pysealer 0.1.3__cp313-cp313t-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl

pyseal/__init__.py

@@ -0,0 +1,24 @@
+"""Pyseal package entry point
+
+This package serves as a bridge between the Python command line interface and the
+underlying Rust implementation (compiled as _pyseal module). It exposes the
+core functionality for adding version control decorators to Python functions.
+
+This module also dynamically provides decorator placeholders (e.g. @pyseal._<sig>)
+so that decorated functions remain importable.
+"""
+
+# Define the rust to python module version and functions
+from ._pyseal import generate_keypair, generate_signature, verify_signature
+
+__version__ = "0.1.3"
+__all__ = ["generate_keypair", "generate_signature", "verify_signature"]
+
+# Ensure dummy decorators are registered on import
+from . import dummy_decorators
+
+# Allow dynamic decorator resolution for @pyseal._<sig>()
+def __getattr__(name):
+	if name.startswith("_"):
+		return dummy_decorators._dummy_decorator
+	raise AttributeError(f"module 'pyseal' has no attribute '{name}'")

pyseal/add_decorators.py

@@ -0,0 +1,215 @@
+"""Automatically add cryptographic decorators to all functions and classes in a python file."""
+
+import ast
+import copy
+from pathlib import Path
+from pyseal import generate_signature
+from .setup import get_private_key
+
+def add_decorators(file_path: str) -> str:
+    """
+    Parse a Python file, add decorators to all functions and classes, and return the modified code.
+    
+    Args:
+        file_path: Path to the Python file to process
+        
+    Returns:
+        Modified Python source code as a string
+    """
+    # Read the entire file content into a string
+    with open(file_path, 'r') as f:
+        content = f.read()
+
+    # Split content into lines for manipulation
+    lines = content.split('\n')
+
+    # Dynamically add 'import pyseal' grouped with other imports if not present
+    has_import_pyseal = any(
+        line.strip() == 'import pyseal' or line.strip().startswith('import pyseal') or line.strip().startswith('from pyseal')
+        for line in lines
+    )
+    if not has_import_pyseal:
+        # Find the import block
+        import_indices = [i for i, line in enumerate(lines) if line.strip().startswith('import ') or line.strip().startswith('from ')]
+        if import_indices:
+            # Insert after the last import in the block
+            last_import = import_indices[-1]
+            lines.insert(last_import + 1, 'import pyseal')
+        else:
+            # No import block found, insert after shebang/docstring/comments as before
+            insert_at = 0
+            if lines and lines[0].startswith('#!'):
+                insert_at = 1
+            while insert_at < len(lines) and (lines[insert_at].strip() == '' or lines[insert_at].strip().startswith('"""') or lines[insert_at].strip().startswith("''")):
+                if lines[insert_at].strip().startswith('"""') or lines[insert_at].strip().startswith("''"):
+                    quote = lines[insert_at].strip()[:3]
+                    insert_at += 1
+                    while insert_at < len(lines) and not lines[insert_at].strip().endswith(quote):
+                        insert_at += 1
+                    if insert_at < len(lines):
+                        insert_at += 1
+                else:
+                    insert_at += 1
+            lines.insert(insert_at, 'import pyseal')
+
+    # Parse the Python source code into an Abstract Syntax Tree (AST)
+    content = '\n'.join(lines)
+    tree = ast.parse(content)
+    
+    # First pass: Remove existing pyseal decorators
+    lines_to_remove = set()
+    for node in ast.walk(tree):
+        if type(node).__name__ in ("FunctionDef", "AsyncFunctionDef", "ClassDef"):
+            if hasattr(node, 'decorator_list'):
+                for decorator in node.decorator_list:
+                    is_pyseal_decorator = False
+                    
+                    if isinstance(decorator, ast.Name):
+                        if decorator.id.startswith("pyseal"):
+                            is_pyseal_decorator = True
+                    elif isinstance(decorator, ast.Attribute):
+                        if isinstance(decorator.value, ast.Name) and decorator.value.id == "pyseal":
+                            is_pyseal_decorator = True
+                    elif isinstance(decorator, ast.Call):
+                        func = decorator.func
+                        if isinstance(func, ast.Attribute):
+                            if isinstance(func.value, ast.Name) and func.value.id == "pyseal":
+                                is_pyseal_decorator = True
+                        elif isinstance(func, ast.Name) and func.id.startswith("pyseal"):
+                            is_pyseal_decorator = True
+                    
+                    if is_pyseal_decorator:
+                        # Mark this line for removal (convert to 0-indexed)
+                        lines_to_remove.add(decorator.lineno - 1)
+    
+    # Remove the marked lines (in reverse order to preserve indices)
+    for line_idx in sorted(lines_to_remove, reverse=True):
+        del lines[line_idx]
+    
+    # Re-parse the content after removing decorators to get updated line numbers
+    modified_content = '\n'.join(lines)
+    tree = ast.parse(modified_content)
+    
+    # Build parent map for all nodes
+    parent_map = {}
+    for parent in ast.walk(tree):
+        for child in ast.iter_child_nodes(parent):
+            parent_map[child] = parent
+
+    decorators_to_add = []
+
+    for node in ast.walk(tree):
+        node_type = type(node).__name__
+
+        # Only decorate:
+        # - Top-level functions (not inside a class)
+        # - Top-level classes
+        if node_type in ("FunctionDef", "AsyncFunctionDef"):
+            parent = parent_map.get(node)
+            if isinstance(parent, ast.ClassDef):
+                continue  # skip methods inside classes
+        elif node_type == "ClassDef":
+            pass  # always decorate classes
+        else:
+            continue
+
+        # Extract the complete source code of this function/class for hashing
+        node_clone = copy.deepcopy(node)
+
+        # Filter out pyseal decorators
+        if hasattr(node_clone, 'decorator_list'):
+            filtered_decorators = []
+            for decorator in node_clone.decorator_list:
+                should_keep = True
+                if isinstance(decorator, ast.Name):
+                    if decorator.id.startswith("pyseal"):
+                        should_keep = False
+                elif isinstance(decorator, ast.Attribute):
+                    if isinstance(decorator.value, ast.Name) and decorator.value.id == "pyseal":
+                        should_keep = False
+                elif isinstance(decorator, ast.Call):
+                    func = decorator.func
+                    if isinstance(func, ast.Attribute):
+                        if isinstance(func.value, ast.Name) and func.value.id == "pyseal":
+                            should_keep = False
+                    elif isinstance(func, ast.Name) and func.id.startswith("pyseal"):
+                        should_keep = False
+                if should_keep:
+                    filtered_decorators.append(decorator)
+            node_clone.decorator_list = filtered_decorators
+
+        module_wrapper = ast.Module(body=[node_clone], type_ignores=[])
+        function_source = ast.unparse(module_wrapper)
+
+        try:
+            private_key = get_private_key()
+        except (FileNotFoundError, ValueError) as e:
+            raise RuntimeError(f"Cannot add decorators: {e}. Please run 'pyseal init' first.")
+
+        try:
+            signature = generate_signature(function_source, private_key)
+        except Exception as e:
+            raise RuntimeError(f"Failed to generate signature: {e}")
+
+        decorator_line = node.lineno - 1
+        if hasattr(node, 'decorator_list') and node.decorator_list:
+            decorator_line = node.decorator_list[0].lineno - 1
+
+        decorators_to_add.append((decorator_line, node.col_offset, signature))
+
+    # Sort in reverse order to add from bottom to top (preserves line numbers)
+    decorators_to_add.sort(reverse=True)
+
+    # Add decorators to the lines
+    for line_idx, col_offset, signature in decorators_to_add:
+        indent = ' ' * col_offset
+        decorator_line = f"{indent}@pyseal._{signature}()"
+        lines.insert(line_idx, decorator_line)
+
+    # Join lines back together
+    modified_code = '\n'.join(lines)
+
+    return modified_code
+
+
+def add_decorators_to_folder(folder_path: str) -> list[str]:
+    """
+    Add decorators to all Python files in a folder.
+    
+    Args:
+        folder_path: Path to the folder containing Python files
+        
+    Returns:
+        List of file paths that were successfully decorated
+    """
+    folder = Path(folder_path)
+    
+    if not folder.exists():
+        raise FileNotFoundError(f"Folder '{folder_path}' does not exist.")
+    
+    if not folder.is_dir():
+        raise NotADirectoryError(f"'{folder_path}' is not a directory.")
+    
+    # Find all Python files in the folder (non-recursive)
+    python_files = list(folder.glob('*.py'))
+    
+    if not python_files:
+        raise ValueError(f"No Python files found in '{folder_path}'.")
+    
+    decorated_files = []
+    errors = []
+    
+    for py_file in python_files:
+        try:
+            modified_code = add_decorators(str(py_file))
+            with open(py_file, 'w') as f:
+                f.write(modified_code)
+            decorated_files.append(str(py_file))
+        except Exception as e:
+            errors.append((str(py_file), str(e)))
+    
+    if errors:
+        error_msg = "\n".join([f"  - {file}: {error}" for file, error in errors])
+        raise RuntimeError(f"Failed to decorate some files:\n{error_msg}")
+    
+    return decorated_files

