pysealer 0.2.0__cp313-cp313t-musllinux_1_2_x86_64.whl

pysealer/setup.py

@@ -0,0 +1,137 @@
+"""Setup the storage of the pysealer keypair in a .env file."""
+
+import os
+from pathlib import Path
+from typing import Optional
+from dotenv import load_dotenv, set_key
+from pysealer import generate_keypair
+
+
+def _find_env_file() -> Path:
+    """
+    Search for .env file starting from current directory and walking up to parent directories.
+    Also checks PYSEALER_ENV_PATH environment variable.
+    
+    Returns:
+        Path: Path to the .env file
+        
+    Raises:
+        FileNotFoundError: If no .env file is found
+    """
+    # First check if PYSEALER_ENV_PATH environment variable is set
+    env_path_var = os.getenv("PYSEALER_ENV_PATH")
+    if env_path_var:
+        env_path = Path(env_path_var)
+        if env_path.exists():
+            return env_path
+    
+    # Start from current working directory and search upward
+    current = Path.cwd()
+    
+    # Check current directory and all parent directories up to root
+    for parent in [current] + list(current.parents):
+        env_file = parent / '.env'
+        if env_file.exists():
+            return env_file
+    
+    # If not found, return the default location (current directory)
+    # This will be used in error messages
+    return Path.cwd() / '.env'
+
+def setup_keypair(env_path: Optional[str | Path] = None):
+    """
+    Generate and store keypair securely.
+    
+    Args:
+        env_path: Optional path to .env file. If None, creates in current directory.
+    """
+    # Determine .env location
+    if env_path is None:
+        env_path = Path.cwd() / '.env'
+    else:
+        env_path = Path(env_path)
+    
+    # Check if keys already exist
+    if env_path.exists():
+        load_dotenv(env_path)
+        existing_private = os.getenv("PYSEALER_PRIVATE_KEY")
+        existing_public = os.getenv("PYSEALER_PUBLIC_KEY")
+        
+        if existing_private or existing_public:
+            raise ValueError(f"Keys already exist in {env_path} Cannot overwrite existing keys.")
+    
+    # Create .env if it doesn't exist
+    env_path.touch(exist_ok=True)
+
+    # Generate keypair using the Rust function
+    private_key_hex, public_key_hex = generate_keypair()
+    
+    # Store keys in .env file
+    set_key(str(env_path), "PYSEALER_PRIVATE_KEY", private_key_hex)
+    set_key(str(env_path), "PYSEALER_PUBLIC_KEY", public_key_hex)
+    
+    return private_key_hex, public_key_hex
+
+
+def get_public_key(env_path: Optional[str | Path] = None) -> str:
+    """
+    Retrieve the public key from the .env file.
+    
+    Args:
+        env_path: Optional path to .env file. If None, searches from current directory upward.
+    
+    Returns:
+        str: The public key hex string, or None if not found.
+    """
+    # Determine .env location
+    if env_path is None:
+        env_path = _find_env_file()
+    else:
+        env_path = Path(env_path)
+    
+    # Check if .env exists
+    if not env_path.exists():
+        raise FileNotFoundError(f"No .env file found at {env_path}. Run setup_keypair() first.")
+    
+    # Load environment variables from .env
+    load_dotenv(env_path)
+    
+    # Get public key
+    public_key = os.getenv("PYSEALER_PUBLIC_KEY")
+    
+    if public_key is None:
+        raise ValueError(f"PYSEALER_PUBLIC_KEY not found in {env_path}. Run setup_keypair() first.")
+    
+    return public_key
+
+
+def get_private_key(env_path: Optional[str | Path] = None) -> str:
+    """
+    Retrieve the private key from the .env file.
+    
+    Args:
+        env_path: Optional path to .env file. If None, searches from current directory upward.
+    
+    Returns:
+        str: The private key hex string, or None if not found.
+    """
+    # Determine .env location
+    if env_path is None:
+        env_path = _find_env_file()
+    else:
+        env_path = Path(env_path)
+    
+    # Check if .env exists
+    if not env_path.exists():
+        raise FileNotFoundError(f"No .env file found at {env_path}. Run setup_keypair() first.")
+    
+    # Load environment variables from .env
+    load_dotenv(env_path)
+    
+    # Get private key
+    private_key = os.getenv("PYSEALER_PRIVATE_KEY")
+    
+    if private_key is None:
+        raise ValueError(f"PYSEALER_PRIVATE_KEY not found in {env_path}. Run setup_keypair() first.")
+    
+    return private_key

