bizteamai-smcp-biz 1.13.1__py3-none-any.whl

bizteamai_smcp_biz-1.13.1.dist-info/METADATA

@@ -0,0 +1,119 @@
+Metadata-Version: 2.4
+Name: bizteamai-smcp-biz
+Version: 1.13.1
+Summary: SMCP Business Edition - Secure Model Context Protocol with advanced licensing
+Author-email: BizTeam AI <support@bizteamai.com>
+License: Commercial
+Project-URL: Homepage, https://github.com/bizteamai
+Project-URL: Documentation, https://github.com/bizteamai/smcp-biz
+Project-URL: Repository, https://github.com/bizteamai/smcp-biz
+Project-URL: Bug Tracker, https://github.com/bizteamai/smcp-biz/issues
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: Other/Proprietary License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Requires-Dist: mcp
+Requires-Dist: fastmcp
+Requires-Dist: cryptography
+Requires-Dist: pyyaml
+Requires-Dist: psutil>=5.8.0
+Requires-Dist: requests>=2.25.0
+Provides-Extra: support
+Requires-Dist: psutil>=5.8.0; extra == "support"
+Requires-Dist: requests>=2.25.0; extra == "support"
+
+# SMCP Business Edition
+
+Professional secure MCP server implementation with advanced licensing and enterprise features.
+
+## Key Features
+
+- **Core-based Licensing**: License validation based on CPU core usage
+- **Runtime Enforcement**: Graceful enforcement with 15-minute grace period
+- **Automatic Renewal**: Hot-reload license keys without restarts
+- **Revocation Support**: Remote revocation list checking
+- **Enterprise Security**: All community features plus advanced compliance
+- **Professional Support**: Priority support and SLA guarantees
+- **Seamless Upgrade**: Same import (`import smcp`) as community edition
+
+## Installation
+
+### Business Edition
+#### From Private PyPI Server
+```bash
+pip install --extra-index-url https://bizteamai.com/pypi/simple/ smcp-biz
+```
+
+#### With Upload Authentication (for contributors)
+```bash
+# For uploading packages (requires token authentication)
+pip install --extra-index-url https://<upload-token>@bizteamai.com/pypi/simple/ bizteam-smcp-biz
+```
+
+**Note**: 
+- Package name is `smcp-biz` but imports as `smcp` for seamless upgrade from community edition
+- Public downloads don't require authentication
+- Upload operations require a valid token
+- Private PyPI server hosted at `https://bizteamai.com/pypi/`
+
+### Community Edition
+
+The community edition (`bizteam-smcp`) is available on PyPI.org:
+```bash
+# Community edition from PyPI.org
+pip install bizteam-smcp
+
+# Or from private PyPI
+pip install --extra-index-url https://bizteamai.com/pypi/simple/  bizteam-smcp
+```
+
+## License Configuration
+
+Set your license file path:
+```bash
+export BIZTEAM_LICENSE_FILE=/etc/bizteam/license.txt
+```
+
+Or set the license key directly:
+```bash
+export BIZTEAM_LICENSE_KEY="BZT.customer.cores.expiry.nonce.signature"
+```
+
+## Development Mode
+
+For development and testing:
+```bash
+export BIZTEAM_DEV_MODE=1  # Disables license checking
+```
+
+## Usage
+
+```python
+import smcp  # Same import as community edition
+# Business edition will be used if installed
+```
+
+## CLI Tools
+
+Enhanced CLI tools included:
+```bash
+smcp-gen-key    # Generate license keys
+smcp-approve    # Approve pending actions
+smcp-mkcert     # Certificate generation
+smcp-revoke     # License revocation
+```
+
+## Support
+
+- **Technical Support**: support@bizteamai.com
+- **Sales Inquiries**: sales@bizteamai.com
+- **GitHub**: https://github.com/bizteamai/smcp-biz
+
+## License
+
+This is commercial software distributed under a proprietary license. A valid license key is required for production use.

