PyPI - jac-scale - Versions diffs - 0.1.1__py3-none-any.whl → 0.1.4__py3-none-any.whl - Mend

jac-scale 0.1.1py3-none-any.whl → 0.1.4py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

jac_scale/abstractions/config/app_config.jac +5 -2
jac_scale/config_loader.jac +2 -1
jac_scale/context.jac +2 -1
jac_scale/factories/storage_factory.jac +75 -0
jac_scale/google_sso_provider.jac +85 -0
jac_scale/impl/config_loader.impl.jac +28 -3
jac_scale/impl/context.impl.jac +1 -0
jac_scale/impl/serve.impl.jac +749 -266
jac_scale/impl/user_manager.impl.jac +349 -0
jac_scale/impl/webhook.impl.jac +212 -0
jac_scale/jserver/impl/jfast_api.impl.jac +4 -0
jac_scale/memory_hierarchy.jac +3 -1
jac_scale/plugin.jac +46 -3
jac_scale/plugin_config.jac +28 -1
jac_scale/serve.jac +33 -16
jac_scale/sso_provider.jac +72 -0
jac_scale/targets/kubernetes/kubernetes_config.jac +9 -15
jac_scale/targets/kubernetes/kubernetes_target.jac +174 -15
jac_scale/tests/fixtures/scale-feats/components/Button.cl.jac +32 -0
jac_scale/tests/fixtures/scale-feats/main.jac +147 -0
jac_scale/tests/fixtures/test_api.jac +89 -0
jac_scale/tests/fixtures/test_restspec.jac +88 -0
jac_scale/tests/test_deploy_k8s.py +2 -1
jac_scale/tests/test_examples.py +180 -5
jac_scale/tests/test_hooks.py +39 -0
jac_scale/tests/test_restspec.py +289 -0
jac_scale/tests/test_serve.py +411 -4
jac_scale/tests/test_sso.py +273 -284
jac_scale/tests/test_storage.py +274 -0
jac_scale/user_manager.jac +49 -0
jac_scale/webhook.jac +93 -0
{jac_scale-0.1.1.dist-info → jac_scale-0.1.4.dist-info}/METADATA +11 -4
{jac_scale-0.1.1.dist-info → jac_scale-0.1.4.dist-info}/RECORD +36 -23
{jac_scale-0.1.1.dist-info → jac_scale-0.1.4.dist-info}/WHEEL +1 -1
{jac_scale-0.1.1.dist-info → jac_scale-0.1.4.dist-info}/entry_points.txt +0 -0
{jac_scale-0.1.1.dist-info → jac_scale-0.1.4.dist-info}/top_level.txt +0 -0

jac_scale/impl/serve.impl.jac CHANGED Viewed

@@ -57,10 +57,10 @@ def _transport_response_to_json_response(
     );
 }
-impl JacAPIServer.start(dev: bool = False) -> None {
+impl JacAPIServer.start(dev: bool = False, no_client: bool = False) -> None {
     self.introspector.load();
-    # Eagerly build client bundle if there are client exports (skip in dev mode)
-    if not dev {
+    # Eagerly build client bundle if there are client exports (skip in dev or no_client mode)
+    if not dev and not no_client {
         client_exports = self.introspector._client_manifest.get('exports', []);
         if client_exports {
             import time;
@@ -96,14 +96,17 @@ impl JacAPIServer.start(dev: bool = False) -> None {
     self.register_static_file_endpoint();
     self.register_update_username_endpoint();
     self.register_update_password_endpoint();
+    self.register_api_key_endpoints();
     # Use dynamic routing for HMR support, static routing for production
     if dev {
         self.register_dynamic_walker_endpoint();
         self.register_dynamic_function_endpoint();
         self.register_dynamic_introspection_endpoints();
+        self.register_dynamic_webhook_endpoint();
     } else {
         self.register_walkers_endpoints();
         self.register_functions_endpoints();
+        self.register_webhook_endpoints();
     }
     self.register_root_asset_endpoint();
     self._configure_openapi_security();
@@ -177,19 +180,35 @@ impl JacAPIServer._configure_openapi_security -> None {
     self.server.app.openapi = custom_openapi;
 }
-"""Serve root-level assets like /img.png, /icons/logo.svg, etc."""
+"""Serve root-level assets like /img.png, /icons/logo.svg, etc.
+Falls back to SPA HTML for extensionless paths when base_route_app is configured."""
 impl JacAPIServer.serve_root_asset(file_path: str) -> Response {
     allowed_extensions = {'.png','.jpg','.jpeg','.gif','.webp','.svg','.ico','.woff','.woff2','.ttf','.otf','.eot','.mp4','.webm','.mp3','.wav','.css','.js','.json','.pdf','.txt','.xml'};
     file_ext = Path(file_path).suffix.lower();
-    if (not file_ext or (file_ext not in allowed_extensions)) {
-        return Response(status_code=404, content='Not found', media_type='text/plain');
-    }
     import from jaclang.project.config { get_config }
     config = get_config();
     cl_route_prefix = config.serve.cl_route_prefix if config else "cl";
-    if file_path.startswith(
-        (f'{cl_route_prefix}/', 'walker/', 'function/', 'user/', 'static/')
-    ) {
+    api_prefixes = (f'{cl_route_prefix}/', 'walker/', 'function/', 'user/', 'static/');
+    if (not file_ext or (file_ext not in allowed_extensions)) {
+        # SPA catch-all: serve base_route_app for extensionless paths
+        base_route_app = config.serve.base_route_app if config else "";
+        if (not file_ext and base_route_app and not file_path.startswith(api_prefixes)) {
+            try {
+                render_payload = self.introspector.render_page(
+                    base_route_app, {}, '__guest__'
+                );
+                return HTMLResponse(content=render_payload['html']);
+            } except ValueError {
+                return HTMLResponse(content="<h1>404 Not Found</h1>", status_code=404);
+            } except RuntimeError {
+                return HTMLResponse(
+                    content="<h1>503 Service Unavailable</h1>", status_code=503
+                );
+            }
+        }
+        return Response(status_code=404, content='Not found', media_type='text/plain');
+    }
+    if file_path.startswith(api_prefixes) {
         return Response(status_code=404, content='Not found', media_type='text/plain');
     }
     # Find project root (where jac.toml is) instead of using base_path_dir
@@ -486,12 +505,21 @@ impl JacAPIServer.render_base_route_callback(
 impl JacAPIServer.register_functions_endpoints -> None {
     for func_name in self.get_functions() {
+        func_obj = self.get_functions()[func_name];
+        restspec = func_obj.restspec if func_obj?.restspec else None;
+        spec_method = restspec.method if restspec else HTTPMethod.POST;
+        spec_path = restspec.path if restspec else None;
+        final_path = spec_path or f"/function/{func_name}";
         self.server.add_endpoint(
             JEndPoint(
-                method=HTTPMethod.POST,
-                path=f"/function/{func_name}",
+                method=spec_method,
+                path=final_path,
                 callback=self.create_function_callback(func_name),
-                parameters=self.create_function_parameters(func_name),
+                parameters=self.create_function_parameters(
