jac-scale 0.1.1__py3-none-any.whl → 0.1.3__py3-none-any.whl

jac_scale/impl/user_manager.impl.jac

@@ -0,0 +1,349 @@
+impl JacScaleUserManager.postinit -> None {
+    super.postinit();
+    # Create SSO accounts table for tracking linked external identities
+    self._ensure_connection();
+    self._conn.execute(
+        """
+        CREATE TABLE IF NOT EXISTS sso_accounts (
+            user_id TEXT NOT NULL,
+            platform TEXT NOT NULL,
+            external_id TEXT NOT NULL,
+            email TEXT,
+            linked_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+            PRIMARY KEY (platform, external_id),
+            FOREIGN KEY (user_id) REFERENCES users(username) ON DELETE CASCADE
+        )
+        """
+    );
+    # Create index for faster lookups by user_id
+    self._conn.execute(
+        "CREATE INDEX IF NOT EXISTS idx_sso_accounts_user_id ON sso_accounts(user_id)"
+    );
+    self._conn.commit();
+    # Load SSO config
+    sso_config = get_scale_config().get_sso_config();
+    for platform in Platforms {
+        key = platform.lower();
+        platform_config = sso_config.get(key, {});
+
+        client_id = platform_config.get('client_id', '');
+        client_secret = platform_config.get('client_secret', '');
+
+        if not client_id or not client_secret {
+            continue;
+        }
+
+        self.SUPPORTED_PLATFORMS[platform.value] = {
+            "client_id": client_id,
+            "client_secret": client_secret
+        };
+    }
+}
+
+impl JacScaleUserManager.create_jwt_token(username: str) -> str {
+    now = datetime.now(UTC);
+    payload: dict[(str, Any)] = {
+        'username': username,
+        'exp': (now + timedelta(days=JWT_EXP_DELTA_DAYS)),
+        'iat': now.timestamp()
+    };
+    return jwt.encode(payload, JWT_SECRET, algorithm=JWT_ALGORITHM);
+}
+
+impl JacScaleUserManager.validate_jwt_token(token: str) -> (str | None) {
+    try {
+        decoded = jwt.decode(token, JWT_SECRET, algorithms=[JWT_ALGORITHM]);
+        return decoded['username'];
+    } except Exception {
+        return None;
+    }
+}
+
+impl JacScaleUserManager.refresh_jwt_token(token: str) -> (str | None) {
+    try {
+        decoded = jwt.decode(
+            token, JWT_SECRET, algorithms=[JWT_ALGORITHM], options={"verify_exp": True}
+        );
+        username = decoded.get('username');
+
+        if not username {
+            return None;
+        }
+
+        return self.create_jwt_token(username);
+    } except Exception {
+        return None;
+    }
+}
+
+impl JacScaleUserManager.validate_token(token: str) -> (str | None) {
+    return self.validate_jwt_token(token);
+}
+
+impl JacScaleUserManager.get_sso(platform: str, operation: str) -> (SSOProvider | None) {
+    if (platform not in self.SUPPORTED_PLATFORMS) {
+        return None;
+    }
+    credentials = self.SUPPORTED_PLATFORMS[platform];
+    redirect_uri = f"{SSO_HOST}/{platform}/{operation}/callback";
+    if (platform == Platforms.GOOGLE.value) {
+        import from jac_scale.google_sso_provider { GoogleSSOProvider }
+        return GoogleSSOProvider(
+            client_id=credentials['client_id'],
+            client_secret=credentials['client_secret'],
+            redirect_uri=redirect_uri,
+            allow_insecure_http=True
+        );
+    }
+    return None;
+}
+
+impl JacScaleUserManager.sso_initiate(
+    platform: str, operation: str
+) -> (Response | TransportResponse) {
+    import from jaclang.runtimelib.server { JsonValue }
+    if (platform not in [p.value for p in Platforms]) {
+        return TransportResponse.fail(
+            code='INVALID_PLATFORM',
+            message=f"Invalid platform '{platform}'. Supported platforms: {', '.join(
+                [p.value for p in Platforms]
+            )}",
+            meta=Meta(extra={'http_status': 400})
+        );
+    }
+    if (platform not in self.SUPPORTED_PLATFORMS) {
+        return TransportResponse.fail(
+            code='SSO_NOT_CONFIGURED',
