pysealer 0.2.0__cp313-cp313t-musllinux_1_2_x86_64.whl

pysealer/cli.py

@@ -0,0 +1,316 @@
+"""
+Command-line interface for pysealer.
+
+Commands:
+- init: Initialize pysealer with a new keypair and .env file.
+- lock: Add pysealer decorators to all functions and classes in a Python file.
+- check: Check the integrity and validity of pysealer decorators in a Python file.
+- remove: Remove all pysealer decorators from a Python file.
+
+Use `pysealer --help` to see available options and command details.
+Use `pysealer --version` to see the current version of pysealer installed.
+"""
+
+from pathlib import Path
+
+import typer
+from typing_extensions import Annotated
+
+from . import __version__
+from .setup import setup_keypair
+from .add_decorators import add_decorators, add_decorators_to_folder
+from .check_decorators import check_decorators, check_decorators_in_folder
+from .remove_decorators import remove_decorators, remove_decorators_from_folder
+
+app = typer.Typer(
+    name="pysealer",
+    help="Version control your Python functions and classes with cryptographic decorators",
+    no_args_is_help=True,
+)
+
+
+def version_callback(value: bool):
+    """Helper function to display version information."""
+    if value:
+        typer.echo(f"pysealer {__version__}")
+        raise typer.Exit()
+
+
+@app.callback()
+def version(
+    version: Annotated[
+        bool,
+        typer.Option("--version", help="Report the current version of pysealer installed.", callback=version_callback, is_eager=True)
+    ] = False
+):
+    """Report the current version of pysealer installed."""
+    pass
+
+
+@app.command()
+def init(
+    env_file: Annotated[
+        str,
+        typer.Argument(help="Path to the .env file")
+    ] = ".env",
+    github_token: Annotated[
+        str,
+        typer.Option("--github-token", help="GitHub personal access token for uploading public key to repository secrets")
+    ] = None,
+    skip_github: Annotated[
+        bool,
+        typer.Option("--skip-github", help="Skip GitHub secrets integration")
+    ] = False
+):
+    """Initialize pysealer with an .env file and optionally upload public key to GitHub."""
+    try:
+        env_path = Path(env_file)
+        
+        # Generate and store keypair (will raise error if keys already exist)
+        public_key, private_key = setup_keypair(env_path)
+        typer.echo(typer.style("Successfully initialized pysealer!", fg=typer.colors.BLUE, bold=True))
+        typer.echo(f"🔑 Keypair generated and stored in {env_path}")
+        typer.echo("⚠️  Keep your .env file secure and add it to .gitignore!")
+        
+        # GitHub secrets integration (optional)
+        if not skip_github:
+            typer.echo()  # Blank line for readability
+            typer.echo("Attempting to upload public key to GitHub repository secrets...")
+            
+            try:
+                from .github_secrets import setup_github_secrets
+                
+                success, message = setup_github_secrets(public_key, github_token)
+                
+                if success:
+                    typer.echo(typer.style(f"✓ {message}", fg=typer.colors.GREEN))
+                else:
+                    typer.echo(typer.style(f"⚠ Warning: {message}", fg=typer.colors.YELLOW))
+                    typer.echo("  You can manually add the public key to GitHub secrets later.")
+                    typer.echo(f"  Secret name: PYSEALER_PUBLIC_KEY")
+                    typer.echo(f"  Public key: {public_key}")
+                    
+            except ImportError as e:
+                typer.echo(typer.style(f"⚠ Warning: GitHub integration dependencies not installed: {e}", fg=typer.colors.YELLOW))
+                typer.echo("  Install with: pip install PyGithub PyNaCl GitPython")
+            except Exception as e:
+                typer.echo(typer.style(f"⚠ Warning: Failed to upload to GitHub: {e}", fg=typer.colors.YELLOW))
+                typer.echo("  You can manually add the public key to GitHub secrets later.")
+        
+    except Exception as e:
+        typer.echo(typer.style(f"Error during initialization: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+
+@app.command()
+def lock(
+    file_path: Annotated[
+        str,
+        typer.Argument(help="Path to the Python file or folder to decorate")
+    ]
+):
+    """Add decorators to all functions and classes in a Python file or all Python files in a folder."""
