PyPI - kailash - Versions diffs - 0.7.0__py3-none-any.whl → 0.8.0__py3-none-any.whl - Mend

kailash 0.7.0py3-none-any.whl → 0.8.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

kailash/__init__.py +1 -1
kailash/access_control.py +64 -46
kailash/api/workflow_api.py +34 -3
kailash/mcp_server/discovery.py +56 -17
kailash/middleware/communication/api_gateway.py +23 -3
kailash/middleware/communication/realtime.py +83 -0
kailash/middleware/core/agent_ui.py +1 -1
kailash/middleware/gateway/storage_backends.py +393 -0
kailash/nexus/cli/__init__.py +5 -0
kailash/nexus/cli/__main__.py +6 -0
kailash/nexus/cli/main.py +176 -0
kailash/nodes/__init__.py +6 -5
kailash/nodes/base.py +29 -5
kailash/nodes/code/python.py +50 -6
kailash/nodes/data/async_sql.py +90 -0
kailash/nodes/security/behavior_analysis.py +414 -0
kailash/runtime/access_controlled.py +9 -7
kailash/runtime/runner.py +6 -4
kailash/runtime/testing.py +1 -1
kailash/security.py +6 -2
kailash/servers/enterprise_workflow_server.py +58 -2
kailash/servers/workflow_server.py +3 -0
kailash/workflow/builder.py +102 -14
kailash/workflow/cyclic_runner.py +102 -10
kailash/workflow/visualization.py +99 -27
{kailash-0.7.0.dist-info → kailash-0.8.0.dist-info}/METADATA +3 -2
{kailash-0.7.0.dist-info → kailash-0.8.0.dist-info}/RECORD +31 -28
kailash/workflow/builder_improvements.py +0 -207
{kailash-0.7.0.dist-info → kailash-0.8.0.dist-info}/WHEEL +0 -0
{kailash-0.7.0.dist-info → kailash-0.8.0.dist-info}/entry_points.txt +0 -0
{kailash-0.7.0.dist-info → kailash-0.8.0.dist-info}/licenses/LICENSE +0 -0
{kailash-0.7.0.dist-info → kailash-0.8.0.dist-info}/top_level.txt +0 -0

kailash/__init__.py CHANGED Viewed

@@ -52,7 +52,7 @@ except ImportError:
 # For backward compatibility
 WorkflowGraph = Workflow
-__version__ = "0.7.0"
+__version__ = "0.8.0"
 __all__ = [
     # Core workflow components

