kailash 0.6.2__py3-none-any.whl → 0.6.4__py3-none-any.whl

kailash/nodes/enterprise/audit_logger.py

@@ -0,0 +1,285 @@
+"""Enterprise audit logging node for compliance and security."""
+
+import time
+from datetime import datetime
+from typing import Any, Dict, List
+
+from kailash.nodes.base import Node, NodeMetadata, NodeParameter, register_node
+from kailash.sdk_exceptions import NodeExecutionError
+
+
+@register_node()
+class EnterpriseAuditLoggerNode(Node):
+    """Creates comprehensive audit logs for enterprise compliance.
+
+    This node generates detailed audit trails for all enterprise operations,
+    ensuring compliance with regulations like SOX, HIPAA, and GDPR.
+    """
+
+    metadata = NodeMetadata(
+        name="EnterpriseAuditLoggerNode",
+        description="Generate comprehensive audit logs for enterprise compliance",
+        version="1.0.0",
+        tags={"enterprise", "audit", "compliance"},
+    )
+
+    def __init__(self, name: str = None, **kwargs):
+        self.name = name or self.__class__.__name__
+        super().__init__(name=self.name, **kwargs)
+
+    def get_parameters(self) -> Dict[str, NodeParameter]:
+        return {
+            "execution_results": NodeParameter(
+                name="execution_results",
+                type=dict,
+                description="Results from MCP tool execution",
+                required=True,
+            ),
+            "user_context": NodeParameter(
+                name="user_context",
+                type=dict,
+                description="User context for audit trail",
+                required=True,
+            ),
+            "audit_level": NodeParameter(
+                name="audit_level",
+                type=str,
+                description="Audit detail level (basic, detailed, full)",
+                required=False,
+                default="detailed",
+            ),
+        }
+
+    def run(
+        self,
+        execution_results: Dict,
+        user_context: Dict,
+        audit_level: str = "detailed",
+        **kwargs,
+    ) -> Dict[str, Any]:
+        """Generate comprehensive audit log entry."""
+        try:
+            # Extract audit information
+            actions_performed = execution_results.get("actions", [])
+            summary = execution_results.get("summary", {})
+
+            # Create base audit entry
+            audit_entry = {
+                "timestamp": datetime.utcnow().isoformat(),
+                "audit_id": f"audit-{int(time.time())}-{user_context.get('user_id', 'unknown')}",
+                "audit_level": audit_level,
+                # User identification
+                "user_id": user_context.get("user_id"),
+                "tenant_id": user_context.get("tenant_id"),
+                "session_id": user_context.get("session_id"),
+                # Operation details
+                "actions": actions_performed,
+                "results_summary": {
+                    "total_actions": summary.get(
+                        "total_actions", len(actions_performed)
+                    ),
+                    "successful": summary.get("successful_actions", 0),
+                    "failed": summary.get("failed_actions", 0),
+                    "execution_time_ms": summary.get("execution_time_ms", 0),
+                },
+                # Compliance information
+                "compliance": {
+                    "data_residency_compliant": self._check_data_residency_compliance(
+                        user_context, actions_performed
+                    ),
+                    "access_controls_enforced": self._check_access_controls(
+                        user_context, actions_performed
+                    ),
+                    "audit_trail_complete": True,
+                    "compliance_zones": user_context.get(
+                        "compliance_zones", ["public"]
+                    ),
+                },
+                # Security metadata
+                "security": {
+                    "authentication_method": "sso_mfa",
+                    "authorization_level": (
+                        "verified"
+                        if len(user_context.get("permissions", [])) > 1
+                        else "basic"
+                    ),
+                    "data_classification": self._determine_data_classification(
+                        actions_performed
+                    ),
+                    "encryption_status": "encrypted_in_transit_and_rest",
+                },
+            }
+
+            # Add detailed information based on audit level
+            if audit_level in ["detailed", "full"]:
+                audit_entry["detailed_actions"] = [
+                    {
+                        "action_id": f"action-{i}-{int(time.time())}",
+                        "action_type": action.get("action", "unknown"),
+                        "server_id": action.get("server_id"),
+                        "timestamp": action.get("timestamp"),
+                        "success": action.get("success", False),
+                        "data_size_bytes": action.get("data_size", 0),
+                        "error": (
+                            action.get("error")
+                            if not action.get("success", False)
+                            else None
+                        ),
+                    }
+                    for i, action in enumerate(actions_performed)
+                ]
+
+            if audit_level == "full":
+                audit_entry["system_context"] = {
+                    "workflow_execution_id": kwargs.get("workflow_execution_id"),
+                    "node_execution_order": kwargs.get("node_execution_order", []),