+                    func_name, method=spec_method
+                ),
                 response_model=None,
                 tags=['Functions'],
                 summary='This is a summary',
@@ -501,7 +529,9 @@ impl JacAPIServer.register_functions_endpoints -> None {
     }
 }
-impl JacAPIServer.create_function_parameters(func_name: str) -> list[APIParameter] {
+impl JacAPIServer.create_function_parameters(
+    func_name: str, method: HTTPMethod = HTTPMethod.POST
+) -> list[APIParameter] {
     parameters: list[APIParameter] = [];
     if self.introspector.is_auth_required_for_function(func_name) {
         parameters.append(
@@ -520,8 +550,13 @@ impl JacAPIServer.create_function_parameters(func_name: str) -> list[APIParamete
     )['parameters'];
     for field_name in func_fields {
         field_type = func_fields[field_name]['type'];
-        # Determine parameter type based on field type
-        if ('UploadFile' in field_type or 'uploadfile' in field_type.lower()) {
+        # Determine parameter type based on field type and method
+        if (
+            method == HTTPMethod.GET
+            and not ('UploadFile' in field_type or 'uploadfile' in field_type.lower())
+        ) {
+            param_type = ParameterType.QUERY;
+        } elif ('UploadFile' in field_type or 'uploadfile' in field_type.lower()) {
             # Support UploadFile type for file uploads
             param_type = ParameterType.FILE;
         } else {
@@ -546,7 +581,7 @@ impl JacAPIServer.create_function_callback(
 ) -> Callable[..., TransportResponse] {
     import from jaclang.runtimelib.transport { TransportResponse, Meta }
     requires_auth = self.introspector.is_auth_required_for_function(func_name);
-    def callback(**kwargs: JsonValue) -> TransportResponse {
+    async def callback(**kwargs: JsonValue) -> TransportResponse {
         username: (str | None) = None;
         if requires_auth {
             authorization = kwargs.pop('Authorization', None);
@@ -558,7 +593,7 @@ impl JacAPIServer.create_function_callback(
             ) {
                 token = authorization[7:];
             }
-            username = self.validate_jwt_token(token) if token else None;
+            username = self.user_manager.validate_jwt_token(token) if token else None;
             if not username {
                 return TransportResponse.fail(
                     code='UNAUTHORIZED',
@@ -568,9 +603,21 @@ impl JacAPIServer.create_function_callback(
             }
         }
         print(f"Executing function '{func_name}' with params: {kwargs}");
-        result = self.execution_manager.execute_function(
+        result = await self.execution_manager.execute_function(
             self.get_functions()[func_name], kwargs, (username or '__guest__')
         );
+        # Handle streaming responses (generators/async generators)
+        if (isgenerator(result) or isinstance(result, AsyncGenerator)) {
+            return StreamingResponse(
+                result,
+                media_type='text/event-stream',
+                headers={
+                    'Cache-Control': 'no-cache',
+                    'Connection': 'close',
+                    'X-Accel-Buffering': 'no'
+                }
+            );
+        }
         if 'error' in result {
             return TransportResponse.fail(
                 code='EXECUTION_ERROR',
@@ -588,13 +635,23 @@ impl JacAPIServer.create_function_callback(
 impl JacAPIServer.register_walkers_endpoints -> None {
     for walker_name in self.get_walkers() {
+        # Skip walkers configured for webhook transport - they use /webhook/{walker_name} instead
+        transport_type = self.get_transport_type_for_walker(walker_name);
+        if transport_type == TransportType.WEBHOOK {
+            continue;
+        }
+        walker_cls = self.get_walkers()[walker_name];
+        restspec = walker_cls.restspec if walker_cls?.restspec else None;
+        spec_method = restspec.method if restspec?.method else HTTPMethod.POST;
+        spec_path = restspec.path if restspec?.path else f"/walker/{walker_name}";
         self.server.add_endpoint(
             JEndPoint(
-                method=HTTPMethod.POST,
-                path=f"/walker/{walker_name}/{{node}}",
+                method=spec_method,
+                path=f"{spec_path}/{{node}}",
                 callback=self.create_walker_callback(walker_name, has_node_param=True),
                 parameters=self.create_walker_parameters(
-                    walker_name, invoke_on_root=False
+                    walker_name, invoke_on_root=False, method=spec_method
                 ),
                 response_model=None,
                 tags=['Walkers'],
@@ -604,11 +661,11 @@ impl JacAPIServer.register_walkers_endpoints -> None {
         );
         self.server.add_endpoint(
             JEndPoint(
-                method=HTTPMethod.POST,
-                path=f"/walker/{walker_name}",
+                method=spec_method,
+                path=spec_path,
                 callback=self.create_walker_callback(walker_name, has_node_param=False),
                 parameters=self.create_walker_parameters(
-                    walker_name, invoke_on_root=True
+                    walker_name, invoke_on_root=True, method=spec_method
                 ),
                 response_model=None,
                 tags=['Walkers'],
@@ -620,7 +677,7 @@ impl JacAPIServer.register_walkers_endpoints -> None {
 }
 impl JacAPIServer.create_walker_parameters(
-    walker_name: str, invoke_on_root: bool
+    walker_name: str, invoke_on_root: bool, method: HTTPMethod = HTTPMethod.POST
 ) -> list[APIParameter] {
     parameters: list[APIParameter] = [];
     if self.introspector.is_auth_required_for_walker(walker_name) {
@@ -643,9 +700,14 @@ impl JacAPIServer.create_walker_parameters(
             continue;
         }
         field_type = walker_fields[field_name]['type'];
-        # Determine parameter type based on field type
+        # Determine parameter type based on field type and method
         if (field_name == '_jac_spawn_node') {
             param_type = ParameterType.PATH;
+        } elif (
+            method == HTTPMethod.GET
+            and not ('UploadFile' in field_type or 'uploadfile' in field_type.lower())
+        ) {
+            param_type = ParameterType.QUERY;
         } elif ('UploadFile' in field_type or 'uploadfile' in field_type.lower()) {
             # Support UploadFile type for file uploads
             param_type = ParameterType.FILE;
@@ -685,7 +747,7 @@ impl JacAPIServer.create_walker_callback(
