avtomatika 1.0b1__tar.gz → 1.0b2__tar.gz

{avtomatika-1.0b1/src/avtomatika.egg-info → avtomatika-1.0b2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: avtomatika
-Version: 1.0b1
+Version: 1.0b2
 Summary: A state-machine based orchestrator for long-running jobs.
 Project-URL: Homepage, https://github.com/avtomatika-ai/avtomatika
 Project-URL: Bug Tracker, https://github.com/avtomatika-ai/avtomatika/issues
@@ -251,6 +251,11 @@ async def handle_normal(actions):
     actions.transition_to("normal_processing")
 ```
 
+> **Note on Limitations:** The current version of `.when()` uses a simple parser with the following limitations:
+> *   **No Nested Attributes:** You can only access direct fields of `context.initial_data` or `context.state_history` (e.g., `context.initial_data.field`). Nested objects (e.g., `context.initial_data.area.field`) are not supported.
+> *   **Simple Comparisons Only:** Only the following operators are supported: `==`, `!=`, `>`, `<`, `>=`, `<=`. Complex logical expressions with `AND`, `OR`, or `NOT` are not allowed.
+> *   **Limited Value Types:** The parser only recognizes strings (in quotes), integers, and floats. Boolean values (`True`, `False`) and `None` are not correctly parsed and will be treated as strings.
+
 ### 2. Delegating Tasks to Workers (`dispatch_task`)
 
 This is the primary function for delegating work. The orchestrator will queue the task and wait for a worker to pick it up and return a result.
@@ -368,7 +373,9 @@ The orchestrator uses tokens to authenticate API requests.
 *   **Client Authentication**: All API clients must provide a token in the `X-Avtomatika-Token` header. The orchestrator validates this token against client configurations.
 *   **Worker Authentication**: Workers must provide a token in the `X-Worker-Token` header.
     *   `GLOBAL_WORKER_TOKEN`: You can set a global token for all workers using this environment variable. For development and testing, it defaults to `"secure-worker-token"`.
-    *   **Individual Tokens**: For production, it is recommended to define individual tokens for each worker in a separate configuration file and provide its path via the `WORKERS_CONFIG_PATH` environment variable.
+    *   **Individual Tokens**: For production, it is recommended to define individual tokens for each worker in a separate configuration file and provide its path via the `WORKERS_CONFIG_PATH` environment variable. Tokens from this file are stored in a hashed format for security.
+
+> **Note on Dynamic Reloading:** The worker configuration file can be reloaded without restarting the orchestrator by sending an authenticated `POST` request to the `/api/v1/admin/reload-workers` endpoint. This allows for dynamic updates of worker tokens.
 
 ### Observability
 

{avtomatika-1.0b1 → avtomatika-1.0b2}/README.md

@@ -205,6 +205,11 @@ async def handle_normal(actions):
     actions.transition_to("normal_processing")
 ```
 
+> **Note on Limitations:** The current version of `.when()` uses a simple parser with the following limitations:
+> *   **No Nested Attributes:** You can only access direct fields of `context.initial_data` or `context.state_history` (e.g., `context.initial_data.field`). Nested objects (e.g., `context.initial_data.area.field`) are not supported.
+> *   **Simple Comparisons Only:** Only the following operators are supported: `==`, `!=`, `>`, `<`, `>=`, `<=`. Complex logical expressions with `AND`, `OR`, or `NOT` are not allowed.
+> *   **Limited Value Types:** The parser only recognizes strings (in quotes), integers, and floats. Boolean values (`True`, `False`) and `None` are not correctly parsed and will be treated as strings.
+
 ### 2. Delegating Tasks to Workers (`dispatch_task`)
 
