coreason-manifest 0.3.0__tar.gz → 0.4.0__tar.gz

{coreason_manifest-0.3.0 → coreason_manifest-0.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: coreason_manifest
-Version: 0.3.0
+Version: 0.4.0
 Summary: This package is the definitive source of truth. If it isn't in the manifest, it doesn't exist. If it violates the manifest, it doesn't run.
 License: # The Prosperity Public License 3.0.0
          
@@ -69,11 +69,13 @@ Classifier: Programming Language :: Python :: 3.12
 Classifier: Operating System :: OS Independent
 Requires-Dist: aiofiles (>=23.2.1,<24.0.0)
 Requires-Dist: anyio (>=4.3.0,<5.0.0)
+Requires-Dist: fastapi (>=0.111.0,<0.112.0)
 Requires-Dist: httpx (>=0.27.0,<0.28.0)
 Requires-Dist: jsonschema (>=4.25.1,<5.0.0)
 Requires-Dist: loguru (>=0.7.2,<0.8.0)
 Requires-Dist: pydantic (>=2.12.5,<3.0.0)
 Requires-Dist: pyyaml (>=6.0.3,<7.0.0)
+Requires-Dist: uvicorn (>=0.30.1,<0.31.0)
 Project-URL: Documentation, https://github.com/CoReason-AI/coreason_manifest
 Project-URL: Homepage, https://github.com/CoReason-AI/coreason_manifest
 Project-URL: Repository, https://github.com/CoReason-AI/coreason_manifest
@@ -99,6 +101,7 @@ The definitive source of truth for CoReason-AI Asset definitions. "The Blueprint
 *   **Integrity Verification:** Calculates and verifies SHA256 hashes of the agent's source code to prevent tampering.
 *   **Dependency Pinning:** Enforces strict version pinning for all library dependencies.
 *   **Trusted Bill of Materials (TBOM):** Validates libraries against an approved list.
+*   **Compliance Microservice:** Can be run as a standalone API server (Service C) for centralized validation.
 
 ## Installation
 
@@ -108,30 +111,30 @@ pip install coreason-manifest
 
 ## Usage
 
-Here is how to initialize the engine and validate an agent manifest:
+`coreason-manifest` supports two modes: **Library (CLI)** and **Server (Microservice)**.
+
+### 1. Library Usage
+
+Use the python library to validate local agent files and verify source integrity.
 
 ```python
-from coreason_manifest import ManifestEngine, ManifestConfig, PolicyViolationError, IntegrityCompromisedError
+from coreason_manifest import ManifestEngine, ManifestConfig
 
-# 1. Initialize configuration with policy path
-config = ManifestConfig(policy_path="./policies/gx_compliant.rego")
+# Initialize and Validate
+config = ManifestConfig(policy_path="./policies/compliance.rego")
 engine = ManifestEngine(config)
+agent_def = engine.load_and_validate("agent.yaml", "./src")
+```
 
-# 2. Load & Validate Agent Manifest
-try:
-    # This runs Schema Validation, Policy Enforcement, and Integrity Checks
-    agent_def = engine.load_and_validate(
-        manifest_path="./agents/payer_war_game/agent.yaml",
-        source_dir="./agents/payer_war_game/src"
-    )
-    print(f"Agent {agent_def.metadata.name} is compliant and ready to run.")
+### 2. Server Mode
 
-except PolicyViolationError as e:
-    print(f"Compliance Failure: {e.violations}")
+Run the package as a FastAPI server to provide a centralized compliance API.
 
-except IntegrityCompromisedError:
-    print("CRITICAL: Code has been tampered with after signing.")
+```bash
+uvicorn coreason_manifest.server:app --host 0.0.0.0 --port 8000
 ```
 
-For detailed requirements and architecture, please refer to the [Product Requirements](docs/product_requirements.md).
+For full details, see the [Usage Documentation](docs/usage.md).
+
+For detailed requirements and architecture, please refer to the [Product Requirements](docs/product_requirements.md) or [Requirements](docs/requirements.md).
 

