Add option to work directly with OpenAI (OPENAI_API_KEY)

[galshubeli]

Summary by CodeRabbit

• New Features

  • API Tokens: generate, list, and delete tokens via new UI and endpoints.
  • MCP support: optional endpoints exposed when enabled.
  • Database connection now streams step-by-step progress and results.
  • Updated UI: Connect Database flow, progress steps, header/toolbar buttons, improved modals and responsive styles.

• Changes

  • Removed JSON/CSV/XML schema upload paths; these now return not implemented.

• Documentation

  • README revamped with Docker-first Quick Start, API usage, Swagger/OpenAPI links, and MCP overview.
  • Added Token Management guide; updated contributor setup and testing docs.

• Chores

  • Ignored demo token file; improved install target for frontend.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Introduces MCP endpoints with an env toggle, adds token management API and frontend UI, streams DB-connection progress, refactors loaders to async generators with distinct-value enrichment, adjusts auth to support API tokens and updated Google userinfo retrieval, revises config/model selection, removes legacy loaders/schemas/examples, and updates docs/build/test wiring.

Changes

Cohort / File(s)	Summary
Environment & Docs /.env.example, /README.md, /.github/copilot-instructions.md, /TOKEN_MANAGEMENT.md, /tests/e2e/README.md, /.github/wordlist.txt, /.gitignore, /vercel.json	Env vars updated (FASTAPI_SECRET_KEY, FALKORDB_URL; removed OAuth creds, DISABLE_MCP presence in docs). README and Copilot docs rewritten with Docker-first, MCP overview, API usage. Added token management doc. E2E docs add APP_ENV. Wordlist expanded. Ignore demo_tokens.py. Removed vercel.json.
Build & Config /Makefile, /Pipfile, /api/config.py	Makefile npm install uses --prefix. Pipfile bumps litellm, adds fastapi-mcp. Config selects Azure/OpenAI at runtime, adds AZURE_FLAG and DB thresholds; removes older constants.
App Factory, MCP, Tokens Router /api/app_factory.py, /api/routes/tokens.py	Conditional MCP mounting via FastApiMCP (env DISABLE_MCP). New /tokens endpoints: generate, list, delete (with models). Session cookie param removed.
Auth /api/auth/user_management.py, /api/routes/auth.py	Token extraction helper and token_required supports OAuth or API tokens; invalid tokens cleaned up. Google userinfo fetched via endpoint; client registered with api_base_url.
Agents /api/agents/__init__.py, /api/agents/analysis_agent.py, /api/agents/follow_up_agent.py, /api/agents/relevancy_agent.py, /api/agents/taxonomy_agent.py, /api/agents/utils.py	Removed TaxonomyAgent file and export. AnalysisAgent optional-typed params and internal formatting helpers. FollowUpAgent signature simplified and prompt fields updated. Minor whitespace/pylint tweaks.
Loaders Core /api/loaders/__init__.py, /api/loaders/base_loader.py	BaseLoader now abstract async generator load; adds count/distinct hooks and a helper to append distinct values to column descriptions based on thresholds.
MySQL Loader /api/loaders/mysql_loader.py	load becomes async generator yielding progress; adds distinct-value enrichment and DictCursor use; introduces MySQLQueryError/MySQLConnectionError; execute_sql_query refactored.
Postgres Loader /api/loaders/postgres_loader.py	load becomes async generator with progress; adds count/distinct helpers, schema-op detection constants; enriches column descriptions; introduces PostgreSQLQueryError/PostgreSQLConnectionError.
Removed Loaders & Validators /api/loaders/csv_loader.py, /api/loaders/json_loader.py, /api/loaders/odata_loader.py, /api/loaders/schema_validator.py	Deleted CSV/JSON/OData loaders and schema validator module.
Routes /api/routes/database.py, /api/routes/graphs.py	/database now streams JSON chunks (reasoning_step/error/final_result) with MESSAGE_DELIMITER; selects loader by URL. Graphs: disable JSON/XML/CSV loaders (501), add operation_ids, update ChatRequest typing and memory integration.
Memory /api/memory/graphiti_tool.py	Uses Config.AZURE_FLAG to create Azure vs default Graphiti client; moves to class-level Config usage.
Constants & Utils /api/constants.py, /api/utils.py, /api/graph.py	Removed EXAMPLES/BENCHMARK and related validators/benchmark funcs; minor pylint directive in graph.py.
Frontend Templates /app/templates/chat.j2, /app/templates/components/chat_header.j2, /app/templates/components/database_modal.j2, /app/templates/components/left_toolbar.j2, /app/templates/components/reset_modal.j2, /app/templates/components/token_modal.j2, /app/templates/components/user_profile.j2	Adds token modals and user-profile API Tokens button. Chat header replaces DB-type dropdown with “Connect Database” button. Database modal redesigned with custom dropdown, URL example, and steps list. Left toolbar gains footer buttons. Minor text tweak in reset modal.
Frontend CSS /app/public/css/buttons.css, /app/public/css/menu.css, /app/public/css/modals.css, /app/public/css/responsive.css	Toolbar/footer/button refactors; unify dropdown to header-button; new token modal and DB connection steps styling; modal selector changes and responsive updates.
Frontend TS /app/ts/app.ts, /app/ts/modules/modals.ts, /app/ts/modules/ui.ts, /app/ts/modules/tokens.ts	Token management module added and wired. Database modal now streams server progress, supports multiple openers, and custom dropdown. UI dropdown assumes non-null elements.
Examples & Schemas Removed /examples/*, /api/schema_aba.json, /api/schema_schema.json, /api/helpers/crm_data_generator.py	Removed sample schemas, SQLs, examples, JSON Schemas, and CRM data generator script.
Tests /tests/test_mysql_loader.py, /tests/test_postgres_loader.py	Tests adapted to consume async-generator loaders; updated mocking for multiple fetches.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor U as User
  participant UI as Frontend UI
  participant API as FastAPI /database
  participant L as Loader (Postgres/MySQL)
  participant G as Graph Store

