ryeos-node 0.1.1__py3-none-any.whl

ryeos_node/__init__.py

@@ -0,0 +1,3 @@
+"""RYE Execution Node — CAS-native remote execution server."""
+
+__version__ = "0.1.1"

ryeos_node/auth.py

@@ -0,0 +1,301 @@
+"""Authentication for ryeos-node.
+
+Dual auth: signed-request (Ed25519) and HMAC (webhook).
+- Signed-request: verifies X-Rye-Signature headers against authorized key files.
+- Webhook: HMAC-SHA256 signature verification via webhook_bindings table.
+"""
+
+import fnmatch
+import hashlib
+import hmac as hmac_mod
+import logging
+import time
+from dataclasses import dataclass
+from pathlib import Path
+from typing import Optional
+
+try:
+    import tomllib
+except ModuleNotFoundError:
+    import tomli as tomllib  # type: ignore[no-redef]
+
+from fastapi import Depends, HTTPException, Request, status
+
+from ryeos_node.config import Settings, get_settings
+
+logger = logging.getLogger(__name__)
+
+
+# ---------------------------------------------------------------------------
+# Principal (replaces User)
+# ---------------------------------------------------------------------------
+
+
+@dataclass
+class Principal:
+    """Authenticated caller identity.
+
+    fingerprint: Ed25519 key fingerprint (the identity)
+    capabilities: fnmatch patterns from authorized key file
+    owner: human-readable label from authorized key file
+    """
+    fingerprint: str
+    capabilities: list[str]
+    owner: str = ""
+
+
+# ---------------------------------------------------------------------------
+# Authorized key file loading + verification
+# ---------------------------------------------------------------------------
+
+
+def _load_authorized_key(fingerprint: str, settings: Settings) -> dict:
+    """Load and verify an authorized key TOML file.
+
+    The file must be signed by this node's key (signature header line).
+    Returns the parsed TOML dict.
+    Raises HTTPException(401) on any failure.
+    """
+    auth_dir = settings.authorized_keys_dir()
+    key_file = auth_dir / f"{fingerprint}.toml"
+
+    if not key_file.exists():
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Unknown principal")
+
+    raw = key_file.read_text()
+
+    # Verify node signature (first line: # rye:signed:<timestamp>:<hash>:<sig>:<signer_fp>)
+    lines = raw.split("\n", 1)
+    sig_line = lines[0].strip()
+    if not sig_line.startswith("# rye:signed:"):
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Unauthorized key file (unsigned)")
+
+    # Format: <timestamp>:<content_hash>:<sig_b64>:<signer_fp>
+    # Timestamp is ISO 8601 with colons, so rsplit from the right.
+    remainder = sig_line[len("# rye:signed:"):]
+    rparts = remainder.rsplit(":", 3)
+    if len(rparts) != 4:
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Unauthorized key file (malformed sig)")
+
+    _sig_timestamp, content_hash, sig_b64, signer_fp = rparts
+
+    # Verify signature was made by this node's key
+    from rye.primitives.signing import load_keypair, compute_key_fingerprint, verify_signature
+
+    try:
+        _, node_pub = load_keypair(Path(settings.signing_key_dir))
+        node_fp = compute_key_fingerprint(node_pub)
+    except FileNotFoundError:
+        raise HTTPException(
+            status.HTTP_500_INTERNAL_SERVER_ERROR,
+            "Node signing key not configured",
+        )
+
+    if signer_fp != node_fp:
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Unauthorized key file (wrong signer)")
+
+    # The signed content is everything after the signature line
+    body = lines[1] if len(lines) > 1 else ""
+    actual_hash = hashlib.sha256(body.encode()).hexdigest()
+    if actual_hash != content_hash:
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Unauthorized key file (tampered)")
+
+    if not verify_signature(content_hash, sig_b64, node_pub):
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Unauthorized key file (bad signature)")
+
+    # Parse TOML body
+    try:
+        data = tomllib.loads(body)
+    except Exception:
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Unauthorized key file (invalid TOML)")
+
+    # Verify fingerprint matches
+    if data.get("fingerprint") != fingerprint:
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Unauthorized key file (fingerprint mismatch)")
+
+    # Check expiry
+    expires_at = data.get("expires_at")
+    if expires_at:
+        from datetime import datetime, timezone
+        try:
+            exp = datetime.fromisoformat(expires_at.replace("Z", "+00:00"))
+            if datetime.now(timezone.utc) > exp:
+                raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Authorized key expired")
+        except (ValueError, AttributeError):
+            raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Authorized key file (bad expiry)")
+
+    return data
+
+
+def _verify_signed_request(request: Request, raw_body: bytes, settings: Settings) -> Principal:
+    """Verify Ed25519 signed request headers.