{coreason_manifest-0.3.0 → coreason_manifest-0.4.0}/README.md

@@ -18,6 +18,7 @@ The definitive source of truth for CoReason-AI Asset definitions. "The Blueprint
 *   **Integrity Verification:** Calculates and verifies SHA256 hashes of the agent's source code to prevent tampering.
 *   **Dependency Pinning:** Enforces strict version pinning for all library dependencies.
 *   **Trusted Bill of Materials (TBOM):** Validates libraries against an approved list.
+*   **Compliance Microservice:** Can be run as a standalone API server (Service C) for centralized validation.
 
 ## Installation
 
@@ -27,29 +28,29 @@ pip install coreason-manifest
 
 ## Usage
 
-Here is how to initialize the engine and validate an agent manifest:
+`coreason-manifest` supports two modes: **Library (CLI)** and **Server (Microservice)**.
+
+### 1. Library Usage
+
+Use the python library to validate local agent files and verify source integrity.
 
 ```python
-from coreason_manifest import ManifestEngine, ManifestConfig, PolicyViolationError, IntegrityCompromisedError
+from coreason_manifest import ManifestEngine, ManifestConfig
 
-# 1. Initialize configuration with policy path
-config = ManifestConfig(policy_path="./policies/gx_compliant.rego")
+# Initialize and Validate
+config = ManifestConfig(policy_path="./policies/compliance.rego")
 engine = ManifestEngine(config)
+agent_def = engine.load_and_validate("agent.yaml", "./src")
+```
 
-# 2. Load & Validate Agent Manifest
-try:
-    # This runs Schema Validation, Policy Enforcement, and Integrity Checks
-    agent_def = engine.load_and_validate(
-        manifest_path="./agents/payer_war_game/agent.yaml",
-        source_dir="./agents/payer_war_game/src"
-    )
-    print(f"Agent {agent_def.metadata.name} is compliant and ready to run.")
+### 2. Server Mode
 
-except PolicyViolationError as e:
-    print(f"Compliance Failure: {e.violations}")
+Run the package as a FastAPI server to provide a centralized compliance API.
 
-except IntegrityCompromisedError:
-    print("CRITICAL: Code has been tampered with after signing.")
+```bash
+uvicorn coreason_manifest.server:app --host 0.0.0.0 --port 8000
 ```
 
-For detailed requirements and architecture, please refer to the [Product Requirements](docs/product_requirements.md).
+For full details, see the [Usage Documentation](docs/usage.md).
+
+For detailed requirements and architecture, please refer to the [Product Requirements](docs/product_requirements.md) or [Requirements](docs/requirements.md).

{coreason_manifest-0.3.0 → coreason_manifest-0.4.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "coreason_manifest"
-version = "0.3.0"
+version = "0.4.0"
 description = "This package is the definitive source of truth. If it isn't in the manifest, it doesn't exist. If it violates the manifest, it doesn't run."
 authors = ["Gowtham A Rao <gowtham.rao@coreason.ai>"]
 license = "Prosperity-3.0"
@@ -16,6 +16,8 @@ pyyaml = "^6.0.3"
 anyio = "^4.3.0"
 httpx = "^0.27.0"
 aiofiles = "^23.2.1"
+fastapi = "^0.111.0"
+uvicorn = "^0.30.1"
 
 [tool.poetry.group.dev.dependencies]
 pytest = "^8.2.2"
@@ -35,7 +37,7 @@ build-backend = "poetry.core.masonry.api"
 
 [project]
 name = "coreason_manifest"
-version = "0.3.0"
+version = "0.4.0"
 description = "This package is the definitive source of truth. If it isn't in the manifest, it doesn't exist. If it violates the manifest, it doesn't run."
 readme = "README.md"
 requires-python = ">=3.11"

{coreason_manifest-0.3.0 → coreason_manifest-0.4.0}/src/coreason_manifest/engine.py

@@ -80,29 +80,30 @@ class ManifestEngineAsync:
         # Clean up resources if necessary.
         pass
 
-    async def load_and_validate(self, manifest_path: Union[str, Path], source_dir: Union[str, Path]) -> AgentDefinition:
-        """Loads, validates, and verifies an Agent Manifest asynchronously.
+    async def validate_manifest_dict(self, raw_data: dict[str, Any]) -> AgentDefinition:
+        """Validates an Agent Manifest dictionary in memory.
+
+        Performs:
+        1. Normalization (stripping version prefixes)
+        2. Schema Validation
+        3. Model Conversion
+        4. Policy Enforcement
+
+        Does NOT perform Integrity Check (hashing).
 
