xenfra 0.2.3__py3-none-any.whl → 0.2.5__py3-none-any.whl

xenfra/commands/auth.py

@@ -13,6 +13,12 @@ import click
 import httpx
 import keyring
 from rich.console import Console
+from tenacity import (
+    retry,
+    stop_after_attempt,
+    wait_exponential,
+    retry_if_exception_type,
+)
 
 from ..utils.auth import (
     API_BASE_URL,
@@ -28,11 +34,49 @@ from ..utils.auth import (
 
 console = Console()
 
+# HTTP request timeout (30 seconds)
+HTTP_TIMEOUT = 30.0
+
+
+@retry(
+    stop=stop_after_attempt(3),
+    wait=wait_exponential(multiplier=1, min=2, max=10),
+    retry=retry_if_exception_type((httpx.TimeoutException, httpx.NetworkError)),
+    reraise=True,
+)
+def _exchange_code_for_tokens_with_retry(
+    code: str, code_verifier: str, redirect_uri: str
+) -> dict:
+    """
+    Exchange authorization code for tokens with retry logic.
+
+    Returns token data dictionary.
+    """
+    with httpx.Client(timeout=HTTP_TIMEOUT) as client:
+        response = client.post(
+            f"{API_BASE_URL}/auth/token",
+            data={
+                "grant_type": "authorization_code",
+                "client_id": CLI_CLIENT_ID,
+                "code": code,
+                "code_verifier": code_verifier,
+                "redirect_uri": redirect_uri,
+            },
+            headers={"Accept": "application/json"},
+        )
+        response.raise_for_status()
+
+        # Safe JSON parsing with content-type check
+        content_type = response.headers.get("content-type", "")
+        if "application/json" not in content_type:
+            raise ValueError(f"Expected JSON response, got {content_type}")
+
+        try:
+            token_data = response.json()
+        except (ValueError, TypeError) as e:
+            raise ValueError(f"Failed to parse JSON response: {e}")
 
-@click.group()
-def auth():
-    """Authentication commands."""
-    pass
+        return token_data
 
 
 @auth.command()
@@ -55,101 +99,160 @@ def login():
     # 3. Start local HTTP server
     server_port = None
     httpd_instance = None
-    for port in range(CLI_LOCAL_SERVER_START_PORT, CLI_LOCAL_SERVER_END_PORT + 1):
-        try:
-            server_address = ("127.0.0.1", port)
-            httpd_instance = HTTPServer(server_address, AuthCallbackHandler)
-            server_port = port
-            break
-        except OSError:
-            continue
-
-    if not server_port:
+    try:
+        for port in range(CLI_LOCAL_SERVER_START_PORT, CLI_LOCAL_SERVER_END_PORT + 1):
+            try:
+                server_address = ("127.0.0.1", port)
+                httpd_instance = HTTPServer(server_address, AuthCallbackHandler)
+                server_port = port
+                break
+            except OSError:
+                continue
+            except Exception as e:
+                console.print(f"[yellow]Warning: Failed to bind to port {port}: {e}[/yellow]")
+                continue
+
+        if not server_port:
+            console.print(
+                f"[bold red]Error: No available ports in range {CLI_LOCAL_SERVER_START_PORT}-{CLI_LOCAL_SERVER_END_PORT}[/bold red]"
+            )
+            return
+
+        redirect_uri = f"http://localhost:{server_port}{CLI_REDIRECT_PATH}"
+
+        # 4. Construct Authorization URL
+        auth_url = (
+            f"{API_BASE_URL}/auth/authorize?"
+            f"client_id={CLI_CLIENT_ID}&"
+            f"redirect_uri={urllib.parse.quote(redirect_uri)}&"
+            f"response_type=code&"
+            f"scope={urllib.parse.quote('openid profile')}&"
+            f"state={state}&"
+            f"code_challenge={code_challenge}&"
+            f"code_challenge_method=S256"
+        )
+
+        console.print("[bold blue]Opening browser for login...[/bold blue]")
         console.print(
-            f"[bold red]Error: No available ports in range {CLI_LOCAL_SERVER_START_PORT}-{CLI_LOCAL_SERVER_END_PORT}[/bold red]"
+            f"[dim]If browser doesn't open, navigate to:[/dim]\n[link={auth_url}]{auth_url}[/link]"
         )
-        return
 