 This is the primary function for delegating work. The orchestrator will queue the task and wait for a worker to pick it up and return a result.
@@ -322,7 +327,9 @@ The orchestrator uses tokens to authenticate API requests.
 *   **Client Authentication**: All API clients must provide a token in the `X-Avtomatika-Token` header. The orchestrator validates this token against client configurations.
 *   **Worker Authentication**: Workers must provide a token in the `X-Worker-Token` header.
     *   `GLOBAL_WORKER_TOKEN`: You can set a global token for all workers using this environment variable. For development and testing, it defaults to `"secure-worker-token"`.
-    *   **Individual Tokens**: For production, it is recommended to define individual tokens for each worker in a separate configuration file and provide its path via the `WORKERS_CONFIG_PATH` environment variable.
+    *   **Individual Tokens**: For production, it is recommended to define individual tokens for each worker in a separate configuration file and provide its path via the `WORKERS_CONFIG_PATH` environment variable. Tokens from this file are stored in a hashed format for security.
+
+> **Note on Dynamic Reloading:** The worker configuration file can be reloaded without restarting the orchestrator by sending an authenticated `POST` request to the `/api/v1/admin/reload-workers` endpoint. This allows for dynamic updates of worker tokens.
 
 ### Observability
 

{avtomatika-1.0b1 → avtomatika-1.0b2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "avtomatika"
-version = "1.0b1"
+version = "1.0b2"
 description = "A state-machine based orchestrator for long-running jobs."
 readme = "README.md"
 requires-python = ">=3.11"

{avtomatika-1.0b1 → avtomatika-1.0b2}/src/avtomatika/api.html

@@ -305,6 +305,20 @@
                         responses: [
                             { code: '200 OK', description: 'Successful response.', body: "{...}" }
                         ]
+                    },
+                    {
+                        id: 'post-reload-worker-configs',
+                        name: 'Reload Worker Configurations',
+                        method: 'POST',
+                        path: '/api/{version}/admin/reload-workers',
+                        description: 'Triggers a dynamic reload of worker configurations from the TOML file. Requires client authentication.',
+                        parameters: [
+                            { name: 'version', type: 'string', description: 'API Version', example: 'v1' }
+                        ],
+                        request: { body: null },
+                        responses: [
+                            { code: '200 OK', description: 'Successful response.', body: { "status": "worker_configs_reloaded" } }
+                        ]
                     }
                 ]
             },

{avtomatika-1.0b1 → avtomatika-1.0b2}/src/avtomatika/blueprint.py

@@ -178,10 +178,13 @@ class StateMachineBlueprint:
     def render_graph(self, output_filename: Optional[str] = None, output_format: str = "png"):
         import ast
         import inspect
+        import logging
         import textwrap
 
         from graphviz import Digraph  # type: ignore[import]
 
+        logger = logging.getLogger(__name__)
+
         dot = Digraph(comment=f"State Machine for {self.name}")
         dot.attr("node", shape="box", style="rounded")
         all_handlers = list(self.handlers.items()) + [(ch.state, ch.func) for ch in self.conditional_handlers]
@@ -222,7 +225,11 @@ class StateMachineBlueprint:
                                                 value,
                                                 label=f"on {key}",
                                             )
-            except (TypeError, OSError):
+            except (TypeError, OSError) as e:
+                logger.warning(
+                    f"Could not parse handler '{handler_func.__name__}' for state '{handler_state}'. "
+                    f"Graph may be incomplete. Error: {e}"
+                )
                 pass
         for state in states:
             dot.node(state, state)

{avtomatika-1.0b1 → avtomatika-1.0b2}/src/avtomatika/engine.py

@@ -584,6 +584,18 @@ class OrchestratorEngine:
         jobs = await self.storage.get_quarantined_jobs()
         return web.json_response(jobs)
 