kailash/access_control.py CHANGED Viewed

@@ -435,6 +435,17 @@ class AccessControlManager:
         self, user: UserContext, workflow_id: str, permission: WorkflowPermission
     ) -> AccessDecision:
         """Check if user has permission on workflow"""
+        # If access control is disabled, allow all access
+        if not self.enabled:
+            return AccessDecision(
+                allowed=True,
+                reason="Access control disabled",
+                applied_rules=[],
+                conditions_met={},
+                masked_fields=[],
+                redirect_node=None,
+            )
         cache_key = f"workflow:{workflow_id}:{user.user_id}:{permission.value}"
         # Check cache
@@ -462,6 +473,17 @@ class AccessControlManager:
         runtime_context: dict[str, Any] = None,
     ) -> AccessDecision:
         """Check if user has permission on node"""
+        # If access control is disabled, allow all access
+        if not self.enabled:
+            return AccessDecision(
+                allowed=True,
+                reason="Access control disabled",
+                applied_rules=[],
+                conditions_met={},
+                masked_fields=[],
+                redirect_node=None,
+            )
         cache_key = f"node:{node_id}:{user.user_id}:{permission.value}"
         # For runtime-dependent permissions, don't use cache
@@ -494,65 +516,56 @@ class AccessControlManager:
         return decision
     def get_accessible_nodes(
-        self, user: UserContext, workflow_id: str, permission: NodePermission
-    ) -> set[str]:
-        """Get all nodes user can access in a workflow"""
-        accessible = set()
-        # Get all node rules for this workflow
-        node_rules = [
-            r
-            for r in self.rules
-            if r.resource_type == "node" and r.permission == permission
-        ]
-        for rule in node_rules:
-            if self._rule_applies_to_user(rule, user):
-                if rule.effect == PermissionEffect.ALLOW:
-                    accessible.add(rule.resource_id)
-                elif rule.effect == PermissionEffect.DENY:
-                    accessible.discard(rule.resource_id)
+        self, user: UserContext, nodes: list[str], permission: NodePermission
+    ) -> list[str]:
+        """Get all nodes user can access from a list of nodes"""
+        # If access control is disabled, allow access to all nodes
+        if not self.enabled:
+            return nodes
+        accessible = []
+        for node_id in nodes:
+            decision = self.check_node_access(user, node_id, permission)
+            if decision.allowed:
+                accessible.append(node_id)
         return accessible
     def get_permission_based_route(
         self,
         user: UserContext,
-        conditional_node_id: str,
-        true_path_nodes: list[str],
-        false_path_nodes: list[str],
-    ) -> list[str]:
-        """Determine which path user should take based on permissions"""
-        # Check if user has access to nodes in true path
-        true_path_accessible = all(
-            self.check_node_access(user, node_id, NodePermission.EXECUTE).allowed
-            for node_id in true_path_nodes
-        )
+        node_id: str,
+        permission: NodePermission,
+        alternatives: dict[str, str] = None,
+    ) -> str | None:
+        """Get alternative route if user doesn't have access to node"""
+        # If access control is disabled, allow access to requested node
+        if not self.enabled:
+            return None
-        if true_path_accessible:
-            return true_path_nodes
-        else:
-            # Check false path
-            false_path_accessible = all(
-                self.check_node_access(user, node_id, NodePermission.EXECUTE).allowed
-                for node_id in false_path_nodes
-            )
+        decision = self.check_node_access(user, node_id, permission)
-            if false_path_accessible:
-                return false_path_nodes
-            else:
-                # User can't access either path
-                return []
+        if decision.allowed:
+            return None  # No alternative needed
+        # If access denied and alternatives provided, return alternative
+        if alternatives and node_id in alternatives:
+            return alternatives[node_id]
+        return None
     def mask_node_output(
         self, user: UserContext, node_id: str, output: dict[str, Any]
     ) -> dict[str, Any]:
         """Mask sensitive fields in node output"""
-        decision = self.check_node_access(user, node_id, NodePermission.READ_OUTPUT)
+        # If access control is disabled, don't mask anything
+        if not self.enabled:
+            return output
+        decision = self.check_node_access(user, node_id, NodePermission.MASK_OUTPUT)
         if not decision.allowed:
-            # Completely mask output
-            return {"_masked": True, "reason": "Access denied"}
+            # No masking rules found, return original output
+            return output
         if decision.masked_fields:
             # Mask specific fields
@@ -626,7 +639,12 @@ class AccessControlManager:
                 break
         allowed = final_effect == PermissionEffect.ALLOW
-        reason = f"Permission {permission.value} {'granted' if allowed else 'denied'} for {resource_type} {resource_id}"
+        # Set reason based on rules found
+        if not applicable_rules:
+            reason = f"No matching rules found for {resource_type} {resource_id}"
+        else:
+            reason = f"Permission {permission.value} {'granted' if allowed else 'denied'} for {resource_type} {resource_id}"
         return AccessDecision(
             allowed=allowed,

kailash/api/workflow_api.py CHANGED Viewed

@@ -11,7 +11,7 @@ from enum import Enum
 from typing import Any
 import uvicorn
-from fastapi import BackgroundTasks, FastAPI, HTTPException
+from fastapi import BackgroundTasks, FastAPI, HTTPException, Request
 from fastapi.responses import StreamingResponse
 from pydantic import BaseModel, Field
@@ -31,12 +31,26 @@ class ExecutionMode(str, Enum):
 class WorkflowRequest(BaseModel):
     """Base request model for workflow execution."""
-    inputs: dict[str, Any] = Field(..., description="Input data for workflow nodes")
+    inputs: dict[str, Any] | None = Field(
+        None, description="Input data for workflow nodes"
+    )
+    parameters: dict[str, Any] | None = Field(
+        None, description="Legacy: parameters for workflow execution"
+    )
     config: dict[str, Any] | None = Field(
         None, description="Node configuration overrides"
     )
     mode: ExecutionMode = Field(ExecutionMode.SYNC, description="Execution mode")
+    def get_inputs(self) -> dict[str, Any]:
+        """Get inputs, supporting both 'inputs' and 'parameters' format."""
+        if self.inputs is not None:
+            return self.inputs
+        elif self.parameters is not None:
+            return self.parameters
+        else:
+            return {}
 class WorkflowResponse(BaseModel):
     """Base response model for workflow execution."""
@@ -115,6 +129,21 @@ class WorkflowAPI:
     def _setup_routes(self):
         """Setup API routes dynamically based on workflow."""
+        # Root execution endpoint (convenience for direct workflow execution)
+        @self.app.post("/")
+        async def execute_workflow_root(
+            request: Request, background_tasks: BackgroundTasks
+        ):
+            """Execute the workflow with provided inputs (root endpoint)."""
+            try:
+                # Try to parse JSON body
+                json_data = await request.json()
+                workflow_request = WorkflowRequest(**json_data)
+            except:
+                # If no JSON or invalid JSON, create empty request
+                workflow_request = WorkflowRequest()
+            return await execute_workflow(workflow_request, background_tasks)
         # Main execution endpoint
         @self.app.post("/execute")
         async def execute_workflow(
@@ -195,7 +224,9 @@ class WorkflowAPI:
             # Execute workflow with inputs
             results = await asyncio.to_thread(
-                self.runtime.execute, self.workflow_graph, parameters=request.inputs
+                self.runtime.execute,
+                self.workflow_graph,
+                parameters=request.get_inputs(),
             )
             # Handle tuple return from runtime