-    redirect_uri = f"http://localhost:{server_port}{CLI_REDIRECT_PATH}"
-
-    # 4. Construct Authorization URL
-    auth_url = (
-        f"{API_BASE_URL}/auth/authorize?"
-        f"client_id={CLI_CLIENT_ID}&"
-        f"redirect_uri={urllib.parse.quote(redirect_uri)}&"
-        f"response_type=code&"
-        f"scope={urllib.parse.quote('openid profile')}&"
-        f"state={state}&"
-        f"code_challenge={code_challenge}&"
-        f"code_challenge_method=S256"
-    )
+        # Try to open browser, handle errors gracefully
+        try:
+            webbrowser.open(auth_url)
+        except Exception as e:
+            console.print(
+                f"[yellow]Warning: Could not open browser automatically: {e}[/yellow]"
+            )
+            console.print(f"[dim]Please open the URL manually: {auth_url}[/dim]")
 
-    console.print("[bold blue]Opening browser for login...[/bold blue]")
-    console.print(
-        f"[dim]If browser doesn't open, navigate to:[/dim]\n[link={auth_url}]{auth_url}[/link]"
-    )
-    webbrowser.open(auth_url)
+        # 5. Run local server to capture redirect
+        try:
+            AuthCallbackHandler.server = httpd_instance  # type: ignore
+            httpd_instance.handle_request()  # type: ignore
+            console.print("[dim]Local OAuth server shut down.[/dim]")
+        except Exception as e:
+            console.print(f"[bold red]Error running OAuth server: {e}[/bold red]")
+            return
+        finally:
+            # Ensure server is closed
+            if httpd_instance:
+                try:
+                    httpd_instance.server_close()
+                except Exception:
+                    pass
 
-    # 5. Run local server to capture redirect
-    try:
-        AuthCallbackHandler.server = httpd_instance  # type: ignore
-        httpd_instance.handle_request()  # type: ignore
-        console.print("[dim]Local OAuth server shut down.[/dim]")
-    except Exception as e:
-        console.print(f"[bold red]Error running OAuth server: {e}[/bold red]")
-        if httpd_instance:
-            httpd_instance.server_close()
-        return
+        if oauth_data["error"]:
+            console.print(f"[bold red]Login failed: {oauth_data['error']}[/bold red]")
+            return
 
-    if oauth_data["error"]:
-        console.print(f"[bold red]Login failed: {oauth_data['error']}[/bold red]")
-        return
+        if not oauth_data["code"]:
+            console.print("[bold red]Login failed: No authorization code received.[/bold red]")
+            return
 
-    if not oauth_data["code"]:
-        console.print("[bold red]Login failed: No authorization code received.[/bold red]")
-        return
+        # 6. Verify state (CSRF protection)
+        if not oauth_data.get("state"):
+            console.print(
+                "[bold red]Login failed: State parameter missing in callback (possible CSRF attack)[/bold red]"
+            )
+            return
 
-    # 6. Verify state
-    if oauth_data["state"] != state:
-        console.print("[bold red]Login failed: State mismatch (possible CSRF attack)[/bold red]")
-        return
+        if oauth_data["state"] != state:
+            console.print(
+                "[bold red]Login failed: State mismatch (possible CSRF attack)[/bold red]"
+            )
+            return
 
-    # 7. Exchange code for tokens
-    console.print("[bold cyan]Exchanging authorization code for tokens...[/bold cyan]")
-    try:
-        with httpx.Client() as client:
-            response = client.post(
-                f"{API_BASE_URL}/auth/token",
-                data={
-                    "grant_type": "authorization_code",
-                    "client_id": CLI_CLIENT_ID,
-                    "code": oauth_data["code"],
-                    "code_verifier": code_verifier,
-                    "redirect_uri": redirect_uri,
-                },
+        # 7. Exchange code for tokens with retry logic
+        console.print("[bold cyan]Exchanging authorization code for tokens...[/bold cyan]")
+        try:
+            token_data = _exchange_code_for_tokens_with_retry(
+                oauth_data["code"], code_verifier, redirect_uri
             )
-            response.raise_for_status()
-            token_data = response.json()
+
             access_token = token_data.get("access_token")
             refresh_token = token_data.get("refresh_token")
 