+    async def _reload_worker_configs_handler(self, request: web.Request) -> web.Response:
+        """Handles the dynamic reloading of worker configurations."""
+        logger.info("Received request to reload worker configurations.")
+        if not self.config.WORKERS_CONFIG_PATH:
+            return web.json_response(
+                {"error": "WORKERS_CONFIG_PATH is not set, cannot reload configs."},
+                status=400,
+            )
+
+        await load_worker_configs_to_redis(self.storage, self.config.WORKERS_CONFIG_PATH)
+        return web.json_response({"status": "worker_configs_reloaded"})
+
     async def _flush_db_handler(self, request: web.Request) -> web.Response:
         logger.warning("Received request to flush the database.")
         await self.storage.flush_all()
@@ -643,6 +655,7 @@ class OrchestratorEngine:
             app.router.add_get("/workers", self._get_workers_handler)
             app.router.add_get("/jobs", self._get_jobs_handler)
             app.router.add_get("/dashboard", self._get_dashboard_handler)
+            app.router.add_post("/admin/reload-workers", self._reload_worker_configs_handler)
 
         if has_unversioned_routes:
             self.app.add_subapp("/api/", protected_app)

{avtomatika-1.0b1 → avtomatika-1.0b2}/src/avtomatika/security.py

@@ -1,3 +1,4 @@
+from hashlib import sha256
 from typing import Any, Awaitable, Callable
 
 from aiohttp import web
@@ -89,9 +90,10 @@ def worker_auth_middleware_factory(
                 )
 
         # --- Individual Token Check ---
-        expected_token = await storage.get_worker_token(worker_id)
-        if expected_token:
-            if provided_token == expected_token:
+        expected_token_hash = await storage.get_worker_token(worker_id)
+        if expected_token_hash:
+            hashed_provided_token = sha256(provided_token.encode()).hexdigest()
+            if hashed_provided_token == expected_token_hash:
                 request["worker_id"] = worker_id  # Attach authenticated worker_id
                 return await handler(request)
             else:

{avtomatika-1.0b1 → avtomatika-1.0b2}/src/avtomatika/worker_config_loader.py

@@ -1,3 +1,4 @@
+from hashlib import sha256
 from logging import getLogger
 from os.path import exists
 from tomllib import load
@@ -36,8 +37,10 @@ async def load_worker_configs_to_redis(storage: StorageBackend, config_path: str
             continue
 
         try:
+            # Hash the token before storing it
+            hashed_token = sha256(token.encode()).hexdigest()
             # Store the token in a way that's easily retrievable by worker_id
-            await storage.set_worker_token(worker_id, token)
+            await storage.set_worker_token(worker_id, hashed_token)
             logger.info(f"Loaded token for worker_id '{worker_id}'.")
         except Exception as e:
             logger.error(f"Failed to store token for worker_id '{worker_id}' in Redis: {e}")