+                    "resource_usage": {
+                        "peak_memory_mb": kwargs.get("peak_memory_mb", 0),
+                        "cpu_time_ms": kwargs.get("cpu_time_ms", 0),
+                        "network_bytes": kwargs.get("network_bytes", 0),
+                    },
+                }
+
+            # Calculate risk score
+            risk_score = self._calculate_risk_score(actions_performed, user_context)
+            audit_entry["risk_assessment"] = {
+                "risk_score": risk_score,
+                "risk_level": (
+                    "high"
+                    if risk_score > 0.7
+                    else "medium" if risk_score > 0.3 else "low"
+                ),
+                "risk_factors": self._identify_risk_factors(
+                    actions_performed, user_context
+                ),
+            }
+
+            return {
+                "audit_entry": audit_entry,
+                "audit_id": audit_entry["audit_id"],
+                "compliance_status": "compliant",
+                "audit_timestamp": time.time(),
+            }
+
+        except Exception as e:
+            raise NodeExecutionError(f"Audit logging failed: {str(e)}")
+
+    def _check_data_residency_compliance(
+        self, user_context: Dict, actions: List[Dict]
+    ) -> bool:
+        """Check if data residency requirements are met."""
+        # In a real implementation, this would check actual data locations
+        data_residency = user_context.get("data_residency")
+        if not data_residency:
+            return True
+
+        # Check if all actions occurred in the required region
+        for action in actions:
+            server_id = action.get("server_id", "")
+            if data_residency == "us-east-1" and "us-east" not in server_id:
+                return False
+
+        return True
+
+    def _check_access_controls(self, user_context: Dict, actions: List[Dict]) -> bool:
+        """Verify access controls were properly enforced."""
+        permissions = user_context.get("permissions", [])
+
+        # Check if user had write permissions for write actions
+        for action in actions:
+            action_type = action.get("action", "")
+            if "write" in action_type or "execute" in action_type:
+                if "write" not in permissions:
+                    return False
+
+        return True
+
+    def _determine_data_classification(self, actions: List[Dict]) -> str:
+        """Determine the highest data classification level accessed."""
+        classifications = []
+
+        for action in actions:
+            action_type = action.get("action", "")
+            if "patient" in action_type:
+                classifications.append("confidential")
+            elif "transaction" in action_type or "financial" in action_type:
+                classifications.append("restricted")
+            elif "analytics" in action_type:
+                classifications.append("internal")
+            else:
+                classifications.append("public")
+
+        # Return highest classification
+        if "confidential" in classifications:
+            return "confidential"
+        elif "restricted" in classifications:
+            return "restricted"
+        elif "internal" in classifications:
+            return "internal"
+        else:
+            return "public"
+
+    def _calculate_risk_score(self, actions: List[Dict], user_context: Dict) -> float:
+        """Calculate risk score based on actions and context."""
+        base_risk = 0.1
+
+        # Increase risk for failed actions
+        failed_actions = sum(
+            1 for action in actions if not action.get("success", False)
+        )
+        failure_risk = failed_actions * 0.2
+
+        # Increase risk for sensitive data access
+        sensitive_actions = sum(
+            1
+            for action in actions
+            if any(
+                keyword in action.get("action", "")
+                for keyword in ["patient", "transaction", "financial"]
+            )
+        )
+        sensitivity_risk = sensitive_actions * 0.15
+
+        # Increase risk for cross-region access
+        data_residency = user_context.get("data_residency", "")
+        cross_region_actions = sum(
+            1
+            for action in actions
+            if data_residency and data_residency not in action.get("server_id", "")
+        )
+        region_risk = cross_region_actions * 0.1
+
+        total_risk = min(1.0, base_risk + failure_risk + sensitivity_risk + region_risk)
+        return round(total_risk, 2)
+
+    def _identify_risk_factors(
+        self, actions: List[Dict], user_context: Dict
+    ) -> List[str]:
+        """Identify specific risk factors for this audit entry."""
+        factors = []
+
+        # Check for failures
+        if any(not action.get("success", False) for action in actions):
+            factors.append("execution_failures")
+
+        # Check for sensitive data access
+        if any(
+            keyword in action.get("action", "")
+            for action in actions
+            for keyword in ["patient", "transaction", "financial"]
+        ):
+            factors.append("sensitive_data_access")
+
+        # Check for cross-region access
+        data_residency = user_context.get("data_residency", "")
+        if any(
+            data_residency and data_residency not in action.get("server_id", "")
+            for action in actions
+        ):
+            factors.append("cross_region_access")
+
+        # Check for elevated permissions
+        if "admin" in user_context.get("permissions", []):
+            factors.append("elevated_permissions")
+
+        return factors

