slide-narrator 1.0.1__py3-none-any.whl → 1.0.2__py3-none-any.whl

narrator/__init__.py

@@ -8,7 +8,7 @@ from .models.thread import Thread
 from .models.message import Message
 from .models.attachment import Attachment
 
-__version__ = "1.0.1"
+__version__ = "1.0.2"
 __all__ = [
     "ThreadStore",
     "FileStore", 

narrator/database/storage_backend.py

@@ -1,6 +1,7 @@
 """Storage backend implementations for ThreadStore."""
 from abc import ABC, abstractmethod
 from typing import List, Optional, Dict, Any, Union
+import re
 from datetime import datetime, UTC
 import json
 import os
@@ -20,6 +21,12 @@ from .models import Base, ThreadRecord, MessageRecord
 
 logger = get_logger(__name__)
 
+def _sanitize_key(component: str) -> str:
+    """Allow only alphanumeric and underscore for JSON path keys to avoid SQL injection."""
+    if not re.fullmatch(r"[A-Za-z0-9_]+", component):
+        raise ValueError(f"Invalid key component: {component}")
+    return component
+
 class StorageBackend(ABC):
     """Abstract base class for thread storage backends."""
     
@@ -149,28 +156,22 @@ class MemoryBackend(StorageBackend):
         Returns:
             List of messages matching the criteria (possibly empty)
         """
+        matches: List[Message] = []
         # Traverse all threads and messages
         for thread in self._threads.values():
             for message in thread.messages:
-                # Use the path to navigate to the target attribute
-                current = message.model_dump(mode="python")
-                
+                current: Any = message.model_dump(mode="python")
                 # Navigate the nested structure
-                parts = path.split('.')
+                parts = [p for p in path.split('.') if p]
                 for part in parts:
                     if isinstance(current, dict) and part in current:
                         current = current[part]
                     else:
                         current = None
                         break
-                
-                # Check if we found a match
                 if current == value:
-                    # For MemoryBackend, we can't return MessageRecord objects
-                    # Return a list containing the message data that the ThreadStore can handle
-                    return [message]
-        
-        return []
+                    matches.append(message)
+        return matches
 
 class SQLBackend(StorageBackend):
     """SQL storage backend supporting both SQLite and PostgreSQL with proper connection pooling."""
@@ -437,7 +438,17 @@ class SQLBackend(StorageBackend):
             for key, value in attributes.items():
                 if self.database_url.startswith('sqlite'):
                     # Use SQLite json_extract
-                    query = query.where(text(f"json_extract(attributes, '$.{key}') = :value").bindparams(value=str(value)))
+                    safe_key = _sanitize_key(key)
+                    if value is None:
+                        query = query.where(text(f"json_extract(attributes, '$.{safe_key}') IS NULL"))
+                    elif isinstance(value, bool):
+                        # SQLite stores booleans as 1/0
+                        num_val = 1 if value else 0
+                        query = query.where(text(f"json_extract(attributes, '$.{safe_key}') = {num_val}"))
+                    else:
+                        query = query.where(
+                            text(f"json_extract(attributes, '$.{safe_key}') = :value").bindparams(value=str(value))
+                        )
                 else:
                     # Use PostgreSQL JSONB operators via text() for direct SQL control
                     logger.info(f"Searching for attribute[{key}] = {value} (type: {type(value)})")
@@ -445,7 +456,8 @@ class SQLBackend(StorageBackend):
                     # Handle different value types appropriately
                     if value is None:
                         # Check for null/None values
-                        query = query.where(text(f"attributes->>'{key}' IS NULL"))
+                        safe_key = _sanitize_key(key)
+                        query = query.where(text(f"attributes->>'{safe_key}' IS NULL"))
                     else:
                         # Convert value to string for text comparison
                         str_value = str(value)
@@ -454,10 +466,11 @@ class SQLBackend(StorageBackend):
                             str_value = str(value).lower()
                         
                         # Use PostgreSQL's JSONB operators for direct string comparison
-                        param_name = f"attr_{key}"
+                        safe_key = _sanitize_key(key)
+                        param_name = f"attr_{safe_key}"
                         bp = bindparam(param_name, str_value)
                         query = query.where(
-                            text(f"attributes->>'{key}' = :{param_name}").bindparams(bp)
+                            text(f"attributes->>'{safe_key}' = :{param_name}").bindparams(bp)
                         )
             
