PyPI - pactown - Versions diffs - 0.1.5__tar.gz → 0.1.16__tar.gz - Mend

pactown 0.1.5tar.gz → 0.1.16tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (84) hide show

{pactown-0.1.5 → pactown-0.1.16}/.bumpversion.cfg RENAMED Viewed

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.1.5
+current_version = 0.1.16
 commit = False
 tag = False

pactown-0.1.16/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,36 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [Unreleased]
+### Added
+- Podman Quadlet deployment backend (`pactown.deploy.quadlet`) with templates, backend operations, and Traefik integration.
+- Interactive Quadlet shell (`pactown quadlet shell`).
+- Quadlet REST API (`pactown quadlet api`) and entrypoint `pactown-quadlet-api`.
+- Security hardening and injection test suite (`tests/test_quadlet_security.py`).
+- Quadlet security guide (`docs/SECURITY.md`).
+- Cloudflare Workers comparison (`docs/CLOUDFLARE_WORKERS_COMPARISON.md`).
+- Practical Quadlet examples in `examples/*` where the user edits only `README.md` (embedded code blocks) and deployment artifacts are generated into `./sandbox`.
+### Changed
+- Dockerfile Python healthcheck now uses `MARKPACT_PORT` with fallback to `PORT` to maintain compatibility.
+- Registry timestamps use timezone-aware datetimes (`datetime.now(timezone.utc)`) to avoid Python 3.13 deprecations.
+- Makefile:
+  - Prefers project venv python if present.
+  - `lint`/`format` fall back to `pipx run ruff` when ruff is not installed in the interpreter.
+  - `test` explicitly loads `pytest_asyncio.plugin` to work with `PYTEST_DISABLE_PLUGIN_AUTOLOAD=1`.
+### Fixed
+- Multiple Quadlet injection vectors (container name, env var, volume, Traefik label, systemd unit) mitigated via input sanitization.
+- Ruff lint issues across `src/` and `tests/`.
+## [0.1.5]
+- Initial public version.

{pactown-0.1.5 → pactown-0.1.16}/Makefile RENAMED Viewed

@@ -1,6 +1,6 @@
 .PHONY: help install dev test test-cov lint format build clean registry up down status examples check-pypi-deps publish-pypi bump-patch bump-minor bump-major release
-PYTHON ?= python3
+PYTHON ?= $(shell if [ -x ./venv/bin/python3 ]; then echo ./venv/bin/python3; elif [ -x ./.venv/bin/python3 ]; then echo ./.venv/bin/python3; else echo python3; fi)
 CONFIG ?= saas.pactown.yaml
 README ?= README.md
 SANDBOX ?= ./sandbox
@@ -22,16 +22,34 @@ dev: ## Install dev dependencies
 	$(PYTHON) -m pip install -e ".[dev]"
 test: ## Run tests
-	PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src $(PYTHON) -m pytest tests/ -v
+	PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src $(PYTHON) -m pytest -p pytest_asyncio.plugin tests/ -v
 test-cov: ## Run tests with coverage
-	PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src $(PYTHON) -m pytest tests/ -v --cov=src/pactown --cov-report=term-missing
+	PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src $(PYTHON) -m pytest -p pytest_asyncio.plugin tests/ -v --cov=src/pactown --cov-report=term-missing
 lint: ## Run linter
-	$(PYTHON) -m ruff check src/ tests/
+	@if $(PYTHON) -c "import ruff" >/dev/null 2>&1; then \
+		$(PYTHON) -m ruff check src/ tests/; \
+	elif command -v ruff >/dev/null 2>&1; then \
+		ruff check src/ tests/; \
+	elif command -v pipx >/dev/null 2>&1; then \
+		pipx run ruff check src/ tests/; \
+	else \
+		echo "Missing dependency: ruff. Run: make dev (or install via pipx)."; \
+		exit 1; \
+	fi
 format: ## Format code
-	$(PYTHON) -m ruff format src/ tests/
+	@if $(PYTHON) -c "import ruff" >/dev/null 2>&1; then \
+		$(PYTHON) -m ruff format src/ tests/; \
+	elif command -v ruff >/dev/null 2>&1; then \
+		ruff format src/ tests/; \
+	elif command -v pipx >/dev/null 2>&1; then \
+		pipx run ruff format src/ tests/; \
+	else \
+		echo "Missing dependency: ruff. Run: make dev (or install via pipx)."; \
+		exit 1; \
+	fi
 build: clean ## Build package
 	@$(PYTHON) -c "import build" >/dev/null 2>&1 || (echo "Missing dependency: build. Run: $(PYTHON) -m pip install -e \".[dev]\" (or: $(PYTHON) -m pip install build)" && exit 1)