             if access_token and refresh_token:
-                keyring.set_password(SERVICE_ID, "access_token", access_token)
-                keyring.set_password(SERVICE_ID, "refresh_token", refresh_token)
-                console.print("[bold green]Login successful! Tokens saved securely.[/bold green]")
+                try:
+                    keyring.set_password(SERVICE_ID, "access_token", access_token)
+                    keyring.set_password(SERVICE_ID, "refresh_token", refresh_token)
+                    console.print("[bold green]Login successful! Tokens saved securely.[/bold green]")
+                except keyring.errors.KeyringError as e:
+                    console.print(
+                        f"[bold red]Failed to save tokens to keyring: {e}[/bold red]"
+                    )
+                    console.print("[yellow]Tokens were received but not saved.[/yellow]")
             else:
                 console.print("[bold red]Login failed: No tokens received.[/bold red]")
-    except httpx.RequestError as exc:
-        console.print(f"[bold red]Token exchange failed: {exc}[/bold red]")
-    except httpx.HTTPStatusError as exc:
-        console.print(f"[bold red]Token exchange failed: {exc.response.status_code}[/bold red]")
+
+        except httpx.TimeoutException:
+            console.print(
+                "[bold red]Token exchange failed: Request timed out. Please try again.[/bold red]"
+            )
+        except httpx.NetworkError as e:
+            console.print(
+                f"[bold red]Token exchange failed: Network error - {type(e).__name__}[/bold red]"
+            )
+        except httpx.HTTPStatusError as exc:
+            error_detail = "Unknown error"
+            try:
+                if exc.response.content:
+                    content_type = exc.response.headers.get("content-type", "")
+                    if "application/json" in content_type:
+                        error_data = exc.response.json()
+                        error_detail = error_data.get("detail", str(error_data))
+            except Exception:
+                error_detail = exc.response.text[:200] if exc.response.text else "Unknown error"
+
+            console.print(
+                f"[bold red]Token exchange failed: {exc.response.status_code} - {error_detail}[/bold red]"
+            )
+        except ValueError as e:
+            console.print(f"[bold red]Token exchange failed: {e}[/bold red]")
+        except Exception as e:
+            console.print(
+                f"[bold red]Token exchange failed: Unexpected error - {type(e).__name__}[/bold red]"
+            )
+
+    except Exception as e:
+        console.print(f"[bold red]Login failed: {type(e).__name__} - {e}[/bold red]")
+        if httpd_instance:
+            try:
+                httpd_instance.server_close()
+            except Exception:
+                pass
 
 
 @auth.command()
 def logout():
     """Logout and clear stored tokens."""
-    clear_tokens()
-    console.print("[bold green]Logged out successfully.[/bold green]")
+    try:
+        clear_tokens()
+        console.print("[bold green]Logged out successfully.[/bold green]")
+    except Exception as e:
+        console.print(f"[yellow]Warning: Error during logout: {e}[/yellow]")
+        console.print("[dim]Tokens may still be stored in keyring.[/dim]")
 
 
 @auth.command()

xenfra/commands/deployments.py

@@ -15,6 +15,13 @@ from xenfra_sdk.privacy import scrub_logs
 from ..utils.auth import API_BASE_URL, get_auth_token
 from ..utils.codebase import has_xenfra_config
 from ..utils.config import apply_patch
+from ..utils.validation import (
+    validate_branch_name,
+    validate_deployment_id,
+    validate_framework,
+    validate_git_repo_url,
+    validate_project_name,
+)
 
 console = Console()
 
@@ -147,8 +154,18 @@ def deploy(project_name, git_repo, branch, framework, no_heal):
     if not project_name:
         project_name = os.path.basename(os.getcwd())
 
-    # Determine deployment source
+    # Validate project name
+    is_valid, error_msg = validate_project_name(project_name)
+    if not is_valid:
+        console.print(f"[bold red]Invalid project name: {error_msg}[/bold red]")
+        raise click.Abort()
+
+    # Validate git repo if provided
     if git_repo:
+        is_valid, error_msg = validate_git_repo_url(git_repo)
+        if not is_valid:
+            console.print(f"[bold red]Invalid git repository URL: {error_msg}[/bold red]")
+            raise click.Abort()
         console.print(f"[cyan]Deploying {project_name} from git repository...[/cyan]")
     else:
         console.print(f"[cyan]Deploying {project_name} from local directory...[/cyan]")
@@ -158,6 +175,19 @@ def deploy(project_name, git_repo, branch, framework, no_heal):
         console.print("[dim]Please use --git-repo for now.[/dim]")
         return
 
