omnibase_infra 0.2.6__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- omnibase_infra/__init__.py +101 -0
- omnibase_infra/adapters/adapter_onex_tool_execution.py +451 -0
- omnibase_infra/capabilities/__init__.py +15 -0
- omnibase_infra/capabilities/capability_inference_rules.py +211 -0
- omnibase_infra/capabilities/contract_capability_extractor.py +221 -0
- omnibase_infra/capabilities/intent_type_extractor.py +160 -0
- omnibase_infra/cli/__init__.py +1 -0
- omnibase_infra/cli/commands.py +216 -0
- omnibase_infra/clients/__init__.py +0 -0
- omnibase_infra/configs/widget_mapping.yaml +176 -0
- omnibase_infra/constants_topic_patterns.py +26 -0
- omnibase_infra/contracts/handlers/filesystem/handler_contract.yaml +264 -0
- omnibase_infra/contracts/handlers/mcp/handler_contract.yaml +141 -0
- omnibase_infra/decorators/__init__.py +29 -0
- omnibase_infra/decorators/allow_any.py +109 -0
- omnibase_infra/dlq/__init__.py +90 -0
- omnibase_infra/dlq/constants_dlq.py +57 -0
- omnibase_infra/dlq/models/__init__.py +26 -0
- omnibase_infra/dlq/models/enum_replay_status.py +37 -0
- omnibase_infra/dlq/models/model_dlq_replay_record.py +135 -0
- omnibase_infra/dlq/models/model_dlq_tracking_config.py +184 -0
- omnibase_infra/dlq/service_dlq_tracking.py +611 -0
- omnibase_infra/enums/__init__.py +132 -0
- omnibase_infra/enums/enum_any_type_violation.py +104 -0
- omnibase_infra/enums/enum_backend_type.py +27 -0
- omnibase_infra/enums/enum_capture_outcome.py +42 -0
- omnibase_infra/enums/enum_capture_state.py +88 -0
- omnibase_infra/enums/enum_chain_violation_type.py +119 -0
- omnibase_infra/enums/enum_circuit_state.py +51 -0
- omnibase_infra/enums/enum_confirmation_event_type.py +27 -0
- omnibase_infra/enums/enum_consumer_group_purpose.py +92 -0
- omnibase_infra/enums/enum_contract_type.py +84 -0
- omnibase_infra/enums/enum_dedupe_strategy.py +46 -0
- omnibase_infra/enums/enum_dispatch_status.py +191 -0
- omnibase_infra/enums/enum_environment.py +46 -0
- omnibase_infra/enums/enum_execution_shape_violation.py +103 -0
- omnibase_infra/enums/enum_handler_error_type.py +111 -0
- omnibase_infra/enums/enum_handler_loader_error.py +178 -0
- omnibase_infra/enums/enum_handler_source_mode.py +86 -0
- omnibase_infra/enums/enum_handler_source_type.py +87 -0
- omnibase_infra/enums/enum_handler_type.py +77 -0
- omnibase_infra/enums/enum_handler_type_category.py +61 -0
- omnibase_infra/enums/enum_infra_transport_type.py +73 -0
- omnibase_infra/enums/enum_introspection_reason.py +154 -0
- omnibase_infra/enums/enum_kafka_acks.py +99 -0
- omnibase_infra/enums/enum_message_category.py +213 -0
- omnibase_infra/enums/enum_node_archetype.py +74 -0
- omnibase_infra/enums/enum_node_output_type.py +185 -0
- omnibase_infra/enums/enum_non_retryable_error_category.py +224 -0
- omnibase_infra/enums/enum_policy_type.py +32 -0
- omnibase_infra/enums/enum_registration_state.py +261 -0
- omnibase_infra/enums/enum_registration_status.py +33 -0
- omnibase_infra/enums/enum_registry_response_status.py +28 -0
- omnibase_infra/enums/enum_response_status.py +26 -0
- omnibase_infra/enums/enum_retry_error_category.py +98 -0
- omnibase_infra/enums/enum_security_rule_id.py +103 -0
- omnibase_infra/enums/enum_selection_strategy.py +91 -0
- omnibase_infra/enums/enum_topic_standard.py +42 -0
- omnibase_infra/enums/enum_validation_severity.py +78 -0
- omnibase_infra/errors/__init__.py +160 -0
- omnibase_infra/errors/error_architecture_violation.py +152 -0
- omnibase_infra/errors/error_binding_resolution.py +128 -0
- omnibase_infra/errors/error_chain_propagation.py +188 -0
- omnibase_infra/errors/error_compute_registry.py +95 -0
- omnibase_infra/errors/error_consul.py +132 -0
- omnibase_infra/errors/error_container_wiring.py +243 -0
- omnibase_infra/errors/error_event_bus_registry.py +105 -0
- omnibase_infra/errors/error_infra.py +610 -0
- omnibase_infra/errors/error_message_type_registry.py +101 -0
- omnibase_infra/errors/error_policy_registry.py +115 -0
- omnibase_infra/errors/error_vault.py +123 -0
- omnibase_infra/event_bus/__init__.py +72 -0
- omnibase_infra/event_bus/configs/kafka_event_bus_config.yaml +84 -0
- omnibase_infra/event_bus/event_bus_inmemory.py +797 -0
- omnibase_infra/event_bus/event_bus_kafka.py +1716 -0
- omnibase_infra/event_bus/mixin_kafka_broadcast.py +180 -0
- omnibase_infra/event_bus/mixin_kafka_dlq.py +771 -0
- omnibase_infra/event_bus/models/__init__.py +29 -0
- omnibase_infra/event_bus/models/config/__init__.py +20 -0
- omnibase_infra/event_bus/models/config/model_kafka_event_bus_config.py +693 -0
- omnibase_infra/event_bus/models/model_dlq_event.py +206 -0
- omnibase_infra/event_bus/models/model_dlq_metrics.py +304 -0
- omnibase_infra/event_bus/models/model_event_headers.py +115 -0
- omnibase_infra/event_bus/models/model_event_message.py +60 -0
- omnibase_infra/event_bus/testing/__init__.py +26 -0
- omnibase_infra/event_bus/testing/adapter_protocol_event_publisher_inmemory.py +418 -0
- omnibase_infra/event_bus/testing/model_publisher_metrics.py +64 -0
- omnibase_infra/event_bus/topic_constants.py +376 -0
- omnibase_infra/handlers/__init__.py +82 -0
- omnibase_infra/handlers/filesystem/__init__.py +48 -0
- omnibase_infra/handlers/filesystem/enum_file_system_operation.py +35 -0
- omnibase_infra/handlers/filesystem/model_file_system_request.py +298 -0
- omnibase_infra/handlers/filesystem/model_file_system_result.py +166 -0
- omnibase_infra/handlers/handler_consul.py +795 -0
- omnibase_infra/handlers/handler_db.py +1046 -0
- omnibase_infra/handlers/handler_filesystem.py +1478 -0
- omnibase_infra/handlers/handler_graph.py +2015 -0
- omnibase_infra/handlers/handler_http.py +926 -0
- omnibase_infra/handlers/handler_intent.py +387 -0
- omnibase_infra/handlers/handler_manifest_persistence.contract.yaml +184 -0
- omnibase_infra/handlers/handler_manifest_persistence.py +1539 -0
- omnibase_infra/handlers/handler_mcp.py +1430 -0
- omnibase_infra/handlers/handler_qdrant.py +1076 -0
- omnibase_infra/handlers/handler_vault.py +428 -0
- omnibase_infra/handlers/mcp/__init__.py +19 -0
- omnibase_infra/handlers/mcp/adapter_onex_to_mcp.py +446 -0
- omnibase_infra/handlers/mcp/protocols.py +178 -0
- omnibase_infra/handlers/mcp/transport_streamable_http.py +352 -0
- omnibase_infra/handlers/mixins/__init__.py +47 -0
- omnibase_infra/handlers/mixins/mixin_consul_initialization.py +349 -0
- omnibase_infra/handlers/mixins/mixin_consul_kv.py +338 -0
- omnibase_infra/handlers/mixins/mixin_consul_service.py +542 -0
- omnibase_infra/handlers/mixins/mixin_consul_topic_index.py +585 -0
- omnibase_infra/handlers/mixins/mixin_vault_initialization.py +338 -0
- omnibase_infra/handlers/mixins/mixin_vault_retry.py +412 -0
- omnibase_infra/handlers/mixins/mixin_vault_secrets.py +450 -0
- omnibase_infra/handlers/mixins/mixin_vault_token.py +365 -0
- omnibase_infra/handlers/models/__init__.py +286 -0
- omnibase_infra/handlers/models/consul/__init__.py +81 -0
- omnibase_infra/handlers/models/consul/enum_consul_operation_type.py +57 -0
- omnibase_infra/handlers/models/consul/model_consul_deregister_payload.py +51 -0
- omnibase_infra/handlers/models/consul/model_consul_handler_config.py +153 -0
- omnibase_infra/handlers/models/consul/model_consul_handler_payload.py +89 -0
- omnibase_infra/handlers/models/consul/model_consul_kv_get_found_payload.py +55 -0
- omnibase_infra/handlers/models/consul/model_consul_kv_get_not_found_payload.py +49 -0
- omnibase_infra/handlers/models/consul/model_consul_kv_get_recurse_payload.py +50 -0
- omnibase_infra/handlers/models/consul/model_consul_kv_item.py +33 -0
- omnibase_infra/handlers/models/consul/model_consul_kv_put_payload.py +41 -0
- omnibase_infra/handlers/models/consul/model_consul_register_payload.py +53 -0
- omnibase_infra/handlers/models/consul/model_consul_retry_config.py +66 -0
- omnibase_infra/handlers/models/consul/model_payload_consul.py +66 -0
- omnibase_infra/handlers/models/consul/registry_payload_consul.py +214 -0
- omnibase_infra/handlers/models/graph/__init__.py +35 -0
- omnibase_infra/handlers/models/graph/enum_graph_operation_type.py +20 -0
- omnibase_infra/handlers/models/graph/model_graph_execute_payload.py +38 -0
- omnibase_infra/handlers/models/graph/model_graph_handler_config.py +54 -0
- omnibase_infra/handlers/models/graph/model_graph_handler_payload.py +44 -0
- omnibase_infra/handlers/models/graph/model_graph_query_payload.py +40 -0
- omnibase_infra/handlers/models/graph/model_graph_record.py +22 -0
- omnibase_infra/handlers/models/http/__init__.py +50 -0
- omnibase_infra/handlers/models/http/enum_http_operation_type.py +29 -0
- omnibase_infra/handlers/models/http/model_http_body_content.py +45 -0
- omnibase_infra/handlers/models/http/model_http_get_payload.py +88 -0
- omnibase_infra/handlers/models/http/model_http_handler_payload.py +90 -0
- omnibase_infra/handlers/models/http/model_http_post_payload.py +88 -0
- omnibase_infra/handlers/models/http/model_payload_http.py +66 -0
- omnibase_infra/handlers/models/http/registry_payload_http.py +212 -0
- omnibase_infra/handlers/models/mcp/__init__.py +23 -0
- omnibase_infra/handlers/models/mcp/enum_mcp_operation_type.py +24 -0
- omnibase_infra/handlers/models/mcp/model_mcp_handler_config.py +40 -0
- omnibase_infra/handlers/models/mcp/model_mcp_tool_call.py +32 -0
- omnibase_infra/handlers/models/mcp/model_mcp_tool_result.py +45 -0
- omnibase_infra/handlers/models/model_consul_handler_response.py +96 -0
- omnibase_infra/handlers/models/model_db_describe_response.py +83 -0
- omnibase_infra/handlers/models/model_db_query_payload.py +95 -0
- omnibase_infra/handlers/models/model_db_query_response.py +60 -0
- omnibase_infra/handlers/models/model_filesystem_config.py +98 -0
- omnibase_infra/handlers/models/model_filesystem_delete_payload.py +54 -0
- omnibase_infra/handlers/models/model_filesystem_delete_result.py +77 -0
- omnibase_infra/handlers/models/model_filesystem_directory_entry.py +75 -0
- omnibase_infra/handlers/models/model_filesystem_ensure_directory_payload.py +54 -0
- omnibase_infra/handlers/models/model_filesystem_ensure_directory_result.py +60 -0
- omnibase_infra/handlers/models/model_filesystem_list_directory_payload.py +60 -0
- omnibase_infra/handlers/models/model_filesystem_list_directory_result.py +68 -0
- omnibase_infra/handlers/models/model_filesystem_read_payload.py +62 -0
- omnibase_infra/handlers/models/model_filesystem_read_result.py +61 -0
- omnibase_infra/handlers/models/model_filesystem_write_payload.py +70 -0
- omnibase_infra/handlers/models/model_filesystem_write_result.py +55 -0
- omnibase_infra/handlers/models/model_graph_handler_response.py +98 -0
- omnibase_infra/handlers/models/model_handler_response.py +103 -0
- omnibase_infra/handlers/models/model_http_handler_response.py +101 -0
- omnibase_infra/handlers/models/model_manifest_metadata.py +75 -0
- omnibase_infra/handlers/models/model_manifest_persistence_config.py +62 -0
- omnibase_infra/handlers/models/model_manifest_query_payload.py +90 -0
- omnibase_infra/handlers/models/model_manifest_query_result.py +97 -0
- omnibase_infra/handlers/models/model_manifest_retrieve_payload.py +44 -0
- omnibase_infra/handlers/models/model_manifest_retrieve_result.py +98 -0
- omnibase_infra/handlers/models/model_manifest_store_payload.py +47 -0
- omnibase_infra/handlers/models/model_manifest_store_result.py +67 -0
- omnibase_infra/handlers/models/model_operation_context.py +187 -0
- omnibase_infra/handlers/models/model_qdrant_handler_response.py +98 -0
- omnibase_infra/handlers/models/model_retry_state.py +162 -0
- omnibase_infra/handlers/models/model_vault_handler_response.py +98 -0
- omnibase_infra/handlers/models/qdrant/__init__.py +44 -0
- omnibase_infra/handlers/models/qdrant/enum_qdrant_operation_type.py +26 -0
- omnibase_infra/handlers/models/qdrant/model_qdrant_collection_payload.py +42 -0