+            message=f"SSO for platform '{platform}' is not configured. Please set SSO_{platform.upper()}_CLIENT_ID and SSO_{platform.upper()}_CLIENT_SECRET environment variables.",
+            meta=Meta(extra={'http_status': 501})
+        );
+    }
+    if (operation not in [o.value for o in Operations]) {
+        return TransportResponse.fail(
+            code='INVALID_OPERATION',
+            message=f"Invalid operation '{operation}'. Must be 'login' or 'register'",
+            meta=Meta(extra={'http_status': 400})
+        );
+    }
+    sso = self.get_sso(platform, operation);
+    if not sso {
+        return TransportResponse.fail(
+            code='SSO_INIT_FAILED',
+            message=f"Failed to initialize SSO for platform '{platform}'",
+            meta=Meta(extra={'http_status': 500})
+        );
+    }
+    return await sso.initiate_auth(operation);
+}
+
+impl JacScaleUserManager.sso_callback(
+    request: Request, platform: str, operation: str
+) -> TransportResponse {
+    import from jaclang.runtimelib.server { JsonValue }
+    if (platform not in [p.value for p in Platforms]) {
+        return TransportResponse.fail(
+            code='INVALID_PLATFORM',
+            message=f"Invalid platform '{platform}'. Supported platforms: {', '.join(
+                [p.value for p in Platforms]
+            )}",
+            meta=Meta(extra={'http_status': 400})
+        );
+    }
+    if (platform not in self.SUPPORTED_PLATFORMS) {
+        return TransportResponse.fail(
+            code='SSO_NOT_CONFIGURED',
+            message=f"SSO for platform '{platform}' is not configured. Please set SSO_{platform.upper()}_CLIENT_ID and SSO_{platform.upper()}_CLIENT_SECRET environment variables.",
+            meta=Meta(extra={'http_status': 501})
+        );
+    }
+    if (operation not in [o.value for o in Operations]) {
+        return TransportResponse.fail(
+            code='INVALID_OPERATION',
+            message=f"Invalid operation '{operation}'. Must be 'login' or 'register'",
+            meta=Meta(extra={'http_status': 400})
+        );
+    }
+    sso = self.get_sso(platform, operation);
+    if not sso {
+        return TransportResponse.fail(
+            code='SSO_INIT_FAILED',
+            message=f"Failed to initialize SSO for platform '{platform}'",
+            meta=Meta(extra={'http_status': 500})
+        );
+    }
+    try {
+        user_info = await sso.handle_callback(request);
+        email = user_info.email;
+        if not email {
+            return TransportResponse.fail(
+                code='EMAIL_MISSING',
+                message=f"Email not provided by {platform}",
+                meta=Meta(extra={'http_status': 400})
+            );
+        }
+        if (operation == Operations.LOGIN.value) {
+            user = self.get_user(email);
+            if not user {
+                return TransportResponse.fail(
+                    code='USER_NOT_FOUND',
+                    message='User not found. Please register first.',
+                    meta=Meta(extra={'http_status': 404})
+                );
+            }
+            token = self.create_jwt_token(email);
+            return TransportResponse.success(
+                data={
+                    'message': 'Login successful',
+                    'email': email,
+                    'token': token,
+                    'platform': platform,
+                    'user': dict[(str, JsonValue)](user)
+                },
+                meta=Meta(extra={'http_status': 200})
+            );
+        } elif (operation == Operations.REGISTER.value) {
+            existing_user = self.get_user(email);
+            if existing_user {
+                return TransportResponse.fail(
+                    code='USER_EXISTS',
+                    message='User already exists. Please login instead.',
+                    meta=Meta(extra={'http_status': 400})
+                );
+            }
+            random_password = generate_random_password();
+            result = self.create_user(email, random_password);
+            if ('error' in result) {
+                return TransportResponse.fail(