kailash/mcp_server/discovery.py CHANGED Viewed

@@ -486,7 +486,7 @@ class FileBasedDiscovery(DiscoveryBackend):
             raise
-class NetworkDiscovery:
+class NetworkDiscovery(asyncio.DatagramProtocol):
     """Network-based discovery using UDP broadcast/multicast."""
     DISCOVERY_PORT = 8765
@@ -535,6 +535,40 @@ class NetworkDiscovery:
             self._transport = None
             self._protocol = None
+    # AsyncIO DatagramProtocol methods
+    def connection_made(self, transport):
+        """Called when a connection is made."""
+        self._transport = transport
+        logger.info(f"Network discovery protocol connected on port {self.port}")
+    def datagram_received(self, data, addr):
+        """Called when a datagram is received."""
+        try:
+            message = json.loads(data.decode())
+            # Try to get current event loop
+            try:
+                asyncio.get_running_loop()
+                asyncio.create_task(self._handle_discovery_message(message, addr))
+            except RuntimeError:
+                # No event loop, run synchronously
+                asyncio.run(self._handle_discovery_message(message, addr))
+        except json.JSONDecodeError:
+            logger.warning(f"Invalid JSON received from {addr}")
+        except Exception as e:
+            logger.error(f"Error handling datagram from {addr}: {e}")
+    def error_received(self, exc):
+        """Called when an error is received."""
+        logger.error(f"Network discovery protocol error: {exc}")
+    def connection_lost(self, exc):
+        """Called when the connection is lost."""
+        if exc:
+            logger.error(f"Network discovery connection lost: {exc}")
+        else:
+            logger.info("Network discovery connection closed")
+        self.running = False
     async def start_discovery_listener(self):
         """Start listening for server announcements."""
         await self.start()
@@ -590,6 +624,27 @@ class NetworkDiscovery:
         except (json.JSONDecodeError, KeyError) as e:
             logger.debug(f"Invalid announcement from {addr[0]}: {e}")
+    async def _is_port_open(self, host: str, port: int, timeout: float = 1.0) -> bool:
+        """Check if a port is open on a host.
+        Args:
+            host: Host to check
+            port: Port to check
+            timeout: Connection timeout
+        Returns:
+            True if port is open, False otherwise
+        """
+        try:
+            # Create socket connection with timeout
+            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            sock.settimeout(timeout)
+            result = sock.connect_ex((host, port))
+            sock.close()
+            return result == 0
+        except (OSError, socket.error, socket.timeout):
+            return False
     async def scan_network(
         self, network: str = "192.168.1.0/24", timeout: float = 5.0
     ) -> List[ServerInfo]:
@@ -756,22 +811,6 @@ class NetworkDiscovery:
         else:
             logger.debug(f"Unknown message type: {msg_type}")
-    def datagram_received(self, data: bytes, addr: tuple):
-        """Handle received datagram (part of asyncio protocol)."""
-        try:
-            message = json.loads(data.decode())
-            # Try to get current event loop
-            try:
-                loop = asyncio.get_running_loop()
-                asyncio.create_task(self._handle_discovery_message(message, addr))
-            except RuntimeError:
-                # No event loop, run synchronously
-                asyncio.run(self._handle_discovery_message(message, addr))
-        except json.JSONDecodeError:
-            logger.warning(f"Invalid JSON received from {addr}")
-        except Exception as e:
-            logger.error(f"Error handling datagram from {addr}: {e}")
 class ServiceRegistry:
     """Main service registry coordinating multiple discovery backends."""

