archapi 0.3.0__py3-none-any.whl

archapi/indexing/cache.py

@@ -0,0 +1,141 @@
+from __future__ import annotations
+
+import hashlib
+import json
+from dataclasses import asdict, is_dataclass
+from pathlib import Path
+from typing import Any, Dict, List, Optional
+
+from archapi.types import APIGenome, DetectionResult, ScanResult
+
+
+IGNORED_DIRS = {
+    ".git",
+    ".venv",
+    "node_modules",
+    "dist",
+    "build",
+    "coverage",
+    "__pycache__",
+    "vendor",
+    "target",
+    ".archapi",
+}
+
+
+class CacheManager:
+    def __init__(self, project_path: Path):
+        self.project_path = project_path
+        self.cache_dir = project_path / ".archapi"
+
+    def ensure_cache_dir(self) -> None:
+        self.cache_dir.mkdir(parents=True, exist_ok=True)
+
+    def save_json(self, name: str, data: Dict[str, Any]) -> Path:
+        self.ensure_cache_dir()
+        target = self.cache_dir / name
+        target.write_text(
+            json.dumps(self._json_safe(data), indent=2, sort_keys=True),
+            encoding="utf-8",
+        )
+        return target
+
+    def load_json(self, name: str) -> Optional[Dict[str, Any]]:
+        target = self.cache_dir / name
+        if not target.exists():
+            return None
+
+        return json.loads(target.read_text(encoding="utf-8"))
+
+    def hash_file(self, path: Path) -> str:
+        digest = hashlib.sha256()
+        with path.open("rb") as f:
+            for chunk in iter(lambda: f.read(8192), b""):
+                digest.update(chunk)
+        return digest.hexdigest()
+
+    def collect_file_hashes(self) -> Dict[str, str]:
+        hashes: Dict[str, str] = {}
+
+        for path in self.project_path.rglob("*"):
+            if path.is_dir():
+                continue
+
+            if any(part in IGNORED_DIRS for part in path.parts):
+                continue
+
+            rel = str(path.relative_to(self.project_path))
+            hashes[rel] = self.hash_file(path)
+
+        return hashes
+
+    def changed_files(self) -> List[str]:
+        old_hashes = self.load_json("file_hashes.json") or {}
+        new_hashes = self.collect_file_hashes()
+
+        changed: List[str] = []
+
+        all_files = set(old_hashes.keys()) | set(new_hashes.keys())
+
+        for file in sorted(all_files):
+            if old_hashes.get(file) != new_hashes.get(file):
+                changed.append(file)
+
+        return changed
+
+    def save_snapshot(
+        self,
+        detection: DetectionResult,
+        scan: ScanResult,
+        maps: Dict[str, Any],
+        genome: APIGenome,
+    ) -> Dict[str, Path]:
+        saved = {}
+
+        saved["file_hashes"] = self.save_json(
+            "file_hashes.json",
+            self.collect_file_hashes(),
+        )
+
+        saved["detection"] = self.save_json(
+            "detection.json",
+            self._json_safe(detection),
+        )
+
+        saved["project_index"] = self.save_json(
+            "project_index.json",
+            self._json_safe(scan),
+        )
+
+        saved["maps"] = self.save_json(
+            "maps.json",
+            self._json_safe(maps),
+        )
+
+        saved["genome"] = self.save_json(
+            "genome.json",
+            self._json_safe(genome),
+        )
+
+        return saved
+
+    def _json_safe(self, value: Any) -> Any:
+        if is_dataclass(value):
+            return self._json_safe(asdict(value))
+
+        if isinstance(value, Path):
+            try:
+                return str(value.relative_to(self.project_path))
+            except ValueError:
+                return str(value)
+
+        if isinstance(value, dict):
+            return {
+                str(k): self._json_safe(v)
+                for k, v in value.items()
+            }
+
+        if isinstance(value, list):
+            return [self._json_safe(v) for v in value]
+
+        return value

