PyPI - minder-cli - Versions diffs - 0.2.0__py3-none-any.whl - Mend

minder-cli 0.2.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (132) hide show

minder/__init__.py +12 -0
minder/api/routers/prompts.py +177 -0
minder/application/__init__.py +1 -0
minder/application/admin/__init__.py +11 -0
minder/application/admin/dto.py +453 -0
minder/application/admin/jobs.py +327 -0
minder/application/admin/use_cases.py +1895 -0
minder/auth/__init__.py +12 -0
minder/auth/context.py +26 -0
minder/auth/middleware.py +70 -0
minder/auth/principal.py +59 -0
minder/auth/rate_limiter.py +89 -0
minder/auth/rbac.py +60 -0
minder/auth/service.py +541 -0
minder/bootstrap/__init__.py +9 -0
minder/bootstrap/providers.py +109 -0
minder/bootstrap/transport.py +807 -0
minder/cache/__init__.py +10 -0
minder/cache/providers.py +140 -0
minder/chunking/__init__.py +4 -0
minder/chunking/code_splitter.py +184 -0
minder/chunking/splitter.py +136 -0
minder/cli.py +1542 -0
minder/config.py +179 -0
minder/continuity.py +363 -0
minder/dev.py +160 -0
minder/embedding/__init__.py +9 -0
minder/embedding/base.py +7 -0
minder/embedding/local.py +65 -0
minder/embedding/openai.py +7 -0
minder/graph/__init__.py +11 -0
minder/graph/edges.py +13 -0
minder/graph/executor.py +127 -0
minder/graph/graph.py +263 -0
minder/graph/nodes/__init__.py +27 -0
minder/graph/nodes/evaluator.py +21 -0
minder/graph/nodes/guard.py +64 -0
minder/graph/nodes/llm.py +59 -0
minder/graph/nodes/planning.py +30 -0
minder/graph/nodes/reasoning.py +87 -0
minder/graph/nodes/reranker.py +141 -0
minder/graph/nodes/retriever.py +86 -0
minder/graph/nodes/verification.py +230 -0
minder/graph/nodes/workflow_planner.py +250 -0
minder/graph/runtime.py +15 -0
minder/graph/state.py +26 -0
minder/llm/__init__.py +5 -0
minder/llm/base.py +14 -0
minder/llm/local.py +381 -0
minder/llm/openai.py +89 -0
minder/models/__init__.py +109 -0
minder/models/base.py +10 -0
minder/models/client.py +137 -0
minder/models/document.py +34 -0
minder/models/error.py +32 -0
minder/models/graph.py +114 -0
minder/models/history.py +32 -0
minder/models/job.py +62 -0
minder/models/prompt.py +41 -0
minder/models/repository.py +62 -0
minder/models/rule.py +68 -0
minder/models/session.py +51 -0
minder/models/skill.py +52 -0
minder/models/user.py +41 -0
minder/models/workflow.py +35 -0
minder/observability/__init__.py +57 -0
minder/observability/audit.py +243 -0
minder/observability/logging.py +253 -0
minder/observability/metrics.py +448 -0
minder/observability/tracing.py +215 -0
minder/presentation/__init__.py +1 -0
minder/presentation/http/__init__.py +1 -0
minder/presentation/http/admin/__init__.py +3 -0
minder/presentation/http/admin/api.py +1309 -0
minder/presentation/http/admin/context.py +94 -0
minder/presentation/http/admin/dashboard.py +111 -0
minder/presentation/http/admin/jobs.py +208 -0
minder/presentation/http/admin/memories.py +185 -0
minder/presentation/http/admin/prompts.py +219 -0
minder/presentation/http/admin/routes.py +127 -0
minder/presentation/http/admin/runtime.py +650 -0
minder/presentation/http/admin/search.py +368 -0
minder/presentation/http/admin/skills.py +230 -0
minder/prompts/__init__.py +646 -0
minder/prompts/formatter.py +142 -0
minder/resources/__init__.py +318 -0
minder/retrieval/__init__.py +5 -0
minder/retrieval/hybrid.py +178 -0
minder/retrieval/mmr.py +116 -0
minder/retrieval/multi_hop.py +115 -0
minder/runtime.py +15 -0
minder/server.py +145 -0
minder/store/__init__.py +64 -0
minder/store/document.py +115 -0
minder/store/error.py +82 -0
minder/store/feedback.py +114 -0
minder/store/graph.py +588 -0
minder/store/history.py +57 -0
minder/store/interfaces.py +512 -0
minder/store/milvus/__init__.py +11 -0
minder/store/milvus/client.py +26 -0
minder/store/milvus/collections.py +15 -0
minder/store/milvus/vector_store.py +232 -0
minder/store/mongodb/__init__.py +11 -0
minder/store/mongodb/client.py +49 -0
minder/store/mongodb/indexes.py +90 -0
minder/store/mongodb/operational_store.py +993 -0
minder/store/relational.py +1087 -0
minder/store/repo_state.py +58 -0
minder/store/rule.py +93 -0
minder/store/vector.py +79 -0
minder/tools/__init__.py +47 -0
minder/tools/auth.py +94 -0
minder/tools/graph.py +839 -0
minder/tools/ingest.py +353 -0
minder/tools/memory.py +381 -0
minder/tools/query.py +307 -0
minder/tools/registry.py +269 -0
minder/tools/repo_scanner.py +1266 -0
minder/tools/search.py +15 -0
minder/tools/session.py +316 -0
minder/tools/skills.py +899 -0
minder/tools/workflow.py +215 -0
minder/transport/__init__.py +4 -0
minder/transport/base.py +286 -0
minder/transport/sse.py +252 -0
minder/transport/stdio.py +29 -0
minder_cli-0.2.0.dist-info/METADATA +318 -0
minder_cli-0.2.0.dist-info/RECORD +132 -0
minder_cli-0.2.0.dist-info/WHEEL +4 -0
minder_cli-0.2.0.dist-info/entry_points.txt +2 -0
minder_cli-0.2.0.dist-info/licenses/LICENSE +201 -0