bizteamai_smcp_biz-1.13.1.dist-info/RECORD

@@ -0,0 +1,21 @@
+smcp/__init__.py,sha256=wjnXjqkSQubRo5P70GzH39N4DI9saRJfpso4AYqsN2Y,1674
+smcp/allowlist.py,sha256=hitqBxRi-_I3LJm_w2a-QCLQdCllWtJVd7IIR1RSSKU,4474
+smcp/app_wrapper.py,sha256=miqt_MOwQRDszwlPXyxd96XV6LUCvcZBNo8VL1GUghA,7435
+smcp/confirm.py,sha256=74OluC4kyW1GIc2cGWa19m7q4wTbAOkiDtoJtoY3EXk,7725
+smcp/cpu.py,sha256=idntYvXFmATIt5eKlYGVxvtH0TMANpNU9FZtSCrpCVY,2127
+smcp/decorators.py,sha256=8kAHBch9trJEsRXcCl2AlolUYmyM5MZG1QB1wsRZ1tc,3426
+smcp/enforce.py,sha256=kiymcEvdXAA1SweSpOYywS9Gfvfa1zPeWhUdJ9Ek6GY,4642
+smcp/filters.py,sha256=8YHWUj-pYoFZyNrQymyGcoL9TUyPz_YyXcuWa3zPhvg,6054
+smcp/license.py,sha256=ksCwsZMw57SOU9E9uhskyyHc-oHY2C273wdox49KXvw,6841
+smcp/logchain.py,sha256=SI-UQ5cMQuufS2-5ONdRomGuSoaMx4aNz3zE0CNRO6c,8353
+smcp/tls.py,sha256=w8LtI--lHV2XMxXKRAfEL2sqQOi-1zaAPFg0RUSp-JY,4965
+smcp/cli/__init__.py,sha256=D-dTgVCOE7e3QNZdPj_hoj2VOIlgNRvF728ldPQ0fKE,40
+smcp/cli/approve.py,sha256=i3d-kgPX6lp-5vCZzxrhletYoZvSDx3dRLxqHeauPJ4,8815
+smcp/cli/gen_key.py,sha256=bmD8x9l8-opmVqPvVKEnO84QsQ7k_pztw-HvCmREe8Y,2559
+smcp/cli/mkcert.py,sha256=JI12e3OJGa_HwkVBfzDAxTarUV_bAujOfSj1TPd_Tqw,10161
+smcp/cli/revoke.py,sha256=rERtBhqdcmUxLBsWmEI6sp1vlZRjIeVHSIj2T-yzs_k,2675
+bizteamai_smcp_biz-1.13.1.dist-info/METADATA,sha256=TnKQoF28MhosO-vIWQRC8UcOL5RBN0MGHEkfrDYybOQ,3645
+bizteamai_smcp_biz-1.13.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+bizteamai_smcp_biz-1.13.1.dist-info/entry_points.txt,sha256=vSlSkuuQ5SX83RZnSkL5uR7rI61crto6b9FLwSEYtxo,162
+bizteamai_smcp_biz-1.13.1.dist-info/top_level.txt,sha256=NC_CT8OBJEqtDZkUDD9oM8UTD_COXbkff6feQ3E82hw,5
+bizteamai_smcp_biz-1.13.1.dist-info/RECORD,,

bizteamai_smcp_biz-1.13.1.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (80.9.0)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

bizteamai_smcp_biz-1.13.1.dist-info/entry_points.txt

@@ -0,0 +1,5 @@
+[console_scripts]
+smcp-approve = smcp.cli.approve:main
+smcp-gen-key = smcp.cli.gen_key:main
+smcp-mkcert = smcp.cli.mkcert:main
+smcp-revoke = smcp.cli.revoke:main

bizteamai_smcp_biz-1.13.1.dist-info/top_level.txt

@@ -0,0 +1 @@
+smcp

smcp/__init__.py

@@ -0,0 +1,53 @@
+"""
+SMCP Business Edition - Secure Model Context Protocol
+
+Professional secure MCP server implementation with core-based licensing.
+"""
+
+import logging
+import atexit
+import os
+
+from .license import verify_license, get_licensed_cores
+from .enforce import start_enforcement
+
+# Import core SMCP functionality
+from .app_wrapper import FastSMCP
+from .decorators import tool, prompt, retrieval
+
+__version__ = "0.1.0"
+__all__ = ["FastSMCP", "tool", "prompt", "retrieval"]
+
+# Initialize licensing system
+logger = logging.getLogger(__name__)
+
+def _initialize_licensing():
+    """Initialize the licensing system on module import."""
+    try:
+        # Check if we're in development/testing mode
+        if os.getenv('BIZTEAM_DEV_MODE') == '1':
+            logger.info("SMCP Business Edition - Development mode (license checking disabled)")
+            return
+        
+        # Verify license on import
+        license_info = verify_license()
+        if license_info:
+            licensed_cores = get_licensed_cores()
+            logger.info(f"SMCP Business Edition - Licensed for {licensed_cores} cores")
+            
+            # Start enforcement monitoring
+            start_enforcement()
+        else:
+            logger.error("SMCP Business Edition - Invalid or missing license")
+            raise RuntimeError("Valid license required for SMCP Business Edition")
+            
+    except Exception as e:
+        logger.error(f"License initialization failed: {e}")
+        if os.getenv('BIZTEAM_DEV_MODE') != '1':
+            raise
+
+# Initialize on import
+_initialize_licensing()
+
+# Clean up on exit
+atexit.register(lambda: logger.debug("SMCP Business Edition - Shutting down"))