- omnibase_infra/handlers/models/qdrant/model_qdrant_delete_payload.py +36 -0
- omnibase_infra/handlers/models/qdrant/model_qdrant_handler_config.py +42 -0
- omnibase_infra/handlers/models/qdrant/model_qdrant_handler_payload.py +54 -0
- omnibase_infra/handlers/models/qdrant/model_qdrant_search_payload.py +42 -0
- omnibase_infra/handlers/models/qdrant/model_qdrant_search_result.py +30 -0
- omnibase_infra/handlers/models/qdrant/model_qdrant_upsert_payload.py +36 -0
- omnibase_infra/handlers/models/vault/__init__.py +69 -0
- omnibase_infra/handlers/models/vault/enum_vault_operation_type.py +35 -0
- omnibase_infra/handlers/models/vault/model_payload_vault.py +66 -0
- omnibase_infra/handlers/models/vault/model_vault_delete_payload.py +57 -0
- omnibase_infra/handlers/models/vault/model_vault_handler_config.py +148 -0
- omnibase_infra/handlers/models/vault/model_vault_handler_payload.py +101 -0
- omnibase_infra/handlers/models/vault/model_vault_list_payload.py +58 -0
- omnibase_infra/handlers/models/vault/model_vault_renew_token_payload.py +67 -0
- omnibase_infra/handlers/models/vault/model_vault_retry_config.py +66 -0
- omnibase_infra/handlers/models/vault/model_vault_secret_payload.py +106 -0
- omnibase_infra/handlers/models/vault/model_vault_write_payload.py +66 -0
- omnibase_infra/handlers/models/vault/registry_payload_vault.py +213 -0
- omnibase_infra/handlers/registration_storage/__init__.py +43 -0
- omnibase_infra/handlers/registration_storage/handler_registration_storage_mock.py +392 -0
- omnibase_infra/handlers/registration_storage/handler_registration_storage_postgres.py +922 -0
- omnibase_infra/handlers/registration_storage/models/__init__.py +23 -0
- omnibase_infra/handlers/registration_storage/models/model_delete_registration_request.py +58 -0
- omnibase_infra/handlers/registration_storage/models/model_update_registration_request.py +73 -0
- omnibase_infra/handlers/registration_storage/protocol_registration_persistence.py +191 -0
- omnibase_infra/handlers/service_discovery/__init__.py +43 -0
- omnibase_infra/handlers/service_discovery/handler_service_discovery_consul.py +1051 -0
- omnibase_infra/handlers/service_discovery/handler_service_discovery_mock.py +258 -0
- omnibase_infra/handlers/service_discovery/models/__init__.py +22 -0
- omnibase_infra/handlers/service_discovery/models/model_discovery_result.py +64 -0
- omnibase_infra/handlers/service_discovery/models/model_registration_result.py +138 -0
- omnibase_infra/handlers/service_discovery/models/model_service_info.py +109 -0
- omnibase_infra/handlers/service_discovery/protocol_discovery_operations.py +170 -0
- omnibase_infra/idempotency/__init__.py +94 -0
- omnibase_infra/idempotency/models/__init__.py +43 -0
- omnibase_infra/idempotency/models/model_idempotency_check_result.py +85 -0
- omnibase_infra/idempotency/models/model_idempotency_guard_config.py +130 -0
- omnibase_infra/idempotency/models/model_idempotency_record.py +86 -0
- omnibase_infra/idempotency/models/model_idempotency_store_health_check_result.py +81 -0
- omnibase_infra/idempotency/models/model_idempotency_store_metrics.py +140 -0
- omnibase_infra/idempotency/models/model_postgres_idempotency_store_config.py +299 -0
- omnibase_infra/idempotency/protocol_idempotency_store.py +184 -0
- omnibase_infra/idempotency/store_inmemory.py +265 -0
- omnibase_infra/idempotency/store_postgres.py +923 -0
- omnibase_infra/infrastructure/__init__.py +0 -0
- omnibase_infra/migrations/001_create_event_ledger.sql +166 -0
- omnibase_infra/migrations/001_drop_event_ledger.sql +18 -0
- omnibase_infra/mixins/__init__.py +71 -0
- omnibase_infra/mixins/mixin_async_circuit_breaker.py +656 -0
- omnibase_infra/mixins/mixin_dict_like_accessors.py +146 -0
- omnibase_infra/mixins/mixin_envelope_extraction.py +119 -0
- omnibase_infra/mixins/mixin_node_introspection.py +2670 -0
- omnibase_infra/mixins/mixin_retry_execution.py +386 -0
- omnibase_infra/mixins/protocol_circuit_breaker_aware.py +133 -0
- omnibase_infra/models/__init__.py +144 -0
- omnibase_infra/models/bindings/__init__.py +59 -0
- omnibase_infra/models/bindings/constants.py +144 -0
- omnibase_infra/models/bindings/model_binding_resolution_result.py +103 -0
- omnibase_infra/models/bindings/model_operation_binding.py +44 -0
- omnibase_infra/models/bindings/model_operation_bindings_subcontract.py +152 -0
- omnibase_infra/models/bindings/model_parsed_binding.py +52 -0
- omnibase_infra/models/corpus/__init__.py +17 -0
- omnibase_infra/models/corpus/model_capture_config.py +133 -0
- omnibase_infra/models/corpus/model_capture_result.py +86 -0
- omnibase_infra/models/discovery/__init__.py +42 -0
- omnibase_infra/models/discovery/model_dependency_spec.py +319 -0
- omnibase_infra/models/discovery/model_discovered_capabilities.py +50 -0
- omnibase_infra/models/discovery/model_introspection_config.py +330 -0
- omnibase_infra/models/discovery/model_introspection_performance_metrics.py +169 -0
- omnibase_infra/models/discovery/model_introspection_task_config.py +116 -0
- omnibase_infra/models/dispatch/__init__.py +155 -0
- omnibase_infra/models/dispatch/model_debug_trace_snapshot.py +114 -0
- omnibase_infra/models/dispatch/model_dispatch_context.py +439 -0
- omnibase_infra/models/dispatch/model_dispatch_error.py +336 -0
- omnibase_infra/models/dispatch/model_dispatch_log_context.py +400 -0
- omnibase_infra/models/dispatch/model_dispatch_metadata.py +228 -0
- omnibase_infra/models/dispatch/model_dispatch_metrics.py +496 -0
- omnibase_infra/models/dispatch/model_dispatch_outcome.py +317 -0
- omnibase_infra/models/dispatch/model_dispatch_outputs.py +231 -0
- omnibase_infra/models/dispatch/model_dispatch_result.py +436 -0
- omnibase_infra/models/dispatch/model_dispatch_route.py +279 -0
- omnibase_infra/models/dispatch/model_dispatcher_metrics.py +275 -0
- omnibase_infra/models/dispatch/model_dispatcher_registration.py +352 -0
- omnibase_infra/models/dispatch/model_materialized_dispatch.py +141 -0
- omnibase_infra/models/dispatch/model_parsed_topic.py +135 -0
- omnibase_infra/models/dispatch/model_topic_parser.py +725 -0
- omnibase_infra/models/dispatch/model_tracing_context.py +285 -0
- omnibase_infra/models/errors/__init__.py +45 -0
- omnibase_infra/models/errors/model_handler_validation_error.py +594 -0
- omnibase_infra/models/errors/model_infra_error_context.py +99 -0
- omnibase_infra/models/errors/model_message_type_registry_error_context.py +71 -0
- omnibase_infra/models/errors/model_timeout_error_context.py +110 -0
- omnibase_infra/models/handlers/__init__.py +80 -0
- omnibase_infra/models/handlers/model_bootstrap_handler_descriptor.py +162 -0
- omnibase_infra/models/handlers/model_contract_discovery_result.py +82 -0
- omnibase_infra/models/handlers/model_handler_descriptor.py +200 -0
- omnibase_infra/models/handlers/model_handler_identifier.py +215 -0
- omnibase_infra/models/handlers/model_handler_source_config.py +220 -0
- omnibase_infra/models/health/__init__.py +9 -0
- omnibase_infra/models/health/model_health_check_result.py +40 -0
- omnibase_infra/models/lifecycle/__init__.py +39 -0
- omnibase_infra/models/logging/__init__.py +51 -0
- omnibase_infra/models/logging/model_log_context.py +756 -0
- omnibase_infra/models/mcp/__init__.py +15 -0
- omnibase_infra/models/mcp/model_mcp_contract_config.py +80 -0
- omnibase_infra/models/mcp/model_mcp_server_config.py +67 -0
- omnibase_infra/models/mcp/model_mcp_tool_definition.py +73 -0
- omnibase_infra/models/mcp/model_mcp_tool_parameter.py +35 -0
- omnibase_infra/models/model_node_identity.py +126 -0
- omnibase_infra/models/model_retry_error_classification.py +78 -0
- omnibase_infra/models/projection/__init__.py +43 -0
- omnibase_infra/models/projection/model_capability_fields.py +112 -0
- omnibase_infra/models/projection/model_registration_projection.py +434 -0
- omnibase_infra/models/projection/model_registration_snapshot.py +322 -0
- omnibase_infra/models/projection/model_sequence_info.py +182 -0
- omnibase_infra/models/projection/model_snapshot_topic_config.py +591 -0
- omnibase_infra/models/projectors/__init__.py +41 -0
- omnibase_infra/models/projectors/model_projector_column.py +289 -0
- omnibase_infra/models/projectors/model_projector_discovery_result.py +65 -0
- omnibase_infra/models/projectors/model_projector_index.py +270 -0
- omnibase_infra/models/projectors/model_projector_schema.py +415 -0
- omnibase_infra/models/projectors/model_projector_validation_error.py +63 -0
- omnibase_infra/models/projectors/util_sql_identifiers.py +115 -0
- omnibase_infra/models/registration/__init__.py +68 -0
- omnibase_infra/models/registration/commands/__init__.py +15 -0
- omnibase_infra/models/registration/commands/model_node_registration_acked.py +108 -0
- omnibase_infra/models/registration/events/__init__.py +56 -0
- omnibase_infra/models/registration/events/model_node_became_active.py +103 -0
- omnibase_infra/models/registration/events/model_node_liveness_expired.py +103 -0
- omnibase_infra/models/registration/events/model_node_registration_accepted.py +98 -0
- omnibase_infra/models/registration/events/model_node_registration_ack_received.py +98 -0
- omnibase_infra/models/registration/events/model_node_registration_ack_timed_out.py +112 -0
- omnibase_infra/models/registration/events/model_node_registration_initiated.py +107 -0
- omnibase_infra/models/registration/events/model_node_registration_rejected.py +104 -0
- omnibase_infra/models/registration/model_event_bus_topic_entry.py +59 -0
- omnibase_infra/models/registration/model_introspection_metrics.py +253 -0
- omnibase_infra/models/registration/model_node_capabilities.py +190 -0
- omnibase_infra/models/registration/model_node_event_bus_config.py +99 -0
- omnibase_infra/models/registration/model_node_heartbeat_event.py +126 -0
- omnibase_infra/models/registration/model_node_introspection_event.py +195 -0
- omnibase_infra/models/registration/model_node_metadata.py +79 -0
- omnibase_infra/models/registration/model_node_registration.py +162 -0
- omnibase_infra/models/registration/model_node_registration_record.py +162 -0
- omnibase_infra/models/registry/__init__.py +29 -0
- omnibase_infra/models/registry/model_domain_constraint.py +202 -0
- omnibase_infra/models/registry/model_message_type_entry.py +271 -0
- omnibase_infra/models/resilience/__init__.py +9 -0
- omnibase_infra/models/resilience/model_circuit_breaker_config.py +227 -0
- omnibase_infra/models/routing/__init__.py +25 -0
- omnibase_infra/models/routing/model_routing_entry.py +52 -0
- omnibase_infra/models/routing/model_routing_subcontract.py +70 -0
- omnibase_infra/models/runtime/__init__.py +49 -0
- omnibase_infra/models/runtime/model_contract_security_config.py +41 -0
- omnibase_infra/models/runtime/model_discovery_error.py +81 -0
- omnibase_infra/models/runtime/model_discovery_result.py +162 -0
- omnibase_infra/models/runtime/model_discovery_warning.py +74 -0
- omnibase_infra/models/runtime/model_failed_plugin_load.py +63 -0
- omnibase_infra/models/runtime/model_handler_contract.py +296 -0
- omnibase_infra/models/runtime/model_loaded_handler.py +129 -0
- omnibase_infra/models/runtime/model_plugin_load_context.py +93 -0
- omnibase_infra/models/runtime/model_plugin_load_summary.py +124 -0
- omnibase_infra/models/security/__init__.py +50 -0
- omnibase_infra/models/security/classification_levels.py +99 -0
- omnibase_infra/models/security/model_environment_policy.py +145 -0
- omnibase_infra/models/security/model_handler_security_policy.py +107 -0
- omnibase_infra/models/security/model_security_error.py +81 -0
- omnibase_infra/models/security/model_security_validation_result.py +328 -0
- omnibase_infra/models/security/model_security_warning.py +67 -0
- omnibase_infra/models/snapshot/__init__.py +27 -0
- omnibase_infra/models/snapshot/model_field_change.py +65 -0
- omnibase_infra/models/snapshot/model_snapshot.py +270 -0
