pactown 0.1.5__tar.gz → 0.1.47__tar.gz

{pactown-0.1.5 → pactown-0.1.47}/.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.1.5
+current_version = 0.1.47
 commit = False
 tag = False
 

pactown-0.1.47/CHANGELOG.md

@@ -0,0 +1,92 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.4.0] - 2026-01-16
+
+### Added
+
+- **Fast Start Module** (`fast_start.py`)
+  - Dependency caching with hash-based venv reuse
+  - ~50-100ms startup for cached deps vs ~5-10s fresh
+  - `ServiceRunner.fast_run()` method
+  - Parallel file writing for sandbox creation
+
+- **Security Policy Module** (`security.py`)
+  - Rate limiting with token bucket algorithm
+  - User profiles with tier-based limits (FREE/BASIC/PRO/ENTERPRISE)
+  - Concurrent service limits per user
+  - Anomaly logging for admin monitoring
+  - Server load throttling
+
+- **User Isolation Module** (`user_isolation.py`)
+  - Linux user-based sandbox isolation
+  - Per-SaaS-user home directories
+  - Process isolation with different UIDs
+  - Export/import for user data migration
+  - REST API endpoints for user management
+
+- **Detailed Logging**
+  - Structured logging in sandbox_manager
+  - STDERR/STDOUT capture on process failure
+  - Signal interpretation (SIGTERM, SIGKILL, etc.)
+  - Per-service error log files
+
+- **New Documentation**
+  - `docs/FAST_START.md` - Dependency caching guide
+  - `docs/SECURITY_POLICY.md` - Rate limiting and user profiles
+  - `docs/USER_ISOLATION.md` - Multi-tenant isolation
+  - `docs/LOGGING.md` - Structured logging guide
+  - Navigation links across all docs
+
+- **New Examples**
+  - `examples/fast-start-demo/` - Fast startup with caching
+  - `examples/security-policy/` - Rate limiting demo
+  - `examples/user-isolation/` - Multi-tenant isolation demo
+
+### Changed
+
+- README.md restructured with feature menu and quick navigation
+- All docs updated with cross-links for easier navigation
+- sandbox_manager.py: Better error capture and signal handling
+- service_runner.py: Added delays to prevent race conditions on restart
+
+### Fixed
+
+- Process killed by SIGTERM on restart (race condition)
+- Truncated error output from crashed processes
+- **Hardcoded port mismatch** - Auto-replace hardcoded ports (e.g., `--port 8009`) with requested port
+- PORT and MARKPACT_PORT environment variables now always set
+
+## [Unreleased]
+
+### Added
+
+- Podman Quadlet deployment backend (`pactown.deploy.quadlet`) with templates, backend operations, and Traefik integration.
+- Interactive Quadlet shell (`pactown quadlet shell`).
+- Quadlet REST API (`pactown quadlet api`) and entrypoint `pactown-quadlet-api`.
+- Security hardening and injection test suite (`tests/test_quadlet_security.py`).
+- Quadlet security guide (`docs/SECURITY.md`).
+- Cloudflare Workers comparison (`docs/CLOUDFLARE_WORKERS_COMPARISON.md`).
+- Practical Quadlet examples in `examples/*` where the user edits only `README.md` (embedded code blocks) and deployment artifacts are generated into `./sandbox`.
+
+### Changed
+
+- Dockerfile Python healthcheck now uses `MARKPACT_PORT` with fallback to `PORT` to maintain compatibility.
+- Registry timestamps use timezone-aware datetimes (`datetime.now(timezone.utc)`) to avoid Python 3.13 deprecations.
+- Makefile:
+  - Prefers project venv python if present.
+  - `lint`/`format` fall back to `pipx run ruff` when ruff is not installed in the interpreter.
+  - `test` explicitly loads `pytest_asyncio.plugin` to work with `PYTEST_DISABLE_PLUGIN_AUTOLOAD=1`.
+
+### Fixed
+
+- Multiple Quadlet injection vectors (container name, env var, volume, Traefik label, systemd unit) mitigated via input sanitization.
+- Ruff lint issues across `src/` and `tests/`.
+
+## [0.1.5]
+
+- Initial public version.