pysealer-0.2.0.dist-info/METADATA

@@ -0,0 +1,171 @@
+Metadata-Version: 2.4
+Name: pysealer
+Version: 0.2.0
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Rust
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Dist: python-dotenv>=1.0.0
+Requires-Dist: typer>=0.9.0
+Requires-Dist: pygithub>=2.1.1
+Requires-Dist: pynacl>=1.5.0
+Requires-Dist: gitpython>=3.1.0
+Requires-Dist: pytest>=7.0.0 ; extra == 'test'
+Requires-Dist: pytest-cov>=4.0.0 ; extra == 'test'
+Requires-Dist: pytest-asyncio>=0.21.0 ; extra == 'test'
+Provides-Extra: test
+License-File: LICENSE
+Summary: Cryptographically sign Python functions and classes for defense-in-depth security
+Keywords: rust,python,decorator,cryptography
+Author: Aidan Dyga
+License: MIT
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown; charset=UTF-8; variant=GFM
+Project-URL: Issues, https://github.com/MCP-Security-Research/pysealer/issues
+Project-URL: Repository, https://github.com/MCP-Security-Research/pysealer
+
+# pysealer
+
+Cryptographically sign Python functions and classes for defense-in-depth security
+
+> 💡 **code version controls code**
+
+- 🦀 Built with the [maturin build system](https://www.maturin.rs/) for easy Rust-Python packaging
+- 🔗 [PyO3](https://pyo3.rs/v0.27.1/index.html) bindings for seamless Python-Rust integration
+- 🔏 [Ed25519](https://docs.rs/ed25519-dalek/latest/ed25519_dalek/) signatures to ensure code integrity and authorship
+- 🖥️ [Typer](https://typer.tiangolo.com/) for a clean and user-friendly command line interface
+
+Pysealer helps you maintain code integrity by automatically adding cryptographic signatures to your Python functions and classes. Each function or class receives a unique decorator containing a cryptographic signature that verifies both authorship and integrity, making it easy to detect unauthorized code modifications.
+
+## Table of Contents
+
+1. [Getting Started](#getting-started)
+2. [Usage](#usage)
+3. [How It Works](#how-it-works)
+4. [Model Context Protocol (MCP) Security Use Cases](#model-context-protocol-mcp-security-use-cases)
+5. [Contributing](#contributing)
+6. [License](#license)
+
+## Getting Started
+
+```shell
+pip install pysealer
+# or
+uv pip install pysealer
+```
+
+## Usage
+
+```shell
+pysealer init [ENV_FILE]         # Initialize the pysealer tool by generating and saving keys to an ENV_FILE (default: .env)
+pysealer decorate <file.py>...   # Add cryptographic decorators to all functions/classes in one or more .py files
+pysealer check <file.py>...      # Verify the integrity and validity of pysealer decorators in one or more .py files
+pysealer remove <file.py>...     # Remove all pysealer decorators from one or more .py files
+pysealer --help                  # Show all available commands and options
+```
+
+## How It Works
+
+Pysealer works by automatically injecting cryptographic decorators into your Python functions and classes. Here's how the process works:
+
+### Step-by-Step Example
+
+Suppose you have a file `fibonacci.py`:
+
+```python
+def fibonacci(n):
+    if n <= 0:
+        return 0
+    elif n == 1:
+        return 1
+    else:
+        return fibonacci(n-1) + fibonacci(n-2)
+```
+
+#### 1. Decorate the file
+
+```shell
+pysealer decorate examples/fibonacci.py
+
+Successfully added decorators to 1 file:
+  ✓ /path/to/examples/fibonacci.py
+```
+
+```python
+@pysealer._GnCLaWr9B6TD524JZ3v1CENXmo5Drwfgvc9arVagbghQ6hMH4Aqc8whs3Tf57pkTjsAVNDybviW9XG5Eu3JSP6T()
+def fibonacci(n):
+    if n <= 0:
+        return 0
+    elif n == 1:
+        return 1
+    else:
+        return fibonacci(n-1) + fibonacci(n-2)
+```
+
+#### 2. Check integrity
+
+```shell
+pysealer check examples/fibonacci.py
+
+All decorators are valid in 1 file:
+✓ /path/to/examples/fibonacci.py: 1 decorators valid
+```
+
+#### 3. Tamper with the code (change return 0 to return 42)
+
+```python
+@pysealer._GnCLaWr9B6TD524JZ3v1CENXmo5Drwfgvc9arVagbghQ6hMH4Aqc8whs3Tf57pkTjsAVNDybviW9XG5Eu3JSP6T()
+def fibonacci(n):
+    if n <= 0:
+        return 42
+    elif n == 1:
+        return 1
+    else:
+        return fibonacci(n-1) + fibonacci(n-2)
+```
+
+#### 4. Check again
+
+```shell
+pysealer check examples/fibonacci.py
+
+1/1 decorators failed verification across 1 file:
+  ✗ /path/to/examples/fibonacci.py: 1/1 decorators failed
+```
+
+## Model Context Protocol (MCP) Security Use Cases
+
+One use case of Pysealer is to protect MCP servers from upstream attacks by cryptographically signing tool functions and their docstrings. Since LLMs rely on docstrings to understand tool behavior, attackers can inject malicious instructions or create fake tools that mimic legitimate ones. Pysealer's signatures ensure tool authenticity and detect tampering because any modification to code or docstrings breaks the signature and flags compromised tools.
+
+- **Detect Version Control Changes**
+  - Automatically detect unauthorized code modifications through cryptographic signatures
+  - Each function's decorator contains a signature based on its code and docstring
+  - Any mismatch between code and signature is immediately flagged
+
+- **Defense-in-Depth for Source Control**
+  - Add an additional security layer to version control systems
+  - Complement existing security measures with cryptographic verification
+  - Reduce risk through multiple layers of protection
+
+## Contributing
+
+**🙌 Contributions are welcome!**
+
+If you have suggestions, bug reports, or want to help improve Pysealer, feel free to open an [issue](https://github.com/MCP-Security-Research/pysealer/issues) or submit a pull request.
+
+All ideas and contributions are appreciated—thanks for helping make pysealer better!
+
+## License
+
+Pysealer is licensed under the MIT License. See [LICENSE](LICENSE) for details.
+

