exonware-xwlazy 0.1.0.22__py3-none-any.whl → 1.0.1.2__py3-none-any.whl

exonware/xwlazy/package/services/install_policy.py

@@ -1,156 +0,0 @@
-"""
-Install Policy
-
-Company: eXonware.com
-Author: Eng. Muhammad AlShehri
-Email: connect@exonware.com
-
-Generation Date: 15-Nov-2025
-
-Security and policy configuration for lazy installation.
-"""
-
-import threading
-from typing import Dict, List, Optional, Set, Tuple
-
-# Lazy import to avoid circular dependency
-def _get_log_event():
-    """Get log_event function (lazy import to avoid circular dependency)."""
-    from ...common.logger import log_event
-    return log_event
-
-_log = None  # Will be initialized on first use
-
-class LazyInstallPolicy:
-    """
-    Security and policy configuration for lazy installation.
-    Per-package allow/deny lists, index URLs, and security settings.
-    """
-    __slots__ = ()
-    
-    _allow_lists: Dict[str, Set[str]] = {}
-    _deny_lists: Dict[str, Set[str]] = {}
-    _index_urls: Dict[str, str] = {}
-    _extra_index_urls: Dict[str, List[str]] = {}
-    _trusted_hosts: Dict[str, List[str]] = {}
-    _require_hashes: Dict[str, bool] = {}
-    _verify_ssl: Dict[str, bool] = {}
-    _lockfile_paths: Dict[str, str] = {}
-    _lock = threading.RLock()
-    
-    @classmethod
-    def _ensure_logging(cls):
-        """Ensure logging is initialized."""
-        global _log
-        if _log is None:
-            _log = _get_log_event()
-    
-    @classmethod
-    def set_allow_list(cls, package_name: str, allowed_packages: List[str]) -> None:
-        """Set allow list for a package (only these can be installed)."""
-        cls._ensure_logging()
-        with cls._lock:
-            cls._allow_lists[package_name] = set(allowed_packages)
-            _log("config", f"Set allow list for {package_name}: {len(allowed_packages)} packages")
-    
-    @classmethod
-    def set_deny_list(cls, package_name: str, denied_packages: List[str]) -> None:
-        """Set deny list for a package (these cannot be installed)."""
-        cls._ensure_logging()
-        with cls._lock:
-            cls._deny_lists[package_name] = set(denied_packages)
-            _log("config", f"Set deny list for {package_name}: {len(denied_packages)} packages")
-    
-    @classmethod
-    def add_to_allow_list(cls, package_name: str, allowed_package: str) -> None:
-        """Add single package to allow list."""
-        with cls._lock:
-            if package_name not in cls._allow_lists:
-                cls._allow_lists[package_name] = set()
-            cls._allow_lists[package_name].add(allowed_package)
-    
-    @classmethod
-    def add_to_deny_list(cls, package_name: str, denied_package: str) -> None:
-        """Add single package to deny list."""
-        with cls._lock:
-            if package_name not in cls._deny_lists:
-                cls._deny_lists[package_name] = set()
-            cls._deny_lists[package_name].add(denied_package)
-    
-    @classmethod
-    def is_package_allowed(cls, installer_package: str, target_package: str) -> Tuple[bool, str]:
-        """Check if target_package can be installed by installer_package."""
-        with cls._lock:
-            if installer_package in cls._deny_lists:
-                if target_package in cls._deny_lists[installer_package]:
-                    return False, f"Package '{target_package}' is in deny list"
-            
-            if installer_package in cls._allow_lists:
-                if target_package not in cls._allow_lists[installer_package]:
-                    return False, f"Package '{target_package}' not in allow list"
-            
-            return True, "OK"
-    
-    @classmethod
-    def set_index_url(cls, package_name: str, index_url: str) -> None:
-        """Set PyPI index URL for a package."""
-        cls._ensure_logging()
-        with cls._lock:
-            cls._index_urls[package_name] = index_url
-            _log("config", f"Set index URL for {package_name}: {index_url}")
-    
-    @classmethod
-    def set_extra_index_urls(cls, package_name: str, urls: List[str]) -> None:
-        """Set extra index URLs for a package."""
-        cls._ensure_logging()
-        with cls._lock:
-            cls._extra_index_urls[package_name] = urls
-            _log("config", f"Set {len(urls)} extra index URLs for {package_name}")
-    
-    @classmethod
-    def add_trusted_host(cls, package_name: str, host: str) -> None:
-        """Add trusted host for a package."""
-        with cls._lock:
-            if package_name not in cls._trusted_hosts:
-                cls._trusted_hosts[package_name] = []
-            cls._trusted_hosts[package_name].append(host)
-    
-    @classmethod
-    def get_pip_args(cls, package_name: str) -> List[str]:
-        """Get pip install arguments for a package based on policy."""
-        args = []
-        
-        with cls._lock:
-            if package_name in cls._index_urls:
-                args.extend(['--index-url', cls._index_urls[package_name]])
-            
-            if package_name in cls._extra_index_urls:
-                for url in cls._extra_index_urls[package_name]:
-                    args.extend(['--extra-index-url', url])
-            
-            if package_name in cls._trusted_hosts:
-                for host in cls._trusted_hosts[package_name]:
-                    args.extend(['--trusted-host', host])
-            
-            if cls._require_hashes.get(package_name, False):
-                args.append('--require-hashes')
-            
-            if not cls._verify_ssl.get(package_name, True):
-                args.append('--no-verify-ssl')
-        
-        return args
-    
-    @classmethod
-    def set_lockfile_path(cls, package_name: str, path: str) -> None:
-        """Set lockfile path for a package."""
-        with cls._lock:
-            cls._lockfile_paths[package_name] = path
-    
-    @classmethod
-    def get_lockfile_path(cls, package_name: str) -> Optional[str]:
-        """Get lockfile path for a package."""
-        with cls._lock:
-            return cls._lockfile_paths.get(package_name)
-
-__all__ = ['LazyInstallPolicy']
-