{pactown-0.1.5 → pactown-0.1.47}/Makefile

@@ -1,6 +1,6 @@
 .PHONY: help install dev test test-cov lint format build clean registry up down status examples check-pypi-deps publish-pypi bump-patch bump-minor bump-major release
 
-PYTHON ?= python3
+PYTHON ?= $(shell if [ -x ./venv/bin/python3 ]; then echo ./venv/bin/python3; elif [ -x ./.venv/bin/python3 ]; then echo ./.venv/bin/python3; else echo python3; fi)
 CONFIG ?= saas.pactown.yaml
 README ?= README.md
 SANDBOX ?= ./sandbox
@@ -22,16 +22,34 @@ dev: ## Install dev dependencies
 	$(PYTHON) -m pip install -e ".[dev]"
 
 test: ## Run tests
-	PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src $(PYTHON) -m pytest tests/ -v
+	PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src $(PYTHON) -m pytest -p pytest_asyncio.plugin tests/ -v
 
 test-cov: ## Run tests with coverage
-	PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src $(PYTHON) -m pytest tests/ -v --cov=src/pactown --cov-report=term-missing
+	PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src $(PYTHON) -m pytest -p pytest_asyncio.plugin tests/ -v --cov=src/pactown --cov-report=term-missing
 
 lint: ## Run linter
-	$(PYTHON) -m ruff check src/ tests/
+	@if $(PYTHON) -c "import ruff" >/dev/null 2>&1; then \
+		$(PYTHON) -m ruff check src/ tests/; \
+	elif command -v ruff >/dev/null 2>&1; then \
+		ruff check src/ tests/; \
+	elif command -v pipx >/dev/null 2>&1; then \
+		pipx run ruff check src/ tests/; \
+	else \
+		echo "Missing dependency: ruff. Run: make dev (or install via pipx)."; \
+		exit 1; \
+	fi
 
 format: ## Format code
-	$(PYTHON) -m ruff format src/ tests/
+	@if $(PYTHON) -c "import ruff" >/dev/null 2>&1; then \
+		$(PYTHON) -m ruff format src/ tests/; \
+	elif command -v ruff >/dev/null 2>&1; then \
+		ruff format src/ tests/; \
+	elif command -v pipx >/dev/null 2>&1; then \
+		pipx run ruff format src/ tests/; \
+	else \
+		echo "Missing dependency: ruff. Run: make dev (or install via pipx)."; \
+		exit 1; \
+	fi
 
 build: clean ## Build package
 	@$(PYTHON) -c "import build" >/dev/null 2>&1 || (echo "Missing dependency: build. Run: $(PYTHON) -m pip install -e \".[dev]\" (or: $(PYTHON) -m pip install build)" && exit 1)

{pactown-0.1.5 → pactown-0.1.47}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pactown
-Version: 0.1.5
+Version: 0.1.47
 Summary: Decentralized Service Ecosystem Orchestrator - Build interconnected microservices from Markdown using markpact
 Project-URL: Homepage, https://github.com/wronai/pactown
 Project-URL: Repository, https://github.com/wronai/pactown
@@ -30,6 +30,8 @@ Requires-Dist: pyyaml>=6.0
 Requires-Dist: rich>=13.0
 Requires-Dist: uvicorn>=0.20.0
 Requires-Dist: watchfiles>=0.20.0
+Provides-Extra: all
+Requires-Dist: lolm>=0.1.6; extra == 'all'
 Provides-Extra: dev
 Requires-Dist: build; extra == 'dev'
 Requires-Dist: bump2version>=1.0; extra == 'dev'
@@ -38,6 +40,8 @@ Requires-Dist: pytest-cov>=4.0; extra == 'dev'
 Requires-Dist: pytest>=7.0; extra == 'dev'
 Requires-Dist: ruff>=0.1; extra == 'dev'
 Requires-Dist: twine; extra == 'dev'
+Provides-Extra: llm
+Requires-Dist: lolm>=0.1.6; extra == 'llm'
 Description-Content-Type: text/markdown
 
 ![img.png](img.png)
@@ -74,6 +78,7 @@ Pactown enables you to compose multiple independent markpact projects into a uni
 
 ## Key Features
 
+### Core Features
 - **🔗 Service Composition** – Combine multiple markpact READMEs into one ecosystem
 - **📦 Local Registry** – Store and share markpact artifacts across projects
 - **🔄 Dependency Resolution** – Automatic startup order based on service dependencies
@@ -84,14 +89,43 @@ Pactown enables you to compose multiple independent markpact projects into a uni
 - **🔍 Service Discovery** – Name-based service lookup, no hardcoded URLs
 - **⚡ Config Generator** – Auto-generate config from folder of READMEs
 
