coreason-manifest 0.6.0__py3-none-any.whl → 0.7.0__py3-none-any.whl

coreason_manifest/policy.py

@@ -1,138 +0,0 @@
-# Prosperity-3.0
-"""Policy enforcement functionality using Open Policy Agent (OPA).
-
-This module provides the `PolicyEnforcer` class, which interacts with OPA to
-evaluate agent definitions against compliance policies defined in Rego.
-"""
-
-from __future__ import annotations
-
-import json
-import shutil
-import subprocess
-from pathlib import Path
-from typing import Any, List, Optional
-
-from coreason_manifest.errors import PolicyViolationError
-
-
-class PolicyEnforcer:
-    """Component C: PolicyEnforcer (The Compliance Officer).
-
-    Responsibility:
-      - Evaluate the agent against the compliance.rego policy file using OPA.
-    """
-
-    def __init__(
-        self,
-        policy_path: str | Path,
-        opa_path: str = "opa",
-        data_paths: Optional[List[str | Path]] = None,
-    ) -> None:
-        """Initialize the PolicyEnforcer.
-
-        Args:
-            policy_path: Path to the Rego policy file.
-            opa_path: Path to the OPA executable. Defaults to "opa" (expected in PATH).
-            data_paths: List of paths to data files (e.g. JSON/YAML) to be loaded by OPA.
-
-        Raises:
-            FileNotFoundError: If OPA, policy file, or data files are not found.
-        """
-        self.policy_path = Path(policy_path)
-        self.data_paths = [Path(p) for p in data_paths] if data_paths else []
-
-        # Validate OPA executable
-        # If opa_path is a simple name (like "opa"), use shutil.which to find it
-        if "/" not in str(opa_path) and "\\" not in str(opa_path):
-            resolved_opa: Optional[str] = shutil.which(opa_path)
-            if not resolved_opa:
-                raise FileNotFoundError(f"OPA executable not found in PATH: {opa_path}")
-            self.opa_path: str = resolved_opa
-        else:
-            # If it's a path, check existence
-            if not Path(opa_path).exists():
-                raise FileNotFoundError(f"OPA executable not found at: {opa_path}")
-            self.opa_path = str(opa_path)
-
-        if not self.policy_path.exists():
-            raise FileNotFoundError(f"Policy file not found: {self.policy_path}")
-
-        for path in self.data_paths:
-            if not path.exists():
-                raise FileNotFoundError(f"Data file not found: {path}")
-
-    def evaluate(self, agent_data: dict[str, Any]) -> None:
-        """Evaluates the agent data against the policy.
-
-        Args:
-            agent_data: The dictionary representation of the AgentDefinition.
-
-        Raises:
-            PolicyViolationError: If there are any policy violations.
-            RuntimeError: If OPA execution fails.
-        """
-        # Prepare input for OPA
-        # We invoke OPA via subprocess: opa eval -d <policy> -d <data> ... -I <input> "data.coreason.compliance.deny"
-        # We pass input via stdin to avoid temp files
-
-        try:
-            # We use 'data.coreason.compliance.deny' as the query
-            query = "data.coreason.compliance.deny"
-
-            # Serialize input to JSON
-            input_json = json.dumps(agent_data)
-
-            cmd = [
-                self.opa_path,
-                "eval",
-                "-d",
-                str(self.policy_path),
-            ]
-
-            # Add data paths
-            for data_path in self.data_paths:
-                cmd.extend(["-d", str(data_path)])
-
-            cmd.extend(
-                [
-                    "-I",  # Read input from stdin
-                    query,
-                    "--format",
-                    "json",
-                ]
-            )
-
-            process = subprocess.run(
-                cmd,
-                input=input_json,
-                capture_output=True,
-                text=True,
-                check=False,  # We handle return code manually
-            )
-
-            if process.returncode != 0:
-                # Include stdout in error message if stderr is empty or insufficient
-                error_msg = process.stderr.strip()
-                if not error_msg:
-                    error_msg = process.stdout.strip() or "Unknown error (empty stdout/stderr)"
-                raise RuntimeError(f"OPA execution failed: {error_msg}")
-
-            # Parse OPA output
-            # Format: {"result": [{"expressions": [{"value": ["violation1", "violation2"]}]}]}
-            result = json.loads(process.stdout)
-
-            violations: List[str] = []
-            if "result" in result and len(result["result"]) > 0:
-                # Assuming the query returns a set/list of strings
-                expressions = result["result"][0].get("expressions", [])
-                if expressions:
-                    violations = expressions[0].get("value", [])
-
-            if violations:
-                raise PolicyViolationError("Policy violations found.", violations=violations)
-
-        except FileNotFoundError as e:
-            raise RuntimeError(f"OPA executable not found at: {self.opa_path}") from e
-        except json.JSONDecodeError as e:
-            raise RuntimeError(f"Failed to parse OPA output: {e}") from e

