PyPI - pysealer - Versions diffs - 0.1.4__pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl - Mend

pysealer 0.1.4__pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

pysealer/__init__.py +24 -0
pysealer/_pysealer.pypy39-pp73-aarch64-linux-gnu.so +0 -0
pysealer/add_decorators.py +215 -0
pysealer/check_decorators.py +179 -0
pysealer/cli.py +284 -0
pysealer/dummy_decorators.py +83 -0
pysealer/remove_decorators.py +88 -0
pysealer/setup.py +137 -0
pysealer-0.1.4.dist-info/METADATA +168 -0
pysealer-0.1.4.dist-info/RECORD +13 -0
pysealer-0.1.4.dist-info/WHEEL +5 -0
pysealer-0.1.4.dist-info/entry_points.txt +2 -0
pysealer-0.1.4.dist-info/licenses/LICENSE +21 -0

pysealer/__init__.py ADDED Viewed

@@ -0,0 +1,24 @@
+"""Pysealer package entry point
+This package serves as a bridge between the Python command line interface and the
+underlying Rust implementation (compiled as _pysealer module). It exposes the
+core functionality for adding version control decorators to Python functions.
+This module also dynamically provides decorator placeholders (e.g. @pysealer._<sig>)
+so that decorated functions remain importable.
+"""
+# Define the rust to python module version and functions
+from ._pysealer import generate_keypair, generate_signature, verify_signature
+__version__ = "0.1.4"
+__all__ = ["generate_keypair", "generate_signature", "verify_signature"]
+# Ensure dummy decorators are registered on import
+from . import dummy_decorators
+# Allow dynamic decorator resolution for @pyseal._<sig>()
+def __getattr__(name):
+	if name.startswith("_"):
+		return dummy_decorators._dummy_decorator
+	raise AttributeError(f"module 'pysealer' has no attribute '{name}'")