-## Documentation
+### New in v0.4.0
+- **⚡ Fast Start** – Dependency caching for millisecond startup times ([docs](docs/FAST_START.md))
+- **🛡️ Security Policy** – Rate limiting, user profiles, anomaly logging ([docs](docs/SECURITY_POLICY.md))
+- **👤 User Isolation** – Linux user-based sandbox isolation for multi-tenant SaaS ([docs](docs/USER_ISOLATION.md))
+- **📊 Detailed Logging** – Structured logs with error capture ([docs](docs/LOGGING.md))
+
+---
+
+## 📚 Documentation
+
+### Quick Navigation
+
+| Category | Documents |
+|----------|-----------|
+| **Getting Started** | [Quick Start](#quick-start) · [Installation](#installation) · [Commands](#commands) |
+| **Core Concepts** | [Specification](docs/SPECIFICATION.md) · [Configuration](docs/CONFIGURATION.md) · [Network](docs/NETWORK.md) |
+| **Deployment** | [Deployment Guide](docs/DEPLOYMENT.md) · [Quadlet/VPS](docs/QUADLET.md) · [Generator](docs/GENERATOR.md) |
+| **Security** | [Security Policy](docs/SECURITY_POLICY.md) · [Quadlet Security](docs/SECURITY.md) · [User Isolation](docs/USER_ISOLATION.md) |
+| **Performance** | [Fast Start](docs/FAST_START.md) · [Logging](docs/LOGGING.md) |
+| **Comparisons** | [vs Cloudflare Workers](docs/CLOUDFLARE_WORKERS_COMPARISON.md) |
+
+### All Documentation
 
 | Document | Description |
 |----------|-------------|
 | [Specification](docs/SPECIFICATION.md) | Architecture and design |
 | [Configuration](docs/CONFIGURATION.md) | YAML config reference |
+| [Deployment](docs/DEPLOYMENT.md) | Production deployment guide (Compose/Kubernetes/Quadlet) |
 | [Network](docs/NETWORK.md) | Dynamic ports & service discovery |
 | [Generator](docs/GENERATOR.md) | Auto-generate configs |
+| [Quadlet](docs/QUADLET.md) | Podman Quadlet deployment for VPS production |
+| [Security](docs/SECURITY.md) | Quadlet security hardening and injection test suite |
+| [Security Policy](docs/SECURITY_POLICY.md) | Rate limiting, user profiles, resource monitoring |
+| [Fast Start](docs/FAST_START.md) | Dependency caching for fast startup |
+| [User Isolation](docs/USER_ISOLATION.md) | Linux user-based sandbox isolation |
+| [Logging](docs/LOGGING.md) | Structured logging and error capture |
+| [Cloudflare Workers comparison](docs/CLOUDFLARE_WORKERS_COMPARISON.md) | When to use Pactown vs Cloudflare Workers |
 
 ### Source Code Reference
 
@@ -102,7 +136,29 @@ Pactown enables you to compose multiple independent markpact projects into a uni
 | [`resolver.py`](src/pactown/resolver.py) | Dependency resolution |
 | [`network.py`](src/pactown/network.py) | Port allocation & discovery |
 | [`generator.py`](src/pactown/generator.py) | Config file generator |
+| [`service_runner.py`](src/pactown/service_runner.py) | High-level service runner API |
+| [`security.py`](src/pactown/security.py) | Security policy & rate limiting |
+| [`fast_start.py`](src/pactown/fast_start.py) | Dependency caching & fast startup |
+| [`user_isolation.py`](src/pactown/user_isolation.py) | Linux user isolation for multi-tenant |
+| [`sandbox_manager.py`](src/pactown/sandbox_manager.py) | Sandbox lifecycle management |
 | [`registry/`](src/pactown/registry/) | Local artifact registry |
+| [`deploy/`](src/pactown/deploy/) | Deployment backends (Docker, Podman, K8s, Quadlet) |
+
+---
+
+## 🎯 Examples
+
+| Example | What it shows |
+|---------|---------------|
+| [`examples/saas-platform/`](examples/saas-platform/) | Complete SaaS with Web + API + Database + Gateway |
+| [`examples/quadlet-vps/`](examples/quadlet-vps/) | VPS setup and Quadlet workflow |
+| [`examples/email-llm-responder/`](examples/email-llm-responder/) | Email automation with LLM integration |
+| [`examples/api-gateway-webhooks/`](examples/api-gateway-webhooks/) | API gateway / webhook handler |
+| [`examples/realtime-notifications/`](examples/realtime-notifications/) | WebSocket + SSE real-time notifications |
+| [`examples/microservices/`](examples/microservices/) | Multi-language microservices |
+| [`examples/fast-start-demo/`](examples/fast-start-demo/) | **NEW:** Fast startup with dependency caching |
+| [`examples/security-policy/`](examples/security-policy/) | **NEW:** Rate limiting and user profiles |
+| [`examples/user-isolation/`](examples/user-isolation/) | **NEW:** Multi-tenant user isolation |
 
 ## Installation
 
@@ -145,31 +201,31 @@ services:
 
 Each service is a standard markpact README:
 
-```markdown
+````markdown
 # API Service
 
 REST API for the application.
 