kailash/middleware/communication/api_gateway.py CHANGED Viewed

@@ -331,9 +331,23 @@ class APIGateway:
     def _setup_session_routes(self):
         """Setup session management routes."""
+        # Create auth dependency
+        async def get_optional_current_user():
+            """Optional auth dependency - returns None if auth is disabled."""
+            if self.enable_auth and self.auth_manager:
+                # Use auth manager's dependency if available
+                try:
+                    # This would normally use the auth manager's get_current_user_dependency
+                    # For now, return None to avoid complex auth setup
+                    return None
+                except:
+                    return None
+            return None
         @self.app.post("/api/sessions", response_model=SessionResponse)
         async def create_session(
-            request: SessionCreateRequest, current_user: Dict[str, Any] = None
+            request: SessionCreateRequest,
+            current_user: Dict[str, Any] = Depends(get_optional_current_user),
         ):
             """Create a new session for a frontend client."""
             try:
@@ -583,7 +597,13 @@ class APIGateway:
             """Get schemas for available node types."""
             try:
                 # Get all registered nodes
-                available_nodes = self.node_registry.get_all_nodes()
+                # NodeRegistry doesn't have get_all_nodes, need to use _nodes directly
+                available_nodes = {}
+                if hasattr(self.node_registry, "_nodes"):
+                    available_nodes = self.node_registry._nodes.copy()
+                else:
+                    # Fallback - return empty dict
+                    available_nodes = {}
                 # Filter by requested types if specified
                 if request.node_types:
@@ -611,7 +631,7 @@ class APIGateway:
         @self.app.get("/api/schemas/nodes/{node_type}")
         async def get_node_schema(node_type: str):
             """Get schema for a specific node type."""
-            node_class = self.node_registry.get_node(node_type)
+            node_class = self.node_registry.get(node_type)
             if not node_class:
                 raise HTTPException(status_code=404, detail="Node type not found")

kailash/middleware/communication/realtime.py CHANGED Viewed

@@ -177,6 +177,89 @@ class ConnectionManager:
             "active_users": len(self.user_connections),
             "total_messages_sent": total_messages,
         }
+    def filter_events(self, events: List[BaseEvent], event_filter: EventFilter = None) -> List[BaseEvent]:
+        """Filter events based on event filter criteria."""
+        if not event_filter:
+            return events
+        filtered = []
+        for event in events:
+            # Apply session filter
+            if event_filter.session_id and hasattr(event, 'session_id'):
+                if event.session_id != event_filter.session_id:
+                    continue
+            # Apply user filter
+            if event_filter.user_id and hasattr(event, 'user_id'):
+                if event.user_id != event_filter.user_id:
+                    continue
+            # Apply event type filter
+            if event_filter.event_types and event.event_type not in event_filter.event_types:
+                continue
+            filtered.append(event)
+        return filtered
+    def set_event_filter(self, connection_id: str, event_filter: EventFilter):
+        """Set event filter for a specific connection."""
+        if connection_id in self.connections:
+            self.connections[connection_id]["event_filter"] = event_filter
+    def get_event_filter(self, connection_id: str) -> Optional[EventFilter]:
+        """Get event filter for a specific connection."""
+        if connection_id in self.connections:
+            return self.connections[connection_id].get("event_filter")
+        return None
+    # Alias methods for compatibility
+    def event_filter(self, events: List[BaseEvent], filter_criteria: EventFilter = None) -> List[BaseEvent]:
+        """Alias for filter_events method."""
+        return self.filter_events(events, filter_criteria)
+    async def on_event(self, event: BaseEvent):
+        """Handle incoming event - route to appropriate connections."""
+        await self.handle_event(event)
+    async def handle_event(self, event: BaseEvent):
+        """Handle and route event to matching connections."""
+        await self.process_event(event)
+    async def process_event(self, event: BaseEvent):
+        """Process event and broadcast to matching connections."""
+        message = {
+            "type": "event",
+            "event_type": event.event_type.value if hasattr(event.event_type, 'value') else str(event.event_type),
+            "data": event.data,
+            "timestamp": event.timestamp.isoformat() if hasattr(event, 'timestamp') else datetime.now(timezone.utc).isoformat(),
+            "session_id": getattr(event, 'session_id', None),
+            "user_id": getattr(event, 'user_id', None),
+        }
+        # Broadcast to all matching connections
+        for connection_id, connection in self.connections.items():
+            event_filter = connection.get("event_filter")
+            # Check if this connection should receive this event
+            should_send = True
+            if event_filter:
+                # Apply session filter
+                if event_filter.session_id and connection["session_id"] != event_filter.session_id:
+                    should_send = False
+                # Apply user filter
+                if event_filter.user_id and connection["user_id"] != event_filter.user_id:
+                    should_send = False
+                # Apply event type filter
+                if hasattr(event_filter, 'event_types') and event_filter.event_types:
+                    if event.event_type not in event_filter.event_types:
+                        should_send = False
+            if should_send:
+                await self.send_to_connection(connection_id, message)
 class SSEManager:

kailash/middleware/core/agent_ui.py CHANGED Viewed

@@ -944,7 +944,7 @@ class AgentUIMiddleware:
     async def get_available_nodes(self) -> List[Dict[str, Any]]:
         """Get all available node types with their schemas."""
         nodes = []
-        for node_name, node_class in self.node_registry.nodes.items():
+        for node_name, node_class in self.node_registry._nodes.items():
             # Get node schema (would be implemented in schema.py)
             schema = await self._get_node_schema(node_class)
             nodes.append(

kailash 0.7.0__py3-none-any.whl → 0.8.0__py3-none-any.whl

kailash 0.7.0py3-none-any.whl → 0.8.0py3-none-any.whl