{avtomatika-1.0b1 → avtomatika-1.0b2/src/avtomatika.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: avtomatika
-Version: 1.0b1
+Version: 1.0b2
 Summary: A state-machine based orchestrator for long-running jobs.
 Project-URL: Homepage, https://github.com/avtomatika-ai/avtomatika
 Project-URL: Bug Tracker, https://github.com/avtomatika-ai/avtomatika/issues
@@ -251,6 +251,11 @@ async def handle_normal(actions):
     actions.transition_to("normal_processing")
 ```
 
+> **Note on Limitations:** The current version of `.when()` uses a simple parser with the following limitations:
+> *   **No Nested Attributes:** You can only access direct fields of `context.initial_data` or `context.state_history` (e.g., `context.initial_data.field`). Nested objects (e.g., `context.initial_data.area.field`) are not supported.
+> *   **Simple Comparisons Only:** Only the following operators are supported: `==`, `!=`, `>`, `<`, `>=`, `<=`. Complex logical expressions with `AND`, `OR`, or `NOT` are not allowed.
+> *   **Limited Value Types:** The parser only recognizes strings (in quotes), integers, and floats. Boolean values (`True`, `False`) and `None` are not correctly parsed and will be treated as strings.
+
 ### 2. Delegating Tasks to Workers (`dispatch_task`)
 
 This is the primary function for delegating work. The orchestrator will queue the task and wait for a worker to pick it up and return a result.
@@ -368,7 +373,9 @@ The orchestrator uses tokens to authenticate API requests.
 *   **Client Authentication**: All API clients must provide a token in the `X-Avtomatika-Token` header. The orchestrator validates this token against client configurations.
 *   **Worker Authentication**: Workers must provide a token in the `X-Worker-Token` header.
     *   `GLOBAL_WORKER_TOKEN`: You can set a global token for all workers using this environment variable. For development and testing, it defaults to `"secure-worker-token"`.
-    *   **Individual Tokens**: For production, it is recommended to define individual tokens for each worker in a separate configuration file and provide its path via the `WORKERS_CONFIG_PATH` environment variable.
+    *   **Individual Tokens**: For production, it is recommended to define individual tokens for each worker in a separate configuration file and provide its path via the `WORKERS_CONFIG_PATH` environment variable. Tokens from this file are stored in a hashed format for security.
+
+> **Note on Dynamic Reloading:** The worker configuration file can be reloaded without restarting the orchestrator by sending an authenticated `POST` request to the `/api/v1/admin/reload-workers` endpoint. This allows for dynamic updates of worker tokens.
 
 ### Observability
 

{avtomatika-1.0b1 → avtomatika-1.0b2}/src/avtomatika.egg-info/SOURCES.txt

@@ -41,6 +41,7 @@ src/avtomatika/storage/redis.py
 tests/test_blueprint_conditions.py
 tests/test_blueprints.py
 tests/test_client_config_loader.py
+tests/test_compression.py
 tests/test_context.py
 tests/test_dispatcher.py
 tests/test_engine.py

avtomatika-1.0b2/tests/test_compression.py

@@ -0,0 +1,121 @@
+from unittest.mock import Mock
+
+import pytest
+import zstandard
+from aiohttp import web
+from src.avtomatika.compression import _compress_gzip, compression_middleware
+
+
+@pytest.mark.asyncio
+async def test_no_compression_for_small_body():
+    """Ensures responses with a body smaller than 500 bytes are not compressed."""
+    request = Mock()
+    request.headers = {"Accept-Encoding": "zstd"}
+
+    # The handler returns a response with a small body
+    async def handler(req):
+        return web.Response(body=b"small body")
+
+    response = await compression_middleware(request, handler)
+    assert "Content-Encoding" not in response.headers
+
+
+@pytest.mark.asyncio
+async def test_no_compression_if_already_encoded():
+    """Ensures responses that already have a Content-Encoding are not compressed again."""
+    request = Mock()
+    request.headers = {"Accept-Encoding": "zstd"}
+
+    async def handler(req):
+        response = web.Response(body=b"i am already compressed" * 100)
+        response.headers["Content-Encoding"] = "br"
+        return response
+
+    response = await compression_middleware(request, handler)
+    assert response.headers["Content-Encoding"] == "br"
+
+
+@pytest.mark.asyncio
+async def test_websocket_response_is_ignored():
+    """Ensures WebSocket responses are not compressed."""
+    request = Mock()
+    request.headers = {"Accept-Encoding": "zstd"}
+
+    async def handler(req):
+        ws_response = web.WebSocketResponse()
