ostruct-cli 0.6.1__py3-none-any.whl → 0.7.0__py3-none-any.whl

ostruct/cli/model_creation.py

@@ -40,6 +40,7 @@ from .errors import (
     NestedModelError,
     SchemaValidationError,
 )
+from .exit_codes import ExitCode
 
 logger = logging.getLogger(__name__)
 
@@ -297,90 +298,26 @@ def create_dynamic_model(
     show_schema: bool = False,
     debug_validation: bool = False,
 ) -> Type[BaseModel]:
-    """Create a Pydantic model from a JSON schema.
+    """Create a Pydantic model from a JSON Schema.
 
     Args:
-        schema: JSON schema to create model from
-        base_name: Name for the model class
-        show_schema: Whether to show the generated model schema
-        debug_validation: Whether to show detailed validation errors
+        schema: JSON Schema to create model from
+        base_name: Base name for the model class
+        show_schema: Whether to show the generated schema
+        debug_validation: Whether to show debug validation info
 
     Returns:
-        Type[BaseModel]: The generated Pydantic model class
+        Generated Pydantic model class
 
     Raises:
-        ModelValidationError: If the schema is invalid
-        SchemaValidationError: If the schema violates OpenAI requirements
+        SchemaValidationError: If schema validation fails
+        ModelCreationError: If model creation fails
     """
-    if debug_validation:
-        logger.info("Creating dynamic model from schema:")
-        logger.info(json.dumps(schema, indent=2))
-
     try:
-        # Handle our wrapper format if present
-        if "schema" in schema:
-            if debug_validation:
-                logger.info("Found schema wrapper, extracting inner schema")
-                logger.info(
-                    "Original schema: %s", json.dumps(schema, indent=2)
-                )
-            inner_schema = schema["schema"]
-            if not isinstance(inner_schema, dict):
-                if debug_validation:
-                    logger.info(
-                        "Inner schema must be a dictionary, got %s",
-                        type(inner_schema),
-                    )
-                raise SchemaValidationError(
-                    "Inner schema must be a dictionary"
-                )
-            if debug_validation:
-                logger.info("Using inner schema:")
-                logger.info(json.dumps(inner_schema, indent=2))
-            schema = inner_schema
-
-        # Validate against OpenAI requirements
-        from .schema_validation import validate_openai_schema
-
-        validate_openai_schema(schema)
-
-        # Create model configuration
-        config = ConfigDict(
-            title=schema.get("title", base_name),
-            extra="forbid",  # OpenAI requires additionalProperties: false
-            validate_default=True,
-            use_enum_values=True,
-            arbitrary_types_allowed=True,
-            json_schema_extra={
-                k: v
-                for k, v in schema.items()
-                if k
-                not in {
-                    "type",
-                    "properties",
-                    "required",
-                    "title",
-                    "description",
-                    "additionalProperties",
-                    "readOnly",
-                }
-            },
-        )
+        # Validate schema structure before model creation
+        from .template_utils import validate_json_schema
 
-        if debug_validation:
-            logger.info("Created model configuration:")
-            logger.info("  Title: %s", config.get("title"))
-            logger.info("  Extra: %s", config.get("extra"))
-            logger.info(
-                "  Validate Default: %s", config.get("validate_default")
-            )
-            logger.info("  Use Enum Values: %s", config.get("use_enum_values"))
-            logger.info(
-                "  Arbitrary Types: %s", config.get("arbitrary_types_allowed")
-            )
-            logger.info(
-                "  JSON Schema Extra: %s", config.get("json_schema_extra")
-            )
+        validate_json_schema(schema)
 
         # Process schema properties into fields
         properties = schema.get("properties", {})
@@ -438,23 +375,25 @@ def create_dynamic_model(
             )
             for name, (field_type, field) in field_definitions.items()
         }
-        model: Type[BaseModel] = create_model(
-            base_name, __config__=config, **field_defs
-        )
 
-        # Set the model config after creation
-        model.model_config = config
+        # Create model class
+        model = create_model(base_name, __base__=BaseModel, **field_defs)
 
-        if debug_validation:
-            logger.info("Successfully created model: %s", model.__name__)
-            logger.info("Model config: %s", dict(model.model_config))
+        # Set model config
+        model.model_config = ConfigDict(
+            title=schema.get("title", base_name),
+            extra="forbid",
+        )
+
+        if show_schema:
             logger.info(
-                "Model schema: %s",
+                "Generated schema for %s:\n%s",
+                base_name,
                 json.dumps(model.model_json_schema(), indent=2),
             )
 
