Resolve Conflicts

Author: ryaneggz

Changelog.md

@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## v0.0.2-rc142
 
 ### Changed
+  - feat/665-allow-user-configure-default-account-settings (2026-01-30)
   - feat/707-ticket-md-ralph-loop (2026-01-30)
   - feat/694-show-subagent-tool-calls (2026-01-24)
   - feat/504-frontend-queue (2026-01-20)

backend/src/agents/__init__.py

@@ -66,13 +66,17 @@ def init_graph(
     store: BaseStore | None = None,
     middleware: list[Callable] = None,
     backend: CompositeBackend = None,
+    api_key: str | None = None,
 ) -> CompiledStateGraph:
     from langchain.chat_models import init_chat_model
 
     if not model:
         model = DEFAULT_CHAT_MODEL
 
-    llm = init_chat_model(model=model)
+    kwargs: dict[str, Any] = {"model": model}
+    if api_key:
+        kwargs["api_key"] = api_key
+    llm = init_chat_model(**kwargs)
 
     deep_agent = create_deep_agent(
         model=llm,
@@ -209,6 +213,7 @@ async def construct_agent(
     backend: CompositeBackend = None,
     checkpointer: BaseCheckpointSaver = None,
     service_context: ServiceContext = None,
+    api_key: str | None = None,
 ):
     try:
         if subagents:
@@ -228,6 +233,7 @@ async def construct_agent(
             middleware=middleware,
             context_schema=ContextSchema,
             backend=backend,
+            api_key=api_key,
         )
         return agent
     except Exception as e:
@@ -248,6 +254,7 @@ def __init__(
         middleware: list[Callable] = None,
         graph_id: Literal["react", "deepagent"] = "deepagent",
         backend: CompositeBackend = None,
+        api_key: str | None = None,
     ):
         self.tools = tools
         self.model = model
@@ -266,6 +273,7 @@ def __init__(
             store=self.store,
             middleware=middleware,
             backend=backend,
+            api_key=api_key,
         )
 
     async def invoke(

backend/src/controllers/llm.py

@@ -13,6 +13,8 @@
 from src.services.db import get_checkpoint_db
 from src.utils.stream import stream_generator
 from src.agents import Orchestra
+from src.repos.user_settings_repo import UserSettingsRepo
+from src.utils.llm import resolve_api_key
 from src.utils.logger import logger
 from src.utils.format import get_time
 
@@ -68,10 +70,34 @@ async def _update_store(self, agent: Orchestra, config: RunnableConfig) -> None:
         )
         logger.info(f"checkpoint: {ujson.dumps(configurable)}")
 
+    async def _resolve_user_settings(self, model: str) -> tuple[str, str | None]:
+        """Resolve user default model and API key.
+
+        Returns (model, api_key) where model may be overridden by user default
+        and api_key is the resolved key for the provider.
+        """
+        if not self.user_id:
+            return model, None
+
+        settings_repo = UserSettingsRepo(self.user_id, self.store)
+        settings = await settings_repo._get_or_create()
+        user_keys = settings_repo._decrypt_keys(settings)
+
+        # Apply user default model when request has no explicit model
+        if not model and settings.default_model:
+            model = settings.default_model
+
+        api_key = resolve_api_key(model, user_keys if user_keys else None)
+        return model, api_key
+
     async def llm_invoke(self, params: LLMRequest):
         try:
             config = init_config(params, user_id=self.user_id)
             params = await self.service_context.llm_service.assistant(params)
+
+            # Resolve user-configured API key and default model
+            params.model, api_key = await self._resolve_user_settings(params.model)
+
             async with get_checkpoint_db() as checkpointer:
                 backend = self.init_backend(params)
                 agent: Orchestra = await construct_agent(
@@ -83,6 +109,7 @@ async def llm_invoke(self, params: LLMRequest):
                     checkpointer=checkpointer,
                     backend=backend,
                     service_context=self.service_context,
+                    api_key=api_key,
                 )
                 response = await agent.invoke(
                     params.input,
@@ -100,6 +127,10 @@ async def llm_invoke(self, params: LLMRequest):
 
     async def llm_stream(self, params: LLMRequest):
         assistant = await self.service_context.llm_service.assistant(params)
+
+        # Resolve user-configured API key and default model
+        assistant.model, api_key = await self._resolve_user_settings(assistant.model)
+
         return stream_generator(
             input=assistant.input,
             model=assistant.model,
@@ -109,6 +140,7 @@ async def llm_stream(self, params: LLMRequest):
             config=self.service_context.config,
             service_context=self.service_context,
             instructions=assistant.instructions,
+            api_key=api_key,
         )
 
     async def llm_task(self, job: ScheduleCreate):

backend/src/repos/base_repo.py

@@ -6,6 +6,7 @@
 from src.services.db import get_store_in_memory
 from src.schemas.entities.store import Source, Project, Document
 from src.schemas.entities.auth import ApiToken
+from src.schemas.entities.settings import UserSettings
 from src.utils.logger import logger
 
