ospac 0.1.0__py3-none-any.whl

ospac/pipeline/spdx_processor.py

@@ -0,0 +1,283 @@
+"""
+SPDX license dataset processor.
+Downloads and processes the official SPDX license list.
+"""
+
+import json
+import logging
+from pathlib import Path
+from typing import Dict, List, Any, Optional
+import requests
+import yaml
+from datetime import datetime
+
+logger = logging.getLogger(__name__)
+
+
+class SPDXProcessor:
+    """Process SPDX license data."""
+
+    SPDX_LICENSE_URL = "https://raw.githubusercontent.com/spdx/license-list-data/main/json/licenses.json"
+    SPDX_EXCEPTIONS_URL = "https://raw.githubusercontent.com/spdx/license-list-data/main/json/exceptions.json"
+
+    def __init__(self, cache_dir: Optional[Path] = None):
+        """Initialize SPDX processor."""
+        self.cache_dir = cache_dir or Path.home() / ".cache" / "ospac" / "spdx"
+        self.cache_dir.mkdir(parents=True, exist_ok=True)
+        self.licenses = {}
+        self.exceptions = {}
+
+    def download_spdx_data(self, force: bool = False) -> Dict[str, Any]:
+        """
+        Download SPDX license data.
+
+        Args:
+            force: Force re-download even if cached
+
+        Returns:
+            Dictionary with licenses and exceptions
+        """
+        licenses_cache = self.cache_dir / "licenses.json"
+        exceptions_cache = self.cache_dir / "exceptions.json"
+
+        # Check cache
+        if not force and licenses_cache.exists() and exceptions_cache.exists():
+            logger.info("Loading SPDX data from cache")
+            with open(licenses_cache) as f:
+                licenses = json.load(f)
+            with open(exceptions_cache) as f:
+                exceptions = json.load(f)
+        else:
+            logger.info("Downloading SPDX license data")
+
+            # Download licenses
+            response = requests.get(self.SPDX_LICENSE_URL)
+            response.raise_for_status()
+            licenses = response.json()
+
+            # Download exceptions
+            response = requests.get(self.SPDX_EXCEPTIONS_URL)
+            response.raise_for_status()
+            exceptions = response.json()
+
+            # Cache the data
+            with open(licenses_cache, "w") as f:
+                json.dump(licenses, f, indent=2)
+            with open(exceptions_cache, "w") as f:
+                json.dump(exceptions, f, indent=2)
+
+            logger.info(f"Cached SPDX data to {self.cache_dir}")
+
+        self.licenses = licenses.get("licenses", [])
+        self.exceptions = exceptions.get("exceptions", [])
+
+        logger.info(f"Loaded {len(self.licenses)} licenses and {len(self.exceptions)} exceptions")
+
+        return {
+            "licenses": self.licenses,
+            "exceptions": self.exceptions,
+            "version": licenses.get("licenseListVersion"),
+            "release_date": licenses.get("releaseDate")
+        }
+
+    def get_license_text(self, license_id: str) -> Optional[str]:
+        """
+        Get the full text of a license.
+
+        Args:
+            license_id: SPDX license identifier
+
+        Returns:
+            License text or None if not found
+        """
+        text_cache = self.cache_dir / "texts" / f"{license_id}.txt"
+
+        if text_cache.exists():
+            return text_cache.read_text()
+
+        # Find license details URL
+        for license_data in self.licenses:
+            if license_data.get("licenseId") == license_id:
+                details_url = license_data.get("detailsUrl")
+                if details_url:
+                    try:
+                        response = requests.get(details_url)
+                        response.raise_for_status()
+                        details = response.json()
+
+                        license_text = details.get("licenseText", "")
+
+                        # Cache the text
+                        text_cache.parent.mkdir(parents=True, exist_ok=True)
+                        text_cache.write_text(license_text)
+
+                        return license_text
+                    except Exception as e:
+                        logger.error(f"Failed to fetch license text for {license_id}: {e}")
+
+        return None
+
+    def extract_basic_info(self, license_data: Dict[str, Any]) -> Dict[str, Any]:
+        """
+        Extract basic information from SPDX license data.
+
+        Args:
+            license_data: SPDX license data
+
+        Returns:
+            Extracted information
+        """
+        return {
+            "id": license_data.get("licenseId"),
+            "name": license_data.get("name"),
+            "reference": license_data.get("reference"),
+            "is_deprecated": license_data.get("isDeprecatedLicenseId", False),
+            "is_osi_approved": license_data.get("isOsiApproved", False),
+            "is_fsf_libre": license_data.get("isFsfLibre", False),
+            "see_also": license_data.get("seeAlso", []),