minder/auth/__init__.py ADDED Viewed

@@ -0,0 +1,12 @@
+from .service import AuthService, AuthError, UserRole, ROLE_HIERARCHY
+from .rbac import require_role
+from .middleware import AuthMiddleware
+__all__ = [
+    "AuthService",
+    "AuthError",
+    "UserRole",
+    "ROLE_HIERARCHY",
+    "require_role",
+    "AuthMiddleware",
+]

minder/auth/context.py ADDED Viewed

@@ -0,0 +1,26 @@
+from contextvars import ContextVar
+from typing import Optional
+from minder.auth.principal import Principal
+from minder.models.user import User
+_current_user: ContextVar[Optional[User]] = ContextVar("current_user", default=None)
+_current_principal: ContextVar[Optional[Principal]] = ContextVar("current_principal", default=None)
+def set_current_user(user: Optional[User]) -> None:
+    _current_user.set(user)
+def get_current_user() -> Optional[User]:
+    return _current_user.get()
+def set_current_principal(principal: Optional[Principal]) -> None:
+    _current_principal.set(principal)
+    if principal is None or not hasattr(principal, "user"):
+        _current_user.set(None)
+    else:
+        _current_user.set(getattr(principal, "user"))
+def get_current_principal() -> Optional[Principal]:
+    return _current_principal.get()

