mrok 0.6.0__py3-none-any.whl → 0.8.0__py3-none-any.whl

mrok/ziti/api.py

@@ -38,7 +38,7 @@ class ZitiBadRequestError(ZitiAPIError):
 class BaseZitiAPI(ABC):
     def __init__(self, settings: Settings):
         self.settings = settings
-        self.limit = self.settings.pagination.limit
+        self.limit = self.settings.controller.pagination.limit
         self.token = None
 
     @property
@@ -62,7 +62,7 @@ class BaseZitiAPI(ABC):
             auth=self.auth,
             verify=self.settings.ziti.ssl_verify,
             timeout=httpx.Timeout(
-                connect=0.25,
+                connect=self.settings.ziti.connect_timeout,
                 read=self.settings.ziti.read_timeout,
                 write=2.0,
                 pool=5.0,
@@ -263,7 +263,7 @@ class ZitiIdentityAuth(BaseZitiAuth):
 class ZitiManagementAPI(BaseZitiAPI):
     @property
     def base_url(self):
-        return f"{self.settings.ziti.api.management}/edge/management/v1"
+        return f"{self.settings.ziti.base_urls.management}/edge/management/v1"
 
     def services(
         self,
@@ -465,7 +465,7 @@ class ZitiManagementAPI(BaseZitiAPI):
 class ZitiClientAPI(BaseZitiAPI):
     @property
     def base_url(self):
-        return f"{self.settings.ziti.api.client}/edge/client/v1"
+        return f"{self.settings.ziti.base_urls.client}/edge/client/v1"
 
     async def enroll_identity(self, jti: str, csr_pem: str) -> dict[str, Any]:
         response = await self.httpx_client.post(

mrok/ziti/bootstrap.py

@@ -36,11 +36,6 @@ async def bootstrap_identity(
         logger.info("Deleted existing identity")
         existing_identity = None
 
-    if forced and config_type:
-        await mgmt_api.delete_config_type(config_type["id"])
-        logger.info(f"Deleted existing config type '{config_type_name}' ({config_type['id']})")
-        config_type = None
-
     if existing_identity:
         frontend_id = existing_identity["id"]
         logger.info(f"Identity '{identity_name}' ({frontend_id}) is already enrolled")

mrok/ziti/identities.py

@@ -41,7 +41,8 @@ async def register_identity(
         raise ServiceNotFoundError(f"A service with name `{service_external_id}` does not exists.")
 
     identity_name = identity_external_id.lower()
-    service_policy_name = f"{identity_name}:bind"
+    router_policy_name = f"{identity_external_id.lower()}.{service_name}"
+    service_policy_name = f"{identity_external_id.lower()}.{service_name}:bind"
     self_service_policy_name = f"self.{service_policy_name}"
 
     identity = await mgmt_api.search_identity(identity_name)
@@ -52,7 +53,7 @@ async def register_identity(
         service_policy = await mgmt_api.search_service_policy(self_service_policy_name)
         if service_policy:
             await mgmt_api.delete_service_policy(service_policy["id"])
-        router_policy = await mgmt_api.search_router_policy(identity_name)
+        router_policy = await mgmt_api.search_router_policy(router_policy_name)
         if router_policy:
             await mgmt_api.delete_router_policy(router_policy["id"])
         await mgmt_api.delete_identity(identity["id"])
@@ -66,10 +67,9 @@ async def register_identity(
         identity_id,
         identity,
         mrok={
-            "identity": identity_name,
-            "extension": service_external_id,
-            "instance": identity_external_id,
-            "domain": settings.proxy.domain,
+            "extension": service_name,
+            "instance": identity_name,
+            "domain": settings.frontend.domain,
             "tags": identity_tags,
         },
     )
@@ -84,7 +84,7 @@ async def register_identity(
         self_service["id"],
         identity_id,
     )
-    await mgmt_api.create_router_policy(identity_name, identity_id)
+    await mgmt_api.create_router_policy(router_policy_name, identity_id)
 
     return identity, identity_json
 
@@ -100,8 +100,9 @@ async def unregister_identity(
     if not service:
         raise ServiceNotFoundError(f"A service with name `{service_external_id}` does not exists.")
 
