PyPI - PraisonAI - Versions diffs - 3.0.0__py3-none-any.whl - Mend

PraisonAI 3.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (393) hide show

praisonai/__init__.py +54 -0
praisonai/__main__.py +15 -0
praisonai/acp/__init__.py +54 -0
praisonai/acp/config.py +159 -0
praisonai/acp/server.py +587 -0
praisonai/acp/session.py +219 -0
praisonai/adapters/__init__.py +50 -0
praisonai/adapters/readers.py +395 -0
praisonai/adapters/rerankers.py +315 -0
praisonai/adapters/retrievers.py +394 -0
praisonai/adapters/vector_stores.py +409 -0
praisonai/agent_scheduler.py +337 -0
praisonai/agents_generator.py +903 -0
praisonai/api/call.py +292 -0
praisonai/auto.py +1197 -0
praisonai/capabilities/__init__.py +275 -0
praisonai/capabilities/a2a.py +140 -0
praisonai/capabilities/assistants.py +283 -0
praisonai/capabilities/audio.py +320 -0
praisonai/capabilities/batches.py +469 -0
praisonai/capabilities/completions.py +336 -0
praisonai/capabilities/container_files.py +155 -0
praisonai/capabilities/containers.py +93 -0
praisonai/capabilities/embeddings.py +158 -0
praisonai/capabilities/files.py +467 -0
praisonai/capabilities/fine_tuning.py +293 -0
praisonai/capabilities/guardrails.py +182 -0
praisonai/capabilities/images.py +330 -0
praisonai/capabilities/mcp.py +190 -0
praisonai/capabilities/messages.py +270 -0
praisonai/capabilities/moderations.py +154 -0
praisonai/capabilities/ocr.py +217 -0
praisonai/capabilities/passthrough.py +204 -0
praisonai/capabilities/rag.py +207 -0
praisonai/capabilities/realtime.py +160 -0
praisonai/capabilities/rerank.py +165 -0
praisonai/capabilities/responses.py +266 -0
praisonai/capabilities/search.py +109 -0
praisonai/capabilities/skills.py +133 -0
praisonai/capabilities/vector_store_files.py +334 -0
praisonai/capabilities/vector_stores.py +304 -0
praisonai/capabilities/videos.py +141 -0
praisonai/chainlit_ui.py +304 -0
praisonai/chat/__init__.py +106 -0
praisonai/chat/app.py +125 -0
praisonai/cli/__init__.py +26 -0
praisonai/cli/app.py +213 -0
praisonai/cli/commands/__init__.py +75 -0
praisonai/cli/commands/acp.py +70 -0
praisonai/cli/commands/completion.py +333 -0
praisonai/cli/commands/config.py +166 -0
praisonai/cli/commands/debug.py +142 -0
praisonai/cli/commands/diag.py +55 -0
praisonai/cli/commands/doctor.py +166 -0
praisonai/cli/commands/environment.py +179 -0
praisonai/cli/commands/lsp.py +112 -0
praisonai/cli/commands/mcp.py +210 -0
praisonai/cli/commands/profile.py +457 -0
praisonai/cli/commands/run.py +228 -0
praisonai/cli/commands/schedule.py +150 -0
praisonai/cli/commands/serve.py +97 -0
praisonai/cli/commands/session.py +212 -0
praisonai/cli/commands/traces.py +145 -0
praisonai/cli/commands/version.py +101 -0
praisonai/cli/configuration/__init__.py +18 -0
praisonai/cli/configuration/loader.py +353 -0
praisonai/cli/configuration/paths.py +114 -0
praisonai/cli/configuration/schema.py +164 -0
praisonai/cli/features/__init__.py +268 -0
praisonai/cli/features/acp.py +236 -0
praisonai/cli/features/action_orchestrator.py +546 -0
praisonai/cli/features/agent_scheduler.py +773 -0
praisonai/cli/features/agent_tools.py +474 -0
praisonai/cli/features/agents.py +375 -0
praisonai/cli/features/at_mentions.py +471 -0
praisonai/cli/features/auto_memory.py +182 -0
praisonai/cli/features/autonomy_mode.py +490 -0
praisonai/cli/features/background.py +356 -0
praisonai/cli/features/base.py +168 -0
praisonai/cli/features/capabilities.py +1326 -0
praisonai/cli/features/checkpoints.py +338 -0
praisonai/cli/features/code_intelligence.py +652 -0
praisonai/cli/features/compaction.py +294 -0
praisonai/cli/features/compare.py +534 -0
praisonai/cli/features/cost_tracker.py +514 -0
praisonai/cli/features/debug.py +810 -0
praisonai/cli/features/deploy.py +517 -0
praisonai/cli/features/diag.py +289 -0
praisonai/cli/features/doctor/__init__.py +63 -0
praisonai/cli/features/doctor/checks/__init__.py +24 -0
praisonai/cli/features/doctor/checks/acp_checks.py +240 -0
praisonai/cli/features/doctor/checks/config_checks.py +366 -0
praisonai/cli/features/doctor/checks/db_checks.py +366 -0
praisonai/cli/features/doctor/checks/env_checks.py +543 -0
praisonai/cli/features/doctor/checks/lsp_checks.py +199 -0
praisonai/cli/features/doctor/checks/mcp_checks.py +349 -0
praisonai/cli/features/doctor/checks/memory_checks.py +268 -0
praisonai/cli/features/doctor/checks/network_checks.py +251 -0
praisonai/cli/features/doctor/checks/obs_checks.py +328 -0
praisonai/cli/features/doctor/checks/performance_checks.py +235 -0