- omnibase_infra/models/snapshot/model_snapshot_diff.py +203 -0
- omnibase_infra/models/snapshot/model_subject_ref.py +81 -0
- omnibase_infra/models/types/__init__.py +71 -0
- omnibase_infra/models/validation/__init__.py +89 -0
- omnibase_infra/models/validation/model_any_type_validation_result.py +118 -0
- omnibase_infra/models/validation/model_any_type_violation.py +141 -0
- omnibase_infra/models/validation/model_category_match_result.py +345 -0
- omnibase_infra/models/validation/model_chain_violation.py +166 -0
- omnibase_infra/models/validation/model_coverage_metrics.py +316 -0
- omnibase_infra/models/validation/model_execution_shape_rule.py +159 -0
- omnibase_infra/models/validation/model_execution_shape_validation.py +208 -0
- omnibase_infra/models/validation/model_execution_shape_validation_result.py +294 -0
- omnibase_infra/models/validation/model_execution_shape_violation.py +122 -0
- omnibase_infra/models/validation/model_localhandler_validation_result.py +139 -0
- omnibase_infra/models/validation/model_localhandler_violation.py +100 -0
- omnibase_infra/models/validation/model_output_validation_params.py +74 -0
- omnibase_infra/models/validation/model_validate_and_raise_params.py +84 -0
- omnibase_infra/models/validation/model_validation_error_params.py +84 -0
- omnibase_infra/models/validation/model_validation_outcome.py +287 -0
- omnibase_infra/nodes/__init__.py +57 -0
- omnibase_infra/nodes/architecture_validator/__init__.py +79 -0
- omnibase_infra/nodes/architecture_validator/contract.yaml +252 -0
- omnibase_infra/nodes/architecture_validator/contract_architecture_validator.yaml +203 -0
- omnibase_infra/nodes/architecture_validator/mixins/__init__.py +16 -0
- omnibase_infra/nodes/architecture_validator/mixins/mixin_file_path_rule.py +92 -0
- omnibase_infra/nodes/architecture_validator/models/__init__.py +36 -0
- omnibase_infra/nodes/architecture_validator/models/model_architecture_validation_request.py +56 -0
- omnibase_infra/nodes/architecture_validator/models/model_architecture_validation_result.py +311 -0
- omnibase_infra/nodes/architecture_validator/models/model_architecture_violation.py +163 -0
- omnibase_infra/nodes/architecture_validator/models/model_rule_check_result.py +265 -0
- omnibase_infra/nodes/architecture_validator/models/model_validation_request.py +105 -0
- omnibase_infra/nodes/architecture_validator/models/model_validation_result.py +314 -0
- omnibase_infra/nodes/architecture_validator/node.py +262 -0
- omnibase_infra/nodes/architecture_validator/node_architecture_validator.py +383 -0
- omnibase_infra/nodes/architecture_validator/protocols/__init__.py +9 -0
- omnibase_infra/nodes/architecture_validator/protocols/protocol_architecture_rule.py +225 -0
- omnibase_infra/nodes/architecture_validator/registry/__init__.py +28 -0
- omnibase_infra/nodes/architecture_validator/registry/registry_infra_architecture_validator.py +106 -0
- omnibase_infra/nodes/architecture_validator/validators/__init__.py +104 -0
- omnibase_infra/nodes/architecture_validator/validators/validator_no_direct_dispatch.py +422 -0
- omnibase_infra/nodes/architecture_validator/validators/validator_no_handler_publishing.py +481 -0
- omnibase_infra/nodes/architecture_validator/validators/validator_no_orchestrator_fsm.py +491 -0
- omnibase_infra/nodes/contract_registry_reducer/__init__.py +29 -0
- omnibase_infra/nodes/contract_registry_reducer/contract.yaml +255 -0
- omnibase_infra/nodes/contract_registry_reducer/models/__init__.py +38 -0
- omnibase_infra/nodes/contract_registry_reducer/models/model_contract_registry_state.py +266 -0
- omnibase_infra/nodes/contract_registry_reducer/models/model_payload_cleanup_topic_references.py +55 -0
- omnibase_infra/nodes/contract_registry_reducer/models/model_payload_deactivate_contract.py +58 -0
- omnibase_infra/nodes/contract_registry_reducer/models/model_payload_mark_stale.py +49 -0
- omnibase_infra/nodes/contract_registry_reducer/models/model_payload_update_heartbeat.py +71 -0
- omnibase_infra/nodes/contract_registry_reducer/models/model_payload_update_topic.py +66 -0
- omnibase_infra/nodes/contract_registry_reducer/models/model_payload_upsert_contract.py +92 -0
- omnibase_infra/nodes/contract_registry_reducer/node.py +121 -0
- omnibase_infra/nodes/contract_registry_reducer/reducer.py +784 -0
- omnibase_infra/nodes/contract_registry_reducer/registry/__init__.py +9 -0
- omnibase_infra/nodes/contract_registry_reducer/registry/registry_infra_contract_registry_reducer.py +101 -0
- omnibase_infra/nodes/effects/README.md +358 -0
- omnibase_infra/nodes/effects/__init__.py +26 -0
- omnibase_infra/nodes/effects/contract.yaml +167 -0
- omnibase_infra/nodes/effects/models/__init__.py +32 -0
- omnibase_infra/nodes/effects/models/model_backend_result.py +190 -0
- omnibase_infra/nodes/effects/models/model_effect_idempotency_config.py +92 -0
- omnibase_infra/nodes/effects/models/model_registry_request.py +132 -0
- omnibase_infra/nodes/effects/models/model_registry_response.py +263 -0
- omnibase_infra/nodes/effects/protocol_consul_client.py +89 -0
- omnibase_infra/nodes/effects/protocol_effect_idempotency_store.py +143 -0
- omnibase_infra/nodes/effects/protocol_postgres_adapter.py +96 -0
- omnibase_infra/nodes/effects/registry_effect.py +525 -0
- omnibase_infra/nodes/effects/store_effect_idempotency_inmemory.py +425 -0
- omnibase_infra/nodes/handlers/consul/contract.yaml +85 -0
- omnibase_infra/nodes/handlers/db/contract.yaml +72 -0
- omnibase_infra/nodes/handlers/graph/contract.yaml +127 -0
- omnibase_infra/nodes/handlers/http/contract.yaml +74 -0
- omnibase_infra/nodes/handlers/intent/contract.yaml +66 -0
- omnibase_infra/nodes/handlers/mcp/contract.yaml +69 -0
- omnibase_infra/nodes/handlers/vault/contract.yaml +91 -0
- omnibase_infra/nodes/node_intent_storage_effect/__init__.py +50 -0
- omnibase_infra/nodes/node_intent_storage_effect/contract.yaml +194 -0
- omnibase_infra/nodes/node_intent_storage_effect/models/__init__.py +24 -0
- omnibase_infra/nodes/node_intent_storage_effect/models/model_intent_storage_input.py +141 -0
- omnibase_infra/nodes/node_intent_storage_effect/models/model_intent_storage_output.py +130 -0
- omnibase_infra/nodes/node_intent_storage_effect/node.py +94 -0
- omnibase_infra/nodes/node_intent_storage_effect/registry/__init__.py +35 -0
- omnibase_infra/nodes/node_intent_storage_effect/registry/registry_infra_intent_storage.py +294 -0
- omnibase_infra/nodes/node_ledger_projection_compute/__init__.py +50 -0
- omnibase_infra/nodes/node_ledger_projection_compute/contract.yaml +104 -0
- omnibase_infra/nodes/node_ledger_projection_compute/node.py +284 -0
- omnibase_infra/nodes/node_ledger_projection_compute/registry/__init__.py +29 -0
- omnibase_infra/nodes/node_ledger_projection_compute/registry/registry_infra_ledger_projection.py +118 -0
- omnibase_infra/nodes/node_ledger_write_effect/__init__.py +82 -0
- omnibase_infra/nodes/node_ledger_write_effect/contract.yaml +200 -0
- omnibase_infra/nodes/node_ledger_write_effect/handlers/__init__.py +22 -0
- omnibase_infra/nodes/node_ledger_write_effect/handlers/handler_ledger_append.py +372 -0
- omnibase_infra/nodes/node_ledger_write_effect/handlers/handler_ledger_query.py +597 -0
- omnibase_infra/nodes/node_ledger_write_effect/models/__init__.py +31 -0
- omnibase_infra/nodes/node_ledger_write_effect/models/model_ledger_append_result.py +54 -0
- omnibase_infra/nodes/node_ledger_write_effect/models/model_ledger_entry.py +92 -0
- omnibase_infra/nodes/node_ledger_write_effect/models/model_ledger_query.py +53 -0
- omnibase_infra/nodes/node_ledger_write_effect/models/model_ledger_query_result.py +41 -0
- omnibase_infra/nodes/node_ledger_write_effect/node.py +89 -0
- omnibase_infra/nodes/node_ledger_write_effect/protocols/__init__.py +13 -0
- omnibase_infra/nodes/node_ledger_write_effect/protocols/protocol_ledger_persistence.py +127 -0
- omnibase_infra/nodes/node_ledger_write_effect/registry/__init__.py +9 -0
- omnibase_infra/nodes/node_ledger_write_effect/registry/registry_infra_ledger_write.py +121 -0
- omnibase_infra/nodes/node_registration_orchestrator/README.md +542 -0
- omnibase_infra/nodes/node_registration_orchestrator/__init__.py +120 -0
- omnibase_infra/nodes/node_registration_orchestrator/contract.yaml +482 -0
- omnibase_infra/nodes/node_registration_orchestrator/dispatchers/__init__.py +53 -0
- omnibase_infra/nodes/node_registration_orchestrator/dispatchers/dispatcher_node_introspected.py +376 -0
- omnibase_infra/nodes/node_registration_orchestrator/dispatchers/dispatcher_node_registration_acked.py +376 -0
- omnibase_infra/nodes/node_registration_orchestrator/dispatchers/dispatcher_runtime_tick.py +373 -0
- omnibase_infra/nodes/node_registration_orchestrator/handlers/__init__.py +62 -0
- omnibase_infra/nodes/node_registration_orchestrator/handlers/handler_node_heartbeat.py +376 -0
- omnibase_infra/nodes/node_registration_orchestrator/handlers/handler_node_introspected.py +694 -0
- omnibase_infra/nodes/node_registration_orchestrator/handlers/handler_node_registration_acked.py +458 -0
- omnibase_infra/nodes/node_registration_orchestrator/handlers/handler_runtime_tick.py +364 -0
- omnibase_infra/nodes/node_registration_orchestrator/introspection_event_router.py +544 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/__init__.py +75 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_consul_intent_payload.py +194 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_consul_registration_intent.py +67 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_intent_execution_result.py +50 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_node_liveness_expired.py +107 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_orchestrator_config.py +67 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_orchestrator_input.py +41 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_orchestrator_output.py +166 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_postgres_intent_payload.py +235 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_postgres_upsert_intent.py +68 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_reducer_execution_result.py +384 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_reducer_state.py +60 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_registration_intent.py +177 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_registry_intent.py +247 -0
- omnibase_infra/nodes/node_registration_orchestrator/node.py +195 -0
- omnibase_infra/nodes/node_registration_orchestrator/plugin.py +909 -0
- omnibase_infra/nodes/node_registration_orchestrator/protocols.py +439 -0
- omnibase_infra/nodes/node_registration_orchestrator/registry/__init__.py +41 -0
- omnibase_infra/nodes/node_registration_orchestrator/registry/registry_infra_node_registration_orchestrator.py +528 -0
- omnibase_infra/nodes/node_registration_orchestrator/timeout_coordinator.py +393 -0
- omnibase_infra/nodes/node_registration_orchestrator/wiring.py +743 -0
- omnibase_infra/nodes/node_registration_reducer/__init__.py +15 -0
- omnibase_infra/nodes/node_registration_reducer/contract.yaml +301 -0
- omnibase_infra/nodes/node_registration_reducer/models/__init__.py +38 -0
- omnibase_infra/nodes/node_registration_reducer/models/model_validation_result.py +113 -0
- omnibase_infra/nodes/node_registration_reducer/node.py +139 -0
- omnibase_infra/nodes/node_registration_reducer/registry/__init__.py +9 -0
- omnibase_infra/nodes/node_registration_reducer/registry/registry_infra_node_registration_reducer.py +79 -0
- omnibase_infra/nodes/node_registration_storage_effect/__init__.py +41 -0