+                    code='USER_CREATION_FAILED',
+                    message=result.get('error', 'User creation failed'),
+                    meta=Meta(extra={'http_status': 400})
+                );
+            }
+            token = self.create_jwt_token(email);
+            result['token'] = token;
+            result['platform'] = platform;
+            return TransportResponse.success(
+                data=result, meta=Meta(extra={'http_status': 201})
+            );
+        }
+    } except Exception as e {
+        return TransportResponse.fail(
+            code='AUTHENTICATION_FAILED',
+            message=f"Authentication failed: {str(e)}",
+            meta=Meta(extra={'http_status': 500})
+        );
+    }
+    return TransportResponse.fail(
+        code='UNKNOWN_ERROR',
+        message='An unknown error occurred',
+        meta=Meta(extra={'http_status': 500})
+    );
+}
+
+# SSO Account Linking Methods
+"""Link an SSO account to a user.
+
+This allows users to have multiple SSO providers linked to their account.
+"""
+impl JacScaleUserManager.link_sso_account(
+    user_id: str, platform: str, external_id: str, email: str
+) -> dict[str, str] {
+    self._ensure_connection();
+    # Check if this SSO account is already linked to another user
+    cursor = self._conn.execute(
+        "SELECT user_id FROM sso_accounts WHERE platform = ? AND external_id = ?",
+        (platform, external_id)
+    );
+    existing = cursor.fetchone();
+    if existing {
+        if existing[0] == user_id {
+            return {'message': 'SSO account already linked to this user'};
+        }
+        return {'error': 'This SSO account is already linked to another user'};
+    }
+    # Link the SSO account
+    self._conn.execute(
+        """
+        INSERT INTO sso_accounts (user_id, platform, external_id, email)
+        VALUES (?, ?, ?, ?)
+        """,
+        (user_id, platform, external_id, email)
+    );
+    self._conn.commit();
+    return {
+        'message': 'SSO account linked successfully',
+        'user_id': user_id,
+        'platform': platform
+    };
+}
+
+"""Unlink an SSO account from a user."""
+impl JacScaleUserManager.unlink_sso_account(
+    user_id: str, platform: str
+) -> dict[str, str] {
+    self._ensure_connection();
+    cursor = self._conn.execute(
+        "DELETE FROM sso_accounts WHERE user_id = ? AND platform = ?",
+        (user_id, platform)
+    );
+    self._conn.commit();
+    if cursor.rowcount == 0 {
+        return {'error': 'SSO account not found'};
+    }
+    return {
+        'message': 'SSO account unlinked successfully',
+        'user_id': user_id,
+        'platform': platform
+    };
+}
+
+"""Get all SSO accounts linked to a user."""
+impl JacScaleUserManager.get_sso_accounts(user_id: str) -> list[dict[str, str]] {
+    self._ensure_connection();
+    cursor = self._conn.execute(
+        """
+        SELECT platform, external_id, email, linked_at
+        FROM sso_accounts
+        WHERE user_id = ?
+        ORDER BY linked_at DESC
+        """,
+        (user_id, )
+    );
+    accounts = [];
+    for row in cursor.fetchall() {
+        accounts.append(
+            {
+                'platform': row[0],
+                'external_id': row[1],
+                'email': row[2],
+                'linked_at': row[3]
+            }
+        );
+    }
+    return accounts;
+}
+
+"""Find a user by their SSO account credentials.
+
+This is used during SSO login to find the user associated with
+an external SSO identity.
+"""
+impl JacScaleUserManager.get_user_by_sso(
+    platform: str, external_id: str
+) -> (dict[str, str] | None) {
+    self._ensure_connection();
+    cursor = self._conn.execute(
+        """
+        SELECT sa.user_id, u.token, u.root_id
+        FROM sso_accounts sa
+        JOIN users u ON sa.user_id = u.username
+        WHERE sa.platform = ? AND sa.external_id = ?
+        """,
+        (platform, external_id)
+    );
+    row = cursor.fetchone();
+    if not row {
+        return None;
+    }
+    return {'email': row[0], 'token': row[1], 'root_id': row[2]};
+}