praisonai/cli/features/doctor/checks/permissions_checks.py +259 -0
praisonai/cli/features/doctor/checks/selftest_checks.py +322 -0
praisonai/cli/features/doctor/checks/serve_checks.py +426 -0
praisonai/cli/features/doctor/checks/skills_checks.py +231 -0
praisonai/cli/features/doctor/checks/tools_checks.py +371 -0
praisonai/cli/features/doctor/engine.py +266 -0
praisonai/cli/features/doctor/formatters.py +310 -0
praisonai/cli/features/doctor/handler.py +397 -0
praisonai/cli/features/doctor/models.py +264 -0
praisonai/cli/features/doctor/registry.py +239 -0
praisonai/cli/features/endpoints.py +1019 -0
praisonai/cli/features/eval.py +560 -0
praisonai/cli/features/external_agents.py +231 -0
praisonai/cli/features/fast_context.py +410 -0
praisonai/cli/features/flow_display.py +566 -0
praisonai/cli/features/git_integration.py +651 -0
praisonai/cli/features/guardrail.py +171 -0
praisonai/cli/features/handoff.py +185 -0
praisonai/cli/features/hooks.py +583 -0
praisonai/cli/features/image.py +384 -0
praisonai/cli/features/interactive_runtime.py +585 -0
praisonai/cli/features/interactive_tools.py +380 -0
praisonai/cli/features/interactive_tui.py +603 -0
praisonai/cli/features/jobs.py +632 -0
praisonai/cli/features/knowledge.py +531 -0
praisonai/cli/features/lite.py +244 -0
praisonai/cli/features/lsp_cli.py +225 -0
praisonai/cli/features/mcp.py +169 -0
praisonai/cli/features/message_queue.py +587 -0
praisonai/cli/features/metrics.py +211 -0
praisonai/cli/features/n8n.py +673 -0
praisonai/cli/features/observability.py +293 -0
praisonai/cli/features/ollama.py +361 -0
praisonai/cli/features/output_style.py +273 -0
praisonai/cli/features/package.py +631 -0
praisonai/cli/features/performance.py +308 -0
praisonai/cli/features/persistence.py +636 -0
praisonai/cli/features/profile.py +226 -0
praisonai/cli/features/profiler/__init__.py +81 -0
praisonai/cli/features/profiler/core.py +558 -0
praisonai/cli/features/profiler/optimizations.py +652 -0
praisonai/cli/features/profiler/suite.py +386 -0
praisonai/cli/features/profiling.py +350 -0
praisonai/cli/features/queue/__init__.py +73 -0
praisonai/cli/features/queue/manager.py +395 -0
praisonai/cli/features/queue/models.py +286 -0
praisonai/cli/features/queue/persistence.py +564 -0
praisonai/cli/features/queue/scheduler.py +484 -0
praisonai/cli/features/queue/worker.py +372 -0
praisonai/cli/features/recipe.py +1723 -0
praisonai/cli/features/recipes.py +449 -0
praisonai/cli/features/registry.py +229 -0
praisonai/cli/features/repo_map.py +860 -0
praisonai/cli/features/router.py +466 -0
praisonai/cli/features/sandbox_executor.py +515 -0
praisonai/cli/features/serve.py +829 -0
praisonai/cli/features/session.py +222 -0
praisonai/cli/features/skills.py +856 -0
praisonai/cli/features/slash_commands.py +650 -0
praisonai/cli/features/telemetry.py +179 -0
praisonai/cli/features/templates.py +1384 -0
praisonai/cli/features/thinking.py +305 -0
praisonai/cli/features/todo.py +334 -0
praisonai/cli/features/tools.py +680 -0
praisonai/cli/features/tui/__init__.py +83 -0
praisonai/cli/features/tui/app.py +580 -0
praisonai/cli/features/tui/cli.py +566 -0
praisonai/cli/features/tui/debug.py +511 -0
praisonai/cli/features/tui/events.py +99 -0
praisonai/cli/features/tui/mock_provider.py +328 -0
praisonai/cli/features/tui/orchestrator.py +652 -0
praisonai/cli/features/tui/screens/__init__.py +50 -0
praisonai/cli/features/tui/screens/main.py +245 -0
praisonai/cli/features/tui/screens/queue.py +174 -0
praisonai/cli/features/tui/screens/session.py +124 -0
praisonai/cli/features/tui/screens/settings.py +148 -0
praisonai/cli/features/tui/widgets/__init__.py +56 -0
praisonai/cli/features/tui/widgets/chat.py +261 -0
praisonai/cli/features/tui/widgets/composer.py +224 -0
praisonai/cli/features/tui/widgets/queue_panel.py +200 -0
praisonai/cli/features/tui/widgets/status.py +167 -0
praisonai/cli/features/tui/widgets/tool_panel.py +248 -0
praisonai/cli/features/workflow.py +720 -0
praisonai/cli/legacy.py +236 -0
praisonai/cli/main.py +5559 -0
praisonai/cli/schedule_cli.py +54 -0
praisonai/cli/state/__init__.py +31 -0
praisonai/cli/state/identifiers.py +161 -0
praisonai/cli/state/sessions.py +313 -0
praisonai/code/__init__.py +93 -0
praisonai/code/agent_tools.py +344 -0
praisonai/code/diff/__init__.py +21 -0
praisonai/code/diff/diff_strategy.py +432 -0
praisonai/code/tools/__init__.py +27 -0
praisonai/code/tools/apply_diff.py +221 -0
praisonai/code/tools/execute_command.py +275 -0
praisonai/code/tools/list_files.py +274 -0
praisonai/code/tools/read_file.py +206 -0