             ) {
                 token = authorization[7:];
             }
-            username = self.validate_jwt_token(token) if token else None;
+            username = self.user_manager.validate_jwt_token(token) if token else None;
             if not username {
                 return TransportResponse.fail(
                     code='UNAUTHORIZED',
@@ -700,6 +762,17 @@ impl JacAPIServer.create_walker_callback(
         result = await self.execution_manager.spawn_walker(
             self.get_walkers()[walker_name], kwargs, (username or '__guest__')
         );
+        if (isgenerator(result) or isinstance(result, AsyncGenerator)) {
+            return StreamingResponse(
+                result,
+                media_type='text/event-stream',
+                headers={
+                    'Cache-Control': 'no-cache',
+                    'Connection': 'close',
+                    'X-Accel-Buffering': 'no'
+                }
+            );
+        }
         if 'error' in result {
             return TransportResponse.fail(
                 code='EXECUTION_ERROR',
@@ -783,7 +856,7 @@ impl JacAPIServer.refresh_token(token: (str | None) = None) -> TransportResponse
     if token.startswith('Bearer ') {
         token = token[7:];
     }
-    new_token = self.refresh_jwt_token(token);
+    new_token = self.user_manager.refresh_jwt_token(token);
     if (not new_token) {
         return TransportResponse.fail(
             code='UNAUTHORIZED',
@@ -809,7 +882,7 @@ impl JacAPIServer.create_user(username: str, password: str) -> TransportResponse
                 meta=Meta(extra={'http_status': 400})
             );
         }
-        res['token'] = self.create_jwt_token(username);
+        res['token'] = self.user_manager.create_jwt_token(username);
         return TransportResponse.success(
             data=res, meta=Meta(extra={'http_status': 201})
         );
@@ -837,7 +910,7 @@ impl JacAPIServer.update_username(
     ) {
         token = Authorization[7:];
     }
-    token_username = self.validate_jwt_token(token) if token else None;
+    token_username = self.user_manager.validate_jwt_token(token) if token else None;
     if not token_username {
         return TransportResponse.fail(
             code='UNAUTHORIZED',
@@ -869,7 +942,7 @@ impl JacAPIServer.update_username(
         );
     }
     # Generate new JWT token with updated username
-    result['token'] = self.create_jwt_token(new_username);
+    result['token'] = self.user_manager.create_jwt_token(new_username);
     return TransportResponse.success(
         data=result, meta=Meta(extra={'http_status': 200})
     );
@@ -891,7 +964,7 @@ impl JacAPIServer.update_password(
     ) {
         token = Authorization[7:];
     }
-    token_username = self.validate_jwt_token(token) if token else None;
+    token_username = self.user_manager.validate_jwt_token(token) if token else None;
     if not token_username {
         return TransportResponse.fail(
             code='UNAUTHORIZED',
@@ -1066,7 +1139,7 @@ impl JacAPIServer.login(username: str, password: str) -> TransportResponse {
             meta=Meta(extra={'http_status': 401})
         );
     }
-    result['token'] = self.create_jwt_token(username);
+    result['token'] = self.user_manager.create_jwt_token(username);
     return TransportResponse.success(
         data=dict[(str, JsonValue)](result), meta=Meta(extra={'http_status': 200})
     );
@@ -1074,6 +1147,7 @@ impl JacAPIServer.login(username: str, password: str) -> TransportResponse {
 impl JacAPIServer.postinit -> None {
     super.postinit();
+    self._api_key_manager = ApiKeyManager();
     self.server.app.add_middleware(
         CORSMiddleware,
         allow_origins=['*'],
@@ -1109,219 +1183,6 @@ impl JacAPIServer.postinit -> None {
         }
         self.server.app.add_middleware(CustomHeadersMiddleware);
     }
-    self.SUPPORTED_PLATFORMS: dict = {};
-    # Load SSO config fresh (not from cached global) to support env var overrides at runtime
-    sso_config = get_scale_config().get_sso_config();
-    for platform in Platforms {
-        key = platform.lower();
-        platform_config = sso_config.get(key, {});
-        client_id = platform_config.get('client_id', '');
-        client_secret = platform_config.get('client_secret', '');
-        if not client_id or not client_secret {
-            continue;
-        }
-        self.SUPPORTED_PLATFORMS[platform.value] = {
-            "client_id": client_id,
-            "client_secret": client_secret
-        };
-    }
-}
-impl JacAPIServer.refresh_jwt_token(token: str) -> (str | None) {
-    try {
-        decoded = jwt.decode(
-            token, JWT_SECRET, algorithms=[JWT_ALGORITHM], options={"verify_exp": True}
-        );
-        username = decoded.get('username');
-        if not username {
-            return None;
-        }
-        return JacAPIServer.create_jwt_token(username);
-    } except Exception {
-        return None;
-    }
-}
-impl JacAPIServer.validate_jwt_token(token: str) -> (str | None) {
-    try {
-        decoded = jwt.decode(token, JWT_SECRET, algorithms=[JWT_ALGORITHM]);
-        return decoded['username'];
-    } except Exception {
-        return None;
-    }
-}
-impl JacAPIServer.create_jwt_token(username: str) -> str {
-    now = datetime.now(UTC);
-    payload: dict[(str, Any)] = {
-        'username': username,
-        'exp': (now + timedelta(days=JWT_EXP_DELTA_DAYS)),
-        'iat': now.timestamp()
-    };
-    return jwt.encode(payload, JWT_SECRET, algorithm=JWT_ALGORITHM);
-}
-impl JacAPIServer.get_sso(platform: str, operation: str) -> (GoogleSSO | None) {
-    if (platform not in self.SUPPORTED_PLATFORMS) {
-        return None;
-    }
-    credentials = self.SUPPORTED_PLATFORMS[platform];
-    redirect_uri = f"{SSO_HOST}/{platform}/{operation}/callback";
-    if (platform == Platforms.GOOGLE.value) {
-        return GoogleSSO(
-            client_id=credentials['client_id'],
-            client_secret=credentials['client_secret'],
-            redirect_uri=redirect_uri,
-            allow_insecure_http=True
-        );
-    }
-    return None;
-}
-impl JacAPIServer.sso_initiate(
-    platform: str, operation: str
-) -> (Response | TransportResponse) {
-    import from jaclang.runtimelib.transport { TransportResponse, Meta }
-    if (platform not in [p.value for p in Platforms]) {
-        return TransportResponse.fail(
-            code='INVALID_PLATFORM',
-            message=f"Invalid platform '{platform}'. Supported platforms: {', '.join(