             # Log the final query for debugging
@@ -481,28 +494,38 @@ class SQLBackend(StorageBackend):
             
             if self.database_url.startswith('sqlite'):
                 # Use SQLite json_extract for platform name
-                query = query.where(text(f"json_extract(platforms, '$.{platform_name}') IS NOT NULL"))
+                safe_platform = _sanitize_key(platform_name)
+                query = query.where(text(f"json_extract(platforms, '$.{safe_platform}') IS NOT NULL"))
                 # Add property conditions
                 for key, value in properties.items():
                     # Convert value to string for text comparison
-                    str_value = str(value)
-                    param_name = f"value_{platform_name}_{key}" # Ensure unique param name
-                    bp = bindparam(param_name, str_value)
-                    query = query.where(
-                        text(f"json_extract(platforms, '$.{platform_name}.{key}') = :{param_name}")
-                        .bindparams(bp)
-                    )
+                    safe_key = _sanitize_key(key)
+                    if value is None:
+                        query = query.where(text(f"json_extract(platforms, '$.{safe_platform}.{safe_key}') IS NULL"))
+                    elif isinstance(value, bool):
+                        num_val = 1 if value else 0
+                        query = query.where(text(f"json_extract(platforms, '$.{safe_platform}.{safe_key}') = {num_val}"))
+                    else:
+                        str_value = str(value)
+                        param_name = f"value_{safe_platform}_{safe_key}" # Ensure unique param name
+                        bp = bindparam(param_name, str_value)
+                        query = query.where(
+                            text(f"json_extract(platforms, '$.{safe_platform}.{safe_key}') = :{param_name}")
+                            .bindparams(bp)
+                        )
             else:
                 # Use PostgreSQL JSONB operators for platform checks
-                query = query.where(text(f"platforms ? '{platform_name}'"))
+                safe_platform = _sanitize_key(platform_name)
+                query = query.where(text(f"platforms ? '{safe_platform}'"))
                 
                 # Add property conditions with text() for proper PostgreSQL JSONB syntax
                 for key, value in properties.items():
                     str_value = str(value)
-                    param_name = f"value_{platform_name}_{key}"
+                    safe_key = _sanitize_key(key)
+                    param_name = f"value_{safe_platform}_{safe_key}"
                     bp = bindparam(param_name, str_value)
                     query = query.where(
-                        text(f"platforms->'{platform_name}'->>'{key}' = :{param_name}")
+                        text(f"platforms->'{safe_platform}'->>'{safe_key}' = :{param_name}")
                         .bindparams(bp)
                     )
             
@@ -540,16 +563,33 @@ class SQLBackend(StorageBackend):
         try:
             query = select(MessageRecord)
             
+            # Normalize and sanitize path parts
+            parts = [p for p in path.split('.') if p]
+            parts = [_sanitize_key(p) for p in parts]
+            if not parts:
+                return []
+            # Support paths prefixed with 'source.' by stripping the leading component
+            if parts and parts[0] == 'source':
+                parts = parts[1:]
+                if not parts:
+                    return []
             if self.database_url.startswith('sqlite'):
-                # Use SQLite json_extract
-                json_path = '$.' + path.replace('.', '.')
-                query = query.where(text(f"json_extract(source, '{json_path}') = :value").bindparams(value=str(value)))
+                # Use SQLite json_extract with a proper JSON path: $.a.b.c (safe due to sanitized parts)
+                json_path = '$.' + '.'.join(parts)
+                query = query.where(
+                    text(f"json_extract(source, '{json_path}') = :value").bindparams(value=str(value))
+                )
             else:
-                # Use PostgreSQL JSONB operators
-                # Convert dot notation to PostgreSQL JSON path
-                path_parts = path.split('.')
-                json_path = '->'.join([f"'{part}'" for part in path_parts[:-1]]) + f"->>'{path_parts[-1]}'"
-                query = query.where(text(f"source{json_path} = :value").bindparams(value=str(value)))
+                # Use PostgreSQL JSONB operators: source->'a'->'b'->>'c' (last part text)
+                if len(parts) == 1:
+                    pg_expr = f"source->>'{parts[0]}'"
+                else:
+                    head = parts[:-1]
+                    tail = parts[-1]
+                    pg_expr = "source" + ''.join([f"->'{h}'" for h in head]) + f"->>'{tail}'"
+                query = query.where(
+                    text(f"{pg_expr} = :value").bindparams(value=str(value))
+                )
             
             result = await session.execute(query)
             return result.scalars().all()

narrator/storage/file_store.py

@@ -494,13 +494,7 @@ class FileStore:
                 files.append(file_id)
         return files
 
-    def _handle_data_url(self, content: bytes) -> bytes:
-        """Handle data URLs"""
-        if self.content.startswith('data:'):
-            # Handle data URLs
-            header, encoded = self.content.split(",", 1)
-            return base64.b64decode(encoded)
-        return content
+    # Note: data URL handling is performed at the Attachment layer where the content type is known.
 