praisonai/code/tools/search_replace.py +248 -0
praisonai/code/tools/write_file.py +217 -0
praisonai/code/utils/__init__.py +46 -0
praisonai/code/utils/file_utils.py +307 -0
praisonai/code/utils/ignore_utils.py +308 -0
praisonai/code/utils/text_utils.py +276 -0
praisonai/db/__init__.py +64 -0
praisonai/db/adapter.py +531 -0
praisonai/deploy/__init__.py +62 -0
praisonai/deploy/api.py +231 -0
praisonai/deploy/docker.py +454 -0
praisonai/deploy/doctor.py +367 -0
praisonai/deploy/main.py +327 -0
praisonai/deploy/models.py +179 -0
praisonai/deploy/providers/__init__.py +33 -0
praisonai/deploy/providers/aws.py +331 -0
praisonai/deploy/providers/azure.py +358 -0
praisonai/deploy/providers/base.py +101 -0
praisonai/deploy/providers/gcp.py +314 -0
praisonai/deploy/schema.py +208 -0
praisonai/deploy.py +185 -0
praisonai/endpoints/__init__.py +53 -0
praisonai/endpoints/a2u_server.py +410 -0
praisonai/endpoints/discovery.py +165 -0
praisonai/endpoints/providers/__init__.py +28 -0
praisonai/endpoints/providers/a2a.py +253 -0
praisonai/endpoints/providers/a2u.py +208 -0
praisonai/endpoints/providers/agents_api.py +171 -0
praisonai/endpoints/providers/base.py +231 -0
praisonai/endpoints/providers/mcp.py +263 -0
praisonai/endpoints/providers/recipe.py +206 -0
praisonai/endpoints/providers/tools_mcp.py +150 -0
praisonai/endpoints/registry.py +131 -0
praisonai/endpoints/server.py +161 -0
praisonai/inbuilt_tools/__init__.py +24 -0
praisonai/inbuilt_tools/autogen_tools.py +117 -0
praisonai/inc/__init__.py +2 -0
praisonai/inc/config.py +96 -0
praisonai/inc/models.py +155 -0
praisonai/integrations/__init__.py +56 -0
praisonai/integrations/base.py +303 -0
praisonai/integrations/claude_code.py +270 -0
praisonai/integrations/codex_cli.py +255 -0
praisonai/integrations/cursor_cli.py +195 -0
praisonai/integrations/gemini_cli.py +222 -0
praisonai/jobs/__init__.py +67 -0
praisonai/jobs/executor.py +425 -0
praisonai/jobs/models.py +230 -0
praisonai/jobs/router.py +314 -0
praisonai/jobs/server.py +186 -0
praisonai/jobs/store.py +203 -0
praisonai/llm/__init__.py +66 -0
praisonai/llm/registry.py +382 -0
praisonai/mcp_server/__init__.py +152 -0
praisonai/mcp_server/adapters/__init__.py +74 -0
praisonai/mcp_server/adapters/agents.py +128 -0
praisonai/mcp_server/adapters/capabilities.py +168 -0
praisonai/mcp_server/adapters/cli_tools.py +568 -0
praisonai/mcp_server/adapters/extended_capabilities.py +462 -0
praisonai/mcp_server/adapters/knowledge.py +93 -0
praisonai/mcp_server/adapters/memory.py +104 -0
praisonai/mcp_server/adapters/prompts.py +306 -0
praisonai/mcp_server/adapters/resources.py +124 -0
praisonai/mcp_server/adapters/tools_bridge.py +280 -0
praisonai/mcp_server/auth/__init__.py +48 -0
praisonai/mcp_server/auth/api_key.py +291 -0
praisonai/mcp_server/auth/oauth.py +460 -0
praisonai/mcp_server/auth/oidc.py +289 -0
praisonai/mcp_server/auth/scopes.py +260 -0
praisonai/mcp_server/cli.py +852 -0
praisonai/mcp_server/elicitation.py +445 -0
praisonai/mcp_server/icons.py +302 -0
praisonai/mcp_server/recipe_adapter.py +573 -0
praisonai/mcp_server/recipe_cli.py +824 -0
praisonai/mcp_server/registry.py +703 -0
praisonai/mcp_server/sampling.py +422 -0
praisonai/mcp_server/server.py +490 -0
praisonai/mcp_server/tasks.py +443 -0
praisonai/mcp_server/transports/__init__.py +18 -0
praisonai/mcp_server/transports/http_stream.py +376 -0
praisonai/mcp_server/transports/stdio.py +132 -0
praisonai/persistence/__init__.py +84 -0
praisonai/persistence/config.py +238 -0
praisonai/persistence/conversation/__init__.py +25 -0
praisonai/persistence/conversation/async_mysql.py +427 -0
praisonai/persistence/conversation/async_postgres.py +410 -0
praisonai/persistence/conversation/async_sqlite.py +371 -0
praisonai/persistence/conversation/base.py +151 -0
praisonai/persistence/conversation/json_store.py +250 -0
praisonai/persistence/conversation/mysql.py +387 -0
praisonai/persistence/conversation/postgres.py +401 -0
praisonai/persistence/conversation/singlestore.py +240 -0
praisonai/persistence/conversation/sqlite.py +341 -0
praisonai/persistence/conversation/supabase.py +203 -0
praisonai/persistence/conversation/surrealdb.py +287 -0
praisonai/persistence/factory.py +301 -0
praisonai/persistence/hooks/__init__.py +18 -0
praisonai/persistence/hooks/agent_hooks.py +297 -0
praisonai/persistence/knowledge/__init__.py +26 -0
praisonai/persistence/knowledge/base.py +144 -0
praisonai/persistence/knowledge/cassandra.py +232 -0
praisonai/persistence/knowledge/chroma.py +295 -0