+
+    Extracts the caller's fingerprint from X-Rye-Key-Id, loads their
+    authorized key file, verifies the request signature, checks replay,
+    and returns a Principal.
+    """
+    from ryeos_node.replay import get_replay_guard
+
+    key_id = request.headers.get("x-rye-key-id", "")
+    timestamp = request.headers.get("x-rye-timestamp", "")
+    nonce = request.headers.get("x-rye-nonce", "")
+    signature = request.headers.get("x-rye-signature", "")
+
+    if not all([key_id, timestamp, nonce, signature]):
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Missing auth headers")
+
+    # Extract fingerprint from key_id (format: fp:<fingerprint>)
+    if not key_id.startswith("fp:"):
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Invalid key ID format")
+    fingerprint = key_id[3:]
+
+    # Check timestamp freshness
+    try:
+        req_time = int(timestamp)
+    except ValueError:
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Invalid timestamp")
+    now = int(time.time())
+    if abs(now - req_time) > 300:  # 5 minute window
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Request expired")
+
+    # Load authorized key file (verifies node signature, expiry)
+    auth_data = _load_authorized_key(fingerprint, settings)
+
+    # Get caller's public key from authorized key file
+    public_key_b64 = auth_data.get("public_key", "")
+    if not public_key_b64.startswith("ed25519:"):
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Invalid public key format")
+    # The public key PEM is stored as base64 after "ed25519:" prefix
+    # But we stored it as the actual PEM content after the prefix
+    import base64
+    public_key_pem = base64.b64decode(public_key_b64[8:])
+
+    # Compute this node's audience (fp:<node_fingerprint>)
+    from rye.primitives.signing import load_keypair, compute_key_fingerprint, verify_signature
+
+    _, node_pub = load_keypair(Path(settings.signing_key_dir))
+    node_fp = compute_key_fingerprint(node_pub)
+    audience = f"fp:{node_fp}"
+
+    # Reconstruct string_to_sign and verify
+    body_hash = hashlib.sha256(raw_body or b"").hexdigest()
+
+    # Build canonical path from request
+    path = request.url.path
+    query = str(request.url.query) if request.url.query else ""
+    if query:
+        from urllib.parse import parse_qsl, urlencode
+        params = parse_qsl(query, keep_blank_values=True)
+        params.sort()
+        canon_path = f"{path}?{urlencode(params)}"
+    else:
+        canon_path = path
+
+    string_to_sign = "\n".join([
+        "ryeos-request-v1",
+        request.method.upper(),
+        canon_path,
+        body_hash,
+        timestamp,
+        nonce,
+        audience,
+    ])
+
+    content_hash = hashlib.sha256(string_to_sign.encode()).hexdigest()
+    if not verify_signature(content_hash, signature, public_key_pem):
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Invalid signature")
+
+    # Replay check
+    guard = get_replay_guard(settings.cas_base_path)
+    if not guard.check_and_record(fingerprint, nonce):
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Replayed request")
+
+    return Principal(
+        fingerprint=fingerprint,
+        capabilities=auth_data.get("capabilities", []),
+        owner=auth_data.get("owner", ""),
+    )
+
+
+def require_capability(principal: Principal, action: str) -> None:
+    """Raise 403 if principal doesn't have a matching capability.
+
+    Capabilities use fnmatch patterns (e.g., 'rye.execute.tool.*').
+    """
+    for cap in principal.capabilities:
+        if fnmatch.fnmatch(action, cap):
+            return
+    raise HTTPException(
+        status_code=status.HTTP_403_FORBIDDEN,
+        detail=f"Missing required capability: {action}",
+    )
+
+
+async def get_current_principal(
+    request: Request,
+    settings: Settings = Depends(get_settings),
+) -> Principal:
+    """FastAPI dependency: authenticate via signed request headers."""
+    raw_body = await request.body()
+    return _verify_signed_request(request, raw_body, settings)
+
+
+# ---------------------------------------------------------------------------
+# HMAC webhook verification (unchanged — external services don't have Ed25519)
+# ---------------------------------------------------------------------------
+
+WEBHOOK_TIMESTAMP_MAX_FUTURE_SECONDS = 30
+WEBHOOK_TIMESTAMP_MAX_AGE_SECONDS = 300
+
+
+def verify_timestamp(timestamp: str) -> None:
+    """Reject stale or future webhook timestamps."""