-    identity_name = f"{identity_external_id.lower()}.{service_name}"
-    service_policy_name = f"{identity_name}:bind"
+    identity_name = identity_external_id.lower()
+    router_policy_name = f"{identity_external_id.lower()}.{service_name}"
+    service_policy_name = f"{identity_external_id.lower()}.{service_name}:bind"
 
     identity = await mgmt_api.search_identity(identity_name)
     if not identity:
@@ -120,7 +121,7 @@ async def unregister_identity(
     service_policy = await mgmt_api.search_service_policy(service_policy_name)
     if service_policy:
         await mgmt_api.delete_service_policy(service_policy["id"])
-    router_policy = await mgmt_api.search_router_policy(identity_name)
+    router_policy = await mgmt_api.search_router_policy(router_policy_name)
     if router_policy:
         await mgmt_api.delete_router_policy(router_policy["id"])
     await mgmt_api.delete_identity(identity["id"])

mrok/ziti/services.py

@@ -19,15 +19,15 @@ async def register_service(
 ) -> dict[str, Any]:
     service_name = external_id.lower()
     registered = False
-    proxy_identity = await mgmt_api.search_identity(settings.proxy.identity)
+    proxy_identity = await mgmt_api.search_identity(settings.frontend.identity)
     if not proxy_identity:
         raise ProxyIdentityNotFoundError(
-            f"Identity for proxy `{settings.proxy.identity}` not found.",
+            f"Identity for proxy `{settings.frontend.identity}` not found.",
         )
 
-    config_type = await mgmt_api.search_config_type(f"{settings.proxy.mode}.proxy.v1")
+    config_type = await mgmt_api.search_config_type(f"{settings.frontend.mode}.proxy.v1")
     if not config_type:
-        raise ConfigTypeNotFoundError(f"Config type `{settings.proxy.mode}.proxy.v1` not found.")
+        raise ConfigTypeNotFoundError(f"Config type `{settings.frontend.mode}.proxy.v1` not found.")
 
     config = await mgmt_api.search_config(service_name)
     if not config:
@@ -43,7 +43,7 @@ async def register_service(
     else:
         service_id = service["id"]
     proxy_identity_id = proxy_identity["id"]
-    service_policy_name = f"{service_name}:{settings.proxy.identity}:dial"
+    service_policy_name = f"{service_name}:{settings.frontend.identity}:dial"
     dial_service_policy = await mgmt_api.search_service_policy(service_policy_name)
     if not dial_service_policy:
         await mgmt_api.create_dial_service_policy(
@@ -75,7 +75,7 @@ async def unregister_service(
     if router_policy:
         await mgmt_api.delete_service_router_policy(router_policy["id"])
 
-    service_policy_name = f"{service_name}:{settings.proxy.identity}:dial"
+    service_policy_name = f"{service_name}:{settings.frontend.identity}:dial"
 
     dial_service_policy = await mgmt_api.search_service_policy(service_policy_name)
     if dial_service_policy:

{mrok-0.6.0.dist-info → mrok-0.8.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mrok
-Version: 0.6.0
+Version: 0.8.0
 Summary: MPT Extensions OpenZiti Orchestrator
 Author: SoftwareOne AG
 License:                                  Apache License
@@ -214,6 +214,7 @@ Requires-Dist: fastapi[standard]<0.120.0,>=0.119.0
 Requires-Dist: gunicorn<24.0.0,>=23.0.0
 Requires-Dist: hdrhistogram<0.11.0,>=0.10.3
 Requires-Dist: httpcore<2.0.0,>=1.0.9
+Requires-Dist: multipart<2.0.0,>=1.3.0
 Requires-Dist: openziti<2.0.0,>=1.3.1
 Requires-Dist: psutil<8.0.0,>=7.1.3
 Requires-Dist: pydantic<3.0.0,>=2.11.7
@@ -223,8 +224,8 @@ Requires-Dist: pyyaml<7.0.0,>=6.0.2
 Requires-Dist: pyzmq<28.0.0,>=27.1.0
 Requires-Dist: rich<15.0.0,>=14.1.0
 Requires-Dist: textual-serve<2.0.0,>=1.1.3
-Requires-Dist: textual<7.0.0,>=6.5.0
-Requires-Dist: typer<0.20.0,>=0.19.2
+Requires-Dist: textual[syntax]<8.0.0,>=7.2.0
+Requires-Dist: typer<1.0.0,>=0.21.1
 Requires-Dist: uvicorn-worker<0.5.0,>=0.4.0
 Description-Content-Type: text/markdown
 
@@ -240,6 +241,7 @@ It uses the [OpenZiti](https://openziti.io) zero-trust network overlay to create
 - **Agent** – Runs alongside an extension in two modes:
   - *Sidecar mode*: proxies traffic between the Ziti network and a local TCP or Unix socket.
   - *Embeddable mode*: integrates with ASGI servers (e.g. Uvicorn) to serve a Python application directly.
+- **Frontend** - Proxies internet request to a specific extension through the OpenZiti network.
 - **CLI** – A command-line tool for administrative tasks and for running the agent in either mode.
 
