nextpolicyagent 1.0.0__tar.gz

nextpolicyagent-1.0.0/.dockerignore

@@ -0,0 +1,47 @@
+# Git
+.git
+.gitignore
+
+# Python
+__pycache__
+*.pyc
+*.pyo
+*.egg-info
+dist/
+build/
+.eggs/
+*.egg
+
+# Virtual environments
+.venv
+venv
+env
+
+# IDE
+.vscode
+.idea
+*.swp
+*.swo
+
+# Tests & dev
+.pytest_cache
+.mypy_cache
+.ruff_cache
+.coverage
+htmlcov/
+test_*.py
+_test_*.py
+
+# OS
+Thumbs.db
+.DS_Store
+
+# OPA reference (not needed in container)
+../OPA
+../certs
+
+# Docs (optional, keep README)
+Documentation/
+*.md
+!README.md
+!examples/README.md

nextpolicyagent-1.0.0/.github/workflows/publish.yml

@@ -0,0 +1,64 @@
+name: Publish to PyPI
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build distribution
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - name: Install build tools
+        run: pip install build
+      - name: Build package
+        run: python -m build
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+  test:
+    name: Test package
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - name: Download artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+      - name: Install package from wheel
+        run: pip install dist/*.whl
+      - name: Verify CLI entry point
+        run: npa --help
+      - name: Verify import
+        run: python -c "import npa; print(npa.__version__)"
+
+  publish-pypi:
+    name: Publish to PyPI
+    needs: test
+    runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      id-token: write
+    steps:
+      - name: Download artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

nextpolicyagent-1.0.0/.gitignore

@@ -0,0 +1,44 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.egg-info/
+dist/
+build/
+*.egg
+
+# Virtual environments
+.venv/
+venv/
+env/
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# OS
+Thumbs.db
+.DS_Store
+
+# Logs
+*.log
+npa.log
+
+# PID files
+*.pid
+npa.pid
+
+# Backups
+*.bak
+
+# Certs (sensitive)
+certs/
+
+# pytest
+.pytest_cache/
+
+# Coverage
+htmlcov/
+.coverage

nextpolicyagent-1.0.0/Dockerfile

@@ -0,0 +1,81 @@
+# ──────────────────────────────────────────────────────────
+# NPA – Next Policy Agent  |  Fedora-based Container
+# ──────────────────────────────────────────────────────────
+# Multi-stage build:
+#   1) builder  – install deps in venv
+#   2) runtime  – lean Fedora image with only what's needed
+#
+# Build:
+#   docker build -t npa .
+#
+# Run:
+#   docker run -p 8443:8443 npa
+#   docker run -p 8443:8443 -v ./policies:/policies -v ./data:/data npa
+#   docker compose up
+# ──────────────────────────────────────────────────────────
+
+# ── Stage 1: Builder ─────────────────────────────────────
+FROM registry.fedoraproject.org/fedora:41 AS builder
+
+RUN dnf install -y python3 python3-pip python3-devel gcc && \
+    dnf clean all
+
+WORKDIR /build
+
+# Install dependencies first (layer caching)
+COPY pyproject.toml README.md ./
+RUN python3 -m venv /opt/npa-venv && \
+    /opt/npa-venv/bin/pip install --no-cache-dir --upgrade pip && \
+    /opt/npa-venv/bin/pip install --no-cache-dir .
+
+# Copy source and reinstall with actual code
+COPY npa/ ./npa/
+RUN /opt/npa-venv/bin/pip install --no-cache-dir .
+
+
+# ── Stage 2: Runtime ─────────────────────────────────────
+FROM registry.fedoraproject.org/fedora:41
+
+LABEL maintainer="NPA Team" \
+      description="Next Policy Agent – OPA-compatible policy engine" \
+      org.opencontainers.image.source="https://github.com/BLS-ISP/NextPolicyAgent"
+
+# Minimal runtime deps only
+RUN dnf install -y python3 && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf
+
+# Copy venv from builder
+COPY --from=builder /opt/npa-venv /opt/npa-venv
+
+# Add venv to PATH
+ENV PATH="/opt/npa-venv/bin:$PATH" \
+    PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1
+
+# Create non-root user
+RUN useradd --system --create-home --shell /usr/sbin/nologin npa
+
+# Create directories for policies, data, bundles and certs
+RUN mkdir -p /policies /data /bundles /certs && \
+    chown -R npa:npa /policies /data /bundles /certs
+
+# Copy examples
+COPY --chown=npa:npa examples/ /examples/
+
+WORKDIR /home/npa
+
+# Switch to non-root user
+USER npa
+
+# NPA default port (HTTPS)
+EXPOSE 8443
+
+# Health check via the health endpoint
+HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
+    CMD python3 -c "import urllib.request, ssl; ctx=ssl.create_default_context(); ctx.check_hostname=False; ctx.verify_mode=ssl.CERT_NONE; urllib.request.urlopen('https://localhost:8443/health', context=ctx)" || exit 1
+
+# Default: start NPA server with auto-generated self-signed TLS cert
+# Override with environment variables or mount config/certs
+ENTRYPOINT ["python3", "-m", "npa", "run"]
+CMD ["--addr", "0.0.0.0:8443", "--log-level", "info"]