exonware/xwlazy/package/services/install_registry.py

@@ -1,54 +0,0 @@
-"""
-Installer Registry
-
-Company: eXonware.com
-Author: Eng. Muhammad AlShehri
-Email: connect@exonware.com
-
-Generation Date: 15-Nov-2025
-
-Registry to manage separate lazy installer instances per package.
-"""
-
-import threading
-from typing import Dict, TYPE_CHECKING
-
-if TYPE_CHECKING:
-    from .lazy_installer import LazyInstaller
-
-class LazyInstallerRegistry:
-    """Registry to manage separate lazy installer instances per package."""
-    _instances: Dict[str, 'LazyInstaller'] = {}
-    _lock = threading.RLock()
-    
-    @classmethod
-    def get_instance(cls, package_name: str = 'default') -> 'LazyInstaller':
-        """
-        Get or create a lazy installer instance for a package.
-        
-        Args:
-            package_name: Package name for isolation
-            
-        Returns:
-            LazyInstaller instance for the package
-        """
-        with cls._lock:
-            if package_name not in cls._instances:
-                # Lazy import to avoid circular dependency
-                from .lazy_installer import LazyInstaller
-                cls._instances[package_name] = LazyInstaller(package_name)
-            return cls._instances[package_name]
-    
-    @classmethod
-    def get_all_instances(cls) -> Dict[str, 'LazyInstaller']:
-        """
-        Get all lazy installer instances.
-        
-        Returns:
-            Dict mapping package_name -> LazyInstaller
-        """
-        with cls._lock:
-            return cls._instances.copy()
-
-__all__ = ['LazyInstallerRegistry']
-

exonware/xwlazy/package/services/install_result.py

@@ -1,17 +0,0 @@
-"""
-Install Result and Status
-
-Company: eXonware.com
-Author: Eng. Muhammad AlShehri
-Email: connect@exonware.com
-
-Generation Date: 15-Nov-2025
-
-Re-export installation result types from defs.py for backward compatibility.
-"""
-
-# Re-export from defs.py
-from ...defs import InstallStatus, InstallResult
-
-__all__ = ['InstallStatus', 'InstallResult']
-