 ## Key Features
@@ -247,5 +249,9 @@ It uses the [OpenZiti](https://openziti.io) zero-trust network overlay to create
 - Zero-trust networking with automatic balancing across Extension instances.
 - Simple API and CLI for managing services and identities.
 
+## Development
+The included docker compose starts a local Ziti Network (controller + router) and mrok (controller and frontend).
+
+
 ## License
 [Apache 2.0](LICENSE)

{mrok-0.6.0.dist-info → mrok-0.8.0.dist-info}/RECORD

@@ -1,54 +1,57 @@
 mrok/__init__.py,sha256=D1PUs3KtMCqG4bFLceVNG62L3RN53NS95uSCNXpgvzs,181
-mrok/conf.py,sha256=_5Z-A5LyojQeY8J7W8C0QidsmrPl99r9qKYEoMf4kcI,840
-mrok/constants.py,sha256=UTGYqs3DgEd_SN-k0JK10ekmHVWQaaARtdh1Y-0JG_s,122
+mrok/conf.py,sha256=5AgRgwE_Yq0Dv7xDv0SWakhPSr3nnUNjIIgnn0Zgf9c,1057
+mrok/constants.py,sha256=QXaMw4LuHijj_TUTCsM5uUjpgT04HBvd0wRbjvn1z9A,449
 mrok/errors.py,sha256=ruNMDFr2_0ezCGXuCG1OswCEv-bHOIzMMd02J_0ABcs,37
-mrok/logging.py,sha256=ZMWn0w4fJ-F_g-L37H_GM14BSXAIF2mFF_ougX5S7mg,2856
+mrok/logging.py,sha256=PS_x0uAQDsIPF_tbF11fIyijwLS03DQwJzzUHMdVdnE,3000
 mrok/agent/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 mrok/agent/ziticorn.py,sha256=eHUYs9QaSp35rBzYHRV-SrYxF5ySyECaQg7U-XbdINE,1025
 mrok/agent/devtools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-mrok/agent/devtools/__main__.py,sha256=R8ezbW7hCik5r45U3w2TgiTubg9SlbVsWA-bapILJXU,781
 mrok/agent/devtools/inspector/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-mrok/agent/devtools/inspector/__main__.py,sha256=HeYcRf1bjXPji2LKMPCcTU61afrRH2P1RqnFmHClRTc,524
-mrok/agent/devtools/inspector/app.py,sha256=rmfm0GVz_iZ_tqne6E966D2He5QVprO2g7PHFrnjG0U,16484
+mrok/agent/devtools/inspector/__main__.py,sha256=vof04S9fwiU8lGjt7YiM6O9YOXEW_lT1AxGoXyF4bg8,97
+mrok/agent/devtools/inspector/app.py,sha256=TxBBIy8lXHj6h8KmQHCeLiIM2QqMzMsCpSWFjH8cGu4,25636
 mrok/agent/devtools/inspector/server.py,sha256=C4uD6_1psSHMjJLUDCMPGvKdQYKaEwYTw27NAbwuuA0,636
+mrok/agent/devtools/inspector/utils.py,sha256=K-_4rTyB54Y0faEIGgutMEHGyP1W7eOhbcuUKxNnsYA,4261
 mrok/agent/sidecar/__init__.py,sha256=DrjJGhqFyxsVODW06KI20Wpr6HsD2lD6qFCKUXc7GIE,59
 mrok/agent/sidecar/app.py,sha256=sPQqjnwETRQk0cj8hAxSVUDCkYqsVZCS6ixEqkcGY5A,2534
 mrok/agent/sidecar/main.py,sha256=jeJzrCbltfXOYsKSCjcw8h5lxh4_bGT87kCC5dV4kYU,2190
 mrok/cli/__init__.py,sha256=mtFEa8IeS1x6Gm4dUYoSnAxyEzNqbUVSmWxtuZUMR84,61
-mrok/cli/main.py,sha256=DFcYPwDskXi8SKAgEsuP4GMFzaniIf_6bZaSDWvYKDk,2724
+mrok/cli/main.py,sha256=T029FYxK_jDrwiA14oX-Onoqp_X14XHRAA_4bbaOgV8,3123
 mrok/cli/rich.py,sha256=P3Dyu8EArUR9_0j7DPK7LRx85TWdYdZ1SaJzD_S1ZCE,511
-mrok/cli/utils.py,sha256=m_olScdIUGks5IoC6p2F9D6CQIucWZ7LHyrvwm2bkJw,106
+mrok/cli/utils.py,sha256=FXqyNef0cRFy_d-63ZY-kT3uqmDOK3USSNgBSZyKXIE,831
 mrok/cli/commands/__init__.py,sha256=-UOGzh38oWX7fPeI2nc5I9z8LylRdQAt868q4G6rNGk,140