pysealer/_pysealer.pypy39-pp73-aarch64-linux-gnu.so ADDED Viewed

Binary file

pysealer/add_decorators.py ADDED Viewed

@@ -0,0 +1,215 @@
+"""Automatically add cryptographic decorators to all functions and classes in a python file."""
+import ast
+import copy
+from pathlib import Path
+from pysealer import generate_signature
+from .setup import get_private_key
+def add_decorators(file_path: str) -> str:
+    """
+    Parse a Python file, add decorators to all functions and classes, and return the modified code.
+    Args:
+        file_path: Path to the Python file to process
+    Returns:
+        Modified Python source code as a string
+    """
+    # Read the entire file content into a string
+    with open(file_path, 'r') as f:
+        content = f.read()
+    # Split content into lines for manipulation
+    lines = content.split('\n')
+    # Dynamically add 'import pysealer' grouped with other imports if not present
+    has_import_pysealer = any(
+        line.strip() == 'import pysealer' or line.strip().startswith('import pysealer') or line.strip().startswith('from pysealer')
+        for line in lines
+    )
+    if not has_import_pysealer:
+        # Find the import block
+        import_indices = [i for i, line in enumerate(lines) if line.strip().startswith('import ') or line.strip().startswith('from ')]
+        if import_indices:
+            # Insert after the last import in the block
+            last_import = import_indices[-1]
+            lines.insert(last_import + 1, 'import pysealer')
+        else:
+            # No import block found, insert after shebang/docstring/comments as before
+            insert_at = 0
+            if lines and lines[0].startswith('#!'):
+                insert_at = 1
+            while insert_at < len(lines) and (lines[insert_at].strip() == '' or lines[insert_at].strip().startswith('"""') or lines[insert_at].strip().startswith("''")):
+                if lines[insert_at].strip().startswith('"""') or lines[insert_at].strip().startswith("''"):
+                    quote = lines[insert_at].strip()[:3]
+                    insert_at += 1
+                    while insert_at < len(lines) and not lines[insert_at].strip().endswith(quote):
+                        insert_at += 1
+                    if insert_at < len(lines):
+                        insert_at += 1
+                else:
+                    insert_at += 1
+            lines.insert(insert_at, 'import pysealer')
+    # Parse the Python source code into an Abstract Syntax Tree (AST)
+    content = '\n'.join(lines)
+    tree = ast.parse(content)
+    # First pass: Remove existing pysealer decorators
+    lines_to_remove = set()
+    for node in ast.walk(tree):
+        if type(node).__name__ in ("FunctionDef", "AsyncFunctionDef", "ClassDef"):
+            if hasattr(node, 'decorator_list'):
+                for decorator in node.decorator_list:
+                    is_pysealer_decorator = False
+                    if isinstance(decorator, ast.Name):
+                        if decorator.id.startswith("pysealer"):
+                            is_pysealer_decorator = True
+                    elif isinstance(decorator, ast.Attribute):
+                        if isinstance(decorator.value, ast.Name) and decorator.value.id == "pysealer":
+                            is_pysealer_decorator = True
+                    elif isinstance(decorator, ast.Call):
+                        func = decorator.func
+                        if isinstance(func, ast.Attribute):
+                            if isinstance(func.value, ast.Name) and func.value.id == "pysealer":
+                                is_pysealer_decorator = True
+                        elif isinstance(func, ast.Name) and func.id.startswith("pysealer"):
+                            is_pysealer_decorator = True
+                    if is_pysealer_decorator:
+                        # Mark this line for removal (convert to 0-indexed)
+                        lines_to_remove.add(decorator.lineno - 1)
+    # Remove the marked lines (in reverse order to preserve indices)
+    for line_idx in sorted(lines_to_remove, reverse=True):
+        del lines[line_idx]
+    # Re-parse the content after removing decorators to get updated line numbers
+    modified_content = '\n'.join(lines)
+    tree = ast.parse(modified_content)
+    # Build parent map for all nodes
+    parent_map = {}
+    for parent in ast.walk(tree):
+        for child in ast.iter_child_nodes(parent):
+            parent_map[child] = parent
+    decorators_to_add = []
+    for node in ast.walk(tree):
+        node_type = type(node).__name__
+        # Only decorate:
+        # - Top-level functions (not inside a class)
+        # - Top-level classes
+        if node_type in ("FunctionDef", "AsyncFunctionDef"):
+            parent = parent_map.get(node)
+            if isinstance(parent, ast.ClassDef):
+                continue  # skip methods inside classes
+        elif node_type == "ClassDef":
+            pass  # always decorate classes
+        else:
+            continue
+        # Extract the complete source code of this function/class for hashing
+        node_clone = copy.deepcopy(node)
+        # Filter out pysealer decorators
+        if hasattr(node_clone, 'decorator_list'):
+            filtered_decorators = []
+            for decorator in node_clone.decorator_list:
+                should_keep = True
+                if isinstance(decorator, ast.Name):
+                    if decorator.id.startswith("pysealer"):
+                        should_keep = False
+                elif isinstance(decorator, ast.Attribute):
+                    if isinstance(decorator.value, ast.Name) and decorator.value.id == "pysealer":
+                        should_keep = False
+                elif isinstance(decorator, ast.Call):
+                    func = decorator.func
+                    if isinstance(func, ast.Attribute):
+                        if isinstance(func.value, ast.Name) and func.value.id == "pysealer":
+                            should_keep = False
+                    elif isinstance(func, ast.Name) and func.id.startswith("pysealer"):
+                        should_keep = False
+                if should_keep:
+                    filtered_decorators.append(decorator)
+            node_clone.decorator_list = filtered_decorators
+        module_wrapper = ast.Module(body=[node_clone], type_ignores=[])
+        function_source = ast.unparse(module_wrapper)
+        try:
+            private_key = get_private_key()
+        except (FileNotFoundError, ValueError) as e:
+            raise RuntimeError(f"Cannot add decorators: {e}. Please run 'pysealer init' first.")
+        try:
+            signature = generate_signature(function_source, private_key)
+        except Exception as e:
+            raise RuntimeError(f"Failed to generate signature: {e}")
+        decorator_line = node.lineno - 1
+        if hasattr(node, 'decorator_list') and node.decorator_list:
+            decorator_line = node.decorator_list[0].lineno - 1
+        decorators_to_add.append((decorator_line, node.col_offset, signature))
+    # Sort in reverse order to add from bottom to top (preserves line numbers)
+    decorators_to_add.sort(reverse=True)
+    # Add decorators to the lines
+    for line_idx, col_offset, signature in decorators_to_add:
+        indent = ' ' * col_offset
+        decorator_line = f"{indent}@pysealer._{signature}()"
+        lines.insert(line_idx, decorator_line)
+    # Join lines back together
+    modified_code = '\n'.join(lines)
+    return modified_code
+def add_decorators_to_folder(folder_path: str) -> list[str]:
+    """
+    Add decorators to all Python files in a folder.
+    Args:
+        folder_path: Path to the folder containing Python files
+    Returns:
+        List of file paths that were successfully decorated
+    """
+    folder = Path(folder_path)
+    if not folder.exists():
+        raise FileNotFoundError(f"Folder '{folder_path}' does not exist.")
+    if not folder.is_dir():
+        raise NotADirectoryError(f"'{folder_path}' is not a directory.")
+    # Find all Python files in the folder (non-recursive)
+    python_files = list(folder.glob('*.py'))
+    if not python_files:
+        raise ValueError(f"No Python files found in '{folder_path}'.")
+    decorated_files = []
+    errors = []
+    for py_file in python_files:
+        try:
+            modified_code = add_decorators(str(py_file))
+            with open(py_file, 'w') as f:
+                f.write(modified_code)
+            decorated_files.append(str(py_file))
+        except Exception as e:
+            errors.append((str(py_file), str(e)))
+    if errors:
+        error_msg = "\n".join([f"  - {file}: {error}" for file, error in errors])
+        raise RuntimeError(f"Failed to decorate some files:\n{error_msg}")
+    return decorated_files

