dworshak 0.1.2__tar.gz

dworshak-0.1.2/LICENSE

@@ -0,0 +1,7 @@
+Copyright 2026 George Clayton Bennett <https://github.com/City-of-Memphis-Wastewater/dworshak-access/>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

dworshak-0.1.2/PKG-INFO

@@ -0,0 +1,51 @@
+Metadata-Version: 2.4
+Name: dworshak
+Version: 0.1.2
+Summary: Manage local, encrypted credentials. The **dworshak* CLI leverages openssl, sqlite3, and cryptography.
+Requires-Python: >=3.12
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: cryptography>=46.0.3
+Requires-Dist: typer>=0.21.0
+Requires-Dist: rich>=13.0.0
+Dynamic: license-file
+
+# Project Dworshak 🌊
+
+**Dworshak** is the security bones behind API orchestration of infrastructure data between legacy SOAP services (EDS) and modern REST APIs (RJN).
+
+## 🏗  The Ultimate Vision
+To become a stable credential management tool for scripting the flow of Emerson Ovation data and related APIs, supporting multiple projects in and beyond at the Maxson Wastewater Treatment Plant.
+* **The Wider Goal:** A system where data is fetched, validated, and mirrored locally so that decision-support tools (Dashboards, Alarms) never have to "wait" on a slow external API.
+* **The Method:** "Do one boring thing well." Use OpenSSL to manage a local `~/.dowrshak/ directory which includes a `.key` file, a `vault.db` encrypted credential file, and a `config.json` file for controlling defaults.
+
+## ⚖️ User Stories
+Dworshak supports two complementary roles within the infrastructure data ecosystem:
+1. Infrastructure Integrator (Primary User)
+> I need a secure, predictable tool that orchestrates the movement of data between upstream and downstream systems — pulling from legacy SOAP endpoints, transforming or validating as needed, and pushing clean, trusted data to the services that depend on it.
+> Dworshak should behave like a controlled “data dam,” ensuring one‑directional flow, consistent execution across platforms, and strict protection of credentials.
+2. Data Analyst (Secondary User)
+> I need a reliable, set-and-forget tool that synchronizes remote API data into a local, high-performance SQLite mirror, so that dashboards, reports, and decision-support tools never have to wait on slow or unreliable external services. Equipped with the Dworshak CLI and its companion toolset, I can build visualizations and reports without worrying about credential leaks, API timeouts, or platform-specific (Windows vs. Termux) bugs.
+
+## 🚀 The MVP (Current State)
+- **Secure Vault:** Fernet-encrypted SQLite storage for API credentials.
+- **Root of Trust:** A local `.key` file architecture that works identically on Windows and Termux.
+- **CLI Entry:** A `typer`-based interface for setup and credential management.
+
+## ⚠️ Risks & Guardrails
+To prevent "going off the rails" or drowning in scope creep:
+ **The Anti-Daemon Bias:** Stay script-based. Using `task-scheduler` or `cron` is more robust than maintaining a long-running daemon process that can leak memory or crash silently.
+
+### Quick Start
+
+```bash
+# Install the CLI
+pipx install dworshak
+
+# Bootstrap the security layer
+dworshak setup
+
+# Register your first API
+dworshak register --service rjn_api --item username
+
+```