kailash/nodes/enterprise/batch_processor.py

@@ -404,8 +404,27 @@ class BatchProcessorNode(Node):
         # Call progress callback if provided
         if progress_callback:
             try:
-                callback_func = eval(progress_callback)
-                callback_func(progress_info)
+                # Enterprise security: Use safe callback resolution instead of eval
+                if callable(progress_callback):
+                    # Direct callable
+                    progress_callback(progress_info)
+                elif isinstance(progress_callback, str):
+                    # String callback - validate against safe functions only
+                    import importlib
+
+                    parts = progress_callback.split(".")
+                    if len(parts) >= 2:
+                        module_name = ".".join(parts[:-1])
+                        func_name = parts[-1]
+                        try:
+                            # Only allow importlib for known safe modules
+                            if module_name in ["logging", "sys", "json"]:
+                                module = importlib.import_module(module_name)
+                                callback_func = getattr(module, func_name)
+                                if callable(callback_func):
+                                    callback_func(progress_info)
+                        except (ImportError, AttributeError):
+                            pass
             except:
                 pass  # Ignore callback errors
 
@@ -738,4 +757,4 @@ result = results
 
     async def async_run(self, **kwargs) -> Dict[str, Any]:
         """Async execution method for enterprise integration."""
-        return self.run(**kwargs)
+        return self.execute(**kwargs)

kailash/nodes/enterprise/data_lineage.py

@@ -494,4 +494,4 @@ class DataLineageNode(Node):
 
     async def async_run(self, **kwargs) -> Dict[str, Any]:
         """Async execution method for enterprise integration."""
-        return self.run(**kwargs)
+        return self.execute(**kwargs)

