minder-cli 0.2.0__py3-none-any.whl

minder/models/repository.py

@@ -0,0 +1,62 @@
+import uuid
+from datetime import datetime, UTC
+from typing import Dict, Any, List, Optional
+from sqlalchemy.orm import Mapped, mapped_column
+from sqlalchemy import String, DateTime, UUID, JSON, func
+from pydantic import Field
+
+from .base import Base, BaseModelMeta
+
+class RepositorySchema(BaseModelMeta):
+    id: uuid.UUID = Field(default_factory=uuid.uuid4)
+    repo_name: str
+    repo_url: str
+    default_branch: str
+    tracked_branches: List[str] = Field(default_factory=list)
+    workflow_id: Optional[uuid.UUID] = None
+    state_path: str = ".minder"
+    context_snapshot: Dict[str, Any] = Field(default_factory=dict)
+    relationships: Dict[str, Any] = Field(default_factory=dict)
+    created_at: datetime = Field(default_factory=lambda: datetime.now(UTC))
+    updated_at: datetime = Field(default_factory=lambda: datetime.now(UTC))
+
+class Repository(Base):
+    __tablename__ = "repositories"
+
+    id: Mapped[uuid.UUID] = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    company_id: Mapped[str] = mapped_column(String, index=True, default="default")
+    repo_name: Mapped[str] = mapped_column(String, index=True)
+    repo_url: Mapped[str] = mapped_column(String)
+    default_branch: Mapped[str] = mapped_column(String)
+    # v2: list of branches that have been synced/tracked (stored as JSON array)
+    tracked_branches: Mapped[List[str]] = mapped_column(JSON, default=list, nullable=True)
+    workflow_id: Mapped[Optional[uuid.UUID]] = mapped_column(UUID(as_uuid=True), nullable=True)
+    state_path: Mapped[str] = mapped_column(String, default=".minder")
+    context_snapshot: Mapped[Dict[str, Any]] = mapped_column(JSON, default=dict)
+    relationships: Mapped[Dict[str, Any]] = mapped_column(JSON, default=dict)
+    created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now())
+    updated_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now())
+
+class RepositoryWorkflowStateSchema(BaseModelMeta):
+    id: uuid.UUID = Field(default_factory=uuid.uuid4)
+    repo_id: uuid.UUID
+    session_id: Optional[uuid.UUID] = None
+    current_step: str
+    completed_steps: List[str] = Field(default_factory=list)
+    blocked_by: List[str] = Field(default_factory=list)
+    artifacts: Dict[str, Any] = Field(default_factory=dict)
+    next_step: Optional[str] = None
+    updated_at: datetime = Field(default_factory=lambda: datetime.now(UTC))
+
+class RepositoryWorkflowState(Base):
+    __tablename__ = "repository_workflow_states"
+
+    id: Mapped[uuid.UUID] = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    repo_id: Mapped[uuid.UUID] = mapped_column(UUID(as_uuid=True), index=True)
+    session_id: Mapped[Optional[uuid.UUID]] = mapped_column(UUID(as_uuid=True), nullable=True, index=True)
+    current_step: Mapped[str] = mapped_column(String)
+    completed_steps: Mapped[Dict[str, Any]] = mapped_column(JSON, default=list)  # stored as JSON list
+    blocked_by: Mapped[Dict[str, Any]] = mapped_column(JSON, default=list)       # stored as JSON list
+    artifacts: Mapped[Dict[str, Any]] = mapped_column(JSON, default=dict)
+    next_step: Mapped[Optional[str]] = mapped_column(String, nullable=True)
+    updated_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now())