jac_scale/memory_hierarchy.jac

@@ -74,7 +74,9 @@ MongoDB persistence backend - implements PersistentMemory for durable L3 storage
 Replaces SqliteMemory when MongoDB is available.
 """
 obj MongoBackend(PersistentMemory) {
-    has client: (MongoClient | None) = None,
+    has client: MongoClient | None = None,
+        db: Any by postinit,
+        collection: Any by postinit,
         db_name: str = 'jac_db',
         collection_name: str = 'anchors',
         mongo_url: str = _db_config['mongodb_uri'];

jac_scale/plugin.jac

@@ -4,6 +4,7 @@ import pathlib;
 import from dotenv { load_dotenv }
 import from jaclang.cli.registry { get_registry }
 import from jaclang.cli.command { Arg, ArgKind, CommandPriority, HookContext }
+import from jaclang.cli.console { console }
 import from jaclang.pycore.runtime { hookimpl, plugin_manager }
 import from jaclang.runtimelib.context { ExecutionContext }
 import from jaclang.runtimelib.server { JacAPIServer as JacServer }
@@ -15,6 +16,9 @@ import from .factories.deployment_factory { DeploymentTargetFactory }
 import from .factories.registry_factory { ImageRegistryFactory }
 import from .factories.utility_factory { UtilityFactory }
 import from .abstractions.config.app_config { AppConfig }
+import from .user_manager { JacScaleUserManager }
+import from jaclang.runtimelib.server { UserManager }
+import from jaclang.runtimelib.storage { Storage }
 
 """Pre-hook for jac start command to handle --scale flag."""
 def _scale_pre_hook(context: HookContext) -> None {
@@ -23,6 +27,7 @@ def _scale_pre_hook(context: HookContext) -> None {
         # Handle deployment instead of local server
         filename = context.get_arg("filename");
         build = context.get_arg("build", False);
+        experimental = context.get_arg("experimental", False);
         target = context.get_arg("target", "kubernetes");
         registry = context.get_arg("registry", "dockerhub");
         if not os.path.exists(filename) {
@@ -57,15 +62,27 @@ def _scale_pre_hook(context: HookContext) -> None {
         }
         # Create app config
         app_config = AppConfig(
-            code_folder=code_folder, file_name=base_file_path, build=build
+            code_folder=code_folder,
+            file_name=base_file_path,
+            build=build,
+            experimental=experimental
         );
+        if experimental {
+            console.print(
+                "Installing Jaseci packages from repository (experimental mode)..."
+            );
+        } else {
+            console.print("Installing Jaseci packages from PyPI...");
+        }
         # Deploy
         result = deployment_target.deploy(app_config);
         if not result.success {
             raise RuntimeError(result.message or "Deployment failed") ;
         }
         if result.service_url {
-            print(f"Deployment complete! Service available at: {result.service_url}");
+            console.print(
+                f"Deployment complete! Service available at: {result.service_url}"
+            );
         }
         # Cancel normal start execution since we handled it
         context.set_data("cancel_execution", True);
@@ -99,6 +116,13 @@ class JacCmd {
                     help="Build and push Docker image (with --scale)",
                     short="b"
                 ),
+                Arg.create(
+                    "experimental",
+                    typ=bool,
+                    default=False,
+                    help="Use experimental mode (install from repo instead of PyPI)",
+                    short="e"
+                ),
                 Arg.create(
                     "target",
                     typ=str,
@@ -166,7 +190,9 @@ class JacCmd {
             app_name = os.getenv('APP_NAME') or target_config.get('app_name', 'jaseci');
             deployment_target.destroy(app_name);
 