+    # Validate branch name
+    is_valid, error_msg = validate_branch_name(branch)
+    if not is_valid:
+        console.print(f"[bold red]Invalid branch name: {error_msg}[/bold red]")
+        raise click.Abort()
+
+    # Validate framework if provided
+    if framework:
+        is_valid, error_msg = validate_framework(framework)
+        if not is_valid:
+            console.print(f"[bold red]Invalid framework: {error_msg}[/bold red]")
+            raise click.Abort()
+
     # Retry loop for auto-healing
     attempt = 0
     deployment_id = None
@@ -288,6 +318,11 @@ def deploy(project_name, git_repo, branch, framework, no_heal):
 @click.option("--follow", "-f", is_flag=True, help="Follow log output (stream)")
 @click.option("--tail", type=int, help="Show last N lines")
 def logs(deployment_id, follow, tail):
+    # Validate deployment ID
+    is_valid, error_msg = validate_deployment_id(deployment_id)
+    if not is_valid:
+        console.print(f"[bold red]Invalid deployment ID: {error_msg}[/bold red]")
+        raise click.Abort()
     """
     Stream deployment logs.
 
@@ -357,6 +392,12 @@ def status(deployment_id, watch):
             console.print("[dim]Usage: xenfra status <deployment-id>[/dim]")
             return
 
+        # Validate deployment ID
+        is_valid, error_msg = validate_deployment_id(deployment_id)
+        if not is_valid:
+            console.print(f"[bold red]Invalid deployment ID: {error_msg}[/bold red]")
+            raise click.Abort()
+
         with get_client() as client:
             console.print(f"[cyan]Fetching status for deployment {deployment_id}...[/cyan]")
 

xenfra/commands/intelligence.py

@@ -2,6 +2,7 @@
 AI-powered intelligence commands for Xenfra CLI.
 Includes smart initialization, deployment diagnosis, and codebase analysis.
 """
+
 import os
 
 import click
@@ -15,7 +16,13 @@ from xenfra_sdk.privacy import scrub_logs
 
 from ..utils.auth import API_BASE_URL, get_auth_token
 from ..utils.codebase import has_xenfra_config, scan_codebase
-from ..utils.config import apply_patch, generate_xenfra_yaml, manual_prompt_for_config, read_xenfra_yaml
+from ..utils.config import (
+    apply_patch,
+    generate_xenfra_yaml,
+    manual_prompt_for_config,
+    read_xenfra_yaml,
+)
+from ..utils.validation import validate_deployment_id
 
 console = Console()
 
@@ -31,8 +38,8 @@ def get_client() -> XenfraClient:
 
 
 @click.command()
-@click.option('--manual', is_flag=True, help='Skip AI detection, use interactive mode')
-@click.option('--accept-all', is_flag=True, help='Accept AI suggestions without confirmation')
+@click.option("--manual", is_flag=True, help="Skip AI detection, use interactive mode")
+@click.option("--accept-all", is_flag=True, help="Accept AI suggestions without confirmation")
 def init(manual, accept_all):
     """
     Initialize Xenfra configuration (AI-powered by default).
@@ -51,7 +58,7 @@ def init(manual, accept_all):
             return
 
     # Check for XENFRA_NO_AI environment variable
-    no_ai = os.environ.get('XENFRA_NO_AI', '0') == '1'
+    no_ai = os.environ.get("XENFRA_NO_AI", "0") == "1"
     if no_ai and not manual:
         console.print("[yellow]XENFRA_NO_AI is set. Using manual mode.[/yellow]")
         manual = True
@@ -60,9 +67,9 @@ def init(manual, accept_all):
     if manual:
         console.print("[cyan]Manual configuration mode[/cyan]\n")
         try:
-            filename = manual_prompt_for_config()
-            console.print(f"\n[bold green]✓ xenfra.yaml created successfully![/bold green]")
-            console.print(f"[dim]Run 'xenfra deploy' to deploy your project.[/dim]")
+            manual_prompt_for_config()
+            console.print("\n[bold green]✓ xenfra.yaml created successfully![/bold green]")
+            console.print("[dim]Run 'xenfra deploy' to deploy your project.[/dim]")
         except KeyboardInterrupt:
             console.print("\n[dim]Cancelled.[/dim]")
         except Exception as e:
@@ -107,7 +114,7 @@ def init(manual, accept_all):
             choice = Prompt.ask(
                 "\nWhich package manager do you want to use?",
                 choices=[str(i) for i in range(1, len(analysis.detected_package_managers) + 1)],
-                default="1"
+                default="1",
             )
 