{pactown-0.1.5 → pactown-0.1.16}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pactown
-Version: 0.1.5
+Version: 0.1.16
 Summary: Decentralized Service Ecosystem Orchestrator - Build interconnected microservices from Markdown using markpact
 Project-URL: Homepage, https://github.com/wronai/pactown
 Project-URL: Repository, https://github.com/wronai/pactown
@@ -74,6 +74,7 @@ Pactown enables you to compose multiple independent markpact projects into a uni
 ## Key Features
+### Core Features
 - **🔗 Service Composition** – Combine multiple markpact READMEs into one ecosystem
 - **📦 Local Registry** – Store and share markpact artifacts across projects
 - **🔄 Dependency Resolution** – Automatic startup order based on service dependencies
@@ -84,14 +85,43 @@ Pactown enables you to compose multiple independent markpact projects into a uni
 - **🔍 Service Discovery** – Name-based service lookup, no hardcoded URLs
 - **⚡ Config Generator** – Auto-generate config from folder of READMEs
-## Documentation
+### New in v0.4.0
+- **⚡ Fast Start** – Dependency caching for millisecond startup times ([docs](docs/FAST_START.md))
+- **🛡️ Security Policy** – Rate limiting, user profiles, anomaly logging ([docs](docs/SECURITY_POLICY.md))
+- **👤 User Isolation** – Linux user-based sandbox isolation for multi-tenant SaaS ([docs](docs/USER_ISOLATION.md))
+- **📊 Detailed Logging** – Structured logs with error capture ([docs](docs/LOGGING.md))
+---
+## 📚 Documentation
+### Quick Navigation
+| Category | Documents |
+|----------|-----------|
+| **Getting Started** | [Quick Start](#quick-start) · [Installation](#installation) · [Commands](#commands) |
+| **Core Concepts** | [Specification](docs/SPECIFICATION.md) · [Configuration](docs/CONFIGURATION.md) · [Network](docs/NETWORK.md) |
+| **Deployment** | [Deployment Guide](docs/DEPLOYMENT.md) · [Quadlet/VPS](docs/QUADLET.md) · [Generator](docs/GENERATOR.md) |
+| **Security** | [Security Policy](docs/SECURITY_POLICY.md) · [Quadlet Security](docs/SECURITY.md) · [User Isolation](docs/USER_ISOLATION.md) |
+| **Performance** | [Fast Start](docs/FAST_START.md) · [Logging](docs/LOGGING.md) |
+| **Comparisons** | [vs Cloudflare Workers](docs/CLOUDFLARE_WORKERS_COMPARISON.md) |
+### All Documentation
 | Document | Description |
 |----------|-------------|
 | [Specification](docs/SPECIFICATION.md) | Architecture and design |
 | [Configuration](docs/CONFIGURATION.md) | YAML config reference |
+| [Deployment](docs/DEPLOYMENT.md) | Production deployment guide (Compose/Kubernetes/Quadlet) |
 | [Network](docs/NETWORK.md) | Dynamic ports & service discovery |
 | [Generator](docs/GENERATOR.md) | Auto-generate configs |
+| [Quadlet](docs/QUADLET.md) | Podman Quadlet deployment for VPS production |
+| [Security](docs/SECURITY.md) | Quadlet security hardening and injection test suite |
+| [Security Policy](docs/SECURITY_POLICY.md) | Rate limiting, user profiles, resource monitoring |
+| [Fast Start](docs/FAST_START.md) | Dependency caching for fast startup |
+| [User Isolation](docs/USER_ISOLATION.md) | Linux user-based sandbox isolation |
+| [Logging](docs/LOGGING.md) | Structured logging and error capture |
+| [Cloudflare Workers comparison](docs/CLOUDFLARE_WORKERS_COMPARISON.md) | When to use Pactown vs Cloudflare Workers |
 ### Source Code Reference
@@ -102,7 +132,29 @@ Pactown enables you to compose multiple independent markpact projects into a uni
 | [`resolver.py`](src/pactown/resolver.py) | Dependency resolution |
 | [`network.py`](src/pactown/network.py) | Port allocation & discovery |
 | [`generator.py`](src/pactown/generator.py) | Config file generator |
+| [`service_runner.py`](src/pactown/service_runner.py) | High-level service runner API |
+| [`security.py`](src/pactown/security.py) | Security policy & rate limiting |
