crackerjack 0.32.0__py3-none-any.whl → 0.33.1__py3-none-any.whl

crackerjack/services/server_manager.py

@@ -12,17 +12,15 @@ from .security_logger import get_security_logger
 
 
 def find_mcp_server_processes() -> list[dict[str, t.Any]]:
-    """Find running MCP server processes using secure subprocess execution."""
     security_logger = get_security_logger()
 
     try:
-        # Use secure subprocess execution with validation
         result = execute_secure_subprocess(
             command=["ps", "aux"],
             capture_output=True,
             text=True,
             check=True,
-            timeout=10.0,  # 10 second timeout for process listing
+            timeout=10.0,
         )
 
         return _parse_mcp_processes(result.stdout)
@@ -37,7 +35,6 @@ def find_mcp_server_processes() -> list[dict[str, t.Any]]:
 
 
 def _parse_mcp_processes(stdout: str) -> list[dict[str, t.Any]]:
-    """Parse MCP server processes from ps command output."""
     processes: list[dict[str, t.Any]] = []
     str(Path.cwd())
 
@@ -51,7 +48,6 @@ def _parse_mcp_processes(stdout: str) -> list[dict[str, t.Any]]:
 
 
 def _is_mcp_server_process(line: str) -> bool:
-    """Check if a line represents an MCP server process."""
     return (
         "crackerjack" in line
         and "--start-mcp-server" in line
@@ -59,15 +55,22 @@ def _is_mcp_server_process(line: str) -> bool:
     )
 
 
+def _is_zuban_lsp_process(line: str) -> bool:
+    return (
+        "zuban" in line
+        and "server" in line
+        and ("uv" in line.lower() or "python" in line.lower())
+    )
+
+
 def _extract_process_info(line: str) -> dict[str, t.Any] | None:
-    """Extract process information from a ps output line."""
     parts = line.split()
     if len(parts) < 11:
         return None
 
     try:
         pid = int(parts[1])
-        # Find where the command actually starts (usually after the time field)
+
         command_start_index = _find_command_start_index(parts)
 
         return {
@@ -82,7 +85,6 @@ def _extract_process_info(line: str) -> dict[str, t.Any] | None:
 
 
 def _find_command_start_index(parts: list[str]) -> int:
-    """Find the index where the command starts in ps output."""
     command_start_index = 10
     for i, part in enumerate(parts):
         if part.endswith("python") or "Python" in part:
@@ -92,17 +94,15 @@ def _find_command_start_index(parts: list[str]) -> int:
 
 
 def find_websocket_server_processes() -> list[dict[str, t.Any]]:
-    """Find running WebSocket server processes using secure subprocess execution."""
     security_logger = get_security_logger()
 
     try:
-        # Use secure subprocess execution with validation
         result = execute_secure_subprocess(
             command=["ps", "aux"],
             capture_output=True,
             text=True,
             check=True,
-            timeout=10.0,  # 10 second timeout for process listing
+            timeout=10.0,
         )
 
         processes: list[dict[str, t.Any]] = []
@@ -136,6 +136,43 @@ def find_websocket_server_processes() -> list[dict[str, t.Any]]:
         return []
 
 
+def find_zuban_lsp_processes() -> list[dict[str, t.Any]]:
+    """Find running zuban LSP server processes."""
+    security_logger = get_security_logger()
+
+    try:
+        result = execute_secure_subprocess(
+            command=["ps", "aux"],
+            capture_output=True,
+            text=True,
+            check=True,
+            timeout=10.0,
+        )
+
+        return _parse_zuban_lsp_processes(result.stdout)
+
+    except Exception as e:
+        security_logger.log_subprocess_failure(
+            command=["ps", "aux"],
+            exit_code=-1,
+            error_output=str(e),
+        )
+        return []
+
+
+def _parse_zuban_lsp_processes(stdout: str) -> list[dict[str, t.Any]]:
+    """Parse zuban LSP processes from ps output."""
+    processes: list[dict[str, t.Any]] = []
+
+    for line in stdout.splitlines():
+        if _is_zuban_lsp_process(line):
+            process_info = _extract_process_info(line)
+            if process_info:
+                processes.append(process_info)
+
+    return processes
+
+
 def stop_process(pid: int, force: bool = False) -> bool:
     try:
         if force:
@@ -204,14 +241,38 @@ def stop_websocket_server(console: Console | None = None) -> bool:
     return success
 
