flowgraphapp 0.1.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- flowgraph/__init__.py +8 -0
- flowgraph/_static/_headers +21 -0
- flowgraph/_static/assets/JsonCodeEditor-CBMWkoPU.js +12 -0
- flowgraph/_static/assets/index-BE9FlCos.css +2 -0
- flowgraph/_static/assets/index-SiLO3vOy.js +157 -0
- flowgraph/_static/assets/pdf-B_9Q7Dif.js +11 -0
- flowgraph/_static/assets/pdf.worker.min-0p99Cwul.js +1 -0
- flowgraph/_static/assets/pdf.worker.min-yatZIOMy.mjs +21 -0
- flowgraph/_static/favicon.svg +1 -0
- flowgraph/_static/icons.svg +24 -0
- flowgraph/_static/index.html +15 -0
- flowgraph/ai_proxy.py +146 -0
- flowgraph/cli.py +201 -0
- flowgraph/config.py +125 -0
- flowgraph/keys.py +133 -0
- flowgraph/providers.py +89 -0
- flowgraph/runtime_config.py +27 -0
- flowgraph/security.py +291 -0
- flowgraph/server.py +96 -0
- flowgraph/update_check.py +118 -0
- flowgraphapp-0.1.1.dist-info/METADATA +108 -0
- flowgraphapp-0.1.1.dist-info/RECORD +25 -0
- flowgraphapp-0.1.1.dist-info/WHEEL +4 -0
- flowgraphapp-0.1.1.dist-info/entry_points.txt +2 -0
- flowgraphapp-0.1.1.dist-info/licenses/LICENSE +18 -0
flowgraph/__init__.py
ADDED
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
"""FlowGraph local server — serve the SPA + a hardened localhost API on your own machine.
|
|
2
|
+
|
|
3
|
+
See ``docs/18-local-server.md`` for the spec and threat model. The version here is the
|
|
4
|
+
single source of truth (hatchling reads it for the wheel; the update check compares it
|
|
5
|
+
against PyPI).
|
|
6
|
+
"""
|
|
7
|
+
|
|
8
|
+
__version__ = "0.1.1"
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# Cloudflare Pages headers. Applied at the edge — no app code involved.
|
|
2
|
+
# Docs: https://developers.cloudflare.com/pages/configuration/headers/
|
|
3
|
+
|
|
4
|
+
# Hashed build assets never change for a given URL — cache them forever.
|
|
5
|
+
/assets/*
|
|
6
|
+
Cache-Control: public, max-age=31536000, immutable
|
|
7
|
+
|
|
8
|
+
# The HTML shell must always revalidate so a new deploy is picked up instantly.
|
|
9
|
+
/index.html
|
|
10
|
+
Cache-Control: no-cache
|
|
11
|
+
|
|
12
|
+
# Sensible, non-breaking security headers for the whole site.
|
|
13
|
+
# (No Content-Security-Policy on purpose: the app fetches user-chosen LLM
|
|
14
|
+
# endpoints and renders arbitrary user media URLs, so a strict CSP would
|
|
15
|
+
# fight the local-first/BYOK design. Add a tailored connect-src/img-src CSP
|
|
16
|
+
# later if you lock down which providers are allowed.)
|
|
17
|
+
/*
|
|
18
|
+
X-Content-Type-Options: nosniff
|
|
19
|
+
Referrer-Policy: strict-origin-when-cross-origin
|
|
20
|
+
X-Frame-Options: SAMEORIGIN
|
|
21
|
+
Permissions-Policy: geolocation=(), microphone=(), camera=()
|