minder/models/rule.py

@@ -0,0 +1,68 @@
+import uuid
+from datetime import datetime, UTC
+from sqlalchemy.orm import Mapped, mapped_column
+from sqlalchemy import JSON, String, Boolean, Integer, DateTime, UUID, func
+from pydantic import Field
+
+from .base import Base, BaseModelMeta
+
+
+class RuleSchema(BaseModelMeta):
+    id: uuid.UUID = Field(default_factory=uuid.uuid4)
+    title: str
+    description: str
+    pattern: str
+    content: str
+    priority: int = 0
+    scope: str  # enum: global, project, language, repository
+    active: bool = True
+    created_at: datetime = Field(default_factory=lambda: datetime.now(UTC))
+
+
+class Rule(Base):
+    __tablename__ = "rules"
+
+    id: Mapped[uuid.UUID] = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    title: Mapped[str] = mapped_column(String)
+    description: Mapped[str] = mapped_column(String)
+    pattern: Mapped[str] = mapped_column(String)
+    content: Mapped[str] = mapped_column(String)
+    priority: Mapped[int] = mapped_column(Integer, default=0)
+    scope: Mapped[str] = mapped_column(String, index=True)
+    active: Mapped[bool] = mapped_column(Boolean, default=True)
+    created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now())
+
+
+class FeedbackSchema(BaseModelMeta):
+    id: uuid.UUID = Field(default_factory=uuid.uuid4)
+    entity_type: str  # enum: skill, response, retrieval, workflow
+    entity_id: uuid.UUID
+    rating: int  # 1 to 5
+    feedback_text: str = ""
+    context: dict = Field(default_factory=dict)
+    created_at: datetime = Field(default_factory=lambda: datetime.now(UTC))
+
+
+class Feedback(Base):
+    """SQLAlchemy ORM model for user/system feedback on entities."""
+
+    __tablename__ = "feedback"
+
+    id: Mapped[uuid.UUID] = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    entity_type: Mapped[str] = mapped_column(String, index=True)
+    entity_id: Mapped[uuid.UUID] = mapped_column(UUID(as_uuid=True), index=True)
+    rating: Mapped[int] = mapped_column(Integer)
+    feedback_text: Mapped[str] = mapped_column(String, default="")
+    context: Mapped[dict] = mapped_column(JSON, default=dict)
+    created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now())
+
+
+class MetadataSchema(BaseModelMeta):
+    id: uuid.UUID = Field(default_factory=uuid.uuid4)
+    entity_type: str  # enum: skill, history, error, document, workflow
+    entity_id: uuid.UUID
+    key: str
+    value: dict = Field(default_factory=dict)
+    source: str  # enum: user, system, import
+    version: int = 1
+    created_at: datetime = Field(default_factory=lambda: datetime.now(UTC))

minder/models/session.py

@@ -0,0 +1,51 @@
+import uuid
+from datetime import datetime, UTC
+from typing import Dict, Any, Optional
+from sqlalchemy.orm import Mapped, mapped_column
+from sqlalchemy import String, Integer, DateTime, UUID, JSON, func
+from pydantic import Field
+
+from .base import Base, BaseModelMeta
+
+class SessionSchema(BaseModelMeta):
+    """Pydantic schema for session serialisation / validation."""
+
+    id: uuid.UUID = Field(default_factory=uuid.uuid4)
+    # Owner — exactly one of user_id or client_id is set.
+    user_id: Optional[uuid.UUID] = None
+    client_id: Optional[uuid.UUID] = None
+    # Human-readable project label for cross-environment lookup.
+    name: Optional[str] = None
+    repo_id: Optional[uuid.UUID] = None
+    project_context: Dict[str, Any] = Field(default_factory=dict)
+    active_skills: Dict[str, Any] = Field(default_factory=dict)
+    state: Dict[str, Any] = Field(default_factory=dict)
+    ttl: int = 86400  # 24 h default — long enough for multi-day work continuity
+    created_at: datetime = Field(default_factory=lambda: datetime.now(UTC))
+    last_active: datetime = Field(default_factory=lambda: datetime.now(UTC))
+
+
+class Session(Base):
+    """SQLAlchemy ORM model for the ``sessions`` table.
+
+    Production store: MongoDB (``src/minder/store/mongodb/operational_store.py``).
+    This SQLAlchemy model is retained for unit-test fixtures (SQLite in-memory)
+    and is created fresh via ``Base.metadata.create_all`` — no migration needed.
+    """
+
+    __tablename__ = "sessions"
+
+    id: Mapped[uuid.UUID] = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    company_id: Mapped[str] = mapped_column(String, index=True, default="default")
+    # Owner columns — mutually exclusive, both nullable.
+    user_id: Mapped[Optional[uuid.UUID]] = mapped_column(UUID(as_uuid=True), nullable=True, index=True)
+    client_id: Mapped[Optional[uuid.UUID]] = mapped_column(UUID(as_uuid=True), nullable=True, index=True)
+    # Optional project label — enables cross-environment lookup by name.
+    name: Mapped[Optional[str]] = mapped_column(String, nullable=True, index=True)
+    repo_id: Mapped[Optional[uuid.UUID]] = mapped_column(UUID(as_uuid=True), nullable=True, index=True)
+    project_context: Mapped[Dict[str, Any]] = mapped_column(JSON, default=dict)
+    active_skills: Mapped[Dict[str, Any]] = mapped_column(JSON, default=dict)
+    state: Mapped[Dict[str, Any]] = mapped_column(JSON, default=dict)
+    ttl: Mapped[int] = mapped_column(Integer, default=86400)
+    created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now())
+    last_active: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now())