+| [`fast_start.py`](src/pactown/fast_start.py) | Dependency caching & fast startup |
+| [`user_isolation.py`](src/pactown/user_isolation.py) | Linux user isolation for multi-tenant |
+| [`sandbox_manager.py`](src/pactown/sandbox_manager.py) | Sandbox lifecycle management |
 | [`registry/`](src/pactown/registry/) | Local artifact registry |
+| [`deploy/`](src/pactown/deploy/) | Deployment backends (Docker, Podman, K8s, Quadlet) |
+---
+## 🎯 Examples
+| Example | What it shows |
+|---------|---------------|
+| [`examples/saas-platform/`](examples/saas-platform/) | Complete SaaS with Web + API + Database + Gateway |
+| [`examples/quadlet-vps/`](examples/quadlet-vps/) | VPS setup and Quadlet workflow |
+| [`examples/email-llm-responder/`](examples/email-llm-responder/) | Email automation with LLM integration |
+| [`examples/api-gateway-webhooks/`](examples/api-gateway-webhooks/) | API gateway / webhook handler |
+| [`examples/realtime-notifications/`](examples/realtime-notifications/) | WebSocket + SSE real-time notifications |
+| [`examples/microservices/`](examples/microservices/) | Multi-language microservices |
+| [`examples/fast-start-demo/`](examples/fast-start-demo/) | **NEW:** Fast startup with dependency caching |
+| [`examples/security-policy/`](examples/security-policy/) | **NEW:** Rate limiting and user profiles |
+| [`examples/user-isolation/`](examples/user-isolation/) | **NEW:** Multi-tenant user isolation |
 ## Installation
@@ -145,31 +197,31 @@ services:
 Each service is a standard markpact README:
-```markdown
+````markdown
 # API Service
 REST API for the application.
 ---
-\`\`\`markpact:deps python
+```python markpact:deps
 fastapi
 uvicorn
-\`\`\`
+```
-\`\`\`markpact:file python path=main.py
+```python markpact:file path=main.py
 from fastapi import FastAPI
 app = FastAPI()
 @app.get("/health")
 def health():
     return {"status": "ok"}
-\`\`\`
+```
-\`\`\`markpact:run python
+```bash markpact:run
 uvicorn main:app --port ${MARKPACT_PORT:-8001}
-\`\`\`
 ```
+````
 ### 3. Start the ecosystem

{pactown-0.1.5 → pactown-0.1.16}/README.md RENAMED Viewed

@@ -32,6 +32,7 @@ Pactown enables you to compose multiple independent markpact projects into a uni
 ## Key Features
+### Core Features
 - **🔗 Service Composition** – Combine multiple markpact READMEs into one ecosystem
 - **📦 Local Registry** – Store and share markpact artifacts across projects
 - **🔄 Dependency Resolution** – Automatic startup order based on service dependencies
@@ -42,14 +43,43 @@ Pactown enables you to compose multiple independent markpact projects into a uni
 - **🔍 Service Discovery** – Name-based service lookup, no hardcoded URLs
 - **⚡ Config Generator** – Auto-generate config from folder of READMEs
-## Documentation
+### New in v0.4.0
+- **⚡ Fast Start** – Dependency caching for millisecond startup times ([docs](docs/FAST_START.md))
+- **🛡️ Security Policy** – Rate limiting, user profiles, anomaly logging ([docs](docs/SECURITY_POLICY.md))
+- **👤 User Isolation** – Linux user-based sandbox isolation for multi-tenant SaaS ([docs](docs/USER_ISOLATION.md))
+- **📊 Detailed Logging** – Structured logs with error capture ([docs](docs/LOGGING.md))
+---
+## 📚 Documentation
+### Quick Navigation
+| Category | Documents |
+|----------|-----------|
+| **Getting Started** | [Quick Start](#quick-start) · [Installation](#installation) · [Commands](#commands) |
+| **Core Concepts** | [Specification](docs/SPECIFICATION.md) · [Configuration](docs/CONFIGURATION.md) · [Network](docs/NETWORK.md) |
+| **Deployment** | [Deployment Guide](docs/DEPLOYMENT.md) · [Quadlet/VPS](docs/QUADLET.md) · [Generator](docs/GENERATOR.md) |
+| **Security** | [Security Policy](docs/SECURITY_POLICY.md) · [Quadlet Security](docs/SECURITY.md) · [User Isolation](docs/USER_ISOLATION.md) |