 
@@ -43,6 +44,8 @@ def _format(self, item: SearchItem) -> Any:
             return Project.model_validate(item.value)
         elif self.entity_type == "api_tokens":
             return ApiToken.model_validate(item.value)
+        elif self.entity_type == "user_settings":
+            return UserSettings.model_validate(item.value)
         else:
             raise ValueError(f"Invalid entity type: {self.entity_type}")
 

backend/src/repos/user_settings_repo.py

@@ -0,0 +1,104 @@
+from typing import Optional
+import uuid
+from datetime import datetime, timezone
+
+from src.repos.base_repo import BaseRepo
+from src.schemas.entities.settings import UserSettings, ProviderKeyStatus
+from src.utils.security import encrypt_value, decrypt_value
+from src.constants import UserTokenKey
+
+# Single well-known key for the one settings record per user
+_SETTINGS_KEY = "default"
+
+
+class UserSettingsRepo(BaseRepo):
+    def __init__(self, user_id: str, store):
+        super().__init__(user_id, store, "user_settings")
+
+    # ------------------------------------------------------------------
+    # Helpers
+    # ------------------------------------------------------------------
+
+    def _validate_provider(self, provider: str) -> None:
+        """Raise ValueError if provider is not in UserTokenKey."""
+        valid = UserTokenKey.values()
+        if provider not in valid:
+            raise ValueError(f"Invalid provider '{provider}'. Must be one of: {valid}")
+
+    async def _get_or_create(self) -> UserSettings:
+        """Return existing settings or create an empty record."""
+        item = await self._get(_SETTINGS_KEY)
+        if item:
+            return UserSettings.model_validate(item.value)
+        settings = UserSettings(
+            id=str(uuid.uuid4()),
+            user_id=self.user_id,
+            created_at=datetime.now(timezone.utc),
+            updated_at=datetime.now(timezone.utc),
+        )
+        await self._set(_SETTINGS_KEY, settings)
+        return settings
+
+    def _decrypt_keys(self, settings: UserSettings) -> dict[str, str]:
+        """Return decrypted key map, or empty dict if nothing stored."""
+        if not settings.encrypted_keys:
+            return {}
+        return decrypt_value(settings.encrypted_keys)
+
+    def _encrypt_keys(self, keys: dict[str, str]) -> Optional[str]:
+        if not keys:
+            return None
+        return encrypt_value(keys)
+
+    # ------------------------------------------------------------------
+    # Public API
+    # ------------------------------------------------------------------
+
+    async def get_settings(self) -> tuple[UserSettings, list[ProviderKeyStatus]]:
+        """Return settings and provider key statuses (no raw keys)."""
+        settings = await self._get_or_create()
+        keys = self._decrypt_keys(settings)
+        statuses = [
+            ProviderKeyStatus(provider=p.value, is_set=(p.value in keys))
+            for p in UserTokenKey
+        ]
+        return settings, statuses
+
+    async def set_default_model(self, model: Optional[str]) -> UserSettings:
+        settings = await self._get_or_create()
+        settings.default_model = model
+        settings.updated_at = datetime.now(timezone.utc)
+        await self._set(_SETTINGS_KEY, settings)
+        return settings
+
+    async def upsert_provider_key(self, provider: str, api_key: str) -> UserSettings:
+        self._validate_provider(provider)
+        settings = await self._get_or_create()
+        keys = self._decrypt_keys(settings)
+        keys[provider] = api_key
+        settings.encrypted_keys = self._encrypt_keys(keys)
+        settings.updated_at = datetime.now(timezone.utc)
+        await self._set(_SETTINGS_KEY, settings)
+        return settings
+
+    async def delete_provider_key(self, provider: str) -> UserSettings:
+        self._validate_provider(provider)
+        settings = await self._get_or_create()
+        keys = self._decrypt_keys(settings)
+        keys.pop(provider, None)
+        settings.encrypted_keys = self._encrypt_keys(keys)
+        settings.updated_at = datetime.now(timezone.utc)
+        await self._set(_SETTINGS_KEY, settings)
+        return settings
+
+    async def get_all_decrypted_keys(self) -> dict[str, str]:
+        """Return all decrypted provider keys as a dict."""
+        settings = await self._get_or_create()
+        return self._decrypt_keys(settings)
+
+    async def get_decrypted_key(self, provider: str) -> Optional[str]:
+        """Return the raw decrypted key for a single provider, or None."""
+        self._validate_provider(provider)
+        settings = await self._get_or_create()
+        keys = self._decrypt_keys(settings)
+        return keys.get(provider)

