arthexis 0.1.8__py3-none-any.whl → 0.1.10__py3-none-any.whl

core/entity.py

@@ -1,12 +1,9 @@
 import copy
 import logging
-import os
-import re
 
-from django.apps import apps
-from django.conf import settings
-from django.db import models
 from django.contrib.auth.models import UserManager as DjangoUserManager
+from django.core.exceptions import FieldDoesNotExist
+from django.db import models
 
 logger = logging.getLogger(__name__)
 
@@ -27,17 +24,14 @@ class EntityManager(models.Manager):
 
 class EntityUserManager(DjangoUserManager):
     def get_queryset(self):
-        return (
-            EntityQuerySet(self.model, using=self._db)
-            .filter(is_deleted=False)
-            .exclude(username="admin")
-        )
+        return EntityQuerySet(self.model, using=self._db).filter(is_deleted=False)
 
 
 class Entity(models.Model):
     """Base model providing seed data tracking and soft deletion."""
 
     is_seed_data = models.BooleanField(default=False, editable=False)
+    is_user_data = models.BooleanField(default=False, editable=False)
     is_deleted = models.BooleanField(default=False, editable=False)
 
     objects = EntityManager()
@@ -60,11 +54,66 @@ class Entity(models.Model):
                 pass
             else:
                 self.is_seed_data = old.is_seed_data
+                self.is_user_data = old.is_user_data
         super().save(*args, **kwargs)
 
+    @classmethod
+    def _unique_field_groups(cls):
+        """Return concrete field tuples enforcing uniqueness for this model."""
+
+        opts = cls._meta
+        groups: list[tuple[models.Field, ...]] = []
+
+        for field in opts.concrete_fields:
+            if field.unique and not field.primary_key:
+                groups.append((field,))
+
+        for unique in opts.unique_together:
+            fields: list[models.Field] = []
+            for name in unique:
+                try:
+                    field = opts.get_field(name)
+                except FieldDoesNotExist:
+                    fields = []
+                    break
+                if not getattr(field, "concrete", False) or field.primary_key:
+                    fields = []
+                    break
+                fields.append(field)
+            if fields:
+                groups.append(tuple(fields))
+
+        for constraint in opts.constraints:
+            if not isinstance(constraint, models.UniqueConstraint):
+                continue
+            if not constraint.fields or constraint.condition is not None:
+                continue
+            fields = []
+            for name in constraint.fields:
+                try:
+                    field = opts.get_field(name)
+                except FieldDoesNotExist:
+                    fields = []
+                    break
+                if not getattr(field, "concrete", False) or field.primary_key:
+                    fields = []
+                    break
+                fields.append(field)
+            if fields:
+                groups.append(tuple(fields))
+
+        unique_groups: list[tuple[models.Field, ...]] = []
+        seen: set[tuple[str, ...]] = set()
+        for fields in groups:
+            key = tuple(field.attname for field in fields)
+            if key in seen:
+                continue
+            seen.add(key)
+            unique_groups.append(fields)
+        return unique_groups
+
     def resolve_sigils(self, field: str) -> str:
         """Return ``field`` value with [ROOT.KEY] tokens resolved."""
-        # Find field ignoring case
         name = field.lower()
         fobj = next((f for f in self._meta.fields if f.name.lower() == name), None)
         if not fobj:
@@ -72,44 +121,9 @@ class Entity(models.Model):
         value = self.__dict__.get(fobj.attname, "")
         if value is None:
             return ""
-        text = str(value)
-
-        pattern = re.compile(r"\[([A-Za-z0-9_]+)\.([A-Za-z0-9_]+)\]")
-        SigilRoot = apps.get_model("core", "SigilRoot")
+        from .sigil_resolver import resolve_sigils as _resolve
 
-        def repl(match):
-            root_name, key = match.group(1), match.group(2)
-            try:
-                root = SigilRoot.objects.get(prefix__iexact=root_name)
-                if root.context_type == SigilRoot.Context.CONFIG:
-                    if root.prefix.upper() == "ENV":
-                        if key in os.environ:
-                            return os.environ[key]
-                        logger.warning(
-                            "Missing environment variable for sigil [%s.%s]",
-                            root_name,
-                            key,
-                        )
-                        return match.group(0)
-                    if root.prefix.upper() == "SYS":
-                        if hasattr(settings, key):
-                            return str(getattr(settings, key))
-                        logger.warning(
-                            "Missing settings attribute for sigil [%s.%s]",
-                            root_name,
-                            key,
-                        )
-                        return match.group(0)
-                logger.warning(
-                    "Unresolvable sigil [%s.%s]: unsupported context", root_name, key
-                )
-            except SigilRoot.DoesNotExist:
-                logger.warning("Unknown sigil root [%s]", root_name)
-            except Exception:
-                logger.exception("Error resolving sigil [%s.%s]", root_name, key)
-            return match.group(0)
-
-        return pattern.sub(repl, text)
+        return _resolve(str(value), current=self)
 
