Skip to content

Commit c971439

Browse files
committed
Streaming query feature
1 parent a946590 commit c971439

94 files changed

Lines changed: 10473 additions & 8366 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/e2e_tests.yaml

Lines changed: 28 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -93,44 +93,51 @@ jobs:
9393
9494
- name: Select and configure run.yaml
9595
env:
96-
CONFIG_MODE: ${{ matrix.mode }}
96+
CONFIG_ENVIRONMENT: ${{ matrix.environment }}
9797
run: |
9898
CONFIGS_DIR="tests/e2e/configs"
99-
MODE="$CONFIG_MODE"
99+
ENVIRONMENT="$CONFIG_ENVIRONMENT"
100100
101-
echo "Deployment mode: $MODE"
101+
echo "Looking for configurations in $CONFIGS_DIR/"
102102
103-
# Select config based on mode:
104-
# - library mode: run-library.yaml (llama-stack 0.3.0 format)
105-
# - server mode: run-ci.yaml (original format)
106-
if [ "$MODE" == "library" ]; then
107-
CONFIG_FILE="$CONFIGS_DIR/run-library.yaml"
103+
# List available configurations
104+
if [ -d "$CONFIGS_DIR" ]; then
105+
echo "Available configurations:"
106+
ls -la "$CONFIGS_DIR"/*.yaml 2>/dev/null || echo "No YAML files found in $CONFIGS_DIR/"
108107
else
109-
CONFIG_FILE="$CONFIGS_DIR/run-ci.yaml"
108+
echo "Configs directory '$CONFIGS_DIR' not found!"
109+
exit 1
110110
fi
111111
112-
echo "Using configuration: $CONFIG_FILE"
112+
# Determine which config file to use
113+
CONFIG_FILE="$CONFIGS_DIR/run-$ENVIRONMENT.yaml"
114+
115+
echo "Looking for: $CONFIG_FILE"
113116
114-
if [ ! -f "$CONFIG_FILE" ]; then
115-
echo "❌ Configuration not found: $CONFIG_FILE"
116-
echo "Available configs:"
117-
ls -la "$CONFIGS_DIR"/*.yaml
117+
if [ -f "$CONFIG_FILE" ]; then
118+
echo "Found config for $ENVIRONMENT environment"
119+
cp "$CONFIG_FILE" run.yaml
120+
else
121+
echo "Configuration file not found: $CONFIG_FILE"
122+
echo "Available files:"
123+
find "$CONFIGS_DIR" -name "*.yaml"
118124
exit 1
119125
fi
120126
121-
cp "$CONFIG_FILE" run.yaml
122-
echo "✅ Configuration copied to run.yaml"
127+
# Update paths for container environment (relative -> absolute)
128+
sed -i 's|db_path: \.llama/distributions|db_path: /app-root/.llama/distributions|g' run.yaml
129+
sed -i 's|db_path: tmp/|db_path: /app-root/.llama/distributions/|g' run.yaml
130+
131+
echo "Successfully configured for $ENVIRONMENT environment"
132+
echo "Using configuration: $(basename "$CONFIG_FILE")"
123133
124134
- name: Show final configuration
125135
run: |
126136
echo "=== Configuration Summary ==="
127137
echo "Deployment mode: ${{ matrix.mode }}"
128138
echo "Environment: ${{ matrix.environment }}"
129-
if [ "${{ matrix.mode }}" == "library" ]; then
130-
echo "Source config: tests/e2e/configs/run-library.yaml"
131-
else
132-
echo "Source config: tests/e2e/configs/run-ci.yaml"
133-
fi
139+
echo "Source config: tests/e2e/configs/run-${{ matrix.environment }}.yaml"
140+
echo "Final file: run.yaml"
134141
echo ""
135142
echo "=== Configuration Preview ==="
136143
echo "Providers: $(grep -c "provider_id:" run.yaml)"