         Args:
-            manifest_path: Path to the agent.yaml file.
-            source_dir: Path to the source code directory.
+            raw_data: The raw dictionary of the manifest.
 
         Returns:
-            AgentDefinition: The fully validated and verified agent definition.
+            AgentDefinition: The fully validated agent definition.
 
         Raises:
             ManifestSyntaxError: If structure or schema is invalid.
             PolicyViolationError: If business rules are violated.
-            IntegrityCompromisedError: If source code hash does not match.
-            FileNotFoundError: If files are missing.
         """
-        manifest_path = Path(manifest_path)
-        source_dir = Path(source_dir)
-
-        logger.info(f"Validating Agent Manifest: {manifest_path}")
-
-        # 1. Load Raw YAML (I/O)
-        raw_data = await ManifestLoader.load_raw_from_file_async(manifest_path)
+        # 1. Normalization (ensure version string is clean before schema/model validation)
+        # We access the static method on ManifestLoader.
+        ManifestLoader._normalize_data(raw_data)
 
         # 2. Schema Validation
         logger.debug("Running Schema Validation...")
@@ -128,13 +129,42 @@ class ManifestEngineAsync:
             logger.info(f"Policy Check: Fail - {duration_ms:.2f}ms")
             raise
 
+        return cast(AgentDefinition, agent_def)
+
+    async def load_and_validate(self, manifest_path: Union[str, Path], source_dir: Union[str, Path]) -> AgentDefinition:
+        """Loads, validates, and verifies an Agent Manifest asynchronously.
+
+        Args:
+            manifest_path: Path to the agent.yaml file.
+            source_dir: Path to the source code directory.
+
+        Returns:
+            AgentDefinition: The fully validated and verified agent definition.
+
+        Raises:
+            ManifestSyntaxError: If structure or schema is invalid.
+            PolicyViolationError: If business rules are violated.
+            IntegrityCompromisedError: If source code hash does not match.
+            FileNotFoundError: If files are missing.
+        """
+        manifest_path = Path(manifest_path)
+        source_dir = Path(source_dir)
+
+        logger.info(f"Validating Agent Manifest: {manifest_path}")
+
+        # 1. Load Raw YAML (I/O)
+        raw_data = await ManifestLoader.load_raw_from_file_async(manifest_path)
+
+        # 2. Validate Manifest Dict (Schema, Model, Policy)
+        agent_def = await self.validate_manifest_dict(raw_data)
+
         # 5. Integrity Check (Heavy I/O and CPU)
         logger.debug("Verifying Integrity...")
         # IntegrityChecker.verify is synchronous and does heavy IO, so we wrap it.
         await anyio.to_thread.run_sync(IntegrityChecker.verify, agent_def, source_dir, manifest_path)
 
         logger.info("Agent validation successful.")
-        return cast(AgentDefinition, agent_def)
+        return agent_def
 
 
 class ManifestEngine:
@@ -179,3 +209,14 @@ class ManifestEngine:
             AgentDefinition: The fully validated and verified agent definition.
         """
         return cast(AgentDefinition, anyio.run(self._async.load_and_validate, manifest_path, source_dir))
+
+    def validate_manifest_dict(self, raw_data: dict[str, Any]) -> AgentDefinition:
+        """Validates an Agent Manifest dictionary synchronously.
+
+        Args:
+            raw_data: The raw dictionary of the manifest.
+
+        Returns:
+            AgentDefinition: The fully validated agent definition.
+        """
+        return cast(AgentDefinition, anyio.run(self._async.validate_manifest_dict, raw_data))

