cinchdb 0.1.14__py3-none-any.whl → 0.1.17__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. cinchdb/__init__.py +5 -1
  2. cinchdb/cli/commands/__init__.py +2 -1
  3. cinchdb/cli/commands/data.py +350 -0
  4. cinchdb/cli/commands/index.py +2 -2
  5. cinchdb/cli/commands/tenant.py +47 -0
  6. cinchdb/cli/main.py +3 -6
  7. cinchdb/config.py +4 -13
  8. cinchdb/core/connection.py +14 -18
  9. cinchdb/core/database.py +224 -75
  10. cinchdb/core/maintenance_utils.py +43 -0
  11. cinchdb/core/path_utils.py +20 -22
  12. cinchdb/core/tenant_activation.py +216 -0
  13. cinchdb/infrastructure/metadata_connection_pool.py +0 -1
  14. cinchdb/infrastructure/metadata_db.py +108 -1
  15. cinchdb/managers/branch.py +1 -1
  16. cinchdb/managers/change_applier.py +21 -22
  17. cinchdb/managers/column.py +1 -1
  18. cinchdb/managers/data.py +190 -14
  19. cinchdb/managers/index.py +1 -2
  20. cinchdb/managers/query.py +0 -1
  21. cinchdb/managers/table.py +31 -6
  22. cinchdb/managers/tenant.py +90 -150
  23. cinchdb/managers/view.py +1 -1
  24. cinchdb/plugins/__init__.py +16 -0
  25. cinchdb/plugins/base.py +80 -0
  26. cinchdb/plugins/decorators.py +49 -0
  27. cinchdb/plugins/manager.py +210 -0
  28. {cinchdb-0.1.14.dist-info → cinchdb-0.1.17.dist-info}/METADATA +19 -24
  29. {cinchdb-0.1.14.dist-info → cinchdb-0.1.17.dist-info}/RECORD +32 -28
  30. cinchdb/core/maintenance.py +0 -73
  31. cinchdb/security/__init__.py +0 -1
  32. cinchdb/security/encryption.py +0 -108
  33. {cinchdb-0.1.14.dist-info → cinchdb-0.1.17.dist-info}/WHEEL +0 -0
  34. {cinchdb-0.1.14.dist-info → cinchdb-0.1.17.dist-info}/entry_points.txt +0 -0
  35. {cinchdb-0.1.14.dist-info → cinchdb-0.1.17.dist-info}/licenses/LICENSE +0 -0
cinchdb/security/encryption.py DELETED
@@ -1,108 +0,0 @@
1
- """Simple SQLite encryption using environment variables with KMS upgrade path."""
2
-
3
- import os
4
- import sqlite3
5
- import logging
6
- from pathlib import Path
7
-
8
- logger = logging.getLogger(__name__)
9
-
10
-
11
- class SQLiteEncryption:
12
- """Simple SQLite encryption with static keys and KMS upgrade path."""
13
-
14
- def __init__(self):
15
- # Encryption is optional for open source users
16
- self.enabled = os.getenv("CINCH_ENCRYPT_DATA", "false").lower() == "true"
17
- self._encryption_key = None
18
-
19
- if self.enabled:
20
- self._encryption_key = self._get_encryption_key()
21
-
22
- def _get_encryption_key(self) -> str:
23
- """Get encryption key with future KMS support."""
24
-
25
- # Future KMS support - check for KMS configuration first
26
- kms_provider = os.getenv("CINCH_KMS_PROVIDER")
27
- if kms_provider:
28
- # TODO: Implement KMS key retrieval
29
- # return self._get_key_from_kms(kms_provider)
30
- logger.warning("KMS provider configured but not implemented yet")
31
-
32
- # Require explicit key
33
- static_key = os.getenv("CINCH_ENCRYPTION_KEY")
34
- if static_key:
35
- return static_key
36
-
37
- # Fail fast if no key provided
38
- raise ValueError(
39
- "CINCH_ENCRYPTION_KEY environment variable is required when CINCH_ENCRYPT_DATA=true. "
40
- "Generate a key with: python -c \"import secrets; print(secrets.token_urlsafe(32))\""
41
- )
42
-
43
- def get_connection(self, db_path: Path) -> sqlite3.Connection:
44
- """Get SQLite connection with optional encryption."""
45
- # Connect with datetime parsing support
46
- conn = sqlite3.connect(
47
- str(db_path),
48
- detect_types=sqlite3.PARSE_DECLTYPES | sqlite3.PARSE_COLNAMES,
49
- )
50
-
51
- if self.enabled and self._encryption_key:
52
- try:
53
- # Apply encryption key
54
- conn.execute(f"PRAGMA key = '{self._encryption_key}'")
55
-
56
- # Configure recommended cipher (ChaCha20-Poly1305) if supported
57
- try:
58
- conn.execute("PRAGMA cipher = 'chacha20'")
59
- except sqlite3.OperationalError:
60
- # Fallback to default cipher if ChaCha20 not available
61
- logger.debug("ChaCha20 cipher not available, using default")
62
-
63
- # Security hardening
64
- conn.execute("PRAGMA temp_store = MEMORY") # Encrypt temp data
65
- conn.execute("PRAGMA secure_delete = ON") # Overwrite deleted data
66
-
67
- except sqlite3.OperationalError as e:
68
- logger.error(f"Failed to apply encryption to {db_path}: {e}")
69
- # Close connection and re-raise with helpful message
70
- conn.close()
71
- raise sqlite3.OperationalError(
72
- f"Failed to apply encryption. Make sure SQLite3MultipleCiphers is installed. Error: {e}"
73
- ) from e
74
-
75
- # Standard SQLite optimizations
76
- conn.execute("PRAGMA journal_mode = WAL")
77
- conn.execute("PRAGMA synchronous = NORMAL")
78
- conn.execute("PRAGMA cache_size = -2000")
79
-
80
- return conn
81
-
82
- def is_encrypted(self, db_path: Path) -> bool:
83
- """Check if database file is encrypted."""
84
- if not db_path.exists():
85
- return False
86
-
87
- try:
88
- # Try to open without key
89
- test_conn = sqlite3.connect(str(db_path))
90
- test_conn.execute("SELECT name FROM sqlite_master LIMIT 1")
91
- test_conn.close()
92
- return False # Successfully opened = not encrypted
93
- except sqlite3.DatabaseError:
94
- return True # Failed to open = likely encrypted
95
-
96
- def test_encryption_support(self) -> bool:
97
- """Test if SQLite encryption is available."""
98
- try:
99
- conn = sqlite3.connect(':memory:')
100
- conn.execute("PRAGMA key = 'test'")
101
- conn.close()
102
- return True
103
- except sqlite3.OperationalError:
104
- return False
105
-
106
-
107
- # Global instance for easy access
108
- encryption = SQLiteEncryption()