-                [p.value for p in Platforms]
-            )}",
-            meta=Meta(extra={'http_status': 400})
-        );
-    }
-    if (platform not in self.SUPPORTED_PLATFORMS) {
-        return TransportResponse.fail(
-            code='SSO_NOT_CONFIGURED',
-            message=f"SSO for platform '{platform}' is not configured. Please set SSO_{platform.upper()}_CLIENT_ID and SSO_{platform.upper()}_CLIENT_SECRET environment variables.",
-            meta=Meta(extra={'http_status': 501})
-        );
-    }
-    if (operation not in [o.value for o in Operations]) {
-        return TransportResponse.fail(
-            code='INVALID_OPERATION',
-            message=f"Invalid operation '{operation}'. Must be 'login' or 'register'",
-            meta=Meta(extra={'http_status': 400})
-        );
-    }
-    sso = self.get_sso(platform, operation);
-    if not sso {
-        return TransportResponse.fail(
-            code='SSO_INIT_FAILED',
-            message=f"Failed to initialize SSO for platform '{platform}'",
-            meta=Meta(extra={'http_status': 500})
-        );
-    }
-    with sso {
-        return await sso.get_login_redirect();
-    }
-}
-impl JacAPIServer.sso_callback(
-    request: Request, platform: str, operation: str
-) -> TransportResponse {
-    import from jaclang.runtimelib.transport { TransportResponse, Meta }
-    if (platform not in [p.value for p in Platforms]) {
-        return TransportResponse.fail(
-            code='INVALID_PLATFORM',
-            message=f"Invalid platform '{platform}'. Supported platforms: {', '.join(
-                [p.value for p in Platforms]
-            )}",
-            meta=Meta(extra={'http_status': 400})
-        );
-    }
-    if (platform not in self.SUPPORTED_PLATFORMS) {
-        return TransportResponse.fail(
-            code='SSO_NOT_CONFIGURED',
-            message=f"SSO for platform '{platform}' is not configured. Please set SSO_{platform.upper()}_CLIENT_ID and SSO_{platform.upper()}_CLIENT_SECRET environment variables.",
-            meta=Meta(extra={'http_status': 501})
-        );
-    }
-    if (operation not in [o.value for o in Operations]) {
-        return TransportResponse.fail(
-            code='INVALID_OPERATION',
-            message=f"Invalid operation '{operation}'. Must be 'login' or 'register'",
-            meta=Meta(extra={'http_status': 400})
-        );
-    }
-    sso = self.get_sso(platform, operation);
-    if not sso {
-        return TransportResponse.fail(
-            code='SSO_INIT_FAILED',
-            message=f"Failed to initialize SSO for platform '{platform}'",
-            meta=Meta(extra={'http_status': 500})
-        );
-    }
-    try {
-        with sso {
-            user_info = await sso.verify_and_process(request);
-            email = user_info.email;
-            if not email {
-                return TransportResponse.fail(
-                    code='EMAIL_MISSING',
-                    message=f"Email not provided by {platform}",
-                    meta=Meta(extra={'http_status': 400})
-                );
-            }
-            if (operation == Operations.LOGIN.value) {
-                user = self.user_manager.get_user(email);
-                if not user {
-                    return TransportResponse.fail(
-                        code='USER_NOT_FOUND',
-                        message='User not found. Please register first.',
-                        meta=Meta(extra={'http_status': 404})
-                    );
-                }
-                token = self.create_jwt_token(email);
-                return TransportResponse.success(
-                    data={
-                        'message': 'Login successful',
-                        'email': email,
-                        'token': token,
-                        'platform': platform,
-                        'user': dict[(str, JsonValue)](user)
-                    },
-                    meta=Meta(extra={'http_status': 200})
-                );
-            } elif (operation == Operations.REGISTER.value) {
-                existing_user = self.user_manager.get_user(email);
-                if existing_user {
-                    return TransportResponse.fail(
-                        code='USER_EXISTS',
-                        message='User already exists. Please login instead.',
-                        meta=Meta(extra={'http_status': 400})
-                    );
-                }
-                random_password = generate_random_password();
-                result = self.user_manager.create_user(email, random_password);
-                if ('error' in result) {
-                    return TransportResponse.fail(
-                        code='USER_CREATION_FAILED',
-                        message=result.get('error', 'User creation failed'),
-                        meta=Meta(extra={'http_status': 400})
-                    );
-                }
-                token = self.create_jwt_token(email);
-                result['token'] = token;
-                result['platform'] = platform;
-                return TransportResponse.success(
-                    data=result, meta=Meta(extra={'http_status': 201})
-                );
-            }
-        }
-    } except Exception as e {
-        return TransportResponse.fail(
-            code='AUTHENTICATION_FAILED',
-            message=f"Authentication failed: {str(e)}",
-            meta=Meta(extra={'http_status': 500})
-        );
-    }
 }
 impl JacAPIServer.register_sso_endpoints -> None {
@@ -1329,7 +1190,7 @@ impl JacAPIServer.register_sso_endpoints -> None {
         JEndPoint(
             method=HTTPMethod.GET,
             path='/sso/{platform}/{operation}',
-            callback=self.sso_initiate,
+            callback=self.user_manager.sso_initiate,
             parameters=[
                 APIParameter(
                     name='platform',
@@ -1358,7 +1219,7 @@ impl JacAPIServer.register_sso_endpoints -> None {
         JEndPoint(
             method=HTTPMethod.GET,
             path='/sso/{platform}/{operation}/callback',
-            callback=self.sso_callback,
+            callback=self.user_manager.sso_callback,
             parameters=[
                 APIParameter(
                     name='platform',
@@ -1417,13 +1278,17 @@ impl JacAPIServer.register_dynamic_walker_endpoint -> None {
         node: str | None = None,
         Authorization: str | None = None
     ) -> TransportResponse {
-        # Parse request body to get walker fields