+        }
+
+    def categorize_license(self, license_id: str, license_text: Optional[str] = None) -> str:
+        """
+        Categorize a license based on its characteristics.
+
+        Args:
+            license_id: SPDX license identifier
+            license_text: Optional license text
+
+        Returns:
+            License category
+        """
+        # Basic categorization based on known licenses
+        categorization = {
+            # Permissive
+            "MIT": "permissive",
+            "Apache-2.0": "permissive",
+            "BSD-2-Clause": "permissive",
+            "BSD-3-Clause": "permissive",
+            "ISC": "permissive",
+            "0BSD": "permissive",
+            "Unlicense": "public_domain",
+            "CC0-1.0": "public_domain",
+
+            # Weak copyleft
+            "LGPL-2.1": "copyleft_weak",
+            "LGPL-3.0": "copyleft_weak",
+            "MPL-2.0": "copyleft_weak",
+            "EPL-2.0": "copyleft_weak",
+            "CDDL-1.0": "copyleft_weak",
+
+            # Strong copyleft
+            "GPL-2.0": "copyleft_strong",
+            "GPL-3.0": "copyleft_strong",
+            "AGPL-3.0": "copyleft_strong",
+
+            # Proprietary/Commercial
+            "Proprietary": "proprietary",
+            "Commercial": "proprietary",
+        }
+
+        # Check exact match
+        if license_id in categorization:
+            return categorization[license_id]
+
+        # Check patterns
+        if license_id.startswith("MIT"):
+            return "permissive"
+        elif license_id.startswith("BSD"):
+            return "permissive"
+        elif license_id.startswith("Apache"):
+            return "permissive"
+        elif license_id.startswith("GPL"):
+            return "copyleft_strong"
+        elif license_id.startswith("LGPL"):
+            return "copyleft_weak"
+        elif license_id.startswith("AGPL"):
+            return "copyleft_strong"
+        elif license_id.startswith("MPL"):
+            return "copyleft_weak"
+        elif license_id.startswith("EPL"):
+            return "copyleft_weak"
+        elif "CC0" in license_id or "Unlicense" in license_id:
+            return "public_domain"
+
+        # Default to permissive for unknown
+        return "permissive"
+
+    def process_all_licenses(self) -> List[Dict[str, Any]]:
+        """
+        Process all SPDX licenses.
+
+        Returns:
+            List of processed license data
+        """
+        processed = []
+
+        for license_data in self.licenses:
+            license_id = license_data.get("licenseId")
+            if not license_id:
+                continue
+
+            logger.info(f"Processing {license_id}")
+
+            # Extract basic info
+            info = self.extract_basic_info(license_data)
+
+            # Get license text
+            license_text = self.get_license_text(license_id)
+
+            # Categorize
+            info["category"] = self.categorize_license(license_id, license_text)
+
+            # Add text if available
+            if license_text:
+                info["has_full_text"] = True
+                info["text_length"] = len(license_text)
+            else:
+                info["has_full_text"] = False
+
+            processed.append(info)
+
+        return processed
+
+    def save_processed_data(self, data: List[Dict[str, Any]], output_dir: Path) -> None:
+        """
+        Save processed license data to files.
+
+        Args:
+            data: Processed license data
+            output_dir: Output directory
+        """
+        output_dir.mkdir(parents=True, exist_ok=True)
+
+        # Save as JSON
+        json_file = output_dir / "spdx_processed.json"
+        with open(json_file, "w") as f:
+            json.dump({
+                "licenses": data,
+                "total": len(data),
+                "generated": datetime.now().isoformat(),
+                "version": self.licenses[0].get("licenseListVersion") if self.licenses else None
+            }, f, indent=2)
+
+        logger.info(f"Saved processed data to {json_file}")
+
+        # Generate summary statistics
+        stats = {
+            "total_licenses": len(data),
+            "categories": {},
+            "osi_approved": sum(1 for l in data if l.get("is_osi_approved")),
+            "fsf_libre": sum(1 for l in data if l.get("is_fsf_libre")),
+            "deprecated": sum(1 for l in data if l.get("is_deprecated")),
+            "with_full_text": sum(1 for l in data if l.get("has_full_text"))
+        }
+
+        for license_info in data:
+            category = license_info.get("category", "unknown")
+            stats["categories"][category] = stats["categories"].get(category, 0) + 1
+
+        stats_file = output_dir / "spdx_stats.yaml"
+        with open(stats_file, "w") as f:
+            yaml.dump(stats, f, default_flow_style=False)
+
+        logger.info(f"Saved statistics to {stats_file}")