- omnibase_infra/nodes/node_registration_storage_effect/contract.yaml +220 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/__init__.py +44 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/model_delete_result.py +132 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/model_registration_record.py +199 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/model_registration_update.py +155 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/model_storage_health_check_details.py +123 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/model_storage_health_check_result.py +117 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/model_storage_query.py +100 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/model_storage_result.py +136 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/model_upsert_result.py +127 -0
- omnibase_infra/nodes/node_registration_storage_effect/node.py +112 -0
- omnibase_infra/nodes/node_registration_storage_effect/protocols/__init__.py +22 -0
- omnibase_infra/nodes/node_registration_storage_effect/protocols/protocol_registration_persistence.py +333 -0
- omnibase_infra/nodes/node_registration_storage_effect/registry/__init__.py +23 -0
- omnibase_infra/nodes/node_registration_storage_effect/registry/registry_infra_registration_storage.py +215 -0
- omnibase_infra/nodes/node_registry_effect/__init__.py +85 -0
- omnibase_infra/nodes/node_registry_effect/contract.yaml +677 -0
- omnibase_infra/nodes/node_registry_effect/handlers/__init__.py +70 -0
- omnibase_infra/nodes/node_registry_effect/handlers/handler_consul_deregister.py +211 -0
- omnibase_infra/nodes/node_registry_effect/handlers/handler_consul_register.py +212 -0
- omnibase_infra/nodes/node_registry_effect/handlers/handler_partial_retry.py +417 -0
- omnibase_infra/nodes/node_registry_effect/handlers/handler_postgres_deactivate.py +215 -0
- omnibase_infra/nodes/node_registry_effect/handlers/handler_postgres_upsert.py +208 -0
- omnibase_infra/nodes/node_registry_effect/models/__init__.py +43 -0
- omnibase_infra/nodes/node_registry_effect/models/model_partial_retry_request.py +92 -0
- omnibase_infra/nodes/node_registry_effect/node.py +165 -0
- omnibase_infra/nodes/node_registry_effect/registry/__init__.py +27 -0
- omnibase_infra/nodes/node_registry_effect/registry/registry_infra_registry_effect.py +196 -0
- omnibase_infra/nodes/node_service_discovery_effect/__init__.py +111 -0
- omnibase_infra/nodes/node_service_discovery_effect/contract.yaml +246 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/__init__.py +67 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/enum_health_status.py +72 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/enum_service_discovery_operation.py +58 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_discovery_query.py +99 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_discovery_result.py +98 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_health_check_config.py +121 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_query_metadata.py +63 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_registration_result.py +130 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_service_discovery_health_check_details.py +111 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_service_discovery_health_check_result.py +119 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_service_info.py +106 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_service_registration.py +121 -0
- omnibase_infra/nodes/node_service_discovery_effect/node.py +111 -0
- omnibase_infra/nodes/node_service_discovery_effect/protocols/__init__.py +14 -0
- omnibase_infra/nodes/node_service_discovery_effect/protocols/protocol_discovery_operations.py +279 -0
- omnibase_infra/nodes/node_service_discovery_effect/registry/__init__.py +13 -0
- omnibase_infra/nodes/node_service_discovery_effect/registry/registry_infra_service_discovery.py +222 -0
- omnibase_infra/nodes/reducers/__init__.py +30 -0
- omnibase_infra/nodes/reducers/models/__init__.py +37 -0
- omnibase_infra/nodes/reducers/models/model_payload_consul_register.py +87 -0
- omnibase_infra/nodes/reducers/models/model_payload_ledger_append.py +133 -0
- omnibase_infra/nodes/reducers/models/model_payload_postgres_upsert_registration.py +60 -0
- omnibase_infra/nodes/reducers/models/model_registration_confirmation.py +166 -0
- omnibase_infra/nodes/reducers/models/model_registration_state.py +433 -0
- omnibase_infra/nodes/reducers/registration_reducer.py +1138 -0
- omnibase_infra/observability/__init__.py +143 -0
- omnibase_infra/observability/constants_metrics.py +91 -0
- omnibase_infra/observability/factory_observability_sink.py +525 -0
- omnibase_infra/observability/handlers/__init__.py +118 -0
- omnibase_infra/observability/handlers/handler_logging_structured.py +967 -0
- omnibase_infra/observability/handlers/handler_metrics_prometheus.py +1120 -0
- omnibase_infra/observability/handlers/model_logging_handler_config.py +71 -0
- omnibase_infra/observability/handlers/model_logging_handler_response.py +77 -0
- omnibase_infra/observability/handlers/model_metrics_handler_config.py +172 -0
- omnibase_infra/observability/handlers/model_metrics_handler_payload.py +135 -0
- omnibase_infra/observability/handlers/model_metrics_handler_response.py +101 -0
- omnibase_infra/observability/hooks/__init__.py +74 -0
- omnibase_infra/observability/hooks/hook_observability.py +1223 -0
- omnibase_infra/observability/models/__init__.py +30 -0
- omnibase_infra/observability/models/enum_required_log_context_key.py +77 -0
- omnibase_infra/observability/models/model_buffered_log_entry.py +117 -0
- omnibase_infra/observability/models/model_logging_sink_config.py +73 -0
- omnibase_infra/observability/models/model_metrics_sink_config.py +156 -0
- omnibase_infra/observability/sinks/__init__.py +69 -0
- omnibase_infra/observability/sinks/sink_logging_structured.py +809 -0
- omnibase_infra/observability/sinks/sink_metrics_prometheus.py +710 -0
- omnibase_infra/plugins/__init__.py +27 -0
- omnibase_infra/plugins/examples/__init__.py +28 -0
- omnibase_infra/plugins/examples/plugin_json_normalizer.py +271 -0
- omnibase_infra/plugins/examples/plugin_json_normalizer_error_handling.py +210 -0
- omnibase_infra/plugins/models/__init__.py +21 -0
- omnibase_infra/plugins/models/model_plugin_context.py +76 -0
- omnibase_infra/plugins/models/model_plugin_input_data.py +58 -0
- omnibase_infra/plugins/models/model_plugin_output_data.py +62 -0
- omnibase_infra/plugins/plugin_compute_base.py +449 -0
- omnibase_infra/projectors/__init__.py +30 -0
- omnibase_infra/projectors/contracts/__init__.py +63 -0
- omnibase_infra/projectors/contracts/registration_projector.yaml +370 -0
- omnibase_infra/projectors/projection_reader_registration.py +1559 -0
- omnibase_infra/projectors/snapshot_publisher_registration.py +1329 -0
- omnibase_infra/protocols/__init__.py +104 -0
- omnibase_infra/protocols/protocol_capability_projection.py +253 -0
- omnibase_infra/protocols/protocol_capability_query.py +251 -0
- omnibase_infra/protocols/protocol_container_aware.py +200 -0
- omnibase_infra/protocols/protocol_dispatch_engine.py +152 -0
- omnibase_infra/protocols/protocol_event_bus_like.py +127 -0
- omnibase_infra/protocols/protocol_event_projector.py +96 -0
- omnibase_infra/protocols/protocol_idempotency_store.py +142 -0
- omnibase_infra/protocols/protocol_message_dispatcher.py +247 -0
- omnibase_infra/protocols/protocol_message_type_registry.py +306 -0
- omnibase_infra/protocols/protocol_plugin_compute.py +368 -0
- omnibase_infra/protocols/protocol_projector_schema_validator.py +82 -0
- omnibase_infra/protocols/protocol_registry_metrics.py +215 -0
- omnibase_infra/protocols/protocol_snapshot_publisher.py +396 -0
- omnibase_infra/protocols/protocol_snapshot_store.py +567 -0
- omnibase_infra/runtime/__init__.py +445 -0
- omnibase_infra/runtime/binding_config_resolver.py +2771 -0
- omnibase_infra/runtime/binding_resolver.py +753 -0
- omnibase_infra/runtime/chain_aware_dispatch.py +467 -0
- omnibase_infra/runtime/constants_notification.py +75 -0
- omnibase_infra/runtime/constants_security.py +70 -0
- omnibase_infra/runtime/contract_handler_discovery.py +587 -0
- omnibase_infra/runtime/contract_loaders/__init__.py +51 -0
- omnibase_infra/runtime/contract_loaders/handler_routing_loader.py +464 -0
- omnibase_infra/runtime/contract_loaders/operation_bindings_loader.py +789 -0
- omnibase_infra/runtime/dispatch_context_enforcer.py +427 -0
- omnibase_infra/runtime/emit_daemon/__init__.py +97 -0
- omnibase_infra/runtime/emit_daemon/cli.py +844 -0
- omnibase_infra/runtime/emit_daemon/client.py +811 -0
- omnibase_infra/runtime/emit_daemon/config.py +535 -0
- omnibase_infra/runtime/emit_daemon/daemon.py +812 -0
- omnibase_infra/runtime/emit_daemon/event_registry.py +477 -0
- omnibase_infra/runtime/emit_daemon/model_daemon_request.py +139 -0
- omnibase_infra/runtime/emit_daemon/model_daemon_response.py +191 -0
- omnibase_infra/runtime/emit_daemon/queue.py +618 -0
- omnibase_infra/runtime/enums/__init__.py +18 -0
- omnibase_infra/runtime/enums/enum_config_ref_scheme.py +33 -0
- omnibase_infra/runtime/enums/enum_scheduler_status.py +170 -0
- omnibase_infra/runtime/envelope_validator.py +179 -0
- omnibase_infra/runtime/event_bus_subcontract_wiring.py +466 -0
- omnibase_infra/runtime/handler_bootstrap_source.py +507 -0
- omnibase_infra/runtime/handler_contract_config_loader.py +603 -0
- omnibase_infra/runtime/handler_contract_source.py +750 -0
- omnibase_infra/runtime/handler_identity.py +81 -0
- omnibase_infra/runtime/handler_plugin_loader.py +2046 -0
- omnibase_infra/runtime/handler_registry.py +329 -0
- omnibase_infra/runtime/handler_source_resolver.py +367 -0
- omnibase_infra/runtime/invocation_security_enforcer.py +427 -0
- omnibase_infra/runtime/kafka_contract_source.py +984 -0
- omnibase_infra/runtime/kernel.py +40 -0
- omnibase_infra/runtime/mixin_policy_validation.py +522 -0
- omnibase_infra/runtime/mixin_semver_cache.py +402 -0
- omnibase_infra/runtime/mixins/__init__.py +24 -0
- omnibase_infra/runtime/mixins/mixin_projector_notification_publishing.py +566 -0
- omnibase_infra/runtime/mixins/mixin_projector_sql_operations.py +778 -0
- omnibase_infra/runtime/models/__init__.py +229 -0
- omnibase_infra/runtime/models/model_batch_lifecycle_result.py +217 -0
- omnibase_infra/runtime/models/model_binding_config.py +168 -0
- omnibase_infra/runtime/models/model_binding_config_cache_stats.py +135 -0
- omnibase_infra/runtime/models/model_binding_config_resolver_config.py +329 -0
- omnibase_infra/runtime/models/model_cached_secret.py +138 -0
- omnibase_infra/runtime/models/model_compute_key.py +138 -0
- omnibase_infra/runtime/models/model_compute_registration.py +97 -0
- omnibase_infra/runtime/models/model_config_cache_entry.py +61 -0
- omnibase_infra/runtime/models/model_config_ref.py +331 -0
- omnibase_infra/runtime/models/model_config_ref_parse_result.py +125 -0
- omnibase_infra/runtime/models/model_contract_load_result.py +224 -0
- omnibase_infra/runtime/models/model_domain_plugin_config.py +92 -0
- omnibase_infra/runtime/models/model_domain_plugin_result.py +270 -0
- omnibase_infra/runtime/models/model_duplicate_response.py +54 -0
- omnibase_infra/runtime/models/model_enabled_protocols_config.py +61 -0
- omnibase_infra/runtime/models/model_event_bus_config.py +54 -0
- omnibase_infra/runtime/models/model_failed_component.py +55 -0
- omnibase_infra/runtime/models/model_health_check_response.py +168 -0
- omnibase_infra/runtime/models/model_health_check_result.py +229 -0
- omnibase_infra/runtime/models/model_lifecycle_result.py +245 -0
- omnibase_infra/runtime/models/model_logging_config.py +42 -0
- omnibase_infra/runtime/models/model_optional_correlation_id.py +167 -0
- omnibase_infra/runtime/models/model_optional_string.py +94 -0
- omnibase_infra/runtime/models/model_optional_uuid.py +110 -0
- omnibase_infra/runtime/models/model_policy_context.py +100 -0
- omnibase_infra/runtime/models/model_policy_key.py +138 -0
- omnibase_infra/runtime/models/model_policy_registration.py +139 -0