+    path = Path(file_path)
+    
+    # Validate path exists
+    if not path.exists():
+        typer.echo(typer.style(f"Error: Path '{path}' does not exist.", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+    
+    try:
+        # Handle folder path
+        if path.is_dir():
+            resolved_path = str(path.resolve())
+            decorated_files = add_decorators_to_folder(resolved_path)
+            
+            typer.echo(typer.style(f"Successfully added decorators to {len(decorated_files)} files:", fg=typer.colors.BLUE, bold=True))
+            for file in decorated_files:
+                typer.echo(f"  {typer.style('✓', fg=typer.colors.GREEN)} {file}")
+        
+        # Handle file path
+        else:
+            # Validate it's a Python file
+            if not path.suffix == '.py':
+                typer.echo(typer.style(f"Error: File '{path}' is not a Python file.", fg=typer.colors.RED, bold=True), err=True)
+                raise typer.Exit(code=1)
+            
+            # Add decorators to all functions and classes in the file
+            resolved_path = str(path.resolve())
+            modified_code = add_decorators(resolved_path)
+            
+            # Write the modified code back to the file
+            with open(resolved_path, 'w') as f:
+                f.write(modified_code)
+            
+            typer.echo(typer.style(f"Successfully added decorators to 1 file:", fg=typer.colors.BLUE, bold=True))
+            typer.echo(f"  {typer.style('✓', fg=typer.colors.GREEN)} {resolved_path}")
+        
+    except (RuntimeError, FileNotFoundError, NotADirectoryError, ValueError) as e:
+        typer.echo(typer.style(f"Error: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+    except Exception as e:
+        typer.echo(typer.style(f"Unexpected error while locking file: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+
+
+@app.command()
+def check(
+    file_path: Annotated[
+        str,
+        typer.Argument(help="Path to the Python file or folder to check")
+    ]
+):
+    """Check the integrity of decorators in a Python file or all Python files in a folder."""
+    path = Path(file_path)
+    
+    # Validate path exists
+    if not path.exists():
+        typer.echo(typer.style(f"Error: Path '{path}' does not exist.", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+    
+    try:
+        # Handle folder path
+        if path.is_dir():
+            resolved_path = str(path.resolve())
+            all_results = check_decorators_in_folder(resolved_path)
+            
+            total_decorated = 0
+            total_valid = 0
+            total_files = 0
+            files_with_issues = []
+            
+            for file_path, results in all_results.items():
+                # Skip files with errors
+                if "error" in results:
+                    typer.echo(typer.style(f"✗ {file_path}: {results['error']}", fg=typer.colors.RED))
+                    files_with_issues.append(file_path)
+                    continue
+                
+                total_files += 1
+                decorated_count = sum(1 for r in results.values() if r["has_decorator"])
+                valid_count = sum(1 for r in results.values() if r["valid"])
+                
+                total_decorated += decorated_count
+                total_valid += valid_count
+                
+                # Track files with validation failures
+                if decorated_count > 0 and valid_count < decorated_count:
+                    files_with_issues.append(file_path)
+            
+            # Summary header
+            if total_decorated == 0:
+                typer.echo("⚠️  No pysealer decorators found in any files.")
