arthexis 0.1.10__py3-none-any.whl → 0.1.12__py3-none-any.whl

core/reference_utils.py

@@ -30,7 +30,7 @@ def filter_visible_references(
         if host:
             site = Site.objects.filter(domain__iexact=host).first()
 
-    site_id = site.pk if site else None
+    site_id = getattr(site, "pk", None)
 
     if node is None:
         try:
@@ -41,16 +41,27 @@ def filter_visible_references(
             node = None
 
     node_role_id = getattr(node, "role_id", None)
-    node_feature_ids: set[int] = set()
+    node_active_feature_ids: set[int] = set()
     if node is not None:
-        features_manager = getattr(node, "features", None)
-        if features_manager is not None:
+        assignments_manager = getattr(node, "feature_assignments", None)
+        if assignments_manager is not None:
             try:
-                node_feature_ids = set(
-                    features_manager.values_list("pk", flat=True)
+                assignments = list(
+                    assignments_manager.filter(is_deleted=False).select_related(
+                        "feature"
+                    )
                 )
             except Exception:
-                node_feature_ids = set()
+                assignments = []
+            for assignment in assignments:
+                feature = getattr(assignment, "feature", None)
+                if feature is None or getattr(feature, "is_deleted", False):
+                    continue
+                try:
+                    if feature.is_enabled:
+                        node_active_feature_ids.add(feature.pk)
+                except Exception:
+                    continue
 
     visible_refs: list["Reference"] = []
     for ref in refs:
@@ -64,8 +75,8 @@ def filter_visible_references(
                 allowed = True
             elif (
                 required_features
-                and node_feature_ids
-                and node_feature_ids.intersection(required_features)
+                and node_active_feature_ids
+                and node_active_feature_ids.intersection(required_features)
             ):
                 allowed = True
             elif required_sites and site_id and site_id in required_sites:

core/release.py

@@ -344,3 +344,7 @@ def publish(
     proc = subprocess.run(cmd, capture_output=True, text=True)
     if proc.returncode != 0:
         raise ReleaseError(proc.stdout + proc.stderr)
+
+    tag_name = f"v{version}"
+    _run(["git", "tag", tag_name])
+    _run(["git", "push", "origin", tag_name])

core/sigil_builder.py

@@ -17,7 +17,7 @@ from .sigil_resolver import (
 def generate_model_sigils(**kwargs) -> None:
     """Ensure built-in configuration SigilRoot entries exist."""
     SigilRoot = apps.get_model("core", "SigilRoot")
-    for prefix in ["ENV", "SYS"]:
+    for prefix in ["ENV", "CONF", "SYS"]:
         # Ensure built-in configuration roots exist without violating the
         # unique ``prefix`` constraint, even if older databases already have
         # entries with a different ``context_type``.
@@ -40,7 +40,12 @@ def _sigil_builder_view(request):
         {
             "prefix": "ENV",
             "url": reverse("admin:environment"),
-            "label": _("Environment"),
+            "label": _("Environ"),
+        },
+        {
+            "prefix": "CONF",
+            "url": reverse("admin:config"),
+            "label": _("Config"),
         },
         {
             "prefix": "SYS",

core/sigil_resolver.py

@@ -11,6 +11,7 @@ from django.core import serializers
 from django.db import models
 
 from .sigil_context import get_context
+from .system import get_system_sigil_values, resolve_system_namespace_value
 
 logger = logging.getLogger("core.entity")
 