pysealer/check_decorators.py ADDED Viewed

@@ -0,0 +1,179 @@
+"""Automatically verify cryptographic decorators for all functions and classes in a python file."""
+import ast
+import copy
+from pathlib import Path
+from typing import Dict
+from pysealer import verify_signature
+from .setup import get_public_key
+def check_decorators(file_path: str) -> Dict[str, dict]:
+    """
+    Parse a Python file and verify all pysealer cryptographic decorators.
+    This function checks that each function/class with a pysealer decorator has a valid
+    signature that matches the current source code of that function/class.
+    Args:
+        file_path: Path to the Python file to verify
+    Returns:
+        Dictionary mapping function/class names to their verification results:
+        {
+            "function_name": {
+                "valid": bool,           # Whether signature is valid
+                "signature": str,        # The signature found in decorator
+                "message": str,          # Success or error message
+                "has_decorator": bool    # Whether function has pysealer decorator
+            }
+        }
+    """
+    # Read the file content
+    with open(file_path, 'r') as f:
+        content = f.read()
+    # Parse the Python source code into an AST
+    tree = ast.parse(content)
+    # Get the public key for verification
+    try:
+        public_key = get_public_key()
+    except (FileNotFoundError, ValueError) as e:
+        raise RuntimeError(f"Cannot verify decorators: {e}. Please run 'pysealer init' first.")
+    # Dictionary to store results
+    results = {}
+    # Iterate through each node in the AST
+    for node in ast.walk(tree):
+        node_type = type(node).__name__
+        # Check if this node is a function or class definition
+        if node_type in ("FunctionDef", "AsyncFunctionDef", "ClassDef"):
+            name = node.name
+            # Look for pysealer decorator
+            signature_from_decorator = None
+            has_pysealer_decorator = False
+            if hasattr(node, 'decorator_list'):
+                for decorator in node.decorator_list:
+                    # Check if decorator is a Call node (e.g., @pysealer._<signature>())
+                    if isinstance(decorator, ast.Call):
+                        func = decorator.func
+                        # Check if it's pysealer._<signature>
+                        if isinstance(func, ast.Attribute):
+                            if isinstance(func.value, ast.Name) and func.value.id == "pysealer":
+                                attr_name = func.attr
+                                # Extract signature (remove leading underscore)
+                                if attr_name.startswith('_'):
+                                    signature_from_decorator = attr_name[1:]
+                                    has_pysealer_decorator = True
+                                    break
+            # Initialize result for this function/class
+            result = {
+                "has_decorator": has_pysealer_decorator,
+                "valid": False,
+                "signature": signature_from_decorator,
+                "message": ""
+            }
+            if not has_pysealer_decorator:
+                result["message"] = "No pysealer decorator found"
+                results[name] = result
+                continue
+            # Extract the source code without pysealer decorators for verification
+            node_clone = copy.deepcopy(node)
+            # Filter out pysealer decorators from the clone
+            if hasattr(node_clone, 'decorator_list'):
+                filtered_decorators = []
+                for decorator in node_clone.decorator_list:
+                    should_keep = True
+                    # Check if decorator is a simple Name node starting with "pysealer"
+                    if isinstance(decorator, ast.Name):
+                        if decorator.id.startswith("pysealer"):
+                            should_keep = False
+                    # Check if decorator is an Attribute node (e.g., pysealer.something)
+                    elif isinstance(decorator, ast.Attribute):
+                        if isinstance(decorator.value, ast.Name) and decorator.value.id == "pysealer":
+                            should_keep = False
+                    # Check if decorator is a Call node
+                    elif isinstance(decorator, ast.Call):
+                        func = decorator.func
+                        # Check if call is to pysealer.something()
+                        if isinstance(func, ast.Attribute):
+                            if isinstance(func.value, ast.Name) and func.value.id == "pysealer":
+                                should_keep = False
+                        # Check if call is to pysealer_something()
+                        elif isinstance(func, ast.Name) and func.id.startswith("pysealer"):
+                            should_keep = False
+                    if should_keep:
+                        filtered_decorators.append(decorator)
+                node_clone.decorator_list = filtered_decorators
+            # Convert the filtered node back to source code
+            module_wrapper = ast.Module(body=[node_clone], type_ignores=[])
+            function_source = ast.unparse(module_wrapper)
+            # Verify the signature
+            try:
+                is_valid = verify_signature(function_source, signature_from_decorator, public_key)
+                result["valid"] = is_valid
+                if is_valid:
+                    result["message"] = "✓ Signature valid - code has not been tampered with"
+                else:
+                    result["message"] = "✗ Signature invalid - code may have been modified"
+            except Exception as e:
+                result["message"] = f"✗ Error verifying signature: {e}"
+            results[name] = result
+    return results
+def check_decorators_in_folder(folder_path: str) -> Dict[str, Dict[str, dict]]:
+    """
+    Check decorators in all Python files in a folder.
+    Args:
+        folder_path: Path to the folder containing Python files
+    Returns:
+        Dictionary mapping file paths to their verification results
+    """
+    folder = Path(folder_path)
+    if not folder.exists():
+        raise FileNotFoundError(f"Folder '{folder_path}' does not exist.")
+    if not folder.is_dir():
+        raise NotADirectoryError(f"'{folder_path}' is not a directory.")
+    # Find all Python files in the folder (non-recursive)
+    python_files = list(folder.glob('*.py'))
+    if not python_files:
+        raise ValueError(f"No Python files found in '{folder_path}'.")
+    all_results = {}
+    for py_file in python_files:
+        try:
+            results = check_decorators(str(py_file))
+            all_results[str(py_file)] = results
+        except Exception as e:
+            all_results[str(py_file)] = {"error": str(e)}
+    return all_results

