vallignus 0.4.0__py3-none-any.whl

vallignus/identity/__init__.py

@@ -0,0 +1,5 @@
+"""Identity management for session persistence in testing automation"""
+
+from vallignus.identity.manager import IdentityManager
+
+__all__ = ['IdentityManager']

vallignus/identity/chrome.py

@@ -0,0 +1,47 @@
+"""Chrome cookie extraction for testing automation and session persistence"""
+
+import os
+import sys
+from typing import Dict
+
+import browser_cookie3
+
+
+def get_chrome_cookies(domain: str, profile: str = "Default") -> Dict[str, str]:
+    """
+    Extract cookies from Chrome for testing automation.
+    
+    Args:
+        domain: Domain to get cookies for (e.g., "github.com")
+        profile: Chrome profile name (default: "Default")
+    
+    Returns:
+        Dictionary of cookie name-value pairs
+    """
+    # Normalize domain
+    domain = domain.strip().lower().replace('https://', '').replace('http://', '').split('/')[0]
+    
+    # Get Chrome cookie file path based on OS
+    if sys.platform == "darwin":
+        profiles_dir = os.path.expanduser("~/Library/Application Support/Google/Chrome/")
+        cookie_file = os.path.join(profiles_dir, profile, "Cookies")
+    elif sys.platform == "win32":
+        profiles_dir = os.path.expandvars("%LOCALAPPDATA%\\Google\\Chrome\\User Data\\")
+        cookie_file = os.path.join(profiles_dir, profile, "Network", "Cookies")
+    else:
+        profiles_dir = os.path.expanduser("~/.config/google-chrome/")
+        cookie_file = os.path.join(profiles_dir, profile, "Cookies")
+    
+    if not os.path.exists(cookie_file):
+        raise FileNotFoundError(f"Chrome cookie file not found: {cookie_file}")
+    
+    # Use browser-cookie3 to get and decrypt cookies
+    try:
+        cj = browser_cookie3.chrome(cookie_file=cookie_file, domain_name=domain)
+    except Exception as e:
+        if "locked" in str(e).lower():
+            raise RuntimeError("Chrome is open. Close Chrome and try again.")
+        raise
+    
+    cookies = {cookie.name: cookie.value for cookie in cj}
+    return cookies