smcp/allowlist.py

@@ -0,0 +1,169 @@
+"""
+Host allowlist validation for outbound connections.
+"""
+
+import ipaddress
+import re
+from typing import Dict, List, Union
+from urllib.parse import urlparse
+
+
+class HostValidationError(Exception):
+    """Raised when a host fails allowlist validation."""
+    pass
+
+
+def validate_host(target: str, cfg: Dict[str, Union[str, List[str]]]) -> None:
+    """
+    Validate that a target host is in the allowlist.
+    
+    Args:
+        target: Target host, URL, or IP address to validate
+        cfg: Configuration dictionary containing ALLOWED_HOSTS
+        
+    Raises:
+        HostValidationError: If the host is not in the allowlist
+    """
+    allowed_hosts = cfg.get("ALLOWED_HOSTS", [])
+    if not allowed_hosts:
+        return  # No allowlist configured, allow all
+    
+    # Extract hostname from URL if needed
+    hostname = _extract_hostname(target)
+    
+    # Check against allowlist
+    if not _is_host_allowed(hostname, allowed_hosts):
+        raise HostValidationError(f"Host '{hostname}' not in allowlist")
+
+
+def _extract_hostname(target: str) -> str:
+    """
+    Extract hostname from a target string (URL, hostname, or IP).
+    
+    Args:
+        target: Target string to parse
+        
+    Returns:
+        Extracted hostname or IP address
+    """
+    # If it looks like a URL, parse it
+    if "://" in target:
+        parsed = urlparse(target)
+        return parsed.hostname or parsed.netloc
+    
+    # If it contains a port, strip it
+    if ":" in target and not _is_ipv6(target):
+        return target.split(":")[0]
+    
+    return target
+
+
+def _is_ipv6(address: str) -> bool:
+    """Check if a string is an IPv6 address."""
+    try:
+        ipaddress.IPv6Address(address)
+        return True
+    except ipaddress.AddressValueError:
+        return False
+
+
+def _is_host_allowed(hostname: str, allowed_hosts: List[str]) -> bool:
+    """
+    Check if a hostname is in the allowlist.
+    
+    Args:
+        hostname: Hostname to check
+        allowed_hosts: List of allowed hosts (can include patterns)
+        
+    Returns:
+        True if the hostname is allowed
+    """
+    for allowed in allowed_hosts:
+        if _host_matches(hostname, allowed):
+            return True
+    return False
+
+
+def _host_matches(hostname: str, pattern: str) -> bool:
+    """
+    Check if a hostname matches an allowlist pattern.
+    
+    Supports:
+    - Exact matches: "api.example.com"
+    - Wildcard subdomains: "*.example.com"
+    - IP addresses: "192.168.1.1"
+    - IP ranges: "192.168.1.0/24"
+    
+    Args:
+        hostname: Hostname to check
+        pattern: Pattern to match against
+        
+    Returns:
+        True if the hostname matches the pattern
+    """
+    # Exact match
+    if hostname == pattern:
+        return True
+    
+    # Wildcard subdomain match
+    if pattern.startswith("*."):
+        domain = pattern[2:]
+        return hostname.endswith(f".{domain}") or hostname == domain
+    
+    # IP range match
+    if "/" in pattern:
+        try:
+            network = ipaddress.ip_network(pattern, strict=False)
+            address = ipaddress.ip_address(hostname)
+            return address in network
+        except (ipaddress.AddressValueError, ValueError):
+            pass
+    
+    # Regex pattern match (if pattern contains regex characters)
+    if any(char in pattern for char in r"[](){}+?^$|\\"):
+        try:
+            return bool(re.match(pattern, hostname))
+        except re.error:
+            pass
+    
+    return False
+
+
+def add_host_to_allowlist(cfg: Dict[str, List[str]], host: str) -> None:
+    """
+    Add a host to the allowlist configuration.
+    
+    Args:
+        cfg: Configuration dictionary to modify
+        host: Host to add to the allowlist
+    """
+    if "ALLOWED_HOSTS" not in cfg:
+        cfg["ALLOWED_HOSTS"] = []
+    
+    if host not in cfg["ALLOWED_HOSTS"]:
+        cfg["ALLOWED_HOSTS"].append(host)
+
+
+def remove_host_from_allowlist(cfg: Dict[str, List[str]], host: str) -> None:
+    """
+    Remove a host from the allowlist configuration.
+    
+    Args:
+        cfg: Configuration dictionary to modify
+        host: Host to remove from the allowlist
+    """
+    if "ALLOWED_HOSTS" in cfg and host in cfg["ALLOWED_HOSTS"]:
+        cfg["ALLOWED_HOSTS"].remove(host)
+
+
+def get_allowed_hosts(cfg: Dict[str, List[str]]) -> List[str]:
+    """
+    Get the current allowlist.
+    
+    Args:
+        cfg: Configuration dictionary
+        
+    Returns:
+        List of allowed hosts
+    """
+    return cfg.get("ALLOWED_HOSTS", [])