 ---
 
-\`\`\`markpact:deps python
+```python markpact:deps
 fastapi
 uvicorn
-\`\`\`
+```
 
-\`\`\`markpact:file python path=main.py
+```python markpact:file path=main.py
 from fastapi import FastAPI
 app = FastAPI()
 
 @app.get("/health")
 def health():
     return {"status": "ok"}
-\`\`\`
+```
 
-\`\`\`markpact:run python
+```bash markpact:run
 uvicorn main:app --port ${MARKPACT_PORT:-8001}
-\`\`\`
 ```
+````
 
 ### 3. Start the ecosystem
 

{pactown-0.1.5 → pactown-0.1.47}/README.md

@@ -32,6 +32,7 @@ Pactown enables you to compose multiple independent markpact projects into a uni
 
 ## Key Features
 
+### Core Features
 - **🔗 Service Composition** – Combine multiple markpact READMEs into one ecosystem
 - **📦 Local Registry** – Store and share markpact artifacts across projects
 - **🔄 Dependency Resolution** – Automatic startup order based on service dependencies
@@ -42,14 +43,43 @@ Pactown enables you to compose multiple independent markpact projects into a uni
 - **🔍 Service Discovery** – Name-based service lookup, no hardcoded URLs
 - **⚡ Config Generator** – Auto-generate config from folder of READMEs
 
-## Documentation
+### New in v0.4.0
+- **⚡ Fast Start** – Dependency caching for millisecond startup times ([docs](docs/FAST_START.md))
+- **🛡️ Security Policy** – Rate limiting, user profiles, anomaly logging ([docs](docs/SECURITY_POLICY.md))
+- **👤 User Isolation** – Linux user-based sandbox isolation for multi-tenant SaaS ([docs](docs/USER_ISOLATION.md))
+- **📊 Detailed Logging** – Structured logs with error capture ([docs](docs/LOGGING.md))
+
+---
+
+## 📚 Documentation
+
+### Quick Navigation
+
+| Category | Documents |
+|----------|-----------|
+| **Getting Started** | [Quick Start](#quick-start) · [Installation](#installation) · [Commands](#commands) |
+| **Core Concepts** | [Specification](docs/SPECIFICATION.md) · [Configuration](docs/CONFIGURATION.md) · [Network](docs/NETWORK.md) |
+| **Deployment** | [Deployment Guide](docs/DEPLOYMENT.md) · [Quadlet/VPS](docs/QUADLET.md) · [Generator](docs/GENERATOR.md) |
+| **Security** | [Security Policy](docs/SECURITY_POLICY.md) · [Quadlet Security](docs/SECURITY.md) · [User Isolation](docs/USER_ISOLATION.md) |
+| **Performance** | [Fast Start](docs/FAST_START.md) · [Logging](docs/LOGGING.md) |
+| **Comparisons** | [vs Cloudflare Workers](docs/CLOUDFLARE_WORKERS_COMPARISON.md) |
+
+### All Documentation
 
 | Document | Description |
 |----------|-------------|
 | [Specification](docs/SPECIFICATION.md) | Architecture and design |
 | [Configuration](docs/CONFIGURATION.md) | YAML config reference |
+| [Deployment](docs/DEPLOYMENT.md) | Production deployment guide (Compose/Kubernetes/Quadlet) |
 | [Network](docs/NETWORK.md) | Dynamic ports & service discovery |
 | [Generator](docs/GENERATOR.md) | Auto-generate configs |
+| [Quadlet](docs/QUADLET.md) | Podman Quadlet deployment for VPS production |
+| [Security](docs/SECURITY.md) | Quadlet security hardening and injection test suite |
+| [Security Policy](docs/SECURITY_POLICY.md) | Rate limiting, user profiles, resource monitoring |
+| [Fast Start](docs/FAST_START.md) | Dependency caching for fast startup |
+| [User Isolation](docs/USER_ISOLATION.md) | Linux user-based sandbox isolation |
+| [Logging](docs/LOGGING.md) | Structured logging and error capture |
+| [Cloudflare Workers comparison](docs/CLOUDFLARE_WORKERS_COMPARISON.md) | When to use Pactown vs Cloudflare Workers |
 
 ### Source Code Reference
 
@@ -60,7 +90,29 @@ Pactown enables you to compose multiple independent markpact projects into a uni
 | [`resolver.py`](src/pactown/resolver.py) | Dependency resolution |
 | [`network.py`](src/pactown/network.py) | Port allocation & discovery |
 | [`generator.py`](src/pactown/generator.py) | Config file generator |
+| [`service_runner.py`](src/pactown/service_runner.py) | High-level service runner API |
+| [`security.py`](src/pactown/security.py) | Security policy & rate limiting |
+| [`fast_start.py`](src/pactown/fast_start.py) | Dependency caching & fast startup |
+| [`user_isolation.py`](src/pactown/user_isolation.py) | Linux user isolation for multi-tenant |
+| [`sandbox_manager.py`](src/pactown/sandbox_manager.py) | Sandbox lifecycle management |
 | [`registry/`](src/pactown/registry/) | Local artifact registry |
+| [`deploy/`](src/pactown/deploy/) | Deployment backends (Docker, Podman, K8s, Quadlet) |
+
+---
+
+## 🎯 Examples
+
+| Example | What it shows |
+|---------|---------------|
+| [`examples/saas-platform/`](examples/saas-platform/) | Complete SaaS with Web + API + Database + Gateway |
+| [`examples/quadlet-vps/`](examples/quadlet-vps/) | VPS setup and Quadlet workflow |
+| [`examples/email-llm-responder/`](examples/email-llm-responder/) | Email automation with LLM integration |
+| [`examples/api-gateway-webhooks/`](examples/api-gateway-webhooks/) | API gateway / webhook handler |
+| [`examples/realtime-notifications/`](examples/realtime-notifications/) | WebSocket + SSE real-time notifications |
+| [`examples/microservices/`](examples/microservices/) | Multi-language microservices |
+| [`examples/fast-start-demo/`](examples/fast-start-demo/) | **NEW:** Fast startup with dependency caching |
+| [`examples/security-policy/`](examples/security-policy/) | **NEW:** Rate limiting and user profiles |
+| [`examples/user-isolation/`](examples/user-isolation/) | **NEW:** Multi-tenant user isolation |
 
 ## Installation
 
@@ -103,31 +155,31 @@ services:
 
 Each service is a standard markpact README:
 
-```markdown
+````markdown
 # API Service
 
 REST API for the application.
 
 ---
 
-\`\`\`markpact:deps python
+```python markpact:deps
 fastapi
 uvicorn
-\`\`\`
+```
 
-\`\`\`markpact:file python path=main.py
+```python markpact:file path=main.py
 from fastapi import FastAPI
 app = FastAPI()
 
 @app.get("/health")
 def health():
     return {"status": "ok"}
-\`\`\`
+```
 
-\`\`\`markpact:run python
+```bash markpact:run
 uvicorn main:app --port ${MARKPACT_PORT:-8001}
-\`\`\`
 ```
+````
 