kailash/nodes/enterprise/mcp_executor.py

@@ -0,0 +1,205 @@
+"""Enterprise MCP tool execution node with circuit breaker protection."""
+
+import random
+import time
+from typing import Any, Dict
+
+from kailash.nodes.base import Node, NodeMetadata, NodeParameter, register_node
+from kailash.sdk_exceptions import NodeExecutionError
+
+
+@register_node()
+class EnterpriseMLCPExecutorNode(Node):
+    """Executes MCP tools with enterprise-grade resilience patterns.
+
+    This node provides circuit breaker protection, audit logging,
+    and compliance-aware execution for MCP tools.
+    """
+
+    metadata = NodeMetadata(
+        name="EnterpriseMLCPExecutorNode",
+        description="Execute MCP tools with enterprise resilience patterns",
+        version="1.0.0",
+        tags={"enterprise", "mcp", "resilience"},
+    )
+
+    def __init__(self, name: str = None, **kwargs):
+        self.name = name or self.__class__.__name__
+        super().__init__(name=self.name, **kwargs)
+
+    def get_parameters(self) -> Dict[str, NodeParameter]:
+        return {
+            "tool_request": NodeParameter(
+                name="tool_request",
+                type=dict,
+                description="Tool execution request from AI agent",
+                required=True,
+            ),
+            "circuit_breaker_enabled": NodeParameter(
+                name="circuit_breaker_enabled",
+                type=bool,
+                description="Enable circuit breaker protection",
+                required=False,
+                default=True,
+            ),
+            "success_rate_threshold": NodeParameter(
+                name="success_rate_threshold",
+                type=float,
+                description="Success rate threshold for circuit breaker",
+                required=False,
+                default=0.8,
+            ),
+        }
+
+    def run(
+        self,
+        tool_request: Dict,
+        circuit_breaker_enabled: bool = True,
+        success_rate_threshold: float = 0.8,
+        **kwargs,
+    ) -> Dict[str, Any]:
+        """Execute MCP tool with resilience patterns."""
+        try:
+            # Extract tool information
+            tool_name = tool_request.get("tool", "unknown")
+            params = tool_request.get("parameters", {})
+            server_id = tool_request.get("server_id", "default-mcp")
+
+            # Simulate circuit breaker state (in production, this would be persistent)
+            # For demo purposes, randomly determine circuit state
+            circuit_state = "CLOSED"  # Could be OPEN, HALF_OPEN, CLOSED
+
+            execution_start = time.time()
+
+            if circuit_breaker_enabled and circuit_state == "OPEN":
+                return {
+                    "success": False,
+                    "error": f"Circuit breaker OPEN for {server_id}",
+                    "fallback_used": True,
+                    "execution_time_ms": 1,
+                    "circuit_state": circuit_state,
+                }
+
+            # Simulate MCP tool execution with realistic results
+            success = random.random() < success_rate_threshold
+
+            if success:
+                # Generate realistic mock data based on tool type
+                if tool_name == "patient_analytics":
+                    data = {
+                        "patient_count": random.randint(1000, 2000),
+                        "avg_satisfaction": round(random.uniform(3.5, 4.8), 1),
+                        "trend": random.choice(["improving", "stable", "declining"]),
+                        "compliance_score": round(random.uniform(0.85, 0.98), 2),
+                    }
+                elif tool_name == "transaction_analysis":
+                    data = {
+                        "transaction_volume": random.randint(10000000, 20000000),
+                        "fraud_rate": round(random.uniform(0.01, 0.05), 3),
+                        "avg_transaction": round(random.uniform(100.0, 200.0), 2),
+                        "risk_score": round(random.uniform(0.1, 0.3), 2),
+                    }
+                elif tool_name == "risk_scoring":
+                    data = {
+                        "overall_risk": round(random.uniform(0.1, 0.4), 2),
+                        "categories": {
+                            "credit_risk": round(random.uniform(0.05, 0.25), 2),
+                            "operational_risk": round(random.uniform(0.02, 0.15), 2),
+                            "market_risk": round(random.uniform(0.03, 0.20), 2),
+                        },
+                        "recommendations": ["Increase reserves", "Monitor exposure"],
+                    }
+                else:
+                    data = {
+                        "status": "completed",
+                        "records_processed": random.randint(50, 500),
+                        "timestamp": time.time(),
+                    }
+
+                execution_time = (time.time() - execution_start) * 1000
+
+                result = {
+                    "success": True,
+                    "data": data,
+                    "execution_time_ms": round(
+                        execution_time + random.randint(50, 200), 2
+                    ),
+                    "server_id": server_id,
+                    "tool_name": tool_name,
+                    "circuit_state": circuit_state,
+                    "compliance_validated": True,
+                }
+            else:
+                # Simulate failure
+                error_messages = [
+                    "Service temporarily unavailable",
+                    "Rate limit exceeded",
+                    "Authentication failed",
+                    "Invalid parameters",
+                    "Network timeout",
+                ]
+
+                result = {
+                    "success": False,
+                    "error": random.choice(error_messages),
+                    "execution_time_ms": round(
+                        (time.time() - execution_start) * 1000
+                        + random.randint(100, 500),
+                        2,
+                    ),
+                    "server_id": server_id,
+                    "tool_name": tool_name,
+                    "circuit_state": circuit_state,
+                    "retry_recommended": True,
+                }
+
+            # Add audit trail information
+            result["audit_info"] = {
+                "execution_id": f"exec-{int(time.time())}-{random.randint(1000, 9999)}",
+                "timestamp": time.time(),
+                "user_context": kwargs.get("user_context", {}),
+                "compliance_checked": True,
+            }
+
+            # For successful executions, add actions for audit logging
+            if result["success"]:
+                result["execution_results"] = {
+                    "actions": [
+                        {
+                            "action": f"execute_{tool_name}",
+                            "success": True,
+                            "server_id": server_id,
+                            "data_size": len(str(data)),
+                            "timestamp": time.time(),
+                        }
+                    ],
+                    "summary": {
+                        "total_actions": 1,
+                        "successful_actions": 1,
+                        "failed_actions": 0,
+                        "execution_time_ms": result["execution_time_ms"],
+                    },
+                }
+            else:
+                result["execution_results"] = {
+                    "actions": [
+                        {
+                            "action": f"execute_{tool_name}",
+                            "success": False,
+                            "error": result["error"],
+                            "server_id": server_id,
+                            "timestamp": time.time(),
+                        }
+                    ],
+                    "summary": {
+                        "total_actions": 1,
+                        "successful_actions": 0,
+                        "failed_actions": 1,
+                        "execution_time_ms": result["execution_time_ms"],
+                    },
+                }
+
+            return result
+
+        except Exception as e:
+            raise NodeExecutionError(f"MCP execution failed: {str(e)}")