 mrok/cli/commands/admin/__init__.py,sha256=WU49jpMF9p18UONjYywWEFzjF57zLpLKJ0qAZvrzcR4,414
-mrok/cli/commands/admin/bootstrap.py,sha256=9ADSeiVbFAZXh6GxHEf9h2g_XHGOIlMmg1rgsxMfdow,1699
+mrok/cli/commands/admin/bootstrap.py,sha256=McIGngjpRQSsI2CqW_LBTF1lBeGXvTbbt31jYS35xIY,1705
 mrok/cli/commands/admin/utils.py,sha256=Z7YTAFZKOi6nkw2oX4rJoGoUD41RYL3AOqEDhlV3jR0,1357
 mrok/cli/commands/admin/list/__init__.py,sha256=kjCMcpn1gopcrQaaHxfFh8Kyngldepnle8R2br5dJ_0,195
 mrok/cli/commands/admin/list/extensions.py,sha256=16fhDB5ucL8su2WQnSaQ1E6MhgC4vkP9-nuHAcPpzyE,4405
 mrok/cli/commands/admin/list/instances.py,sha256=kaqeyidwUxgYqfaHXqp2m76rm5h2ErBsYyZcNeaBRwY,5912
 mrok/cli/commands/admin/register/__init__.py,sha256=5Jb_bc2L47MEpQIrOcquzduTFWQ01Jd1U1MpqaR-Ekw,209
-mrok/cli/commands/admin/register/extensions.py,sha256=dxciVA_S31rZSm0A7lkecn2mI9TMlWDhcJTgwgNXbM4,1460
-mrok/cli/commands/admin/register/instances.py,sha256=raF57jPUTryWdvNqGCosth1C-8jjv9IbA0UuNbDel3A,2220
+mrok/cli/commands/admin/register/extensions.py,sha256=3ooHR-zfFImtqAZ-06kS0555v9gQLQ1G5-ARe_mJ9e4,1353
+mrok/cli/commands/admin/register/instances.py,sha256=KjyLJX1mSXK-6ZmkW9I4PJFYNfgsOyAmJWh92XxSkYg,1982
 mrok/cli/commands/admin/unregister/__init__.py,sha256=-GjjCPX1pISbWmJK6GpKO3ijGsDQb21URjU1hNu99O4,215
-mrok/cli/commands/admin/unregister/extensions.py,sha256=GR3Iwzeksk_R0GkgmCSG7iHRcUrI7ABqDi25Gbes64Y,1016
-mrok/cli/commands/admin/unregister/instances.py,sha256=-28wL8pTXTWHVHtw93y8-dqi-Dlf0OZOnlBCKOyGo80,1138
+mrok/cli/commands/admin/unregister/extensions.py,sha256=xL2yX0kn8dhitQL7NcLTn83bbPZfgPJNzHjZAdiP8yM,891
+mrok/cli/commands/admin/unregister/instances.py,sha256=sLBfBhHDgR7Qw5Zc-EVOSuQUgfLMgh7cFnOP-73iM70,1167
 mrok/cli/commands/agent/__init__.py,sha256=ZAi7eTkKQtfwwV1c1mv3uvEEsyMMrhCQ_-id_0wksAQ,218
-mrok/cli/commands/agent/utils.py,sha256=m_olScdIUGks5IoC6p2F9D6CQIucWZ7LHyrvwm2bkJw,106
 mrok/cli/commands/agent/dev/__init__.py,sha256=ZfreyRuaLqO0AwPS8Ll1DIpsKacsu7_dTmbxV5QecOM,172
 mrok/cli/commands/agent/dev/console.py,sha256=rrKAGoKXVQQBOC75H0JSuX1sYyvc2QSrV-dfMPK49p4,673
 mrok/cli/commands/agent/dev/web.py,sha256=O9dYk-o1FV2E_sKLOezdEmLsnexwbJNDdsYL5pATZRQ,1028
 mrok/cli/commands/agent/run/__init__.py,sha256=E_IJCl3BfMffqFASe8gzJwhhQgt5bQfjhuyekVwdEBA,164
-mrok/cli/commands/agent/run/asgi.py,sha256=dCgzwJtTLv2eyEIP7v1tDfe_PrFBS02SfN5dSDw1Jzg,2054
+mrok/cli/commands/agent/run/asgi.py,sha256=FzM3suWJPRqQ08SoDrF9mLfjiBJ6huSbfP3wkTbh3Uo,2054
 mrok/cli/commands/agent/run/sidecar.py,sha256=UOewegTLFwAZ70VFJb6_9kV0LmsvnXuq-yqgrMlTeZo,4182
 mrok/cli/commands/controller/__init__.py,sha256=2xw-YVN0akiLiuGUU3XbYyZZ0ugOjQ6XhtTkzEKSmMA,161
 mrok/cli/commands/controller/openapi.py,sha256=QLjVao9UkB2vBaGkFi_q_jrlg4Np4ldMRwDIJsrJ7A8,1175
 mrok/cli/commands/controller/run.py,sha256=yl1p7oRHhQINWWjUKlRHtMIWUCV0KsxYdyVyazhX834,2406