dworshak-0.1.2/README.md

@@ -0,0 +1,39 @@
+# Project Dworshak 🌊
+
+**Dworshak** is the security bones behind API orchestration of infrastructure data between legacy SOAP services (EDS) and modern REST APIs (RJN).
+
+## 🏗  The Ultimate Vision
+To become a stable credential management tool for scripting the flow of Emerson Ovation data and related APIs, supporting multiple projects in and beyond at the Maxson Wastewater Treatment Plant.
+* **The Wider Goal:** A system where data is fetched, validated, and mirrored locally so that decision-support tools (Dashboards, Alarms) never have to "wait" on a slow external API.
+* **The Method:** "Do one boring thing well." Use OpenSSL to manage a local `~/.dowrshak/ directory which includes a `.key` file, a `vault.db` encrypted credential file, and a `config.json` file for controlling defaults.
+
+## ⚖️ User Stories
+Dworshak supports two complementary roles within the infrastructure data ecosystem:
+1. Infrastructure Integrator (Primary User)
+> I need a secure, predictable tool that orchestrates the movement of data between upstream and downstream systems — pulling from legacy SOAP endpoints, transforming or validating as needed, and pushing clean, trusted data to the services that depend on it.
+> Dworshak should behave like a controlled “data dam,” ensuring one‑directional flow, consistent execution across platforms, and strict protection of credentials.
+2. Data Analyst (Secondary User)
+> I need a reliable, set-and-forget tool that synchronizes remote API data into a local, high-performance SQLite mirror, so that dashboards, reports, and decision-support tools never have to wait on slow or unreliable external services. Equipped with the Dworshak CLI and its companion toolset, I can build visualizations and reports without worrying about credential leaks, API timeouts, or platform-specific (Windows vs. Termux) bugs.
+
+## 🚀 The MVP (Current State)
+- **Secure Vault:** Fernet-encrypted SQLite storage for API credentials.
+- **Root of Trust:** A local `.key` file architecture that works identically on Windows and Termux.
+- **CLI Entry:** A `typer`-based interface for setup and credential management.
+
+## ⚠️ Risks & Guardrails
+To prevent "going off the rails" or drowning in scope creep:
+ **The Anti-Daemon Bias:** Stay script-based. Using `task-scheduler` or `cron` is more robust than maintaining a long-running daemon process that can leak memory or crash silently.
+
+### Quick Start
+
+```bash
+# Install the CLI
+pipx install dworshak
+
+# Bootstrap the security layer
+dworshak setup
+
+# Register your first API
+dworshak register --service rjn_api --item username
+
+```

dworshak-0.1.2/pyproject.toml

@@ -0,0 +1,26 @@
+[project]
+name = "dworshak"
+version = "0.1.2"
+description = "Manage local, encrypted credentials. The **dworshak* CLI leverages openssl, sqlite3, and cryptography."
+readme = "README.md"
+requires-python = ">=3.12"
+dependencies = [
+    "cryptography>=46.0.3", # No marker needed if Rust is present
+    "typer>=0.21.0",
+    #"typer>=0.12.0",
+    "rich>=13.0.0",
+    
+]
+
+[project.scripts]
+dworshak = "dworshak.cli:app"
+
+[tool.uv]
+# This tells uv that if it can't find a wheel for aarch64, 
+# it is allowed to build from source using your local Rust/Clang.
+package = true
+resolution = "highest"
+
+[build-system]
+requires = ["setuptools>=64", "wheel"]
+build-backend = "setuptools.build_meta"