praisonai/persistence/knowledge/clickhouse.py +242 -0
praisonai/persistence/knowledge/cosmosdb_vector.py +438 -0
praisonai/persistence/knowledge/couchbase.py +286 -0
praisonai/persistence/knowledge/lancedb.py +216 -0
praisonai/persistence/knowledge/langchain_adapter.py +291 -0
praisonai/persistence/knowledge/lightrag_adapter.py +212 -0
praisonai/persistence/knowledge/llamaindex_adapter.py +256 -0
praisonai/persistence/knowledge/milvus.py +277 -0
praisonai/persistence/knowledge/mongodb_vector.py +306 -0
praisonai/persistence/knowledge/pgvector.py +335 -0
praisonai/persistence/knowledge/pinecone.py +253 -0
praisonai/persistence/knowledge/qdrant.py +301 -0
praisonai/persistence/knowledge/redis_vector.py +291 -0
praisonai/persistence/knowledge/singlestore_vector.py +299 -0
praisonai/persistence/knowledge/surrealdb_vector.py +309 -0
praisonai/persistence/knowledge/upstash_vector.py +266 -0
praisonai/persistence/knowledge/weaviate.py +223 -0
praisonai/persistence/migrations/__init__.py +10 -0
praisonai/persistence/migrations/manager.py +251 -0
praisonai/persistence/orchestrator.py +406 -0
praisonai/persistence/state/__init__.py +21 -0
praisonai/persistence/state/async_mongodb.py +200 -0
praisonai/persistence/state/base.py +107 -0
praisonai/persistence/state/dynamodb.py +226 -0
praisonai/persistence/state/firestore.py +175 -0
praisonai/persistence/state/gcs.py +155 -0
praisonai/persistence/state/memory.py +245 -0
praisonai/persistence/state/mongodb.py +158 -0
praisonai/persistence/state/redis.py +190 -0
praisonai/persistence/state/upstash.py +144 -0
praisonai/persistence/tests/__init__.py +3 -0
praisonai/persistence/tests/test_all_backends.py +633 -0
praisonai/profiler.py +1214 -0
praisonai/recipe/__init__.py +134 -0
praisonai/recipe/bridge.py +278 -0
praisonai/recipe/core.py +893 -0
praisonai/recipe/exceptions.py +54 -0
praisonai/recipe/history.py +402 -0
praisonai/recipe/models.py +266 -0
praisonai/recipe/operations.py +440 -0
praisonai/recipe/policy.py +422 -0
praisonai/recipe/registry.py +849 -0
praisonai/recipe/runtime.py +214 -0
praisonai/recipe/security.py +711 -0
praisonai/recipe/serve.py +859 -0
praisonai/recipe/server.py +613 -0
praisonai/scheduler/__init__.py +45 -0
praisonai/scheduler/agent_scheduler.py +552 -0
praisonai/scheduler/base.py +124 -0
praisonai/scheduler/daemon_manager.py +225 -0
praisonai/scheduler/state_manager.py +155 -0
praisonai/scheduler/yaml_loader.py +193 -0
praisonai/scheduler.py +194 -0
praisonai/setup/__init__.py +1 -0
praisonai/setup/build.py +21 -0
praisonai/setup/post_install.py +23 -0
praisonai/setup/setup_conda_env.py +25 -0
praisonai/setup.py +16 -0
praisonai/templates/__init__.py +116 -0
praisonai/templates/cache.py +364 -0
praisonai/templates/dependency_checker.py +358 -0
praisonai/templates/discovery.py +391 -0
praisonai/templates/loader.py +564 -0
praisonai/templates/registry.py +511 -0
praisonai/templates/resolver.py +206 -0
praisonai/templates/security.py +327 -0
praisonai/templates/tool_override.py +498 -0
praisonai/templates/tools_doctor.py +256 -0
praisonai/test.py +105 -0
praisonai/train.py +562 -0
praisonai/train_vision.py +306 -0
praisonai/ui/agents.py +824 -0
praisonai/ui/callbacks.py +57 -0
praisonai/ui/chainlit_compat.py +246 -0
praisonai/ui/chat.py +532 -0
praisonai/ui/code.py +717 -0
praisonai/ui/colab.py +474 -0
praisonai/ui/colab_chainlit.py +81 -0
praisonai/ui/components/aicoder.py +284 -0
praisonai/ui/context.py +283 -0
praisonai/ui/database_config.py +56 -0
praisonai/ui/db.py +294 -0
praisonai/ui/realtime.py +488 -0
praisonai/ui/realtimeclient/__init__.py +756 -0
praisonai/ui/realtimeclient/tools.py +242 -0
praisonai/ui/sql_alchemy.py +710 -0
praisonai/upload_vision.py +140 -0
praisonai/version.py +1 -0
praisonai-3.0.0.dist-info/METADATA +3493 -0
praisonai-3.0.0.dist-info/RECORD +393 -0
praisonai-3.0.0.dist-info/WHEEL +5 -0
praisonai-3.0.0.dist-info/entry_points.txt +4 -0
praisonai-3.0.0.dist-info/top_level.txt +1 -0

praisonai/recipe/security.py ADDED Viewed

@@ -0,0 +1,711 @@
+"""
+Recipe Security Module
+Provides security features for recipes:
+- SBOM (Software Bill of Materials) generation
+- Bundle signing and verification
+- Dependency auditing
+- PII redaction
+- Lockfile validation
+"""
+import hashlib
+import json
+import re
+import subprocess
+import sys
+from datetime import datetime, timezone
+from pathlib import Path
+from typing import Any, Dict, List, Optional, Tuple, Union
+class SecurityError(Exception):
+    """Base exception for security operations."""