- omnibase_infra/runtime/models/model_policy_result.py +103 -0
- omnibase_infra/runtime/models/model_policy_type_filter.py +157 -0
- omnibase_infra/runtime/models/model_projector_notification_config.py +171 -0
- omnibase_infra/runtime/models/model_projector_plugin_loader_config.py +47 -0
- omnibase_infra/runtime/models/model_protocol_registration_config.py +65 -0
- omnibase_infra/runtime/models/model_retry_policy.py +105 -0
- omnibase_infra/runtime/models/model_runtime_config.py +150 -0
- omnibase_infra/runtime/models/model_runtime_contract_config.py +268 -0
- omnibase_infra/runtime/models/model_runtime_scheduler_config.py +625 -0
- omnibase_infra/runtime/models/model_runtime_scheduler_metrics.py +233 -0
- omnibase_infra/runtime/models/model_runtime_tick.py +193 -0
- omnibase_infra/runtime/models/model_secret_cache_stats.py +82 -0
- omnibase_infra/runtime/models/model_secret_mapping.py +63 -0
- omnibase_infra/runtime/models/model_secret_resolver_config.py +107 -0
- omnibase_infra/runtime/models/model_secret_resolver_metrics.py +111 -0
- omnibase_infra/runtime/models/model_secret_source_info.py +72 -0
- omnibase_infra/runtime/models/model_secret_source_spec.py +66 -0
- omnibase_infra/runtime/models/model_security_config.py +109 -0
- omnibase_infra/runtime/models/model_shutdown_batch_result.py +75 -0
- omnibase_infra/runtime/models/model_shutdown_config.py +94 -0
- omnibase_infra/runtime/models/model_transition_notification_outbox_config.py +112 -0
- omnibase_infra/runtime/models/model_transition_notification_outbox_metrics.py +140 -0
- omnibase_infra/runtime/models/model_transition_notification_publisher_metrics.py +357 -0
- omnibase_infra/runtime/projector_plugin_loader.py +1462 -0
- omnibase_infra/runtime/projector_schema_manager.py +565 -0
- omnibase_infra/runtime/projector_shell.py +1330 -0
- omnibase_infra/runtime/protocol_contract_descriptor.py +92 -0
- omnibase_infra/runtime/protocol_contract_source.py +92 -0
- omnibase_infra/runtime/protocol_domain_plugin.py +474 -0
- omnibase_infra/runtime/protocol_handler_discovery.py +221 -0
- omnibase_infra/runtime/protocol_handler_plugin_loader.py +327 -0
- omnibase_infra/runtime/protocol_lifecycle_executor.py +435 -0
- omnibase_infra/runtime/protocol_policy.py +366 -0
- omnibase_infra/runtime/protocols/__init__.py +37 -0
- omnibase_infra/runtime/protocols/protocol_runtime_scheduler.py +468 -0
- omnibase_infra/runtime/publisher_topic_scoped.py +294 -0
- omnibase_infra/runtime/registry/__init__.py +93 -0
- omnibase_infra/runtime/registry/mixin_message_type_query.py +326 -0
- omnibase_infra/runtime/registry/mixin_message_type_registration.py +354 -0
- omnibase_infra/runtime/registry/registry_event_bus_binding.py +268 -0
- omnibase_infra/runtime/registry/registry_message_type.py +542 -0
- omnibase_infra/runtime/registry/registry_protocol_binding.py +445 -0
- omnibase_infra/runtime/registry_compute.py +1143 -0
- omnibase_infra/runtime/registry_contract_source.py +693 -0
- omnibase_infra/runtime/registry_dispatcher.py +678 -0
- omnibase_infra/runtime/registry_policy.py +1185 -0
- omnibase_infra/runtime/runtime_contract_config_loader.py +406 -0
- omnibase_infra/runtime/runtime_scheduler.py +1070 -0
- omnibase_infra/runtime/secret_resolver.py +2112 -0
- omnibase_infra/runtime/security_metadata_validator.py +776 -0
- omnibase_infra/runtime/service_kernel.py +1651 -0
- omnibase_infra/runtime/service_message_dispatch_engine.py +2350 -0
- omnibase_infra/runtime/service_runtime_host_process.py +3493 -0
- omnibase_infra/runtime/transition_notification_outbox.py +1190 -0
- omnibase_infra/runtime/transition_notification_publisher.py +765 -0
- omnibase_infra/runtime/util_container_wiring.py +1124 -0
- omnibase_infra/runtime/util_validation.py +314 -0
- omnibase_infra/runtime/util_version.py +98 -0
- omnibase_infra/runtime/util_wiring.py +723 -0
- omnibase_infra/schemas/schema_registration_projection.sql +320 -0
- omnibase_infra/schemas/schema_transition_notification_outbox.sql +245 -0
- omnibase_infra/services/__init__.py +89 -0
- omnibase_infra/services/corpus_capture.py +684 -0
- omnibase_infra/services/mcp/__init__.py +31 -0
- omnibase_infra/services/mcp/mcp_server_lifecycle.py +449 -0
- omnibase_infra/services/mcp/service_mcp_tool_discovery.py +411 -0
- omnibase_infra/services/mcp/service_mcp_tool_registry.py +329 -0
- omnibase_infra/services/mcp/service_mcp_tool_sync.py +565 -0
- omnibase_infra/services/registry_api/__init__.py +40 -0
- omnibase_infra/services/registry_api/main.py +261 -0
- omnibase_infra/services/registry_api/models/__init__.py +66 -0
- omnibase_infra/services/registry_api/models/model_capability_widget_mapping.py +38 -0
- omnibase_infra/services/registry_api/models/model_pagination_info.py +48 -0
- omnibase_infra/services/registry_api/models/model_registry_discovery_response.py +73 -0
- omnibase_infra/services/registry_api/models/model_registry_health_response.py +49 -0
- omnibase_infra/services/registry_api/models/model_registry_instance_view.py +88 -0
- omnibase_infra/services/registry_api/models/model_registry_node_view.py +88 -0
- omnibase_infra/services/registry_api/models/model_registry_summary.py +60 -0
- omnibase_infra/services/registry_api/models/model_response_list_instances.py +43 -0
- omnibase_infra/services/registry_api/models/model_response_list_nodes.py +51 -0
- omnibase_infra/services/registry_api/models/model_warning.py +49 -0
- omnibase_infra/services/registry_api/models/model_widget_defaults.py +28 -0
- omnibase_infra/services/registry_api/models/model_widget_mapping.py +51 -0
- omnibase_infra/services/registry_api/routes.py +371 -0
- omnibase_infra/services/registry_api/service.py +837 -0
- omnibase_infra/services/service_capability_query.py +945 -0
- omnibase_infra/services/service_health.py +898 -0
- omnibase_infra/services/service_node_selector.py +530 -0
- omnibase_infra/services/service_timeout_emitter.py +699 -0
- omnibase_infra/services/service_timeout_scanner.py +394 -0
- omnibase_infra/services/session/__init__.py +56 -0
- omnibase_infra/services/session/config_consumer.py +137 -0
- omnibase_infra/services/session/config_store.py +139 -0
- omnibase_infra/services/session/consumer.py +1007 -0
- omnibase_infra/services/session/protocol_session_aggregator.py +117 -0
- omnibase_infra/services/session/store.py +997 -0
- omnibase_infra/services/snapshot/__init__.py +31 -0
- omnibase_infra/services/snapshot/service_snapshot.py +647 -0
- omnibase_infra/services/snapshot/store_inmemory.py +637 -0
- omnibase_infra/services/snapshot/store_postgres.py +1279 -0
- omnibase_infra/shared/__init__.py +8 -0
- omnibase_infra/testing/__init__.py +10 -0
- omnibase_infra/testing/utils.py +23 -0
- omnibase_infra/topics/__init__.py +45 -0
- omnibase_infra/topics/platform_topic_suffixes.py +140 -0
- omnibase_infra/topics/util_topic_composition.py +95 -0
- omnibase_infra/types/__init__.py +48 -0
- omnibase_infra/types/type_cache_info.py +49 -0
- omnibase_infra/types/type_dsn.py +173 -0
- omnibase_infra/types/type_infra_aliases.py +60 -0
- omnibase_infra/types/typed_dict/__init__.py +29 -0
- omnibase_infra/types/typed_dict/typed_dict_envelope_build_params.py +115 -0
- omnibase_infra/types/typed_dict/typed_dict_introspection_cache.py +128 -0
- omnibase_infra/types/typed_dict/typed_dict_performance_metrics_cache.py +140 -0
- omnibase_infra/types/typed_dict_capabilities.py +64 -0
- omnibase_infra/utils/__init__.py +117 -0
- omnibase_infra/utils/correlation.py +208 -0
- omnibase_infra/utils/util_atomic_file.py +261 -0
- omnibase_infra/utils/util_consumer_group.py +232 -0
- omnibase_infra/utils/util_datetime.py +372 -0
- omnibase_infra/utils/util_db_transaction.py +239 -0
- omnibase_infra/utils/util_dsn_validation.py +333 -0
- omnibase_infra/utils/util_env_parsing.py +264 -0
- omnibase_infra/utils/util_error_sanitization.py +457 -0
- omnibase_infra/utils/util_pydantic_validators.py +477 -0
- omnibase_infra/utils/util_retry_optimistic.py +281 -0
- omnibase_infra/utils/util_semver.py +233 -0
- omnibase_infra/validation/__init__.py +307 -0
- omnibase_infra/validation/contracts/security.validation.yaml +114 -0
- omnibase_infra/validation/enums/__init__.py +11 -0
- omnibase_infra/validation/enums/enum_contract_violation_severity.py +13 -0
- omnibase_infra/validation/infra_validators.py +1514 -0
- omnibase_infra/validation/linter_contract.py +907 -0
- omnibase_infra/validation/mixin_any_type_classification.py +120 -0
- omnibase_infra/validation/mixin_any_type_exemption.py +580 -0
- omnibase_infra/validation/mixin_any_type_reporting.py +106 -0
- omnibase_infra/validation/mixin_execution_shape_violation_checks.py +596 -0
- omnibase_infra/validation/mixin_node_archetype_detection.py +254 -0
- omnibase_infra/validation/models/__init__.py +15 -0
- omnibase_infra/validation/models/model_contract_lint_result.py +101 -0
- omnibase_infra/validation/models/model_contract_violation.py +41 -0
- omnibase_infra/validation/service_validation_aggregator.py +395 -0
- omnibase_infra/validation/validation_exemptions.yaml +2033 -0
- omnibase_infra/validation/validator_any_type.py +715 -0
- omnibase_infra/validation/validator_chain_propagation.py +839 -0
- omnibase_infra/validation/validator_execution_shape.py +465 -0
- omnibase_infra/validation/validator_localhandler.py +261 -0
- omnibase_infra/validation/validator_registration_security.py +410 -0
- omnibase_infra/validation/validator_routing_coverage.py +1020 -0
- omnibase_infra/validation/validator_runtime_shape.py +915 -0
- omnibase_infra/validation/validator_security.py +513 -0
- omnibase_infra/validation/validator_topic_category.py +1152 -0
- omnibase_infra-0.2.6.dist-info/METADATA +197 -0
- omnibase_infra-0.2.6.dist-info/RECORD +833 -0
- omnibase_infra-0.2.6.dist-info/WHEEL +4 -0
- omnibase_infra-0.2.6.dist-info/entry_points.txt +5 -0
- omnibase_infra-0.2.6.dist-info/licenses/LICENSE +21 -0
|
@@ -0,0 +1,776 @@
|
|
|
1
|
+
# SPDX-License-Identifier: MIT
|
|
2
|
+
# Copyright (c) 2025 OmniNode Team
|
|
3
|
+
"""Security Metadata Validator for OMN-1137.
|
|
4
|
+
|
|
5
|
+
This module provides the SecurityMetadataValidator class that validates
|
|
6
|
+
handler security metadata before loading. The validator enforces rules
|
|
7
|
+
about which handler types must have or must not have security metadata.
|
|
8
|
+
|
|
9
|
+
Security Validation Rules:
|
|
10
|
+
SECURITY-305: EFFECT handlers MUST have security metadata
|
|
11
|
+
(secret_scopes, allowed_domains, or non-default data_classification)
|
|
12
|
+
SECURITY-306: COMPUTE handlers MUST NOT have security metadata
|
|
13
|
+
SECURITY-307: Secret scopes must be valid (non-empty strings)
|
|
14
|
+
SECURITY-308: Domain patterns must be valid URL patterns
|
|
15
|
+
|
|
16
|
+
Handler Type Security Requirements:
|
|
17
|
+
| Handler Type | Security Metadata Required? |
|
|
18
|
+
|--------------|----------------------------|
|
|
19
|
+
| EFFECT | Yes - must have at least one of: secret_scopes, allowed_domains, or data_classification |
|
|
20
|
+
| COMPUTE | No - must not have any security metadata |
|
|
21
|
+
| NONDETERMINISTIC_COMPUTE | Yes - treated like EFFECT for security purposes |
|
|
22
|
+
|
|
23
|
+
Architecture:
|
|
24
|
+
This validator operates at handler loading time, before handlers are
|
|
25
|
+
registered. It validates that handler security policies match their
|
|
26
|
+
declared behavioral category (handler_type_category).
|
|
27
|
+
|
|
28
|
+
Usage in Handler Loading Flow:
|
|
29
|
+
The SecurityMetadataValidator is designed to integrate at the following
|
|
30
|
+
points in the handler loading flow:
|
|
31
|
+
|
|
32
|
+
1. **HandlerBootstrapSource (Recommended)**: During handler descriptor
|
|
33
|
+
registration in ``_register_handler()``. This is the earliest point
|
|
34
|
+
where handler metadata is available.