.tekton/lightspeed-stack-pull-request.yaml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -333,7 +333,7 @@ spec:
333333
- name: name
334334
value: deprecated-image-check
335335
- name: bundle
336-
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:462baed733dfc38aca5395499e92f19b6f13a74c2e88fe5d86c3cffa2f899b57
336+
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:f59175d9a0a60411738228dfe568af4684af4aa5e7e05c832927cb917801d489
337337
- name: kind
338338
value: task
339339
resolver: bundles
@@ -413,7 +413,7 @@ spec:
413413
- name: name
414414
value: sast-snyk-check-oci-ta
415415
- name: bundle
416-
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:8ad28b7783837a24acbc9a8494c935e796e591ce476085ad5899bebd7e53f077
416+
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:60f2dac41844d222086ff7f477e51f3563716b183d87db89f603d6f604c21760
417417
- name: kind
418418
value: task
419419
resolver: bundles
@@ -485,7 +485,7 @@ spec:
485485
- name: name
486486
value: sast-coverity-check-oci-ta
487487
- name: bundle
488-
value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:78f5244a8cfd28c890ed62db7e4ff1fc97ff39876d37fb19f1b0c2c286a4002c
488+
value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:ae62d14c999fd93246fef4e57d28570fa5200c3266b9a3263a39965e5a5b02d7
489489
- name: kind
490490
value: task
491491
resolver: bundles
@@ -506,7 +506,7 @@ spec:
506506
- name: name
507507
value: coverity-availability-check
508508
- name: bundle
509-
value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:36400873d3031df128c55aa71ee11d322c3e55fd8f13dc5779098fbc117c0aa3
509+
value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:36bcf1531b85c2c7d7b4382bc0a9c61b0501e2e54e84991b11b225bdec0e5928
510510
- name: kind
511511
value: task
512512
resolver: bundles
@@ -532,7 +532,7 @@ spec:
532532
- name: name
533533
value: sast-shell-check-oci-ta
534534
- name: bundle
535-
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:d44336d7bcbd1f7cedee639357a493bd1f661e2859e49e11a34644bdf6819c4e
535+
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:1f0fcba24ebc447d9f8a2ea2e8f262fa435d6c523ca6b0346cd67261551fc9ed
536536
- name: kind
537537
value: task
538538
resolver: bundles
@@ -558,7 +558,7 @@ spec:
558558
- name: name
559559
value: sast-unicode-check-oci-ta
560560
- name: bundle
561-
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:e5a8d3e8e7be7246a1460385b95c084ea6e8fe7520d40fe4389deb90f1bf5176
561+
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:1833c618170ab9deb8455667f220df8e88d16ccd630a2361366f594e2bdcb712
562562
- name: kind
563563
value: task
564564
resolver: bundles
@@ -620,7 +620,7 @@ spec:
620620
- name: name
621621
value: rpms-signature-scan
622622
- name: bundle
623-
value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:6cfeaece9a338fa89bcaaad00f9f540789a62eaace6cd9fe35add050957405cc
623+
value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:3d016c63bcab64ab82da762a52b013c0bcb534e9523b8c0e073cc3a0c02f0cac
624624
- name: kind
625625
value: task
626626
resolver: bundles

.tekton/lightspeed-stack-push.yaml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -330,7 +330,7 @@ spec:
330330
- name: name
331331
value: deprecated-image-check
332332
- name: bundle
333-
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:462baed733dfc38aca5395499e92f19b6f13a74c2e88fe5d86c3cffa2f899b57
333+
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:f59175d9a0a60411738228dfe568af4684af4aa5e7e05c832927cb917801d489
334334
- name: kind
335335
value: task
336336
resolver: bundles
@@ -410,7 +410,7 @@ spec:
410410
- name: name
411411
value: sast-snyk-check-oci-ta
412412
- name: bundle
413-
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:8ad28b7783837a24acbc9a8494c935e796e591ce476085ad5899bebd7e53f077
413+
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:60f2dac41844d222086ff7f477e51f3563716b183d87db89f603d6f604c21760
414414
- name: kind
415415
value: task
416416
resolver: bundles
@@ -482,7 +482,7 @@ spec:
482482
- name: name
483483
value: sast-coverity-check-oci-ta
484484
- name: bundle
485-
value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:78f5244a8cfd28c890ed62db7e4ff1fc97ff39876d37fb19f1b0c2c286a4002c
485+
value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:ae62d14c999fd93246fef4e57d28570fa5200c3266b9a3263a39965e5a5b02d7
486486
- name: kind
487487
value: task
488488
resolver: bundles
@@ -503,7 +503,7 @@ spec:
503503
- name: name
504504
value: coverity-availability-check
505505
- name: bundle
506-
value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:36400873d3031df128c55aa71ee11d322c3e55fd8f13dc5779098fbc117c0aa3
506+
value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:36bcf1531b85c2c7d7b4382bc0a9c61b0501e2e54e84991b11b225bdec0e5928
507507
- name: kind
508508
value: task
509509
resolver: bundles
@@ -529,7 +529,7 @@ spec:
529529
- name: name
530530
value: sast-shell-check-oci-ta
531531
- name: bundle
532-
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:d44336d7bcbd1f7cedee639357a493bd1f661e2859e49e11a34644bdf6819c4e
532+
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:1f0fcba24ebc447d9f8a2ea2e8f262fa435d6c523ca6b0346cd67261551fc9ed
533533
- name: kind
534534
value: task
535535
resolver: bundles
@@ -555,7 +555,7 @@ spec:
555555
- name: name
556556
value: sast-unicode-check-oci-ta
557557
- name: bundle
558-
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:e5a8d3e8e7be7246a1460385b95c084ea6e8fe7520d40fe4389deb90f1bf5176
558+
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:1833c618170ab9deb8455667f220df8e88d16ccd630a2361366f594e2bdcb712
559559
- name: kind
560560
value: task
561561
resolver: bundles
@@ -617,7 +617,7 @@ spec:
617617
- name: name
618618
value: rpms-signature-scan
619619
- name: bundle
620-
value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:6cfeaece9a338fa89bcaaad00f9f540789a62eaace6cd9fe35add050957405cc
620+
value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:3d016c63bcab64ab82da762a52b013c0bcb534e9523b8c0e073cc3a0c02f0cac
621621
- name: kind
622622
value: task
623623
resolver: bundles

Containerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ USER root
1818
RUN dnf install -y --nodocs --setopt=keepcache=0 --setopt=tsflags=nodocs gcc
1919

2020
# Install uv package manager
21-
RUN pip3.12 install "uv>=0.8.15"
21+
RUN pip3.12 install "uv==0.8.15"
2222

2323
# Add explicit files and directories
2424
# (avoid accidental inclusion of local directories or env files or credentials)

Makefile

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -43,12 +43,9 @@ schema: ## Generate OpenAPI schema file
4343

4444
openapi-doc: docs/openapi.json scripts/fix_openapi_doc.py ## Generate OpenAPI documentation
4545
openapi-to-markdown --input_file docs/openapi.json --output_file output.md
46-
python3 scripts/fix_openapi_doc.py < output.md > docs/openapi.md
46+
python3 scripts/fix_openapi_doc.py < output.md > docs/output.md
4747
rm output.md
4848

49-
generate-documentation: ## Generate documentation
50-
scripts/gen_doc.py
51-
5249
# TODO uv migration
5350
requirements.txt: pyproject.toml pdm.lock ## Generate requirements.txt file containing hashes for all non-devel packages
5451
pdm export --prod --format requirements --output requirements.txt --no-extras --without evaluation

README.md

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
[![License](https://img.shields.io/badge/license-Apache-blue)](https://github.com/lightspeed-core/lightspeed-stack/blob/main/LICENSE)
77
[![made-with-python](https://img.shields.io/badge/Made%20with-Python-1f425f.svg)](https://www.python.org/)
88
[![Required Python version](https://img.shields.io/python/required-version-toml?tomlFilePath=https%3A%2F%2Fraw.githubusercontent.com%2Flightspeed-core%2Flightspeed-stack%2Frefs%2Fheads%2Fmain%2Fpyproject.toml)](https://www.python.org/)
9-
[![Tag](https://img.shields.io/github/v/tag/lightspeed-core/lightspeed-stack)](https://github.com/lightspeed-core/lightspeed-stack/releases/tag/0.3.1)
9+
[![Tag](https://img.shields.io/github/v/tag/lightspeed-core/lightspeed-stack)](https://github.com/lightspeed-core/lightspeed-stack/releases/tag/0.3.0)
1010

1111
Lightspeed Core Stack (LCS) is an AI-powered assistant that provides answers to product questions using backend LLM services, agents, and RAG databases.
1212

