trykimu
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 36 additions & 0 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎backend/.env.example‎
Lines changed: 4 additions & 1 deletion b/‎backend/.env.example‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎backend/README.md‎
Lines changed: 7 additions & 2 deletions b/‎backend/README.md‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎backend/ai/__init__.py‎ b/‎backend/ai/__init__.py‎
diff --git a/‎backend/ai/routes.py‎
Lines changed: 67 additions & 0 deletions b/‎backend/ai/routes.py‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎backend/schema.py‎ ‎backend/ai/schema.py‎backend/schema.py renamed to backend/ai/schema.py
Lines changed: 38 additions & 12 deletions b/‎backend/schema.py‎ ‎backend/ai/schema.py‎backend/schema.py renamed to backend/ai/schema.py
Lines changed: 38 additions & 12 deletions
diff --git a/‎backend/auth/__init__.py‎ b/‎backend/auth/__init__.py‎
diff --git a/‎backend/auth/routes.py‎
Lines changed: 148 additions & 0 deletions b/‎backend/auth/routes.py‎
Lines changed: 148 additions & 0 deletions
@@ -0,0 +1,36 @@
+repos:
+  # ── Backend (Python) ──────────────────────────────────────────────
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.15.4
+    hooks:
+      - id: ruff
+        name: "ruff lint"
+        args: [--fix]
+        files: ^backend/
+      - id: ruff-format
+        name: "ruff format"
+        files: ^backend/
+
+  # ── Backend mypy + Frontend ────────────────────────────────────────
+  - repo: local
+    hooks:
+      - id: mypy
+        name: "mypy"
+        entry: bash -c 'cd backend && uv run mypy .'
+        language: system
+        files: ^backend/
+        pass_filenames: false
+
+      - id: eslint
+        name: "eslint"
+        entry: pnpm eslint --fix
+        language: system
+        files: \.(ts|tsx)$
+        exclude: ^backend/
+
+      - id: prettier
+        name: "prettier"
+        entry: pnpm prettier --write --ignore-unknown
+        language: system
+        files: \.(ts|tsx|js|jsx|json|css)$
+        exclude: ^backend/
@@ -1 +1,4 @@
-GEMINI_API_KEY=""
+GEMINI_API_KEY=""
+GOOGLE_CLIENT_ID=""
+JWT_SECRET=""
+DATABASE_URL=""
@@ -1,8 +1,13 @@
 Here lies the glorious backend.
 
-How to run:
 
+Setup:
+```
+uv sync --all-groups
+uv run pre-commit install
+```
+
+Run:
 ```
-uv sync
 uv run main.py
 ```
@@ -0,0 +1,67 @@
+import os
+from typing import Any
+
+from fastapi import APIRouter, HTTPException
+from google import genai
+from pydantic import BaseModel, ConfigDict
+
+from ai.schema import FunctionCallResponse
+
+router = APIRouter(tags=["ai"])
+
+GEMINI_API_KEY: str = os.getenv("GEMINI_API_KEY", "")
+gemini_client: genai.Client = genai.Client(api_key=GEMINI_API_KEY)
+
+
+class Message(BaseModel):
+    # Be permissive with incoming payloads from the frontend
+    model_config = ConfigDict(extra="ignore")
+
+    message: str  # the full user message
+    mentioned_scrubber_ids: list[str] | None = None  # scrubber ids mentioned via '@'
+    # Accept any shape for resilience; backend does not mutate these
+    timeline_state: dict[str, Any] | None = None  # current timeline state
+    mediabin_items: list[dict[str, Any]] | None = None  # current media bin
+    chat_history: list[dict[str, Any]] | None = (
+        None  # prior turns: [{"role":"user"|"assistant","content":"..."}]
+    )
+
+
+@router.post("/ai")
+async def process_ai_message(request: Message) -> FunctionCallResponse:
+    try:
+        response = gemini_client.models.generate_content(
+            model="gemini-2.5-flash",
+            contents=f"""
+            You are Kimu, an AI assistant inside a video editor. You can decide to either:
+            - call ONE tool from the provided schema when the user explicitly asks for an editing action, or
+            - return a short friendly assistant_message when no concrete action is needed (e.g., greetings, small talk, clarifying questions).
+
+            Strictly follow:
+            - If the user's message does not clearly request an editing action, set function_call to null and include an assistant_message.
+            - Only produce a function_call when it is safe and unambiguous to execute.
+
+            Inference rules:
+            - Assume a single active timeline; do NOT require a timeline_id.
+            - Tracks are named like "track-1", but when the user says "track 1" they mean number 1.
+            - Use pixels_per_second=100 by default if not provided.
+            - When the user names media like "twitter" or "twitter header", map that to the closest media in the media bin by name substring match.
+            - Prefer LLMAddScrubberByName when the user specifies a name, track number, and time in seconds.
+            - If the user asks to remove scrubbers in a specific track, call LLMDeleteScrubbersInTrack with that track number.
+
+            Conversation so far (oldest first): {request.chat_history}
+
+            User message: {request.message}
+            Mentioned scrubber ids: {request.mentioned_scrubber_ids}
+            Timeline state: {request.timeline_state}
+            Media bin items: {request.mediabin_items}
+            """,
+            config={
+                "response_mime_type": "application/json",
+                "response_schema": FunctionCallResponse,
+            },
+        )
+
+        return FunctionCallResponse.model_validate(response.parsed)
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e)) from e
@@ -19,12 +19,20 @@ class TextProperties(BaseSchema):
 