pyseal/check_decorators.py

@@ -0,0 +1,179 @@
+"""Automatically verify cryptographic decorators for all functions and classes in a python file."""
+
+import ast
+import copy
+from pathlib import Path
+from typing import Dict
+from pyseal import verify_signature
+from .setup import get_public_key
+
+
+def check_decorators(file_path: str) -> Dict[str, dict]:
+    """
+    Parse a Python file and verify all pyseal cryptographic decorators.
+    
+    This function checks that each function/class with a pyseal decorator has a valid
+    signature that matches the current source code of that function/class.
+    
+    Args:
+        file_path: Path to the Python file to verify
+        
+    Returns:
+        Dictionary mapping function/class names to their verification results:
+        {
+            "function_name": {
+                "valid": bool,           # Whether signature is valid
+                "signature": str,        # The signature found in decorator
+                "message": str,          # Success or error message
+                "has_decorator": bool    # Whether function has pyseal decorator
+            }
+        }
+    """
+    # Read the file content
+    with open(file_path, 'r') as f:
+        content = f.read()
+    
+    # Parse the Python source code into an AST
+    tree = ast.parse(content)
+    
+    # Get the public key for verification
+    try:
+        public_key = get_public_key()
+    except (FileNotFoundError, ValueError) as e:
+        raise RuntimeError(f"Cannot verify decorators: {e}. Please run 'pyseal init' first.")
+    
+    # Dictionary to store results
+    results = {}
+    
+    # Iterate through each node in the AST
+    for node in ast.walk(tree):
+        node_type = type(node).__name__
+        
+        # Check if this node is a function or class definition
+        if node_type in ("FunctionDef", "AsyncFunctionDef", "ClassDef"):
+            name = node.name
+            
+            # Look for pyseal decorator
+            signature_from_decorator = None
+            has_pyseal_decorator = False
+            
+            if hasattr(node, 'decorator_list'):
+                for decorator in node.decorator_list:
+                    # Check if decorator is a Call node (e.g., @pyseal._<signature>())
+                    if isinstance(decorator, ast.Call):
+                        func = decorator.func
+                        # Check if it's pyseal._<signature>
+                        if isinstance(func, ast.Attribute):
+                            if isinstance(func.value, ast.Name) and func.value.id == "pyseal":
+                                attr_name = func.attr
+                                # Extract signature (remove leading underscore)
+                                if attr_name.startswith('_'):
+                                    signature_from_decorator = attr_name[1:]
+                                    has_pyseal_decorator = True
+                                    break
+            
+            # Initialize result for this function/class
+            result = {
+                "has_decorator": has_pyseal_decorator,
+                "valid": False,
+                "signature": signature_from_decorator,
+                "message": ""
+            }
+            
+            if not has_pyseal_decorator:
+                result["message"] = "No pyseal decorator found"
+                results[name] = result
+                continue
+            
+            # Extract the source code without pyseal decorators for verification
+            node_clone = copy.deepcopy(node)
+            
+            # Filter out pyseal decorators from the clone
+            if hasattr(node_clone, 'decorator_list'):
+                filtered_decorators = []
+                
+                for decorator in node_clone.decorator_list:
+                    should_keep = True
+                    
+                    # Check if decorator is a simple Name node starting with "pyseal"
+                    if isinstance(decorator, ast.Name):
+                        if decorator.id.startswith("pyseal"):
+                            should_keep = False
+                    
+                    # Check if decorator is an Attribute node (e.g., pyseal.something)
+                    elif isinstance(decorator, ast.Attribute):
+                        if isinstance(decorator.value, ast.Name) and decorator.value.id == "pyseal":
+                            should_keep = False
+                    
+                    # Check if decorator is a Call node
+                    elif isinstance(decorator, ast.Call):
+                        func = decorator.func
+                        # Check if call is to pyseal.something()
+                        if isinstance(func, ast.Attribute):
+                            if isinstance(func.value, ast.Name) and func.value.id == "pyseal":
+                                should_keep = False
+                        # Check if call is to pyseal_something()
+                        elif isinstance(func, ast.Name) and func.id.startswith("pyseal"):
+                            should_keep = False
+                    
+                    if should_keep:
+                        filtered_decorators.append(decorator)
+                
+                node_clone.decorator_list = filtered_decorators
+            
+            # Convert the filtered node back to source code
+            module_wrapper = ast.Module(body=[node_clone], type_ignores=[])
+            function_source = ast.unparse(module_wrapper)
+            
+            # Verify the signature
+            try:
+                is_valid = verify_signature(function_source, signature_from_decorator, public_key)
+                
+                result["valid"] = is_valid
+                if is_valid:
+                    result["message"] = "✓ Signature valid - code has not been tampered with"
+                else:
+                    result["message"] = "✗ Signature invalid - code may have been modified"
+                    
+            except Exception as e:
+                result["message"] = f"✗ Error verifying signature: {e}"
+            
+            results[name] = result
+    
+    return results
+
+
+def check_decorators_in_folder(folder_path: str) -> Dict[str, Dict[str, dict]]:
+    """
+    Check decorators in all Python files in a folder.
+    
+    Args:
+        folder_path: Path to the folder containing Python files
+        
+    Returns:
+        Dictionary mapping file paths to their verification results
+    """
+    folder = Path(folder_path)
+    
+    if not folder.exists():
+        raise FileNotFoundError(f"Folder '{folder_path}' does not exist.")
+    
+    if not folder.is_dir():
+        raise NotADirectoryError(f"'{folder_path}' is not a directory.")
+    
+    # Find all Python files in the folder (non-recursive)
+    python_files = list(folder.glob('*.py'))
+    
+    if not python_files:
+        raise ValueError(f"No Python files found in '{folder_path}'.")
+    
+    all_results = {}
+    
+    for py_file in python_files:
+        try:
+            results = check_decorators(str(py_file))
+            all_results[str(py_file)] = results
+        except Exception as e:
+            all_results[str(py_file)] = {"error": str(e)}
+    
+    return all_results