+    pass
+class SignatureError(SecurityError):
+    """Signature verification failed."""
+    pass
+class LockfileError(SecurityError):
+    """Lockfile validation failed."""
+    pass
+def _get_timestamp() -> str:
+    """Get current timestamp in ISO format."""
+    return datetime.now(timezone.utc).isoformat()
+# ============================================================================
+# SBOM Generation
+# ============================================================================
+def generate_sbom(
+    recipe_path: Union[str, Path],
+    format: str = "cyclonedx",
+    include_python_deps: bool = True,
+    include_tools: bool = True,
+) -> Dict[str, Any]:
+    """
+    Generate Software Bill of Materials for a recipe.
+    Args:
+        recipe_path: Path to recipe directory or bundle
+        format: Output format (cyclonedx or spdx)
+        include_python_deps: Include Python dependencies
+        include_tools: Include tool dependencies
+    Returns:
+        SBOM as dictionary
+    """
+    recipe_path = Path(recipe_path)
+    # Load recipe manifest
+    template_path = recipe_path / "TEMPLATE.yaml"
+    manifest = {}
+    if template_path.exists():
+        import yaml
+        with open(template_path) as f:
+            manifest = yaml.safe_load(f) or {}
+    # Get recipe info
+    recipe_name = manifest.get("name", recipe_path.name)
+    recipe_version = manifest.get("version", "0.0.0")
+    # Collect components
+    components = []
+    # Add praisonai as component
+    try:
+        import praisonai
+        praisonai_version = getattr(praisonai, "__version__", "unknown")
+    except ImportError:
+        praisonai_version = "unknown"
+    components.append({
+        "type": "library",
+        "name": "praisonai",
+        "version": praisonai_version,
+        "purl": f"pkg:pypi/praisonai@{praisonai_version}",
+    })
+    # Add Python dependencies from lockfile
+    if include_python_deps:
+        deps = _get_python_deps(recipe_path)
+        for dep in deps:
+            components.append({
+                "type": "library",
+                "name": dep["name"],
+                "version": dep["version"],
+                "purl": f"pkg:pypi/{dep['name']}@{dep['version']}",
+            })
+    # Add tool dependencies
+    if include_tools:
+        requires = manifest.get("requires", {})
+        tools = requires.get("tools", [])
+        for tool in tools:
+            if isinstance(tool, str):
+                components.append({
+                    "type": "application",
+                    "name": tool,
+                    "version": "unknown",
+                })
+            elif isinstance(tool, dict):
+                components.append({
+                    "type": "application",
+                    "name": tool.get("name", "unknown"),
+                    "version": tool.get("version", "unknown"),
+                })
+        # External dependencies
+        external = requires.get("external", [])
+        for ext in external:
+            if isinstance(ext, str):
+                components.append({
+                    "type": "application",
+                    "name": ext,
+                    "version": "unknown",
+                })
+    if format == "cyclonedx":
+        return _generate_cyclonedx(recipe_name, recipe_version, components)
+    elif format == "spdx":
+        return _generate_spdx(recipe_name, recipe_version, components)
+    else:
+        raise SecurityError(f"Unknown SBOM format: {format}")
+def _generate_cyclonedx(
+    name: str,
+    version: str,
+    components: List[Dict[str, Any]],
+) -> Dict[str, Any]:
+    """Generate CycloneDX SBOM."""
+    return {
+        "bomFormat": "CycloneDX",
+        "specVersion": "1.4",
+        "serialNumber": f"urn:uuid:{hashlib.md5(f'{name}{version}{_get_timestamp()}'.encode()).hexdigest()}",
+        "version": 1,
+        "metadata": {
+            "timestamp": _get_timestamp(),
+            "tools": [{"name": "praisonai-sbom", "version": "1.0.0"}],
+            "component": {
+                "type": "application",
+                "name": name,
+                "version": version,
+            },
+        },
+        "components": [
+            {
+                "type": comp["type"],
+                "name": comp["name"],
+                "version": comp["version"],
+                "purl": comp.get("purl"),
+            }
+            for comp in components
+        ],
+    }
+def _generate_spdx(
+    name: str,
+    version: str,
+    components: List[Dict[str, Any]],
+) -> Dict[str, Any]:
+    """Generate SPDX SBOM."""