+            elif total_valid == total_decorated:
+                typer.echo(typer.style(f"All decorators are valid in {total_files} files:", fg=typer.colors.BLUE, bold=True))
+            else:
+                typer.echo(typer.style(f"{total_decorated - total_valid}/{total_decorated} decorators failed verification across {total_files} files:", fg=typer.colors.BLUE, bold=True), err=True)
+            
+            # File-by-file details
+            for file_path, results in all_results.items():
+                if "error" in results:
+                    continue
+                
+                decorated_count = sum(1 for r in results.values() if r["has_decorator"])
+                valid_count = sum(1 for r in results.values() if r["valid"])
+                
+                if decorated_count > 0:
+                    if valid_count == decorated_count:
+                        typer.echo(f"  {typer.style('✓', fg=typer.colors.GREEN)} {file_path}: {typer.style(f'{decorated_count} decorators valid', fg=typer.colors.GREEN)}")
+                    else:
+                        typer.echo(f"  {typer.style('✗', fg=typer.colors.RED)} {file_path}: {typer.style(f'{decorated_count - valid_count}/{decorated_count} decorators failed', fg=typer.colors.RED)}")
+            
+            # Exit with error if there were failures
+            if total_decorated > 0 and total_valid < total_decorated:
+                raise typer.Exit(code=1)
+        
+        # Handle file path
+        else:
+            # Validate it's a Python file
+            if not path.suffix == '.py':
+                typer.echo(typer.style(f"Error: File '{path}' is not a Python file.", fg=typer.colors.RED, bold=True), err=True)
+                raise typer.Exit(code=1)
+            
+            # Check all decorators in the file
+            resolved_path = str(path.resolve())
+            results = check_decorators(resolved_path)
+            
+            # Return success if all decorated functions are valid
+            decorated_count = sum(1 for r in results.values() if r["has_decorator"])
+            valid_count = sum(1 for r in results.values() if r["valid"])
+            
+            if decorated_count == 0:
+                typer.echo("⚠️  No pysealer decorators found in this file.")
+            elif valid_count == decorated_count:
+                typer.echo(typer.style("All decorators are valid in 1 file:", fg=typer.colors.BLUE, bold=True))
+                typer.echo(f"{typer.style('✓', fg=typer.colors.GREEN)} {resolved_path}: {typer.style(f'{decorated_count} decorators valid', fg=typer.colors.GREEN)}")
+            else:
+                typer.echo(typer.style(f"{decorated_count - valid_count}/{decorated_count} decorators failed verification across 1 file:", fg=typer.colors.BLUE, bold=True), err=True)
+                typer.echo(f"  {typer.style('✗', fg=typer.colors.RED)} {resolved_path}: {typer.style(f'{decorated_count - valid_count}/{decorated_count} decorators failed', fg=typer.colors.RED)}")
+                raise typer.Exit(code=1)
+    
+    except (FileNotFoundError, NotADirectoryError, ValueError) as e:
+        typer.echo(typer.style(f"Error: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+
+
+@app.command()
+def remove(
+    file_path: Annotated[
+        str,
+        typer.Argument(help="Path to the Python file or folder to remove pysealer decorators from")
+    ]
+):
+    """Remove pysealer decorators from all functions and classes in a Python file or all Python files in a folder."""
+    path = Path(file_path)
+    
+    # Validate path exists
+    if not path.exists():
+        typer.echo(typer.style(f"Error: Path '{path}' does not exist.", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+    
+    try:
+        # Handle folder path
+        if path.is_dir():
+            resolved_path = str(path.resolve())
+            modified_files = remove_decorators_from_folder(resolved_path)
+            
+            if modified_files:
+                typer.echo(typer.style(f"Successfully removed decorators from {len(modified_files)} files:", fg=typer.colors.BLUE, bold=True))
+                for file in modified_files:
+                    typer.echo(f"  {typer.style('✓', fg=typer.colors.GREEN)} {file}")
+            else:
+                typer.echo("⚠️  No pysealer decorators found in any files.")
+        
+        # Handle file path
+        else:
+            # Validate it's a Python file
+            if not path.suffix == '.py':
+                typer.echo(typer.style(f"Error: File '{path}' is not a Python file.", fg=typer.colors.RED, bold=True), err=True)
+                raise typer.Exit(code=1)
+            
+            resolved_path = str(path.resolve())
+            modified_code, found = remove_decorators(resolved_path)
+            
+            with open(resolved_path, 'w') as f:
+                f.write(modified_code)
+            
+            if found:
+                typer.echo(typer.style(f"Successfully removed decorators from 1 file:", fg=typer.colors.BLUE, bold=True))
+                typer.echo(f"  {typer.style('✓', fg=typer.colors.GREEN)} {resolved_path}")
+            else:
+                typer.echo(f"⚠️  No pysealer decorators found in {resolved_path}")
+    
+    except (FileNotFoundError, NotADirectoryError, ValueError) as e:
+        typer.echo(typer.style(f"Error: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+    except Exception as e:
+        typer.echo(typer.style(f"Unexpected error while removing decorators: {e}", fg=typer.colors.RED, bold=True), err=True)
+        raise typer.Exit(code=1)
+
+
+def main():
+    """Main CLI entry point."""