minder/models/skill.py

@@ -0,0 +1,52 @@
+import uuid
+from datetime import datetime, UTC
+from typing import Dict, Any, List, Optional
+from sqlalchemy.orm import Mapped, mapped_column
+from sqlalchemy import String, Integer, Float, DateTime, UUID, JSON, func
+from pydantic import Field
+
+from .base import Base, BaseModelMeta
+
+
+# Pydantic Schema
+class SkillSchema(BaseModelMeta):
+    id: uuid.UUID = Field(default_factory=uuid.uuid4)
+    title: str
+    content: str
+    language: str
+    tags: List[str] = Field(default_factory=list)
+    embedding: Optional[List[float]] = None  # vector(default 768) stored as JSON list
+    usage_count: int = 0
+    quality_score: float = 0.0
+    source_metadata: Optional[Dict[str, Any]] = None
+    excerpt_kind: str = "none"
+    created_at: datetime = Field(default_factory=lambda: datetime.now(UTC))
+    updated_at: datetime = Field(default_factory=lambda: datetime.now(UTC))
+
+
+# SQLAlchemy Model
+class Skill(Base):
+    __tablename__ = "skills"
+
+    id: Mapped[uuid.UUID] = mapped_column(
+        UUID(as_uuid=True), primary_key=True, default=uuid.uuid4
+    )
+    company_id: Mapped[str] = mapped_column(String, index=True, default="default")
+    title: Mapped[str] = mapped_column(String, index=True)
+    content: Mapped[str] = mapped_column(String)
+    language: Mapped[str] = mapped_column(String, index=True)
+    tags: Mapped[Dict[str, Any]] = mapped_column(JSON, default=list)
+    # Embedding stored as JSON list for cross-dialect compatibility (SQLite dev / PostgreSQL prod)
+    embedding: Mapped[Optional[Dict[str, Any]]] = mapped_column(JSON, nullable=True)
+    usage_count: Mapped[int] = mapped_column(Integer, default=0)
+    quality_score: Mapped[float] = mapped_column(Float, default=0.0)
+    source_metadata: Mapped[Optional[Dict[str, Any]]] = mapped_column(
+        JSON, nullable=True
+    )
+    excerpt_kind: Mapped[str] = mapped_column(String, default="none")
+    created_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True), server_default=func.now()
+    )
+    updated_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True), server_default=func.now(), onupdate=func.now()
+    )