vallignus/identity/manager.py

@@ -0,0 +1,175 @@
+"""Identity manager for session persistence in testing automation"""
+
+import json
+import os
+from pathlib import Path
+from typing import Dict, List, Optional
+
+from cryptography.fernet import Fernet
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+import base64
+
+from vallignus.identity.chrome import get_chrome_cookies
+
+
+class IdentityManager:
+    """
+    Manages browser session persistence for testing automation.
+    
+    This class provides methods to save and restore browser sessions (cookies)
+    for use in automated testing scenarios. Sessions are stored encrypted
+    in the user's home directory.
+    """
+    
+    def __init__(self, sessions_dir: Optional[Path] = None):
+        """
+        Initialize the IdentityManager.
+        
+        Args:
+            sessions_dir: Optional custom path for session storage.
+                         Defaults to ~/.vallignus/sessions/
+        """
+        if sessions_dir is None:
+            home = Path.home()
+            sessions_dir = home / ".vallignus" / "sessions"
+        
+        self.sessions_dir = Path(sessions_dir)
+        self.sessions_dir.mkdir(parents=True, exist_ok=True)
+        
+        # Initialize encryption key (derived from user's home directory)
+        self._encryption_key = self._get_encryption_key()
+    
+    def _get_encryption_key(self) -> bytes:
+        """
+        Generate or retrieve encryption key for session storage.
+        
+        Uses a key derived from the user's home directory path for consistency.
+        In production, you might want to use a user-provided password or keychain.
+        """
+        # Derive key from home directory (deterministic but user-specific)
+        home_str = str(Path.home()).encode()
+        kdf = PBKDF2HMAC(
+            algorithm=hashes.SHA256(),
+            length=32,
+            salt=b'vallignus_salt',  # In production, use a random salt per user
+            iterations=100000,
+        )
+        key = base64.urlsafe_b64encode(kdf.derive(home_str))
+        return key
+    
+    def _encrypt_data(self, data: Dict) -> bytes:
+        """Encrypt session data before storage"""
+        f = Fernet(self._encryption_key)
+        json_data = json.dumps(data).encode('utf-8')
+        return f.encrypt(json_data)
+    
+    def _decrypt_data(self, encrypted_data: bytes) -> Dict:
+        """Decrypt session data after retrieval"""
+        f = Fernet(self._encryption_key)
+        decrypted = f.decrypt(encrypted_data)
+        return json.loads(decrypted.decode('utf-8'))
+    
+    def snapshot(
+        self,
+        domain: str,
+        browser: str = "chrome",
+        profile: str = "Default"
+    ) -> None:
+        """
+        Save current browser session for a domain.
+        
+        Extracts cookies from the specified browser profile and saves them
+        encrypted for later use in testing automation.
+        
+        Args:
+            domain: The domain to snapshot (e.g., "github.com")
+            browser: Browser name (currently supports "chrome")
+            profile: Browser profile name (default: "Default")
+        
+        Raises:
+            ValueError: If browser is not supported
+            FileNotFoundError: If browser profile not found
+        """
+        if browser.lower() != "chrome":
+            raise ValueError(f"Unsupported browser: {browser}. Only 'chrome' is supported.")
+        
+        # Extract cookies from browser
+        cookies = get_chrome_cookies(domain, profile)
+        
+        if not cookies:
+            raise ValueError(f"No cookies found for domain: {domain}")
+        
+        # Prepare session data
+        session_data = {
+            "domain": domain,
+            "browser": browser,
+            "profile": profile,
+            "cookies": cookies
+        }
+        
+        # Encrypt and save
+        encrypted = self._encrypt_data(session_data)
+        session_file = self.sessions_dir / f"{domain}.json.enc"
+        
+        with open(session_file, 'wb') as f:
+            f.write(encrypted)
+    
+    def restore(self, domain: str) -> Dict[str, str]:
+        """
+        Restore saved session cookies for a domain.
+        
+        Returns a dictionary of cookies ready for use with requests or playwright
+        in testing automation scenarios.
+        
+        Args:
+            domain: The domain to restore cookies for
+        
+        Returns:
+            Dictionary of cookie name-value pairs
+        
+        Raises:
+            FileNotFoundError: If no saved session exists for the domain
+        """
+        session_file = self.sessions_dir / f"{domain}.json.enc"
+        
+        if not session_file.exists():
+            raise FileNotFoundError(f"No saved session found for domain: {domain}")
+        
+        # Read and decrypt
+        with open(session_file, 'rb') as f:
+            encrypted = f.read()
+        
+        session_data = self._decrypt_data(encrypted)
+        return session_data.get("cookies", {})
+    
+    def list_sessions(self) -> List[str]:
+        """
+        List all saved session domains.
+        
+        Returns:
+            List of domain names that have saved sessions
+        """
+        sessions = []
+        for file in self.sessions_dir.glob("*.json.enc"):
+            # Extract domain from filename (domain.json.enc)
+            domain = file.stem.replace(".json", "")
+            sessions.append(domain)
+        return sorted(sessions)
+    
+    def delete(self, domain: str) -> None:
+        """
+        Delete a saved session.
+        
+        Args:
+            domain: The domain to delete the session for
+        
+        Raises:
+            FileNotFoundError: If no saved session exists for the domain
+        """
+        session_file = self.sessions_dir / f"{domain}.json.enc"
+        
+        if not session_file.exists():
+            raise FileNotFoundError(f"No saved session found for domain: {domain}")
+        
+        session_file.unlink()