dworshak-0.1.2/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

dworshak-0.1.2/src/dworshak/cli.py

@@ -0,0 +1,110 @@
+import os
+import sqlite3
+import json
+from pathlib import Path
+from typing import Optional
+
+import typer
+from cryptography.fernet import Fernet
+from rich.console import Console
+from rich.panel import Panel
+from rich.table import Table
+import click
+
+from dworshak.paths import APP_DIR,KEY_FILE,DB_FILE,CONFIG_FILE
+from dworshak.services import KNOWN_SERVICES
+from dworshak.core.bootstrap import initialize_environment
+from dworshak.core.security import get_fernet
+from dworshak.core.vault import (
+    credential_exists,
+    store_credential,
+)
+
+# Force Rich to always enable colors, even when running from a .pyz bundle
+os.environ["FORCE_COLOR"] = "1"
+# Optional but helpful for full terminal feature detection
+os.environ["TERM"] = "xterm-256color"
+
+app = typer.Typer(
+    name = "dworshak",
+    help="Secure API Orchestration for Infrastructure.",
+    add_completion=False,
+    invoke_without_command = True,
+    no_args_is_help = True,
+    context_settings={"ignore_unknown_options": True,
+    "allow_extra_args": True,
+    "help_option_names": ["-h", "--help"]},
+    )
+
+
+console = Console()
+
+# --- CLI COMMANDS ---
+
+@app.command()
+def setup():
+    """Bootstrap the Dworshak environment and generate security keys."""
+    #initialize_system()
+    initialize_environment()
+    console.print(Panel.fit(
+        "Dworshak System Initialized\n[bold green]Security Layer Active[/bold green]",
+        title="Success"
+    ))
+
+# def register(service: str = typer.Option("rjn_api", prompt=True)):
+@app.command()
+def register(
+    service: str = typer.Option(
+        "rjn_api",
+        prompt="Service Name",
+        show_default=True,
+        click_type=click.Choice(KNOWN_SERVICES),),
+    item: str = typer.Option(..., prompt="Credential Item (e.g., primary)"),
+    username: str = typer.Option(..., prompt="Username"),
+    password: str = typer.Option(..., prompt="Password", hide_input=True)
+):
+
+    """Encrypt and store a new credential in the vault."""
+    # Check for existing credential
+    if credential_exists(service, item):
+        console.print(
+            f"[yellow]A credential for {service}/{item} already exists.[/yellow]"
+        )
+        overwrite = typer.confirm("Overwrite?", default=False)
+        if not overwrite:
+            console.print("[green]Operation cancelled.[/green]")
+            return
+
+    # Encrypt the payload
+    fernet = get_fernet()
+    payload = json.dumps({"u": username, "p": password}).encode()
+    encrypted_blob = fernet.encrypt(payload)
+
+    store_credential(service, item, encrypted_blob)
+    console.print(
+        f"[green]✔ Credential for [bold]{service}/{item}[/bold] stored securely.[/green]"
+    )
+
+@app.command()
+def list_services():
+    """List all services currently stored in the vault (names only)."""
+    if not DB_FILE.exists():
+        console.print("[red]Vault not initialized.[/red]")
+        return
+
+    conn = sqlite3.connect(DB_FILE)
+    cursor = conn.execute("SELECT service, item FROM credentials")
+    rows = cursor.fetchall()
+    conn.close()
+
+    table = Table(title="Secure Vault Services")
+    table.add_column("Service", style="cyan")
+    table.add_column("Item", style="magenta")
+
+    for row in rows:
+        table.add_row(row[0], row[1])
+
+    console.print(table)
+
+if __name__ == "__main__":
+    app()

dworshak-0.1.2/src/dworshak/core/bootstrap.py

@@ -0,0 +1,101 @@
+"""
+Bootstrap routines for establishing the Dworshak runtime environment.
+
+This module is responsible for:
+- Creating the application directory structure
+- Generating and securing the master encryption key
+- Initializing the SQLite credential vault
+- Writing the initial configuration file
+
+These operations are intended to run once during setup, but remain
+idempotent to support repeated execution without side effects.
+"""
+
+import os
+import json
+import sqlite3
+from cryptography.fernet import Fernet
+from rich.console import Console
+
+from dworshak.paths import APP_DIR, KEY_FILE, DB_FILE, CONFIG_FILE
+
+console = Console()
+
+
+def initialize_environment() -> None:
+    """
+    Establishes the Dworshak environment on the local system.
+
+    This includes:
+    - Ensuring the application directory exists
+    - Creating the master key if absent
+    - Initializing the credential vault
+    - Creating the configuration file with stable defaults
+
+    All operations are safe to repeat and will not overwrite existing data.
+    """
+    APP_DIR.mkdir(parents=True, exist_ok=True)
+
+    _ensure_master_key()
+    _ensure_vault()
+    _ensure_config()
+
+
+def _ensure_master_key() -> None:
+    """
+    Generates the master Fernet key if it does not already exist.
+
+    The key is stored with restrictive permissions to limit access
+    to the current system account.
+    """
+    if KEY_FILE.exists():
+        return
+
+    console.print("[yellow]Initializing Root of Trust...[/yellow]")
+
+    key = Fernet.generate_key()
+    KEY_FILE.write_bytes(key)
+
+    # Restrict permissions: read/write for owner only
+    os.chmod(KEY_FILE, 0o600)
+
+    console.print(f"[green]✔ Master key generated at {KEY_FILE}[/green]")
+
+
+def _ensure_vault() -> None:
+    """
+    Creates the SQLite credential vault if it does not exist.
+
+    The schema is intentionally minimal and stable to support long-term
+    compatibility across Dworshak versions.
+    """
+    conn = sqlite3.connect(DB_FILE)
+    conn.execute(
+        """
+        CREATE TABLE IF NOT EXISTS credentials (
+            service TEXT NOT NULL,
+            item TEXT NOT NULL,
+            encrypted_blob BLOB NOT NULL,
+            PRIMARY KEY (service, item)
+        )
+        """
+    )
+    conn.close()
+
+
+def _ensure_config() -> None:
+    """
+    Writes the initial configuration file if absent.
+
+    The configuration file stores user preferences only.
+    Service definitions are maintained in code to ensure stability.
+    """
+    if CONFIG_FILE.exists():
+        return
+
+    default_config = {
+        "default_service": "rjn_api"
+    }
+
+    CONFIG_FILE.write_text(json.dumps(default_config, indent=2))
+    console.print(f"[green]✔ Config file created at {CONFIG_FILE}[/green]")