kailash/nodes/enterprise/service_discovery.py

@@ -0,0 +1,150 @@
+"""Enterprise service discovery node for MCP service management."""
+
+from typing import Any, Dict, List
+
+from kailash.nodes.base import Node, NodeMetadata, NodeParameter, register_node
+from kailash.sdk_exceptions import NodeExecutionError
+
+
+@register_node()
+class MCPServiceDiscoveryNode(Node):
+    """Discovers available MCP services based on tenant context and requirements.
+
+    This node manages service discovery for multi-tenant MCP environments,
+    ensuring tenants only access services they're authorized to use.
+    """
+
+    metadata = NodeMetadata(
+        name="MCPServiceDiscoveryNode",
+        description="Discovers MCP services for tenant-specific requirements",
+        version="1.0.0",
+        tags={"enterprise", "mcp", "service-discovery"},
+    )
+
+    def __init__(self, name: str = None, **kwargs):
+        self.name = name or self.__class__.__name__
+        super().__init__(name=self.name, **kwargs)
+
+    def get_parameters(self) -> Dict[str, NodeParameter]:
+        return {
+            "tenant": NodeParameter(
+                name="tenant",
+                type=dict,
+                description="Tenant information",
+                required=True,
+            ),
+            "user_context": NodeParameter(
+                name="user_context",
+                type=dict,
+                description="User context with permissions",
+                required=True,
+            ),
+            "service_requirements": NodeParameter(
+                name="service_requirements",
+                type=list,
+                description="Required service types",
+                required=False,
+                default=[],
+            ),
+        }
+
+    def run(
+        self,
+        tenant: Dict,
+        user_context: Dict,
+        service_requirements: List[str] = None,
+        **kwargs,
+    ) -> Dict[str, Any]:
+        """Discover available MCP services for the tenant."""
+        try:
+            if service_requirements is None:
+                service_requirements = []
+
+            tenant_id = tenant.get("id", "default")
+            compliance_zones = tenant.get("compliance_zones", ["public"])
+            data_residency = tenant.get("data_residency", "us-west-1")
+
+            # Define available services per tenant
+            available_services = {
+                "healthcare-corp": [
+                    {
+                        "id": "health-analytics-mcp",
+                        "type": "analytics",
+                        "region": "us-east-1",
+                        "compliance": ["hipaa", "gdpr"],
+                        "tools": ["patient_analytics", "health_metrics"],
+                        "endpoint": "https://health-analytics.mcp.healthcare.com",
+                    },
+                    {
+                        "id": "patient-data-mcp",
+                        "type": "data",
+                        "region": "us-east-1",
+                        "compliance": ["hipaa"],
+                        "tools": ["patient_lookup", "medical_records"],
+                        "endpoint": "https://patient-data.mcp.healthcare.com",
+                    },
+                ],
+                "finance-inc": [
+                    {
+                        "id": "transaction-analytics-mcp",
+                        "type": "analytics",
+                        "region": "us-east-1",
+                        "compliance": ["sox", "pci_dss"],
+                        "tools": ["transaction_analysis", "fraud_detection"],
+                        "endpoint": "https://transaction-analytics.mcp.finance.com",
+                    },
+                    {
+                        "id": "risk-assessment-mcp",
+                        "type": "risk",
+                        "region": "us-east-1",
+                        "compliance": ["sox"],
+                        "tools": ["risk_scoring", "compliance_check"],
+                        "endpoint": "https://risk-assessment.mcp.finance.com",
+                    },
+                ],
+                "default": [
+                    {
+                        "id": "general-analytics-mcp",
+                        "type": "analytics",
+                        "region": "us-west-1",
+                        "compliance": ["public"],
+                        "tools": ["basic_analytics", "reporting"],
+                        "endpoint": "https://general-analytics.mcp.kailash.ai",
+                    },
+                ],
+            }
+
+            # Get services for this tenant
+            services = available_services.get(tenant_id, available_services["default"])
+
+            # Filter by service requirements
+            if service_requirements:
+                services = [s for s in services if s["type"] in service_requirements]
+
+            # Filter by compliance requirements
+            user_compliance = set(compliance_zones)
+            filtered_services = []
+            for service in services:
+                service_compliance = set(service.get("compliance", ["public"]))
+                if (
+                    user_compliance.intersection(service_compliance)
+                    or "public" in service_compliance
+                ):
+                    filtered_services.append(service)
+
+            # Filter by data residency if required
+            if data_residency:
+                filtered_services = [
+                    s for s in filtered_services if s.get("region") == data_residency
+                ]
+
+            return {
+                "discovered_services": filtered_services,
+                "service_count": len(filtered_services),
+                "tenant_id": tenant_id,
+                "compliance_filters": list(user_compliance),
+                "discovery_timestamp": kwargs.get("timestamp", 0),
+            }
+
+        except Exception as e:
+            raise NodeExecutionError(f"Service discovery failed: {str(e)}")