@@ -150,6 +151,18 @@ def _resolve_token(token: str, current: Optional[models.Model] = None) -> str:
     SigilRoot = apps.get_model("core", "SigilRoot")
     try:
         root = SigilRoot.objects.get(prefix__iexact=lookup_root)
+    except SigilRoot.DoesNotExist:
+        logger.warning("Unknown sigil root [%s]", lookup_root)
+        return _failed_resolution(original_token)
+    except Exception:
+        logger.exception(
+            "Error resolving sigil [%s.%s]",
+            lookup_root,
+            key_upper or normalized_key or raw_key,
+        )
+        return _failed_resolution(original_token)
+
+    try:
         if root.context_type == SigilRoot.Context.CONFIG:
             if not normalized_key:
                 return ""
@@ -176,7 +189,7 @@ def _resolve_token(token: str, current: Optional[models.Model] = None) -> str:
                     key_upper or normalized_key or raw_key or "",
                 )
                 return _failed_resolution(original_token)
-            if root.prefix.upper() == "SYS":
+            if root.prefix.upper() == "CONF":
                 for candidate in [normalized_key, key_upper, key_lower]:
                     if not candidate:
                         continue
@@ -188,6 +201,26 @@ def _resolve_token(token: str, current: Optional[models.Model] = None) -> str:
                 if fallback is not None:
                     return fallback
                 return ""
+            if root.prefix.upper() == "SYS":
+                values = get_system_sigil_values()
+                candidates = {
+                    key_upper,
+                    normalized_key.upper() if normalized_key else None,
+                    (raw_key or "").upper(),
+                }
+                for candidate in candidates:
+                    if not candidate:
+                        continue
+                    if candidate in values:
+                        return values[candidate]
+                    resolved = resolve_system_namespace_value(candidate)
+                    if resolved is not None:
+                        return resolved
+                logger.warning(
+                    "Missing system information for sigil [SYS.%s]",
+                    key_upper or normalized_key or raw_key or "",
+                )
+                return _failed_resolution(original_token)
         elif root.context_type == SigilRoot.Context.ENTITY:
             model = root.content_type.model_class() if root.content_type else None
             instance = None
@@ -243,15 +276,13 @@ def _resolve_token(token: str, current: Optional[models.Model] = None) -> str:
                     return _failed_resolution(original_token)
                 return serializers.serialize("json", [instance])
         return _failed_resolution(original_token)
-    except SigilRoot.DoesNotExist:
-        logger.warning("Unknown sigil root [%s]", lookup_root)
     except Exception:
         logger.exception(
             "Error resolving sigil [%s.%s]",
             lookup_root,
             key_upper or normalized_key or raw_key,
         )
-    return _failed_resolution(original_token)
+        return _failed_resolution(original_token)
 
 
 def resolve_sigils(text: str, current: Optional[models.Model] = None) -> str:

core/system.py

@@ -1,25 +1,265 @@
 from __future__ import annotations
 
 from contextlib import closing
+from dataclasses import dataclass
+from datetime import datetime
 from pathlib import Path
+import json
 import re
 import socket
 import subprocess
 import shutil
+from typing import Callable, Iterable, Optional
 
 from django.conf import settings
 from django.contrib import admin
 from django.template.response import TemplateResponse
 from django.urls import path
+from django.utils import timezone
+from django.utils.formats import date_format
 from django.utils.translation import gettext_lazy as _
 
+from core.auto_upgrade import AUTO_UPGRADE_TASK_NAME
 from utils import revision
 
 
+@dataclass(frozen=True)
+class SystemField:
+    """Metadata describing a single entry on the system admin page."""
+
+    label: str
+    sigil_key: str
+    value: object
+    field_type: str = "text"
+
+    @property
+    def sigil(self) -> str:
+        return f"SYS.{self.sigil_key}"
+
+
 _RUNSERVER_PORT_PATTERN = re.compile(r":(\d{2,5})(?:\D|$)")
 _RUNSERVER_PORT_FLAG_PATTERN = re.compile(r"--port(?:=|\s+)(\d{2,5})", re.IGNORECASE)
 