+| **Performance** | [Fast Start](docs/FAST_START.md) · [Logging](docs/LOGGING.md) |
+| **Comparisons** | [vs Cloudflare Workers](docs/CLOUDFLARE_WORKERS_COMPARISON.md) |
+### All Documentation
 | Document | Description |
 |----------|-------------|
 | [Specification](docs/SPECIFICATION.md) | Architecture and design |
 | [Configuration](docs/CONFIGURATION.md) | YAML config reference |
+| [Deployment](docs/DEPLOYMENT.md) | Production deployment guide (Compose/Kubernetes/Quadlet) |
 | [Network](docs/NETWORK.md) | Dynamic ports & service discovery |
 | [Generator](docs/GENERATOR.md) | Auto-generate configs |
+| [Quadlet](docs/QUADLET.md) | Podman Quadlet deployment for VPS production |
+| [Security](docs/SECURITY.md) | Quadlet security hardening and injection test suite |
+| [Security Policy](docs/SECURITY_POLICY.md) | Rate limiting, user profiles, resource monitoring |
+| [Fast Start](docs/FAST_START.md) | Dependency caching for fast startup |
+| [User Isolation](docs/USER_ISOLATION.md) | Linux user-based sandbox isolation |
+| [Logging](docs/LOGGING.md) | Structured logging and error capture |
+| [Cloudflare Workers comparison](docs/CLOUDFLARE_WORKERS_COMPARISON.md) | When to use Pactown vs Cloudflare Workers |
 ### Source Code Reference
@@ -60,7 +90,29 @@ Pactown enables you to compose multiple independent markpact projects into a uni
 | [`resolver.py`](src/pactown/resolver.py) | Dependency resolution |
 | [`network.py`](src/pactown/network.py) | Port allocation & discovery |
 | [`generator.py`](src/pactown/generator.py) | Config file generator |
+| [`service_runner.py`](src/pactown/service_runner.py) | High-level service runner API |
+| [`security.py`](src/pactown/security.py) | Security policy & rate limiting |
+| [`fast_start.py`](src/pactown/fast_start.py) | Dependency caching & fast startup |
+| [`user_isolation.py`](src/pactown/user_isolation.py) | Linux user isolation for multi-tenant |
+| [`sandbox_manager.py`](src/pactown/sandbox_manager.py) | Sandbox lifecycle management |
 | [`registry/`](src/pactown/registry/) | Local artifact registry |
+| [`deploy/`](src/pactown/deploy/) | Deployment backends (Docker, Podman, K8s, Quadlet) |
+---
+## 🎯 Examples
+| Example | What it shows |
+|---------|---------------|
+| [`examples/saas-platform/`](examples/saas-platform/) | Complete SaaS with Web + API + Database + Gateway |
+| [`examples/quadlet-vps/`](examples/quadlet-vps/) | VPS setup and Quadlet workflow |
+| [`examples/email-llm-responder/`](examples/email-llm-responder/) | Email automation with LLM integration |
+| [`examples/api-gateway-webhooks/`](examples/api-gateway-webhooks/) | API gateway / webhook handler |
+| [`examples/realtime-notifications/`](examples/realtime-notifications/) | WebSocket + SSE real-time notifications |
+| [`examples/microservices/`](examples/microservices/) | Multi-language microservices |
+| [`examples/fast-start-demo/`](examples/fast-start-demo/) | **NEW:** Fast startup with dependency caching |
+| [`examples/security-policy/`](examples/security-policy/) | **NEW:** Rate limiting and user profiles |
+| [`examples/user-isolation/`](examples/user-isolation/) | **NEW:** Multi-tenant user isolation |
 ## Installation
@@ -103,31 +155,31 @@ services:
 Each service is a standard markpact README:
-```markdown
+````markdown
 # API Service
 REST API for the application.
 ---
-\`\`\`markpact:deps python
+```python markpact:deps
 fastapi
 uvicorn
-\`\`\`
+```
-\`\`\`markpact:file python path=main.py
+```python markpact:file path=main.py
 from fastapi import FastAPI
 app = FastAPI()
 @app.get("/health")
 def health():
     return {"status": "ok"}
-\`\`\`
+```
-\`\`\`markpact:run python
+```bash markpact:run
 uvicorn main:app --port ${MARKPACT_PORT:-8001}
-\`\`\`
 ```
+````
 ### 3. Start the ecosystem