-        try {
-            body = await request.json();
-        } except Exception {
-            body = {};
+        # Parse request body or query params to get walker fields
+        if request.method == 'GET' {
+            kwargs: dict[str, Any] = dict(request.query_params);
+        } else {
+            try {
+                body = await request.json();
+            } except Exception {
+                body = {};
+            }
+            kwargs = dict(body) if body else {};
         }
-        kwargs: dict[str, Any] = dict(body) if body else {};
         # Reload introspector if files changed (HMR)
         if self._hmr_pending {
@@ -1443,6 +1308,16 @@ impl JacAPIServer.register_dynamic_walker_endpoint -> None {
             );
         }
+        # Reject walkers configured for webhook transport - they use /webhook/{walker_name} instead
+        transport_type = self.get_transport_type_for_walker(walker_name);
+        if transport_type == TransportType.WEBHOOK {
+            return TransportResponse.fail(
+                code='BAD_REQUEST',
+                message=f"Walker '{walker_name}' is configured as a webhook. Use /webhook/{walker_name} instead.",
+                meta=Meta(extra={'http_status': 400})
+            );
+        }
         # Handle authentication
         username: str | None = None;
         authorization = kwargs.pop('Authorization', None);
@@ -1455,7 +1330,7 @@ impl JacAPIServer.register_dynamic_walker_endpoint -> None {
             ) {
                 token = Authorization[7:];
             }
-            username = self.validate_jwt_token(token) if token else None;
+            username = self.user_manager.validate_jwt_token(token) if token else None;
             if not username {
                 return TransportResponse.fail(
                     code='UNAUTHORIZED',
@@ -1473,6 +1348,20 @@ impl JacAPIServer.register_dynamic_walker_endpoint -> None {
         result = await self.execution_manager.spawn_walker(
             walkers[walker_name], kwargs, (username or '__guest__')
         );
+        # Handle streaming responses (generators/async generators)
+        if (isgenerator(result) or isinstance(result, AsyncGenerator)) {
+            return StreamingResponse(
+                result,
+                media_type='text/event-stream',
+                headers={
+                    'Cache-Control': 'no-cache',
+                    'Connection': 'close',
+                    'X-Accel-Buffering': 'no'
+                }
+            );
+        }
         if 'error' in result {
             return TransportResponse.fail(
                 code='EXECUTION_ERROR',
@@ -1485,7 +1374,7 @@ impl JacAPIServer.register_dynamic_walker_endpoint -> None {
             data=result, meta=Meta(extra={'http_status': 200})
         );
     }
-    # Register catch-all route for walkers with node parameter
+    # Register catch-all route for walkers with node parameter (POST)
     self.server.add_endpoint(
         JEndPoint(
             method=HTTPMethod.POST,
@@ -1523,7 +1412,45 @@ impl JacAPIServer.register_dynamic_walker_endpoint -> None {
             description='Dynamically routes to any registered walker. Supports HMR - walker changes are reflected immediately.'
         )
     );
-    # Register catch-all route for walkers without node parameter (root)
+    # Register catch-all route for walkers with node parameter (GET)
+    self.server.add_endpoint(
+        JEndPoint(
+            method=HTTPMethod.GET,
+            path='/walker/{walker_name}/{node}',
+            callback=dynamic_walker_handler,
+            parameters=[
+                APIParameter(
+                    name='walker_name',
+                    data_type='string',
+                    required=True,
+                    default=None,
+                    description='Name of the walker to execute',
+                    type=ParameterType.PATH
+                ),
+                APIParameter(
+                    name='node',
+                    data_type='string',
+                    required=True,
+                    default=None,
+                    description='Node ID to spawn walker on',
+                    type=ParameterType.PATH
+                ),
+                APIParameter(
+                    name='Authorization',
+                    data_type='string',
+                    required=False,
+                    default=None,
+                    description='Bearer token for authentication',
+                    type=ParameterType.HEADER
+                )
+            ],
+            response_model=None,
+            tags=['Walkers (Dynamic)'],
+            summary='Execute walker on node (dynamic HMR)',
+            description='Dynamically routes to any registered walker. Supports HMR - walker changes are reflected immediately.'
+        )
+    );
+    # Register catch-all route for walkers without node parameter (root) (POST)
     self.server.add_endpoint(
         JEndPoint(
             method=HTTPMethod.POST,
@@ -1553,6 +1480,36 @@ impl JacAPIServer.register_dynamic_walker_endpoint -> None {
             description='Dynamically routes to any registered walker. Supports HMR - walker changes are reflected immediately.'
         )
     );
+    # Register catch-all route for walkers without node parameter (root) (GET)
+    self.server.add_endpoint(
+        JEndPoint(
+            method=HTTPMethod.GET,
+            path='/walker/{walker_name}',
+            callback=dynamic_walker_handler,
+            parameters=[
+                APIParameter(
+                    name='walker_name',
+                    data_type='string',
+                    required=True,
+                    default=None,
+                    description='Name of the walker to execute',
+                    type=ParameterType.PATH
+                ),
+                APIParameter(
+                    name='Authorization',
+                    data_type='string',
+                    required=False,
+                    default=None,
+                    description='Bearer token for authentication',
+                    type=ParameterType.HEADER
+                )
+            ],
+            response_model=None,
+            tags=['Walkers (Dynamic)'],
+            summary='Execute walker on root (dynamic HMR)',
+            description='Dynamically routes to any registered walker. Supports HMR - walker changes are reflected immediately.'
+        )
+    );
 }
 """Register a single dynamic endpoint for all functions.
