PyPI - coreason-manifest - Versions diffs - 0.6.0__py3-none-any.whl → 0.7.0__py3-none-any.whl - Mend

coreason-manifest 0.6.0py3-none-any.whl → 0.7.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

coreason_manifest/__init__.py +11 -73
coreason_manifest/definitions/__init__.py +0 -0
coreason_manifest/definitions/audit.py +7 -0
coreason_manifest/definitions/simulation.py +19 -0
coreason_manifest/definitions/topology.py +140 -0
coreason_manifest/recipes.py +3 -126
{coreason_manifest-0.6.0.dist-info → coreason_manifest-0.7.0.dist-info}/METADATA +1 -7
coreason_manifest-0.7.0.dist-info/RECORD +16 -0
coreason_manifest/engine.py +0 -222
coreason_manifest/errors.py +0 -53
coreason_manifest/integrity.py +0 -141
coreason_manifest/loader.py +0 -271
coreason_manifest/main.py +0 -17
coreason_manifest/policies/compliance.rego +0 -81
coreason_manifest/policies/tbom.json +0 -14
coreason_manifest/policy.py +0 -138
coreason_manifest/server.py +0 -123
coreason_manifest/validator.py +0 -67
coreason_manifest-0.6.0.dist-info/RECORD +0 -22
/coreason_manifest/{models.py → definitions/agent.py} +0 -0
{coreason_manifest-0.6.0.dist-info → coreason_manifest-0.7.0.dist-info}/WHEEL +0 -0
{coreason_manifest-0.6.0.dist-info → coreason_manifest-0.7.0.dist-info}/licenses/LICENSE +0 -0
{coreason_manifest-0.6.0.dist-info → coreason_manifest-0.7.0.dist-info}/licenses/NOTICE +0 -0

coreason_manifest/errors.py DELETED Viewed

@@ -1,53 +0,0 @@
-# Prosperity-3.0
-"""Exceptions for the Coreason Manifest system.
-This module defines the hierarchy of exceptions raised by the package.
-"""
-from __future__ import annotations
-class ManifestError(Exception):
-    """Base exception for coreason_manifest errors."""
-    pass
-class ManifestSyntaxError(ManifestError):
-    """Raised when the manifest YAML is invalid or missing required fields.
-    This includes YAML parsing errors and JSON Schema validation failures.
-    """
-    pass
-class PolicyViolationError(ManifestError):
-    """Raised when the agent violates a compliance policy.
-    This error indicates that the manifest is structurally valid but fails
-    business rules or compliance checks (e.g., banned libraries).
-    Attributes:
-        violations: A list of specific policy violation messages.
-    """
-    def __init__(self, message: str, violations: list[str] | None = None) -> None:
-        """Initialize PolicyViolationError.
-        Args:
-            message: The error message.
-            violations: Optional list of detailed violation strings.
-        """
-        super().__init__(message)
-        self.violations = violations or []
-class IntegrityCompromisedError(ManifestError):
-    """Raised when the source code hash does not match the manifest.
-    This indicates that the source code may have been tampered with or changed
-    without updating the manifest's integrity hash.
-    """
-    pass