pyseal/cli.py

@@ -0,0 +1,284 @@
+"""
+Command-line interface for pyseal.
+
+Commands:
+- init: Initialize pyseal with a new keypair and .env file.
+- lock: Add pyseal decorators to all functions and classes in a Python file.
+- check: Check the integrity and validity of pyseal decorators in a Python file.
+- remove: Remove all pyseal decorators from a Python file.
+
+Use `pyseal --help` to see available options and command details.
+Use `pyseal --version` to see the current version of pyseal installed.
+"""
+
+from pathlib import Path
+
+import typer
+from typing_extensions import Annotated
+
+from . import __version__
+from .setup import setup_keypair
+from .add_decorators import add_decorators, add_decorators_to_folder
+from .check_decorators import check_decorators, check_decorators_in_folder
+from .remove_decorators import remove_decorators, remove_decorators_from_folder
+
+app = typer.Typer(
+    name="pyseal",
+    help="Version control your Python functions and classes with cryptographic decorators",
+    no_args_is_help=True,
+)
+
+
+def version_callback(value: bool):
+    """Helper function to display version information."""
+    if value:
+        typer.echo(f"pyseal {__version__}")
+        raise typer.Exit()
+
+
+@app.callback()
+def version(
+    version: Annotated[
+        bool,
+        typer.Option("--version", help="Report the current version of pyseal installed.", callback=version_callback, is_eager=True)
+    ] = False
+):
+    """Report the current version of pyseal installed."""
+    pass
+
+
+@app.command()
+def init(
+    env_file: Annotated[
+        str,
+        typer.Argument(help="Path to the .env file")
+    ] = ".env"
+):
+    """Initialize pyseal with an .env file."""
+    try:
+        env_path = Path(env_file)
+        
+        # Generate and store keypair (will raise error if keys already exist)
+        setup_keypair(env_path)
+        typer.echo(typer.style("Successfully initialized pyseal!", fg=typer.colors.BLUE, bold=True))
+        typer.echo(f"🔑 Keypair generated and stored in {env_path}")
+        typer.echo("⚠️  Keep your .env file secure and add it to .gitignore!")
+        
+    except Exception as e:
+        typer.echo(typer.style(f"Error during initialization: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+
+
+@app.command()
+def lock(
+    file_path: Annotated[
+        str,
+        typer.Argument(help="Path to the Python file or folder to decorate")
+    ]
+):
+    """Add decorators to all functions and classes in a Python file or all Python files in a folder."""
+    path = Path(file_path)
+    
+    # Validate path exists
+    if not path.exists():
+        typer.echo(typer.style(f"Error: Path '{path}' does not exist.", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+    
+    try:
+        # Handle folder path
+        if path.is_dir():
+            resolved_path = str(path.resolve())
+            decorated_files = add_decorators_to_folder(resolved_path)
+            
+            typer.echo(typer.style(f"Successfully added decorators to {len(decorated_files)} files:", fg=typer.colors.BLUE, bold=True))
+            for file in decorated_files:
+                typer.echo(f"  {typer.style('✓', fg=typer.colors.GREEN)} {file}")
+        
+        # Handle file path
+        else:
+            # Validate it's a Python file
+            if not path.suffix == '.py':
+                typer.echo(typer.style(f"Error: File '{path}' is not a Python file.", fg=typer.colors.RED, bold=True), err=True)
+                raise typer.Exit(code=1)
+            
+            # Add decorators to all functions and classes in the file
+            resolved_path = str(path.resolve())
+            modified_code = add_decorators(resolved_path)
+            
+            # Write the modified code back to the file
+            with open(resolved_path, 'w') as f:
+                f.write(modified_code)
+            
+            typer.echo(typer.style(f"Successfully added decorators to 1 file:", fg=typer.colors.BLUE, bold=True))
+            typer.echo(f"  {typer.style('✓', fg=typer.colors.GREEN)} {resolved_path}")
+        
+    except (RuntimeError, FileNotFoundError, NotADirectoryError, ValueError) as e:
+        typer.echo(typer.style(f"Error: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+    except Exception as e:
+        typer.echo(typer.style(f"Unexpected error while locking file: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+
+
+@app.command()
+def check(
+    file_path: Annotated[
+        str,
+        typer.Argument(help="Path to the Python file or folder to check")
+    ]
+):
+    """Check the integrity of decorators in a Python file or all Python files in a folder."""
+    path = Path(file_path)
+    
+    # Validate path exists
+    if not path.exists():
+        typer.echo(typer.style(f"Error: Path '{path}' does not exist.", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+    
+    try:
+        # Handle folder path
+        if path.is_dir():
+            resolved_path = str(path.resolve())
+            all_results = check_decorators_in_folder(resolved_path)
+            
+            total_decorated = 0
+            total_valid = 0
+            total_files = 0
+            files_with_issues = []
+            
+            for file_path, results in all_results.items():
+                # Skip files with errors
+                if "error" in results:
+                    typer.echo(typer.style(f"✗ {file_path}: {results['error']}", fg=typer.colors.RED))
+                    files_with_issues.append(file_path)
+                    continue
+                
+                total_files += 1
+                decorated_count = sum(1 for r in results.values() if r["has_decorator"])
+                valid_count = sum(1 for r in results.values() if r["valid"])
+                
+                total_decorated += decorated_count
+                total_valid += valid_count
+                
+                # Track files with validation failures