|
|
35
|
+
|
|
36
|
+
Location: ``omnibase_infra/runtime/handler_bootstrap_source.py``
|
|
37
|
+
|
|
38
|
+
Example integration::
|
|
39
|
+
|
|
40
|
+
from omnibase_infra.runtime import validate_handler_security
|
|
41
|
+
from omnibase_infra.models.security import ModelHandlerSecurityPolicy
|
|
42
|
+
|
|
43
|
+
def _register_handler(self, descriptor: ModelHandlerDescriptor) -> None:
|
|
44
|
+
# Extract security policy from descriptor (when available)
|
|
45
|
+
security_policy = descriptor.security_policy or ModelHandlerSecurityPolicy()
|
|
46
|
+
handler_type = EnumHandlerTypeCategory(descriptor.handler_kind.upper())
|
|
47
|
+
|
|
48
|
+
# Validate security metadata before registration
|
|
49
|
+
result = validate_handler_security(
|
|
50
|
+
handler_name=descriptor.handler_id,
|
|
51
|
+
handler_type=handler_type,
|
|
52
|
+
security_policy=security_policy,
|
|
53
|
+
)
|
|
54
|
+
|
|
55
|
+
if not result.valid:
|
|
56
|
+
for error in result.errors:
|
|
57
|
+
logger.error(
|
|
58
|
+
f"Security validation failed for {descriptor.handler_id}: "
|
|
59
|
+
f"[{error.code}] {error.message}"
|
|
60
|
+
)
|
|
61
|
+
raise SecurityValidationError(result)
|
|
62
|
+
|
|
63
|
+
# Proceed with registration
|
|
64
|
+
self._descriptors[descriptor.handler_id] = descriptor
|
|
65
|
+
|
|
66
|
+
2. **wire_default_handlers() / wire_handlers_from_contract()**: During
|
|
67
|
+
handler class registration with the RegistryProtocolBinding.
|
|
68
|
+
|
|
69
|
+
Location: ``omnibase_infra/runtime/wiring.py``
|
|
70
|
+
|
|
71
|
+
Example integration::
|
|
72
|
+
|
|
73
|
+
from omnibase_infra.runtime import SecurityMetadataValidator
|
|
74
|
+
|
|
75
|
+
def wire_handlers_from_contract(contract_config):
|
|
76
|
+
validator = SecurityMetadataValidator()
|
|
77
|
+
|
|
78
|
+
for handler_config in handlers_config:
|
|
79
|
+
# Validate security metadata if present in config
|
|
80
|
+
if "security" in handler_config:
|
|
81
|
+
security_policy = ModelHandlerSecurityPolicy(**handler_config["security"])
|
|
82
|
+
handler_type = EnumHandlerTypeCategory(handler_config.get("kind", "EFFECT"))
|
|
83
|
+
|
|
84
|
+
result = validator.validate(
|
|
85
|
+
handler_name=handler_type_str,
|
|
86
|
+
handler_type=handler_type,
|
|
87
|
+
security_policy=security_policy,
|
|
88
|
+
)
|
|
89
|
+
|
|
90
|
+
if not result.valid:
|
|
91
|
+
raise ProtocolConfigurationError(
|
|
92
|
+
f"Handler {handler_type_str} failed security validation"
|
|
93
|
+
)
|
|
94
|
+
|
|
95
|
+
handler_registry.register(handler_type, handler_cls)
|
|
96
|
+
|
|
97
|
+
3. **wire_registration_handlers()**: During container-based handler
|
|
98
|
+
instance registration.
|
|
99
|
+
|
|
100
|
+
Location: ``omnibase_infra/runtime/container_wiring.py``
|
|
101
|
+
|
|
102
|
+
Note: At this level, handlers are being instantiated rather than
|
|
103
|
+
registered by type. Security validation should ideally happen earlier
|
|
104
|
+
(in bootstrap or wiring), but can be added here as a safety check.
|
|
105
|
+
|
|
106
|
+
Integration Status:
|
|
107
|
+
**NOT YET INTEGRATED** - The SecurityMetadataValidator is currently
|
|
108
|
+
standalone and must be called manually. Future work (tracked separately)
|
|
109
|
+
will integrate this validator into the handler loading flow at the
|
|
110
|
+
HandlerBootstrapSource level.
|
|
111
|
+
|
|
112
|
+
TODO(OMN-1137): Integrate SecurityMetadataValidator into HandlerBootstrapSource
|
|
113
|
+
when ModelHandlerDescriptor includes security_policy field.
|
|
114
|
+
|
|
115
|
+
See Also:
|
|
116
|
+
- ModelHandlerSecurityPolicy: Handler-declared security requirements
|
|
117
|
+
- EnumHandlerTypeCategory: Handler behavioral classification
|
|
118
|
+
- EnumSecurityRuleId: Security validation rule identifiers
|
|
119
|
+
- RegistrationSecurityValidator: Environment-level security validation
|
|
120
|
+
- HandlerBootstrapSource: Bootstrap handler descriptor registration
|
|
121
|
+
- wire_default_handlers: Default handler wiring function
|
|
122
|
+
- wire_handlers_from_contract: Contract-based handler wiring
|
|
123
|
+
|
|
124
|
+
.. versionadded:: 0.6.4
|
|
125
|
+
Created as part of OMN-1137 handler security metadata validation.
|
|
126
|
+
"""
|
|
127
|
+
|
|
128
|
+
from __future__ import annotations
|
|
129
|
+
|
|
130
|
+
import re
|
|
131
|
+
from urllib.parse import urlparse
|
|
132
|
+
|
|
133
|
+
from omnibase_core.enums import EnumDataClassification
|
|
134
|
+
from omnibase_infra.enums import (
|
|
135
|
+
EnumHandlerTypeCategory,
|
|
136
|
+
EnumSecurityRuleId,
|
|
137
|
+
EnumValidationSeverity,
|
|
138
|
+
)
|
|
139
|
+
from omnibase_infra.models.security import (
|
|
140
|
+
ModelHandlerSecurityPolicy,
|
|
141
|
+
ModelSecurityError,
|
|
142
|
+
ModelSecurityValidationResult,
|
|
143
|
+
ModelSecurityWarning,
|
|
144
|
+
)
|
|
145
|
+
|
|
146
|
+
# Default data classification that doesn't count as "having security metadata"
|
|
147
|
+
_DEFAULT_CLASSIFICATION = EnumDataClassification.INTERNAL
|
|
148
|
+
|
|
149
|
+
# Maximum length for a DNS label (RFC 1035)
|
|
150
|
+
_MAX_DNS_LABEL_LENGTH = 63
|
|
151
|
+
|
|
152
|
+
# Maximum total domain length (RFC 1035: 253 characters)
|
|
153
|
+
_MAX_DOMAIN_LENGTH = 253
|
|
154
|
+
|
|
155
|
+
# Valid port range (1-65535)
|
|
156
|
+
_MIN_PORT = 1
|
|
157
|
+
_MAX_PORT = 65535
|
|
158
|
+
|
|
159
|
+
# Known URL schemes for more robust URL detection
|
|
160
|
+
# urlparse() may interpret "hostname:port" as having a "scheme" of the hostname,
|
|
161
|
+
# so we only flag domains as URLs if they have a known URL scheme
|
|
162
|
+
_KNOWN_URL_SCHEMES = frozenset(
|
|
163
|
+
{
|
|
164
|
+
"http",
|
|
165
|
+
"https",
|
|
166
|
+
"ftp",
|
|
167
|
+
"ftps",
|
|
168
|
+
"sftp",
|
|
169
|
+
"ssh",
|
|
170
|
+
"file",
|
|
171
|
+
"mailto",
|
|
172
|
+
"tel",
|
|
173
|
+
"data",
|
|
174
|
+
"ws",
|
|
175
|
+
"wss",
|
|
176
|
+
"git",
|
|
177
|
+
"svn",
|
|
178
|
+
"s3",
|
|
179
|
+
"gcs",
|
|
180
|
+
}
|
|
181
|
+
)
|
|
182
|
+
|
|
183
|
+
# Pattern for validating domain patterns
|
|
184
|
+
# Supports: hostname, hostname:port, wildcards like *.example.com
|
|
185
|
+
_DOMAIN_PATTERN = re.compile(
|
|
186
|
+
r"^"
|
|
187
|
+
r"(\*\.)?[a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?" # First label (optional wildcard)
|
|
188
|
+
r"(\.[a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)*" # Additional labels
|
|
189
|
+
r"(:\d{1,5})?" # Optional port
|
|
190
|
+
r"$"
|
|
191
|
+
)
|
|
192
|
+
|
|
193
|
+
|
|
194
|
+
class SecurityMetadataValidator:
|
|
195
|
+
"""Validates handler security metadata before loading.
|
|
196
|
+
|
|
197
|
+
This validator ensures that handler security policies are appropriate
|
|
198
|
+
for their declared behavioral category:
|
|
199
|
+
- EFFECT handlers MUST have security metadata (they perform I/O)
|
|
200
|
+
- COMPUTE handlers MUST NOT have security metadata (they are pure)
|
|
201
|
+
- NONDETERMINISTIC_COMPUTE handlers are treated like EFFECT
|
|
202
|
+
|
|
203
|
+
The validator also checks that security metadata values are valid:
|
|
204
|
+
- Secret scopes must be non-empty strings
|
|
205
|
+
- Domain patterns must be valid URL patterns
|
|
206
|
+
- Port numbers must be in valid range (1-65535)
|
|
207
|
+
- DNS labels must be max 63 characters each
|
|
208
|
+
- Total domain length must be max 253 characters (RFC 1035)
|
|
209
|
+
|
|
210
|
+
Usage in Handler Loading Flow:
|
|
211
|
+
This validator is designed to be called during handler registration,
|
|
212
|
+
before handlers are loaded into the runtime. The recommended integration
|
|
213
|
+
points are:
|
|
214
|
+
|
|
215
|
+
1. **HandlerBootstrapSource._register_handler()** (recommended):
|
|
216
|
+
Validate when handler descriptors are registered at bootstrap.
|
|
217
|
+
|
|
218
|
+
2. **wire_handlers_from_contract()**: Validate when handlers are
|
|
219
|
+
wired from contract configuration.
|
|
220
|
+
|
|
221
|
+
See the module docstring for detailed integration examples and code.
|
|
222
|
+
|
|
223
|
+
**Current Status**: NOT YET INTEGRATED. The validator must be called
|
|
224
|
+
manually. See TODO(OMN-1137) for integration tracking.
|
|
225
|
+
|
|
226
|
+
Example:
|
|
227
|
+
>>> from omnibase_infra.enums import EnumHandlerTypeCategory
|
|
228
|
+
>>> from omnibase_infra.models.security import ModelHandlerSecurityPolicy
|
|
229
|
+
>>>
|
|
230
|
+
>>> validator = SecurityMetadataValidator()
|
|
231
|
+
>>>
|
|
232
|
+
>>> # Valid COMPUTE handler (no security metadata)
|
|
233
|
+
>>> policy = ModelHandlerSecurityPolicy()
|
|
234
|
+
>>> result = validator.validate(
|
|
235
|
+
... handler_name="my_compute_handler",
|
|
236
|
+
... handler_type=EnumHandlerTypeCategory.COMPUTE,
|
|
237
|
+
... security_policy=policy,
|
|
238
|
+
... )
|
|
239
|
+
>>> result.valid
|
|
240
|
+
True
|
|
241
|
+
>>>
|
|
242
|
+
>>> # Invalid EFFECT handler (missing security metadata)
|
|
243
|
+
>>> result = validator.validate(
|
|
244
|
+
... handler_name="my_effect_handler",
|
|
245
|
+
... handler_type=EnumHandlerTypeCategory.EFFECT,
|
|
246
|
+
... security_policy=policy,
|
|
247
|
+
... )
|
|
248
|
+
>>> result.valid
|
|
249
|
+
False
|
|
250
|
+
>>> result.errors[0].code
|
|
251
|
+
'EFFECT_MISSING_SECURITY_METADATA'
|
|
252
|
+
|
|
253
|
+
Attributes:
|
|
254
|
+
None - this validator is stateless.
|
|
255
|
+
|
|
256
|
+
See Also:
|
|
257
|
+
- Module docstring: Full integration examples and code snippets
|
|
258
|
+
- HandlerBootstrapSource: Bootstrap handler descriptor registration
|
|
259
|
+
- wire_handlers_from_contract: Contract-based handler wiring
|
|
260
|
+
|
|
261
|
+
.. versionadded:: 0.6.4
|
|
262
|
+
"""
|
|
263
|
+
|
|
264
|
+
def validate(
|
|
265
|
+
self,
|
|
266
|
+
handler_name: str,
|
|
267
|
+
handler_type: EnumHandlerTypeCategory,
|
|
268
|
+
security_policy: ModelHandlerSecurityPolicy,
|
|
269
|
+
) -> ModelSecurityValidationResult:
|
|
270
|
+
"""Validate handler security metadata.
|
|
271
|
+
|
|
272
|
+
Validates that the handler's security policy is appropriate for
|
|
273
|
+
its declared behavioral category.