minder/auth/middleware.py ADDED Viewed

@@ -0,0 +1,70 @@
+"""
+Auth Middleware — JWT extraction and validation for SSE / HTTP connections.
+Usage:
+    middleware = AuthMiddleware(auth_service)
+    user = await middleware.authenticate(request.headers.get("Authorization"))
+"""
+from typing import Optional
+from minder.auth.principal import Principal
+from minder.auth.service import AuthError, AuthService
+from minder.models.user import User
+class AuthMiddleware:
+    """
+    Extracts Bearer JWT from the Authorization header and returns the
+    authenticated User.  Raises AuthError on any failure so callers can
+    convert it to the appropriate HTTP/transport error.
+    """
+    def __init__(self, auth_service: AuthService) -> None:
+        self._auth = auth_service
+    # ------------------------------------------------------------------
+    # Public API
+    # ------------------------------------------------------------------
+    def extract_bearer_token(self, authorization: Optional[str]) -> str:
+        """
+        Parse 'Bearer <token>' from the Authorization header value.
+        Raises:
+            AuthError(AUTH_MISSING_TOKEN)  — header absent or empty.
+            AuthError(AUTH_INVALID_HEADER) — wrong scheme or malformed.
+        """
+        if not authorization or not authorization.strip():
+            raise AuthError("AUTH_MISSING_TOKEN", "Authorization header is required")
+        parts = authorization.strip().split(" ", 1)
+        if len(parts) != 2 or parts[0].lower() != "bearer":
+            raise AuthError(
+                "AUTH_INVALID_HEADER",
+                "Authorization header must use 'Bearer <token>' scheme",
+            )
+        token = parts[1].strip()
+        if not token:
+            raise AuthError("AUTH_MISSING_TOKEN", "Bearer token value is empty")
+        return token
+    async def authenticate(self, authorization: Optional[str]) -> User:
+        """
+        Full authentication flow: extract token → validate JWT → return user.
+        Raises AuthError on any failure.
+        """
+        token = self.extract_bearer_token(authorization)
+        return await self._auth.get_user_from_jwt(token)
+    async def authenticate_principal(
+        self,
+        authorization: Optional[str] = None,
+        *,
+        client_key: Optional[str] = None,
+    ) -> Principal:
+        if client_key and client_key.strip():
+            return await self._auth.get_principal_from_client_key(client_key.strip())
+        token = self.extract_bearer_token(authorization)
+        return await self._auth.get_principal_from_token(token)

minder/auth/principal.py ADDED Viewed

@@ -0,0 +1,59 @@
+from __future__ import annotations
+import uuid
+from dataclasses import dataclass, field
+from typing import Any
+from minder.models.user import User
+@dataclass(slots=True)
+class Principal:
+    principal_type: str
+    principal_id: uuid.UUID
+    role: str
+    scopes: list[str] = field(default_factory=list)
+    repo_scope: list[str] = field(default_factory=list)
+    metadata: dict[str, Any] = field(default_factory=dict)
+@dataclass(slots=True)
+class AdminUserPrincipal(Principal):
+    user: User | None = None
+    def __init__(self, user: User) -> None:
+        super().__init__(
+            principal_type="user",
+            principal_id=user.id,
+            role=user.role,
+            scopes=[],
+            repo_scope=[],
+            metadata={"email": user.email, "username": user.username},
+        )
+        self.user = user
+@dataclass(slots=True)
+class ClientPrincipal(Principal):
+    client_id: uuid.UUID = field(init=False)
+    client_slug: str = field(init=False)
+    def __init__(
+        self,
+        *,
+        client_id: uuid.UUID,
+        client_slug: str,
+        scopes: list[str],
+        repo_scope: list[str],
+        metadata: dict[str, Any] | None = None,
+    ) -> None:
+        super().__init__(
+            principal_type="client",
+            principal_id=client_id,
+            role="client",
+            scopes=scopes,
+            repo_scope=repo_scope,
+            metadata=metadata or {},
+        )
+        self.client_id = client_id
+        self.client_slug = client_slug