 
+def stop_zuban_lsp(console: Console | None = None) -> bool:
+    """Stop running zuban LSP server processes."""
+    if console is None:
+        console = Console()
+
+    processes = find_zuban_lsp_processes()
+
+    if not processes:
+        console.print("[yellow]⚠️ No Zuban LSP server processes found[/ yellow]")
+        return True
+
+    success = True
+    for proc in processes:
+        console.print(f"🛑 Stopping Zuban LSP server process {proc['pid']}")
+        if stop_process(proc["pid"]):
+            console.print(f"✅ Stopped process {proc['pid']}")
+        else:
+            console.print(f"❌ Failed to stop process {proc['pid']}")
+            success = False
+
+    return success
+
+
 def stop_all_servers(console: Console | None = None) -> bool:
     if console is None:
         console = Console()
 
     mcp_success = stop_mcp_server(console)
     websocket_success = stop_websocket_server(console)
+    zuban_lsp_success = stop_zuban_lsp(console)
 
-    return mcp_success and websocket_success
+    return mcp_success and websocket_success and zuban_lsp_success
 
 
 def restart_mcp_server(
@@ -230,12 +291,10 @@ def restart_mcp_server(
 
     console.print("🚀 Starting new MCP server...")
     try:
-        # Build command with proper argument formatting
         cmd = [sys.executable, "-m", "crackerjack", "--start-mcp-server"]
         if websocket_port:
             cmd.extend(["--websocket-port", str(websocket_port)])
 
-        # Use secure subprocess execution for server restart
         import subprocess
 
         subprocess.Popen(
@@ -245,7 +304,6 @@ def restart_mcp_server(
             start_new_session=True,
         )
 
-        # Log the secure server start
         security_logger = get_security_logger()
         security_logger.log_subprocess_execution(
             command=cmd,
@@ -260,6 +318,45 @@ def restart_mcp_server(
         return False
 
 
+def restart_zuban_lsp(console: Console | None = None) -> bool:
+    """Restart zuban LSP server."""
+    if console is None:
+        console = Console()
+
+    console.print("[bold cyan]🔄 Restarting Zuban LSP server...[/ bold cyan]")
+
+    stop_zuban_lsp(console)
+
+    console.print("⏳ Waiting for cleanup...")
+    time.sleep(2)
+
+    console.print("🚀 Starting new Zuban LSP server...")
+    try:
+        cmd = [sys.executable, "-m", "crackerjack", "--start-zuban-lsp"]
+
+        import subprocess
+
+        subprocess.Popen(
+            cmd,
+            stdout=subprocess.DEVNULL,
+            stderr=subprocess.DEVNULL,
+            start_new_session=True,
+        )
+
+        security_logger = get_security_logger()
+        security_logger.log_subprocess_execution(
+            command=cmd,
+            purpose="zuban_lsp_restart",
+        )
+
+        console.print("✅ Zuban LSP server restart initiated")
+        return True
+
+    except Exception as e:
+        console.print(f"❌ Failed to restart Zuban LSP server: {e}")
+        return False
+
+
 def list_server_status(console: Console | None = None) -> None:
     if console is None:
         console = Console()
@@ -268,6 +365,7 @@ def list_server_status(console: Console | None = None) -> None:
 
     mcp_processes = find_mcp_server_processes()
     websocket_processes = find_websocket_server_processes()
+    zuban_lsp_processes = find_zuban_lsp_processes()
 
     if mcp_processes:
         console.print("\n[bold green]MCP Servers: [/ bold green]")
@@ -289,5 +387,15 @@ def list_server_status(console: Console | None = None) -> None:
     else:
         console.print("\n[yellow]WebSocket Servers: None running[/ yellow]")
 