 class BaseScrubber(BaseSchema):
     id: str = Field(description="Unique identifier for the scrubber")
-    mediaType: Literal["video", "image", "audio", "text"] = Field(description="Type of media")
-    mediaUrlLocal: str | None = Field(description="Local URL for the media file", default=None)
-    mediaUrlRemote: str | None = Field(description="Remote URL for the media file", default=None)
+    mediaType: Literal["video", "image", "audio", "text"] = Field(
+        description="Type of media"
+    )
+    mediaUrlLocal: str | None = Field(
+        description="Local URL for the media file", default=None
+    )
+    mediaUrlRemote: str | None = Field(
+        description="Remote URL for the media file", default=None
+    )
     media_width: int = Field(description="Width of the media in pixels")
     media_height: int = Field(description="Height of the media in pixels")
-    text: TextProperties | None = Field(description="Text properties if mediaType is text", default=None)
+    text: TextProperties | None = Field(
+        description="Text properties if mediaType is text", default=None
+    )
 
 
 class MediaBinItem(BaseScrubber):
@@ -36,18 +44,22 @@ class ScrubberState(MediaBinItem):
     left: int = Field(description="Left position in pixels on the timeline")
     y: int = Field(description="Track position (0-based index)")
     width: int = Field(description="Width of the scrubber in pixels")
-    
+
     # Player properties
     left_player: int = Field(description="Left position in the player view")
     top_player: int = Field(description="Top position in the player view")
     width_player: int = Field(description="Width in the player view")
     height_player: int = Field(description="Height in the player view")
-    is_dragging: bool = Field(description="Whether the scrubber is currently being dragged")
+    is_dragging: bool = Field(
+        description="Whether the scrubber is currently being dragged"
+    )
 
 
 class TrackState(BaseSchema):
     id: str = Field(description="Unique identifier for the track")
-    scrubbers: list[ScrubberState] = Field(description="List of scrubbers on this track")
+    scrubbers: list[ScrubberState] = Field(
+        description="List of scrubbers on this track"
+    )
 
 
 class TimelineState(BaseSchema):
@@ -81,19 +93,33 @@ class LLMAddScrubberByNameArgs(BaseSchema):
     function_name: Literal["LLMAddScrubberByName"] = Field(
         description="The name of the function to call"
     )
-    scrubber_name: str = Field(description="The partial or full name of the media to add")
+    scrubber_name: str = Field(
+        description="The partial or full name of the media to add"
+    )
     track_number: int = Field(description="1-based track number to add to")
-    position_seconds: float = Field(description="Timeline time in seconds to place the media at")
-    pixels_per_second: int = Field(description="Pixels per second to convert time to pixels")
+    position_seconds: float = Field(
+        description="Timeline time in seconds to place the media at"
+    )
+    pixels_per_second: int = Field(
+        description="Pixels per second to convert time to pixels"
+    )
 
 
 class LLMDeleteScrubbersInTrackArgs(BaseSchema):
     function_name: Literal["LLMDeleteScrubbersInTrack"] = Field(
         description="The name of the function to call"
     )
-    track_number: int = Field(description="1-based track number whose scrubbers will be removed")
+    track_number: int = Field(
+        description="1-based track number whose scrubbers will be removed"
+    )
 