+                if decorated_count > 0 and valid_count < decorated_count:
+                    files_with_issues.append(file_path)
+            
+            # Summary header
+            if total_decorated == 0:
+                typer.echo("⚠️  No pyseal decorators found in any files.")
+            elif total_valid == total_decorated:
+                typer.echo(typer.style(f"All decorators are valid in {total_files} files:", fg=typer.colors.BLUE, bold=True))
+            else:
+                typer.echo(typer.style(f"{total_decorated - total_valid}/{total_decorated} decorators failed verification across {total_files} files:", fg=typer.colors.BLUE, bold=True), err=True)
+            
+            # File-by-file details
+            for file_path, results in all_results.items():
+                if "error" in results:
+                    continue
+                
+                decorated_count = sum(1 for r in results.values() if r["has_decorator"])
+                valid_count = sum(1 for r in results.values() if r["valid"])
+                
+                if decorated_count > 0:
+                    if valid_count == decorated_count:
+                        typer.echo(f"  {typer.style('✓', fg=typer.colors.GREEN)} {file_path}: {typer.style(f'{decorated_count} decorators valid', fg=typer.colors.GREEN)}")
+                    else:
+                        typer.echo(f"  {typer.style('✗', fg=typer.colors.RED)} {file_path}: {typer.style(f'{decorated_count - valid_count}/{decorated_count} decorators failed', fg=typer.colors.RED)}")
+            
+            # Exit with error if there were failures
+            if total_decorated > 0 and total_valid < total_decorated:
+                raise typer.Exit(code=1)
+        
+        # Handle file path
+        else:
+            # Validate it's a Python file
+            if not path.suffix == '.py':
+                typer.echo(typer.style(f"Error: File '{path}' is not a Python file.", fg=typer.colors.RED, bold=True), err=True)
+                raise typer.Exit(code=1)
+            
+            # Check all decorators in the file
+            resolved_path = str(path.resolve())
+            results = check_decorators(resolved_path)
+            
+            # Return success if all decorated functions are valid
+            decorated_count = sum(1 for r in results.values() if r["has_decorator"])
+            valid_count = sum(1 for r in results.values() if r["valid"])
+            
+            if decorated_count == 0:
+                typer.echo("⚠️  No pyseal decorators found in this file.")
+            elif valid_count == decorated_count:
+                typer.echo(typer.style("All decorators are valid in 1 file:", fg=typer.colors.BLUE, bold=True))
+                typer.echo(f"{typer.style('✓', fg=typer.colors.GREEN)} {resolved_path}: {typer.style(f'{decorated_count} decorators valid', fg=typer.colors.GREEN)}")
+            else:
+                typer.echo(typer.style(f"{decorated_count - valid_count}/{decorated_count} decorators failed verification across 1 file:", fg=typer.colors.BLUE, bold=True), err=True)
+                typer.echo(f"  {typer.style('✗', fg=typer.colors.RED)} {resolved_path}: {typer.style(f'{decorated_count - valid_count}/{decorated_count} decorators failed', fg=typer.colors.RED)}")
+                raise typer.Exit(code=1)
+    
+    except (FileNotFoundError, NotADirectoryError, ValueError) as e:
+        typer.echo(typer.style(f"Error: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+
+
+@app.command()
+def remove(
+    file_path: Annotated[
+        str,
+        typer.Argument(help="Path to the Python file or folder to remove pyseal decorators from")
+    ]
+):
+    """Remove pyseal decorators from all functions and classes in a Python file or all Python files in a folder."""
+    path = Path(file_path)
+    
+    # Validate path exists
+    if not path.exists():
+        typer.echo(typer.style(f"Error: Path '{path}' does not exist.", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+    
+    try:
+        # Handle folder path
+        if path.is_dir():
+            resolved_path = str(path.resolve())
+            modified_files = remove_decorators_from_folder(resolved_path)
+            
+            if modified_files:
+                typer.echo(typer.style(f"Successfully removed decorators from {len(modified_files)} files:", fg=typer.colors.BLUE, bold=True))
+                for file in modified_files:
+                    typer.echo(f"  {typer.style('✓', fg=typer.colors.GREEN)} {file}")
+            else:
+                typer.echo("⚠️  No pyseal decorators found in any files.")
+        
+        # Handle file path
+        else:
+            # Validate it's a Python file
+            if not path.suffix == '.py':
+                typer.echo(typer.style(f"Error: File '{path}' is not a Python file.", fg=typer.colors.RED, bold=True), err=True)
+                raise typer.Exit(code=1)
+            
+            resolved_path = str(path.resolve())
+            modified_code, found = remove_decorators(resolved_path)
+            
+            with open(resolved_path, 'w') as f:
+                f.write(modified_code)
+            
+            if found:
+                typer.echo(typer.style(f"Successfully removed decorators from 1 file:", fg=typer.colors.BLUE, bold=True))
+                typer.echo(f"  {typer.style('✓', fg=typer.colors.GREEN)} {resolved_path}")
+            else:
+                typer.echo(f"⚠️  No pyseal decorators found in {resolved_path}")
+    
+    except (FileNotFoundError, NotADirectoryError, ValueError) as e:
+        typer.echo(typer.style(f"Error: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+    except Exception as e:
+        typer.echo(typer.style(f"Unexpected error while removing decorators: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+
+
+def main():
+    """Main CLI entry point."""
+    app()
+
+
+if __name__ == '__main__':
+    main()