pysealer/cli.py ADDED Viewed

@@ -0,0 +1,284 @@
+"""
+Command-line interface for pysealer.
+Commands:
+- init: Initialize pysealer with a new keypair and .env file.
+- lock: Add pysealer decorators to all functions and classes in a Python file.
+- check: Check the integrity and validity of pysealer decorators in a Python file.
+- remove: Remove all pysealer decorators from a Python file.
+Use `pysealer --help` to see available options and command details.
+Use `pysealer --version` to see the current version of pysealer installed.
+"""
+from pathlib import Path
+import typer
+from typing_extensions import Annotated
+from . import __version__
+from .setup import setup_keypair
+from .add_decorators import add_decorators, add_decorators_to_folder
+from .check_decorators import check_decorators, check_decorators_in_folder
+from .remove_decorators import remove_decorators, remove_decorators_from_folder
+app = typer.Typer(
+    name="pysealer",
+    help="Version control your Python functions and classes with cryptographic decorators",
+    no_args_is_help=True,
+)
+def version_callback(value: bool):
+    """Helper function to display version information."""
+    if value:
+        typer.echo(f"pysealer {__version__}")
+        raise typer.Exit()
+@app.callback()
+def version(
+    version: Annotated[
+        bool,
+        typer.Option("--version", help="Report the current version of pysealer installed.", callback=version_callback, is_eager=True)
+    ] = False
+):
+    """Report the current version of pysealer installed."""
+    pass
+@app.command()
+def init(
+    env_file: Annotated[
+        str,
+        typer.Argument(help="Path to the .env file")
+    ] = ".env"
+):
+    """Initialize pysealer with an .env file."""
+    try:
+        env_path = Path(env_file)
+        # Generate and store keypair (will raise error if keys already exist)
+        setup_keypair(env_path)
+        typer.echo(typer.style("Successfully initialized pysealer!", fg=typer.colors.BLUE, bold=True))
+        typer.echo(f"🔑 Keypair generated and stored in {env_path}")
+        typer.echo("⚠️  Keep your .env file secure and add it to .gitignore!")
+    except Exception as e:
+        typer.echo(typer.style(f"Error during initialization: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+@app.command()
+def lock(
+    file_path: Annotated[
+        str,
+        typer.Argument(help="Path to the Python file or folder to decorate")
+    ]
+):
+    """Add decorators to all functions and classes in a Python file or all Python files in a folder."""
+    path = Path(file_path)
+    # Validate path exists
+    if not path.exists():
+        typer.echo(typer.style(f"Error: Path '{path}' does not exist.", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+    try:
+        # Handle folder path
+        if path.is_dir():
+            resolved_path = str(path.resolve())
+            decorated_files = add_decorators_to_folder(resolved_path)
+            typer.echo(typer.style(f"Successfully added decorators to {len(decorated_files)} files:", fg=typer.colors.BLUE, bold=True))
+            for file in decorated_files:
+                typer.echo(f"  {typer.style('✓', fg=typer.colors.GREEN)} {file}")
+        # Handle file path
+        else:
+            # Validate it's a Python file
+            if not path.suffix == '.py':
+                typer.echo(typer.style(f"Error: File '{path}' is not a Python file.", fg=typer.colors.RED, bold=True), err=True)
+                raise typer.Exit(code=1)
+            # Add decorators to all functions and classes in the file
+            resolved_path = str(path.resolve())
+            modified_code = add_decorators(resolved_path)
+            # Write the modified code back to the file
+            with open(resolved_path, 'w') as f:
+                f.write(modified_code)
+            typer.echo(typer.style(f"Successfully added decorators to 1 file:", fg=typer.colors.BLUE, bold=True))
+            typer.echo(f"  {typer.style('✓', fg=typer.colors.GREEN)} {resolved_path}")
+    except (RuntimeError, FileNotFoundError, NotADirectoryError, ValueError) as e:
+        typer.echo(typer.style(f"Error: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+    except Exception as e:
+        typer.echo(typer.style(f"Unexpected error while locking file: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+@app.command()
+def check(
+    file_path: Annotated[
+        str,
+        typer.Argument(help="Path to the Python file or folder to check")
+    ]
+):
+    """Check the integrity of decorators in a Python file or all Python files in a folder."""
+    path = Path(file_path)
+    # Validate path exists
+    if not path.exists():
+        typer.echo(typer.style(f"Error: Path '{path}' does not exist.", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+    try:
+        # Handle folder path
+        if path.is_dir():
+            resolved_path = str(path.resolve())
+            all_results = check_decorators_in_folder(resolved_path)
+            total_decorated = 0
+            total_valid = 0
+            total_files = 0
+            files_with_issues = []
+            for file_path, results in all_results.items():
+                # Skip files with errors
+                if "error" in results:
+                    typer.echo(typer.style(f"✗ {file_path}: {results['error']}", fg=typer.colors.RED))
+                    files_with_issues.append(file_path)
+                    continue
+                total_files += 1
+                decorated_count = sum(1 for r in results.values() if r["has_decorator"])
+                valid_count = sum(1 for r in results.values() if r["valid"])
+                total_decorated += decorated_count
+                total_valid += valid_count
+                # Track files with validation failures
+                if decorated_count > 0 and valid_count < decorated_count:
+                    files_with_issues.append(file_path)
+            # Summary header
+            if total_decorated == 0:
+                typer.echo("⚠️  No pysealer decorators found in any files.")
+            elif total_valid == total_decorated:
+                typer.echo(typer.style(f"All decorators are valid in {total_files} files:", fg=typer.colors.BLUE, bold=True))
+            else:
+                typer.echo(typer.style(f"{total_decorated - total_valid}/{total_decorated} decorators failed verification across {total_files} files:", fg=typer.colors.BLUE, bold=True), err=True)
+            # File-by-file details
+            for file_path, results in all_results.items():
+                if "error" in results:
+                    continue
+                decorated_count = sum(1 for r in results.values() if r["has_decorator"])
+                valid_count = sum(1 for r in results.values() if r["valid"])
+                if decorated_count > 0:
+                    if valid_count == decorated_count:
+                        typer.echo(f"  {typer.style('✓', fg=typer.colors.GREEN)} {file_path}: {typer.style(f'{decorated_count} decorators valid', fg=typer.colors.GREEN)}")
+                    else:
+                        typer.echo(f"  {typer.style('✗', fg=typer.colors.RED)} {file_path}: {typer.style(f'{decorated_count - valid_count}/{decorated_count} decorators failed', fg=typer.colors.RED)}")
+            # Exit with error if there were failures
+            if total_decorated > 0 and total_valid < total_decorated:
+                raise typer.Exit(code=1)
+        # Handle file path
+        else:
+            # Validate it's a Python file
+            if not path.suffix == '.py':
+                typer.echo(typer.style(f"Error: File '{path}' is not a Python file.", fg=typer.colors.RED, bold=True), err=True)
+                raise typer.Exit(code=1)
+            # Check all decorators in the file
+            resolved_path = str(path.resolve())
+            results = check_decorators(resolved_path)
+            # Return success if all decorated functions are valid
+            decorated_count = sum(1 for r in results.values() if r["has_decorator"])
+            valid_count = sum(1 for r in results.values() if r["valid"])
+            if decorated_count == 0:
+                typer.echo("⚠️  No pysealer decorators found in this file.")
+            elif valid_count == decorated_count:
+                typer.echo(typer.style("All decorators are valid in 1 file:", fg=typer.colors.BLUE, bold=True))
+                typer.echo(f"{typer.style('✓', fg=typer.colors.GREEN)} {resolved_path}: {typer.style(f'{decorated_count} decorators valid', fg=typer.colors.GREEN)}")
+            else:
+                typer.echo(typer.style(f"{decorated_count - valid_count}/{decorated_count} decorators failed verification across 1 file:", fg=typer.colors.BLUE, bold=True), err=True)
+                typer.echo(f"  {typer.style('✗', fg=typer.colors.RED)} {resolved_path}: {typer.style(f'{decorated_count - valid_count}/{decorated_count} decorators failed', fg=typer.colors.RED)}")
+                raise typer.Exit(code=1)
+    except (FileNotFoundError, NotADirectoryError, ValueError) as e:
+        typer.echo(typer.style(f"Error: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+@app.command()
+def remove(
+    file_path: Annotated[
+        str,
+        typer.Argument(help="Path to the Python file or folder to remove pysealer decorators from")
+    ]
+):
+    """Remove pysealer decorators from all functions and classes in a Python file or all Python files in a folder."""
+    path = Path(file_path)
+    # Validate path exists
+    if not path.exists():
+        typer.echo(typer.style(f"Error: Path '{path}' does not exist.", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+    try:
+        # Handle folder path
+        if path.is_dir():
+            resolved_path = str(path.resolve())
+            modified_files = remove_decorators_from_folder(resolved_path)
+            if modified_files:
+                typer.echo(typer.style(f"Successfully removed decorators from {len(modified_files)} files:", fg=typer.colors.BLUE, bold=True))
+                for file in modified_files:
+                    typer.echo(f"  {typer.style('✓', fg=typer.colors.GREEN)} {file}")
+            else:
+                typer.echo("⚠️  No pysealer decorators found in any files.")
+        # Handle file path
+        else:
+            # Validate it's a Python file
+            if not path.suffix == '.py':
+                typer.echo(typer.style(f"Error: File '{path}' is not a Python file.", fg=typer.colors.RED, bold=True), err=True)
+                raise typer.Exit(code=1)
+            resolved_path = str(path.resolve())
+            modified_code, found = remove_decorators(resolved_path)
+            with open(resolved_path, 'w') as f:
+                f.write(modified_code)
+            if found:
+                typer.echo(typer.style(f"Successfully removed decorators from 1 file:", fg=typer.colors.BLUE, bold=True))
+                typer.echo(f"  {typer.style('✓', fg=typer.colors.GREEN)} {resolved_path}")
+            else:
+                typer.echo(f"⚠️  No pysealer decorators found in {resolved_path}")
+    except (FileNotFoundError, NotADirectoryError, ValueError) as e:
+        typer.echo(typer.style(f"Error: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+    except Exception as e:
+        typer.echo(typer.style(f"Unexpected error while removing decorators: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+def main():
+    """Main CLI entry point."""
+    app()
+if __name__ == '__main__':
+    main()