|
|
274
|
+
|
|
275
|
+
Rules:
|
|
276
|
+
- EFFECT handlers MUST have security metadata
|
|
277
|
+
- COMPUTE handlers MUST NOT have security metadata
|
|
278
|
+
- NONDETERMINISTIC_COMPUTE treated like EFFECT for security
|
|
279
|
+
- Secret scopes must be valid (non-empty strings)
|
|
280
|
+
- Domain patterns must be valid URL patterns
|
|
281
|
+
- Port numbers must be in range 1-65535
|
|
282
|
+
- DNS labels must be max 63 characters each
|
|
283
|
+
- Total domain length must be max 253 characters (RFC 1035)
|
|
284
|
+
|
|
285
|
+
Args:
|
|
286
|
+
handler_name: Name of the handler being validated.
|
|
287
|
+
handler_type: Behavioral classification of the handler.
|
|
288
|
+
security_policy: Handler's declared security policy.
|
|
289
|
+
|
|
290
|
+
Returns:
|
|
291
|
+
ModelSecurityValidationResult with validation outcome.
|
|
292
|
+
|
|
293
|
+
Example:
|
|
294
|
+
>>> validator = SecurityMetadataValidator()
|
|
295
|
+
>>> policy = ModelHandlerSecurityPolicy(
|
|
296
|
+
... secret_scopes=frozenset({"database/readonly"}),
|
|
297
|
+
... )
|
|
298
|
+
>>> result = validator.validate(
|
|
299
|
+
... handler_name="db_handler",
|
|
300
|
+
... handler_type=EnumHandlerTypeCategory.EFFECT,
|
|
301
|
+
... security_policy=policy,
|
|
302
|
+
... )
|
|
303
|
+
>>> result.valid
|
|
304
|
+
True
|
|
305
|
+
"""
|
|
306
|
+
errors: list[ModelSecurityError] = []
|
|
307
|
+
warnings: list[ModelSecurityWarning] = []
|
|
308
|
+
|
|
309
|
+
# Check if handler has any security metadata
|
|
310
|
+
has_security_metadata = self._has_security_metadata(security_policy)
|
|
311
|
+
|
|
312
|
+
# Validate based on handler type
|
|
313
|
+
if handler_type == EnumHandlerTypeCategory.COMPUTE:
|
|
314
|
+
# COMPUTE handlers MUST NOT have security metadata
|
|
315
|
+
if has_security_metadata:
|
|
316
|
+
errors.append(
|
|
317
|
+
ModelSecurityError(
|
|
318
|
+
code=EnumSecurityRuleId.COMPUTE_HAS_SECURITY_METADATA.value,
|
|
319
|
+
field="security_policy",
|
|
320
|
+
message=(
|
|
321
|
+
f"COMPUTE handler '{handler_name}' has security metadata "
|
|
322
|
+
"but COMPUTE handlers must be pure (no I/O, no secrets). "
|
|
323
|
+
"Security metadata found: "
|
|
324
|
+
f"{self._describe_security_metadata(security_policy)}"
|
|
325
|
+
),
|
|
326
|
+
severity=EnumValidationSeverity.ERROR,
|
|
327
|
+
)
|
|
328
|
+
)
|
|
329
|
+
elif handler_type in (
|
|
330
|
+
EnumHandlerTypeCategory.EFFECT,
|
|
331
|
+
EnumHandlerTypeCategory.NONDETERMINISTIC_COMPUTE,
|
|
332
|
+
):
|
|
333
|
+
# EFFECT and NONDETERMINISTIC_COMPUTE handlers MUST have security metadata
|
|
334
|
+
if not has_security_metadata:
|
|
335
|
+
errors.append(
|
|
336
|
+
ModelSecurityError(
|
|
337
|
+
code=EnumSecurityRuleId.EFFECT_MISSING_SECURITY_METADATA.value,
|
|
338
|
+
field="security_policy",
|
|
339
|
+
message=(
|
|
340
|
+
f"EFFECT handler '{handler_name}' missing required "
|
|
341
|
+
"security metadata. EFFECT handlers must declare at least "
|
|
342
|
+
"one of: secret_scopes, allowed_domains, or a non-default "
|
|
343
|
+
"data_classification."
|
|
344
|
+
),
|
|
345
|
+
severity=EnumValidationSeverity.ERROR,
|
|
346
|
+
)
|
|
347
|
+
)
|
|
348
|
+
|
|
349
|
+
# Validate secret scopes (if present)
|
|
350
|
+
scope_errors = self.validate_secret_scopes(
|
|
351
|
+
list(security_policy.secret_scopes),
|
|
352
|
+
handler_name,
|
|
353
|
+
)
|
|
354
|
+
errors.extend(scope_errors)
|
|
355
|
+
|
|
356
|
+
# Validate domain patterns (if present)
|
|
357
|
+
domain_errors = self.validate_domains(
|
|
358
|
+
list(security_policy.allowed_domains),
|
|
359
|
+
handler_name,
|
|
360
|
+
)
|
|
361
|
+
errors.extend(domain_errors)
|
|
362
|
+
|
|
363
|
+
# Return result
|
|
364
|
+
if errors:
|
|
365
|
+
return ModelSecurityValidationResult.failure(
|
|
366
|
+
subject=handler_name,
|
|
367
|
+
handler_type=handler_type,
|
|
368
|
+
errors=tuple(errors),
|
|
369
|
+
warnings=tuple(warnings),
|
|
370
|
+
)
|
|
371
|
+
return ModelSecurityValidationResult.success(
|
|
372
|
+
subject=handler_name,
|
|
373
|
+
handler_type=handler_type,
|
|
374
|
+
warnings=tuple(warnings),
|
|
375
|
+
)
|
|
376
|
+
|
|
377
|
+
def validate_secret_scopes(
|
|
378
|
+
self,
|
|
379
|
+
secret_scopes: list[str],
|
|
380
|
+
handler_name: str | None = None,
|
|
381
|
+
) -> list[ModelSecurityError]:
|
|
382
|
+
"""Validate that required secrets are valid.
|
|
383
|
+
|
|
384
|
+
Secret scopes must be non-empty strings without leading/trailing
|
|
385
|
+
whitespace. This method does not check if secrets are available
|
|
386
|
+
(that is done by RegistrationSecurityValidator).
|
|
387
|
+
|
|
388
|
+
Args:
|
|
389
|
+
secret_scopes: List of secret scope identifiers to validate.
|
|
390
|
+
handler_name: Optional handler name for error context.
|
|
391
|
+
|
|
392
|
+
Returns:
|
|
393
|
+
List of validation errors for invalid secret scopes.
|
|
394
|
+
|
|
395
|
+
Example:
|
|
396
|
+
>>> validator = SecurityMetadataValidator()
|
|
397
|
+
>>> errors = validator.validate_secret_scopes(["database/readonly"])
|
|
398
|
+
>>> len(errors)
|
|
399
|
+
0
|
|
400
|
+
>>> errors = validator.validate_secret_scopes(["", " "])
|
|
401
|
+
>>> len(errors)
|
|
402
|
+
2
|
|
403
|
+
"""
|
|
404
|
+
errors: list[ModelSecurityError] = []
|
|
405
|
+
context = f" in handler '{handler_name}'" if handler_name else ""
|
|
406
|
+
|
|
407
|
+
for i, scope in enumerate(secret_scopes):
|
|
408
|
+
if not scope or not scope.strip():
|
|
409
|
+
errors.append(
|
|
410
|
+
ModelSecurityError(
|
|
411
|
+
code=EnumSecurityRuleId.INVALID_SECRET_SCOPE.value,
|
|
412
|
+
field=f"secret_scopes[{i}]",
|
|
413
|
+
message=(
|
|
414
|
+
f"Invalid secret scope at index {i}{context}: "
|
|
415
|
+
"scope must be a non-empty string without "
|
|
416
|
+
"leading/trailing whitespace."
|
|
417
|
+
),
|
|
418
|
+
severity=EnumValidationSeverity.ERROR,
|
|
419
|
+
)
|
|
420
|
+
)
|
|
421
|
+
elif scope != scope.strip():
|
|
422
|
+
errors.append(
|
|
423
|
+
ModelSecurityError(
|
|
424
|
+
code=EnumSecurityRuleId.INVALID_SECRET_SCOPE.value,
|
|
425
|
+
field=f"secret_scopes[{i}]",
|
|
426
|
+
message=(
|
|
427
|
+
f"Invalid secret scope at index {i}{context}: "
|
|
428
|
+
f"scope '{scope}' has leading/trailing whitespace."
|
|
429
|
+
),
|
|
430
|
+
severity=EnumValidationSeverity.ERROR,
|
|
431
|
+
)
|
|
432
|
+
)
|
|
433
|
+
|
|
434
|
+
return errors
|
|
435
|
+
|
|
436
|
+
def validate_domains(
|
|
437
|
+
self,
|
|
438
|
+
allowed_domains: list[str],
|
|
439
|
+
handler_name: str | None = None,
|
|
440
|
+
) -> list[ModelSecurityError]:
|
|
441
|
+
"""Validate domain allowlist patterns.
|
|
442
|
+
|
|
443
|
+
Domain patterns must be valid hostnames, optionally with port
|
|
444
|
+
numbers. Wildcard prefixes (*.example.com) are supported.
|
|
445
|
+
|
|
446
|
+
Valid patterns:
|
|
447
|
+
- api.example.com
|
|
448
|
+
- api.example.com:8080
|
|
449
|
+
- *.example.com
|
|
450
|
+
- localhost
|
|
451
|
+
- localhost:3000
|
|
452
|
+
|
|
453
|
+
Invalid patterns:
|
|
454
|
+
- Empty strings
|
|
455
|
+
- Strings with leading/trailing whitespace
|
|
456
|
+
- Full URLs (use hostname only)
|
|
457
|
+
- Invalid hostname characters
|
|
458
|
+
- Port numbers outside 1-65535 range
|
|
459
|
+
- DNS labels longer than 63 characters
|
|
460
|
+
- Total domain length exceeding 253 characters (RFC 1035)
|
|
461
|
+
|
|
462
|
+
Args:
|
|
463
|
+
allowed_domains: List of domain patterns to validate.
|
|
464
|
+
handler_name: Optional handler name for error context.
|
|
465
|
+
|
|
466
|
+
Returns:
|
|
467
|
+
List of validation errors for invalid domain patterns.
|
|
468
|
+
|
|
469
|
+
Example:
|
|
470
|
+
>>> validator = SecurityMetadataValidator()
|
|
471
|
+
>>> errors = validator.validate_domains(["api.example.com"])
|
|
472
|
+
>>> len(errors)
|
|
473
|
+
0
|
|
474
|
+
>>> errors = validator.validate_domains(["https://api.example.com"])
|
|
475
|
+
>>> len(errors)
|
|
476
|
+
1
|
|
477
|
+
"""
|
|
478
|
+
errors: list[ModelSecurityError] = []
|
|
479
|
+
context = f" in handler '{handler_name}'" if handler_name else ""
|
|
480
|
+
|
|
481
|
+
for i, domain in enumerate(allowed_domains):
|
|
482
|
+
# Skip wildcard "*" - this is valid (means allow all)
|
|
483
|
+
if domain == "*":
|
|
484
|
+
continue
|
|
485
|
+
|
|
486
|
+
# Check for empty or whitespace-only
|
|
487
|
+
if not domain or not domain.strip():
|
|
488
|
+
errors.append(
|
|
489
|
+
ModelSecurityError(
|
|
490
|
+
code=EnumSecurityRuleId.INVALID_DOMAIN_PATTERN.value,
|
|
491
|
+
field=f"allowed_domains[{i}]",
|
|
492
|
+
message=(
|
|
493
|
+
f"Invalid domain pattern at index {i}{context}: "
|
|
494
|
+
"domain must be a non-empty string."
|
|
495
|
+
),
|
|
496
|
+
severity=EnumValidationSeverity.ERROR,
|
|
497
|
+
)
|
|
498
|
+
)
|
|
499
|
+
continue
|
|
500
|
+
|
|
501
|
+
# Check for leading/trailing whitespace
|
|
502
|
+
if domain != domain.strip():
|
|
503
|
+
errors.append(
|
|
504
|
+
ModelSecurityError(
|
|
505
|
+
code=EnumSecurityRuleId.INVALID_DOMAIN_PATTERN.value,
|
|
506
|
+
field=f"allowed_domains[{i}]",
|
|
507
|
+
message=(
|
|
508
|
+
f"Invalid domain pattern at index {i}{context}: "
|
|
509
|
+
f"domain '{domain}' has leading/trailing whitespace."
|
|
510
|
+
),
|
|
511
|
+
severity=EnumValidationSeverity.ERROR,
|
|
512
|
+
)
|
|
513
|
+
)
|
|
514
|
+
continue
|
|
515
|
+
|
|
516
|
+
# Check if it looks like a full URL (has known scheme)
|
|
517
|
+
# Using urlparse().scheme with a known schemes set is more robust
|
|
518
|
+
# than checking for "://" as it handles schemes like "mailto:"
|
|
519
|
+
# that don't use "://". We check against known schemes to avoid
|
|
520
|
+
# false positives with "hostname:port" patterns where urlparse
|
|
521
|
+
# would interpret "hostname" as the scheme.
|
|
522
|
+
parsed = urlparse(domain)
|
|
523
|
+
if parsed.scheme and parsed.scheme.lower() in _KNOWN_URL_SCHEMES:
|
|
524
|
+
errors.append(
|
|
525
|
+
ModelSecurityError(
|
|
526
|
+
code=EnumSecurityRuleId.INVALID_DOMAIN_PATTERN.value,
|
|
527
|
+
field=f"allowed_domains[{i}]",
|
|
528
|
+
message=(
|
|
529
|
+
f"Invalid domain pattern at index {i}{context}: "
|
|
530
|
+
f"'{domain}' appears to be a full URL "
|
|
531
|
+
f"(detected scheme: '{parsed.scheme}'). "
|
|
532
|
+
"Use hostname only (e.g., 'api.example.com')."