 
+def _format_timestamp(dt: datetime | None) -> str:
+    """Return ``dt`` formatted using the active ``DATETIME_FORMAT``."""
+
+    if dt is None:
+        return ""
+    try:
+        localized = timezone.localtime(dt)
+    except Exception:
+        localized = dt
+    return date_format(localized, "DATETIME_FORMAT")
+
+
+def _auto_upgrade_next_check() -> str:
+    """Return the human-readable timestamp for the next auto-upgrade check."""
+
+    try:  # pragma: no cover - optional dependency failures
+        from django_celery_beat.models import PeriodicTask
+    except Exception:
+        return ""
+
+    try:
+        task = (
+            PeriodicTask.objects.select_related(
+                "interval", "crontab", "solar", "clocked"
+            )
+            .only("enabled", "last_run_at", "start_time", "name")
+            .get(name=AUTO_UPGRADE_TASK_NAME)
+        )
+    except PeriodicTask.DoesNotExist:
+        return ""
+    except Exception:  # pragma: no cover - database unavailable
+        return ""
+
+    if not task.enabled:
+        return str(_("Disabled"))
+
+    schedule = task.schedule
+    if schedule is None:
+        return ""
+
+    now = schedule.maybe_make_aware(schedule.now())
+
+    start_time = task.start_time
+    if start_time is not None:
+        try:
+            candidate_start = schedule.maybe_make_aware(start_time)
+        except Exception:
+            candidate_start = (
+                timezone.make_aware(start_time)
+                if timezone.is_naive(start_time)
+                else start_time
+            )
+        if candidate_start and candidate_start > now:
+            return _format_timestamp(candidate_start)
+
+    last_run_at = task.last_run_at
+    if last_run_at is not None:
+        try:
+            reference = schedule.maybe_make_aware(last_run_at)
+        except Exception:
+            reference = (
+                timezone.make_aware(last_run_at)
+                if timezone.is_naive(last_run_at)
+                else last_run_at
+            )
+    else:
+        reference = now
+
+    try:
+        remaining = schedule.remaining_estimate(reference)
+    except Exception:
+        return ""
+
+    next_run = now + remaining
+    return _format_timestamp(next_run)
+
+
+def _resolve_auto_upgrade_namespace(key: str) -> str | None:
+    """Resolve sigils within the legacy ``AUTO-UPGRADE`` namespace."""
+
+    normalized = key.replace("-", "_").upper()
+    if normalized == "NEXT_CHECK":
+        return _auto_upgrade_next_check()
+    return None
+
+
+_SYSTEM_SIGIL_NAMESPACES: dict[str, Callable[[str], Optional[str]]] = {
+    "AUTO_UPGRADE": _resolve_auto_upgrade_namespace,
+}
+
+
+def resolve_system_namespace_value(key: str) -> str | None:
+    """Resolve dot-notation sigils mapped to dynamic ``SYS`` namespaces."""
+
+    if not key:
+        return None
+    normalized_key = key.replace("-", "_").upper()
+    if normalized_key == "NEXT_VER_CHECK":
+        return _auto_upgrade_next_check()
+    namespace, _, remainder = key.partition(".")
+    if not remainder:
+        return None
+    normalized = namespace.replace("-", "_").upper()
+    handler = _SYSTEM_SIGIL_NAMESPACES.get(normalized)
+    if not handler:
+        return None
+    return handler(remainder)
+
+
+def _database_configurations() -> list[dict[str, str]]:
+    """Return a normalized list of configured database connections."""
+
+    databases: list[dict[str, str]] = []
+    for alias, config in settings.DATABASES.items():
+        engine = config.get("ENGINE", "")
+        name = config.get("NAME", "")
+        if engine is None:
+            engine = ""
+        if name is None:
+            name = ""
+        databases.append({
+            "alias": alias,
+            "engine": str(engine),
+            "name": str(name),
+        })
+    databases.sort(key=lambda entry: entry["alias"].lower())
+    return databases
+
+
+def _build_system_fields(info: dict[str, object]) -> list[SystemField]:
+    """Convert gathered system information into renderable rows."""
+
+    fields: list[SystemField] = []
+
+    def add_field(label: str, key: str, value: object, *, field_type: str = "text", visible: bool = True) -> None:
+        if not visible:
+            return
+        fields.append(SystemField(label=label, sigil_key=key, value=value, field_type=field_type))
+
+    add_field(_("Suite installed"), "INSTALLED", info.get("installed", False), field_type="boolean")
+    add_field(_("Revision"), "REVISION", info.get("revision", ""))
+
+    service_value = info.get("service") or _("not installed")
+    add_field(_("Service"), "SERVICE", service_value)
+
+    nginx_mode = info.get("mode", "")
+    port = info.get("port", "")
+    nginx_display = f"{nginx_mode} ({port})" if port else nginx_mode
+    add_field(_("Nginx mode"), "NGINX_MODE", nginx_display)
+
+    add_field(_("Node role"), "NODE_ROLE", info.get("role", ""))
+    add_field(
+        _("Display mode"),
+        "DISPLAY_MODE",
+        info.get("screen_mode", ""),
+        visible=bool(info.get("screen_mode")),
+    )
+
+    add_field(_("Features"), "FEATURES", info.get("features", []), field_type="features")
+    add_field(_("Running"), "RUNNING", info.get("running", False), field_type="boolean")
+    add_field(
+        _("Service status"),
+        "SERVICE_STATUS",
+        info.get("service_status", ""),
+        visible=bool(info.get("service")),
+    )
+
+    add_field(_("Hostname"), "HOSTNAME", info.get("hostname", ""))
+
+    ip_addresses: Iterable[str] = info.get("ip_addresses", [])  # type: ignore[assignment]
+    add_field(_("IP addresses"), "IP_ADDRESSES", " ".join(ip_addresses))
+
+    add_field(
+        _("Databases"),
+        "DATABASES",
+        info.get("databases", []),
+        field_type="databases",
+    )
+
+    add_field(
+        _("Next version check"),
+        "NEXT-VER-CHECK",
+        info.get("auto_upgrade_next_check", ""),
+    )
+
+    return fields
+
+
+def _export_field_value(field: SystemField) -> str:
+    """Serialize a ``SystemField`` value for sigil resolution."""
+
+    if field.field_type in {"features", "databases"}:
+        return json.dumps(field.value)
+    if field.field_type == "boolean":
+        return "True" if field.value else "False"
+    if field.value is None:
+        return ""
+    return str(field.value)
+
+
+def get_system_sigil_values() -> dict[str, str]:
+    """Expose system information in a format suitable for sigil lookups."""
+
+    info = _gather_info()
+    values: dict[str, str] = {}
+    for field in _build_system_fields(info):
+        exported = _export_field_value(field)
+        raw_key = (field.sigil_key or "").strip()
+        if not raw_key:
+            continue
+        variants = {
+            raw_key.upper(),
+            raw_key.replace("-", "_").upper(),
+        }
+        for variant in variants:
+            values[variant] = exported
+    return values
+
+
 def _parse_runserver_port(command_line: str) -> int | None:
     """Extract the HTTP port from a runserver command line."""
 