smcp/app_wrapper.py

@@ -0,0 +1,216 @@
+"""
+FastSMCP subclass with integrated security features.
+"""
+
+from typing import Any, Dict, Optional
+
+try:
+    from fastmcp import FastMCP as SDKFastMCP
+except ImportError:
+    # Fallback for testing or when fastmcp is not available
+    class SDKFastMCP:
+        def __init__(self, *args, **kwargs):
+            self.name = args[0] if args else "unknown"
+        
+        def run(self, **kwargs):
+            print(f"Running {self.name} with transport")
+
+from .tls import TLSContextFactory, tls_configured
+
+
+class FastSMCP(SDKFastMCP):
+    """
+    Security-enhanced FastMCP server with conditional TLS and configuration injection.
+    
+    Automatically enables TLS when certificates are configured and injects
+    security configuration into all decorated functions.
+    """
+    
+    def __init__(self, *args, **kwargs):
+        """
+        Initialize FastSMCP with security configuration.
+        
+        Args:
+            *args: Positional arguments passed to FastMCP
+            **kwargs: Keyword arguments, including optional smcp_cfg
+        """
+        # Extract SMCP configuration
+        self.smcp_cfg = kwargs.pop("smcp_cfg", {})
+        
+        # Initialize base FastMCP
+        super().__init__(*args, **kwargs)
+        
+        # Setup TLS if configured
+        if tls_configured(self.smcp_cfg):
+            self._setup_tls()
+    
+    def _setup_tls(self) -> None:
+        """Setup TLS context if certificates are configured."""
+        try:
+            self._tls_context = TLSContextFactory.server_context(self.smcp_cfg)
+        except Exception as e:
+            print(f"Warning: Failed to setup TLS: {e}")
+            self._tls_context = None
+    
+    def run(self, transport: str = "tcp", **kwargs) -> None:
+        """
+        Run the server with security enhancements.
+        
+        Args:
+            transport: Transport protocol to use
+            **kwargs: Additional keyword arguments for the server
+        """
+        # Inject SMCP configuration for decorators
+        kwargs["_smcp_cfg"] = self.smcp_cfg
+        
+        # Enable TLS if configured
+        if hasattr(self, "_tls_context") and self._tls_context:
+            kwargs["ssl_context"] = self._tls_context
+            if not transport.endswith("+tls"):
+                transport = f"{transport}+tls"
+            print(f"Starting server with TLS on {transport}")
+        else:
+            print(f"Starting server without TLS on {transport}")
+        
+        # Log security configuration status
+        self._log_security_status()
+        
+        # Run the server
+        super().run(transport=transport, **kwargs)
+    
+    def _log_security_status(self) -> None:
+        """Log the status of security features."""
+        from .logchain import log_security_event
+        
+        features = {
+            "tls_enabled": hasattr(self, "_tls_context") and self._tls_context is not None,
+            "host_allowlist_configured": bool(self.smcp_cfg.get("ALLOWED_HOSTS")),
+            "input_filtering_configured": bool(self.smcp_cfg.get("SAFE_RE")),
+            "confirmation_enabled": self.smcp_cfg.get("CONFIRMATION_ENABLED", True),
+            "logging_enabled": bool(self.smcp_cfg.get("LOG_PATH")),
+        }
+        
+        log_security_event("server_startup", features, self.smcp_cfg)
+        
+        # Print security status
+        print("Security Features Status:")
+        for feature, enabled in features.items():
+            status = "✓" if enabled else "✗"
+            print(f"  {status} {feature.replace('_', ' ').title()}")
+    
+    def get_security_config(self) -> Dict[str, Any]:
+        """
+        Get the current security configuration.
+        
+        Returns:
+            Dictionary containing the current security configuration