+    if not timestamp:
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Invalid webhook auth")
+    try:
+        ts = int(timestamp)
+    except ValueError:
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Invalid webhook auth")
+    now = int(time.time())
+    if ts > now + WEBHOOK_TIMESTAMP_MAX_FUTURE_SECONDS:
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Invalid webhook auth")
+    if now - ts > WEBHOOK_TIMESTAMP_MAX_AGE_SECONDS:
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Invalid webhook auth")
+
+
+def verify_hmac(timestamp: str, raw_body: bytes, secret: str, signature: str) -> None:
+    """Verify HMAC-SHA256 signature over timestamp.raw_body."""
+    if not signature or not signature.startswith("sha256="):
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Invalid webhook auth")
+    received = signature[7:]
+    if len(received) != 64:
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Invalid webhook auth")
+    signed = timestamp.encode() + b"." + raw_body
+    expected = hmac_mod.new(
+        secret.encode(),
+        signed,
+        hashlib.sha256,
+    ).hexdigest()
+    if not hmac_mod.compare_digest(expected, received):
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Invalid webhook auth")
+
+
+# ---------------------------------------------------------------------------
+# ResolvedExecution — normalized result from dual-auth
+# ---------------------------------------------------------------------------
+
+
+@dataclass
+class ResolvedExecution:
+    """Normalized execution request after auth resolution.
+
+    Both signed-request and webhook paths produce this. The /execute handler
+    doesn't know or care which auth path was used.
+    """
+    principal: Principal
+    item_type: str
+    item_id: str
+    project_path: str
+    parameters: dict
+    thread: str
+    secret_envelope: dict | None = None

ryeos_node/config.py

@@ -0,0 +1,151 @@
+"""Configuration for ryeos-node server."""
+
+import logging
+from functools import lru_cache
+from pathlib import Path
+from typing import Any, Dict, Optional
+
+import yaml
+from pydantic import ConfigDict, model_validator
+from pydantic_settings import BaseSettings
+
+logger = logging.getLogger(__name__)
+
+
+def _load_node_yaml(node_config_dir: str, cas_base_path: str) -> Dict[str, Any]:
+    """Load node.yaml from node config space, return flattened settings dict.
+
+    Maps nested node.yaml fields to flat Settings field names.
+    Returns empty dict if file doesn't exist or fails to parse.
+    """
+    config_root = Path(node_config_dir) if node_config_dir else Path(cas_base_path) / "config"
+    node_yaml_path = config_root / ".ai" / "config" / "node" / "node.yaml"
+
+    if not node_yaml_path.is_file():
+        return {}
+
+    try:
+        text = node_yaml_path.read_text(encoding="utf-8")
+        # Skip rye:signed header line
+        lines = text.splitlines(keepends=True)
+        if lines and lines[0].startswith("# rye:signed:"):
+            text = "".join(lines[1:])
+        data = yaml.safe_load(text)
+    except Exception:
+        logger.warning("Failed to load node.yaml from %s", node_yaml_path, exc_info=True)
+        return {}
+
+    if not isinstance(data, dict):
+        return {}
+
+    result: Dict[str, Any] = {}
+
+    identity = data.get("identity")
+    if isinstance(identity, dict):
+        if "name" in identity:
+            result["rye_remote_name"] = identity["name"]
+        if "signing_key_dir" in identity:
+            result["signing_key_dir"] = identity["signing_key_dir"]
+
+    features = data.get("features")
+    if isinstance(features, dict):
+        if "registry" in features:
+            result["registry_enabled"] = features["registry"]
+
+    limits = data.get("limits")
+    if isinstance(limits, dict):
+        if "max_concurrent" in limits:
+            result["max_concurrent"] = limits["max_concurrent"]
+        if "max_request_bytes" in limits:
+            result["max_request_bytes"] = limits["max_request_bytes"]
+        if "max_user_storage_bytes" in limits:
+            result["max_user_storage_bytes"] = limits["max_user_storage_bytes"]
+
+    return result
+
+
+class Settings(BaseSettings):
+    model_config = ConfigDict(env_file=".env", env_file_encoding="utf-8")
+
+    # CAS storage
+    cas_base_path: str = "/cas"
+
+    # Remote signing key
+    signing_key_dir: str = "/cas/signing"
+
+    # Node config (authorized keys, node identity)
+    node_config_dir: str = ""  # defaults to <cas_base_path>/config/
+
+    # Remote identity (server-asserted, set via RYE_REMOTE_NAME env var)
+    rye_remote_name: str = "default"
+
+    # Registry
+    registry_enabled: bool = False
+
+    # Concurrency
+    max_concurrent: int = 8
+
+    # Server
+    host: str = "0.0.0.0"
+    port: int = 8000
+
+    # Limits
+    max_request_bytes: int = 50 * 1024 * 1024  # 50MB
+    max_user_storage_bytes: int = 1024 * 1024 * 1024  # 1GB
+
+    @model_validator(mode="before")
+    @classmethod
+    def _apply_node_yaml_defaults(cls, values: Dict[str, Any]) -> Dict[str, Any]:
+        """Load node.yaml values as defaults — env vars override."""