+    return {
+        "spdxVersion": "SPDX-2.3",
+        "dataLicense": "CC0-1.0",
+        "SPDXID": "SPDXRef-DOCUMENT",
+        "name": f"{name}-{version}",
+        "documentNamespace": f"https://praison.ai/sbom/{name}/{version}",
+        "creationInfo": {
+            "created": _get_timestamp(),
+            "creators": ["Tool: praisonai-sbom-1.0.0"],
+        },
+        "packages": [
+            {
+                "SPDXID": f"SPDXRef-Package-{i}",
+                "name": comp["name"],
+                "versionInfo": comp["version"],
+                "downloadLocation": "NOASSERTION",
+            }
+            for i, comp in enumerate(components)
+        ],
+    }
+def _get_python_deps(recipe_path: Path) -> List[Dict[str, str]]:
+    """Get Python dependencies from lockfile."""
+    deps = []
+    lock_dir = recipe_path / "lock"
+    # Try uv.lock
+    uv_lock = lock_dir / "uv.lock"
+    if uv_lock.exists():
+        deps.extend(_parse_uv_lock(uv_lock))
+        return deps
+    # Try requirements.lock
+    req_lock = lock_dir / "requirements.lock"
+    if req_lock.exists():
+        deps.extend(_parse_requirements_lock(req_lock))
+        return deps
+    # Try poetry.lock
+    poetry_lock = lock_dir / "poetry.lock"
+    if poetry_lock.exists():
+        deps.extend(_parse_poetry_lock(poetry_lock))
+        return deps
+    # Fallback: try requirements.txt in recipe root
+    req_txt = recipe_path / "requirements.txt"
+    if req_txt.exists():
+        deps.extend(_parse_requirements_lock(req_txt))
+    return deps
+def _parse_uv_lock(path: Path) -> List[Dict[str, str]]:
+    """Parse uv.lock file."""
+    deps = []
+    try:
+        import tomllib
+    except ImportError:
+        import tomli as tomllib
+    try:
+        with open(path, "rb") as f:
+            data = tomllib.load(f)
+        for pkg in data.get("package", []):
+            deps.append({
+                "name": pkg.get("name", ""),
+                "version": pkg.get("version", ""),
+            })
+    except Exception:
+        pass
+    return deps
+def _parse_requirements_lock(path: Path) -> List[Dict[str, str]]:
+    """Parse requirements.lock or requirements.txt."""
+    deps = []
+    with open(path) as f:
+        for line in f:
+            line = line.strip()
+            if not line or line.startswith("#") or line.startswith("-"):
+                continue
+            # Parse package==version
+            match = re.match(r"^([a-zA-Z0-9_-]+)==([^\s;]+)", line)
+            if match:
+                deps.append({
+                    "name": match.group(1),
+                    "version": match.group(2),
+                })
+    return deps
+def _parse_poetry_lock(path: Path) -> List[Dict[str, str]]:
+    """Parse poetry.lock file."""
+    deps = []
+    try:
+        import tomllib
+    except ImportError:
+        import tomli as tomllib
+    try:
+        with open(path, "rb") as f:
+            data = tomllib.load(f)
+        for pkg in data.get("package", []):
+            deps.append({
+                "name": pkg.get("name", ""),
+                "version": pkg.get("version", ""),
+            })
+    except Exception:
+        pass
+    return deps
+# ============================================================================
+# Bundle Signing
+# ============================================================================
+def sign_bundle(
+    bundle_path: Union[str, Path],
+    private_key_path: Union[str, Path],
+    output_path: Optional[Union[str, Path]] = None,
+) -> Path:
+    """
+    Sign a recipe bundle.
+    Args:
+        bundle_path: Path to .praison bundle
+        private_key_path: Path to private key (PEM format)
+        output_path: Output path for signature (default: bundle.sig)
+    Returns:
+        Path to signature file
+    """
+    bundle_path = Path(bundle_path)
+    private_key_path = Path(private_key_path)
+    if not bundle_path.exists():
+        raise SecurityError(f"Bundle not found: {bundle_path}")
+    if not private_key_path.exists():
+        raise SecurityError(f"Private key not found: {private_key_path}")
+    # Calculate bundle hash
+    bundle_hash = _calculate_file_hash(bundle_path)
+    # Sign using cryptography library (lazy import)
+    try:
+        from cryptography.hazmat.primitives import hashes, serialization
+        from cryptography.hazmat.primitives.asymmetric import padding
+    except ImportError:
+        raise SecurityError("cryptography package required for signing. Install with: pip install cryptography")
+    # Load private key
+    with open(private_key_path, "rb") as f:
+        private_key = serialization.load_pem_private_key(f.read(), password=None)
+    # Sign the hash
+    signature = private_key.sign(
+        bundle_hash.encode(),
+        padding.PKCS1v15(),
+        hashes.SHA256(),
+    )
+    # Write signature
+    output_path = Path(output_path) if output_path else bundle_path.with_suffix(".praison.sig")
+    sig_data = {
+        "bundle": bundle_path.name,
+        "hash": bundle_hash,
+        "algorithm": "RSA-PKCS1v15-SHA256",
+        "signature": signature.hex(),
+        "signed_at": _get_timestamp(),
+    }
+    with open(output_path, "w") as f:
+        json.dump(sig_data, f, indent=2)
+    return output_path
+def verify_bundle(
+    bundle_path: Union[str, Path],
+    public_key_path: Union[str, Path],
+    signature_path: Optional[Union[str, Path]] = None,
+) -> Tuple[bool, str]:
+    """
+    Verify a signed recipe bundle.