-        # Validate the model's JSON schema
         try:
+            # Validate model schema
             model.model_json_schema()
         except ValidationError as e:
             validation_errors = (
@@ -467,18 +406,52 @@ def create_dynamic_model(
                 logger.error("  Error type: %s", type(e).__name__)
                 logger.error("  Error message: %s", str(e))
             raise ModelValidationError(base_name, validation_errors)
+        except KeyError as e:
+            # Handle Pydantic schema generation errors, particularly for recursive references
+            error_msg = str(e).strip(
+                "'\""
+            )  # Strip quotes from KeyError message
+            if error_msg.startswith("#/definitions/"):
+                context = {
+                    "schema_path": schema.get("$id", "unknown"),
+                    "reference": error_msg,
+                    "found": "circular reference or missing definition",
+                    "tips": [
+                        "Add explicit $ref definitions for recursive structures",
+                        "Use Pydantic's deferred annotations with typing.Self",
+                        "Limit recursion depth with max_depth validator",
+                        "Flatten nested structures using reference IDs",
+                    ],
+                }
 
-        return model
+                error_msg = (
+                    f"Invalid schema reference: {error_msg}\n"
+                    "Detected circular reference or missing definition.\n"
+                    "Solutions:\n"
+                    "1. Add missing $ref definitions to your schema\n"
+                    "2. Use explicit ID references instead of nested objects\n"
+                    "3. Implement depth limits for recursive structures"
+                )
 
-    except SchemaValidationError as e:
-        # Always log basic error info
-        logger.error("Schema validation error: %s", str(e))
+                if debug_validation:
+                    logger.error("Schema reference error:")
+                    logger.error("  Error type: %s", type(e).__name__)
+                    logger.error("  Error message: %s", error_msg)
 
-        # Log additional debug info if requested
-        if debug_validation:
-            logger.error("  Error type: %s", type(e).__name__)
-            logger.error("  Error details: %s", str(e))
-        # Always raise schema validation errors directly
+                raise SchemaValidationError(
+                    error_msg, context=context, exit_code=ExitCode.SCHEMA_ERROR
+                ) from e
+
+            # For other KeyErrors, preserve the original error
+            raise ModelCreationError(
+                f"Failed to create model {base_name}",
+                context={"error": str(e)},
+            ) from e
+
+        return model
+
+    except SchemaValidationError:
+        # Re-raise schema validation errors without wrapping
         raise
 
     except Exception as e:

ostruct/cli/registry_updates.py

@@ -0,0 +1,162 @@
+"""Registry update checks for ostruct CLI.
+
+This module provides functionality to check for updates to the model registry
+and notify users when updates are available.
+"""
+
+import json
+import logging
+import os
+import time
+from pathlib import Path
+from typing import Optional, Tuple
+
+from openai_structured.model_registry import (
+    ModelRegistry,
+    RegistryUpdateStatus,
+)
+
+logger = logging.getLogger(__name__)
+
+# Constants
+UPDATE_CHECK_ENV_VAR = "OSTRUCT_DISABLE_UPDATE_CHECKS"
+UPDATE_CHECK_INTERVAL_SECONDS = (
+    86400  # Check for updates once per day (24 hours)
+)
+LAST_CHECK_CACHE_FILE = ".ostruct_registry_check"
+
+
+def _get_cache_dir() -> Path:
+    """Get the cache directory for ostruct.
+
+    Returns:
+        Path: Path to the cache directory
+    """
+    # Use XDG_CACHE_HOME if available, otherwise use ~/.cache
+    xdg_cache_home = os.environ.get("XDG_CACHE_HOME")
+    if xdg_cache_home:
+        base_dir = Path(xdg_cache_home)
+    else:
+        base_dir = Path.home() / ".cache"
+
+    cache_dir = base_dir / "ostruct"
+    cache_dir.mkdir(parents=True, exist_ok=True)
+    return cache_dir
+
+
+def _get_last_check_time() -> Optional[float]:
+    """Get the timestamp of the last update check.
+
+    Returns:
+        Optional[float]: Timestamp of the last check, or None if never checked
+    """
+    cache_file = _get_cache_dir() / LAST_CHECK_CACHE_FILE
+
+    if not cache_file.exists():
+        return None
+
+    try:
+        with open(cache_file, "r") as f:
+            data = json.load(f)
+            last_check_time = data.get("last_check_time")
+            return (
+                float(last_check_time) if last_check_time is not None else None
+            )
+    except (json.JSONDecodeError, IOError, OSError):
+        return None
+
+
+def _save_last_check_time() -> None:
+    """Save the current time as the last update check time."""
+    cache_file = _get_cache_dir() / LAST_CHECK_CACHE_FILE
+
+    try:
+        data = {"last_check_time": time.time()}
+        with open(cache_file, "w") as f:
+            json.dump(data, f)
+    except (IOError, OSError) as e:
+        logger.debug(f"Failed to save last check time: {e}")
+
+
+def should_check_for_updates() -> bool:
+    """Determine if we should check for registry updates.
+
+    Returns:
+        bool: True if update checks are enabled, False otherwise
+    """
+    # Allow users to disable update checks via environment variable
+    if os.environ.get(UPDATE_CHECK_ENV_VAR, "").lower() in (
+        "1",
+        "true",
+        "yes",
+    ):
+        logger.debug(
+            "Registry update checks disabled via environment variable"
+        )
+        return False
+
+    # Check if we've checked recently
+    last_check_time = _get_last_check_time()
+    if last_check_time is not None:
+        time_since_last_check = time.time() - last_check_time
+        if time_since_last_check < UPDATE_CHECK_INTERVAL_SECONDS:
+            logger.debug(
+                f"Skipping update check, last check was {time_since_last_check:.1f} seconds ago"
+            )
+            return False
+
+    return True
+
+
+def check_for_registry_updates() -> Tuple[bool, Optional[str]]:
+    """Check if there are updates available for the model registry.
+
+    This function is designed to be non-intrusive and fail gracefully.
+
+    Returns:
+        Tuple[bool, Optional[str]]: (update_available, message)
+            - update_available: True if an update is available
+            - message: A message to display to the user, or None if no update is available
+    """
+    if not should_check_for_updates():
+        return False, None
+
+    try:
+        registry = ModelRegistry()
+        result = registry.check_for_updates()
+
+        # Save the check time regardless of the result
+        _save_last_check_time()
+
+        if result.status == RegistryUpdateStatus.UPDATE_AVAILABLE:
+            return True, (
+                "A new model registry is available. "
+                "This may include support for new models or features. "
+                "The registry will be automatically updated when needed."
+            )
+
+        return False, None
+    except Exception as e:
+        # Ensure any errors don't affect normal operation
+        logger.debug(f"Error checking for registry updates: {e}")
+        return False, None
+
+
+def get_update_notification() -> Optional[str]:
+    """Get a notification message if registry updates are available.
+
+    This function is designed to be called from the CLI to provide
+    a non-intrusive notification to users.
+
+    Returns:
+        Optional[str]: A notification message, or None if no notification is needed
+    """
+    try:
+        update_available, message = check_for_registry_updates()
+        if update_available and message:
+            return message
+        return None
+    except Exception as e:
+        # Ensure any errors don't affect normal operation
+        logger.debug(f"Error getting update notification: {e}")
+        return None

ostruct/cli/security/errors.py

@@ -63,7 +63,7 @@ class PathSecurityError(SecurityErrorBase):
     @property
     def details(self) -> str:
         """Get the detailed explanation of the error."""
-        return self.details
+        return str(self.context.get("details", ""))
 
     @classmethod
     def from_expanded_paths(

ostruct/cli/security/normalization.py

@@ -61,7 +61,7 @@ from .errors import PathSecurityError, SecurityErrorReasons
 # Patterns for path normalization and validation
 _UNICODE_SAFETY_PATTERN = re.compile(
     r"[\u0000-\u001F\u007F-\u009F\u2028-\u2029\u0085]"  # Control chars and line separators
-    r"|\.{2,}"  # Directory traversal attempts
+    r"|(?:^|/)\.\.(?:/|$)"  # Directory traversal attempts (only ".." as a path component)
     r"|[\u2024\u2025\uFE52\u2024\u2025\u2026\uFE19\uFE30\uFE52\uFF0E\uFF61]"  # Alternative dots and separators
 )
 _BACKSLASH_PATTERN = re.compile(r"\\")

ostruct/cli/security/security_manager.py

@@ -39,10 +39,16 @@ class SecurityManager:
 
     The security model is based on:
     1. A base directory that serves as the root for all file operations
+       (typically set to the current working directory by higher-level functions)
     2. A set of explicitly allowed directories that can be accessed outside the base directory
     3. Special handling for temporary directories that are always allowed
     4. Case-sensitive or case-insensitive path handling based on platform
 
+    Note:
+        While the SecurityManager class itself requires base_dir to be explicitly provided,
+        higher-level functions in the CLI layer (like validate_security_manager and file_utils)
+        will automatically use the current working directory as the base_dir if none is specified.
+
     Example:
         >>> sm = SecurityManager("/base/dir")
         >>> sm.add_allowed_directory("/tmp")
@@ -62,7 +68,9 @@ class SecurityManager:
         """Initialize the SecurityManager.
 