+        """
+        return self.smcp_cfg.copy()
+    
+    def update_security_config(self, updates: Dict[str, Any]) -> None:
+        """
+        Update the security configuration.
+        
+        Args:
+            updates: Dictionary of configuration updates
+        """
+        self.smcp_cfg.update(updates)
+        
+        # Re-setup TLS if configuration changed
+        if any(key in updates for key in ["ca_path", "cert_path", "key_path"]):
+            if tls_configured(self.smcp_cfg):
+                self._setup_tls()
+    
+    def add_allowed_host(self, host: str) -> None:
+        """
+        Add a host to the allowlist.
+        
+        Args:
+            host: Host to add to the allowlist
+        """
+        if "ALLOWED_HOSTS" not in self.smcp_cfg:
+            self.smcp_cfg["ALLOWED_HOSTS"] = []
+        
+        if host not in self.smcp_cfg["ALLOWED_HOSTS"]:
+            self.smcp_cfg["ALLOWED_HOSTS"].append(host)
+    
+    def remove_allowed_host(self, host: str) -> None:
+        """
+        Remove a host from the allowlist.
+        
+        Args:
+            host: Host to remove from the allowlist
+        """
+        if "ALLOWED_HOSTS" in self.smcp_cfg and host in self.smcp_cfg["ALLOWED_HOSTS"]:
+            self.smcp_cfg["ALLOWED_HOSTS"].remove(host)
+    
+    def enable_feature(self, feature: str, **kwargs) -> None:
+        """
+        Enable a security feature with configuration.
+        
+        Args:
+            feature: Name of the feature to enable
+            **kwargs: Feature-specific configuration
+        """
+        if feature == "input_filtering":
+            self.smcp_cfg["SAFE_RE"] = kwargs.get("pattern", r"^[\w\s.,:;!?-]{1,2048}$")
+            self.smcp_cfg["MAX_LEN"] = kwargs.get("max_length", 2048)
+        
+        elif feature == "confirmation":
+            self.smcp_cfg["CONFIRMATION_ENABLED"] = True
+            if "queue_file" in kwargs:
+                self.smcp_cfg["QUEUE_FILE"] = kwargs["queue_file"]
+        
+        elif feature == "logging":
+            if "log_path" not in kwargs:
+                raise ValueError("log_path required for logging feature")
+            self.smcp_cfg["LOG_PATH"] = kwargs["log_path"]
+        
+        elif feature == "host_allowlist":
+            self.smcp_cfg["ALLOWED_HOSTS"] = kwargs.get("hosts", [])
+        
+        else:
+            raise ValueError(f"Unknown feature: {feature}")
+    
+    def disable_feature(self, feature: str) -> None:
+        """
+        Disable a security feature.
+        
+        Args:
+            feature: Name of the feature to disable
+        """
+        if feature == "input_filtering":
+            self.smcp_cfg.pop("SAFE_RE", None)
+            self.smcp_cfg.pop("MAX_LEN", None)
+        
+        elif feature == "confirmation":
+            self.smcp_cfg["CONFIRMATION_ENABLED"] = False
+        
+        elif feature == "logging":
+            self.smcp_cfg.pop("LOG_PATH", None)
+        
+        elif feature == "host_allowlist":
+            self.smcp_cfg.pop("ALLOWED_HOSTS", None)
+        
+        elif feature == "tls":
+            for key in ["ca_path", "cert_path", "key_path"]:
+                self.smcp_cfg.pop(key, None)
+            if hasattr(self, "_tls_context"):
+                delattr(self, "_tls_context")
+        
+        else:
+            raise ValueError(f"Unknown feature: {feature}")
+
+
+def create_secure_app(name: str, **security_config) -> FastSMCP:
+    """
+    Create a FastSMCP app with security configuration.
+    
+    Args:
+        name: Name of the MCP server
+        **security_config: Security configuration options
+        
+    Returns:
+        Configured FastSMCP instance
+    """
+    return FastSMCP(name, smcp_cfg=security_config)

smcp/cli/__init__.py

@@ -0,0 +1,3 @@
+"""CLI tools for SMCP."""
+
+__all__ = []