pyseal/dummy_decorators.py

@@ -0,0 +1,83 @@
+"""Defines dummy decorators for all decorators found in the target file."""
+
+import os
+import ast
+import inspect
+
+
+def _dummy_decorator(func=None, *args, **kwargs):
+    """
+    A no-op (dummy) decorator that can be used in place of any decorator.
+
+    Handles both @deco and @deco(...) usages. If used as @deco, it returns the function unchanged.
+    If used as @deco(...), it returns a wrapper that returns the function unchanged.
+
+    Args:
+        func (callable, optional): The function to decorate, or None if called with arguments.
+        *args: Positional arguments (ignored).
+        **kwargs: Keyword arguments (ignored).
+
+    Returns:
+        callable: The original function, unchanged.
+    """
+    if callable(func) and not args and not kwargs:
+        return func
+    def wrapper(f):
+        return f
+    return wrapper
+
+def _discover_decorators(file_path):
+    """
+    Yield all decorator names used in the given Python file.
+
+    This function parses the specified Python file and walks its AST to find all decorator names
+    used on functions, async functions, and classes. It handles decorators used as @deco, @deco(...),
+    and @obj.deco or @obj.deco(...).
+
+    Args:
+        file_path (str): Path to the Python file to scan.
+
+    Yields:
+        str: The name of each decorator found.
+    """
+    if not os.path.exists(file_path):
+        return
+    with open(file_path, "r") as f:
+        src = f.read()
+    try:
+        tree = ast.parse(src)
+    except Exception:
+        return
+    for node in ast.walk(tree):
+        if isinstance(node, (ast.FunctionDef, ast.AsyncFunctionDef, ast.ClassDef)):
+            for deco in node.decorator_list:
+                # Handles @deco or @deco(...)
+                if isinstance(deco, ast.Name):
+                    yield deco.id
+                elif isinstance(deco, ast.Attribute):
+                    yield deco.attr
+                elif isinstance(deco.func, ast.Name):
+                    yield deco.func.id
+                elif isinstance(deco.func, ast.Attribute):
+                    yield deco.func.attr
+
+def _get_caller_file():
+    """
+    Find the filename of the module that imported this module at the top level.
+
+    Returns:
+        str or None: The filename of the caller module, or None if not found.
+    """
+    stack = inspect.stack()
+    for frame in stack:
+        if frame.function == "<module>" and frame.filename != __file__:
+            return frame.filename
+
+# Main logic: define dummy decorators for all found in the caller file
+_CALLER_FILE = _get_caller_file()
+if _CALLER_FILE:
+    _seen = set()
+    for deco_name in _discover_decorators(_CALLER_FILE):
+        if deco_name and deco_name not in globals() and deco_name not in _seen:
+            globals()[deco_name] = _dummy_decorator
+            _seen.add(deco_name)