pactown-0.1.16/TODO.md ADDED Viewed

@@ -0,0 +1,38 @@
+# TODO
+## Status (done)
+- Pactown jako paczka Python (`pyproject.toml`, CLI, Makefile).
+- Orchestrator (sandboxes), dependency resolution, registry + API.
+- Podman Quadlet deployment:
+  - `pactown quadlet init / deploy / list / logs / shell / api`
+  - Traefik + TLS (Let's Encrypt)
+- Security hardening:
+  - input sanitization w generatorze Quadlet
+  - test suite: `tests/test_quadlet_security.py`
+  - dokument: `docs/SECURITY.md`
+- Przykłady Quadlet w `examples/*`:
+  - user edytuje tylko `README.md` (kod w markdown)
+  - reszta plików do uruchomienia jest generowana do `./sandbox`
+## Next steps
+### Quadlet / Sandbox generation
+- Zintegrować generowanie `./sandbox` z README (code blocks `main.py`, `routes.yaml`, `requirements.txt`) bezpośrednio w flow `pactown quadlet deploy`.
+- Dodać walidację, że README zawiera minimalny zestaw blocków wymaganych do uruchomienia.
+- Dodać tryb `pactown quadlet generate --sandbox ./sandbox` (bez deployu) do łatwego review.
+### Security (runtime)
+- Dodać runtime-hardening checklist: SELinux/AppArmor, firewall, limits per tenant.
+- Rozważyć blokowanie dodatkowych mountów (symlinki, `:Z`, `:suid`, itp.) oraz logowanie prób.
+### Docs
+- Uporządkować przewodnik: `docs/QUADLET.md` + `docs/SECURITY.md` + porównanie z CF.
+- Dodać krótkie “quick examples” jak odpalić 3 przykłady na VPS.
+### Packaging
+- Ustalić docelowy flow dla `make dev` i `make lint` (czy zawsze venv, czy pipx fallback).

pactown 0.1.5__tar.gz → 0.1.16__tar.gz

pactown 0.1.5tar.gz → 0.1.16tar.gz