 mrok/cli/commands/frontend/__init__.py,sha256=0kK37yG6qs7yAa8TYlKZUA-nHrWsO4y5CjbVkXafnuk,123
-mrok/cli/commands/frontend/run.py,sha256=_X1ylMe4-YCTghsu0XY-PB4nk3PL-PQq9YIgbkgJok8,2796
+mrok/cli/commands/frontend/run.py,sha256=E6vJC9LprGyPetGLfyfJm8GDemEIRVnqetao4V3W9Kk,2796
 mrok/controller/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-mrok/controller/app.py,sha256=XxCIB7N1YE52vSYfvGW2UPgEEOZ9jxDMe2l9D2SfXi8,1866
-mrok/controller/auth.py,sha256=hYa0OPJ5X0beGxRP6qbxwJOVXj5TmzHjmam2OjTBKn4,2704
+mrok/controller/app.py,sha256=JgyfEFbQeGLpHCrjFKQjdP8TRfV4YVec7Re8i0P4FE8,2040
 mrok/controller/pagination.py,sha256=raYpYa34q8Ckl4BXBOEdpWlKkFj6z7e6QLWr2HT7dzI,2187
 mrok/controller/schemas.py,sha256=PZPEsSJNrGSuplfjCPF_E-VJ721AzgR1Jj8P-Shw1cg,1699
+mrok/controller/auth/__init__.py,sha256=st0q-NHQEQwYlvLEnQdonMVsDmczeL5cS4hkVK7NT6s,412
+mrok/controller/auth/backends.py,sha256=xwiF7qFHh5okhqbTld4P2jSnFkSPZlGR4gfQu598Xrg,2288
+mrok/controller/auth/base.py,sha256=NWEVtc9Y8I56NnyYrBiNzxHZxFSzVEbmkMY2u6RCANs,1131
+mrok/controller/auth/manager.py,sha256=VQwov4UiAOXHBl_a9oPG90_QKRMNz2tWONF3JFR5RmM,1118
+mrok/controller/auth/registry.py,sha256=VmwPPI6E2-oyB2MZDkK_G39EaAeU3Uq-b14GGKz1E-A,485
 mrok/controller/dependencies/__init__.py,sha256=voewk6gjkA0OarL6HFmfT_RLqBns0Fpl-VIqK5xVAEI,202
 mrok/controller/dependencies/conf.py,sha256=2Pa8fxJHkZ29q6UL-w6hUP_wr7WnNELfw5LlzWg1Tec,162
 mrok/controller/dependencies/ziti.py,sha256=fYoxeJb4s6p2_3gxbExbFSRabjpvp_gZMBb3ocXZV3Y,702
@@ -59,36 +62,36 @@ mrok/controller/routes/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3
 mrok/controller/routes/extensions.py,sha256=zoY4sNz_BIZcbly6WXM7Rbpn2jmB89njS_0xdJkoKfs,9192
 mrok/controller/routes/instances.py,sha256=v-fn_F6JHbDZ4YUNCIZzClgHp6aC1Eu5HB7k7qBG5pk,2202
 mrok/frontend/__init__.py,sha256=SN3LoFwAye18lfJ8OKNNS-7kLc2A9OxPGIEIEYYtAOA,54
-mrok/frontend/app.py,sha256=I2cvEI2ZGhbeazFhF6LavxBYywsv-4QkuNxCDo6-dkA,2627
-mrok/frontend/main.py,sha256=0KtchIGLn70A_Oxekmhr_qSYUg5QqIMfrdYcyFdpj9s,1717
+mrok/frontend/app.py,sha256=_FLz5fqZdlFc1tdBBMwhmvjGa0UnNeaNj6EnYEnuPAQ,5280
+mrok/frontend/main.py,sha256=zvfCh7NDx-mkpN-ppM2AqWmgKn1cBrNOCky8UgjLou4,1833
+mrok/frontend/middleware.py,sha256=xTXt5gYikr9RCXaI4uVKgxFhlH49RNY3MD3eZPcX9cc,1161
+mrok/frontend/utils.py,sha256=Oh987pCpg7ZIIIpRWcpX7Nrh8FGbJ4cH4ciiG1xRoQI,2120
 mrok/proxy/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-mrok/proxy/app.py,sha256=flnVPoUO3pSF3b0nYFBhKjZ9jp5ljijo2a-5e37gACs,6016
+mrok/proxy/app.py,sha256=HU-YRKA3ijY2AW9v-NwfUnbSgdI-XqsnkQ90TocZ1Ts,6257
 mrok/proxy/asgi.py,sha256=2uw5bLquyUsiYlNwq8RhJd8OqVvSJDvYjzOVGLLB3Cs,3528
 mrok/proxy/backend.py,sha256=dRmIUJin2DM3PUxrVX0j4t1oB6DOX7N9JV2lIcopE38,1649
-mrok/proxy/constants.py,sha256=ao5gI2HFBWmrdd2Yc6XFK_RGaHk-omxI4AqvfIiGes8,409
 mrok/proxy/event_publisher.py,sha256=TAuwEqIhRYxgazJFgC3DekwUAXlJ2UFjbdx_A9vwA1g,2511