minder/models/user.py

@@ -0,0 +1,41 @@
+import uuid
+from datetime import datetime, UTC
+from typing import Dict, Any, Optional
+from sqlalchemy.orm import Mapped, mapped_column
+from sqlalchemy import String, Boolean, DateTime, UUID, JSON, func
+from pydantic import Field
+
+from .base import Base, BaseModelMeta
+
+# Pydantic Schema
+class UserSchema(BaseModelMeta):
+    id: uuid.UUID = Field(default_factory=uuid.uuid4)
+    email: str
+    username: str
+    display_name: str
+    api_key_hash: str
+    # bcrypt/pbkdf2 hash of the login password; None means password login disabled
+    password_hash: Optional[str] = None
+    role: str
+    settings: Dict[str, Any] = Field(default_factory=dict)
+    is_active: bool = True
+    created_at: datetime = Field(default_factory=lambda: datetime.now(UTC))
+    last_login: Optional[datetime] = None
+
+# SQLAlchemy Model
+class User(Base):
+    __tablename__ = "users"
+
+    id: Mapped[uuid.UUID] = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    company_id: Mapped[str] = mapped_column(String, index=True, default="default")
+    email: Mapped[str] = mapped_column(String, unique=True, index=True)
+    username: Mapped[str] = mapped_column(String, unique=True, index=True)
+    display_name: Mapped[str] = mapped_column(String)
+    api_key_hash: Mapped[str] = mapped_column(String)
+    # Optional bcrypt/pbkdf2 hash — null means only API-key auth available
+    password_hash: Mapped[Optional[str]] = mapped_column(String, nullable=True)
+    role: Mapped[str] = mapped_column(String)
+    settings: Mapped[Dict[str, Any]] = mapped_column(JSON, default=dict)
+    is_active: Mapped[bool] = mapped_column(Boolean, default=True)
+    created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now())
+    last_login: Mapped[Optional[datetime]] = mapped_column(DateTime(timezone=True), nullable=True)

minder/models/workflow.py

@@ -0,0 +1,35 @@
+import uuid
+from datetime import datetime, UTC
+from typing import Dict, Any, List
+from sqlalchemy.orm import Mapped, mapped_column
+from sqlalchemy import String, Boolean, Integer, DateTime, UUID, JSON, func
+from pydantic import Field
+
+from .base import Base, BaseModelMeta
+
+class WorkflowSchema(BaseModelMeta):
+    id: uuid.UUID = Field(default_factory=uuid.uuid4)
+    name: str
+    description: str = ""
+    enforcement: str = "strict"
+    version: int = 1
+    steps: List[Dict[str, Any]] = Field(default_factory=list)
+    policies: Dict[str, Any] = Field(default_factory=dict)
+    default_for_repo: bool = False
+    created_at: datetime = Field(default_factory=lambda: datetime.now(UTC))
+    updated_at: datetime = Field(default_factory=lambda: datetime.now(UTC))
+
+class Workflow(Base):
+    __tablename__ = "workflows"
+
+    id: Mapped[uuid.UUID] = mapped_column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    company_id: Mapped[str] = mapped_column(String, index=True, default="default")
+    name: Mapped[str] = mapped_column(String, index=True)
+    description: Mapped[str] = mapped_column(String, default="")
+    enforcement: Mapped[str] = mapped_column(String, default="strict")
+    version: Mapped[int] = mapped_column(Integer, default=1)
+    steps: Mapped[Dict[str, Any]] = mapped_column(JSON, default=list)  # list of step dicts
+    policies: Mapped[Dict[str, Any]] = mapped_column(JSON, default=dict)
+    default_for_repo: Mapped[bool] = mapped_column(Boolean, default=False)
+    created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now())
+    updated_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now())