+    app()
+
+
+if __name__ == '__main__':
+    main()

pysealer/dummy_decorators.py

@@ -0,0 +1,83 @@
+"""Defines dummy decorators for all decorators found in the target file."""
+
+import os
+import ast
+import inspect
+
+
+def _dummy_decorator(func=None, *args, **kwargs):
+    """
+    A no-op (dummy) decorator that can be used in place of any decorator.
+
+    Handles both @deco and @deco(...) usages. If used as @deco, it returns the function unchanged.
+    If used as @deco(...), it returns a wrapper that returns the function unchanged.
+
+    Args:
+        func (callable, optional): The function to decorate, or None if called with arguments.
+        *args: Positional arguments (ignored).
+        **kwargs: Keyword arguments (ignored).
+
+    Returns:
+        callable: The original function, unchanged.
+    """
+    if callable(func) and not args and not kwargs:
+        return func
+    def wrapper(f):
+        return f
+    return wrapper
+
+def _discover_decorators(file_path):
+    """
+    Yield all decorator names used in the given Python file.
+
+    This function parses the specified Python file and walks its AST to find all decorator names
+    used on functions, async functions, and classes. It handles decorators used as @deco, @deco(...),
+    and @obj.deco or @obj.deco(...).
+
+    Args:
+        file_path (str): Path to the Python file to scan.
+
+    Yields:
+        str: The name of each decorator found.
+    """
+    if not os.path.exists(file_path):
+        return
+    with open(file_path, "r") as f:
+        src = f.read()
+    try:
+        tree = ast.parse(src)
+    except Exception:
+        return
+    for node in ast.walk(tree):
+        if isinstance(node, (ast.FunctionDef, ast.AsyncFunctionDef, ast.ClassDef)):
+            for deco in node.decorator_list:
+                # Handles @deco or @deco(...)
+                if isinstance(deco, ast.Name):
+                    yield deco.id
+                elif isinstance(deco, ast.Attribute):
+                    yield deco.attr
+                elif isinstance(deco.func, ast.Name):
+                    yield deco.func.id
+                elif isinstance(deco.func, ast.Attribute):
+                    yield deco.func.attr
+
+def _get_caller_file():
+    """
+    Find the filename of the module that imported this module at the top level.
+
+    Returns:
+        str or None: The filename of the caller module, or None if not found.
+    """
+    stack = inspect.stack()
+    for frame in stack:
+        if frame.function == "<module>" and frame.filename != __file__:
+            return frame.filename
+
+# Main logic: define dummy decorators for all found in the caller file
+_CALLER_FILE = _get_caller_file()
+if _CALLER_FILE:
+    _seen = set()
+    for deco_name in _discover_decorators(_CALLER_FILE):
+        if deco_name and deco_name not in globals() and deco_name not in _seen:
+            globals()[deco_name] = _dummy_decorator
+            _seen.add(deco_name)

pysealer/github_secrets.py

@@ -0,0 +1,170 @@
+"""
+GitHub secrets integration for pysealer.
+
+This module provides functionality to automatically upload the pysealer public key
+to GitHub repository secrets when `pysealer init` is run.
+"""
+
+import os
+import re
+from pathlib import Path
+from typing import Optional, Tuple
+
+import git
+from github import Github, GithubException
+from nacl import encoding, public
+
+
+def get_repo_info() -> Tuple[str, str]:
+    """
+    Extract GitHub owner and repository name from git remote URL.