@@ -1566,13 +1523,17 @@ impl JacAPIServer.register_dynamic_function_endpoint -> None {
     async def dynamic_function_handler(
         request: Request, function_name: str, Authorization: str | None = None
     ) -> TransportResponse {
-        # Parse request body to get function arguments
-        try {
-            body = await request.json();
-        } except Exception {
-            body = {};
+        # Parse request body or query params to get function arguments
+        if request.method == 'GET' {
+            kwargs: dict[str, Any] = dict(request.query_params);
+        } else {
+            try {
+                body = await request.json();
+            } except Exception {
+                body = {};
+            }
+            kwargs = dict(body) if body else {};
         }
-        kwargs: dict[str, Any] = dict(body) if body else {};
         # Reload introspector if files changed (HMR)
         if self._hmr_pending {
@@ -1604,7 +1565,7 @@ impl JacAPIServer.register_dynamic_function_endpoint -> None {
             ) {
                 token = Authorization[7:];
             }
-            username = self.validate_jwt_token(token) if token else None;
+            username = self.user_manager.validate_jwt_token(token) if token else None;
             if not username {
                 return TransportResponse.fail(
                     code='UNAUTHORIZED',
@@ -1614,9 +1575,21 @@ impl JacAPIServer.register_dynamic_function_endpoint -> None {
             }
         }
-        result = self.execution_manager.execute_function(
+        result = await self.execution_manager.execute_function(
             functions[function_name], kwargs, (username or '__guest__')
         );
+        # Handle streaming responses (generators/async generators)
+        if (isgenerator(result) or isinstance(result, AsyncGenerator)) {
+            return StreamingResponse(
+                result,
+                media_type='text/event-stream',
+                headers={
+                    'Cache-Control': 'no-cache',
+                    'Connection': 'close',
+                    'X-Accel-Buffering': 'no'
+                }
+            );
+        }
         if 'error' in result {
             return TransportResponse.fail(
                 code='EXECUTION_ERROR',
@@ -1629,6 +1602,7 @@ impl JacAPIServer.register_dynamic_function_endpoint -> None {
             data=result, meta=Meta(extra={'http_status': 200})
         );
     }
+    # Register POST endpoint
     self.server.add_endpoint(
         JEndPoint(
             method=HTTPMethod.POST,
@@ -1658,6 +1632,36 @@ impl JacAPIServer.register_dynamic_function_endpoint -> None {
             description='Dynamically routes to any registered function. Supports HMR - function changes are reflected immediately.'
         )
     );
+    # Register GET endpoint
+    self.server.add_endpoint(
+        JEndPoint(
+            method=HTTPMethod.GET,
+            path='/function/{function_name}',
+            callback=dynamic_function_handler,
+            parameters=[
+                APIParameter(
+                    name='function_name',
+                    data_type='string',
+                    required=True,
+                    default=None,
+                    description='Name of the function to call',
+                    type=ParameterType.PATH
+                ),
+                APIParameter(
+                    name='Authorization',
+                    data_type='string',
+                    required=False,
+                    default=None,
+                    description='Bearer token for authentication',
+                    type=ParameterType.HEADER
+                )
+            ],
+            response_model=None,
+            tags=['Functions (Dynamic)'],
+            summary='Call function (dynamic HMR)',
+            description='Dynamically routes to any registered function. Supports HMR - function changes are reflected immediately.'
+        )
+    );
 }
 """Register endpoints for runtime introspection of available walkers/functions.
@@ -1783,3 +1787,482 @@ impl JacAPIServer.register_dynamic_introspection_endpoints -> None {
         )
     );
 }
+"""Get or create the API key manager instance."""
+impl JacAPIServer.get_api_key_manager -> ApiKeyManager {
+    if self._api_key_manager is None {
+        self._api_key_manager = ApiKeyManager();
+    }
+    return self._api_key_manager;
+}
+"""Create a new API key for the authenticated user."""
+impl JacAPIServer.create_api_key(
+    name: str, expiry_days: int | None = None, Authorization: str | None = None
+) -> TransportResponse {
+    # Validate JWT token to get username
+    token: str | None = None;
+    if Authorization and Authorization.startswith('Bearer ') {
+        token = Authorization[7:];
+    }
+    username = self.user_manager.validate_jwt_token(token) if token else None;
+    if not username {
+        return TransportResponse.fail(
+            code='UNAUTHORIZED',
+            message='Valid authentication required to create API keys',
+            meta=Meta(extra={'http_status': 401})
+        );
+    }
+    return self.get_api_key_manager().create_api_key(
+        username=username, name=name, expiry_days=expiry_days
+    );
+}
+"""List all API keys for the authenticated user."""
+impl JacAPIServer.list_api_keys(Authorization: str | None = None) -> TransportResponse {
+    # Validate JWT token to get username
+    token: str | None = None;
+    if Authorization and Authorization.startswith('Bearer ') {
+        token = Authorization[7:];
+    }
+    username = self.user_manager.validate_jwt_token(token) if token else None;
+    if not username {
+        return TransportResponse.fail(
+            code='UNAUTHORIZED',
+            message='Valid authentication required to list API keys',
+            meta=Meta(extra={'http_status': 401})
+        );
+    }
+    return self.get_api_key_manager().list_api_keys(username);
+}
+"""Revoke an API key for the authenticated user."""
+impl JacAPIServer.revoke_api_key(
+    api_key_id: str, Authorization: str | None = None
+) -> TransportResponse {
+    # Validate JWT token to get username
+    token: str | None = None;
+    if Authorization and Authorization.startswith('Bearer ') {
+        token = Authorization[7:];
+    }
+    username = self.user_manager.validate_jwt_token(token) if token else None;
+    if not username {
+        return TransportResponse.fail(
+            code='UNAUTHORIZED',
+            message='Valid authentication required to revoke API keys',
+            meta=Meta(extra={'http_status': 401})
+        );
+    }
+    return self.get_api_key_manager().revoke_api_key(username, api_key_id);
+}
+"""Register API key management endpoints."""
+impl JacAPIServer.register_api_key_endpoints -> None {
+    # Create API key
+    self.server.add_endpoint(
+        JEndPoint(
+            method=HTTPMethod.POST,
+            path='/api-key/create',
+            callback=self.create_api_key,
+            parameters=[
+                APIParameter(
+                    name='name',
+                    data_type='string',
+                    required=True,
+                    default=None,
+                    description='A friendly name for the API key',
+                    type=ParameterType.BODY
+                ),
+                APIParameter(
+                    name='expiry_days',
+                    data_type='integer',
+                    required=False,
+                    default=None,
+                    description='Number of days until expiry (default from config)',
+                    type=ParameterType.BODY
+                ),
+                APIParameter(
+                    name='Authorization',
+                    data_type='string',
+                    required=True,
+                    default=None,
+                    description='Bearer token for authentication',
+                    type=ParameterType.HEADER
+                )
+            ],
+            response_model=None,
+            tags=['API Keys'],
+            summary='Create a new API key',
+            description='Creates a new API key for webhook authentication. The API key is wrapped in a JWT and can be used with HMAC-SHA256 signature verification.'