pysealer/dummy_decorators.py ADDED Viewed

@@ -0,0 +1,83 @@
+"""Defines dummy decorators for all decorators found in the target file."""
+import os
+import ast
+import inspect
+def _dummy_decorator(func=None, *args, **kwargs):
+    """
+    A no-op (dummy) decorator that can be used in place of any decorator.
+    Handles both @deco and @deco(...) usages. If used as @deco, it returns the function unchanged.
+    If used as @deco(...), it returns a wrapper that returns the function unchanged.
+    Args:
+        func (callable, optional): The function to decorate, or None if called with arguments.
+        *args: Positional arguments (ignored).
+        **kwargs: Keyword arguments (ignored).
+    Returns:
+        callable: The original function, unchanged.
+    """
+    if callable(func) and not args and not kwargs:
+        return func
+    def wrapper(f):
+        return f
+    return wrapper
+def _discover_decorators(file_path):
+    """
+    Yield all decorator names used in the given Python file.
+    This function parses the specified Python file and walks its AST to find all decorator names
+    used on functions, async functions, and classes. It handles decorators used as @deco, @deco(...),
+    and @obj.deco or @obj.deco(...).
+    Args:
+        file_path (str): Path to the Python file to scan.
+    Yields:
+        str: The name of each decorator found.
+    """
+    if not os.path.exists(file_path):
+        return
+    with open(file_path, "r") as f:
+        src = f.read()
+    try:
+        tree = ast.parse(src)
+    except Exception:
+        return
+    for node in ast.walk(tree):
+        if isinstance(node, (ast.FunctionDef, ast.AsyncFunctionDef, ast.ClassDef)):
+            for deco in node.decorator_list:
+                # Handles @deco or @deco(...)
+                if isinstance(deco, ast.Name):
+                    yield deco.id
+                elif isinstance(deco, ast.Attribute):
+                    yield deco.attr
+                elif isinstance(deco.func, ast.Name):
+                    yield deco.func.id
+                elif isinstance(deco.func, ast.Attribute):
+                    yield deco.func.attr
+def _get_caller_file():
+    """
+    Find the filename of the module that imported this module at the top level.
+    Returns:
+        str or None: The filename of the caller module, or None if not found.
+    """
+    stack = inspect.stack()
+    for frame in stack:
+        if frame.function == "<module>" and frame.filename != __file__:
+            return frame.filename
+# Main logic: define dummy decorators for all found in the caller file
+_CALLER_FILE = _get_caller_file()
+if _CALLER_FILE:
+    _seen = set()
+    for deco_name in _discover_decorators(_CALLER_FILE):
+        if deco_name and deco_name not in globals() and deco_name not in _seen:
+            globals()[deco_name] = _dummy_decorator
+            _seen.add(deco_name)