@@ -219,6 +459,9 @@ def _gather_info() -> dict:
     info["hostname"] = hostname
     info["ip_addresses"] = ip_list
 
+    info["databases"] = _database_configurations()
+    info["auto_upgrade_next_check"] = _auto_upgrade_next_check()
+
     return info
 
 
@@ -226,7 +469,13 @@ def _system_view(request):
     info = _gather_info()
 
     context = admin.site.each_context(request)
-    context.update({"title": _("System"), "info": info})
+    context.update(
+        {
+            "title": _("System"),
+            "info": info,
+            "system_fields": _build_system_fields(info),
+        }
+    )
     return TemplateResponse(request, "admin/system.html", context)
 
 

core/tasks.py

@@ -17,7 +17,7 @@ from nodes.models import NetMessage
 
 
 AUTO_UPGRADE_HEALTH_DELAY_SECONDS = 30
-AUTO_UPGRADE_HEALTH_MAX_ATTEMPTS = 3
+AUTO_UPGRADE_SKIP_LOCK_NAME = "auto_upgrade_skip_revisions.lck"
 
 
 logger = logging.getLogger(__name__)
@@ -66,6 +66,46 @@ def _append_auto_upgrade_log(base_dir: Path, message: str) -> None:
         logger.warning("Failed to append auto-upgrade log entry: %s", message)
 
 
+def _skip_lock_path(base_dir: Path) -> Path:
+    return base_dir / "locks" / AUTO_UPGRADE_SKIP_LOCK_NAME
+
+
+def _load_skipped_revisions(base_dir: Path) -> set[str]:
+    skip_file = _skip_lock_path(base_dir)
+    try:
+        return {
+            line.strip()
+            for line in skip_file.read_text().splitlines()
+            if line.strip()
+        }
+    except FileNotFoundError:
+        return set()
+    except OSError:
+        logger.warning("Failed to read auto-upgrade skip lockfile")
+        return set()
+
+
+def _add_skipped_revision(base_dir: Path, revision: str) -> None:
+    if not revision:
+        return
+
+    skip_file = _skip_lock_path(base_dir)
+    try:
+        skip_file.parent.mkdir(parents=True, exist_ok=True)
+        existing = _load_skipped_revisions(base_dir)
+        if revision in existing:
+            return
+        with skip_file.open("a", encoding="utf-8") as fh:
+            fh.write(f"{revision}\n")
+        _append_auto_upgrade_log(
+            base_dir, f"Recorded blocked revision {revision} for auto-upgrade"
+        )
+    except OSError:
+        logger.warning(
+            "Failed to update auto-upgrade skip lockfile with revision %s", revision
+        )
+
+
 def _resolve_service_url(base_dir: Path) -> str:
     """Return the local URL used to probe the Django suite."""
 