vallignus/logger.py

@@ -0,0 +1,86 @@
+"""Flight recorder - logs all requests to JSON"""
+
+import json
+from datetime import datetime
+from pathlib import Path
+from typing import Optional
+
+
+class FlightLogger:
+    """Logs all HTTP requests to a JSON file"""
+    
+    def __init__(
+        self,
+        log_file: str = "flight_log.json",
+        agent_id: Optional[str] = None,
+        owner: Optional[str] = None,
+        policy_id: Optional[str] = None,
+        policy_version: Optional[int] = None,
+        jti: Optional[str] = None
+    ):
+        self.log_file = Path(log_file)
+        self.entries = []
+        self.agent_id = agent_id
+        self.owner = owner
+        self.policy_id = policy_id
+        self.policy_version = policy_version
+        self.jti = jti
+        
+        if self.log_file.exists():
+            try:
+                with open(self.log_file, 'r') as f:
+                    self.entries = json.load(f)
+            except (json.JSONDecodeError, IOError):
+                self.entries = []
+    
+    def log_request(
+        self,
+        method: str,
+        url: str,
+        status: int = None,
+        blocked: bool = False,
+        allowed: bool = True,
+        estimated_cost: float = 0.0,
+        deny_reason: Optional[str] = None,
+        **kwargs
+    ):
+        entry = {
+            "timestamp": datetime.utcnow().isoformat(),
+            "method": method,
+            "url": url,
+            "status": status,
+            "blocked": blocked,
+            "allowed": allowed,
+            "estimated_cost": estimated_cost,
+            "decision": "deny" if blocked else "allow",
+        }
+        
+        if self.agent_id:
+            entry["agent_id"] = self.agent_id
+        if self.owner:
+            entry["owner"] = self.owner
+        if self.policy_id:
+            entry["policy_id"] = self.policy_id
+        if self.policy_version is not None:
+            entry["policy_version"] = self.policy_version
+        if self.jti:
+            entry["jti"] = self.jti
+        
+        if blocked and deny_reason:
+            entry["deny_reason"] = deny_reason
+        elif blocked:
+            entry["deny_reason"] = "domain_not_allowed"
+        
+        entry.update(kwargs)
+        self.entries.append(entry)
+        self._save()
+    
+    def _save(self):
+        try:
+            with open(self.log_file, 'w') as f:
+                json.dump(self.entries, f, indent=2)
+        except IOError:
+            pass
+    
+    def get_total_cost(self) -> float:
+        return sum(entry.get("estimated_cost", 0.0) for entry in self.entries)

vallignus/proxy.py

@@ -0,0 +1,122 @@
+"""mitmproxy-based HTTP interceptor"""
+
+import threading
+import time
+from typing import Optional, Set
+from mitmproxy import http, options
+from mitmproxy.tools.dump import DumpMaster
+
+from vallignus.rules import RulesEngine
+from vallignus.logger import FlightLogger
+
+
+class VallignusProxy:
+    """HTTP/HTTPS proxy that intercepts and filters requests"""
+    
+    def __init__(
+        self,
+        allowed_domains: Set[str],
+        budget: Optional[float] = None,
+        logger: Optional[FlightLogger] = None,
+        rules: Optional[RulesEngine] = None
+    ):
+        self.allowed_domains = allowed_domains
+        self.budget = budget
+        self.logger = logger or FlightLogger()
+        self.rules = rules or RulesEngine(allowed_domains, budget)
+        self.master: Optional[DumpMaster] = None
+        self.proxy_thread: Optional[threading.Thread] = None
+        self.is_running = False
+        self.blocked_count = 0
+        self.allowed_count = 0
+        self._should_terminate = False
+    
+    def request(self, flow: http.HTTPFlow) -> None:
+        """Intercept outgoing HTTP requests"""
+        url = flow.request.pretty_url
+        method = flow.request.method
+        
+        # Check if domain is allowed (don't update spending here)
+        is_allowed = self.rules.is_allowed(url)
+        
+        if not is_allowed:
+            self.blocked_count += 1
+            flow.response = http.Response.make(
+                403,
+                b"[boundary] Execution blocked by Vallignus: domain not permitted by policy",
+                {"Content-Type": "text/plain"}
+            )
+            # Log blocked request immediately
+            self.logger.log_request(
+                method=method,
+                url=url,
+                status=403,
+                blocked=True,
+                allowed=False,
+                estimated_cost=0.0
+            )
+        else:
+            self.allowed_count += 1
+            # Don't log yet - wait for response to get final status and cost
+    
+    def response(self, flow: http.HTTPFlow) -> None:
+        """Intercept HTTP responses"""
+        if flow.response:
+            url = flow.request.pretty_url
+            method = flow.request.method
+            status = flow.response.status_code
+            
+            # Only process if request wasn't blocked (blocked requests don't reach here)
+            is_allowed = self.rules.is_allowed(url)
+            if is_allowed:
+                # Check request and update spending (this adds to total_spend)
+                should_block, is_allowed_domain, estimated_cost = self.rules.check_request(
+                    method, url, status
+                )
+                
+                # Log the allowed request with final status and cost
+                self.logger.log_request(
+                    method=method,
+                    url=url,
+                    status=status,
+                    blocked=False,
+                    allowed=True,
+                    estimated_cost=estimated_cost
+                )
+                
+                # Check budget after response
+                if self.rules.is_budget_exceeded() and not self._should_terminate:
+                    self._should_terminate = True
+    
+    def start(self, port: int = 8080) -> int:
+        """Start the proxy server"""
+        self.is_running = True
+        self._port = port
+        
+        def run_proxy():
+            import asyncio
+            
+            async def run_master():
+                opts = options.Options(listen_port=port)
+                self.master = DumpMaster(opts)
+                self.master.addons.add(self)
+                await self.master.run()
+            
+            loop = asyncio.new_event_loop()
+            asyncio.set_event_loop(loop)
+            try:
+                loop.run_until_complete(run_master())
+            except Exception:
+                pass
+        
+        self.proxy_thread = threading.Thread(target=run_proxy, daemon=True)
+        self.proxy_thread.start()
+        
+        time.sleep(1.0)
+        return port
+    
+    def stop(self):
+        """Stop the proxy server"""
+        self.is_running = False
+        if self.master:
+            self.master.shutdown()