+    Args:
+        bundle_path: Path to .praison bundle
+        public_key_path: Path to public key (PEM format)
+        signature_path: Path to signature file (default: bundle.sig)
+    Returns:
+        Tuple of (valid: bool, message: str)
+    """
+    bundle_path = Path(bundle_path)
+    public_key_path = Path(public_key_path)
+    signature_path = Path(signature_path) if signature_path else bundle_path.with_suffix(".praison.sig")
+    if not bundle_path.exists():
+        return False, f"Bundle not found: {bundle_path}"
+    if not public_key_path.exists():
+        return False, f"Public key not found: {public_key_path}"
+    if not signature_path.exists():
+        return False, f"Signature not found: {signature_path}"
+    # Load signature
+    with open(signature_path) as f:
+        sig_data = json.load(f)
+    # Calculate current bundle hash
+    current_hash = _calculate_file_hash(bundle_path)
+    # Check hash matches
+    if current_hash != sig_data["hash"]:
+        return False, "Bundle hash mismatch - file may have been modified"
+    # Verify signature
+    try:
+        from cryptography.hazmat.primitives import hashes, serialization
+        from cryptography.hazmat.primitives.asymmetric import padding
+    except ImportError:
+        return False, "cryptography package required for verification"
+    # Load public key
+    with open(public_key_path, "rb") as f:
+        public_key = serialization.load_pem_public_key(f.read())
+    # Verify
+    try:
+        signature = bytes.fromhex(sig_data["signature"])
+        public_key.verify(
+            signature,
+            sig_data["hash"].encode(),
+            padding.PKCS1v15(),
+            hashes.SHA256(),
+        )
+        return True, "Signature valid"
+    except Exception as e:
+        return False, f"Signature verification failed: {e}"
+def _calculate_file_hash(path: Path) -> str:
+    """Calculate SHA256 hash of a file."""
+    sha256 = hashlib.sha256()
+    with open(path, "rb") as f:
+        for chunk in iter(lambda: f.read(8192), b""):
+            sha256.update(chunk)
+    return sha256.hexdigest()
+# ============================================================================
+# Dependency Auditing
+# ============================================================================
+def audit_dependencies(
+    recipe_path: Union[str, Path],
+    check_vulnerabilities: bool = True,
+) -> Dict[str, Any]:
+    """
+    Audit recipe dependencies for security issues.
+    Args:
+        recipe_path: Path to recipe directory
+        check_vulnerabilities: Check for known vulnerabilities
+    Returns:
+        Audit report dictionary
+    """
+    recipe_path = Path(recipe_path)
+    report = {
+        "recipe": recipe_path.name,
+        "audited_at": _get_timestamp(),
+        "lockfile": None,
+        "dependencies": [],
+        "vulnerabilities": [],
+        "warnings": [],
+        "passed": True,
+    }
+    # Check for lockfile
+    lockfile = _find_lockfile(recipe_path)
+    if lockfile:
+        report["lockfile"] = str(lockfile)
+    else:
+        report["warnings"].append("No lockfile found - dependencies may not be reproducible")
+    # Get dependencies
+    deps = _get_python_deps(recipe_path)
+    report["dependencies"] = deps
+    # Check for vulnerabilities using pip-audit if available
+    if check_vulnerabilities and deps:
+        vulns = _check_vulnerabilities(deps)
+        report["vulnerabilities"] = vulns
+        if vulns:
+            report["passed"] = False
+    # Check for outdated dependencies
+    outdated = _check_outdated(deps)
+    if outdated:
+        report["warnings"].extend([
+            f"Outdated: {d['name']} ({d['current']} -> {d['latest']})"
+            for d in outdated
+        ])
+    return report
+def _find_lockfile(recipe_path: Path) -> Optional[Path]:
+    """Find lockfile in recipe directory."""
+    lock_dir = recipe_path / "lock"
+    candidates = [
+        lock_dir / "uv.lock",
+        lock_dir / "requirements.lock",
+        lock_dir / "poetry.lock",
+        recipe_path / "uv.lock",
+        recipe_path / "requirements.lock",
+        recipe_path / "poetry.lock",
+    ]
+    for candidate in candidates:
+        if candidate.exists():
+            return candidate
+    return None
+def _check_vulnerabilities(deps: List[Dict[str, str]]) -> List[Dict[str, Any]]:
+    """Check dependencies for known vulnerabilities."""