pysealer/remove_decorators.py ADDED Viewed

@@ -0,0 +1,88 @@
+"""Remove cryptographic pysealer decorators from all functions and classes in a Python file."""
+import ast
+from typing import List, Tuple, Dict
+from pathlib import Path
+def remove_decorators(file_path: str) -> Tuple[str, bool]:
+    """
+    Parse a Python file, remove all @pysealer.* decorators from functions and classes, and return the modified code.
+    Args:
+        file_path: Path to the Python file to process
+    Returns:
+        Modified Python source code as a string
+    """
+    with open(file_path, 'r') as f:
+        content = f.read()
+    tree = ast.parse(content)
+    lines = content.split('\n')
+    lines_to_remove = set()
+    for node in ast.walk(tree):
+        if type(node).__name__ in ("FunctionDef", "AsyncFunctionDef", "ClassDef"):
+            if hasattr(node, 'decorator_list'):
+                for decorator in node.decorator_list:
+                    is_pysealer_decorator = False
+                    if isinstance(decorator, ast.Name):
+                        if decorator.id.startswith("pysealer"):
+                            is_pysealer_decorator = True
+                    elif isinstance(decorator, ast.Attribute):
+                        if isinstance(decorator.value, ast.Name) and decorator.value.id == "pysealer":
+                            is_pysealer_decorator = True
+                    elif isinstance(decorator, ast.Call):
+                        func = decorator.func
+                        if isinstance(func, ast.Attribute):
+                            if isinstance(func.value, ast.Name) and func.value.id == "pysealer":
+                                is_pysealer_decorator = True
+                        elif isinstance(func, ast.Name) and func.id.startswith("pysealer"):
+                            is_pysealer_decorator = True
+                    if is_pysealer_decorator:
+                        lines_to_remove.add(decorator.lineno - 1)
+    found = len(lines_to_remove) > 0
+    for line_idx in sorted(lines_to_remove, reverse=True):
+        del lines[line_idx]
+    modified_code = '\n'.join(lines)
+    return modified_code, found
+def remove_decorators_from_folder(folder_path: str) -> List[str]:
+    """
+    Remove pysealer decorators from all Python files in a folder (recursively).
+    Args:
+        folder_path: Path to the folder to process
+    Returns:
+        List of file paths where decorators were removed
+    """
+    folder = Path(folder_path)
+    if not folder.is_dir():
+        raise NotADirectoryError(f"'{folder_path}' is not a directory")
+    # Find all Python files recursively
+    python_files = list(folder.rglob("*.py"))
+    if not python_files:
+        raise FileNotFoundError(f"No Python files found in '{folder_path}'")
+    files_modified = []
+    for py_file in python_files:
+        try:
+            file_path = str(py_file.resolve())
+            modified_code, found = remove_decorators(file_path)
+            if found:
+                # Write the modified code back to the file
+                with open(file_path, 'w') as f:
+                    f.write(modified_code)
+                files_modified.append(file_path)
+        except Exception as e:
+            # Skip files that can't be processed
+            continue
+    return files_modified