ospac/runtime/__init__.py

@@ -0,0 +1,11 @@
+"""Policy runtime engine."""
+
+from ospac.runtime.engine import PolicyRuntime
+from ospac.runtime.evaluator import RuleEvaluator
+from ospac.runtime.loader import PolicyLoader
+
+__all__ = [
+    "PolicyRuntime",
+    "RuleEvaluator",
+    "PolicyLoader",
+]

ospac/runtime/engine.py

@@ -0,0 +1,127 @@
+"""
+Policy execution runtime engine.
+"""
+
+from typing import Dict, List, Any, Optional
+from pathlib import Path
+
+from ospac.runtime.loader import PolicyLoader
+from ospac.runtime.evaluator import RuleEvaluator
+from ospac.models.compliance import ComplianceResult, PolicyResult, ActionType
+
+
+class PolicyRuntime:
+    """
+    Main policy execution runtime.
+    All logic is driven by policy files, not hardcoded.
+    """
+
+    def __init__(self, policy_path: Optional[str] = None):
+        """Initialize the policy runtime with policy definitions."""
+        self.policies = {}
+        self.evaluator = None
+
+        if policy_path:
+            self.load_policies(policy_path)
+
+    def load_policies(self, policy_path: str) -> None:
+        """Load all policy definitions from the specified path."""
+        loader = PolicyLoader()
+        self.policies = loader.load_all(policy_path)
+        self.evaluator = RuleEvaluator(self.policies)
+
+    @classmethod
+    def from_path(cls, policy_path: str) -> "PolicyRuntime":
+        """Create a PolicyRuntime instance from a policy directory."""
+        return cls(policy_path)
+
+    def evaluate(self, context: Dict[str, Any]) -> PolicyResult:
+        """
+        Evaluate context against all loaded policies.
+        No business logic here - just policy execution.
+        """
+        if not self.evaluator:
+            raise RuntimeError("No policies loaded. Call load_policies() first.")
+
+        applicable_rules = self._find_applicable_rules(context)
+        results = []
+
+        for rule in applicable_rules:
+            result = self.evaluator.evaluate_rule(rule, context)
+            # Convert dict result to PolicyResult
+            policy_result = PolicyResult(
+                rule_id=result.get("rule_id", "unknown"),
+                action=ActionType[result.get("action", "allow").upper()],
+                severity=result.get("severity", "info"),
+                message=result.get("message"),
+                requirements=result.get("requirements", []),
+                remediation=result.get("remediation")
+            )
+            results.append(policy_result)
+
+        return PolicyResult.aggregate(results)
+
+    def _find_applicable_rules(self, context: Dict[str, Any]) -> List[Dict]:
+        """Find all rules that apply to the given context."""
+        applicable = []
+
+        for policy_name, policy in self.policies.items():
+            if "rules" in policy:
+                for rule in policy["rules"]:
+                    if self._rule_applies(rule, context):
+                        applicable.append(rule)
+
+        return applicable
+
+    def _rule_applies(self, rule: Dict, context: Dict) -> bool:
+        """Check if a rule applies to the given context."""
+        if "when" not in rule:
+            return True
+
+        conditions = rule["when"]
+        if not isinstance(conditions, list):
+            conditions = [conditions]
+
+        for condition in conditions:
+            if not self._check_condition(condition, context):
+                return False
+
+        return True
+
+    def _check_condition(self, condition: Dict, context: Dict) -> bool:
+        """Check if a single condition is met."""
+        for key, value in condition.items():
+            if key not in context:
+                return False
+
+            if isinstance(value, list):
+                if context[key] not in value:
+                    return False
+            elif context[key] != value:
+                return False
+
+        return True
+
+    def check_compatibility(self, license1: str, license2: str,
+                           context: str = "general") -> ComplianceResult:
+        """Check if two licenses are compatible."""
+        eval_context = {
+            "license1": license1,
+            "license2": license2,
+            "compatibility_context": context
+        }
+
+        result = self.evaluate(eval_context)
+        return ComplianceResult.from_policy_result(result)
+
+    def get_obligations(self, licenses: List[str]) -> Dict[str, Any]:
+        """Get all obligations for the given licenses."""
+        obligations = {}
+
+        for license_id in licenses:
+            if "obligations" in self.policies:
+                license_obligations = self.policies["obligations"].get(license_id, {})
+                if license_obligations:
+                    obligations[license_id] = license_obligations
+
+        return obligations