dworshak-0.1.2/src/dworshak/core/security.py

@@ -0,0 +1,40 @@
+"""
+Security utilities for Dworshak.
+
+This module provides:
+- Loading of the master Fernet key
+- Construction of Fernet instances for encryption and decryption
+
+Environment overrides are supported to enable automated or headless
+execution environments such as CI pipelines or scheduled tasks.
+"""
+
+import os
+from cryptography.fernet import Fernet
+
+from dworshak.paths import KEY_FILE
+
+
+def get_fernet() -> Fernet:
+    """
+    Returns a Fernet instance using the master key.
+
+    The key is loaded from:
+    1. The DWORSHAK_MASTER_KEY environment variable, if present
+    2. The .key file in the application directory
+
+    Raises:
+        FileNotFoundError: if no key is available from either source.
+    """
+    key_override = os.getenv("DWORSHAK_MASTER_KEY")
+
+    if key_override:
+        return Fernet(key_override.encode())
+
+    if not KEY_FILE.exists():
+        raise FileNotFoundError(
+            "Master key not found. Run 'dworshak setup' to initialize the environment."
+        )
+
+    key_bytes = KEY_FILE.read_bytes()
+    return Fernet(key_bytes)

dworshak-0.1.2/src/dworshak/core/vault.py

@@ -0,0 +1,57 @@
+"""
+Credential vault CRUD operations for Dworshak.
+
+This module provides:
+- Existence checks
+- Insert and update operations
+- Retrieval of encrypted blobs
+- Listing of stored credentials
+
+All encryption and decryption is handled by core.security.
+"""
+
+import sqlite3
+from typing import Optional, Tuple
+
+from dworshak.paths import DB_FILE
+
+
+def credential_exists(service: str, item: str) -> bool:
+    conn = sqlite3.connect(DB_FILE)
+    cursor = conn.execute(
+        "SELECT 1 FROM credentials WHERE service = ? AND item = ?",
+        (service, item)
+    )
+    exists = cursor.fetchone() is not None
+    conn.close()
+    return exists
+
+
+def store_credential(service: str, item: str, encrypted_blob: bytes) -> None:
+    conn = sqlite3.connect(DB_FILE)
+    conn.execute(
+        "INSERT OR REPLACE INTO credentials (service, item, encrypted_blob)"
+        " VALUES (?, ?, ?)",
+        (service, item, encrypted_blob)
+    )
+    conn.commit()
+    conn.close()
+
+
+def load_encrypted_credential(service: str, item: str) -> Optional[bytes]:
+    conn = sqlite3.connect(DB_FILE)
+    cursor = conn.execute(
+        "SELECT encrypted_blob FROM credentials WHERE service = ? AND item = ?",
+        (service, item)
+    )
+    row = cursor.fetchone()
+    conn.close()
+    return row[0] if row else None
+
+
+def list_credentials() -> list[tuple[str, str]]:
+    conn = sqlite3.connect(DB_FILE)
+    cursor = conn.execute("SELECT service, item FROM credentials")
+    rows = cursor.fetchall()
+    conn.close()
+    return rows

dworshak-0.1.2/src/dworshak/paths.py

@@ -0,0 +1,9 @@
+from pathlib import Path
+
+# --- CONFIGURATION & PATHS ---
+# Standardizing on a hidden home directory for cross-platform utility (Termux/Windows)
+
+APP_DIR = Path.home() / ".dworshak"
+KEY_FILE = APP_DIR / ".key"
+DB_FILE = APP_DIR / "vault.db"
+CONFIG_FILE = APP_DIR / "config.json"

dworshak-0.1.2/src/dworshak/services.py

@@ -0,0 +1,7 @@
+# src/dworshak/services.py
+
+KNOWN_SERVICES = [
+    "rjn_api",
+    "eds_soap_api",
+    "mission_api",
+]