pysealer/setup.py ADDED Viewed

@@ -0,0 +1,137 @@
+"""Setup the storage of the pysealer keypair in a .env file."""
+import os
+from pathlib import Path
+from typing import Optional
+from dotenv import load_dotenv, set_key
+from pysealer import generate_keypair
+def _find_env_file() -> Path:
+    """
+    Search for .env file starting from current directory and walking up to parent directories.
+    Also checks PYSEALER_ENV_PATH environment variable.
+    Returns:
+        Path: Path to the .env file
+    Raises:
+        FileNotFoundError: If no .env file is found
+    """
+    # First check if PYSEALER_ENV_PATH environment variable is set
+    env_path_var = os.getenv("PYSEALER_ENV_PATH")
+    if env_path_var:
+        env_path = Path(env_path_var)
+        if env_path.exists():
+            return env_path
+    # Start from current working directory and search upward
+    current = Path.cwd()
+    # Check current directory and all parent directories up to root
+    for parent in [current] + list(current.parents):
+        env_file = parent / '.env'
+        if env_file.exists():
+            return env_file
+    # If not found, return the default location (current directory)
+    # This will be used in error messages
+    return Path.cwd() / '.env'
+def setup_keypair(env_path: Optional[str | Path] = None):
+    """
+    Generate and store keypair securely.
+    Args:
+        env_path: Optional path to .env file. If None, creates in current directory.
+    """
+    # Determine .env location
+    if env_path is None:
+        env_path = Path.cwd() / '.env'
+    else:
+        env_path = Path(env_path)
+    # Check if keys already exist
+    if env_path.exists():
+        load_dotenv(env_path)
+        existing_private = os.getenv("PYSEALER_PRIVATE_KEY")
+        existing_public = os.getenv("PYSEALER_PUBLIC_KEY")
+        if existing_private or existing_public:
+            raise ValueError(f"Keys already exist in {env_path} Cannot overwrite existing keys.")
+    # Create .env if it doesn't exist
+    env_path.touch(exist_ok=True)
+    # Generate keypair using the Rust function
+    private_key_hex, public_key_hex = generate_keypair()
+    # Store keys in .env file
+    set_key(str(env_path), "PYSEALER_PRIVATE_KEY", private_key_hex)
+    set_key(str(env_path), "PYSEALER_PUBLIC_KEY", public_key_hex)
+    return private_key_hex, public_key_hex
+def get_public_key(env_path: Optional[str | Path] = None) -> str:
+    """
+    Retrieve the public key from the .env file.
+    Args:
+        env_path: Optional path to .env file. If None, searches from current directory upward.
+    Returns:
+        str: The public key hex string, or None if not found.
+    """
+    # Determine .env location
+    if env_path is None:
+        env_path = _find_env_file()
+    else:
+        env_path = Path(env_path)
+    # Check if .env exists
+    if not env_path.exists():
+        raise FileNotFoundError(f"No .env file found at {env_path}. Run setup_keypair() first.")
+    # Load environment variables from .env
+    load_dotenv(env_path)
+    # Get public key
+    public_key = os.getenv("PYSEALER_PUBLIC_KEY")
+    if public_key is None:
+        raise ValueError(f"PYSEALER_PUBLIC_KEY not found in {env_path}. Run setup_keypair() first.")
+    return public_key
+def get_private_key(env_path: Optional[str | Path] = None) -> str:
+    """
+    Retrieve the private key from the .env file.
+    Args:
+        env_path: Optional path to .env file. If None, searches from current directory upward.
+    Returns:
+        str: The private key hex string, or None if not found.
+    """
+    # Determine .env location
+    if env_path is None:
+        env_path = _find_env_file()
+    else:
+        env_path = Path(env_path)
+    # Check if .env exists
+    if not env_path.exists():
+        raise FileNotFoundError(f"No .env file found at {env_path}. Run setup_keypair() first.")
+    # Load environment variables from .env
+    load_dotenv(env_path)
+    # Get private key
+    private_key = os.getenv("PYSEALER_PRIVATE_KEY")
+    if private_key is None:
+        raise ValueError(f"PYSEALER_PRIVATE_KEY not found in {env_path}. Run setup_keypair() first.")
+    return private_key