  U->>UI: Open "Connect Database" modal
  UI->>API: POST /database {url, type}
  activate API
  API-->>UI: Stream reasoning_step (connecting...)
  API->>API: Detect DB type
  API-->>UI: Stream reasoning_step (extract tables)
  API->>L: load(prefix=user_id, url)
  loop Loader progress
    L-->>API: yield (ok,msg)
    API-->>UI: Stream reasoning_step (msg)
  end
  API->>G: Persist schema/relations
  API-->>UI: final_result {success:true}
  deactivate API

  alt Error
    API-->>UI: error {message}
  end

Loading

sequenceDiagram
  autonumber
  actor U as User
  participant UI as Token Modal (TS)
  participant T as /tokens Router
  participant Org as Organizations Graph
  participant CB as app.state.callback_handler

  U->>UI: Click "API Tokens"
  UI->>T: GET /tokens/list (with credentials)
  T->>Org: MATCH Identity{provider:'api'}-[:HAS_TOKEN]->(t:Token)
  Org-->>T: Tokens list
  T-->>UI: {tokens:[...]}

  U->>UI: Generate New Token
  UI->>T: POST /tokens/generate
  T->>CB: callback(provider='api', token=secrets.token_urlsafe)
  T-->>UI: {token_id, created_at}
  UI->>UI: Show token once, allow copy

  U->>UI: Delete Token
  UI->>T: DELETE /tokens/{last4}
  T->>Org: MATCH ... DELETE
  T-->>UI: 200 OK

Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Possibly related PRs

• Load DB in steps #161 — Introduces streaming DB connection, MCP toggling, tokens routes/UI, and related env changes; overlaps heavily with this PR.
• Add Swagger and REST API in README #162 — Adds MCP support and tokens plus README/env updates; touches the same app_factory and docs.
• Fix login handler #128 — Refactors loaders to async patterns; intersects with BaseLoader and DB-specific loaders changed here.