pysealer-0.2.0.dist-info/RECORD

@@ -0,0 +1,15 @@
+pysealer/__init__.py,sha256=iKSceDzfR6fiNPSoKYAhvllIYpxfWXRlOK6TxDbfxbc,944
+pysealer/_pysealer.cpython-313t-x86_64-linux-musl.so,sha256=EL3SNcEMqWiwLkBbJ4r4-Iz2LV1JIXiLeevGNIhOvsQ,678201
+pysealer/add_decorators.py,sha256=-Jq1no002PfFnYeYVQsIGptzZpqVpoopox7RVV5QbtU,8750
+pysealer/check_decorators.py,sha256=LdcVBWS_PbuqJvXNBkOYSaPRiDOMvAlA5SZhjkxGGk8,7203
+pysealer/cli.py,sha256=FMS3Xir3gcwKLLFeInZR6tBg6QhipKMzD5PGrCDp3hY,13837
+pysealer/dummy_decorators.py,sha256=9ORNnMZ6lT5e1gU4Dt9lifAEDfjJ1wCXGiOUfMiqP-w,2807
+pysealer/github_secrets.py,sha256=7SQP1k97vcLsPQqLOBEt-XiSep4dOIHPQI8NCuR-xFg,6120
+pysealer/remove_decorators.py,sha256=v1VpxFid8kqqoj-NuWSWWzCoYUwl1XVYyGdTE8BLbeI,3276
+pysealer/setup.py,sha256=M8wgv4GeVbbC_t0a8PBD5Hn6piqGTFIUTlo1ds6JtAc,4206
+pysealer-0.2.0.dist-info/METADATA,sha256=SnUho5P0sJqiD52V14bZ0Ahh568mJrJxaQKpNkfYfCM,6229
+pysealer-0.2.0.dist-info/WHEEL,sha256=D22VRV7HYPuteMjBjPavK5Qg_RIk0oJeUDr6juBgrp4,109
+pysealer-0.2.0.dist-info/entry_points.txt,sha256=DUDRyFGp10a8FMaLUFE6X94kCD2dciDY66ISXuUySmA,45
+pysealer-0.2.0.dist-info/licenses/LICENSE,sha256=FtcYsMyXNwAqNhOMxR3TwptCUnwb5coRK_UQyWGLJnc,1067
+pysealer.libs/libgcc_s-6d2d9dc8.so.1,sha256=K3sghe0OS1atTYJSB8m0plft2csyIC36q20Ii8UMudc,536145
+pysealer-0.2.0.dist-info/RECORD,,

pysealer-0.2.0.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: maturin (1.11.5)
+Root-Is-Purelib: false
+Tag: cp313-cp313t-musllinux_1_2_x86_64

pysealer-0.2.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+pysealer=pysealer.cli:main

pysealer-0.2.0.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Aidan Dyga
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.