coreason_manifest/integrity.py DELETED Viewed

@@ -1,141 +0,0 @@
-# Prosperity-3.0
-"""Integrity checking functionality.
-This module provides the `IntegrityChecker` class, which is responsible for
-calculating deterministic hashes of source code directories and verifying
-them against the expected hash in the agent manifest.
-"""
-from __future__ import annotations
-import hashlib
-import os
-from pathlib import Path
-from typing import List, Optional, Set, Union
-from coreason_manifest.errors import IntegrityCompromisedError
-from coreason_manifest.models import AgentDefinition
-class IntegrityChecker:
-    """Component D: IntegrityChecker (The Notary).
-    Responsibility:
-      - Calculate the SHA256 hash of the source code directory.
-      - Compare it against the integrity_hash defined in the manifest.
-    """
-    IGNORED_DIRS = frozenset({".git", "__pycache__", ".venv", ".env", ".DS_Store"})
-    @staticmethod
-    def calculate_hash(source_dir: Union[Path, str], exclude_files: Optional[Set[Union[Path, str]]] = None) -> str:
-        """Calculates a deterministic SHA256 hash of the source code directory.
-        It walks the directory using os.walk to efficiently prune ignored directories.
-        Sorts files by relative path, hashes each file, and then hashes the sequence.
-        Ignores hidden directories/files in IGNORED_DIRS.
-        Rejects symbolic links for security.
-        Args:
-            source_dir: The directory containing source code.
-            exclude_files: Optional set of file paths (absolute or relative to CWD)
-                to exclude from hashing.
-        Returns:
-            The hex digest of the SHA256 hash.
-        Raises:
-            FileNotFoundError: If source_dir does not exist.
-            IntegrityCompromisedError: If a symlink is found.
-        """
-        path_obj = Path(source_dir)
-        if path_obj.is_symlink():
-            raise IntegrityCompromisedError(f"Symbolic links are forbidden: {path_obj}")
-        source_path = path_obj.resolve()
-        if not source_path.exists():
-            raise FileNotFoundError(f"Source directory not found: {source_path}")
-        # Normalize excluded files to absolute paths
-        excludes = set()
-        if exclude_files:
-            for ex_path in exclude_files:
-                excludes.add(Path(ex_path).resolve())
-        sha256 = hashlib.sha256()
-        file_paths: List[Path] = []
-        # Use os.walk for efficient traversal and pruning
-        for root, dirs, files in os.walk(source_path, topdown=True):
-            root_path = Path(root)
-            # Check for symlinks in directories before pruning
-            for d_name in dirs:
-                d_path = root_path / d_name
-                if d_path.is_symlink():
-                    raise IntegrityCompromisedError(f"Symbolic links are forbidden: {d_path}")  # pragma: no cover
-            # Prune directories efficiently using slice assignment
-            dirs[:] = [d for d in dirs if d not in IntegrityChecker.IGNORED_DIRS]
-            # Collect files
-            for f_name in files:
-                f_path = root_path / f_name
-                if f_path.is_symlink():
-                    raise IntegrityCompromisedError(f"Symbolic links are forbidden: {f_path}")
-                if f_name in IntegrityChecker.IGNORED_DIRS:
-                    continue
-                # Use resolved path for exclusion checking and inclusion
-                f_path_abs = f_path.resolve()
-                if f_path_abs in excludes:
-                    continue
-                file_paths.append(f_path_abs)
-        # Sort to ensure deterministic order
-        # Use as_posix() to ensure ASCII sorting (case-sensitive) on all platforms (Windows vs Linux)
-        file_paths.sort(key=lambda p: p.relative_to(source_path).as_posix())
-        for path in file_paths:
-            # Update hash with relative path to ensure structure matters
-            # Use forward slashes for cross-platform consistency
-            rel_path = path.relative_to(source_path).as_posix().encode("utf-8")
-            sha256.update(rel_path)
-            # Update hash with file content
-            with open(path, "rb") as f:
-                while chunk := f.read(8192):
-                    sha256.update(chunk)
-        return sha256.hexdigest()
-    @staticmethod
-    def verify(
-        agent_def: AgentDefinition,
-        source_dir: Union[Path, str],
-        manifest_path: Optional[Union[Path, str]] = None,
-    ) -> None:
-        """Verifies the integrity of the source code against the manifest.
-        Args:
-            agent_def: The AgentDefinition containing the expected hash.
-            source_dir: The directory containing source code.
-            manifest_path: Optional path to the manifest file to exclude from hashing.
-        Raises:
-            IntegrityCompromisedError: If the hash does not match or is missing.
-            FileNotFoundError: If source_dir does not exist.
-        """
-        exclude_files = {manifest_path} if manifest_path else None
-        # agent_def.integrity_hash is now required by Pydantic model
-        calculated = IntegrityChecker.calculate_hash(source_dir, exclude_files=exclude_files)
-        if calculated != agent_def.integrity_hash:
-            raise IntegrityCompromisedError(
-                f"Integrity check failed. Expected {agent_def.integrity_hash}, got {calculated}"
-            )