archapi/planning/intent_planner.py

@@ -0,0 +1,175 @@
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass, field
+from typing import Dict, List
+
+
+@dataclass
+class IntentPlan:
+    method: str
+    path: str
+    entities: List[str]
+    resource: str
+    action: str
+    response_status: int
+    metadata: Dict[str, str] = field(default_factory=dict)
+
+
+class IntentPlanner:
+    EXPLICIT_METHODS = {
+        "get": "GET",
+        "post": "POST",
+        "put": "PUT",
+        "patch": "PATCH",
+        "delete": "DELETE",
+    }
+
+    ENTITY_RULES = [
+        ("order", "Order"),
+        ("orders", "Order"),
+        ("product", "Product"),
+        ("products", "Product"),
+        ("review", "Review"),
+        ("reviews", "Review"),
+        ("payment", "Payment"),
+        ("payments", "Payment"),
+        ("inventory", "Inventory"),
+        ("booking", "Booking"),
+        ("bookings", "Booking"),
+        ("account", "Account"),
+        ("accounts", "Account"),
+        ("user", "User"),
+        ("users", "User"),
+        ("profile", "Profile"),
+        ("profiles", "Profile"),
+    ]
+
+    PLURAL_RULES = {
+        "History": "histories",
+        "Category": "categories",
+        "Company": "companies",
+        "Inventory": "inventory",
+    }
+
+    def plan(self, request: str) -> IntentPlan:
+        text = request.lower()
+        method = self._infer_method(text)
+        entities = self._infer_entities(text)
+        resource = entities[-1] if entities else "Resource"
+        action = self._infer_action(text, method)
+        path = self._infer_path(text, method, resource)
+
+        return IntentPlan(
+            method=method,
+            path=path,
+            entities=entities,
+            resource=resource,
+            action=action,
+            response_status=self._response_status(method),
+            metadata={"planner": "deterministic-v0.2"},
+        )
+
+    def _infer_method(self, text: str) -> str:
+        for word, method in self.EXPLICIT_METHODS.items():
+            if f" {word} " in f" {text} ":
+                return method
+
+        if any(word in text for word in ["create", "add", "submit"]):
+            return "POST"
+        if any(word in text for word in ["update", "edit", "replace"]):
+            return "PUT"
+        if any(word in text for word in ["modify", "partial"]):
+            return "PATCH"
+        if any(word in text for word in ["delete", "remove", "disable"]):
+            return "DELETE"
+
+        return "GET"
+
+    def _infer_entities(self, text: str) -> List[str]:
+        detected: List[str] = []
+
+        for keyword, entity in self.ENTITY_RULES:
+            if keyword in text and entity not in detected:
+                detected.append(entity)
+
+        if "user" in text and "order" in text:
+            return ["User", "Order"]
+
+        if "product" in text and "review" in text:
+            return ["Product", "Review"]
+
+        if "product" in text and "inventory" in text:
+            return ["Product", "Inventory"]
+
+        if detected:
+            return detected[:2]
+
+        words = re.findall(r"[A-Za-z]+", text)
+        stop = {
+            "create", "get", "fetch", "update", "delete", "api", "for",
+            "a", "an", "the", "to", "by", "of", "history", "status",
+            "new", "existing", "details", "detail"
+        }
+
+        fallback = []
+        for word in words:
+            if word.lower() not in stop and len(word) > 2:
+                fallback.append(word.capitalize())
+
+        return fallback[:2] or ["Resource"]
+
+    def _infer_action(self, text: str, method: str) -> str:
+        if "history" in text:
+            return "history"
+        if "status" in text:
+            return "status"
+        if "review" in text:
+            return "review"
+        if "inventory" in text:
+            return "inventory"
+        if "disable" in text:
+            return "disable"
+        if "cancel" in text or "cancellation" in text:
+            return "cancellation"
+
+        return {
+            "GET": "read",
+            "POST": "create",
+            "PUT": "update",
+            "PATCH": "partial_update",
+            "DELETE": "delete",
+        }.get(method, "unknown")
+
+    def _infer_path(self, text: str, method: str, resource: str) -> str:
+        if "user" in text and "order" in text:
+            return "/users/{user_id}/orders"
+
+        if "product" in text and "review" in text:
+            if method == "POST":
+                return "/products/{product_id}/reviews"
+            return "/products/{product_id}/reviews/{id}"
+
+        if "payment" in text and "status" in text:
+            return "/payments/{id}/status"
+
+        if "product" in text and "inventory" in text:
+            return "/products/{product_id}/inventory"
+
+        if "user" in text and ("disable" in text or method == "DELETE"):
+            return "/users/{id}"
+
+        if "booking" in text and ("cancel" in text or "cancellation" in text):
+            return "/bookings/{id}/cancellation"
+
+        plural = self.PLURAL_RULES.get(resource, f"{resource.lower()}s")
+
+        if method == "POST":
+            return f"/{plural}"
+
+        return f"/{plural}/{{id}}"
+
+    def _response_status(self, method: str) -> int:
+        if method == "POST":
+            return 201
+        return 200