coreason_manifest/server.py

@@ -1,123 +0,0 @@
-from contextlib import asynccontextmanager
-from importlib import resources
-from pathlib import Path
-from typing import AsyncIterator, List, Optional, Union
-
-from fastapi import FastAPI, HTTPException, Request, status
-from fastapi.responses import JSONResponse
-from pydantic import BaseModel, Field
-
-from coreason_manifest.engine import ManifestConfig, ManifestEngineAsync
-from coreason_manifest.errors import ManifestSyntaxError, PolicyViolationError
-
-
-# Response Model
-class ValidationResponse(BaseModel):
-    valid: bool
-    agent_id: Optional[str] = None
-    version: Optional[str] = None
-    policy_violations: List[str] = Field(default_factory=list)
-
-
-@asynccontextmanager
-async def lifespan(app: FastAPI) -> AsyncIterator[None]:
-    # Locate policies
-    policy_path: Optional[Path] = None
-    tbom_path: Optional[Path] = None
-
-    # 1. Check local directory (Docker runtime with COPY or relative dev path)
-    # In Docker we will COPY to /app/policies/ or ./policies/ relative to WORKDIR
-    # We'll check common locations.
-    possible_dirs = [
-        Path("policies"),
-        Path("/app/policies"),
-        Path("src/coreason_manifest/policies"),  # Dev from root
-    ]
-
-    for d in possible_dirs:
-        if (d / "compliance.rego").exists():
-            policy_path = d / "compliance.rego"
-            if (d / "tbom.json").exists():
-                tbom_path = d / "tbom.json"
-            break
-
-    # 2. Fallback to package resources
-    resource_context = None
-    if not policy_path:
-        try:
-            # Check if it exists as a resource
-            ref = resources.files("coreason_manifest.policies").joinpath("compliance.rego")
-            if ref.is_file():
-                resource_context = resources.as_file(ref)
-                policy_path = resource_context.__enter__()
-                # Check for TBOM in same dir if possible, or ignore for fallback
-        except Exception:
-            pass
-
-    # If still not found, fail.
-    if not policy_path:
-        raise RuntimeError("Could not locate compliance.rego policy file.")
-
-    config = ManifestConfig(
-        policy_path=policy_path,
-        tbom_path=tbom_path,
-        opa_path="opa",  # Assumes OPA is in PATH (installed via Dockerfile)
-    )
-
-    engine = ManifestEngineAsync(config)
-
-    try:
-        async with engine:
-            app.state.engine = engine
-            yield
-    finally:
-        if resource_context:
-            resource_context.__exit__(None, None, None)
-
-
-app = FastAPI(lifespan=lifespan)
-
-
-@app.post("/validate", response_model=ValidationResponse)  # type: ignore[misc]
-async def validate_manifest(request: Request) -> Union[ValidationResponse, JSONResponse]:
-    engine: ManifestEngineAsync = app.state.engine
-
-    try:
-        raw_body = await request.json()
-    except Exception:
-        raise HTTPException(status_code=400, detail="Invalid JSON body") from None
-
-    try:
-        agent_def = await engine.validate_manifest_dict(raw_body)
-        return ValidationResponse(
-            valid=True,
-            agent_id=str(agent_def.metadata.id),
-            version=agent_def.metadata.version,
-            policy_violations=[],
-        )
-    except ManifestSyntaxError as e:
-        # Return 422 with the error
-        resp = ValidationResponse(valid=False, policy_violations=[f"Syntax Error: {str(e)}"])
-        return JSONResponse(status_code=status.HTTP_422_UNPROCESSABLE_CONTENT, content=resp.model_dump())
-    except PolicyViolationError as e:
-        resp = ValidationResponse(valid=False, policy_violations=e.violations)
-        return JSONResponse(status_code=status.HTTP_422_UNPROCESSABLE_CONTENT, content=resp.model_dump())
-
-
-@app.get("/health")  # type: ignore[misc]
-async def health_check() -> dict[str, str]:
-    engine: ManifestEngineAsync = app.state.engine
-    policy_version = "unknown"
-    try:
-        import hashlib
-
-        # policy_path is guaranteed to exist by lifespan check
-        policy_path = Path(engine.config.policy_path)
-        if policy_path.exists():
-            with open(policy_path, "rb") as f:
-                digest = hashlib.sha256(f.read()).hexdigest()[:8]
-            policy_version = digest
-    except Exception:
-        pass
-
-    return {"status": "active", "policy_version": policy_version}