coreason_manifest/loader.py DELETED Viewed

@@ -1,271 +0,0 @@
-# Prosperity-3.0
-"""Manifest Loader.
-This module is responsible for loading the agent manifest from YAML files or
-dictionaries, normalizing the data, and converting it into Pydantic models.
-"""
-from __future__ import annotations
-import inspect
-from pathlib import Path
-from typing import Any, Callable, Dict, List, Union, get_type_hints
-try:
-    from typing import get_args, get_origin
-except ImportError:  # pragma: no cover
-    # For Python < 3.8, though project requires 3.12+
-    from typing_extensions import get_args, get_origin  # type: ignore
-import aiofiles
-import yaml
-from coreason_identity import UserContext
-from pydantic import ValidationError, create_model
-from coreason_manifest.errors import ManifestSyntaxError
-from coreason_manifest.models import AgentDefinition, AgentInterface
-class ManifestLoader:
-    """Component A: ManifestLoader (The Parser).
-    Responsibility:
-      - Load YAML safely.
-      - Convert raw data into a Pydantic AgentDefinition model.
-      - Normalization: Ensure all version strings follow SemVer and all IDs are canonical UUIDs.
-    """
-    @staticmethod
-    def load_raw_from_file(path: Union[str, Path]) -> dict[str, Any]:
-        """Loads the raw dict from a YAML file.
-        Args:
-            path: The path to the agent.yaml file.
-        Returns:
-            dict: The raw dictionary content.
-        Raises:
-            ManifestSyntaxError: If YAML is invalid.
-            FileNotFoundError: If the file does not exist.
-        """
-        try:
-            path_obj = Path(path)
-            if not path_obj.exists():
-                raise FileNotFoundError(f"Manifest file not found: {path}")
-            with open(path_obj, "r", encoding="utf-8") as f:
-                # safe_load is recommended for untrusted input
-                data = yaml.safe_load(f)
-            if not isinstance(data, dict):
-                raise ManifestSyntaxError(f"Invalid YAML content in {path}: must be a dictionary.")
-            ManifestLoader._normalize_data(data)
-            return data
-        except yaml.YAMLError as e:
-            raise ManifestSyntaxError(f"Failed to parse YAML file {path}: {str(e)}") from e
-        except OSError as e:
-            if isinstance(e, FileNotFoundError):
-                raise
-            raise ManifestSyntaxError(f"Error reading file {path}: {str(e)}") from e
-    @staticmethod
-    async def load_raw_from_file_async(path: Union[str, Path]) -> dict[str, Any]:
-        """Loads the raw dict from a YAML file asynchronously.
-        Args:
-            path: The path to the agent.yaml file.
-        Returns:
-            dict: The raw dictionary content.
-        Raises:
-            ManifestSyntaxError: If YAML is invalid.
-            FileNotFoundError: If the file does not exist.
-        """
-        try:
-            path_obj = Path(path)
-            if not path_obj.exists():
-                raise FileNotFoundError(f"Manifest file not found: {path}")
-            async with aiofiles.open(path_obj, "r", encoding="utf-8") as f:
-                content = await f.read()
-                data = yaml.safe_load(content)
-            if not isinstance(data, dict):
-                raise ManifestSyntaxError(f"Invalid YAML content in {path}: must be a dictionary.")
-            ManifestLoader._normalize_data(data)
-            return data
-        except yaml.YAMLError as e:
-            raise ManifestSyntaxError(f"Failed to parse YAML file {path}: {str(e)}") from e
-        except OSError as e:
-            if isinstance(e, FileNotFoundError):
-                raise
-            raise ManifestSyntaxError(f"Error reading file {path}: {str(e)}") from e
-    @staticmethod
-    def load_from_file(path: Union[str, Path]) -> AgentDefinition:
-        """Loads the agent manifest from a YAML file.
-        Args:
-            path: The path to the agent.yaml file.
-        Returns:
-            AgentDefinition: The validated Pydantic model.
-        Raises:
-            ManifestSyntaxError: If YAML is invalid or Pydantic validation fails.
-            FileNotFoundError: If the file does not exist.
-        """
-        data = ManifestLoader.load_raw_from_file(path)
-        return ManifestLoader.load_from_dict(data)
-    @staticmethod
-    def load_from_dict(data: dict[str, Any]) -> AgentDefinition:
-        """Converts a dictionary into an AgentDefinition model.
-        Args:
-            data: The raw dictionary.
-        Returns:
-            AgentDefinition: The validated Pydantic model.
-        Raises:
-            ManifestSyntaxError: If Pydantic validation fails.
-        """
-        try:
-            # Ensure normalization happens before Pydantic validation
-            # We work on a copy to avoid side effects if possible, but deep copy is expensive.
-            # The input 'data' might be modified in place.
-            ManifestLoader._normalize_data(data)
-            return AgentDefinition.model_validate(data)
-        except ValidationError as e:
-            # Convert Pydantic ValidationError to ManifestSyntaxError
-            # We assume "normalization" happens via Pydantic validators (e.g. UUID, SemVer checks)
-            raise ManifestSyntaxError(f"Manifest validation failed: {str(e)}") from e
-    @staticmethod
-    def _normalize_data(data: dict[str, Any]) -> None:
-        """Normalizes the data dictionary in place.
-        Specifically strips 'v' or 'V' from version strings recursively until clean.
-        """
-        if "metadata" in data and isinstance(data["metadata"], dict):
-            version = data["metadata"].get("version")
-            if isinstance(version, str):
-                # Recursively strip leading 'v' or 'V'
-                while version and version[0] in ("v", "V"):
-                    version = version[1:]
-                data["metadata"]["version"] = version
-    @staticmethod
-    def inspect_function(func: Callable[..., Any]) -> AgentInterface:
-        """Generates an AgentInterface from a Python function.
-        Scans the function signature. If `user_context` (by name) or UserContext (by type)
-        is found, it is marked as injected and excluded from the public schema.
-        Args:
-            func: The function to inspect.
-        Returns:
-            AgentInterface: The generated interface definition.
-        Raises:
-            ManifestSyntaxError: If forbidden arguments are found.
-        """
-        sig = inspect.signature(func)
-        try:
-            type_hints = get_type_hints(func)
-        except Exception:
-            # Fallback if get_type_hints fails (e.g. forward refs issues)
-            type_hints = {}
-        field_definitions: Dict[str, Any] = {}
-        injected: List[str] = []
-        for param_name, param in sig.parameters.items():
-            if param_name in ("self", "cls"):
-                continue
-            # Determine type annotation
-            annotation = type_hints.get(param_name, param.annotation)
-            if annotation is inspect.Parameter.empty:
-                annotation = Any
-            # Check for forbidden arguments
-            if param_name in ("api_key", "token"):
-                raise ManifestSyntaxError(f"Function argument '{param_name}' is forbidden. Use UserContext for auth.")
-            # Check for injection
-            is_injected = False
-            if param_name == "user_context":
-                is_injected = True
-            else:
-                # Check direct type
-                if annotation is UserContext:
-                    is_injected = True
-                else:
-                    # Check for Optional[UserContext], Annotated[UserContext, ...], Union[UserContext, ...]
-                    origin = get_origin(annotation)
-                    args = get_args(annotation)
-                    if origin is not None:
-                        # Recursively check if UserContext is in args (handles Optional/Union)
-                        # or if this is Annotated (UserContext might be the first arg)
-                        # We do a shallow check on args.
-                        for arg in args:
-                            if arg is UserContext:
-                                is_injected = True
-                                break
-            if is_injected:
-                if "user_context" not in injected:
-                    injected.append("user_context")
-                continue
-            # Prepare for Pydantic model creation
-            default = param.default
-            if default is inspect.Parameter.empty:
-                default = ...
-            field_definitions[param_name] = (annotation, default)
-        # Create dynamic model to generate JSON Schema for inputs
-        # We assume strict mode or similar is handled by the consumer, here we just describe it.
-        try:
-            InputsModel = create_model("Inputs", **field_definitions)
-            inputs_schema = InputsModel.model_json_schema()
-        except Exception as e:
-            raise ManifestSyntaxError(f"Failed to generate schema from function signature: {e}") from e
-        # Handle return type for outputs
-        return_annotation = type_hints.get("return", sig.return_annotation)
-        outputs_schema = {}
-        if (
-            return_annotation is not inspect.Parameter.empty
-            and return_annotation is not None
-            and return_annotation is not type(None)
-        ):
-            try:
-                # If return annotation is a Pydantic model, use its schema
-                if hasattr(return_annotation, "model_json_schema"):
-                    outputs_schema = return_annotation.model_json_schema()
-                else:
-                    # Wrap in a model
-                    OutputsModel = create_model("Outputs", result=(return_annotation, ...))
-                    outputs_schema = OutputsModel.model_json_schema()
-            except Exception:
-                pass
-        return AgentInterface(
-            inputs=inputs_schema,
-            outputs=outputs_schema,
-            injected_params=injected,
-        )