coreason_manifest-0.4.0/src/coreason_manifest/server.py

@@ -0,0 +1,123 @@
+from contextlib import asynccontextmanager
+from importlib import resources
+from pathlib import Path
+from typing import AsyncIterator, List, Optional, Union
+
+from fastapi import FastAPI, HTTPException, Request, status
+from fastapi.responses import JSONResponse
+from pydantic import BaseModel, Field
+
+from coreason_manifest.engine import ManifestConfig, ManifestEngineAsync
+from coreason_manifest.errors import ManifestSyntaxError, PolicyViolationError
+
+
+# Response Model
+class ValidationResponse(BaseModel):
+    valid: bool
+    agent_id: Optional[str] = None
+    version: Optional[str] = None
+    policy_violations: List[str] = Field(default_factory=list)
+
+
+@asynccontextmanager
+async def lifespan(app: FastAPI) -> AsyncIterator[None]:
+    # Locate policies
+    policy_path: Optional[Path] = None
+    tbom_path: Optional[Path] = None
+
+    # 1. Check local directory (Docker runtime with COPY or relative dev path)
+    # In Docker we will COPY to /app/policies/ or ./policies/ relative to WORKDIR
+    # We'll check common locations.
+    possible_dirs = [
+        Path("policies"),
+        Path("/app/policies"),
+        Path("src/coreason_manifest/policies"),  # Dev from root
+    ]
+
+    for d in possible_dirs:
+        if (d / "compliance.rego").exists():
+            policy_path = d / "compliance.rego"
+            if (d / "tbom.json").exists():
+                tbom_path = d / "tbom.json"
+            break
+
+    # 2. Fallback to package resources
+    resource_context = None
+    if not policy_path:
+        try:
+            # Check if it exists as a resource
+            ref = resources.files("coreason_manifest.policies").joinpath("compliance.rego")
+            if ref.is_file():
+                resource_context = resources.as_file(ref)
+                policy_path = resource_context.__enter__()
+                # Check for TBOM in same dir if possible, or ignore for fallback
+        except Exception:
+            pass
+
+    # If still not found, fail.
+    if not policy_path:
+        raise RuntimeError("Could not locate compliance.rego policy file.")
+
+    config = ManifestConfig(
+        policy_path=policy_path,
+        tbom_path=tbom_path,
+        opa_path="opa",  # Assumes OPA is in PATH (installed via Dockerfile)
+    )
+
+    engine = ManifestEngineAsync(config)
+
+    try:
+        async with engine:
+            app.state.engine = engine
+            yield
+    finally:
+        if resource_context:
+            resource_context.__exit__(None, None, None)
+
+
+app = FastAPI(lifespan=lifespan)
+
+
+@app.post("/validate", response_model=ValidationResponse)  # type: ignore[misc]
+async def validate_manifest(request: Request) -> Union[ValidationResponse, JSONResponse]:
+    engine: ManifestEngineAsync = app.state.engine
+
+    try:
+        raw_body = await request.json()
+    except Exception:
+        raise HTTPException(status_code=400, detail="Invalid JSON body") from None
+
+    try:
+        agent_def = await engine.validate_manifest_dict(raw_body)
+        return ValidationResponse(
+            valid=True,
+            agent_id=str(agent_def.metadata.id),
+            version=agent_def.metadata.version,
+            policy_violations=[],
+        )
+    except ManifestSyntaxError as e:
+        # Return 422 with the error
+        resp = ValidationResponse(valid=False, policy_violations=[f"Syntax Error: {str(e)}"])
+        return JSONResponse(status_code=status.HTTP_422_UNPROCESSABLE_ENTITY, content=resp.model_dump())
+    except PolicyViolationError as e:
+        resp = ValidationResponse(valid=False, policy_violations=e.violations)
+        return JSONResponse(status_code=status.HTTP_422_UNPROCESSABLE_ENTITY, content=resp.model_dump())
+
+
+@app.get("/health")  # type: ignore[misc]
+async def health_check() -> dict[str, str]:
+    engine: ManifestEngineAsync = app.state.engine
+    policy_version = "unknown"
+    try:
+        import hashlib
+
+        # policy_path is guaranteed to exist by lifespan check
+        policy_path = Path(engine.config.policy_path)
+        if policy_path.exists():
+            with open(policy_path, "rb") as f:
+                digest = hashlib.sha256(f.read()).hexdigest()[:8]
+            policy_version = digest
+    except Exception:
+        pass
+
+    return {"status": "active", "policy_version": policy_version}