     def delete(self, using=None, keep_parents=False):
         if self.is_seed_data:

core/fields.py

@@ -1,5 +1,10 @@
+from dataclasses import dataclass
+import re
+import sqlite3
+
 from django.db import models
 from django.db.models.fields import DeferredAttribute
+from django.utils.translation import gettext_lazy as _
 
 
 class _BaseSigilDescriptor(DeferredAttribute):
@@ -29,6 +34,12 @@ class _SigilBaseField:
     def value_from_object(self, obj):
         return obj.__dict__.get(self.attname)
 
+    def pre_save(self, model_instance, add):
+        # ``models.Field.pre_save`` uses ``getattr`` which would resolve the
+        # sigil descriptor. Persist the raw database value instead so env-based
+        # placeholders remain intact when editing through admin forms.
+        return self.value_from_object(model_instance)
+
 
 class SigilCheckFieldMixin(_SigilBaseField):
     descriptor_class = _CheckSigilDescriptor
@@ -68,3 +79,90 @@ class SigilShortAutoField(SigilAutoFieldMixin, models.CharField):
 class SigilLongAutoField(SigilAutoFieldMixin, models.TextField):
     pass
 
+
+class ConditionEvaluationError(Exception):
+    """Raised when a condition expression cannot be evaluated."""
+
+
+@dataclass
+class ConditionCheckResult:
+    """Represents the outcome of evaluating a condition field."""
+
+    passed: bool
+    resolved: str
+    error: str | None = None
+
+
+_COMMENT_PATTERN = re.compile(r"(--|/\*)")
+_FORBIDDEN_KEYWORDS = re.compile(
+    r"\b(ATTACH|DETACH|ALTER|ANALYZE|CREATE|DROP|INSERT|UPDATE|DELETE|REPLACE|"
+    r"VACUUM|TRIGGER|TABLE|INDEX|VIEW|PRAGMA|BEGIN|COMMIT|ROLLBACK|SAVEPOINT|WITH)\b",
+    re.IGNORECASE,
+)
+
+
+def _evaluate_sql_condition(expression: str) -> bool:
+    """Evaluate a SQL expression in an isolated SQLite connection."""
+
+    if ";" in expression:
+        raise ConditionEvaluationError(
+            _("Semicolons are not allowed in conditions."),
+        )
+    if _COMMENT_PATTERN.search(expression):
+        raise ConditionEvaluationError(
+            _("SQL comments are not allowed in conditions."),
+        )
+    match = _FORBIDDEN_KEYWORDS.search(expression)
+    if match:
+        raise ConditionEvaluationError(
+            _("Disallowed keyword in condition: %(keyword)s")
+            % {"keyword": match.group(1)},
+        )
+
+    try:
+        conn = sqlite3.connect(":memory:")
+        try:
+            conn.execute("PRAGMA trusted_schema = OFF")
+            conn.execute("PRAGMA foreign_keys = OFF")
+            try:
+                conn.enable_load_extension(False)
+            except AttributeError:
+                # ``enable_load_extension`` is not available on some platforms.
+                pass
+            cursor = conn.execute(
+                f"SELECT CASE WHEN ({expression}) THEN 1 ELSE 0 END"
+            )
+            row = cursor.fetchone()
+            return bool(row[0]) if row else False
+        finally:
+            conn.close()
+    except sqlite3.Error as exc:  # pragma: no cover - exact error message varies
+        raise ConditionEvaluationError(str(exc)) from exc
+
+
+class ConditionTextField(models.TextField):
+    """Field storing a conditional SQL expression resolved through [sigils]."""
+
+    def evaluate(self, instance) -> ConditionCheckResult:
+        """Evaluate the stored expression for ``instance``."""
+
+        value = self.value_from_object(instance)
+        if hasattr(instance, "resolve_sigils"):
+            resolved = instance.resolve_sigils(self.name)
+        else:
+            resolved = value
+
+        if resolved is None:
+            resolved_text = ""
+        else:
+            resolved_text = str(resolved)
+
+        resolved_text = resolved_text.strip()
+        if not resolved_text:
+            return ConditionCheckResult(True, resolved_text)
+
+        try:
+            passed = _evaluate_sql_condition(resolved_text)
+            return ConditionCheckResult(passed, resolved_text)
+        except ConditionEvaluationError as exc:
+            return ConditionCheckResult(False, resolved_text, str(exc))