minder/auth/rate_limiter.py ADDED Viewed

@@ -0,0 +1,89 @@
+from __future__ import annotations
+import time
+from dataclasses import dataclass
+from minder.auth.principal import Principal
+from minder.auth.service import AuthError
+from minder.config import MinderConfig
+from minder.store.interfaces import ICacheProvider
+class RateLimitError(AuthError):
+    def __init__(self, message: str) -> None:
+        super().__init__("AUTH_RATE_LIMITED", message)
+@dataclass(slots=True)
+class RateLimitDecision:
+    limit: int
+    count: int
+    remaining: int
+    reset_at: int
+class RateLimiter:
+    def __init__(
+        self,
+        *,
+        cache: ICacheProvider,
+        config: MinderConfig,
+    ) -> None:
+        self._cache = cache
+        self._config = config
+    def enabled(self) -> bool:
+        return self._config.rate_limit.enabled
+    def _limit_for_principal(self, principal: Principal) -> int:
+        if principal.principal_type == "client":
+            return self._config.rate_limit.client_limit
+        role = principal.role
+        if role == "admin":
+            return self._config.rate_limit.admin_limit
+        if role == "readonly":
+            return self._config.rate_limit.readonly_limit
+        return self._config.rate_limit.member_limit
+    def _key(self, principal: Principal, tool_name: str, window_start: int) -> str:
+        return f"rate_limit:{principal.principal_type}:{principal.principal_id}:{tool_name}:{window_start}"
+    async def enforce(self, *, principal: Principal, tool_name: str) -> RateLimitDecision:
+        limit = self._limit_for_principal(principal)
+        now = int(time.time())
+        window = self._config.rate_limit.window_seconds
+        window_start = now - (now % window)
+        reset_at = window_start + window
+        key = self._key(principal, tool_name, window_start)
+        count = await self._cache.incr(key)
+        if count == 1:
+            await self._cache.expire(key, window)
+        if count > limit:
+            raise RateLimitError(
+                f"Rate limit exceeded for {principal.principal_type} '{principal.principal_id}' on tool '{tool_name}'"
+            )
+        return RateLimitDecision(
+            limit=limit,
+            count=count,
+            remaining=max(limit - count, 0),
+            reset_at=reset_at,
+        )
+    async def get_usage(self, *, principal: Principal, tool_name: str) -> dict[str, int]:
+        limit = self._limit_for_principal(principal)
+        now = int(time.time())
+        window = self._config.rate_limit.window_seconds
+        window_start = now - (now % window)
+        reset_at = window_start + window
+        key = self._key(principal, tool_name, window_start)
+        raw = await self._cache.get(key)
+        count = int(raw or "0")
+        return {
+            "count": count,
+            "limit": limit,
+            "remaining": max(limit - count, 0),
+            "reset_at": reset_at,
+        }

minder/auth/rbac.py ADDED Viewed

@@ -0,0 +1,60 @@
+"""
+RBAC — role-based access control decorator.
+Usage:
+    @require_role(UserRole.ADMIN)
+    async def admin_only_handler(*args, user: User, **kwargs):
+        ...
+The decorated function must receive the authenticated `user` as a keyword arg.
+"""
+import functools
+from typing import Any, Callable
+from minder.auth.service import AuthError, ROLE_HIERARCHY, UserRole
+from minder.models.user import User
+def require_role(min_role: UserRole) -> Callable:
+    """
+    Decorator that enforces a minimum role on an async handler.
+    Raises:
+        AuthError(AUTH_NO_USER)            — if `user` kwarg is absent.
+        AuthError(AUTH_INSUFFICIENT_ROLE)  — if user's role is below min_role.
+    """
+    def decorator(func: Callable) -> Callable:
+        @functools.wraps(func)
+        async def wrapper(*args: Any, **kwargs: Any) -> Any:
+            user: User | None = kwargs.get("user")
+            if user is None:
+                raise AuthError(
+                    "AUTH_NO_USER",
+                    "No authenticated user provided to role-guarded handler",
+                )
+            try:
+                user_role = UserRole(user.role)
+            except ValueError:
+                raise AuthError(
+                    "AUTH_UNKNOWN_ROLE",
+                    f"Unrecognised role value: {user.role!r}",
+                )
+            user_level = ROLE_HIERARCHY.get(user_role, 0)
+            required_level = ROLE_HIERARCHY.get(min_role, 0)
+            if user_level < required_level:
+                raise AuthError(
+                    "AUTH_INSUFFICIENT_ROLE",
+                    (
+                        f"Role '{user_role.value}' is insufficient. "
+                        f"Required: '{min_role.value}' or higher."
+                    ),
+                )
+            return await func(*args, **kwargs)
+        return wrapper
+    return decorator