ospac/runtime/evaluator.py

@@ -0,0 +1,72 @@
+"""
+Rule evaluation engine.
+"""
+
+from typing import Dict, Any, List, Optional
+
+
+class RuleEvaluator:
+    """Evaluate rules against context."""
+
+    def __init__(self, policies: Dict[str, Any]):
+        """Initialize with loaded policies."""
+        self.policies = policies
+
+    def evaluate_rule(self, rule: Dict[str, Any], context: Dict[str, Any]) -> Dict[str, Any]:
+        """Evaluate a single rule against the context."""
+        result = {
+            "rule_id": rule.get("id", "unknown"),
+            "description": rule.get("description", ""),
+            "matched": True,
+            "action": None,
+            "severity": None,
+            "message": None,
+        }
+
+        # Execute the "then" clause
+        if "then" in rule:
+            then_clause = rule["then"]
+            result["action"] = then_clause.get("action", "allow")
+            result["severity"] = then_clause.get("severity", "info")
+
+            # Format message with context
+            if "message" in then_clause:
+                message = then_clause["message"]
+                try:
+                    result["message"] = message.format(**context)
+                except KeyError:
+                    result["message"] = message
+
+            # Add requirements if any
+            if "requirements" in then_clause:
+                result["requirements"] = then_clause["requirements"]
+
+            # Add remediation if specified
+            if "remediation" in then_clause:
+                result["remediation"] = then_clause["remediation"]
+
+        return result
+
+    def evaluate_decision_tree(self, tree: List[Dict], context: Dict[str, Any]) -> Optional[Dict]:
+        """Evaluate a decision tree against context."""
+        for node in tree:
+            if self._matches_condition(node.get("if", {}), context):
+                return node.get("then", {})
+
+        return None
+
+    def _matches_condition(self, condition: Dict, context: Dict) -> bool:
+        """Check if a condition matches the context."""
+        for key, expected_value in condition.items():
+            actual_value = context.get(key)
+
+            if actual_value is None:
+                return False
+
+            if isinstance(expected_value, list):
+                if actual_value not in expected_value:
+                    return False
+            elif actual_value != expected_value:
+                return False
+
+        return True

ospac/runtime/loader.py

@@ -0,0 +1,54 @@
+"""
+Policy file loader.
+"""
+
+import yaml
+import json
+from pathlib import Path
+from typing import Dict, Any, List
+
+
+class PolicyLoader:
+    """Load and parse policy definitions from files."""
+
+    SUPPORTED_EXTENSIONS = {".yaml", ".yml", ".json"}
+
+    def load_all(self, policy_path: str) -> Dict[str, Any]:
+        """Load all policy files from the specified directory."""
+        path = Path(policy_path)
+        if not path.exists():
+            raise FileNotFoundError(f"Policy path not found: {policy_path}")
+
+        policies = {}
+
+        if path.is_file():
+            name = path.stem
+            policies[name] = self.load_file(str(path))
+        else:
+            for file_path in path.rglob("*"):
+                if file_path.suffix in self.SUPPORTED_EXTENSIONS:
+                    relative_name = file_path.relative_to(path).with_suffix("")
+                    policies[str(relative_name)] = self.load_file(str(file_path))
+
+        return policies
+
+    def load_file(self, file_path: str) -> Dict[str, Any]:
+        """Load a single policy file."""
+        path = Path(file_path)
+
+        if not path.exists():
+            raise FileNotFoundError(f"Policy file not found: {file_path}")
+
+        with open(path, "r", encoding="utf-8") as f:
+            if path.suffix == ".json":
+                return json.load(f)
+            elif path.suffix in {".yaml", ".yml"}:
+                return yaml.safe_load(f)
+            else:
+                raise ValueError(f"Unsupported file format: {path.suffix}")
+
+    def validate_policy(self, policy: Dict[str, Any]) -> bool:
+        """Validate a policy against the schema."""
+        # TODO: Implement schema validation using jsonschema
+        required_fields = {"version", "rules"}
+        return all(field in policy for field in required_fields)

ospac/utils/__init__.py

@@ -0,0 +1,3 @@
+"""
+OSPAC utility functions.
+"""