core/github_helper.py

@@ -0,0 +1,25 @@
+"""Helpers for reporting exceptions to GitHub."""
+
+from __future__ import annotations
+
+import logging
+from typing import Any
+
+from celery import shared_task
+
+
+logger = logging.getLogger(__name__)
+
+
+@shared_task
+def report_exception_to_github(payload: dict[str, Any]) -> None:
+    """Send exception context to the GitHub issue helper.
+
+    The task is intentionally light-weight in this repository. Deployments can
+    replace it with an implementation that forwards ``payload`` to the
+    automation responsible for creating GitHub issues.
+    """
+
+    logger.info(
+        "Queued GitHub issue report for %s", payload.get("fingerprint", "<unknown>")
+    )

core/github_issues.py

@@ -0,0 +1,172 @@
+from __future__ import annotations
+
+import hashlib
+import logging
+import os
+from datetime import datetime, timedelta
+from pathlib import Path
+from typing import Iterable, Mapping
+
+import requests
+
+from .models import Package, PackageRelease
+from .release import DEFAULT_PACKAGE
+
+
+logger = logging.getLogger(__name__)
+
+BASE_DIR = Path(__file__).resolve().parent.parent
+LOCK_DIR = BASE_DIR / "locks" / "github-issues"
+LOCK_TTL = timedelta(hours=1)
+REQUEST_TIMEOUT = 10
+
+
+def resolve_repository() -> tuple[str, str]:
+    """Return the ``(owner, repo)`` tuple for the active package."""
+
+    package = Package.objects.filter(is_active=True).first()
+    repository_url = (
+        package.repository_url
+        if package and package.repository_url
+        else DEFAULT_PACKAGE.repository_url
+    )
+
+    owner: str
+    repo: str
+
+    if repository_url.startswith("git@"):
+        _, _, remainder = repository_url.partition(":")
+        path = remainder
+    else:
+        from urllib.parse import urlparse
+
+        parsed = urlparse(repository_url)
+        path = parsed.path
+
+    path = path.strip("/")
+    if path.endswith(".git"):
+        path = path[:-4]
+
+    segments = [segment for segment in path.split("/") if segment]
+    if len(segments) < 2:
+        raise ValueError(f"Invalid repository URL: {repository_url!r}")
+
+    owner, repo = segments[-2], segments[-1]
+    return owner, repo
+
+
+def get_github_token() -> str:
+    """Return the configured GitHub token.
+
+    Preference is given to the latest :class:`~core.models.PackageRelease`.
+    When unavailable, fall back to the ``GITHUB_TOKEN`` environment variable.
+    """
+
+    latest_release = PackageRelease.latest()
+    if latest_release:
+        token = latest_release.get_github_token()
+        if token:
+            return token
+
+    try:
+        return os.environ["GITHUB_TOKEN"]
+    except KeyError as exc:  # pragma: no cover - defensive guard
+        raise RuntimeError("GitHub token is not configured") from exc
+
+
+def _ensure_lock_dir() -> None:
+    LOCK_DIR.mkdir(parents=True, exist_ok=True)
+
+
+def _fingerprint_digest(fingerprint: str) -> str:
+    return hashlib.sha256(str(fingerprint).encode("utf-8")).hexdigest()
+
+
+def _fingerprint_path(fingerprint: str) -> Path:
+    return LOCK_DIR / _fingerprint_digest(fingerprint)
+
+
+def _has_recent_marker(lock_path: Path) -> bool:
+    if not lock_path.exists():
+        return False
+
+    marker_age = datetime.utcnow() - datetime.utcfromtimestamp(
+        lock_path.stat().st_mtime
+    )
+    return marker_age < LOCK_TTL
+
+
+def build_issue_payload(
+    title: str,
+    body: str,
+    labels: Iterable[str] | None = None,
+    fingerprint: str | None = None,
+) -> Mapping[str, object] | None:
+    """Return an API payload for GitHub issues.
+
+    When ``fingerprint`` is provided, duplicate submissions within ``LOCK_TTL``
+    are ignored by returning ``None``. A marker is kept on disk to prevent
+    repeated reports during the cooldown window.
+    """
+
+    payload: dict[str, object] = {"title": title, "body": body}
+
+    if labels:
+        deduped = list(dict.fromkeys(labels))
+        if deduped:
+            payload["labels"] = deduped
+
+    if fingerprint:
+        _ensure_lock_dir()
+        lock_path = _fingerprint_path(fingerprint)
+        if _has_recent_marker(lock_path):
+            logger.info("Skipping GitHub issue for active fingerprint %s", fingerprint)
+            return None
+
+        lock_path.write_text(datetime.utcnow().isoformat(), encoding="utf-8")
+        digest = _fingerprint_digest(fingerprint)
+        payload["body"] = f"{body}\n\n<!-- fingerprint:{digest} -->"
+
+    return payload
+
+
+def create_issue(
+    title: str,
+    body: str,
+    labels: Iterable[str] | None = None,
+    fingerprint: str | None = None,
+) -> requests.Response | None:
+    """Create a GitHub issue using the configured repository and token."""
+
+    payload = build_issue_payload(title, body, labels=labels, fingerprint=fingerprint)
+    if payload is None:
+        return None
+
+    owner, repo = resolve_repository()
+    token = get_github_token()
+
+    headers = {
+        "Accept": "application/vnd.github+json",
+        "Authorization": f"token {token}",
+        "User-Agent": "arthexis-runtime-reporter",
+    }
+    url = f"https://api.github.com/repos/{owner}/{repo}/issues"
+
+    response = requests.post(
+        url, json=payload, headers=headers, timeout=REQUEST_TIMEOUT
+    )
+    if not (200 <= response.status_code < 300):
+        logger.error(
+            "GitHub issue creation failed with status %s: %s",
+            response.status_code,
+            response.text,
+        )
+        response.raise_for_status()
+
+    logger.info(
+        "GitHub issue created for %s/%s with status %s",
+        owner,
+        repo,
+        response.status_code,
+    )
+    return response