archapi/planning/task_dag.py

@@ -0,0 +1,81 @@
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+from typing import Dict, List, Set
+
+
+@dataclass
+class TaskNode:
+    name: str
+    depends_on: List[str] = field(default_factory=list)
+    status: str = "pending"
+
+
+@dataclass
+class TaskDAG:
+    nodes: Dict[str, TaskNode] = field(default_factory=dict)
+
+    def add_task(self, name: str, depends_on: List[str] = None) -> None:
+        self.nodes[name] = TaskNode(name=name, depends_on=depends_on or [])
+
+    def ready_tasks(self) -> List[str]:
+        ready: List[str] = []
+        completed = {
+            name
+            for name, node in self.nodes.items()
+            if node.status == "completed"
+        }
+
+        for name, node in self.nodes.items():
+            if node.status != "pending":
+                continue
+
+            if all(dep in completed for dep in node.depends_on):
+                ready.append(name)
+
+        return ready
+
+    def mark_completed(self, name: str) -> None:
+        self.nodes[name].status = "completed"
+
+    def mark_failed_and_block_dependents(self, name: str) -> List[str]:
+        self.nodes[name].status = "failed"
+
+        blocked: List[str] = []
+        for node_name, node in self.nodes.items():
+            if self._depends_on(node_name, name):
+                if node.status == "pending":
+                    node.status = "blocked"
+                    blocked.append(node_name)
+
+        return blocked
+
+    def _depends_on(self, node_name: str, dependency: str) -> bool:
+        visited: Set[str] = set()
+
+        def visit(current: str) -> bool:
+            if current in visited:
+                return False
+            visited.add(current)
+
+            node = self.nodes[current]
+            if dependency in node.depends_on:
+                return True
+
+            return any(visit(dep) for dep in node.depends_on if dep in self.nodes)
+
+        return visit(node_name)
+
+    @classmethod
+    def default_api_dag(cls) -> "TaskDAG":
+        dag = cls()
+        dag.add_task("detect_models")
+        dag.add_task("detect_route_style")
+        dag.add_task("detect_auth_style")
+        dag.add_task("detect_service_style")
+        dag.add_task("generate_schema", ["detect_models"])
+        dag.add_task("generate_route", ["detect_route_style", "detect_auth_style"])
+        dag.add_task("generate_service", ["detect_models", "detect_service_style"])
+        dag.add_task("generate_controller", ["generate_schema", "generate_route", "generate_service"])
+        dag.add_task("generate_test", ["generate_controller", "generate_route"])
+        return dag

archapi/security/context_redactor.py

@@ -0,0 +1,38 @@
+from __future__ import annotations
+
+import re
+
+
+class ContextRedactor:
+    """
+    Redacts obvious sensitive values before text is sent to an language model.
+    """
+
+    REDACTIONS = [
+        (
+            re.compile(r"(?i)(api[_-]?key\s*[:=]\s*)['\"]?[A-Za-z0-9_\-]{8,}['\"]?"),
+            r"\1[REDACTED_API_KEY]",
+        ),
+        (
+            re.compile(r"(?i)((access_token|refresh_token|token)\s*[:=]\s*)['\"]?[A-Za-z0-9_\-\.]{8,}['\"]?"),
+            r"\1[REDACTED_TOKEN]",
+        ),
+        (
+            re.compile(r"(?i)((secret|client_secret)\s*[:=]\s*)['\"]?[A-Za-z0-9_\-]{8,}['\"]?"),
+            r"\1[REDACTED_SECRET]",
+        ),
+        (
+            re.compile(r"-----BEGIN (RSA |EC |OPENSSH |DSA )?PRIVATE KEY-----.*?-----END (RSA |EC |OPENSSH |DSA )?PRIVATE KEY-----", re.DOTALL),
+            "[REDACTED_PRIVATE_KEY]",
+        ),
+        (
+            re.compile(r"AKIA[0-9A-Z]{16}"),
+            "[REDACTED_AWS_ACCESS_KEY]",
+        ),
+    ]
+
+    def redact(self, text: str) -> str:
+        redacted = text
+        for pattern, replacement in self.REDACTIONS:
+            redacted = pattern.sub(replacement, redacted)
+        return redacted

