exonware-xwlazy 0.1.0.11__py3-none-any.whl → 0.1.0.20__py3-none-any.whl

exonware/xwlazy/package/services/install_registry.py

@@ -0,0 +1,54 @@
+"""
+Installer Registry
+
+Company: eXonware.com
+Author: Eng. Muhammad AlShehri
+Email: connect@exonware.com
+
+Generation Date: 15-Nov-2025
+
+Registry to manage separate lazy installer instances per package.
+"""
+
+import threading
+from typing import Dict, TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from .lazy_installer import LazyInstaller
+
+class LazyInstallerRegistry:
+    """Registry to manage separate lazy installer instances per package."""
+    _instances: Dict[str, 'LazyInstaller'] = {}
+    _lock = threading.RLock()
+    
+    @classmethod
+    def get_instance(cls, package_name: str = 'default') -> 'LazyInstaller':
+        """
+        Get or create a lazy installer instance for a package.
+        
+        Args:
+            package_name: Package name for isolation
+            
+        Returns:
+            LazyInstaller instance for the package
+        """
+        with cls._lock:
+            if package_name not in cls._instances:
+                # Lazy import to avoid circular dependency
+                from .lazy_installer import LazyInstaller
+                cls._instances[package_name] = LazyInstaller(package_name)
+            return cls._instances[package_name]
+    
+    @classmethod
+    def get_all_instances(cls) -> Dict[str, 'LazyInstaller']:
+        """
+        Get all lazy installer instances.
+        
+        Returns:
+            Dict mapping package_name -> LazyInstaller
+        """
+        with cls._lock:
+            return cls._instances.copy()
+
+__all__ = ['LazyInstallerRegistry']
+

exonware/xwlazy/package/services/install_result.py

@@ -0,0 +1,17 @@
+"""
+Install Result and Status
+
+Company: eXonware.com
+Author: Eng. Muhammad AlShehri
+Email: connect@exonware.com
+
+Generation Date: 15-Nov-2025
+
+Re-export installation result types from defs.py for backward compatibility.
+"""
+
+# Re-export from defs.py
+from ...defs import InstallStatus, InstallResult
+
+__all__ = ['InstallStatus', 'InstallResult']
+

exonware/xwlazy/package/services/install_sbom.py

@@ -0,0 +1,153 @@
+"""
+SBOM and Audit Mixin
+
+Company: eXonware.com
+Author: Eng. Muhammad AlShehri
+Email: connect@exonware.com
+
+Generation Date: 15-Nov-2025
+
+Mixin for SBOM generation and vulnerability auditing.
+"""
+
+import json
+import sys
+import subprocess
+from datetime import datetime
+from pathlib import Path
+from typing import Dict
+
+from .install_policy import LazyInstallPolicy
+
+# Lazy imports
+def _get_logger():
+    """Get logger (lazy import to avoid circular dependency)."""
+    from ...common.logger import get_logger
+    return get_logger("xwlazy.lazy_installer")
+
+def _get_log_event():
+    """Get log_event function (lazy import to avoid circular dependency)."""
+    from ...common.logger import log_event
+    return log_event
+
+logger = None
+_log = None
+
+def _ensure_logging_initialized():
+    """Ensure logging utilities are initialized."""
+    global logger, _log
+    if logger is None:
+        logger = _get_logger()
+    if _log is None:
+        _log = _get_log_event()
+
+class SBOMAuditMixin:
+    """Mixin for SBOM generation and vulnerability auditing."""
+    
+    def _run_vulnerability_audit(self, package_name: str) -> None:
+        """Run vulnerability audit on installed package using pip-audit."""
+        _ensure_logging_initialized()
+        try:
+            result = subprocess.run(
+                [sys.executable, '-m', 'pip_audit', '-r', '-', '--format', 'json'],
+                input=package_name,
+                capture_output=True,
+                text=True,
+                timeout=30
+            )
+            
+            if result.returncode == 0:
+                _log("audit", f"Vulnerability audit passed for {package_name}")
+            else:
+                try:
+                    audit_data = json.loads(result.stdout)
+                    if audit_data.get('vulnerabilities'):
+                        logger.warning(f"[SECURITY] Vulnerabilities found in {package_name}: {audit_data}")
+                        print(f"[SECURITY WARNING] Package '{package_name}' has known vulnerabilities")
+                        print(f"Run 'pip-audit' for details")
+                except json.JSONDecodeError:
+                    logger.warning(f"Could not parse audit results for {package_name}")
+        except subprocess.TimeoutExpired:
+            logger.warning(f"Vulnerability audit timed out for {package_name}")
+        except Exception as e:
+            logger.debug(f"Vulnerability audit skipped for {package_name}: {e}")
+    
+    def _update_lockfile(self, package_name: str) -> None:
+        """Update lockfile with newly installed package."""
+        _ensure_logging_initialized()
+        lockfile_path = LazyInstallPolicy.get_lockfile_path(self._package_name)  # type: ignore[attr-defined]
+        if not lockfile_path:
+            return
+        
+        try:
+            version = self._get_installed_version(package_name)  # type: ignore[attr-defined]
+            if not version:
+                return
+            
+            lockfile_path = Path(lockfile_path)
+            if lockfile_path.exists():
+                with open(lockfile_path, 'r', encoding='utf-8') as f:
+                    lockdata = json.load(f)
+            else:
+                lockdata = {
+                    "metadata": {
+                        "generated_by": f"xwlazy-{self._package_name}",  # type: ignore[attr-defined]
+                        "version": "1.0"
+                    },
+                    "packages": {}
+                }
+            
+            lockdata["packages"][package_name] = {
+                "version": version,
+                "installed_at": datetime.now().isoformat(),
+                "installer": self._package_name  # type: ignore[attr-defined]
+            }
+            
+            lockfile_path.parent.mkdir(parents=True, exist_ok=True)
+            with open(lockfile_path, 'w', encoding='utf-8') as f:
+                json.dump(lockdata, f, indent=2)
+            
+            _log("sbom", f"Updated lockfile: {lockfile_path}")
+        except Exception as e:
+            logger.warning(f"Failed to update lockfile: {e}")
+    
+    def generate_sbom(self) -> Dict:
+        """Generate Software Bill of Materials (SBOM) for installed packages."""
+        sbom = {
+            "metadata": {
+                "format": "xwlazy-sbom",
+                "version": "1.0",
+                "generated_at": datetime.now().isoformat(),
+                "installer_package": self._package_name  # type: ignore[attr-defined]
+            },
+            "packages": []
+        }
+        
+        for pkg in self._installed_packages:  # type: ignore[attr-defined]
+            version = self._get_installed_version(pkg)  # type: ignore[attr-defined]
+            sbom["packages"].append({
+                "name": pkg,
+                "version": version or "unknown",
+                "installed_by": self._package_name,  # type: ignore[attr-defined]
+                "source": "pypi"
+            })
+        
+        return sbom
+    
+    def export_sbom(self, output_path: str) -> bool:
+        """Export SBOM to file."""
+        _ensure_logging_initialized()
+        try:
+            sbom = self.generate_sbom()
+            output_path = Path(output_path)
+            output_path.parent.mkdir(parents=True, exist_ok=True)
+            
+            with open(output_path, 'w', encoding='utf-8') as f:
+                json.dump(sbom, f, indent=2)
+            
+            _log("sbom", f"Exported SBOM to: {output_path}")
+            return True
+        except Exception as e:
+            logger.error(f"Failed to export SBOM: {e}")
+            return False
+