     @classmethod
     def get_base_path(cls) -> str:

narrator/utils/logging.py

@@ -3,36 +3,30 @@ import os
 import logging
 from typing import Optional
 
+class _NarratorNullHandler(logging.Handler):
+    def emit(self, record):
+        pass
+
 _is_configured = False
 
 def _ensure_logging_configured():
-    """Internal function to configure logging if not already configured."""
+    """Attach a NullHandler and optionally set level based on env without overriding app config."""
     global _is_configured
     if _is_configured:
         return
 
-    # Get log level from environment and convert to uppercase
-    log_level_str = os.getenv('NARRATOR_LOG_LEVEL', os.getenv('LOG_LEVEL', 'INFO')).upper()
-    
-    # Convert string to logging level constant
-    try:
-        log_level = getattr(logging, log_level_str)
-    except AttributeError:
-        print(f"Invalid LOG_LEVEL: {log_level_str}. Defaulting to INFO.")
-        log_level = logging.INFO
-    
-    # Configure the root logger with our format
-    logging.basicConfig(
-        level=log_level,
-        format='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
-        datefmt='%H:%M:%S',
-        force=True  # Ensure we override any existing configuration
-    )
-    
-    # Get the root logger and set its level
-    root_logger = logging.getLogger()
-    root_logger.setLevel(log_level)
-    
+    logger = logging.getLogger('narrator')
+    # Avoid duplicate handlers
+    if not any(isinstance(h, _NarratorNullHandler) for h in logger.handlers):
+        logger.addHandler(_NarratorNullHandler())
+
+    # Respect env level but do not call basicConfig or force reconfigure
+    log_level_str = os.getenv('NARRATOR_LOG_LEVEL', os.getenv('LOG_LEVEL', '')).upper()
+    if log_level_str:
+        level = getattr(logging, log_level_str, None)
+        if isinstance(level, int):
+            logger.setLevel(level)
+
     _is_configured = True
 
 def get_logger(name: Optional[str] = None) -> logging.Logger:
@@ -55,4 +49,4 @@ def get_logger(name: Optional[str] = None) -> logging.Logger:
         logger.debug("Debug message")  # Will respect NARRATOR_LOG_LEVEL from .env
     """
     _ensure_logging_configured()
-    return logging.getLogger(name or '__name__') 
+    return logging.getLogger(name or 'narrator.unknown')

{slide_narrator-1.0.1.dist-info → slide_narrator-1.0.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: slide-narrator
-Version: 1.0.1
+Version: 1.0.2
 Summary: Thread and file storage components for conversational AI - the companion to Tyler AI framework
 Project-URL: Homepage, https://github.com/adamwdraper/slide
 Project-URL: Repository, https://github.com/adamwdraper/slide
@@ -15,6 +15,7 @@ Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Requires-Python: >=3.11
 Requires-Dist: aiosqlite>=0.21.0
 Requires-Dist: alembic>=1.14.1
@@ -25,7 +26,6 @@ Requires-Dist: pydantic>=2.10.4
 Requires-Dist: pypdf>=5.3.0
 Requires-Dist: python-magic>=0.4.0
 Requires-Dist: sqlalchemy>=2.0.36
-Requires-Dist: uuid-utils>=0.10.0
 Provides-Extra: dev
 Requires-Dist: coverage>=7.6.10; extra == 'dev'
 Requires-Dist: pytest-asyncio>=0.25.2; extra == 'dev'
@@ -533,7 +533,7 @@ uv run pytest tests/ -v
 ### Test Requirements
 
 The test suite requires:
-- Python 3.12+
+- Python 3.13+
 - pytest with async support
 - Test coverage reporting
 - System dependencies (libmagic for file type detection)