@@ -110,6 +150,23 @@ def check_github_updates() -> None:
     except Exception:
         startup = None
 
+    remote_revision = (
+        subprocess.check_output(
+            ["git", "rev-parse", f"origin/{branch}"], cwd=base_dir
+        )
+        .decode()
+        .strip()
+    )
+
+    skipped_revisions = _load_skipped_revisions(base_dir)
+    if remote_revision in skipped_revisions:
+        _append_auto_upgrade_log(
+            base_dir, f"Skipping auto-upgrade for blocked revision {remote_revision}"
+        )
+        if startup:
+            startup()
+        return
+
     upgrade_stamp = timezone.now().strftime("@ %Y%m%d %H:%M")
 
     upgrade_was_applied = False
@@ -120,19 +177,7 @@ def check_github_updates() -> None:
             .decode()
             .strip()
         )
-        remote = (
-            subprocess.check_output(
-                [
-                    "git",
-                    "rev-parse",
-                    f"origin/{branch}",
-                ],
-                cwd=base_dir,
-            )
-            .decode()
-            .strip()
-        )
-        if local == remote:
+        if local == remote_revision:
             if startup:
                 startup()
             return
@@ -254,12 +299,29 @@ def _schedule_health_check(next_attempt: int) -> None:
     )
 
 
+def _handle_failed_health_check(base_dir: Path, detail: str) -> None:
+    revision = ""
+    try:
+        revision = (
+            subprocess.check_output(["git", "rev-parse", "HEAD"], cwd=base_dir)
+            .decode()
+            .strip()
+        )
+    except Exception:  # pragma: no cover - best effort capture
+        logger.warning("Failed to determine revision during auto-upgrade revert")
+
+    _add_skipped_revision(base_dir, revision)
+    _append_auto_upgrade_log(base_dir, "Health check failed; reverting upgrade")
+    subprocess.run(["./upgrade.sh", "--revert"], cwd=base_dir, check=True)
+
+
 @shared_task
 def verify_auto_upgrade_health(attempt: int = 1) -> bool | None:
     """Verify the upgraded suite responds successfully.
 
-    When the check fails three times in a row the upgrade is rolled back by
-    invoking ``upgrade.sh --revert``.
+    After the post-upgrade delay the site is probed once; any response other
+    than HTTP 200 triggers an automatic revert and records the failing
+    revision so future upgrade attempts skip it.
     """
 
     base_dir = Path(__file__).resolve().parent.parent
@@ -270,33 +332,29 @@ def verify_auto_upgrade_health(attempt: int = 1) -> bool | None:
     )
 
     status: int | None = None
+    detail = "succeeded"
     try:
         with urllib.request.urlopen(request, timeout=10) as response:
             status = getattr(response, "status", response.getcode())
     except urllib.error.HTTPError as exc:
         status = exc.code
+        detail = f"returned HTTP {exc.code}"
         logger.warning(
             "Auto-upgrade health check attempt %s returned HTTP %s", attempt, exc.code
         )
     except urllib.error.URLError as exc:
+        detail = f"failed with {exc}"
         logger.warning(
             "Auto-upgrade health check attempt %s failed: %s", attempt, exc
         )
     except Exception as exc:  # pragma: no cover - unexpected network error
+        detail = f"failed with {exc}"
         logger.exception(
             "Unexpected error probing suite during auto-upgrade attempt %s", attempt
         )
-        detail = f"failed with {exc}"
         _record_health_check_result(base_dir, attempt, status, detail)
-        if attempt >= AUTO_UPGRADE_HEALTH_MAX_ATTEMPTS:
-            _append_auto_upgrade_log(
-                base_dir,
-                "Health check raised unexpected error; reverting upgrade",
-            )
-            subprocess.run(["./upgrade.sh", "--revert"], cwd=base_dir, check=True)
-        else:
-            _schedule_health_check(attempt + 1)
-        return None
+        _handle_failed_health_check(base_dir, detail)
+        return False
 
     if status == 200:
         _record_health_check_result(base_dir, attempt, status, "succeeded")
@@ -307,21 +365,15 @@ def verify_auto_upgrade_health(attempt: int = 1) -> bool | None:
         )
         return True
 
-    _record_health_check_result(base_dir, attempt, status, "failed")
-
-    if attempt >= AUTO_UPGRADE_HEALTH_MAX_ATTEMPTS:
-        logger.error(
-            "Auto-upgrade health check failed after %s attempts; reverting", attempt
-        )
-        _append_auto_upgrade_log(
-            base_dir,
-            "Health check failed three times; reverting upgrade",
-        )
-        subprocess.run(["./upgrade.sh", "--revert"], cwd=base_dir, check=True)
-        return False
+    if detail == "succeeded":
+        if status is not None:
+            detail = f"returned HTTP {status}"
+        else:
+            detail = "failed with unknown status"
 
-    _schedule_health_check(attempt + 1)
-    return None
+    _record_health_check_result(base_dir, attempt, status, detail)
+    _handle_failed_health_check(base_dir, detail)
+    return False
 
 
 @shared_task