minder/observability/__init__.py

@@ -0,0 +1,57 @@
+"""Observability package for Minder.
+
+Public re-exports used throughout the application:
+
+    from minder.observability import (
+        configure_logging,
+        configure_tracing,
+        get_tracer,
+        trace_async,
+        record_tool_call,
+        record_auth_event,
+        record_http_request,
+        AuditEmitter,
+        metrics_endpoint,
+        CorrelationIdMiddleware,
+        AccessLogMiddleware,
+    )
+"""
+from __future__ import annotations
+
+from minder.observability.audit import AuditEmitter
+from minder.observability.logging import (
+    AccessLogMiddleware,
+    CorrelationIdMiddleware,
+    JsonFormatter,
+    configure_json_logging,
+    get_correlation_id,
+)
+from minder.observability.metrics import (
+    metrics_endpoint,
+    record_admin_operation,
+    record_auth_event,
+    record_http_request,
+    record_tool_call,
+)
+from minder.observability.tracing import configure_tracing, get_tracer, trace_async
+
+__all__ = [
+    # audit
+    "AuditEmitter",
+    # logging
+    "AccessLogMiddleware",
+    "CorrelationIdMiddleware",
+    "JsonFormatter",
+    "configure_json_logging",
+    "get_correlation_id",
+    # metrics
+    "metrics_endpoint",
+    "record_admin_operation",
+    "record_auth_event",
+    "record_http_request",
+    "record_tool_call",
+    # tracing
+    "configure_tracing",
+    "get_tracer",
+    "trace_async",
+]