core/lcd_screen.py

@@ -6,6 +6,7 @@ characters the text scrolls horizontally. A third line in the lock file
 can define the scroll speed in milliseconds per character (default 1000
 ms).
 """
+
 from __future__ import annotations
 
 import logging

core/liveupdate.py

@@ -0,0 +1,25 @@
+from functools import wraps
+
+
+def live_update(interval=5):
+    """Decorator to mark function-based views for automatic refresh."""
+
+    def decorator(view):
+        @wraps(view)
+        def wrapped(request, *args, **kwargs):
+            setattr(request, "live_update_interval", interval)
+            return view(request, *args, **kwargs)
+
+        return wrapped
+
+    return decorator
+
+
+class LiveUpdateMixin:
+    """Mixin to enable automatic refresh for class-based views."""
+
+    live_update_interval = 5
+
+    def dispatch(self, request, *args, **kwargs):
+        setattr(request, "live_update_interval", self.live_update_interval)
+        return super().dispatch(request, *args, **kwargs)

core/log_paths.py

@@ -0,0 +1,100 @@
+"""Helpers for selecting writable log directories."""
+
+from __future__ import annotations
+
+from pathlib import Path
+import os
+import sys
+
+
+def _is_root() -> bool:
+    if hasattr(os, "geteuid"):
+        try:
+            return os.geteuid() == 0
+        except OSError:  # pragma: no cover - defensive for unusual platforms
+            return False
+    return False
+
+
+def _state_home(base_home: Path) -> Path:
+    state_home = os.environ.get("XDG_STATE_HOME")
+    if state_home:
+        return Path(state_home).expanduser()
+    return base_home / ".local" / "state"
+
+
+def select_log_dir(base_dir: Path) -> Path:
+    """Choose a writable log directory for the current process."""
+
+    default = base_dir / "logs"
+    env_override = os.environ.get("ARTHEXIS_LOG_DIR")
+    is_root = _is_root()
+    sudo_user = os.environ.get("SUDO_USER")
+
+    candidates: list[Path] = []
+    if env_override:
+        candidates.append(Path(env_override).expanduser())
+
+    if is_root:
+        if not sudo_user or sudo_user == "root":
+            candidates.append(default)
+        candidates.append(Path("/var/log/arthexis"))
+        candidates.append(Path("/tmp/arthexis/logs"))
+    else:
+        home = Path.home()
+        state_home = _state_home(home)
+        candidates.extend(
+            [
+                default,
+                state_home / "arthexis" / "logs",
+                home / ".arthexis" / "logs",
+                Path("/tmp/arthexis/logs"),
+            ]
+        )
+
+    seen: set[Path] = set()
+    ordered_candidates: list[Path] = []
+    for candidate in candidates:
+        candidate = candidate.expanduser()
+        if candidate not in seen:
+            seen.add(candidate)
+            ordered_candidates.append(candidate)
+
+    attempted: list[Path] = []
+    chosen: Path | None = None
+    for candidate in ordered_candidates:
+        attempted.append(candidate)
+        try:
+            candidate.mkdir(parents=True, exist_ok=True)
+        except OSError:
+            continue
+        if os.access(candidate, os.W_OK | os.X_OK):
+            chosen = candidate
+            break
+
+    if chosen is None:
+        attempted_str = (
+            ", ".join(str(path) for path in attempted) if attempted else "none"
+        )
+        raise RuntimeError(
+            f"Unable to create a writable log directory. Tried: {attempted_str}"