exonware/xwlazy/package/services/install_sbom.py

@@ -1,153 +0,0 @@
-"""
-SBOM and Audit Mixin
-
-Company: eXonware.com
-Author: Eng. Muhammad AlShehri
-Email: connect@exonware.com
-
-Generation Date: 15-Nov-2025
-
-Mixin for SBOM generation and vulnerability auditing.
-"""
-
-import json
-import sys
-import subprocess
-from datetime import datetime
-from pathlib import Path
-from typing import Dict
-
-from .install_policy import LazyInstallPolicy
-
-# Lazy imports
-def _get_logger():
-    """Get logger (lazy import to avoid circular dependency)."""
-    from ...common.logger import get_logger
-    return get_logger("xwlazy.lazy_installer")
-
-def _get_log_event():
-    """Get log_event function (lazy import to avoid circular dependency)."""
-    from ...common.logger import log_event
-    return log_event
-
-logger = None
-_log = None
-
-def _ensure_logging_initialized():
-    """Ensure logging utilities are initialized."""
-    global logger, _log
-    if logger is None:
-        logger = _get_logger()
-    if _log is None:
-        _log = _get_log_event()
-
-class SBOMAuditMixin:
-    """Mixin for SBOM generation and vulnerability auditing."""
-    
-    def _run_vulnerability_audit(self, package_name: str) -> None:
-        """Run vulnerability audit on installed package using pip-audit."""
-        _ensure_logging_initialized()
-        try:
-            result = subprocess.run(
-                [sys.executable, '-m', 'pip_audit', '-r', '-', '--format', 'json'],
-                input=package_name,
-                capture_output=True,
-                text=True,
-                timeout=30
-            )
-            
-            if result.returncode == 0:
-                _log("audit", f"Vulnerability audit passed for {package_name}")
-            else:
-                try:
-                    audit_data = json.loads(result.stdout)
-                    if audit_data.get('vulnerabilities'):
-                        logger.warning(f"[SECURITY] Vulnerabilities found in {package_name}: {audit_data}")
-                        print(f"[SECURITY WARNING] Package '{package_name}' has known vulnerabilities")
-                        print(f"Run 'pip-audit' for details")
-                except json.JSONDecodeError:
-                    logger.warning(f"Could not parse audit results for {package_name}")
-        except subprocess.TimeoutExpired:
-            logger.warning(f"Vulnerability audit timed out for {package_name}")
-        except Exception as e:
-            logger.debug(f"Vulnerability audit skipped for {package_name}: {e}")
-    
-    def _update_lockfile(self, package_name: str) -> None:
-        """Update lockfile with newly installed package."""
-        _ensure_logging_initialized()
-        lockfile_path = LazyInstallPolicy.get_lockfile_path(self._package_name)  # type: ignore[attr-defined]
-        if not lockfile_path:
-            return
-        
-        try:
-            version = self._get_installed_version(package_name)  # type: ignore[attr-defined]
-            if not version:
-                return
-            
-            lockfile_path = Path(lockfile_path)
-            if lockfile_path.exists():
-                with open(lockfile_path, 'r', encoding='utf-8') as f:
-                    lockdata = json.load(f)
-            else:
-                lockdata = {
-                    "metadata": {
-                        "generated_by": f"xwlazy-{self._package_name}",  # type: ignore[attr-defined]
-                        "version": "1.0"
-                    },
-                    "packages": {}
-                }
-            
-            lockdata["packages"][package_name] = {
-                "version": version,
-                "installed_at": datetime.now().isoformat(),
-                "installer": self._package_name  # type: ignore[attr-defined]
-            }
-            
-            lockfile_path.parent.mkdir(parents=True, exist_ok=True)
-            with open(lockfile_path, 'w', encoding='utf-8') as f:
-                json.dump(lockdata, f, indent=2)
-            
-            _log("sbom", f"Updated lockfile: {lockfile_path}")
-        except Exception as e:
-            logger.warning(f"Failed to update lockfile: {e}")
-    
-    def generate_sbom(self) -> Dict:
-        """Generate Software Bill of Materials (SBOM) for installed packages."""
-        sbom = {
-            "metadata": {
-                "format": "xwlazy-sbom",
-                "version": "1.0",
-                "generated_at": datetime.now().isoformat(),
-                "installer_package": self._package_name  # type: ignore[attr-defined]
-            },
-            "packages": []
-        }
-        
-        for pkg in self._installed_packages:  # type: ignore[attr-defined]
-            version = self._get_installed_version(pkg)  # type: ignore[attr-defined]
-            sbom["packages"].append({
-                "name": pkg,
-                "version": version or "unknown",
-                "installed_by": self._package_name,  # type: ignore[attr-defined]
-                "source": "pypi"
-            })
-        
-        return sbom
-    
-    def export_sbom(self, output_path: str) -> bool:
-        """Export SBOM to file."""
-        _ensure_logging_initialized()
-        try:
-            sbom = self.generate_sbom()
-            output_path = Path(output_path)
-            output_path.parent.mkdir(parents=True, exist_ok=True)
-            
-            with open(output_path, 'w', encoding='utf-8') as f:
-                json.dump(sbom, f, indent=2)
-            
-            _log("sbom", f"Exported SBOM to: {output_path}")
-            return True
-        except Exception as e:
-            logger.error(f"Failed to export SBOM: {e}")
-            return False
-