archapi/security/policy_gate.py

@@ -0,0 +1,70 @@
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import List
+
+from archapi.types import GeneratedFile, GenerationResult
+
+
+@dataclass
+class PolicyReport:
+    allowed: bool
+    errors: List[str] = field(default_factory=list)
+    warnings: List[str] = field(default_factory=list)
+
+
+class PolicyGate:
+    """
+    Simple policy gate for v0.1.
+
+    Blocks generated patches from touching risky files and sensitive paths.
+    """
+
+    BLOCKED_EXACT_FILENAMES = {
+        ".env",
+        ".env.local",
+        ".env.production",
+        "id_rsa",
+        "id_ed25519",
+    }
+
+    BLOCKED_PATH_PARTS = {
+        ".git",
+        ".venv",
+        "node_modules",
+        ".archapi",
+    }
+
+    SENSITIVE_KEYWORDS = {
+        "payment",
+        "billing",
+        "auth.core",
+        "passport",
+        "oauth",
+        "jwt.secret",
+    }
+
+    def validate_files(self, files: List[GeneratedFile]) -> PolicyReport:
+        errors: List[str] = []
+        warnings: List[str] = []
+
+        for generated in files:
+            path = Path(generated.path)
+            parts = set(path.parts)
+
+            if path.name in self.BLOCKED_EXACT_FILENAMES:
+                errors.append(f"Policy blocked write to sensitive file: {path}")
+
+            if parts & self.BLOCKED_PATH_PARTS:
+                errors.append(f"Policy blocked write inside protected path: {path}")
+
+            lowered = str(path).lower()
+            for keyword in self.SENSITIVE_KEYWORDS:
+                if keyword in lowered:
+                    warnings.append(f"Generated patch touches sensitive area '{keyword}': {path}")
+
+        return PolicyReport(allowed=len(errors) == 0, errors=errors, warnings=warnings)
+
+    def validate_result(self, result: GenerationResult) -> PolicyReport:
+        return self.validate_files(result.files)

archapi/security/secret_scanner.py

@@ -0,0 +1,90 @@
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import List
+
+
+@dataclass
+class SecretFinding:
+    file: str
+    line: int
+    pattern: str
+    preview: str
+
+
+@dataclass
+class SecretScanReport:
+    success: bool
+    findings: List[SecretFinding] = field(default_factory=list)
+
+
+class SecretScanner:
+    """
+    Lightweight local secret scanner.
+
+    This is not a replacement for Gitleaks or TruffleHog.
+    It is a first safety layer for ArchAPI v0.1.
+    """
+
+    DEFAULT_PATTERNS = {
+        "api_key_assignment": re.compile(r"(?i)(api[_-]?key)\s*[:=]\s*['\"]?[A-Za-z0-9_\-]{12,}"),
+        "secret_assignment": re.compile(r"(?i)(secret|client_secret)\s*[:=]\s*['\"]?[A-Za-z0-9_\-]{12,}"),
+        "token_assignment": re.compile(r"(?i)(token|access_token|refresh_token)\s*[:=]\s*['\"]?[A-Za-z0-9_\-\.]{12,}"),
+        "private_key": re.compile(r"-----BEGIN (RSA |EC |OPENSSH |DSA )?PRIVATE KEY-----"),
+        "aws_access_key": re.compile(r"AKIA[0-9A-Z]{16}"),
+    }
+
+    IGNORED_DIRS = {
+        ".git",
+        ".venv",
+        "node_modules",
+        "dist",
+        "build",
+        "coverage",
+        "__pycache__",
+        "vendor",
+        "target",
+        ".archapi",
+    }
+
+    def __init__(self, project_path: Path):
+        self.project_path = Path(project_path)
+
+    def scan(self) -> SecretScanReport:
+        findings: List[SecretFinding] = []
+
+        for path in self.project_path.rglob("*"):
+            if path.is_dir():
+                continue
+
+            if any(part in self.IGNORED_DIRS for part in path.parts):
+                continue
+
+            try:
+                text = path.read_text(encoding="utf-8", errors="ignore")
+            except Exception:
+                continue
+
+            rel = str(path.relative_to(self.project_path))
+
+            for line_no, line in enumerate(text.splitlines(), start=1):
+                for pattern_name, pattern in self.DEFAULT_PATTERNS.items():
+                    if pattern.search(line):
+                        findings.append(
+                            SecretFinding(
+                                file=rel,
+                                line=line_no,
+                                pattern=pattern_name,
+                                preview=self._preview(line),
+                            )
+                        )
+
+        return SecretScanReport(success=len(findings) == 0, findings=findings)
+
+    def _preview(self, line: str) -> str:
+        clean = line.strip()
+        if len(clean) <= 80:
+            return clean
+        return clean[:77] + "..."