+        )
+
+    if chosen != default:
+        if (
+            attempted
+            and attempted[0] == default
+            and not os.access(default, os.W_OK | os.X_OK)
+        ):
+            print(
+                f"Log directory {default} is not writable; using {chosen}",
+                file=sys.stderr,
+            )
+        elif is_root and sudo_user and sudo_user != "root" and not env_override:
+            print(
+                f"Running with elevated privileges; writing logs to {chosen}",
+                file=sys.stderr,
+            )
+
+    os.environ["ARTHEXIS_LOG_DIR"] = str(chosen)
+    return chosen

core/mailer.py

@@ -0,0 +1,83 @@
+import logging
+from typing import Sequence
+
+from django.conf import settings
+from django.core.mail import EmailMessage
+from django.utils.module_loading import import_string
+
+try:  # pragma: no cover - import should always succeed but guard defensively
+    from django.core.mail.backends.dummy import (
+        EmailBackend as DummyEmailBackend,
+    )
+except Exception:  # pragma: no cover - fallback when dummy backend unavailable
+    DummyEmailBackend = None  # type: ignore[assignment]
+
+logger = logging.getLogger(__name__)
+
+
+def send(
+    subject: str,
+    message: str,
+    recipient_list: Sequence[str],
+    from_email: str | None = None,
+    *,
+    outbox=None,
+    attachments: Sequence[tuple[str, str, str]] | None = None,
+    content_subtype: str | None = None,
+    **kwargs,
+):
+    """Send an email using Django's email utilities.
+
+    If ``outbox`` is provided, its connection will be used when sending.
+    """
+    sender = (
+        from_email or getattr(outbox, "from_email", None) or settings.DEFAULT_FROM_EMAIL
+    )
+    connection = outbox.get_connection() if outbox is not None else None
+    fail_silently = kwargs.pop("fail_silently", False)
+    email = EmailMessage(
+        subject=subject,
+        body=message,
+        from_email=sender,
+        to=list(recipient_list),
+        connection=connection,
+        **kwargs,
+    )
+    if attachments:
+        for attachment in attachments:
+            if not isinstance(attachment, (list, tuple)) or len(attachment) != 3:
+                raise ValueError(
+                    "attachments must contain (name, content, mimetype) tuples"
+                )
+            email.attach(*attachment)
+    if content_subtype:
+        email.content_subtype = content_subtype
+    email.send(fail_silently=fail_silently)
+    return email
+
+
+def can_send_email() -> bool:
+    """Return ``True`` when at least one outbound email path is configured."""
+
+    from nodes.models import EmailOutbox  # imported lazily to avoid circular deps
+
+    has_outbox = EmailOutbox.objects.exclude(host="").exists()
+    if has_outbox:
+        return True
+
+    backend_path = getattr(settings, "EMAIL_BACKEND", "")
+    if not backend_path:
+        return False
+    try:
+        backend_cls = import_string(backend_path)
+    except Exception:  # pragma: no cover - misconfigured backend
+        logger.warning("Email backend %s could not be imported", backend_path)
+        return False
+
+    if DummyEmailBackend is None:
+        return True
+    try:
+        return not issubclass(backend_cls, DummyEmailBackend)
+    except TypeError:  # pragma: no cover - backend not a class
+        logger.warning("Email backend %s is not a class", backend_path)
+        return False