exonware/xwlazy/package/services/install_utils.py

@@ -1,79 +0,0 @@
-"""
-Installation Utilities
-
-Company: eXonware.com
-Author: Eng. Muhammad AlShehri
-Email: connect@exonware.com
-
-Generation Date: 15-Nov-2025
-
-Utility functions for installation operations.
-"""
-
-import os
-import sys
-import inspect
-import subprocess
-from pathlib import Path
-from typing import Optional
-
-def get_trigger_file() -> Optional[str]:
-    """
-    Get the file that triggered the import (from call stack).
-    
-    Returns:
-        Filename that triggered the import, or None
-    """
-    try:
-        # Walk up the call stack to find the first non-xwlazy file
-        # Look for files in xwsystem, xwnode, xwdata, or user code
-        for frame_info in inspect.stack():
-            filename = frame_info.filename
-            # Skip xwlazy internal files and importlib
-            if ('xwlazy' not in filename and 
-                'importlib' not in filename and 
-                '<frozen' not in filename and
-                filename.endswith('.py')):
-                # Return just the filename, not full path
-                basename = os.path.basename(filename)
-                # If it's a serialization file, use that
-                if 'serialization' in filename or 'formats' in filename:
-                    # Extract the format name (e.g., bson.py -> BsonSerializer)
-                    if basename.endswith('.py'):
-                        basename = basename[:-3]  # Remove .py
-                    return f"{basename.capitalize()}Serializer" if basename else None
-                return basename
-    except Exception:
-        pass
-    return None
-
-def is_externally_managed() -> bool:
-    """
-    Check if Python environment is externally managed (PEP 668).
-    
-    Returns:
-        True if environment is externally managed
-    """
-    marker_file = Path(sys.prefix) / "EXTERNALLY-MANAGED"
-    return marker_file.exists()
-
-def check_pip_audit_available() -> bool:
-    """
-    Check if pip-audit is available for vulnerability scanning.
-    
-    Returns:
-        True if pip-audit is available
-    """
-    try:
-        result = subprocess.run(
-            [sys.executable, '-m', 'pip', 'list'],
-            capture_output=True,
-            text=True,
-            timeout=5
-        )
-        return 'pip-audit' in result.stdout
-    except Exception:
-        return False
-
-__all__ = ['get_trigger_file', 'is_externally_managed', 'check_pip_audit_available']
-