+    
+    Supports both SSH and HTTPS formats:
+    - SSH: git@github.com:owner/repo.git
+    - HTTPS: https://github.com/owner/repo.git
+    
+    Returns:
+        Tuple[str, str]: (owner, repo_name)
+        
+    Raises:
+        ValueError: If not in a git repository or remote URL is not from GitHub
+        RuntimeError: If unable to parse the remote URL
+    """
+    try:
+        # Get the git repository from current directory
+        repo = git.Repo(search_parent_directories=True)
+        
+        # Try to get the origin remote
+        if 'origin' not in repo.remotes:
+            raise ValueError("No 'origin' remote found in git repository")
+        
+        remote_url = repo.remotes.origin.url
+        
+        # Parse SSH format: git@github.com:owner/repo.git
+        ssh_pattern = r'git@github\.com:([^/]+)/(.+?)(?:\.git)?$'
+        ssh_match = re.match(ssh_pattern, remote_url)
+        if ssh_match:
+            owner, repo_name = ssh_match.groups()
+            return owner, repo_name
+        
+        # Parse HTTPS format: https://github.com/owner/repo.git
+        https_pattern = r'https://github\.com/([^/]+)/(.+?)(?:\.git)?$'
+        https_match = re.match(https_pattern, remote_url)
+        if https_match:
+            owner, repo_name = https_match.groups()
+            return owner, repo_name
+        
+        raise RuntimeError(f"Could not parse GitHub repository from remote URL: {remote_url}")
+        
+    except git.InvalidGitRepositoryError:
+        raise ValueError("Not in a git repository. Please run this command from within a git repository.")
+    except git.GitCommandError as e:
+        raise RuntimeError(f"Git error: {e}")
+
+
+def encrypt_secret(public_key: str, secret_value: str) -> str:
+    """
+    Encrypt a secret using GitHub's public key.
+    
+    GitHub requires secrets to be encrypted using the repository's public key
+    before they can be uploaded via the API.
+    
+    Args:
+        public_key: The repository's public key (base64 encoded)
+        secret_value: The secret value to encrypt
+        
+    Returns:
+        str: Base64 encoded encrypted secret
+    """
+    # Convert the public key from base64
+    public_key_bytes = public_key.encode("utf-8")
+    public_key_obj = public.PublicKey(public_key_bytes, encoding.Base64Encoder())
+    
+    # Encrypt the secret using sealed box
+    sealed_box = public.SealedBox(public_key_obj)
+    encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
+    
+    # Return base64 encoded encrypted secret
+    return encoding.Base64Encoder().encode(encrypted).decode("utf-8")
+
+
+def add_secret_to_github(token: str, owner: str, repo_name: str, secret_name: str, secret_value: str) -> None:
+    """
+    Add or update a secret in GitHub repository.
+    
+    Args:
+        token: GitHub personal access token (needs 'repo' scope)
+        owner: GitHub repository owner (user or organization)
+        repo_name: Repository name
+        secret_name: Name of the secret to create/update
+        secret_value: Value of the secret (will be encrypted before upload)
+        
+    Raises:
+        GithubException: If GitHub API request fails
+        Exception: For other errors during the process
+    """
+    try:
+        # Initialize GitHub client
+        g = Github(token)
+        
+        # Get the repository
+        repo = g.get_repo(f"{owner}/{repo_name}")
+        
+        # Get the repository's public key for encrypting secrets
+        public_key = repo.get_public_key()
+        
+        # Encrypt the secret
+        encrypted_value = encrypt_secret(public_key.key, secret_value)
+        
+        # Create or update the secret
+        repo.create_secret(secret_name, encrypted_value, public_key.key_id)
+        
+    except GithubException as e:
+        if e.status == 401:
+            raise Exception("Authentication failed. Please check your GitHub token.")
+        elif e.status == 403:
+            raise Exception("Permission denied. Your token needs 'repo' scope to manage secrets.")
+        elif e.status == 404:
+            raise Exception(f"Repository '{owner}/{repo_name}' not found or you don't have access.")
+        else:
+            raise Exception(f"GitHub API error: {e.data.get('message', str(e))}")
+
+
+def setup_github_secrets(public_key: str, github_token: Optional[str] = None) -> Tuple[bool, str]:
+    """
+    Main function to orchestrate GitHub secrets setup.