-    if not mcp_processes and not websocket_processes:
+    if zuban_lsp_processes:
+        console.print("\n[bold green]Zuban LSP Servers: [/ bold green]")
+        for proc in zuban_lsp_processes:
+            console.print(
+                f" • PID {proc['pid']} - CPU: {proc['cpu']}%-Memory: {proc['mem']}%",
+            )
+            console.print(f" Command: {proc['command']}")
+    else:
+        console.print("\n[yellow]Zuban LSP Servers: None running[/ yellow]")
+
+    if not mcp_processes and not websocket_processes and not zuban_lsp_processes:
         console.print("\n[dim]No crackerjack servers currently running[/ dim]")

crackerjack/services/status_authentication.py

@@ -1,10 +1,3 @@
-"""
-Status Authentication System for secure access control.
-
-Provides authentication and authorization for status endpoints with
-JWT tokens, API keys, role-based access control, and audit logging.
-"""
-
 import hashlib
 import hmac
 import json
@@ -18,17 +11,13 @@ from .security_logger import SecurityEventLevel, SecurityEventType, get_security
 
 
 class AccessLevel(str, Enum):
-    """Access levels for status endpoints."""
-
-    PUBLIC = "public"  # Basic system status
-    INTERNAL = "internal"  # Internal service status
-    ADMIN = "admin"  # Full administrative access
-    DEBUG = "debug"  # Debug-level information
+    PUBLIC = "public"
+    INTERNAL = "internal"
+    ADMIN = "admin"
+    DEBUG = "debug"
 
 
 class AuthenticationMethod(str, Enum):
-    """Supported authentication methods."""
-
     API_KEY = "api_key"
     JWT_TOKEN = "jwt_token"
     HMAC_SIGNATURE = "hmac_signature"
@@ -37,8 +26,6 @@ class AuthenticationMethod(str, Enum):
 
 @dataclass
 class AuthCredentials:
-    """Authentication credentials for status access."""
-
     client_id: str
     access_level: AccessLevel
     method: AuthenticationMethod
@@ -47,69 +34,39 @@ class AuthCredentials:
 
     @property
     def is_expired(self) -> bool:
-        """Check if credentials are expired."""
         return self.expires_at is not None and time.time() > self.expires_at
 
     def has_operation_access(self, operation: str) -> bool:
-        """Check if credentials allow specific operation."""
         return self.allowed_operations is None or operation in self.allowed_operations
 
 
 class AuthenticationError(Exception):
-    """Base authentication error."""
-
     pass
 
 
 class AccessDeniedError(AuthenticationError):
-    """Access denied error."""
-
     pass
 
 
 class ExpiredCredentialsError(AuthenticationError):
-    """Expired credentials error."""
-
     pass
 
 
 class StatusAuthenticator:
-    """
-    Authentication system for status endpoints.
-
-    Features:
-    - Multiple authentication methods (API keys, JWT, HMAC)
-    - Role-based access control
-    - Time-based credential expiration
-    - Operation-level permissions
-    - Comprehensive audit logging
-    - Local-only access mode for development
-    """
-
     def __init__(
         self,
         secret_key: str | None = None,
         default_access_level: AccessLevel = AccessLevel.PUBLIC,
         enable_local_only: bool = True,
     ):
-        """
-        Initialize status authenticator.
-
-        Args:
-            secret_key: Secret key for HMAC and JWT validation
-            default_access_level: Default access level for unauthenticated requests
-            enable_local_only: Allow local-only access for development
-        """
         self.secret_key = secret_key or self._generate_secret_key()
         self.default_access_level = default_access_level
         self.enable_local_only = enable_local_only
 
         self.security_logger = get_security_logger()
 
-        # Valid API keys and their associated credentials
         self._api_keys: dict[str, AuthCredentials] = {}
 