 
 class FunctionCallResponse(BaseSchema):
-    function_call: LLMAddScrubberToTimelineArgs | LLMMoveScrubberArgs | LLMAddScrubberByNameArgs | LLMDeleteScrubbersInTrackArgs | None = None
+    function_call: (
+        LLMAddScrubberToTimelineArgs
+        | LLMMoveScrubberArgs
+        | LLMAddScrubberByNameArgs
+        | LLMDeleteScrubbersInTrackArgs
+        | None
+    ) = None
     assistant_message: str | None = None
@@ -0,0 +1,148 @@
+import os
+
+import asyncpg  # type: ignore[import-untyped]
+from fastapi import APIRouter, Cookie, Depends, HTTPException, Request, status
+from fastapi.responses import JSONResponse
+
+from auth.schema import AuthResponse, KimuJWT, KimuPayload, SignUpGoogleRequest
+from auth.service import (
+    COOKIE_MAX_AGE,
+    COOKIE_NAME,
+    generate_kimu_jwt,
+    verify_google_id_token,
+    verify_kimu_jwt,
+)
+
+router = APIRouter(prefix="/auth", tags=["auth"])
+
+GOOGLE_CLIENT_ID: str = os.getenv("GOOGLE_CLIENT_ID", "")
+JWT_SECRET: str = os.getenv("JWT_SECRET", "")
+DATABASE_URL: str = os.getenv("DATABASE_URL", "")
+
+_pool: asyncpg.Pool | None = None
+
+
+async def get_db_pool() -> asyncpg.Pool:
+    """
+    Return the shared asyncpg connection pool, creating it on first call.
+    """
+    global _pool
+    if _pool is None:
+        _pool = await asyncpg.create_pool(DATABASE_URL)
+    return _pool
+
+
+async def get_current_user(
+    request: Request,
+    kimu_session: str | None = Cookie(default=None, alias=COOKIE_NAME),
+) -> KimuJWT:
+    """
+    FastAPI dependeny. Reads the session JWT from the HttpOnly cookie.
+    Falls back to the Authorization header if the cookie is absent. Throws an error if the token is invalid.
+    """
+    token = kimu_session
+
+    if token is None:
+        auth_header = request.headers.get("Authorization")
+        if auth_header and auth_header.startswith("Bearer "):
+            token = auth_header.removeprefix("Bearer ")
+
+    if token is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Not authenticated",
+        )
+
+    try:
+        return verify_kimu_jwt(token, JWT_SECRET)
+    except Exception as exc:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail=str(exc),
+        ) from exc
+
+
+@router.post("/google")
+async def google_sign_in(body: SignUpGoogleRequest) -> JSONResponse:
+    """
+    Verify the Google ID token, upsert the user, return user info and
+    set an HttpOnly session cookie with the Kimu JWT.
+    """
+    # 1. Verify the Google credential
+    try:
+        google_user = verify_google_id_token(body.credential, GOOGLE_CLIENT_ID)
+    except ValueError as exc:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail=f"Google token verification failed: {exc}",
+        ) from exc
+
+    # 2. Upsert user in Postgres
+    pool = await get_db_pool()
+    async with pool.acquire() as conn:
+        row = await conn.fetchrow(
+            "SELECT id, email, name FROM users WHERE email = $1",
+            google_user.email,
+        )
+
+        is_new_user = row is None
+
+        if is_new_user:
+            row = await conn.fetchrow(
+                """
+                INSERT INTO users (email, name)
+                VALUES ($1, $2)
+                RETURNING id, email, name
+                """,
+                google_user.email,
+                google_user.name,
+            )
+
+        if row is None:
+            raise HTTPException(
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                detail="Failed to create or fetch user",
+            )
+
+        user_id = str(row["id"])
+
+    # 3. Generate Kimu JWT
+    payload = KimuPayload(
+        user_id=user_id,
+        email=google_user.email,
+        name=google_user.name,
+        avatar_url=google_user.picture,
+    )
+    token = generate_kimu_jwt(payload, JWT_SECRET)
+
+    # 4. Build response with HttpOnly cookie
+    body_data = AuthResponse(
+        user_id=user_id,
+        email=google_user.email,
+        name=google_user.name,
+        avatar_url=google_user.picture,
+    )
+    response = JSONResponse(content=body_data.model_dump())
+    response.set_cookie(
+        key=COOKIE_NAME,
+        value=token,
+        max_age=COOKIE_MAX_AGE,
+        httponly=True,
+        secure=True,
+        samesite="lax",
+        path="/",
+    )
+    return response
+
+
+@router.get("/me", response_model=KimuPayload)
+async def get_me(user: KimuJWT = Depends(get_current_user)) -> KimuPayload:
+    """
+    Return the current user's profile from the JWT.
+    """
+    return KimuPayload(
+        user_id=user.user_id,
+        email=user.email,
+        name=user.name,
+        avatar_url=user.avatar_url,
+    )