exonware/xwlazy/package/services/install_utils.py

@@ -0,0 +1,79 @@
+"""
+Installation Utilities
+
+Company: eXonware.com
+Author: Eng. Muhammad AlShehri
+Email: connect@exonware.com
+
+Generation Date: 15-Nov-2025
+
+Utility functions for installation operations.
+"""
+
+import os
+import sys
+import inspect
+import subprocess
+from pathlib import Path
+from typing import Optional
+
+def get_trigger_file() -> Optional[str]:
+    """
+    Get the file that triggered the import (from call stack).
+    
+    Returns:
+        Filename that triggered the import, or None
+    """
+    try:
+        # Walk up the call stack to find the first non-xwlazy file
+        # Look for files in xwsystem, xwnode, xwdata, or user code
+        for frame_info in inspect.stack():
+            filename = frame_info.filename
+            # Skip xwlazy internal files and importlib
+            if ('xwlazy' not in filename and 
+                'importlib' not in filename and 
+                '<frozen' not in filename and
+                filename.endswith('.py')):
+                # Return just the filename, not full path
+                basename = os.path.basename(filename)
+                # If it's a serialization file, use that
+                if 'serialization' in filename or 'formats' in filename:
+                    # Extract the format name (e.g., bson.py -> BsonSerializer)
+                    if basename.endswith('.py'):
+                        basename = basename[:-3]  # Remove .py
+                    return f"{basename.capitalize()}Serializer" if basename else None
+                return basename
+    except Exception:
+        pass
+    return None
+
+def is_externally_managed() -> bool:
+    """
+    Check if Python environment is externally managed (PEP 668).
+    
+    Returns:
+        True if environment is externally managed
+    """
+    marker_file = Path(sys.prefix) / "EXTERNALLY-MANAGED"
+    return marker_file.exists()
+
+def check_pip_audit_available() -> bool:
+    """
+    Check if pip-audit is available for vulnerability scanning.
+    
+    Returns:
+        True if pip-audit is available
+    """
+    try:
+        result = subprocess.run(
+            [sys.executable, '-m', 'pip', 'list'],
+            capture_output=True,
+            text=True,
+            timeout=5
+        )
+        return 'pip-audit' in result.stdout
+    except Exception:
+        return False
+
+__all__ = ['get_trigger_file', 'is_externally_managed', 'check_pip_audit_available']
+