@@ -163,8 +163,7 @@ To quickly get hands on LCS, we can run it using the default configurations prov
163163
164164
## LLM Compatibility
165165
166-
Lightspeed Core Stack (LCS) provides support for Large Language Model providers. The models listed in the table below represent specific examples that have been tested within LCS.
167-
__Note__: Support for individual models is dependent on the specific inference provider's implementation within the currently supported version of Llama Stack.
166+
Lightspeed Core Stack (LCS) supports the large language models from the providers listed below.
168167
169168
| Provider | Model | Tool Calling | provider_type | Example |
170169
| -------- | ---------------------------------------------- | ------------ | -------------- | -------------------------------------------------------------------------- |
@@ -1024,4 +1023,4 @@ podman run -it $BASE_IMAGE cat /etc/yum.repos.d/ubi.repo > ubi.repo
10241023
rpm-lockfile-prototype --image $BASE_IMAGE rpms.in.yaml
10251024
```
10261025

1027-
This creates `rpms.lock.yaml` with pinned RPM versions.
1026+
This creates `rpms.lock.yaml` with pinned RPM versions.

docker-compose.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ services:
2323
- RHEL_AI_PORT=${RHEL_AI_PORT}
2424
- RHEL_AI_API_KEY=${RHEL_AI_API_KEY}
2525
- RHEL_AI_MODEL=${RHEL_AI_MODEL}
26+
- LLAMA_STACK_LOGGING=all=debug # enable llama-stack debug log
2627
networks:
2728
- lightspeednet
2829
healthcheck:

docs/auth.md

Lines changed: 0 additions & 87 deletions
Original file line numberDiff line numberDiff line change
@@ -158,93 +158,6 @@ Authentication that checks a given API Key token is present as a Bearer token
158158
- Same user ID and username handling as `noop`
159159
- Token is passed through and validated against the API Key given from configuration, for downstream use
160160

161-
### Red Hat Identity (`rh-identity`)
162-
163-
Red Hat Identity header authentication is suitable for deployments behind Red Hat
164-
Hybrid Cloud Console infrastructure (e.g., console.redhat.com, Insights). This
165-
method validates the `x-rh-identity` header provided by Red Hat's authentication
166-
proxy, supporting both User (console users) and System (RHEL systems) identity types.
167-
168-
**Configuration:**
169-
```yaml
170-
authentication:
171-
module: rh-identity
172-
rh_identity_config:
173-
required_entitlements: ["rhel"] # optional, validates service entitlements
174-
```
175-
176-
The `required_entitlements` field accepts a list of service names. When configured,
177-
ALL listed entitlements must be present in the identity header. Omit this field
178-
to disable entitlement validation entirely.
179-
180-
**Identity Types:**
181-
182-
- **User**: Console users authenticated via SSO. Identified by `user_id` and `username`
183-
from the `identity.user` object.
184-
- **System**: Certificate-authenticated RHEL systems. Identified by `cn` (Common Name)
185-
from the `identity.system` object, with `account_number` used as username.
186-
187-
**Header Format:**
188-
189-
The `x-rh-identity` header contains a base64-encoded JSON payload. Below are
190-
examples of the decoded JSON structure for each identity type.
191-
192-
User identity:
193-
```json
194-
{
195-
"identity": {
196-
"account_number": "123456",
197-
"org_id": "654321",
198-
"type": "User",
199-
"user": {
200-
"user_id": "abc123",
201-
"username": "user@example.com",
202-
"is_org_admin": false
203-
}
204-
},
205-
"entitlements": {
206-
"rhel": {"is_entitled": true, "is_trial": false}
207-
}
208-
}
209-
```
210-
211-
System identity:
212-
```json
213-
{
214-
"identity": {
215-
"account_number": "123456",
216-
"org_id": "654321",
217-
"type": "System",
218-
"system": {
219-
"cn": "c87dcb4c-8af1-40dd-878e-60c744edddd0"
220-
}
221-
},
222-
"entitlements": {
223-
"rhel": {"is_entitled": true, "is_trial": false}
224-
}
225-
}
226-
```
227-
228-
**Behavior:**
229-
- Extracts `x-rh-identity` header from request
230-
- Base64 decodes and parses as JSON
231-
- Validates structure based on identity type (User or System)
232-
- Validates service entitlements if `required_entitlements` is configured
233-
- Extracts user_id (or cn for System) and username (or account_number for System)
234-
235-
**Requirements:**
236-
- Valid `x-rh-identity` header with base64-encoded JSON
237-
- Proper JSON structure for the identity type
238-
- Required service entitlements (if configured)
239-
240-
**Error Responses:**
241-
242-
| Status | Condition |
243-
|--------|-----------|
244-
| 401 | Missing `x-rh-identity` header |
245-
| 400 | Invalid base64 encoding, invalid JSON, or missing required fields |
246-
| 403 | Missing required service entitlements |
247-
248161
## Authorization System
249162

250163
Authorization is controlled through role-based access control using two resolver types.

0 commit comments

Comments
 (0)