-        # Access level requirements for operations
         self._operation_requirements: dict[str, AccessLevel] = {
             "get_basic_status": AccessLevel.PUBLIC,
             "get_service_status": AccessLevel.INTERNAL,
@@ -120,17 +77,12 @@ class StatusAuthenticator:
             "clear_cache": AccessLevel.ADMIN,
         }
 
-        # Initialize with default API keys if none exist
         self._initialize_default_keys()
 
     def _generate_secret_key(self) -> str:
-        """Generate a secure random secret key."""
         return secrets.token_urlsafe(32)
 
     def _initialize_default_keys(self) -> None:
-        """Initialize with default API keys for different access levels."""
-
-        # Generate default API keys for different access levels
         default_keys = {
             AccessLevel.PUBLIC: self._generate_api_key("public_default"),
             AccessLevel.INTERNAL: self._generate_api_key("internal_default"),
@@ -145,7 +97,6 @@ class StatusAuthenticator:
             )
 
     def _generate_api_key(self, prefix: str = "ck") -> str:
-        """Generate a secure API key with prefix."""
         random_part = secrets.token_urlsafe(32)
         return f"{prefix}_{random_part}"
 
@@ -155,23 +106,6 @@ class StatusAuthenticator:
         client_ip: str | None = None,
         operation: str = "unknown",
     ) -> AuthCredentials:
-        """
-        Authenticate a status request.
-
-        Args:
-            auth_header: Authorization header value
-            client_ip: Client IP address
-            operation: Operation being requested
-
-        Returns:
-            AuthCredentials for the authenticated request
-
-        Raises:
-            AuthenticationError: If authentication fails
-            AccessDeniedError: If access is denied
-        """
-
-        # Check for local-only access (development mode)
         if self.enable_local_only and client_ip:
             if client_ip in ("127.0.0.1", "::1", "localhost"):
                 self.security_logger.log_security_event(
@@ -185,13 +119,11 @@ class StatusAuthenticator:
 
                 return AuthCredentials(
                     client_id="local",
-                    access_level=AccessLevel.ADMIN,  # Local gets admin access
+                    access_level=AccessLevel.ADMIN,
                     method=AuthenticationMethod.LOCAL_ONLY,
                 )
 
-        # Parse authentication header
         if not auth_header:
-            # Return default access level for unauthenticated requests
             credentials = AuthCredentials(
                 client_id="anonymous",
                 access_level=self.default_access_level,
@@ -200,13 +132,10 @@ class StatusAuthenticator:
         else:
             credentials = self._parse_auth_header(auth_header, operation)
 
-        # Validate credentials
         self._validate_credentials(credentials, operation)
 
-        # Check operation permissions
         self._check_operation_access(credentials, operation)
 
-        # Log successful authentication
         self.security_logger.log_security_event(
             event_type=SecurityEventType.AUTH_SUCCESS,
             level=SecurityEventLevel.INFO,
@@ -223,27 +152,20 @@ class StatusAuthenticator:
         return credentials
 
     def _parse_auth_header(self, auth_header: str, operation: str) -> AuthCredentials:
-        """Parse authentication header and create credentials."""
-
         try:
-            # Handle different authentication schemes
             if auth_header.startswith("Bearer "):
-                # JWT token
-                token = auth_header[7:]  # Remove "Bearer " prefix
+                token = auth_header[7:]
                 return self._validate_jwt_token(token, operation)
 
             elif auth_header.startswith("ApiKey "):
-                # API key authentication
-                api_key = auth_header[7:]  # Remove "ApiKey " prefix
+                api_key = auth_header[7:]
                 return self._validate_api_key(api_key, operation)
 
             elif auth_header.startswith("HMAC-SHA256 "):
-                # HMAC signature authentication
-                signature_data = auth_header[12:]  # Remove "HMAC-SHA256 " prefix
+                signature_data = auth_header[12:]
                 return self._validate_hmac_signature(signature_data, operation)
 
             else:
-                # Try as plain API key
                 return self._validate_api_key(auth_header, operation)
 
         except Exception as e:
@@ -256,8 +178,6 @@ class StatusAuthenticator:
             raise AuthenticationError(f"Invalid authentication format: {e}")
 
     def _validate_api_key(self, api_key: str, operation: str) -> AuthCredentials:
-        """Validate API key and return credentials."""
-
         if api_key in self._api_keys:
             credentials = self._api_keys[api_key]
 