+        node_config_dir = values.get("node_config_dir", "")
+        cas_base_path = values.get("cas_base_path", "/cas")
+        node_defaults = _load_node_yaml(node_config_dir, cas_base_path)
+
+        # node.yaml provides defaults: only set if not already provided
+        for key, val in node_defaults.items():
+            if key not in values or values[key] is None:
+                values[key] = val
+
+        return values
+
+    def _node_config(self) -> Path:
+        if self.node_config_dir:
+            return Path(self.node_config_dir)
+        return Path(self.cas_base_path) / "config"
+
+    def authorized_keys_dir(self) -> Path:
+        return self._node_config() / "authorized_keys"
+
+    def node_yaml_path(self) -> Path:
+        return self._node_config() / ".ai" / "config" / "node" / "node.yaml"
+
+    def hardware_descriptors(self) -> Dict[str, Any]:
+        """Read hardware section from node.yaml. Returns empty dict if unavailable."""
+        path = self.node_yaml_path()
+        if not path.is_file():
+            return {}
+        try:
+            text = path.read_text(encoding="utf-8")
+            lines = text.splitlines(keepends=True)
+            if lines and lines[0].startswith("# rye:signed:"):
+                text = "".join(lines[1:])
+            data = yaml.safe_load(text)
+            if isinstance(data, dict) and isinstance(data.get("hardware"), dict):
+                return data["hardware"]
+        except Exception:
+            logger.debug("Failed to read hardware from node.yaml", exc_info=True)
+        return {}
+
+    def user_cas_root(self, fingerprint: str) -> Path:
+        return Path(self.cas_base_path) / fingerprint / ".ai" / "objects"
+
+    def cache_root(self, fingerprint: str) -> Path:
+        return Path(self.cas_base_path) / fingerprint / "cache"
+
+    def exec_root(self, fingerprint: str) -> Path:
+        return Path(self.cas_base_path) / fingerprint / "executions"
+
+
+@lru_cache
+def get_settings() -> Settings:
+    return Settings()

ryeos_node/executions.py

@@ -0,0 +1,197 @@
+"""Local filesystem execution record tracking.
+
+Replaces Supabase threads table with running files, append-only
+execution log, and by-id index for O(1) lookup.
+"""
+
+import datetime
+import json
+import logging
+import os
+from pathlib import Path
+
+logger = logging.getLogger(__name__)
+
+
+def register_execution(
+    cas_base: str,
+    user_fp: str,
+    thread_id: str,
+    item_type: str,
+    item_id: str,
+    project_manifest_hash: str,
+    user_manifest_hash: str | None,
+    project_path: str | None,
+    remote_name: str,
+    system_version: str,
+) -> None:
+    try:
+        running_dir = Path(cas_base) / user_fp / "running"
+        running_dir.mkdir(parents=True, exist_ok=True)
+        record = {
+            "thread_id": thread_id,
+            "user_id": user_fp,
+            "item_type": item_type,
+            "item_id": item_id,
+            "execution_mode": "remote",
+            "remote_name": remote_name,
+            "project_path": project_path,
+            "project_manifest_hash": project_manifest_hash,
+            "user_manifest_hash": user_manifest_hash,
+            "system_version": system_version,
+            "state": "running",
+            "created_at": datetime.datetime.now(datetime.timezone.utc).isoformat(),
+        }
+        (running_dir / f"{thread_id}.json").write_text(json.dumps(record))
+    except Exception:
+        logger.warning("Failed to register execution %s", thread_id, exc_info=True)
+
+
+def complete_execution(
+    cas_base: str,
+    user_fp: str,
+    thread_id: str,
+    state: str,
+    snapshot_hash: str | None = None,
+    runtime_outputs_bundle_hash: str | None = None,
+    merge_conflicts: dict | None = None,
+    unmerged_snapshot_hash: str | None = None,
+) -> None:
+    try:
+        base = Path(cas_base) / user_fp
+        running_file = base / "running" / f"{thread_id}.json"
+
+        # Read base metadata from running file
+        if running_file.exists():
+            record = json.loads(running_file.read_text())
+        else:
+            record = {"thread_id": thread_id}
+
+        completed_at = datetime.datetime.now(datetime.timezone.utc).isoformat()
+        record.update({
+            "state": state,
+            "completed_at": completed_at,