+        # In a real scenario, prepare() would be called, but for middleware testing,
+        # returning the instance is sufficient.
+        return ws_response
+
+    response = await compression_middleware(request, handler)
+    assert isinstance(response, web.WebSocketResponse)
+    assert "Content-Encoding" not in response.headers
+
+
+@pytest.mark.asyncio
+async def test_zstd_compression_occurs():
+    """Tests that zstd compression is applied correctly."""
+    request = Mock()
+    request.headers = {"Accept-Encoding": "zstd"}
+    large_body = b"some large body content" * 100
+
+    async def handler(req):
+        return web.Response(body=large_body)
+
+    response = await compression_middleware(request, handler)
+    assert response.headers["Content-Encoding"] == "zstd"
+
+    decompressor = zstandard.ZstdDecompressor()
+    decompressed_body = decompressor.decompress(response.body)
+    assert decompressed_body == large_body
+
+
+@pytest.mark.asyncio
+async def test_gzip_compression_occurs():
+    """Tests that gzip compression is applied correctly."""
+    request = Mock()
+    request.headers = {"Accept-Encoding": "gzip"}
+    large_body = b"some large body content for gzip" * 100
+
+    async def handler(req):
+        return web.Response(body=large_body)
+
+    response = await compression_middleware(request, handler)
+    assert response.headers["Content-Encoding"] == "gzip"
+
+    import gzip
+
+    decompressed_body = gzip.decompress(response.body)
+    assert decompressed_body == large_body
+
+
+@pytest.mark.asyncio
+async def test_compression_failure_returns_original_response():
+    """Tests that if the compression function fails, the original response is returned."""
+    request = Mock()
+    request.headers = {"Accept-Encoding": "gzip"}
+    large_body = b"some large body that will fail to compress" * 100
+
+    # Mock the compression function to raise an exception
+    original_compress = _compress_gzip
+    try:
+
+        def failing_compress_gzip(data):
+            raise ValueError("Compression failed!")
+
+        # Monkeypatch the function
+        import src.avtomatika.compression
+
+        src.avtomatika.compression._compress_gzip = failing_compress_gzip
+
+        async def handler(req):
+            return web.Response(body=large_body)
+
+        response = await compression_middleware(request, handler)
+        assert "Content-Encoding" not in response.headers
+        assert response.body == large_body
+    finally:
+        # Restore the original function
+        import src.avtomatika.compression
+
+        src.avtomatika.compression._compress_gzip = original_compress

{avtomatika-1.0b1 → avtomatika-1.0b2}/tests/test_integration.py

@@ -1,4 +1,5 @@
 import asyncio
+import hashlib
 import json
 import os
 from unittest.mock import AsyncMock
@@ -491,7 +492,12 @@ async def test_task_cancellation_via_websocket_mocked(aiohttp_client, app):
 
 @pytest.mark.parametrize(
     "app",
-    [{"extra_blueprints": [cancellation_bp]}],
+    [
+        {
+            "extra_blueprints": [cancellation_bp],
+            "workers_config_path": os.path.join(os.path.dirname(os.path.abspath(__file__)), "workers.toml"),
+        }
+    ],
     indirect=True,
 )
 @pytest.mark.asyncio
@@ -502,7 +508,8 @@ async def test_worker_individual_token_auth(aiohttp_client, app):
 
     worker_id = "worker-with-individual-token"
     individual_token = "individual-secret-for-worker-1"
-    await storage.set_worker_token(worker_id, individual_token)
+    hashed_individual_token = hashlib.sha256(individual_token.encode()).hexdigest()
+    await storage.set_worker_token(worker_id, hashed_individual_token)
 
     headers = {"X-Worker-Token": individual_token}
     payload = {"worker_id": worker_id, "worker_type": "test", "supported_tasks": ["test"]}

{avtomatika-1.0b1 → avtomatika-1.0b2}/tests/test_worker_config_loader.py

@@ -1,3 +1,4 @@
+import hashlib
 import os
 from unittest.mock import AsyncMock
 
@@ -23,9 +24,12 @@ token = "token-2"
 
     await load_worker_configs_to_redis(storage, config_path)
 
+    hashed_token_1 = hashlib.sha256(b"token-1").hexdigest()
+    hashed_token_2 = hashlib.sha256(b"token-2").hexdigest()
+
     assert storage.set_worker_token.call_count == 2
-    storage.set_worker_token.assert_any_call("worker-1", "token-1")
-    storage.set_worker_token.assert_any_call("worker-2", "token-2")
+    storage.set_worker_token.assert_any_call("worker-1", hashed_token_1)
+    storage.set_worker_token.assert_any_call("worker-2", hashed_token_2)
 
     os.remove(config_path)