+    vulns = []
+    # Try using pip-audit
+    try:
+        result = subprocess.run(
+            [sys.executable, "-m", "pip_audit", "--format", "json"],
+            capture_output=True,
+            text=True,
+            timeout=60,
+        )
+        if result.returncode == 0:
+            audit_data = json.loads(result.stdout)
+            for vuln in audit_data.get("vulnerabilities", []):
+                vulns.append({
+                    "package": vuln.get("name"),
+                    "version": vuln.get("version"),
+                    "vulnerability_id": vuln.get("id"),
+                    "description": vuln.get("description"),
+                    "fix_versions": vuln.get("fix_versions", []),
+                })
+    except (subprocess.TimeoutExpired, FileNotFoundError, json.JSONDecodeError):
+        pass
+    return vulns
+def _check_outdated(deps: List[Dict[str, str]]) -> List[Dict[str, str]]:
+    """Check for outdated dependencies."""
+    # Simplified - would need PyPI API for full implementation
+    return []
+# ============================================================================
+# Lockfile Validation
+# ============================================================================
+def validate_lockfile(
+    recipe_path: Union[str, Path],
+    strict: bool = False,
+) -> Dict[str, Any]:
+    """
+    Validate recipe lockfile.
+    Args:
+        recipe_path: Path to recipe directory
+        strict: Fail if lockfile missing
+    Returns:
+        Validation result dictionary
+    """
+    recipe_path = Path(recipe_path)
+    result = {
+        "valid": True,
+        "lockfile": None,
+        "lockfile_type": None,
+        "errors": [],
+        "warnings": [],
+    }
+    lockfile = _find_lockfile(recipe_path)
+    if not lockfile:
+        if strict:
+            result["valid"] = False
+            result["errors"].append("No lockfile found")
+        else:
+            result["warnings"].append("No lockfile found - dependencies may not be reproducible")
+        return result
+    result["lockfile"] = str(lockfile)
+    # Determine lockfile type
+    if "uv.lock" in lockfile.name:
+        result["lockfile_type"] = "uv"
+    elif "poetry.lock" in lockfile.name:
+        result["lockfile_type"] = "poetry"
+    else:
+        result["lockfile_type"] = "pip"
+    # Validate lockfile format
+    try:
+        if result["lockfile_type"] == "uv":
+            _parse_uv_lock(lockfile)
+        elif result["lockfile_type"] == "poetry":
+            _parse_poetry_lock(lockfile)
+        else:
+            _parse_requirements_lock(lockfile)
+    except Exception as e:
+        result["valid"] = False
+        result["errors"].append(f"Invalid lockfile format: {e}")
+    return result
+# ============================================================================
+# PII Redaction
+# ============================================================================
+# Default PII patterns
+PII_PATTERNS = {
+    "email": r"[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}",
+    "phone": r"\b\d{3}[-.]?\d{3}[-.]?\d{4}\b",
+    "ssn": r"\b\d{3}-\d{2}-\d{4}\b",
+    "credit_card": r"\b\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b",
+    "ip_address": r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b",
+}
+def redact_pii(
+    data: Any,
+    policy: Optional[Dict[str, Any]] = None,
+    fields: Optional[List[str]] = None,
+) -> Any:
+    """
+    Redact PII from data based on policy.
+    Args:
+        data: Data to redact (dict, list, or string)
+        policy: Data policy configuration
+        fields: Specific fields to redact (overrides policy)
+    Returns:
+        Redacted data
+    """
+    policy = policy or {}
+    mode = policy.get("pii", {}).get("mode", "allow")
+    if mode == "allow":
+        return data
+    fields = fields or policy.get("pii", {}).get("fields", list(PII_PATTERNS.keys()))
+    if isinstance(data, dict):
+        return {k: redact_pii(v, policy, fields) for k, v in data.items()}
+    elif isinstance(data, list):
+        return [redact_pii(item, policy, fields) for item in data]
+    elif isinstance(data, str):
+        return _redact_string(data, fields, mode)
+    else:
+        return data
+def _redact_string(text: str, fields: List[str], mode: str) -> str:
+    """Redact PII patterns from a string."""
+    for field in fields:
+        if field in PII_PATTERNS:
+            pattern = PII_PATTERNS[field]
+            if mode == "redact":
+                text = re.sub(pattern, f"[REDACTED:{field}]", text)
+            elif mode == "deny":
+                if re.search(pattern, text):
+                    raise SecurityError(f"PII detected ({field}) and policy is 'deny'")
+    return text
+def detect_pii(
+    data: Any,
+    fields: Optional[List[str]] = None,
+) -> List[Dict[str, Any]]:
+    """
+    Detect PII in data without redacting.
+    Args:
+        data: Data to scan
+        fields: Specific fields to check
+    Returns:
+        List of detected PII instances
+    """
+    fields = fields or list(PII_PATTERNS.keys())
+    detections = []
+    def scan(value, path=""):
+        if isinstance(value, dict):
+            for k, v in value.items():
+                scan(v, f"{path}.{k}" if path else k)
+        elif isinstance(value, list):
+            for i, item in enumerate(value):
+                scan(item, f"{path}[{i}]")
+        elif isinstance(value, str):
+            for field in fields:
+                if field in PII_PATTERNS:
+                    matches = re.findall(PII_PATTERNS[field], value)
+                    for match in matches:
+                        detections.append({
+                            "type": field,
+                            "path": path,
+                            "sample": match[:4] + "..." if len(match) > 4 else match,
+                        })
+    scan(data)
+    return detections