+            "snapshot_hash": snapshot_hash,
+            "runtime_outputs_bundle_hash": runtime_outputs_bundle_hash,
+            "merge_conflicts": merge_conflicts,
+            "unmerged_snapshot_hash": unmerged_snapshot_hash,
+        })
+
+        # Write by-id index
+        by_id_dir = base / "executions" / "by-id"
+        by_id_dir.mkdir(parents=True, exist_ok=True)
+        (by_id_dir / thread_id).write_text(json.dumps(record))
+
+        # Append to log
+        log_dir = base / "logs"
+        log_dir.mkdir(parents=True, exist_ok=True)
+        log_entry = {
+            "thread_id": thread_id,
+            "state": state,
+            "project_path": record.get("project_path"),
+            "completed_at": completed_at,
+            "snapshot_hash": snapshot_hash,
+        }
+        with open(log_dir / "executions.log", "a") as f:
+            f.write(json.dumps(log_entry) + "\n")
+
+        # Remove running file
+        if running_file.exists():
+            running_file.unlink()
+    except Exception:
+        logger.warning("Failed to complete execution %s", thread_id, exc_info=True)
+
+
+def list_executions(
+    cas_base: str,
+    user_fp: str,
+    project_path: str | None = None,
+    limit: int = 20,
+) -> list[dict]:
+    base = Path(cas_base) / user_fp
+    results: list[dict] = []
+
+    # Collect in-flight executions from running dir
+    running_dir = base / "running"
+    if running_dir.is_dir():
+        for f in running_dir.iterdir():
+            if f.suffix == ".json":
+                try:
+                    rec = json.loads(f.read_text())
+                    if project_path is None or rec.get("project_path") == project_path:
+                        results.append(rec)
+                except Exception:
+                    logger.warning("Failed to read running file %s", f, exc_info=True)
+
+    # Read completed executions from log (most recent first)
+    log_file = base / "logs" / "executions.log"
+    if log_file.is_file():
+        try:
+            lines = log_file.read_text().splitlines()
+            for line in reversed(lines):
+                if len(results) >= limit:
+                    break
+                if not line.strip():
+                    continue
+                try:
+                    entry = json.loads(line)
+                    if project_path is None or entry.get("project_path") == project_path:
+                        results.append(entry)
+                except json.JSONDecodeError:
+                    continue
+        except Exception:
+            logger.warning("Failed to read execution log", exc_info=True)
+
+    return results[:limit]
+
+
+def get_execution(
+    cas_base: str,
+    user_fp: str,
+    thread_id: str,
+) -> dict | None:
+    base = Path(cas_base) / user_fp
+
+    # Check by-id index first
+    by_id_file = base / "executions" / "by-id" / thread_id
+    if by_id_file.is_file():
+        try:
+            return json.loads(by_id_file.read_text())
+        except Exception:
+            logger.warning("Failed to read by-id record %s", thread_id, exc_info=True)
+
+    # Fall back to running dir
+    running_file = base / "running" / f"{thread_id}.json"
+    if running_file.is_file():
+        try:
+            return json.loads(running_file.read_text())
+        except Exception:
+            logger.warning("Failed to read running file %s", thread_id, exc_info=True)
+
+    return None
+
+
+def store_conflict_record(
+    cas_base: str,
+    user_fp: str,
+    thread_id: str,
+    conflicts: dict,
+    unmerged_snapshot: str,
+) -> None:
+    try:
+        by_id_file = Path(cas_base) / user_fp / "executions" / "by-id" / thread_id
+        if by_id_file.is_file():
+            record = json.loads(by_id_file.read_text())
+            record["merge_conflicts"] = conflicts
+            record["unmerged_snapshot_hash"] = unmerged_snapshot
+            by_id_file.write_text(json.dumps(record))
+        else:
+            by_id_file.parent.mkdir(parents=True, exist_ok=True)
+            record = {
+                "thread_id": thread_id,
+                "merge_conflicts": conflicts,
+                "unmerged_snapshot_hash": unmerged_snapshot,
+            }
+            by_id_file.write_text(json.dumps(record))
+    except Exception:
+        logger.warning("Failed to store conflict record %s", thread_id, exc_info=True)