pyseal/remove_decorators.py

@@ -0,0 +1,88 @@
+"""Remove cryptographic pyseal decorators from all functions and classes in a Python file."""
+
+import ast
+from typing import List, Tuple, Dict
+from pathlib import Path
+
+def remove_decorators(file_path: str) -> Tuple[str, bool]:
+    """
+    Parse a Python file, remove all @pyseal.* decorators from functions and classes, and return the modified code.
+
+    Args:
+        file_path: Path to the Python file to process
+    Returns:
+        Modified Python source code as a string
+    """
+    with open(file_path, 'r') as f:
+        content = f.read()
+
+    tree = ast.parse(content)
+    lines = content.split('\n')
+    lines_to_remove = set()
+
+    for node in ast.walk(tree):
+        if type(node).__name__ in ("FunctionDef", "AsyncFunctionDef", "ClassDef"):
+            if hasattr(node, 'decorator_list'):
+                for decorator in node.decorator_list:
+                    is_pyseal_decorator = False
+                    if isinstance(decorator, ast.Name):
+                        if decorator.id.startswith("pyseal"):
+                            is_pyseal_decorator = True
+                    elif isinstance(decorator, ast.Attribute):
+                        if isinstance(decorator.value, ast.Name) and decorator.value.id == "pyseal":
+                            is_pyseal_decorator = True
+                    elif isinstance(decorator, ast.Call):
+                        func = decorator.func
+                        if isinstance(func, ast.Attribute):
+                            if isinstance(func.value, ast.Name) and func.value.id == "pyseal":
+                                is_pyseal_decorator = True
+                        elif isinstance(func, ast.Name) and func.id.startswith("pyseal"):
+                            is_pyseal_decorator = True
+                    if is_pyseal_decorator:
+                        lines_to_remove.add(decorator.lineno - 1)
+
+    found = len(lines_to_remove) > 0
+    for line_idx in sorted(lines_to_remove, reverse=True):
+        del lines[line_idx]
+
+    modified_code = '\n'.join(lines)
+    return modified_code, found
+
+
+def remove_decorators_from_folder(folder_path: str) -> List[str]:
+    """
+    Remove pyseal decorators from all Python files in a folder (recursively).
+
+    Args:
+        folder_path: Path to the folder to process
+    Returns:
+        List of file paths where decorators were removed
+    """
+    folder = Path(folder_path)
+    
+    if not folder.is_dir():
+        raise NotADirectoryError(f"'{folder_path}' is not a directory")
+    
+    # Find all Python files recursively
+    python_files = list(folder.rglob("*.py"))
+    
+    if not python_files:
+        raise FileNotFoundError(f"No Python files found in '{folder_path}'")
+    
+    files_modified = []
+    
+    for py_file in python_files:
+        try:
+            file_path = str(py_file.resolve())
+            modified_code, found = remove_decorators(file_path)
+            
+            if found:
+                # Write the modified code back to the file
+                with open(file_path, 'w') as f:
+                    f.write(modified_code)
+                files_modified.append(file_path)
+        except Exception as e:
+            # Skip files that can't be processed
+            continue
+    
+    return files_modified