pysealer-0.1.4.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,168 @@
+Metadata-Version: 2.4
+Name: pysealer
+Version: 0.1.4
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Rust
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Dist: python-dotenv>=1.0.0
+Requires-Dist: typer>=0.9.0
+Requires-Dist: pytest>=7.0.0 ; extra == 'test'
+Requires-Dist: pytest-cov>=4.0.0 ; extra == 'test'
+Requires-Dist: pytest-asyncio>=0.21.0 ; extra == 'test'
+Provides-Extra: test
+License-File: LICENSE
+Summary: Cryptographically sign Python functions and classes for defense-in-depth security
+Keywords: rust,python,decorator,cryptography
+Author: Aidan Dyga
+License: MIT
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown; charset=UTF-8; variant=GFM
+Project-URL: Issues, https://github.com/MCP-Security-Research/pysealer/issues
+Project-URL: Repository, https://github.com/MCP-Security-Research/pysealer
+# pysealer
+Cryptographically sign Python functions and classes for defense-in-depth security
+> 💡 **code version controls code**
+- 🦀 Built with the [maturin build system](https://www.maturin.rs/) for easy Rust-Python packaging
+- 🔗 [PyO3](https://pyo3.rs/v0.27.1/index.html) bindings for seamless Python-Rust integration
+- 🔏 [Ed25519](https://docs.rs/ed25519-dalek/latest/ed25519_dalek/) signatures to ensure code integrity and authorship
+- 🖥️ [Typer](https://typer.tiangolo.com/) for a clean and user-friendly command line interface
+Pysealer helps you maintain code integrity by automatically adding cryptographic signatures to your Python functions and classes. Each function or class receives a unique decorator containing a cryptographic signature that verifies both authorship and integrity, making it easy to detect unauthorized code modifications.
+## Table of Contents
+1. [Getting Started](#getting-started)
+2. [Usage](#usage)
+3. [How It Works](#how-it-works)
+4. [Model Context Protocol (MCP) Security Use Cases](#model-context-protocol-mcp-security-use-cases)
+5. [Contributing](#contributing)
+6. [License](#license)
+## Getting Started
+```shell
+pip install pysealer
+# or
+uv pip install pysealer
+```
+## Usage
+```shell
+pysealer init [ENV_FILE]         # Initialize the pysealer tool by generating and saving keys to an ENV_FILE (default: .env)
+pysealer decorate <file.py>...   # Add cryptographic decorators to all functions/classes in one or more .py files
+pysealer check <file.py>...      # Verify the integrity and validity of pysealer decorators in one or more .py files
+pysealer remove <file.py>...     # Remove all pysealer decorators from one or more .py files
+pysealer --help                  # Show all available commands and options
+```
+## How It Works
+Pysealer works by automatically injecting cryptographic decorators into your Python functions and classes. Here's how the process works:
+### Step-by-Step Example
+Suppose you have a file `fibonacci.py`:
+```python
+def fibonacci(n):
+    if n <= 0:
+        return 0
+    elif n == 1:
+        return 1
+    else:
+        return fibonacci(n-1) + fibonacci(n-2)
+```
+#### 1. Decorate the file
+```shell
+pysealer decorate examples/fibonacci.py
+Successfully added decorators to 1 file:
+  ✓ /path/to/examples/fibonacci.py
+```
+```python
+@pysealer._GnCLaWr9B6TD524JZ3v1CENXmo5Drwfgvc9arVagbghQ6hMH4Aqc8whs3Tf57pkTjsAVNDybviW9XG5Eu3JSP6T()
+def fibonacci(n):
+    if n <= 0:
+        return 0
+    elif n == 1:
+        return 1
+    else:
+        return fibonacci(n-1) + fibonacci(n-2)
+```
+#### 2. Check integrity
+```shell
+pysealer check examples/fibonacci.py
+All decorators are valid in 1 file:
+✓ /path/to/examples/fibonacci.py: 1 decorators valid
+```
+#### 3. Tamper with the code (change return 0 to return 42)
+```python
+@pysealer._GnCLaWr9B6TD524JZ3v1CENXmo5Drwfgvc9arVagbghQ6hMH4Aqc8whs3Tf57pkTjsAVNDybviW9XG5Eu3JSP6T()
+def fibonacci(n):
+    if n <= 0:
+        return 42
+    elif n == 1:
+        return 1
+    else:
+        return fibonacci(n-1) + fibonacci(n-2)
+```
+#### 4. Check again
+```shell
+pysealer check examples/fibonacci.py
+1/1 decorators failed verification across 1 file:
+  ✗ /path/to/examples/fibonacci.py: 1/1 decorators failed
+```
+## Model Context Protocol (MCP) Security Use Cases
+One use case of Pysealer is to protect MCP servers from upstream attacks by cryptographically signing tool functions and their docstrings. Since LLMs rely on docstrings to understand tool behavior, attackers can inject malicious instructions or create fake tools that mimic legitimate ones. Pysealer's signatures ensure tool authenticity and detect tampering because any modification to code or docstrings breaks the signature and flags compromised tools.
+- **Detect Version Control Changes**
+  - Automatically detect unauthorized code modifications through cryptographic signatures
+  - Each function's decorator contains a signature based on its code and docstring
+  - Any mismatch between code and signature is immediately flagged
+- **Defense-in-Depth for Source Control**
+  - Add an additional security layer to version control systems
+  - Complement existing security measures with cryptographic verification
+  - Reduce risk through multiple layers of protection
+## Contributing
+**🙌 Contributions are welcome!**
+If you have suggestions, bug reports, or want to help improve Pysealer, feel free to open an [issue](https://github.com/MCP-Security-Research/pysealer/issues) or submit a pull request.
+All ideas and contributions are appreciated—thanks for helping make pysealer better!
+## License
+Pysealer is licensed under the MIT License. See [LICENSE](LICENSE) for details.

pysealer-0.1.4.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,13 @@
+pysealer/__init__.py,sha256=_qr-hT8yCojoPgSYfjZkvp93h6tIL8PD5T0BzeXFay4,944
+pysealer/_pysealer.pypy39-pp73-aarch64-linux-gnu.so,sha256=X_tgEY8Zi6wXqU__bwpK9OTUfio4mv0ey-7HxbghoXc,673712
+pysealer/add_decorators.py,sha256=-Jq1no002PfFnYeYVQsIGptzZpqVpoopox7RVV5QbtU,8750
+pysealer/check_decorators.py,sha256=LdcVBWS_PbuqJvXNBkOYSaPRiDOMvAlA5SZhjkxGGk8,7203
+pysealer/cli.py,sha256=X03gHpITt6mS5POFUNsHVt8mMZEaGcN5YkDsHaNz_9g,12040
+pysealer/dummy_decorators.py,sha256=9ORNnMZ6lT5e1gU4Dt9lifAEDfjJ1wCXGiOUfMiqP-w,2807
+pysealer/remove_decorators.py,sha256=v1VpxFid8kqqoj-NuWSWWzCoYUwl1XVYyGdTE8BLbeI,3276
+pysealer/setup.py,sha256=M8wgv4GeVbbC_t0a8PBD5Hn6piqGTFIUTlo1ds6JtAc,4206
+pysealer-0.1.4.dist-info/METADATA,sha256=VZGBUzePSeKdoH29A65AOlGSnRqD_pL89EfGySUjGIE,6137
+pysealer-0.1.4.dist-info/WHEEL,sha256=qzwzn5_kd3G5istIUlu4zh1R72c65tXbcz-afAAujws,159
+pysealer-0.1.4.dist-info/entry_points.txt,sha256=DUDRyFGp10a8FMaLUFE6X94kCD2dciDY66ISXuUySmA,45
+pysealer-0.1.4.dist-info/licenses/LICENSE,sha256=FtcYsMyXNwAqNhOMxR3TwptCUnwb5coRK_UQyWGLJnc,1067
+pysealer-0.1.4.dist-info/RECORD,,

pysealer-0.1.4.dist-info/WHEEL ADDED Viewed

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: maturin (1.11.5)
+Root-Is-Purelib: false
+Tag: pp39-pypy39_pp73-manylinux_2_17_aarch64
+Tag: pp39-pypy39_pp73-manylinux2014_aarch64

pysealer-0.1.4.dist-info/entry_points.txt ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ [console_scripts]
2	+ pysealer=pysealer.cli:main

pysealer-0.1.4.dist-info/licenses/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025 Aidan Dyga
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.