coreason_manifest/main.py DELETED Viewed

@@ -1,17 +0,0 @@
-# Prosperity-3.0
-"""Main module for coreason_manifest.
-This module is primarily used for testing and demonstration purposes.
-"""
-from coreason_manifest.utils.logger import logger
-def hello_world() -> str:
-    """Returns a hello world string.
-    Returns:
-        "Hello World!" string.
-    """
-    logger.info("Hello World!")
-    return "Hello World!"

coreason_manifest/policies/compliance.rego DELETED Viewed

@@ -1,81 +0,0 @@
-package coreason.compliance
-import rego.v1
-# Do not import data.tbom to avoid namespace confusion, access via data.tbom directly if needed or via helper.
-default allow := false
-# Deny if 'pickle' is in libraries (matches "pickle", "pickle==1.0", "pickle>=2.0")
-deny contains msg if {
-    some i
-    lib_str := input.dependencies.libraries[i]
-    # Check if the library name starts with 'pickle' followed by end of string or version specifier
-    regex.match("^pickle([<>=!@\\[].*)?$", lib_str)
-    msg := "Security Risk: 'pickle' library is strictly forbidden."
-}
-# Deny if 'os' is in libraries
-deny contains msg if {
-    some i
-    lib_str := input.dependencies.libraries[i]
-    regex.match("^os([<>=!@\\[].*)?$", lib_str)
-    msg := "Security Risk: 'os' library is strictly forbidden."
-}
-# Deny if description is too short (Business Rule example)
-# Iterates over ALL steps to ensure compliance.
-deny contains msg if {
-    some step in input.topology.steps
-    count(step.description) < 5
-    msg := "Step description is too short."
-}
-# Rule 1 (Dependency Pinning): All library dependencies must have explicit version pins.
-# Strictly enforces "name==version" (with optional extras).
-# Rejects "name>=version", "name==version,>=other", etc.
-deny contains msg if {
-    some i
-    lib := input.dependencies.libraries[i]
-    # Regex Explanation:
-    # ^                         Start
-    # [a-zA-Z0-9_\-\.]+         Package name (alphanum, _, -, .)
-    # (\[[a-zA-Z0-9_\-\.,]+\])? Optional extras in brackets (e.g. [security,fast])
-    # ==                        Must be strictly '=='
-    # [a-zA-Z0-9_\-\.\+]+       Version string (alphanum, _, -, ., + for metadata)
-    # $                         End (No trailing constraints like ,>=2.0)
-    not regex.match("^[a-zA-Z0-9_\\-\\.]+(\\[[a-zA-Z0-9_\\-\\.,]+\\])?==[a-zA-Z0-9_\\-\\.\\+]+$", lib)
-    msg := sprintf("Compliance Violation: Library '%v' must be strictly pinned with '==' (e.g., 'pandas==2.0.1').", [lib])
-}
-# Rule 2 (Allowlist Enforcement): Libraries must be in TBOM
-deny contains msg if {
-    some i
-    lib_str := input.dependencies.libraries[i]
-    # Extract library name using regex
-    # Pattern must support dots (for namespace packages) and stop before extras brackets or version specifiers.
-    parts := regex.find_all_string_submatch_n("^[a-zA-Z0-9_\\-\\.]+", lib_str, 1)
-    count(parts) > 0
-    lib_name := parts[0][0]
-    # Check if lib_name is in tbom (case-insensitive)
-    not is_in_tbom(lib_name)
-    msg := sprintf("Compliance Violation: Library '%v' is not in the Trusted Bill of Materials (TBOM).", [lib_name])
-}
-# Helper to safely check if lib is in TBOM
-# Returns true if data.tbom exists AND contains the lib (case-insensitive)
-is_in_tbom(lib) if {
-    # Lowercase the input library name
-    lower_lib := lower(lib)
-    # Check against TBOM
-    # If data.tbom is undefined, this rule body is undefined (false).
-    # Iterate through TBOM and compare lowercased versions
-    some tbom_lib in data.tbom
-    lower(tbom_lib) == lower_lib
-}

coreason_manifest/policies/tbom.json DELETED Viewed

@@ -1,14 +0,0 @@
-{
-  "tbom": [
-    "requests",
-    "pydantic",
-    "httpx",
-    "pandas",
-    "numpy",
-    "scipy",
-    "scikit-learn",
-    "torch",
-    "fastapi",
-    "uvicorn"
-  ]
-}

coreason-manifest 0.6.0__py3-none-any.whl → 0.7.0__py3-none-any.whl

coreason-manifest 0.6.0py3-none-any.whl → 0.7.0py3-none-any.whl