coreason_manifest/validator.py

@@ -1,67 +0,0 @@
-# Prosperity-3.0
-"""Schema validation functionality.
-
-This module provides the `SchemaValidator` class, which uses JSON Schema to
-validate the structure and types of agent definitions.
-"""
-
-from __future__ import annotations
-
-import json
-from importlib.resources import files
-from typing import Any
-
-from jsonschema import FormatChecker, ValidationError, validate
-
-from coreason_manifest.errors import ManifestSyntaxError
-
-
-class SchemaValidator:
-    """Component B: SchemaValidator (The Structural Engineer).
-
-    Responsibility:
-      - Validate the dictionary against the Master JSON Schema.
-      - Check required fields, data types, and format constraints.
-    """
-
-    def __init__(self) -> None:
-        """Initialize the validator by loading the schema."""
-        self.schema = self._load_schema()
-
-    def _load_schema(self) -> dict[str, Any]:
-        """Loads the JSON schema from the package resources.
-
-        Returns:
-            The JSON schema dictionary.
-
-        Raises:
-            ManifestSyntaxError: If the schema file cannot be loaded or is invalid.
-        """
-        try:
-            schema_path = files("coreason_manifest.schemas").joinpath("agent.schema.json")
-            with schema_path.open("r", encoding="utf-8") as f:
-                schema = json.load(f)
-            if not isinstance(schema, dict):
-                raise ManifestSyntaxError("Schema file is not a valid JSON object.")
-            return schema
-        except (IOError, json.JSONDecodeError) as e:
-            raise ManifestSyntaxError(f"Failed to load agent schema: {e}") from e
-
-    def validate(self, data: dict[str, Any]) -> bool:
-        """Validates the given dictionary against the agent schema.
-
-        Args:
-            data: The raw dictionary to validate.
-
-        Returns:
-            True if validation passes.
-
-        Raises:
-            ManifestSyntaxError: If validation fails.
-        """
-        try:
-            validate(instance=data, schema=self.schema, format_checker=FormatChecker())
-            return True
-        except ValidationError as e:
-            # We treat schema validation errors as syntax errors in the manifest
-            raise ManifestSyntaxError(f"Schema validation failed: {e.message}") from e

coreason_manifest-0.6.0.dist-info/RECORD

@@ -1,22 +0,0 @@
-coreason_manifest/__init__.py,sha256=wDlmlYxr29P_fX5Et6pP-jcMtQe6eTzKvpUrh7zFMOM,1857
-coreason_manifest/engine.py,sha256=ENAkRuGFd1uY_5u4EYEsTZUMrqw5HgijKtkF9lk-E-c,8199
-coreason_manifest/errors.py,sha256=CKFWSucncoPLYUJcsuXtLIfneyr2d89oHRTiWPT4psU,1437
-coreason_manifest/integrity.py,sha256=CMBaa2A8DpC9hDSO-aj-YOzss6if1CajaeLEmTC703c,5344
-coreason_manifest/loader.py,sha256=WET8HAnSw4dgon_zdiZaaU1dIUrsIQPYZzxlp0crTYo,10027
-coreason_manifest/main.py,sha256=YQO98w2wxkfNs-DpSLmiDTs9DtUeGsC48GEfbElXVPk,357
-coreason_manifest/models.py,sha256=EuaE1Wl5T8f_eI9vF1VFp5hd0y9C7E52zAjB52EulKw,7497
-coreason_manifest/policies/compliance.rego,sha256=-drMuno6YkGOXKjvdLWawCZWK8iUxY7OcXpoXa_9Oyo,3035
-coreason_manifest/policies/tbom.json,sha256=rSn4V44_IdFqCC86J3Jc31qQKTV4J5BdmyO0CI4iOu0,167
-coreason_manifest/policy.py,sha256=vvEivq5HSjv-bMSrZ5VMM3eTomYFp39SBtuFajG9RU4,5009
-coreason_manifest/recipes.py,sha256=tMNOE-JYJtG6NYRH1a-IoCLD4gXo7qoTb8dypLkmHC0,5849
-coreason_manifest/schemas/__init__.py,sha256=9TMs6jWKCIewAKkj-u0tq9c6N_-0CU6b5s9q6MTS6v4,17
-coreason_manifest/schemas/agent.schema.json,sha256=VigUX3ltX7YaW9P7n0DNYGNOf8C6VCuXNy71u3LB9i4,6812
-coreason_manifest/server.py,sha256=ezuk-4sABF92U4cY1ppYJGJf8q6yeoteVlrwnmk7Jis,4253
-coreason_manifest/utils/__init__.py,sha256=Q9gXiBtX3mD9GTu4z0JDHSHkbXC-MRHagrOaOmRH_1Q,435
-coreason_manifest/utils/logger.py,sha256=A7E6Hd_Jk1XDUajNEJQl-WtUv9M2LT76b4_TsbxnILw,1227
-coreason_manifest/validator.py,sha256=v33EzKroRwLEjZeuRRpTB7cqB38op3DV2EZpZhJ80a0,2240
-coreason_manifest-0.6.0.dist-info/METADATA,sha256=nkC0JpE_Itg26p5U7-mS8KizLv-lBc9eZM2FrB3oioM,7421
-coreason_manifest-0.6.0.dist-info/WHEEL,sha256=3ny-bZhpXrU6vSQ1UPG34FoxZBp3lVcvK0LkgUz6VLk,88
-coreason_manifest-0.6.0.dist-info/licenses/LICENSE,sha256=3tYb7ZQe7sVXcbNmX22fDESFjOSIlCZodUGpZMkuSlk,3063
-coreason_manifest-0.6.0.dist-info/licenses/NOTICE,sha256=tqzUyP9VTCGxoHLgBI0AC1i0G7m_PSyESFL8Jwuw0dA,610
-coreason_manifest-0.6.0.dist-info/RECORD,,