 ### 3. Start the ecosystem
 

pactown-0.1.47/TODO.md

@@ -0,0 +1,38 @@
+# TODO
+
+## Status (done)
+
+- Pactown jako paczka Python (`pyproject.toml`, CLI, Makefile).
+- Orchestrator (sandboxes), dependency resolution, registry + API.
+- Podman Quadlet deployment:
+  - `pactown quadlet init / deploy / list / logs / shell / api`
+  - Traefik + TLS (Let's Encrypt)
+- Security hardening:
+  - input sanitization w generatorze Quadlet
+  - test suite: `tests/test_quadlet_security.py`
+  - dokument: `docs/SECURITY.md`
+- Przykłady Quadlet w `examples/*`:
+  - user edytuje tylko `README.md` (kod w markdown)
+  - reszta plików do uruchomienia jest generowana do `./sandbox`
+
+## Next steps
+
+### Quadlet / Sandbox generation
+
+- Zintegrować generowanie `./sandbox` z README (code blocks `main.py`, `routes.yaml`, `requirements.txt`) bezpośrednio w flow `pactown quadlet deploy`.
+- Dodać walidację, że README zawiera minimalny zestaw blocków wymaganych do uruchomienia.
+- Dodać tryb `pactown quadlet generate --sandbox ./sandbox` (bez deployu) do łatwego review.
+
+### Security (runtime)
+
+- Dodać runtime-hardening checklist: SELinux/AppArmor, firewall, limits per tenant.
+- Rozważyć blokowanie dodatkowych mountów (symlinki, `:Z`, `:suid`, itp.) oraz logowanie prób.
+
+### Docs
+
+- Uporządkować przewodnik: `docs/QUADLET.md` + `docs/SECURITY.md` + porównanie z CF.
+- Dodać krótkie “quick examples” jak odpalić 3 przykłady na VPS.
+
+### Packaging
+
+- Ustalić docelowy flow dla `make dev` i `make lint` (czy zawsze venv, czy pipx fallback).