{slide_narrator-1.0.1.dist-info → slide_narrator-1.0.2.dist-info}/RECORD

@@ -1,8 +1,8 @@
-narrator/__init__.py,sha256=ZitqLYs56vOVMMvnLwbE4AFC_ZK31cC97BVH8Ei-QBs,403
+narrator/__init__.py,sha256=xNe6Xc5aX4gZbtgxEq8k93iUfr62z2dIFsrVScEDIAk,403
 narrator/database/__init__.py,sha256=UngOnFqImCeJiMZlMasm72mC4-UnJDDvfu1MNQLkRA8,189
 narrator/database/cli.py,sha256=QvET17X5kLZ7GiOTw0b80-u4FuI-tOTu4SjAqCBkiSs,8355
 narrator/database/models.py,sha256=wsG_5GrPo41hAcojjZTZmSx6bijea-Skan-DwzHs8os,2607
-narrator/database/storage_backend.py,sha256=UeMgxW8h3ZNWORZNH_f-jZuHNjHpREBaOOAFPeEPlvA,25444
+narrator/database/storage_backend.py,sha256=y0bPNNHpIYInLTXwncY7LMU7B6zWQE3zcPanmQXa1XM,27481
 narrator/database/thread_store.py,sha256=vMIPDdwuSpTyPogEUmxGcILxM_r1wxoQBUOn8XJpdqM,11301
 narrator/database/migrations/__init__.py,sha256=IqoSL8eCcbcOtn96u2_TTrNG0KN1Jn1yreDZEO4RsnM,173
 narrator/models/__init__.py,sha256=J8Rsv2lmfGR5QmUjoAPEFTSQt5TGtyrBynnp17HdZnU,179
@@ -10,11 +10,11 @@ narrator/models/attachment.py,sha256=6fZnGla_Ahgc4Kro2bHBTWoF_Kr-mUBHzONizVH73oc
 narrator/models/message.py,sha256=-e0WzT5cJMrh7dDQgofHkHz0-z2KF4fHhe8nk9iG_OQ,21144
 narrator/models/thread.py,sha256=4HKnCW8MkF52vYA6FQga1awxMA7OPjxOZL4QBcXpYOo,19218
 narrator/storage/__init__.py,sha256=K4cxGITSQoQiw32QOWZsCBm11fwDTbsyzHGeAqcL6yY,101
-narrator/storage/file_store.py,sha256=-k1ZYzKYioCMiP7KfWuuCmCeAzDqRv38ndpuM75yISY,20047
+narrator/storage/file_store.py,sha256=m2btUQcbqpHbWm-htPe1_zwcGRmFXatmS_m9rB9ac2U,19858
 narrator/utils/__init__.py,sha256=P4BhLvBJbBvb8qha2tTZPlYbjCRXth_K97f4vNc77UI,109
-narrator/utils/logging.py,sha256=K9EWI7lP4CNQpPwggiqzMex7oF6oyL3wIVLik2iuXd4,1983
-slide_narrator-1.0.1.dist-info/METADATA,sha256=ie1ZcCU3YGEjsDrYmBqOFbCoSuTzCGtTTUNKsOiUKP4,16497
-slide_narrator-1.0.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-slide_narrator-1.0.1.dist-info/entry_points.txt,sha256=5Oa53AERvPVdrEvsdWbY85xfzAGayOqq_P4KEmf1khA,56
-slide_narrator-1.0.1.dist-info/licenses/LICENSE,sha256=g6cGasroU9sqSOjThWg14w0BMlwZhgmOQQVTiu036ks,1068
-slide_narrator-1.0.1.dist-info/RECORD,,
+narrator/utils/logging.py,sha256=Hm6D4VX03e28UCkNS1pCOXnYQKHQ2nz_PvZX8h-wLgg,1807
+slide_narrator-1.0.2.dist-info/METADATA,sha256=MBGv40hmJ_tUlCEWgjKogzQWEpef4u9G0gs5RjSIHjA,16514
+slide_narrator-1.0.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+slide_narrator-1.0.2.dist-info/entry_points.txt,sha256=5Oa53AERvPVdrEvsdWbY85xfzAGayOqq_P4KEmf1khA,56
+slide_narrator-1.0.2.dist-info/licenses/LICENSE,sha256=g6cGasroU9sqSOjThWg14w0BMlwZhgmOQQVTiu036ks,1068
+slide_narrator-1.0.2.dist-info/RECORD,,