@@ -285,22 +205,17 @@ class StatusAuthenticator:
         raise AuthenticationError("Invalid API key")
 
     def _validate_jwt_token(self, token: str, operation: str) -> AuthCredentials:
-        """Validate JWT token and return credentials."""
-
         try:
-            # Simple JWT validation (in production, use proper JWT library)
             parts = token.split(".")
             if len(parts) != 3:
                 raise AuthenticationError("Invalid JWT format")
 
-            # Decode header and payload (base64)
             import base64
 
             json.loads(base64.b64decode(parts[0] + "=="))
             payload = json.loads(base64.b64decode(parts[1] + "=="))
             signature = parts[2]
 
-            # Validate signature with HMAC
             expected_signature = (
                 base64.b64encode(
                     hmac.new(
@@ -316,11 +231,9 @@ class StatusAuthenticator:
             if not hmac.compare_digest(signature, expected_signature):
                 raise AuthenticationError("Invalid JWT signature")
 
-            # Check expiration
             if "exp" in payload and time.time() > payload["exp"]:
                 raise ExpiredCredentialsError("JWT token expired")
 
-            # Extract credentials
             client_id = payload.get("sub", "jwt_user")
             access_level = AccessLevel(
                 payload.get("access_level", AccessLevel.PUBLIC.value)
@@ -332,7 +245,7 @@ class StatusAuthenticator:
                 access_level=access_level,
                 method=AuthenticationMethod.JWT_TOKEN,
                 expires_at=payload.get("exp"),
-                allowed_operations=set(allowed_operations)
+                allowed_operations=set[t.Any](allowed_operations)
                 if allowed_operations
                 else None,
             )
@@ -349,24 +262,19 @@ class StatusAuthenticator:
     def _validate_hmac_signature(
         self, signature_data: str, operation: str
     ) -> AuthCredentials:
-        """Validate HMAC signature and return credentials."""
-
         try:
-            # Parse signature data: client_id:timestamp:signature
-            parts = signature_data.split(":")
+            parts = signature_data.split(": ")
             if len(parts) != 3:
                 raise AuthenticationError("Invalid HMAC signature format")
 
             client_id, timestamp_str, signature = parts
             timestamp = float(timestamp_str)
 
-            # Check timestamp (prevent replay attacks)
             current_time = time.time()
-            if abs(current_time - timestamp) > 300:  # 5 minute window
+            if abs(current_time - timestamp) > 300:
                 raise ExpiredCredentialsError("HMAC signature timestamp too old")
 
-            # Create expected signature
-            message = f"{client_id}:{operation}:{timestamp_str}"
+            message = f"{client_id}: {operation}: {timestamp_str}"
             expected_signature = hmac.new(
                 self.secret_key.encode(),
                 message.encode(),
@@ -378,7 +286,7 @@ class StatusAuthenticator:
 
             return AuthCredentials(
                 client_id=client_id,
-                access_level=AccessLevel.INTERNAL,  # HMAC gets internal access
+                access_level=AccessLevel.INTERNAL,
                 method=AuthenticationMethod.HMAC_SIGNATURE,
             )
 