vallignus/rules.py

@@ -0,0 +1,90 @@
+"""Domain allowlist, budget tracking, and request blocking logic"""
+
+from typing import Set, Optional, Tuple
+from urllib.parse import urlparse
+
+
+class RulesEngine:
+    """Manages domain allowlist, budget tracking, and request blocking"""
+    
+    def __init__(self, allowed_domains: Set[str], budget: float = None):
+        self.allowed_domains = allowed_domains
+        self.budget = budget
+        self.total_spend = 0.0
+        self.request_count = 0
+    
+    def is_allowed(self, url: str) -> bool:
+        """Check if a URL's domain is in the allowlist"""
+        try:
+            parsed = urlparse(url)
+            domain = parsed.netloc.lower()
+            
+            # Remove port if present
+            if ':' in domain:
+                domain = domain.split(':')[0]
+            
+            # Check exact match or subdomain
+            if domain in self.allowed_domains:
+                return True
+            
+            # Check if it's a subdomain of an allowed domain
+            for allowed in self.allowed_domains:
+                if domain.endswith('.' + allowed):
+                    return True
+            
+            return False
+        except Exception:
+            return False
+    
+    def estimate_request_cost(self, method: str, url: str, status: int = None) -> float:
+        """Estimate the cost of an API request"""
+        # Simple heuristic: count requests to api.openai.com
+        # Rough estimate: $0.002 per request (very conservative)
+        try:
+            parsed = urlparse(url)
+            domain = parsed.netloc.lower()
+            
+            if 'api.openai.com' in domain or 'openai.azure.com' in domain:
+                # Very rough estimate: $0.002 per request
+                # In reality, cost depends on tokens, model, etc.
+                return 0.002
+            
+            return 0.0
+        except Exception:
+            return 0.0
+    
+    def check_request(
+        self,
+        method: str,
+        url: str,
+        status: int = None
+    ) -> Tuple[bool, bool, float]:
+        """
+        Check if a request should be allowed.
+        Returns: (should_block, is_allowed, estimated_cost)
+        """
+        is_allowed_domain = self.is_allowed(url)
+        estimated_cost = self.estimate_request_cost(method, url, status)
+        
+        # Block if domain not in allowlist
+        should_block = not is_allowed_domain
+        
+        # Update spending if request is allowed and completed
+        if is_allowed_domain and status and status < 500:
+            self.total_spend += estimated_cost
+            self.request_count += 1
+        
+        return should_block, is_allowed_domain, estimated_cost
+    
+    def is_budget_exceeded(self) -> bool:
+        """Check if budget has been exceeded"""
+        if self.budget is None:
+            return False
+        return self.total_spend >= self.budget
+    
+    def get_budget_status(self) -> Tuple[float, float, float]:
+        """Get (spend, budget, remaining)"""
+        remaining = None
+        if self.budget is not None:
+            remaining = max(0.0, self.budget - self.total_spend)
+        return self.total_spend, self.budget, remaining