|
|
533
|
+
),
|
|
534
|
+
severity=EnumValidationSeverity.ERROR,
|
|
535
|
+
)
|
|
536
|
+
)
|
|
537
|
+
continue
|
|
538
|
+
|
|
539
|
+
# Validate domain pattern format
|
|
540
|
+
if not _DOMAIN_PATTERN.match(domain):
|
|
541
|
+
errors.append(
|
|
542
|
+
ModelSecurityError(
|
|
543
|
+
code=EnumSecurityRuleId.INVALID_DOMAIN_PATTERN.value,
|
|
544
|
+
field=f"allowed_domains[{i}]",
|
|
545
|
+
message=(
|
|
546
|
+
f"Invalid domain pattern at index {i}{context}: "
|
|
547
|
+
f"'{domain}' is not a valid hostname pattern. "
|
|
548
|
+
"Use format: hostname or hostname:port "
|
|
549
|
+
"(e.g., 'api.example.com' or '*.example.com:8080')."
|
|
550
|
+
),
|
|
551
|
+
severity=EnumValidationSeverity.ERROR,
|
|
552
|
+
)
|
|
553
|
+
)
|
|
554
|
+
continue
|
|
555
|
+
|
|
556
|
+
# Extract hostname and port for further validation
|
|
557
|
+
hostname: str = domain
|
|
558
|
+
port_str: str | None = None
|
|
559
|
+
if ":" in domain:
|
|
560
|
+
# Split on last colon to get port
|
|
561
|
+
parts = domain.rsplit(":", 1)
|
|
562
|
+
hostname = parts[0]
|
|
563
|
+
port_str = parts[1]
|
|
564
|
+
|
|
565
|
+
# Validate port range (1-65535)
|
|
566
|
+
if port_str is not None:
|
|
567
|
+
try:
|
|
568
|
+
port = int(port_str)
|
|
569
|
+
if port < _MIN_PORT or port > _MAX_PORT:
|
|
570
|
+
errors.append(
|
|
571
|
+
ModelSecurityError(
|
|
572
|
+
code=EnumSecurityRuleId.INVALID_DOMAIN_PATTERN.value,
|
|
573
|
+
field=f"allowed_domains[{i}]",
|
|
574
|
+
message=(
|
|
575
|
+
f"Invalid domain pattern at index {i}{context}: "
|
|
576
|
+
f"port {port} is out of valid range "
|
|
577
|
+
f"({_MIN_PORT}-{_MAX_PORT})."
|
|
578
|
+
),
|
|
579
|
+
severity=EnumValidationSeverity.ERROR,
|
|
580
|
+
)
|
|
581
|
+
)
|
|
582
|
+
continue
|
|
583
|
+
except ValueError:
|
|
584
|
+
# Port is not a valid integer - already caught by regex
|
|
585
|
+
pass
|
|
586
|
+
|
|
587
|
+
# Validate total domain length (max 253 characters, RFC 1035)
|
|
588
|
+
# Note: We validate the hostname part only, without port
|
|
589
|
+
hostname_for_length = hostname
|
|
590
|
+
if hostname_for_length.startswith("*."):
|
|
591
|
+
# Wildcard prefix doesn't count toward length limit
|
|
592
|
+
# but the rest of the domain does
|
|
593
|
+
hostname_for_length = hostname_for_length[2:]
|
|
594
|
+
|
|
595
|
+
if len(hostname_for_length) > _MAX_DOMAIN_LENGTH:
|
|
596
|
+
errors.append(
|
|
597
|
+
ModelSecurityError(
|
|
598
|
+
code=EnumSecurityRuleId.INVALID_DOMAIN_PATTERN.value,
|
|
599
|
+
field=f"allowed_domains[{i}]",
|
|
600
|
+
message=(
|
|
601
|
+
f"Invalid domain pattern at index {i}{context}: "
|
|
602
|
+
f"total domain length ({len(hostname_for_length)} characters) "
|
|
603
|
+
f"exceeds maximum of {_MAX_DOMAIN_LENGTH} characters (RFC 1035)."
|
|
604
|
+
),
|
|
605
|
+
severity=EnumValidationSeverity.ERROR,
|
|
606
|
+
)
|
|
607
|
+
)
|
|
608
|
+
continue
|
|
609
|
+
|
|
610
|
+
# Validate DNS label lengths (max 63 characters each)
|
|
611
|
+
# Remove wildcard prefix if present for label validation
|
|
612
|
+
hostname_for_labels = hostname
|
|
613
|
+
if hostname_for_labels.startswith("*."):
|
|
614
|
+
hostname_for_labels = hostname_for_labels[2:]
|
|
615
|
+
|
|
616
|
+
labels = hostname_for_labels.split(".")
|
|
617
|
+
for label_index, label in enumerate(labels):
|
|
618
|
+
if len(label) > _MAX_DNS_LABEL_LENGTH:
|
|
619
|
+
# Format label position as ordinal (1st, 2nd, 3rd, etc.)
|
|
620
|
+
position = label_index + 1 # 1-indexed for human readability
|
|
621
|
+
ordinal = self._ordinal(position)
|
|
622
|
+
|
|
623
|
+
# Show truncated label if very long, full label if reasonable
|
|
624
|
+
label_display = (
|
|
625
|
+
f"'{label[:30]}...'" if len(label) > 35 else f"'{label}'"
|
|
626
|
+
)
|
|
627
|
+
|
|
628
|
+
errors.append(
|
|
629
|
+
ModelSecurityError(
|
|
630
|
+
code=EnumSecurityRuleId.INVALID_DOMAIN_PATTERN.value,
|
|
631
|
+
field=f"allowed_domains[{i}]",
|
|
632
|
+
message=(
|
|
633
|
+
f"Invalid domain pattern at index {i}{context}: "
|
|
634
|
+
f"DNS label {label_display} ({len(label)} chars) "
|
|
635
|
+
f"exceeds maximum {_MAX_DNS_LABEL_LENGTH} chars "
|
|
636
|
+
f"at {ordinal} label in domain pattern."
|
|
637
|
+
),
|
|
638
|
+
severity=EnumValidationSeverity.ERROR,
|
|
639
|
+
)
|
|
640
|
+
)
|
|
641
|
+
break # Only report first label error per domain
|
|
642
|
+
|
|
643
|
+
return errors
|
|
644
|
+
|
|
645
|
+
def _has_security_metadata(
|
|
646
|
+
self,
|
|
647
|
+
security_policy: ModelHandlerSecurityPolicy,
|
|
648
|
+
) -> bool:
|
|
649
|
+
"""Check if handler has any security metadata declared.
|
|
650
|
+
|
|
651
|
+
Security metadata includes:
|
|
652
|
+
- secret_scopes (non-empty)
|
|
653
|
+
- allowed_domains (non-empty)
|
|
654
|
+
- data_classification (non-default, i.e., not INTERNAL)
|
|
655
|
+
|
|
656
|
+
Args:
|
|
657
|
+
security_policy: Handler's declared security policy.
|
|
658
|
+
|
|
659
|
+
Returns:
|
|
660
|
+
True if handler has any security metadata, False otherwise.
|
|
661
|
+
"""
|
|
662
|
+
# Has secret scopes?
|
|
663
|
+
if security_policy.secret_scopes:
|
|
664
|
+
return True
|
|
665
|
+
|
|
666
|
+
# Has allowed domains?
|
|
667
|
+
if security_policy.allowed_domains:
|
|
668
|
+
return True
|
|
669
|
+
|
|
670
|
+
# Has non-default data classification?
|
|
671
|
+
if security_policy.data_classification != _DEFAULT_CLASSIFICATION:
|
|
672
|
+
return True
|
|
673
|
+
|
|
674
|
+
return False
|
|
675
|
+
|
|
676
|
+
def _describe_security_metadata(
|
|
677
|
+
self,
|
|
678
|
+
security_policy: ModelHandlerSecurityPolicy,
|
|
679
|
+
) -> str:
|
|
680
|
+
"""Create human-readable description of security metadata.
|
|
681
|
+
|
|
682
|
+
Args:
|
|
683
|
+
security_policy: Handler's declared security policy.
|
|
684
|
+
|
|
685
|
+
Returns:
|
|
686
|
+
String describing what security metadata is present.
|
|
687
|
+
"""
|
|
688
|
+
parts: list[str] = []
|
|
689
|
+
|
|
690
|
+
if security_policy.secret_scopes:
|
|
691
|
+
scopes = ", ".join(sorted(security_policy.secret_scopes))
|
|
692
|
+
parts.append(f"secret_scopes=[{scopes}]")
|
|
693
|
+
|
|
694
|
+
if security_policy.allowed_domains:
|
|
695
|
+
domains = ", ".join(security_policy.allowed_domains)
|
|
696
|
+
parts.append(f"allowed_domains=[{domains}]")
|
|
697
|
+
|
|
698
|
+
if security_policy.data_classification != _DEFAULT_CLASSIFICATION:
|
|
699
|
+
parts.append(
|
|
700
|
+
f"data_classification={security_policy.data_classification.value}"
|
|
701
|
+
)
|
|
702
|
+
|
|
703
|
+
return ", ".join(parts) if parts else "(none)"
|
|
704
|
+
|
|
705
|
+
def _ordinal(self, n: int) -> str:
|
|
706
|
+
"""Convert an integer to its ordinal string representation.
|
|
707
|
+
|
|
708
|
+
Args:
|
|
709
|
+
n: The integer to convert (1-indexed).
|
|
710
|
+
|
|
711
|
+
Returns:
|
|
712
|
+
Ordinal string like "1st", "2nd", "3rd", "4th", etc.
|
|
713
|
+
|
|
714
|
+
Example:
|
|
715
|
+
>>> validator = SecurityMetadataValidator()
|
|
716
|
+
>>> validator._ordinal(1)
|
|
717
|
+
'1st'
|
|
718
|
+
>>> validator._ordinal(2)
|
|
719
|
+
'2nd'
|
|
720
|
+
>>> validator._ordinal(3)
|
|
721
|
+
'3rd'
|
|
722
|
+
>>> validator._ordinal(11)
|
|
723
|
+
'11th'
|
|
724
|
+
>>> validator._ordinal(21)
|
|
725
|
+
'21st'
|
|
726
|
+
"""
|
|
727
|
+
# Special cases for 11th, 12th, 13th
|
|
728
|
+
if 11 <= (n % 100) <= 13:
|
|
729
|
+
suffix = "th"
|
|
730
|
+
else:
|
|
731
|
+
suffix = {1: "st", 2: "nd", 3: "rd"}.get(n % 10, "th")
|
|
732
|
+
return f"{n}{suffix}"
|
|
733
|
+
|
|
734
|
+
|
|
735
|
+
def validate_handler_security(
|
|
736
|
+
handler_name: str,
|
|
737
|
+
handler_type: EnumHandlerTypeCategory,
|
|
738
|
+
security_policy: ModelHandlerSecurityPolicy,
|
|
739
|
+
) -> ModelSecurityValidationResult:
|
|
740
|
+
"""Validate handler security metadata.
|
|
741
|
+
|
|
742
|
+
Convenience function for one-shot validation without creating a
|
|
743
|
+
validator instance.
|
|
744
|
+
|
|
745
|
+
Args:
|
|
746
|
+
handler_name: Name of the handler being validated.
|
|
747
|
+
handler_type: Behavioral classification of the handler.
|
|
748
|
+
security_policy: Handler's declared security policy.
|
|
749
|
+
|
|
750
|
+
Returns:
|
|
751
|
+
ModelSecurityValidationResult with validation outcome.
|
|
752
|
+
|
|
753
|
+
Example:
|
|
754
|
+
>>> from omnibase_infra.enums import EnumHandlerTypeCategory
|
|
755
|
+
>>> from omnibase_infra.models.security import ModelHandlerSecurityPolicy
|
|
756
|
+
>>> from omnibase_infra.runtime import validate_handler_security
|
|
757
|
+
>>>
|
|
758
|
+
>>> policy = ModelHandlerSecurityPolicy()
|
|
759
|
+
>>> result = validate_handler_security(
|
|
760
|
+
... handler_name="my_compute",
|
|
761
|
+
... handler_type=EnumHandlerTypeCategory.COMPUTE,
|
|
762
|
+
... security_policy=policy,
|
|
763
|
+
... )
|
|
764
|
+
>>> result.valid
|
|
765
|
+
True
|
|
766
|
+
|
|
767
|
+
.. versionadded:: 0.6.4
|
|
768
|
+
"""
|
|
769
|
+
validator = SecurityMetadataValidator()
|
|
770
|
+
return validator.validate(handler_name, handler_type, security_policy)
|
|
771
|
+
|
|
772
|
+
|
|
773
|
+
__all__ = [
|
|
774
|
+
"SecurityMetadataValidator",
|
|
775
|
+
"validate_handler_security",
|
|
776
|
+
]
|