+        )
+    );
+    # List API keys
+    self.server.add_endpoint(
+        JEndPoint(
+            method=HTTPMethod.GET,
+            path='/api-key/list',
+            callback=self.list_api_keys,
+            parameters=[
+                APIParameter(
+                    name='Authorization',
+                    data_type='string',
+                    required=True,
+                    default=None,
+                    description='Bearer token for authentication',
+                    type=ParameterType.HEADER
+                )
+            ],
+            response_model=None,
+            tags=['API Keys'],
+            summary='List all API keys',
+            description='Lists all API keys for the authenticated user (metadata only, not the actual keys).'
+        )
+    );
+    # Revoke API key
+    self.server.add_endpoint(
+        JEndPoint(
+            method=HTTPMethod.DELETE,
+            path='/api-key/{api_key_id}',
+            callback=self.revoke_api_key,
+            parameters=[
+                APIParameter(
+                    name='api_key_id',
+                    data_type='string',
+                    required=True,
+                    default=None,
+                    description='The ID of the API key to revoke',
+                    type=ParameterType.PATH
+                ),
+                APIParameter(
+                    name='Authorization',
+                    data_type='string',
+                    required=True,
+                    default=None,
+                    description='Bearer token for authentication',
+                    type=ParameterType.HEADER
+                )
+            ],
+            response_model=None,
+            tags=['API Keys'],
+            summary='Revoke an API key',
+            description='Revokes an API key, making it invalid for future webhook requests.'
+        )
+    );
+}
+"""Get the transport type for a walker by checking its restspec."""
+impl JacAPIServer.get_transport_type_for_walker(walker_name: str) -> str {
+    walkers = self.get_walkers();
+    if walker_name not in walkers {
+        return TransportType.HTTP;
+    }
+    walker_cls = walkers[walker_name];
+    restspec = walker_cls.restspec if walker_cls?.restspec else None;
+    if restspec?.webhook {
+        return TransportType.WEBHOOK;
+    }
+    return TransportType.HTTP;
+}
+"""Create webhook callback for a walker with HMAC-SHA256 signature verification."""
+impl JacAPIServer.create_webhook_callback(
+    walker_name: str
+) -> Callable[..., TransportResponse] {
+    async def callback(request: Request, **kwargs: JsonValue) -> TransportResponse {
+        webhook_config = get_scale_config().get_webhook_config();
+        signature_header = webhook_config.get(
+            'signature_header', 'X-Webhook-Signature'
+        );
+        verify_signature = webhook_config.get('verify_signature', True);
+        # Get API key from header
+        api_key = request.headers.get('X-API-Key');
+        if not api_key {
+            return TransportResponse.fail(
+                code='UNAUTHORIZED',
+                message='Missing X-API-Key header',
+                meta=Meta(extra={'http_status': 401})
+            );
+        }
+        # Validate API key and get username
+        username = self.get_api_key_manager().validate_api_key(api_key);
+        if not username {
+            return TransportResponse.fail(
+                code='UNAUTHORIZED',
+                message='Invalid or expired API key',
+                meta=Meta(extra={'http_status': 401})
+            );
+        }
+        # Verify HMAC-SHA256 signature if enabled
+        if verify_signature {
+            signature = request.headers.get(signature_header);
+            if not signature {
+                return TransportResponse.fail(
+                    code='UNAUTHORIZED',
+                    message=f"Missing {signature_header} header",
+                    meta=Meta(extra={'http_status': 401})
+                );
+            }
+            # Get raw body for signature verification
+            body = await request.body();
+            extracted_signature = WebhookUtils.extract_signature(signature);
+            # Use the API key as the secret for HMAC verification
+            if not WebhookUtils.verify_signature(body, extracted_signature, api_key) {
+                return TransportResponse.fail(
+                    code='UNAUTHORIZED',
+                    message='Invalid webhook signature',
+                    meta=Meta(extra={'http_status': 401})
+                );
+            }
+        }
+        # Parse body for walker fields
+        try {
+            body_bytes = await request.body();
+            body_data = json.loads(body_bytes) if body_bytes else {};
+        } except Exception {
+            body_data = {};
+        }
+        walker_kwargs: dict[str, Any] = dict(body_data) if body_data else {};
+        # Execute the walker
+        result = await self.execution_manager.spawn_walker(
+            self.get_walkers()[walker_name], walker_kwargs, username
+        );
+        if 'error' in result {
+            return TransportResponse.fail(
+                code='EXECUTION_ERROR',
+                message=result.get('error', 'Walker execution failed'),
+                details=result.get('traceback') if 'traceback' in result else None,
+                meta=Meta(extra={'http_status': 500})
+            );
+        }
+        return TransportResponse.success(
+            data=result, meta=Meta(extra={'http_status': 200})
+        );
+    }
+    return callback;
+}
+"""Create parameters for webhook endpoint."""
+impl JacAPIServer.create_webhook_parameters(walker_name: str) -> list[APIParameter] {
+    parameters: list[APIParameter] = [];
+    # API key header (required for webhooks)
+    # Use underscore naming for valid Python identifiers - FastAPI auto-converts to hyphenated headers
+    parameters.append(
+        APIParameter(
+            name='x_api_key',
+            data_type='string',
+            required=True,
+            default=None,
+            description='API key for webhook authentication (X-API-Key header)',
+            type=ParameterType.HEADER
+        )
+    );
+    # Signature header (for HMAC verification)
+    # Use underscore naming for valid Python identifiers
+    parameters.append(
+        APIParameter(
+            name='x_webhook_signature',
+            data_type='string',
+            required=False,
+            default=None,
+            description='HMAC-SHA256 signature of the request body (X-Webhook-Signature header)',
+            type=ParameterType.HEADER
+        )
+    );
+    # Add walker fields as body parameters (excluding transport_type)
+    walker_fields = self.introspector.introspect_walker(
+        self.get_walkers()[walker_name]
+    )['fields'];
+    for field_name in walker_fields {
+        if field_name in ('_jac_spawn_node', ) {
+            continue;
+        }
+        field_type = walker_fields[field_name]['type'];
+        parameters.append(
+            APIParameter(
+                name=field_name,
+                data_type=field_type,
+                required=walker_fields[field_name]['required'],
+                default=walker_fields[field_name]['default'],
+                description=f"Field {field_name} for webhook walker {walker_name}",
+                type=ParameterType.BODY
+            )
+        );
+    }
+    return parameters;
+}
+"""Register webhook endpoints for walkers with transport_type=WEBHOOK."""