@@ -394,8 +302,6 @@ class StatusAuthenticator:
     def _validate_credentials(
         self, credentials: AuthCredentials, operation: str
     ) -> None:
-        """Validate credentials are still valid."""
-
         if credentials.is_expired:
             self.security_logger.log_security_event(
                 event_type=SecurityEventType.AUTH_EXPIRED,
@@ -409,9 +315,6 @@ class StatusAuthenticator:
     def _check_operation_access(
         self, credentials: AuthCredentials, operation: str
     ) -> None:
-        """Check if credentials have access to the requested operation."""
-
-        # Check operation-specific permissions
         if not credentials.has_operation_access(operation):
             self.security_logger.log_security_event(
                 event_type=SecurityEventType.ACCESS_DENIED,
@@ -421,12 +324,13 @@ class StatusAuthenticator:
                 operation=operation,
                 additional_data={
                     "access_level": credentials.access_level.value,
-                    "allowed_operations": list(credentials.allowed_operations or []),
+                    "allowed_operations": list[t.Any](
+                        credentials.allowed_operations or []
+                    ),
                 },
             )
             raise AccessDeniedError(f"Operation not allowed: {operation}")
 
-        # Check access level requirements
         required_level = self._operation_requirements.get(operation, AccessLevel.PUBLIC)
         if not self._has_sufficient_access_level(
             credentials.access_level, required_level
@@ -449,9 +353,6 @@ class StatusAuthenticator:
         user_level: AccessLevel,
         required_level: AccessLevel,
     ) -> bool:
-        """Check if user access level meets requirements."""
-
-        # Access level hierarchy
         level_hierarchy = {
             AccessLevel.PUBLIC: 0,
             AccessLevel.INTERNAL: 1,
@@ -465,7 +366,6 @@ class StatusAuthenticator:
         return user_level_num >= required_level_num
 
     def is_operation_allowed(self, operation: str, access_level: AccessLevel) -> bool:
-        """Check if an operation is allowed for the given access level."""
         required_level = self._operation_requirements.get(operation, AccessLevel.PUBLIC)
         return self._has_sufficient_access_level(access_level, required_level)
 
@@ -476,19 +376,6 @@ class StatusAuthenticator:
         expires_at: float | None = None,
         allowed_operations: set[str] | None = None,
     ) -> str:
-        """
-        Add a new API key.
-
-        Args:
-            client_id: Client identifier
-            access_level: Access level for the key
-            expires_at: Optional expiration timestamp
-            allowed_operations: Optional set of allowed operations
-
-        Returns:
-            Generated API key
-        """
-
         api_key = self._generate_api_key(client_id.replace(" ", "_").lower())
 
         credentials = AuthCredentials(
@@ -516,16 +403,6 @@ class StatusAuthenticator:
         return api_key
 
     def revoke_api_key(self, api_key: str) -> bool:
-        """
-        Revoke an API key.
-
-        Args:
-            api_key: API key to revoke
-
-        Returns:
-            True if key was revoked, False if not found
-        """
-
         if api_key in self._api_keys:
             credentials = self._api_keys[api_key]
             del self._api_keys[api_key]
@@ -543,8 +420,6 @@ class StatusAuthenticator:
         return False
 
     def get_auth_status(self) -> dict[str, t.Any]:
-        """Get current authentication system status."""
-
         active_keys = len([k for k, c in self._api_keys.items() if not c.is_expired])
         expired_keys = len([k for k, c in self._api_keys.items() if c.is_expired])
 
@@ -565,13 +440,10 @@ class StatusAuthenticator:
         }
 
 
-# Global singleton instance
 _authenticator: StatusAuthenticator | None = None
 
 
 def get_status_authenticator() -> StatusAuthenticator:
-    """Get the global status authenticator instance."""
-
     global _authenticator
     if _authenticator is None:
         _authenticator = StatusAuthenticator()
@@ -583,21 +455,6 @@ async def authenticate_status_request(
     client_ip: str | None = None,
     operation: str = "unknown",
 ) -> AuthCredentials:
-    """
-    Convenience function for status request authentication.
-
-    Args:
-        auth_header: Authorization header value
-        client_ip: Client IP address
-        operation: Operation being requested
-
-    Returns:
-        AuthCredentials for the authenticated request
-
-    Raises:
-        AuthenticationError: If authentication fails
-    """
-
     return get_status_authenticator().authenticate_request(
         auth_header, client_ip, operation
     )