-            print(f"Successfully destroyed deployment '{app_name}' from {target}");
+            console.print(
+                f"Successfully destroyed deployment '{app_name}' from {target}"
+            );
             return 0;
         }
     }
@@ -197,6 +223,23 @@ class JacScalePlugin {
     static def get_api_server_class -> type {
         return JacAPIServer;
     }
+
+    """Provide jac-scale's UserManager."""
+    @hookimpl
+    static def get_user_manager(base_path: str) -> UserManager {
+        return JacScaleUserManager(base_path=base_path);
+    }
+
+    """Provide jac-scale's storage backend.
+
+    This overrides the core store() to use jac-scale's StorageFactory,
+    which supports cloud backends (S3, GCS, Azure) via configuration.
+    """
+    @hookimpl
+    static def store(base_path: str = "./storage", create_dirs: bool = True) -> Storage {
+        import from .factories.storage_factory { StorageFactory }
+        return StorageFactory.get_default(base_path, create_dirs);
+    }
 }
 
 # Pluggy's varnames() puts parameters with defaults into kwargnames, not argnames.

jac_scale/plugin_config.jac

@@ -149,6 +149,33 @@ class JacScalePluginConfig {
                             "type": "bool",
                             "default": True,
                             "description": "Enable Redis deployment in Kubernetes"
+                        },
+                        "plugin_versions": {
+                            "type": "dict",
+                            "default": {},
+                            "description": "Package versions for PyPI installation (default mode). Use 'latest' or specific version.",
+                            "nested": {
+                                "jaclang": {
+                                    "type": "string",
+                                    "default": "latest",
+                                    "description": "jaclang package version"
+                                },
+                                "jac_scale": {
+                                    "type": "string",
+                                    "default": "latest",
+                                    "description": "jac-scale package version"
+                                },
+                                "jac_client": {
+                                    "type": "string",
+                                    "default": "latest",
+                                    "description": "jac-client package version"
+                                },
+                                "jac_byllm": {
+                                    "type": "string",
+                                    "default": "latest",
+                                    "description": "jac-byllm package version (use 'none' to skip)"
+                                }
+                            }
                         }
                     }
                 },

jac_scale/serve.jac

@@ -24,6 +24,9 @@ import from enum { StrEnum }
 import from fastapi_sso.sso.google { GoogleSSO }
 import from jac_scale.utils { generate_random_password }
 import from jac_scale.config_loader { get_scale_config }
+import from typing { AsyncGenerator }
+import from inspect { isgenerator }
+import from fastapi.responses { StreamingResponse }
 
 # Load configuration from jac.toml with env var overrides
 glob _jwt_config = get_scale_config().get_jwt_config(),
@@ -43,9 +46,6 @@ obj JacAPIServer(JServer) {
     has _hmr_pending: bool = False,
         _hot_reloader: Any | None = None;
 
-    static def create_jwt_token(username: str) -> str;
-    static def validate_jwt_token(token: str) -> (str | None);
-    static def refresh_jwt_token(token: str) -> (str | None);
     def postinit -> None;
     def login(username: str, password: str) -> TransportResponse;
     def register_login_endpoint -> None;
@@ -66,15 +66,6 @@ obj JacAPIServer(JServer) {
     def refresh_token(token: (str | None) = None) -> TransportResponse;
     def register_create_user_endpoint -> None;
     def register_refresh_token_endpoint -> None;
-    def get_sso(platform: str, operation: str) -> (GoogleSSO | None);
-    async def sso_initiate(
-        platform: str, operation: str
-    ) -> (Response | TransportResponse);
-
-    async def sso_callback(
-        request: Request, platform: str, operation: str
-    ) -> TransportResponse;
-
     def register_sso_endpoints -> None;
     def create_walker_callback(
         walker_name: str, has_node_param: bool = False