backend/src/routes/v0/__init__.py

@@ -16,6 +16,7 @@
 from .project import router as project
 from .api_tokens import router as api_tokens
 from .share import router as share
+from .settings import router as settings
 
 
 def create_api_router(app: FastAPI, prefix: str = "/api"):
@@ -35,6 +36,7 @@ def create_api_router(app: FastAPI, prefix: str = "/api"):
     app.include_router(storage, prefix=prefix)
     app.include_router(api_tokens, prefix=prefix)
     app.include_router(share, prefix=prefix)
+    app.include_router(settings, prefix=prefix)
     return app
 
 

backend/src/routes/v0/settings.py

@@ -0,0 +1,82 @@
+from fastapi import APIRouter, Depends, HTTPException, status
+
+from src.schemas.models import User
+from src.schemas.entities.settings import (
+    UserSettingsResponse,
+    UpdateDefaultModelRequest,
+    UpsertProviderKeyRequest,
+)
+from src.repos.user_settings_repo import UserSettingsRepo
+from src.utils.auth import verify_credentials
+from src.services.db import get_store
+
+router = APIRouter(tags=["Settings"])
+
+
+def _get_repo(user: User, store) -> UserSettingsRepo:
+    return UserSettingsRepo(str(user.id), store)
+
+
+@router.get("/settings", response_model=UserSettingsResponse)
+async def get_settings(
+    user: User = Depends(verify_credentials), store=Depends(get_store)
+):
+    repo = _get_repo(user, store)
+    settings, statuses = await repo.get_settings()
+    return UserSettingsResponse(
+        default_model=settings.default_model,
+        provider_keys=statuses,
+    )
+
+
+@router.put("/settings/default-model", response_model=UserSettingsResponse)
+async def update_default_model(
+    req: UpdateDefaultModelRequest,
+    user: User = Depends(verify_credentials),
+    store=Depends(get_store),
+):
+    repo = _get_repo(user, store)
+    await repo.set_default_model(req.model)
+    settings, statuses = await repo.get_settings()
+    return UserSettingsResponse(
+        default_model=settings.default_model,
+        provider_keys=statuses,
+    )
+
+
+@router.put("/settings/provider-keys", response_model=UserSettingsResponse)
+async def upsert_provider_key(
+    req: UpsertProviderKeyRequest,
+    user: User = Depends(verify_credentials),
+    store=Depends(get_store),
+):
+    repo = _get_repo(user, store)
+    try:
+        await repo.upsert_provider_key(req.provider, req.api_key)
+    except ValueError as e:
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(e))
+    settings, statuses = await repo.get_settings()
+    return UserSettingsResponse(
+        default_model=settings.default_model,
+        provider_keys=statuses,
+    )
+
+
+@router.delete(
+    "/settings/provider-keys/{provider}", response_model=UserSettingsResponse
+)
+async def delete_provider_key(
+    provider: str,
+    user: User = Depends(verify_credentials),
+    store=Depends(get_store),
+):
+    repo = _get_repo(user, store)
+    try:
+        await repo.delete_provider_key(provider)
+    except ValueError as e:
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(e))
+    settings, statuses = await repo.get_settings()
+    return UserSettingsResponse(
+        default_model=settings.default_model,
+        provider_keys=statuses,
+    )

backend/src/schemas/entities/__init__.py

@@ -7,6 +7,13 @@
 from src.schemas.entities.llm import *
 from src.schemas.entities.store import Thread
 from src.schemas.entities.auth import ApiToken
+from src.schemas.entities.settings import (
+    UserSettings,
+    UserSettingsResponse,
+    ProviderKeyStatus,
+    UpdateDefaultModelRequest,
+    UpsertProviderKeyRequest,
+)
 from src.schemas.entities.hitl import (
     DecisionType,
     HumanDecision,