pyseal/setup.py

@@ -0,0 +1,137 @@
+"""Setup the storage of the pyseal keypair in a .env file."""
+
+import os
+from pathlib import Path
+from typing import Optional
+from dotenv import load_dotenv, set_key
+from pyseal import generate_keypair
+
+
+def _find_env_file() -> Path:
+    """
+    Search for .env file starting from current directory and walking up to parent directories.
+    Also checks PYSEAL_ENV_PATH environment variable.
+    
+    Returns:
+        Path: Path to the .env file
+        
+    Raises:
+        FileNotFoundError: If no .env file is found
+    """
+    # First check if PYSEAL_ENV_PATH environment variable is set
+    env_path_var = os.getenv("PYSEAL_ENV_PATH")
+    if env_path_var:
+        env_path = Path(env_path_var)
+        if env_path.exists():
+            return env_path
+    
+    # Start from current working directory and search upward
+    current = Path.cwd()
+    
+    # Check current directory and all parent directories up to root
+    for parent in [current] + list(current.parents):
+        env_file = parent / '.env'
+        if env_file.exists():
+            return env_file
+    
+    # If not found, return the default location (current directory)
+    # This will be used in error messages
+    return Path.cwd() / '.env'
+
+def setup_keypair(env_path: Optional[str | Path] = None):
+    """
+    Generate and store keypair securely.
+    
+    Args:
+        env_path: Optional path to .env file. If None, creates in current directory.
+    """
+    # Determine .env location
+    if env_path is None:
+        env_path = Path.cwd() / '.env'
+    else:
+        env_path = Path(env_path)
+    
+    # Check if keys already exist
+    if env_path.exists():
+        load_dotenv(env_path)
+        existing_private = os.getenv("PYSEAL_PRIVATE_KEY")
+        existing_public = os.getenv("PYSEAL_PUBLIC_KEY")
+        
+        if existing_private or existing_public:
+            raise ValueError(f"Keys already exist in {env_path} Cannot overwrite existing keys.")
+    
+    # Create .env if it doesn't exist
+    env_path.touch(exist_ok=True)
+
+    # Generate keypair using the Rust function
+    private_key_hex, public_key_hex = generate_keypair()
+    
+    # Store keys in .env file
+    set_key(str(env_path), "PYSEAL_PRIVATE_KEY", private_key_hex)
+    set_key(str(env_path), "PYSEAL_PUBLIC_KEY", public_key_hex)
+    
+    return private_key_hex, public_key_hex
+
+
+def get_public_key(env_path: Optional[str | Path] = None) -> str:
+    """
+    Retrieve the public key from the .env file.
+    
+    Args:
+        env_path: Optional path to .env file. If None, searches from current directory upward.
+    
+    Returns:
+        str: The public key hex string, or None if not found.
+    """
+    # Determine .env location
+    if env_path is None:
+        env_path = _find_env_file()
+    else:
+        env_path = Path(env_path)
+    
+    # Check if .env exists
+    if not env_path.exists():
+        raise FileNotFoundError(f"No .env file found at {env_path}. Run setup_keypair() first.")
+    
+    # Load environment variables from .env
+    load_dotenv(env_path)
+    
+    # Get public key
+    public_key = os.getenv("PYSEAL_PUBLIC_KEY")
+    
+    if public_key is None:
+        raise ValueError(f"PYSEAL_PUBLIC_KEY not found in {env_path}. Run setup_keypair() first.")
+    
+    return public_key
+
+
+def get_private_key(env_path: Optional[str | Path] = None) -> str:
+    """
+    Retrieve the private key from the .env file.
+    
+    Args:
+        env_path: Optional path to .env file. If None, searches from current directory upward.
+    
+    Returns:
+        str: The private key hex string, or None if not found.
+    """
+    # Determine .env location
+    if env_path is None:
+        env_path = _find_env_file()
+    else:
+        env_path = Path(env_path)
+    
+    # Check if .env exists
+    if not env_path.exists():
+        raise FileNotFoundError(f"No .env file found at {env_path}. Run setup_keypair() first.")
+    
+    # Load environment variables from .env
+    load_dotenv(env_path)
+    
+    # Get private key
+    private_key = os.getenv("PYSEAL_PRIVATE_KEY")
+    
+    if private_key is None:
+        raise ValueError(f"PYSEAL_PRIVATE_KEY not found in {env_path}. Run setup_keypair() first.")
+    
+    return private_key