dworshak-0.1.2/src/dworshak.egg-info/PKG-INFO

@@ -0,0 +1,51 @@
+Metadata-Version: 2.4
+Name: dworshak
+Version: 0.1.2
+Summary: Manage local, encrypted credentials. The **dworshak* CLI leverages openssl, sqlite3, and cryptography.
+Requires-Python: >=3.12
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: cryptography>=46.0.3
+Requires-Dist: typer>=0.21.0
+Requires-Dist: rich>=13.0.0
+Dynamic: license-file
+
+# Project Dworshak 🌊
+
+**Dworshak** is the security bones behind API orchestration of infrastructure data between legacy SOAP services (EDS) and modern REST APIs (RJN).
+
+## 🏗  The Ultimate Vision
+To become a stable credential management tool for scripting the flow of Emerson Ovation data and related APIs, supporting multiple projects in and beyond at the Maxson Wastewater Treatment Plant.
+* **The Wider Goal:** A system where data is fetched, validated, and mirrored locally so that decision-support tools (Dashboards, Alarms) never have to "wait" on a slow external API.
+* **The Method:** "Do one boring thing well." Use OpenSSL to manage a local `~/.dowrshak/ directory which includes a `.key` file, a `vault.db` encrypted credential file, and a `config.json` file for controlling defaults.
+
+## ⚖️ User Stories
+Dworshak supports two complementary roles within the infrastructure data ecosystem:
+1. Infrastructure Integrator (Primary User)
+> I need a secure, predictable tool that orchestrates the movement of data between upstream and downstream systems — pulling from legacy SOAP endpoints, transforming or validating as needed, and pushing clean, trusted data to the services that depend on it.
+> Dworshak should behave like a controlled “data dam,” ensuring one‑directional flow, consistent execution across platforms, and strict protection of credentials.
+2. Data Analyst (Secondary User)
+> I need a reliable, set-and-forget tool that synchronizes remote API data into a local, high-performance SQLite mirror, so that dashboards, reports, and decision-support tools never have to wait on slow or unreliable external services. Equipped with the Dworshak CLI and its companion toolset, I can build visualizations and reports without worrying about credential leaks, API timeouts, or platform-specific (Windows vs. Termux) bugs.
+
+## 🚀 The MVP (Current State)
+- **Secure Vault:** Fernet-encrypted SQLite storage for API credentials.
+- **Root of Trust:** A local `.key` file architecture that works identically on Windows and Termux.
+- **CLI Entry:** A `typer`-based interface for setup and credential management.
+
+## ⚠️ Risks & Guardrails
+To prevent "going off the rails" or drowning in scope creep:
+ **The Anti-Daemon Bias:** Stay script-based. Using `task-scheduler` or `cron` is more robust than maintaining a long-running daemon process that can leak memory or crash silently.
+
+### Quick Start
+
+```bash
+# Install the CLI
+pipx install dworshak
+
+# Bootstrap the security layer
+dworshak setup
+
+# Register your first API
+dworshak register --service rjn_api --item username
+
+```

dworshak-0.1.2/src/dworshak.egg-info/SOURCES.txt

@@ -0,0 +1,17 @@
+LICENSE
+README.md
+pyproject.toml
+src/dworshak/__init__.py
+src/dworshak/cli.py
+src/dworshak/paths.py
+src/dworshak/services.py
+src/dworshak.egg-info/PKG-INFO
+src/dworshak.egg-info/SOURCES.txt
+src/dworshak.egg-info/dependency_links.txt
+src/dworshak.egg-info/entry_points.txt
+src/dworshak.egg-info/requires.txt
+src/dworshak.egg-info/top_level.txt
+src/dworshak/core/__init__.py
+src/dworshak/core/bootstrap.py
+src/dworshak/core/security.py
+src/dworshak/core/vault.py

dworshak-0.1.2/src/dworshak.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

dworshak-0.1.2/src/dworshak.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+dworshak = dworshak.cli:app

dworshak-0.1.2/src/dworshak.egg-info/requires.txt

@@ -0,0 +1,3 @@
+cryptography>=46.0.3
+typer>=0.21.0
+rich>=13.0.0

dworshak-0.1.2/src/dworshak.egg-info/top_level.txt

@@ -0,0 +1 @@
+dworshak