jac_scale/sso_provider.jac

@@ -0,0 +1,72 @@
+"""SSO Provider Abstraction for jac-scale.
+
+This module defines the abstract interface for SSO providers, enabling
+easy addition of new authentication vendors (Google, Microsoft, GitHub, SAML, etc.).
+"""
+
+import from typing { Any }
+import from fastapi { Request, Response }
+import from dataclasses { dataclass }
+
+"""Standardized user information from SSO providers."""
+@dataclass
+class SSOUserInfo {
+    has email: str,
+        external_id: str,
+        platform: str,
+        display_name: (str | None) = None;
+}
+
+"""Abstract base class for SSO providers.
+
+All SSO provider implementations must inherit from this class and implement
+the required methods. This abstraction enables:
+
+1. Consistent interface across all SSO vendors
+2. Easy addition of new providers (just implement this interface)
+3. Testability through mock implementations
+4. Standardized user information format
+
+Example:
+    To add a new SSO provider (e.g., Microsoft):
+
+    ```jac
+    obj MicrosoftSSOProvider(SSOProvider) {
+        # Implement the three required methods
+        async def initiate_auth(operation: str) -> Response;
+        async def handle_callback(request: Request) -> SSOUserInfo;
+        def get_platform_name() -> str;
+    }
+    ```
+"""
+obj SSOProvider {
+    """Initialize SSO authentication flow.
+
+    Args:
+        operation: The operation type ('login' or 'register')
+
+    Returns:
+        Response object (typically a redirect to the SSO provider's auth page)
+    """
+    async def initiate_auth(operation: str) -> Response;
+
+    """Handle the OAuth callback from the SSO provider.
+
+    Args:
+        request: The FastAPI request object containing the OAuth callback data
+
+    Returns:
+        SSOUserInfo: Standardized user information from the provider
+
+    Raises:
+        Exception: If authentication fails or user info cannot be retrieved
+    """
+    async def handle_callback(request: Request) -> SSOUserInfo;
+
+    """Get the platform identifier for this provider.
+
+    Returns:
+        str: Platform name (e.g., 'google', 'microsoft', 'github')
+    """
+    def get_platform_name -> str;
+}

jac_scale/targets/kubernetes/kubernetes_config.jac

@@ -34,12 +34,12 @@ class KubernetesConfig(BaseConfig) {
         app_mount_path: str = '/app',
         code_mount_path: str = '/code',
         workspace_path: str = '/code/workspace',
-        # Runtime environment (defaults to official Jaseci repo)
         jaseci_repo_url: str = 'https://github.com/jaseci-labs/jaseci.git',
         jaseci_branch: str = 'main',
         jaseci_commit: (str | None) = None,
         install_jaseci: bool = True,
-        additional_packages: list[str] = [];
+        additional_packages: list[str] = [],
+        plugin_versions: dict[str, str] = {};
 
     def init(
         self: KubernetesConfig,
@@ -75,12 +75,8 @@ class KubernetesConfig(BaseConfig) {
         jaseci_branch: str = 'main',
         jaseci_commit: (str | None) = None,
         install_jaseci: bool = True,
-        additional_packages: list[str] = []
-        # Runtime configuration
-        # Storage configuration
-        # Timing configuration
-        # Paths
-        # Runtime environment
+        additional_packages: list[str] = [],
+        plugin_versions: dict[str, str] = {}
     ) -> None {
         self.app_name = app_name;
         self.namespace = namespace;
@@ -121,6 +117,7 @@ class KubernetesConfig(BaseConfig) {
         self.jaseci_commit = jaseci_commit;
         self.install_jaseci = install_jaseci;
         self.additional_packages = additional_packages;
+        self.plugin_versions = plugin_versions;
     }
 
     override def to_dict(self: KubernetesConfig) -> dict[str, Any] {
@@ -162,7 +159,8 @@ class KubernetesConfig(BaseConfig) {
                 'jaseci_branch': self.jaseci_branch,
                 'jaseci_commit': self.jaseci_commit,
                 'install_jaseci': self.install_jaseci,
-                'additional_packages': self.additional_packages
+                'additional_packages': self.additional_packages,
+                'plugin_versions': self.plugin_versions
             }
         );
         return base;
@@ -204,12 +202,8 @@ class KubernetesConfig(BaseConfig) {
             jaseci_branch=config.get('jaseci_branch', 'main'),
             jaseci_commit=config.get('jaseci_commit'),
             install_jaseci=config.get('install_jaseci', True),
-            additional_packages=config.get('additional_packages', [])
-            # Runtime configuration
-            # Storage configuration
-            # Timing configuration
-            # Paths
-            # Runtime environment
+            additional_packages=config.get('additional_packages', []),
+            plugin_versions=config.get('plugin_versions', {})
         );
     }
 }