pysealer-0.1.3.dist-info/METADATA

@@ -0,0 +1,168 @@
+Metadata-Version: 2.4
+Name: pysealer
+Version: 0.1.3
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Rust
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Dist: python-dotenv>=1.0.0
+Requires-Dist: typer>=0.9.0
+Requires-Dist: pytest>=7.0.0 ; extra == 'test'
+Requires-Dist: pytest-cov>=4.0.0 ; extra == 'test'
+Requires-Dist: pytest-asyncio>=0.21.0 ; extra == 'test'
+Provides-Extra: test
+License-File: LICENSE
+Summary: Cryptographically sign Python functions and classes for defense-in-depth security
+Keywords: rust,python,decorator,cryptography
+Author: Aidan Dyga
+License: MIT
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown; charset=UTF-8; variant=GFM
+Project-URL: Issues, https://github.com/MCP-Security-Research/pysealer/issues
+Project-URL: Repository, https://github.com/MCP-Security-Research/pysealer
+
+# pyseal
+
+Cryptographically sign your Python functions and classes to detect version control changes
+
+> 💡 **code version controls code**
+
+- 🦀 Built with the [maturin build system](https://www.maturin.rs/) for easy Rust-Python packaging
+- 🔗 [PyO3](https://pyo3.rs/v0.27.1/index.html) bindings for seamless Python-Rust integration
+- 🔏 [Ed25519](https://docs.rs/ed25519-dalek/latest/ed25519_dalek/) signatures to ensure code integrity and authorship
+- 🖥️ [Typer](https://typer.tiangolo.com/) for a clean and user-friendly command line interface
+
+Pyseal helps you maintain code integrity by automatically adding cryptographic signatures to your Python functions and classes. Each function or class receives a unique decorator containing a cryptographic signature that verifies both authorship and integrity, making it easy to detect unauthorized code modifications.
+
+## Table of Contents
+
+1. [Getting Started](#getting-started)
+2. [Usage](#usage)
+3. [How It Works](#how-it-works)
+4. [Model Context Protocol (MCP) Security Use Cases](#model-context-protocol-mcp-security-use-cases)
+5. [Contributing](#contributing)
+6. [License](#license)
+
+## Getting Started
+
+```shell
+pip install pyseal
+# or
+uv pip install pyseal
+```
+
+## Usage
+
+```shell
+pyseal init [ENV_FILE]         # Initialize the pyseal tool by generating and saving keys to an ENV_FILE (default: .env)
+pyseal decorate <file.py>...   # Add cryptographic decorators to all functions/classes in one or more .py files
+pyseal check <file.py>...      # Verify the integrity and validity of pyseal decorators in one or more .py files
+pyseal remove <file.py>...     # Remove all pyseal decorators from one or more .py files
+pyseal --help                  # Show all available commands and options
+```
+
+## How It Works
+
+Pyseal works by automatically injecting cryptographic decorators into your Python functions and classes. Here’s how the process works:
+
+### Step-by-Step Example
+
+Suppose you have a file `fibonacci.py`:
+
+```python
+def fibonacci(n):
+    if n <= 0:
+        return 0
+    elif n == 1:
+        return 1
+    else:
+        return fibonacci(n-1) + fibonacci(n-2)
+```
+
+#### 1. Decorate the file
+
+```shell
+pyseal decorate examples/fibonacci.py
+
+Successfully added decorators to 1 file:
+  ✓ /path/to/examples/fibonacci.py
+```
+
+```python
+@pyseal._GnCLaWr9B6TD524JZ3v1CENXmo5Drwfgvc9arVagbghQ6hMH4Aqc8whs3Tf57pkTjsAVNDybviW9XG5Eu3JSP6T()
+def fibonacci(n):
+    if n <= 0:
+        return 0
+    elif n == 1:
+        return 1
+    else:
+        return fibonacci(n-1) + fibonacci(n-2)
+```
+
+#### 2. Check integrity
+
+```shell
+pyseal check examples/fibonacci.py
+
+All decorators are valid in 1 file:
+✓ /path/to/examples/fibonacci.py: 1 decorators valid
+```
+
+#### 3. Tamper with the code (change return 0 to return 42)
+
+```python
+@pyseal._GnCLaWr9B6TD524JZ3v1CENXmo5Drwfgvc9arVagbghQ6hMH4Aqc8whs3Tf57pkTjsAVNDybviW9XG5Eu3JSP6T()
+def fibonacci(n):
+    if n <= 0:
+        return 42
+    elif n == 1:
+        return 1
+    else:
+        return fibonacci(n-1) + fibonacci(n-2)
+```
+
+#### 4. Check again
+
+```shell
+pyseal check examples/fibonacci.py
+
+1/1 decorators failed verification across 1 file:
+  ✗ /path/to/examples/fibonacci.py: 1/1 decorators failed
+```
+
+## Model Context Protocol (MCP) Security Use Cases
+
+One use case of Pyseal is to protect MCP servers from upstream attacks by cryptographically signing tool functions and their docstrings. Since LLMs rely on docstrings to understand tool behavior, attackers can inject malicious instructions or create fake tools that mimic legitimate ones. Pyseal's signatures ensure tool authenticity and detect tampering because any modification to code or docstrings breaks the signature and flags compromised tools.
+
+- **Detect Version Control Changes**
+  - Automatically detect unauthorized code modifications through cryptographic signatures
+  - Each function's decorator contains a signature based on its code and docstring
+  - Any mismatch between code and signature is immediately flagged
+
+- **Defense-in-Depth for Source Control**
+  - Add an additional security layer to version control systems
+  - Complement existing security measures with cryptographic verification
+  - Reduce risk through multiple layers of protection
+
+## Contributing
+
+**🙌 Contributions are welcome!**
+
+If you have suggestions, bug reports, or want to help improve Pyseal, feel free to open an [issue](https://github.com/MCP-Security-Research/pyseal/issues) or submit a pull request.
+
+All ideas and contributions are appreciated—thanks for helping make pyseal better!
+
+## License
+
+Pyseal is licensed under the MIT License. See [LICENSE](LICENSE) for details.
+

pysealer-0.1.3.dist-info/RECORD

@@ -0,0 +1,13 @@
+pyseal/__init__.py,sha256=UYa_3JkAojYCceftDG7L_SuaYG9qzXqPeaccBA-enlA,934
+pyseal/_pyseal.cpython-313t-powerpc64le-linux-gnu.so,sha256=wB2QMid9kEfx6z3Xn3J5zjss5uY-NH9BB6_mud8tfEQ,1041592
+pyseal/add_decorators.py,sha256=NOuSN9feAJ8jlKVrLtp6IhY4SBgRtye7qbwx1HDgiYE,8696
+pyseal/check_decorators.py,sha256=17KjDxuhFy23o53sKO3LP_KuR2AaDOSkz4BERGCwgB8,7155
+pyseal/cli.py,sha256=Nvh51PiFUvEGxh1pwgPsTTSmiGLclv72sE-CiRmiFEk,12000
+pyseal/dummy_decorators.py,sha256=9ORNnMZ6lT5e1gU4Dt9lifAEDfjJ1wCXGiOUfMiqP-w,2807
+pyseal/remove_decorators.py,sha256=iE-8tj4y14d4GH26c7PTqLbdWxlTw91wL4f88_foxSE,3250
+pyseal/setup.py,sha256=n8CNHqx0dtsAsbjuMZWSjQAfI9hfXap0SqoifdDZm74,4180
+pysealer-0.1.3.dist-info/METADATA,sha256=XPNM9GcmC9bJLmqeynnw9cYozgSBELcuKKfy_1gCKYA,6100
+pysealer-0.1.3.dist-info/WHEEL,sha256=2yo4KOUoBa6tMWvxk21okE8Ycb5W22kL8Ukm23Q3bcA,151
+pysealer-0.1.3.dist-info/entry_points.txt,sha256=OAG9fOMEkDabuZBWEMJ6KqhDfBdNRadOntLkG05qjkg,41
+pysealer-0.1.3.dist-info/licenses/LICENSE,sha256=FtcYsMyXNwAqNhOMxR3TwptCUnwb5coRK_UQyWGLJnc,1067
+pysealer-0.1.3.dist-info/RECORD,,

pysealer-0.1.3.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: maturin (1.11.5)
+Root-Is-Purelib: false
+Tag: cp313-cp313t-manylinux_2_17_ppc64le
+Tag: cp313-cp313t-manylinux2014_ppc64le

pysealer-0.1.3.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+pyseal=pyseal.cli:main

pysealer-0.1.3.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Aidan Dyga
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.