 mrok/proxy/exceptions.py,sha256=61OhdihQNdnBUqAI9mbBkXD1yWg-6Eftk7EhWCU1VF0,642
 mrok/proxy/master.py,sha256=HB2q_nPLim23z0mGDGKs_RshhGVAO8VgOYP4hA__zC4,6891
 mrok/proxy/metrics.py,sha256=Sg2aIiaj9fzkyu190YCsJvNn5P-XLun3BcvuVBsdWbA,3640
-mrok/proxy/middleware.py,sha256=St8r2hY5vfn4q5FtuqeI85tVmSZmC6Vkbecpx_iX6SM,4455
-mrok/proxy/models.py,sha256=CA520bqexPwYUHDrkg58OXAyzBIKQSU9i-SlymU_vt0,5188
+mrok/proxy/middleware.py,sha256=So024RvtNgMliClKz4pzau2Wb6tlfZGspmHBzzEeF4U,4208
+mrok/proxy/models.py,sha256=VDou3LGDi9zCpzpOwihP4Og1oRvXl7gb2mgczf6_Z14,6029
 mrok/proxy/stream.py,sha256=7V-bSAF9uNV1yVHKaEhHo95WxafSGWkyHPVABZX0djY,2134
-mrok/proxy/utils.py,sha256=OxX6pJv_Wh_KgWx95YeJ3YeuSgwm2tsd00897P3fxys,2126
 mrok/proxy/worker.py,sha256=uEUC2Hbx0YQiDMFNZfwkHMDnijN96b6iRoIErfI21Tg,1921
-mrok/proxy/ziticorn.py,sha256=YwbyNUK-TL3dANntM6gtlP9Su39QvDCC0dSbuZisXIo,2873
+mrok/proxy/ziticorn.py,sha256=qiHKIB7ZRR9S9f-zXTxkzBWW3qlP9CqPOc0QQr-lgvc,2437
 mrok/types/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 mrok/types/proxy.py,sha256=40Yds4tUykMpzsoQbMtHG85r8xtm5Q3fQZ17bp7cDiM,818
 mrok/types/ziti.py,sha256=EeQnTbDEJ-Y-KMS6zu1Xjxb58Up2VxUwqzUwy3H28JY,36
 mrok/ziti/__init__.py,sha256=20OWMiexRhOovZOX19zlX87-V78QyWnEnSZfyAftUdE,263
-mrok/ziti/api.py,sha256=ikl3l446Gu-YZuJJFRHFSBpKhh5KJxmk-Jr4YbSrqbk,16072
-mrok/ziti/bootstrap.py,sha256=PRZlYDtcGbix-1bQDuJ4wX4dy845VAx9SFPotc4BCeg,2715
+mrok/ziti/api.py,sha256=Z6Hs17-UaKtcRc6uMowhvQW5fbyW6wFr-7lAvI3aZm0,16125
+mrok/ziti/bootstrap.py,sha256=RSL8nZfI-MZ_z6h0F-rNevQoE6g9oGKLr6HlZF696_c,2499
 mrok/ziti/constants.py,sha256=Urq1X3bCBQZfw8NbnEa1pqmY4oq1wmzkwPfzam3kbTw,339
 mrok/ziti/errors.py,sha256=yYCbVDwktnR0AYduqtynIjo73K3HOhIrwA_vQimvEd4,368
-mrok/ziti/identities.py,sha256=9BIBQOirvcdAkRFNqZPTOkC8kvDQbq6EgaQMq22NQsQ,6730
+mrok/ziti/identities.py,sha256=cOMv-Jv8MEjtzyjRcWOF8Ziz4HJY2Z-uHXWpZRqgPxs,6883
 mrok/ziti/pki.py,sha256=o2tySqHC8-7bvFuI2Tqxg9vX6H6ZSxWxfP_9x29e19M,1954
-mrok/ziti/services.py,sha256=TukG0vAZxgjbS8OLiyg7u1GwuVeGTco-rb9ne6a4PUA,3213
-mrok-0.6.0.dist-info/METADATA,sha256=0z3llP3xsGv5I-CZANA3tA9rhqNQ9sgH2j2sdLX5z7A,15705
-mrok-0.6.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-mrok-0.6.0.dist-info/entry_points.txt,sha256=tloXwvU1uJicBJR2h-8HoVclPgwJWDwuREMHN8Zq-nU,38
-mrok-0.6.0.dist-info/licenses/LICENSE.txt,sha256=6PaICaoA3yNsZKLv5G6OKqSfLSoX7MakYqTDgJoTCBs,11346
-mrok-0.6.0.dist-info/RECORD,,
+mrok/ziti/services.py,sha256=P2c9qRUyUFu1pSKPdT8L6s3yTKYVpTabRiHPWqbBIiU,3231
+mrok-0.8.0.dist-info/METADATA,sha256=SmmFB0ZpkWORFIvUKENkpOszVnFjgqVZS6p7rbPyIwc,15978
+mrok-0.8.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+mrok-0.8.0.dist-info/entry_points.txt,sha256=tloXwvU1uJicBJR2h-8HoVclPgwJWDwuREMHN8Zq-nU,38
+mrok-0.8.0.dist-info/licenses/LICENSE.txt,sha256=6PaICaoA3yNsZKLv5G6OKqSfLSoX7MakYqTDgJoTCBs,11346
+mrok-0.8.0.dist-info/RECORD,,