+    
+    This function:
+    1. Gets GitHub token from parameter or environment variable
+    2. Extracts repository info from git remote
+    3. Uploads the public key to GitHub secrets
+    
+    Args:
+        public_key: The pysealer public key to upload
+        github_token: Optional GitHub token. If None, uses GITHUB_TOKEN env var
+        
+    Returns:
+        Tuple[bool, str]: (success, message)
+        - success: True if secret was uploaded successfully
+        - message: Success or error message
+    """
+    # Get GitHub token
+    token = github_token or os.getenv("GITHUB_TOKEN")
+    if not token:
+        return False, "No GitHub token provided. Use --github-token or set GITHUB_TOKEN environment variable."
+    
+    try:
+        # Get repository information
+        owner, repo_name = get_repo_info()
+        
+        # Upload the secret
+        add_secret_to_github(token, owner, repo_name, "PYSEALER_PUBLIC_KEY", public_key)
+        
+        return True, f"Successfully added PYSEALER_PUBLIC_KEY to {owner}/{repo_name}"
+        
+    except ValueError as e:
+        return False, f"Repository detection failed: {e}"
+    except RuntimeError as e:
+        return False, f"Git error: {e}"
+    except Exception as e:
+        return False, f"Failed to upload secret: {e}"

pysealer/remove_decorators.py

@@ -0,0 +1,88 @@
+"""Remove cryptographic pysealer decorators from all functions and classes in a Python file."""
+
+import ast
+from typing import List, Tuple, Dict
+from pathlib import Path
+
+def remove_decorators(file_path: str) -> Tuple[str, bool]:
+    """
+    Parse a Python file, remove all @pysealer.* decorators from functions and classes, and return the modified code.
+
+    Args:
+        file_path: Path to the Python file to process
+    Returns:
+        Modified Python source code as a string
+    """
+    with open(file_path, 'r') as f:
+        content = f.read()
+
+    tree = ast.parse(content)
+    lines = content.split('\n')
+    lines_to_remove = set()
+
+    for node in ast.walk(tree):
+        if type(node).__name__ in ("FunctionDef", "AsyncFunctionDef", "ClassDef"):
+            if hasattr(node, 'decorator_list'):
+                for decorator in node.decorator_list:
+                    is_pysealer_decorator = False
+                    if isinstance(decorator, ast.Name):
+                        if decorator.id.startswith("pysealer"):
+                            is_pysealer_decorator = True
+                    elif isinstance(decorator, ast.Attribute):
+                        if isinstance(decorator.value, ast.Name) and decorator.value.id == "pysealer":
+                            is_pysealer_decorator = True
+                    elif isinstance(decorator, ast.Call):
+                        func = decorator.func
+                        if isinstance(func, ast.Attribute):
+                            if isinstance(func.value, ast.Name) and func.value.id == "pysealer":
+                                is_pysealer_decorator = True
+                        elif isinstance(func, ast.Name) and func.id.startswith("pysealer"):
+                            is_pysealer_decorator = True
+                    if is_pysealer_decorator:
+                        lines_to_remove.add(decorator.lineno - 1)
+
+    found = len(lines_to_remove) > 0
+    for line_idx in sorted(lines_to_remove, reverse=True):
+        del lines[line_idx]
+
+    modified_code = '\n'.join(lines)
+    return modified_code, found
+
+
+def remove_decorators_from_folder(folder_path: str) -> List[str]:
+    """
+    Remove pysealer decorators from all Python files in a folder (recursively).
+
+    Args:
+        folder_path: Path to the folder to process
+    Returns:
+        List of file paths where decorators were removed
+    """
+    folder = Path(folder_path)
+    
+    if not folder.is_dir():
+        raise NotADirectoryError(f"'{folder_path}' is not a directory")
+    
+    # Find all Python files recursively
+    python_files = list(folder.rglob("*.py"))
+    
+    if not python_files:
+        raise FileNotFoundError(f"No Python files found in '{folder_path}'")
+    
+    files_modified = []
+    
+    for py_file in python_files:
+        try:
+            file_path = str(py_file.resolve())
+            modified_code, found = remove_decorators(file_path)
+            
+            if found:
+                # Write the modified code back to the file
+                with open(file_path, 'w') as f:
+                    f.write(modified_code)
+                files_modified.append(file_path)
+        except Exception as e:
+            # Skip files that can't be processed
+            continue
+    
+    return files_modified