Suggested reviewers

• gkorland

Poem

A rabbit taps keys with a twitch of delight,
Tokens now bloom and the streams flow bright.
MCP whispers where configs decide,
Loaders hop forward, distinct values in stride.
Old trails pruned, new paths align—
QueryWeaver, thump-thump, you’re looking fine! 🐇✨

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch openai-config

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 5 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

Pipfile

Package	Version	License	Issue Type
fastapi-mcp	~> 0.4.0	Null	Unknown License
litellm	~> 1.76.0	Null	Unknown License

Pipfile.lock

Package	Version	License	Issue Type
regex	2025.8.29	Null	Unknown License
litellm	1.76.1	Null	Unknown License
mcp	1.13.1	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/fastapi-mcp	~> 0.4.0	Unknown	Unknown
pip/litellm	~> 1.76.0	Unknown	Unknown
pip/authlib	1.6.3	Unknown	Unknown
pip/fastapi-mcp	0.4.0	Unknown	Unknown
pip/fastuuid	0.12.0	Unknown	Unknown
pip/httpx-sse	0.4.1	Unknown	Unknown
pip/litellm	1.76.1	Unknown	Unknown
pip/markdown-it-py	4.0.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 10 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 8/23 approved changesets -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/mcp	1.13.1	Unknown	Unknown
pip/mdurl	0.1.2	🟢 4	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review ⚠️ 0 Found 2/26 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pydantic-settings	2.10.1	⚠️ 1.3	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ -1 no dependencies found Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 no SAST tool detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License ⚠️ 0 license file not detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities ⚠️ 0 27 existing vulnerabilities detected
pip/pygments	2.19.2	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Code-Review 🟢 6 Found 12/18 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/regex	2025.8.29	Unknown	Unknown
pip/rich	14.1.0	🟢 7.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 2 Found 4/17 approved changesets -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Vulnerabilities 🟢 9 1 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
pip/shellingham	1.5.4	🟢 3	Details Check Score Reason Code-Review 🟢 5 Found 6/11 approved changesets -- score normalized to 5 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities ⚠️ 0 13 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/sse-starlette	3.0.2	🟢 4.6	Details Check Score Reason Maintained 🟢 10 16 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 2 Found 5/23 approved changesets -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/tokenizers	0.22.0	🟢 5.3	Details Check Score Reason Maintained 🟢 10 18 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 7 Found 20/26 approved changesets -- score normalized to 7 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 4 6 existing vulnerabilities detected
pip/tomli	2.2.1	🟢 4.7	Details Check Score Reason Code-Review 🟢 3 Found 7/21 approved changesets -- score normalized to 3 Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 9 1 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/typer	0.17.3	Unknown	Unknown

Scanned Files

• Pipfile
• Pipfile.lock

[Copilot]

Pull Request Overview

This PR adds support for using OpenAI directly as an alternative to Azure OpenAI by introducing an OPENAI_API_KEY configuration option. The system automatically detects which API to use based on the presence of the OpenAI API key.

Key changes:

• Automatic detection between Azure OpenAI and direct OpenAI based on environment variables
• Configuration updates to support both AI providers with appropriate model names
• Documentation updates explaining the new OpenAI option

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
api/config.py	Adds logic to detect OPENAI_API_KEY and switch between Azure/OpenAI models automatically
api/memory/graphiti_tool.py	Updates Graphiti client creation to support both Azure and default OpenAI configurations
README.md	Documents the new OpenAI direct integration option with configuration examples
.env.example	Adds comments explaining the OpenAI vs Azure OpenAI configuration choice
.github/wordlist.txt	Adds "LLM" and "OpenAI" to the spell-check wordlist