7 +24,7 @@ dev = [
     "uvicorn>=0.32.1",
     "pytest-asyncio>=1.2.0",
     "testcontainers>=4.13.0",
-    "pyright>=1.1.405",
+    "pyright>=1.1.406",
     "pre-commit>=4.1.0",
     "httpx>=0.28.1",
 ]
diff --git a/scripts/credit-init.sql b/scripts/credit-init.sql
@@ -0,0 +1,23 @@
+-- Seed test data for development
+-- This migration inserts test users, admin keys, and test credentials
+
+-- Insert admin key
+INSERT INTO admins (key, user_id, is_active) VALUES
+    ('n i l l i o n', 'admin', true)
+ON CONFLICT (key) DO NOTHING;
+
+-- Insert test users
+INSERT INTO users (user_id, balance) VALUES
+    ('Docs User', 10000.0)
+ON CONFLICT (user_id) DO NOTHING;
+
+-- Insert test credentials for users
+-- Nillion2025 gets a private credential (API Key to access endpoints)
+INSERT INTO credentials (credential_key, user_id, is_public, is_active) VALUES
+    ('Nillion2025', 'Docs User', false, true)
+ON CONFLICT (credential_key) DO NOTHING;
+
+-- abc-def-ghi-123 gets a public credential (Public Keypair to access endpoints)
+INSERT INTO credentials (credential_key, user_id, is_public, is_active) VALUES
+    ('abc_private_key_123', 'Docs User', true, true)
+ON CONFLICT (credential_key) DO NOTHING;
diff --git a/tests/e2e/config.py b/tests/e2e/config.py
@@ -37,7 +37,7 @@ def api_key_getter() -> str:
         "meta-llama/Llama-3.2-1B-Instruct",
         "meta-llama/Llama-3.1-8B-Instruct",
     ],
-    "ci": ["meta-llama/Llama-3.2-1B-Instruct"],
+    "ci": ["llama-3.2-1b-instruct"],
 }
 
 if ENVIRONMENT not in models:
diff --git a/tests/e2e/test_http.py b/tests/e2e/test_http.py
@@ -11,7 +11,7 @@
 import json
 
 
-from .config import BASE_URL, test_models, AUTH_STRATEGY, api_key_getter
+from .config import BASE_URL, ENVIRONMENT, test_models, AUTH_STRATEGY, api_key_getter
 from .nuc import (
     get_rate_limited_nuc_token,
     get_invalid_rate_limited_nuc_token,
@@ -161,6 +161,10 @@ def test_usage_endpoint(client):
         assert key in usage_data, f"Expected key {key} not found in usage data"
 
 
+@pytest.mark.skipif(
+    ENVIRONMENT != "mainnet",
+    reason="Attestation endpoint not available in non-mainnet environment",
+)
 def test_attestation_endpoint(client):
     """Test the attestation endpoint"""
     response = client.get("/attestation/report")
diff --git a/tests/e2e/test_openai.py b/tests/e2e/test_openai.py
@@ -13,7 +13,7 @@
 import pytest
 from openai import OpenAI
 from openai.types.chat import ChatCompletion
-from .config import BASE_URL, test_models, AUTH_STRATEGY, api_key_getter
+from .config import BASE_URL, ENVIRONMENT, test_models, AUTH_STRATEGY, api_key_getter
 from .nuc import (
     get_rate_limited_nuc_token,
     get_invalid_rate_limited_nuc_token,
@@ -504,6 +504,10 @@ def test_usage_endpoint(client):
         pytest.fail(f"Error testing usage endpoint: {str(e)}")
 
 
+@pytest.mark.skipif(
+    ENVIRONMENT != "mainnet",
+    reason="Attestation endpoint not available in non-mainnet environment",
+)
 def test_attestation_endpoint(client):
     """Test retrieving attestation report"""
     try:
diff --git a/tests/unit/nilai_api/routers/test_private.py b/tests/unit/nilai_api/routers/test_private.py
@@ -119,7 +119,6 @@ def mock_state(mocker):
     # Patch get_attestation method
     attestation_response = AttestationReport(
         verifying_key="test-verifying-key",
-        nonce="0" * 64,
         cpu_attestation="test-cpu-attestation",
         gpu_attestation="test-gpu-attestation",
     )
diff --git a/uv.lock b/uv.lock

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ dependencies = [`
`35`	`35`	`"trafilatura>=1.7.0",`
`36`	`36`	`"secretvaults",`
`37`	`37`	`"e2b-code-interpreter>=1.0.3",`
`38`		`- "nilauth-credit-middleware>=0.1.0",`
	`38`	`+ "nilauth-credit-middleware>=0.1.1",`
`39`	`39`	`]`
`40`	`40`
`41`	`41`
Original file line number	Diff line number	Diff line change
`@@ -92,7 +92,7 @@ class LLMResponse(BaseModel):`
`92`	`92`	`)`
`93`	`93`
`94`	`94`
`95`		`-def user_id_extractor() -> Callable[[Request], Awaitable[str]]:`
	`95`	`+def credential_extractor() -> Callable[[Request], Awaitable[str]]:`
`96`	`96`	`if CONFIG.auth.auth_strategy == "nuc":`
`97`	`97`	`return from_nuc_bearer_root_token()`
`98`	`98`	`else:`
`@@ -145,7 +145,8 @@ async def calculator(request: Request, response_data: dict) -> float:`
`145`	`145`
`146`	`146`
`147`	`147`	`LLMMeter = create_metering_dependency(`
`148`		`- user_id_extractor=user_id_extractor(),`
	`148`	`+ credential_extractor=credential_extractor(),`
`149`	`149`	`estimated_cost=2.0,`
`150`	`150`	`cost_calculator=llm_cost_calculator(MyCostDictionary),`
	`151`	`+ public_identifiers=CONFIG.auth.auth_strategy == "nuc",`
`151`	`152`	`)`
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ dev = [`
`24`	`24`	`"uvicorn>=0.32.1",`
`25`	`25`	`"pytest-asyncio>=1.2.0",`
`26`	`26`	`"testcontainers>=4.13.0",`
`27`		`- "pyright>=1.1.405",`
	`27`	`+ "pyright>=1.1.406",`
`28`	`28`	`"pre-commit>=4.1.0",`
`29`	`29`	`"httpx>=0.28.1",`
`30`	`30`	`]`