+impl JacAPIServer.register_webhook_endpoints -> None {
+    for walker_name in self.get_walkers() {
+        transport_type = self.get_transport_type_for_walker(walker_name);
+        if transport_type == TransportType.WEBHOOK {
+            self.server.add_endpoint(
+                JEndPoint(
+                    method=HTTPMethod.POST,
+                    path=f"/webhook/{walker_name}",
+                    callback=self.create_webhook_callback(walker_name),
+                    parameters=self.create_webhook_parameters(walker_name),
+                    response_model=None,
+                    tags=['Webhooks'],
+                    summary=f'Webhook endpoint for {walker_name}',
+                    description=f'Webhook endpoint for {walker_name}. Requires API key authentication and HMAC-SHA256 signature verification.'
+                )
+            );
+        }
+    }
+}
+"""Register dynamic webhook endpoint for HMR support."""
+impl JacAPIServer.register_dynamic_webhook_endpoint -> None {
+    async def dynamic_webhook_handler(
+        request: Request, walker_name: str
+    ) -> TransportResponse {
+        # Reload introspector if files changed (HMR)
+        if self._hmr_pending {
+            self.introspector.load(force_reload=True);
+            self._hmr_pending = False;
+        }
+        walkers = self.get_walkers();
+        if walker_name not in walkers {
+            return TransportResponse.fail(
+                code='NOT_FOUND',
+                message=f"Webhook walker '{walker_name}' not found",
+                meta=Meta(extra={'http_status': 404})
+            );
+        }
+        # Verify this walker is configured for webhook transport
+        transport_type = self.get_transport_type_for_walker(walker_name);
+        if transport_type != TransportType.WEBHOOK {
+            return TransportResponse.fail(
+                code='BAD_REQUEST',
+                message=f"Walker '{walker_name}' is not configured as a webhook. Use /walker/{walker_name} instead.",
+                meta=Meta(extra={'http_status': 400})
+            );
+        }
+        webhook_config = get_scale_config().get_webhook_config();
+        signature_header = webhook_config.get(
+            'signature_header', 'X-Webhook-Signature'
+        );
+        verify_signature = webhook_config.get('verify_signature', True);
+        # Get API key from header
+        api_key = request.headers.get('X-API-Key');
+        if not api_key {
+            return TransportResponse.fail(
+                code='UNAUTHORIZED',
+                message='Missing X-API-Key header',
+                meta=Meta(extra={'http_status': 401})
+            );
+        }
+        # Validate API key and get username
+        username = self.get_api_key_manager().validate_api_key(api_key);
+        if not username {
+            return TransportResponse.fail(
+                code='UNAUTHORIZED',
+                message='Invalid or expired API key',
+                meta=Meta(extra={'http_status': 401})
+            );
+        }
+        # Verify HMAC-SHA256 signature if enabled
+        if verify_signature {
+            signature = request.headers.get(signature_header);
+            if not signature {
+                return TransportResponse.fail(
+                    code='UNAUTHORIZED',
+                    message=f"Missing {signature_header} header",
+                    meta=Meta(extra={'http_status': 401})
+                );
+            }
+            body = await request.body();
+            extracted_signature = WebhookUtils.extract_signature(signature);
+            if not WebhookUtils.verify_signature(body, extracted_signature, api_key) {
+                return TransportResponse.fail(
+                    code='UNAUTHORIZED',
+                    message='Invalid webhook signature',
+                    meta=Meta(extra={'http_status': 401})
+                );
+            }
+        }
+        # Parse body for walker fields
+        try {
+            body_bytes = await request.body();
+            body_data = json.loads(body_bytes) if body_bytes else {};
+        } except Exception {
+            body_data = {};
+        }
+        walker_kwargs: dict[str, Any] = dict(body_data) if body_data else {};
+        # Execute the walker
+        result = await self.execution_manager.spawn_walker(
+            walkers[walker_name], walker_kwargs, username
+        );
+        if 'error' in result {
+            return TransportResponse.fail(
+                code='EXECUTION_ERROR',
+                message=result.get('error', 'Walker execution failed'),
+                details=result.get('traceback') if 'traceback' in result else None,
+                meta=Meta(extra={'http_status': 500})
+            );
+        }
+        return TransportResponse.success(
+            data=result, meta=Meta(extra={'http_status': 200})
+        );
+    }
+    # Register dynamic webhook route
+    self.server.add_endpoint(
+        JEndPoint(
+            method=HTTPMethod.POST,
+            path='/webhook/{walker_name}',
+            callback=dynamic_webhook_handler,
+            parameters=[
+                APIParameter(
+                    name='walker_name',
+                    data_type='string',
+                    required=True,
+                    default=None,
+                    description='Name of the webhook walker to execute',
+                    type=ParameterType.PATH
+                ),
+                APIParameter(
+                    name='x_api_key',
+                    data_type='string',
+                    required=True,
+                    default=None,
+                    description='API key for webhook authentication (X-API-Key header)',
+                    type=ParameterType.HEADER
+                ),
+                APIParameter(
+                    name='x_webhook_signature',
+                    data_type='string',
+                    required=False,
+                    default=None,
+                    description='HMAC-SHA256 signature of the request body (X-Webhook-Signature header)',
+                    type=ParameterType.HEADER
+                )
+            ],
+            response_model=None,
+            tags=['Webhooks (Dynamic)'],
+            summary='Execute webhook walker (dynamic HMR)',
+            description='Dynamically routes to webhook walkers. Supports HMR - walker changes are reflected immediately.'
+        )
+    );
+}

jac-scale 0.1.1__py3-none-any.whl → 0.1.4__py3-none-any.whl

jac-scale 0.1.1py3-none-any.whl → 0.1.4py3-none-any.whl