         Args:
-            base_dir: The root directory for file operations.
+            base_dir: The root directory for file operations. While this parameter is required here,
+                     note that higher-level functions in the CLI layer will automatically use the
+                     current working directory if no base_dir is specified.
             allowed_dirs: Additional directories allowed for access.
             allow_temp_paths: Whether to allow temporary directory paths.
             max_symlink_depth: Maximum depth for symlink resolution.
@@ -234,20 +242,53 @@ class SecurityManager:
                     context={"reason": SecurityErrorReasons.SYMLINK_ERROR},
                 ) from e
 
-        # For non-symlinks, just check if the normalized path is allowed
+        # Check for directory traversal attempts
+        if ".." in str(norm_path):
+            logger.error("Directory traversal attempt detected: %s", path)
+            raise PathSecurityError(
+                "Directory traversal attempt blocked",
+                path=str(path),
+                context={
+                    "reason": SecurityErrorReasons.PATH_TRAVERSAL,
+                    "base_dir": str(self._base_dir),
+                    "allowed_dirs": [str(d) for d in self._allowed_dirs],
+                },
+            )
+
+        # Check for suspicious Unicode characters
+        if any(
+            c in str(norm_path)
+            for c in [
+                "\u2024",
+                "\u2025",
+                "\u2026",
+                "\u0085",
+                "\u2028",
+                "\u2029",
+            ]
+        ):
+            logger.error("Suspicious Unicode characters detected: %s", path)
+            raise PathSecurityError(
+                "Suspicious characters detected in path",
+                path=str(path),
+                context={
+                    "reason": SecurityErrorReasons.UNSAFE_UNICODE,
+                    "base_dir": str(self._base_dir),
+                    "allowed_dirs": [str(d) for d in self._allowed_dirs],
+                },
+            )
+
+        # For non-symlinks, check if the normalized path is allowed
         logger.debug("Checking if path is allowed: %s", norm_path)
         if not self.is_path_allowed(norm_path):
             logger.error(
-                "Security violation: Path %s is outside allowed directories (base_dir=%s, allowed_dirs=%s)",
+                "Path outside allowed directories: %s (base_dir=%s, allowed_dirs=%s)",
                 path,
                 self._base_dir,
                 self._allowed_dirs,
             )
             raise PathSecurityError(
-                (
-                    f"Access denied: {os.path.basename(str(path))} is outside "
-                    "base directory and not in allowed directories"
-                ),
+                "Path outside allowed directories",
                 path=str(path),
                 context={
                     "reason": SecurityErrorReasons.PATH_OUTSIDE_ALLOWED,

ostruct/cli/template_extensions.py

@@ -16,6 +16,26 @@ class CommentExtension(Extension):
     1. Contents of comment blocks are completely ignored during parsing
     2. Variables inside comments are not validated or processed
     3. Comments are stripped from the output
+    4. Nested comments are not allowed (will raise a syntax error)
+
+    Example:
+        Valid usage:
+        ```jinja
+        {% comment %}
+            This is a comment
+            {{ some_var }}  # This variable will be ignored
+        {% endcomment %}
+        ```
+
+        Invalid usage (will raise error):
+        ```jinja
+        {% comment %}
+            Outer comment
+            {% comment %}  # Error: Nested comments are not allowed
+                Inner comment
+            {% endcomment %}
+        {% endcomment %}
+        ```
     """
 
     tags = {"comment"}
@@ -23,6 +43,9 @@ class CommentExtension(Extension):
     def parse(self, parser: Parser) -> nodes.Node:
         """Parse a comment block, ignoring its contents.
 
+        Nested comments are not allowed and will raise a syntax error.
+        This keeps the template syntax simpler and more predictable.
+
         Args:
             parser: The Jinja2 parser instance
 
@@ -31,6 +54,7 @@ class CommentExtension(Extension):
 
         Raises:
             TemplateSyntaxError: If the comment block is not properly closed
+                                or if a nested comment is found
         """
         # Get the line number for error reporting
         lineno = parser.stream.current.lineno
@@ -38,10 +62,17 @@ class CommentExtension(Extension):
         # Skip the opening comment tag
         next(parser.stream)
 
-        # Skip until we find {% endcomment %}
+        # Skip until we find {% endcomment %}, rejecting nested comments
         while not parser.stream.current.test("name:endcomment"):
             if parser.stream.current.type == "eof":
                 raise parser.fail("Unclosed comment block", lineno)
+
+            # Explicitly reject nested comments
+            if parser.stream.current.test("name:comment"):
+                raise parser.fail(
+                    "Nested comments are not allowed. Use separate comment blocks instead.",
+                    parser.stream.current.lineno,
+                )
             next(parser.stream)
 
         # Skip the endcomment tag