minder/observability/audit.py

@@ -0,0 +1,243 @@
+"""Durable audit event emitter for Minder.
+
+Wraps ``store.create_audit_log()`` with a higher-level convenience API and
+also emits a structured log entry for every event so that operators have
+both persistent audit records and real-time log streams.
+
+Usage::
+
+    emitter = AuditEmitter(store=store)
+
+    await emitter.emit(
+        actor_type="admin",
+        actor_id=str(admin.id),
+        event_type="client.created",
+        resource_type="client",
+        resource_id=str(client.id),
+        outcome="success",
+    )
+
+    # Convenience helpers
+    await emitter.client_created(actor_id=..., client_id=..., metadata={...})
+    await emitter.key_rotated(actor_id=..., client_id=...)
+    await emitter.auth_login(actor_id=..., outcome="success")
+"""
+from __future__ import annotations
+
+import logging
+import uuid
+from typing import Any
+
+from minder.store.interfaces import IOperationalStore
+
+_log = logging.getLogger(__name__)
+
+
+class AuditEmitter:
+    """Emit structured audit events to the operational store and to the log.
+
+    An ``AuditEmitter`` is safe to construct once at application start and
+    reused across requests.  All methods are coroutines because the store
+    write is async.
+    """
+
+    def __init__(self, store: IOperationalStore) -> None:
+        self._store = store
+
+    # ------------------------------------------------------------------
+    # Core emit
+    # ------------------------------------------------------------------
+
+    async def emit(
+        self,
+        *,
+        actor_type: str,
+        actor_id: str,
+        event_type: str,
+        resource_type: str,
+        resource_id: str,
+        outcome: str = "success",
+        metadata: dict[str, Any] | None = None,
+    ) -> None:
+        """Persist one audit event and write it to the structured log.
+
+        Args:
+            actor_type:    Who performed the action (``"admin"`` | ``"client"`` | ``"system"``).
+            actor_id:      UUID string of the actor.
+            event_type:    Dot-separated action label (``"client.created"``, ``"key.rotated"``…).
+            resource_type: Type of the affected resource (``"client"`` | ``"key"`` | …).
+            resource_id:   UUID string of the affected resource.
+            outcome:       ``"success"`` | ``"failure"`` | ``"denied"``.
+            metadata:      Optional extra structured data persisted with the event.
+        """
+        audit_metadata = metadata or {}
+
+        try:
+            await self._store.create_audit_log(
+                id=str(uuid.uuid4()),
+                actor_type=actor_type,
+                actor_id=actor_id,
+                event_type=event_type,
+                resource_type=resource_type,
+                resource_id=resource_id,
+                outcome=outcome,
+                audit_metadata=audit_metadata,
+            )
+        except Exception:
+            _log.exception(
+                "Failed to persist audit event",
+                extra={
+                    "audit_event_type": event_type,
+                    "audit_actor_id": actor_id,
+                    "audit_resource_id": resource_id,
+                    "audit_outcome": outcome,
+                },
+            )
+
+        _log.info(
+            "audit: %s %s → %s",
+            actor_type,
+            event_type,
+            outcome,
+            extra={
+                "audit_actor_type": actor_type,
+                "audit_actor_id": actor_id,
+                "audit_event_type": event_type,
+                "audit_resource_type": resource_type,
+                "audit_resource_id": resource_id,
+                "audit_outcome": outcome,
+                **audit_metadata,
+            },
+        )
+
+    # ------------------------------------------------------------------
+    # Convenience helpers — auth/lifecycle events
+    # ------------------------------------------------------------------
+
+    async def auth_login(
+        self,
+        *,
+        actor_id: str,
+        actor_type: str = "admin",
+        outcome: str = "success",
+        metadata: dict[str, Any] | None = None,
+    ) -> None:
+        await self.emit(
+            actor_type=actor_type,
+            actor_id=actor_id,
+            event_type="auth.login",
+            resource_type="session",
+            resource_id=actor_id,
+            outcome=outcome,
+            metadata=metadata,
+        )
+
+    async def auth_logout(
+        self,
+        *,
+        actor_id: str,
+        actor_type: str = "admin",
+    ) -> None:
+        await self.emit(
+            actor_type=actor_type,
+            actor_id=actor_id,
+            event_type="auth.logout",
+            resource_type="session",
+            resource_id=actor_id,
+        )
+
+    async def client_created(
+        self,
+        *,
+        actor_id: str,
+        client_id: str,
+        metadata: dict[str, Any] | None = None,
+    ) -> None:
+        await self.emit(
+            actor_type="admin",
+            actor_id=actor_id,
+            event_type="client.created",
+            resource_type="client",
+            resource_id=client_id,
+            metadata=metadata,
+        )
+
+    async def client_updated(
+        self,
+        *,
+        actor_id: str,
+        client_id: str,
+        fields_changed: list[str] | None = None,
+    ) -> None:
+        await self.emit(
+            actor_type="admin",
+            actor_id=actor_id,
+            event_type="client.updated",
+            resource_type="client",
+            resource_id=client_id,
+            metadata={"fields_changed": fields_changed or []},
+        )
+
+    async def key_rotated(
+        self,
+        *,
+        actor_id: str,
+        client_id: str,
+    ) -> None:
+        await self.emit(
+            actor_type="admin",
+            actor_id=actor_id,
+            event_type="key.rotated",
+            resource_type="client",
+            resource_id=client_id,
+        )
+
+    async def key_revoked(
+        self,
+        *,
+        actor_id: str,
+        client_id: str,
+    ) -> None:
+        await self.emit(
+            actor_type="admin",
+            actor_id=actor_id,
+            event_type="key.revoked",
+            resource_type="client",
+            resource_id=client_id,
+        )
+
+    async def token_exchanged(
+        self,
+        *,
+        actor_id: str,
+        client_id: str,
+        scopes: list[str] | None = None,
+        outcome: str = "success",
+    ) -> None:
+        await self.emit(
+            actor_type="client",
+            actor_id=actor_id,
+            event_type="token.exchanged",
+            resource_type="client",
+            resource_id=client_id,
+            outcome=outcome,
+            metadata={"scopes": scopes or []},
+        )
+
+    async def tool_call(
+        self,
+        *,
+        actor_id: str,
+        tool_name: str,
+        outcome: str = "success",
+        metadata: dict[str, Any] | None = None,
+    ) -> None:
+        await self.emit(
+            actor_type="client",
+            actor_id=actor_id,
+            event_type=f"tool.{tool_name}",
+            resource_type="tool",
+            resource_id=tool_name,
+            outcome=outcome,
+            metadata=metadata,
+        )