mrok/agent/devtools/__main__.py

@@ -1,34 +0,0 @@
-#!/usr/bin/env python3
-"""mrok agent devtools CLI entrypoint.
-
-Provides a small CLI that accepts an optional subscriber port and
-invokes the `run` function with that port.
-"""
-
-import argparse
-from typing import Any
-
-
-def run(port: int) -> None:
-    """Run the devtools agent using the given subscriber port.
-
-    This is a stub for the runtime function. Implementation goes here.
-    """
-    pass
-
-
-def main(argv: Any = None) -> None:
-    parser = argparse.ArgumentParser(description="mrok devtools agent")
-    parser.add_argument(
-        "-p",
-        "--subscriber-port",
-        type=int,
-        default=50001,
-        help="Port for subscriber (default: 50001)",
-    )
-    args = parser.parse_args(argv)
-    run(args.subscriber_port)
-
-
-if __name__ == "__main__":
-    main()

mrok/cli/commands/agent/utils.py

@@ -1,5 +0,0 @@
-import multiprocessing
-
-
-def number_of_workers() -> int:
-    return (multiprocessing.cpu_count() * 2) + 1

mrok/controller/auth.py

@@ -1,87 +0,0 @@
-import logging
-from typing import Annotated
-
-import httpx
-import jwt
-from fastapi import Depends, HTTPException, Request, status
-from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
-
-from mrok.controller.dependencies.conf import AppSettings
-
-logger = logging.getLogger("mrok.controller")
-
-UNAUTHORIZED_EXCEPTION = HTTPException(
-    status_code=status.HTTP_401_UNAUTHORIZED, detail="Unauthorized."
-)
-
-
-class JWTCredentials(HTTPAuthorizationCredentials):
-    pass
-
-
-class JWTBearer(HTTPBearer):
-    def __init__(self):
-        super().__init__(auto_error=False)
-
-    async def __call__(self, request: Request) -> JWTCredentials:
-        credentials = await super().__call__(request)
-        if not credentials:
-            raise UNAUTHORIZED_EXCEPTION
-        try:
-            return JWTCredentials(
-                scheme=credentials.scheme,
-                credentials=credentials.credentials,
-            )
-        except jwt.InvalidTokenError:
-            raise UNAUTHORIZED_EXCEPTION
-
-
-async def authenticate(
-    settings: AppSettings,
-    credentials: Annotated[JWTCredentials, Depends(JWTBearer())],
-):
-    async with httpx.AsyncClient(
-        timeout=httpx.Timeout(
-            connect=0.25,
-            read=settings.auth.read_timeout,
-            write=2.0,
-            pool=5.0,
-        ),
-    ) as client:
-        try:
-            config_resp = await client.get(settings.auth.openid_config_url)
-            config_resp.raise_for_status()
-            config = config_resp.json()
-            issuer = config["issuer"]
-            jwks_uri = config["jwks_uri"]
-
-            jwks_resp = await client.get(jwks_uri)
-            jwks_resp.raise_for_status()
-            jwks = jwks_resp.json()
-
-            header = jwt.get_unverified_header(credentials.credentials)
-            kid = header["kid"]
-
-            key_data = next((k for k in jwks["keys"] if k["kid"] == kid), None)
-        except Exception:
-            logger.exception("Error fetching openid-config/jwks")
-            raise UNAUTHORIZED_EXCEPTION
-    if key_data is None:
-        logger.error("Key ID not found in JWKS")
-        raise UNAUTHORIZED_EXCEPTION
-
-    try:
-        payload = jwt.decode(
-            credentials.credentials,
-            jwt.PyJWK(key_data),
-            algorithms=[header["alg"]],
-            issuer=issuer,
-            audience=settings.auth.audience,
-        )
-        return payload
-    except jwt.InvalidKeyError as e:
-        logger.error(f"Invalid jwt token: {e} ({credentials.credentials})")
-        raise UNAUTHORIZED_EXCEPTION
-    except jwt.InvalidTokenError as e:
-        logger.error(f"Invalid jwt token: {e} ({credentials.credentials})")
-        raise UNAUTHORIZED_EXCEPTION

mrok/proxy/constants.py

@@ -1,22 +0,0 @@
-MAX_REQUEST_BODY_BYTES = 2 * 1024 * 1024
-MAX_RESPONSE_BODY_BYTES = 5 * 1024 * 1024
-
-BINARY_CONTENT_TYPES = {
-    "application/octet-stream",
-    "application/pdf",
-}
-
-BINARY_PREFIXES = (
-    "image/",
-    "video/",
-    "audio/",
-)
-
-TEXTUAL_CONTENT_TYPES = {
-    "application/json",
-    "application/xml",
-    "application/javascript",
-    "application/x-www-form-urlencoded",
-}
-
-TEXTUAL_PREFIXES = ("text/",)

mrok/proxy/utils.py

@@ -1,90 +0,0 @@
-from collections.abc import Mapping
-
-from mrok.proxy.constants import (
-    BINARY_CONTENT_TYPES,
-    BINARY_PREFIXES,
-    MAX_REQUEST_BODY_BYTES,
-    MAX_RESPONSE_BODY_BYTES,
-    TEXTUAL_CONTENT_TYPES,
-    TEXTUAL_PREFIXES,
-)
-
-
-def is_binary(content_type: str) -> bool:
-    ct = content_type.lower()
-    if ct in BINARY_CONTENT_TYPES:
-        return True
-    if any(ct.startswith(p) for p in BINARY_PREFIXES):
-        return True
-    return False
-
-
-def is_textual(content_type: str) -> bool:
-    ct = content_type.lower()
-    if ct in TEXTUAL_CONTENT_TYPES:
-        return True
-    if any(ct.startswith(p) for p in TEXTUAL_PREFIXES):
-        return True
-    return False
-
-
-def must_capture_request(
-    method: str,
-    headers: Mapping,
-) -> bool:
-    method = method.upper()
-
-    # No body expected
-    if method in ("GET", "HEAD", "OPTIONS", "TRACE"):
-        return False
-
-    content_type = headers.get("content-type", "").lower()
-
-    content_length = None
-    if "content-length" in headers:
-        content_length = int(headers["content-length"])
-
-    if is_binary(content_type):
-        return False
-
-    if content_type.startswith("multipart/form-data"):
-        return False
-
-    if content_length is not None and content_length > MAX_REQUEST_BODY_BYTES:
-        return False
-
-    if is_textual(content_type):
-        return True
-
-    if content_length is None:
-        return True
-
-    return content_length <= MAX_REQUEST_BODY_BYTES
-
-
-def must_capture_response(
-    headers: Mapping,
-) -> bool:
-    content_type = headers.get("content-type", "").lower()
-    disposition = headers.get("content-disposition", "").lower()
-
-    content_length = None
-    if "content-length" in headers:
-        content_length = int(headers["content-length"])
-
-    if "attachment" in disposition:
-        return False
-
-    if is_binary(content_type):
-        return False
-
-    if content_length is not None and content_length > MAX_RESPONSE_BODY_BYTES:
-        return False
-
-    if is_textual(content_type):
-        return True
-
-    if content_length is None:
-        return True
-
-    return content_length <= MAX_RESPONSE_BODY_BYTES