             # Update selection based on user choice
@@ -115,7 +122,9 @@ def init(manual, accept_all):
             selected_package_manager = selected_option.manager
             selected_dependency_file = selected_option.file
 
-            console.print(f"\n[green]Using {selected_package_manager} ({selected_dependency_file})[/green]\n")
+            console.print(
+                f"\n[green]Using {selected_package_manager} ({selected_dependency_file})[/green]\n"
+            )
 
         table = Table(show_header=False, box=None)
         table.add_column("Property", style="cyan")
@@ -146,9 +155,9 @@ def init(manual, accept_all):
             confirmed = Confirm.ask("\nCreate xenfra.yaml with this configuration?", default=True)
 
         if confirmed:
-            filename = generate_xenfra_yaml(analysis)
-            console.print(f"[bold green]xenfra.yaml created successfully![/bold green]")
-            console.print(f"[dim]Run 'xenfra deploy' to deploy your project.[/dim]")
+            generate_xenfra_yaml(analysis)
+            console.print("[bold green]xenfra.yaml created successfully![/bold green]")
+            console.print("[dim]Run 'xenfra deploy' to deploy your project.[/dim]")
         else:
             console.print("[yellow]Configuration cancelled.[/yellow]")
 
@@ -163,9 +172,9 @@ def init(manual, accept_all):
 
 
 @click.command()
-@click.argument('deployment-id', required=False)
-@click.option('--apply', is_flag=True, help='Auto-apply suggested patch (with confirmation)')
-@click.option('--logs', type=click.File('r'), help='Diagnose from log file instead of deployment')
+@click.argument("deployment-id", required=False)
+@click.option("--apply", is_flag=True, help="Auto-apply suggested patch (with confirmation)")
+@click.option("--logs", type=click.File("r"), help="Diagnose from log file instead of deployment")
 def diagnose(deployment_id, apply, logs):
     """
     Diagnose deployment failures using AI.
@@ -179,8 +188,14 @@ def diagnose(deployment_id, apply, logs):
             # Get logs
             if logs:
                 log_content = logs.read()
-                console.print(f"[cyan]Analyzing logs from file...[/cyan]")
+                console.print("[cyan]Analyzing logs from file...[/cyan]")
             elif deployment_id:
+                # Validate deployment ID
+                is_valid, error_msg = validate_deployment_id(deployment_id)
+                if not is_valid:
+                    console.print(f"[bold red]Invalid deployment ID: {error_msg}[/bold red]")
+                    return
+
                 console.print(f"[cyan]Fetching logs for deployment {deployment_id}...[/cyan]")
                 log_content = client.deployments.get_logs(deployment_id)
 
@@ -188,8 +203,12 @@ def diagnose(deployment_id, apply, logs):
                     console.print("[yellow]No logs found for this deployment.[/yellow]")
                     return
             else:
-                console.print("[bold red]Please specify a deployment ID or use --logs <file>[/bold red]")
-                console.print("[dim]Usage: xenfra diagnose <deployment-id> or xenfra diagnose --logs error.log[/dim]")
+                console.print(
+                    "[bold red]Please specify a deployment ID or use --logs <file>[/bold red]"
+                )
+                console.print(
+                    "[dim]Usage: xenfra diagnose <deployment-id> or xenfra diagnose --logs error.log[/dim]"
+                )
                 return
 
             # Scrub sensitive data
@@ -200,27 +219,37 @@ def diagnose(deployment_id, apply, logs):
             dependency_file = None
             try:
                 config = read_xenfra_yaml()
-                package_manager = config.get('package_manager')
-                dependency_file = config.get('dependency_file')
+                package_manager = config.get("package_manager")
+                dependency_file = config.get("dependency_file")
 
                 if package_manager and dependency_file:
-                    console.print(f"[dim]Using context: {package_manager} ({dependency_file})[/dim]")
+                    console.print(
+                        f"[dim]Using context: {package_manager} ({dependency_file})[/dim]"
+                    )
             except FileNotFoundError:
                 # No config file - diagnosis will infer from logs
-                console.print("[dim]No xenfra.yaml found - inferring package manager from logs[/dim]")
+                console.print(
+                    "[dim]No xenfra.yaml found - inferring package manager from logs[/dim]"
+                )
 
             # Diagnose with context
             console.print("[cyan]Analyzing failure...[/cyan]")
             result = client.intelligence.diagnose(
-                logs=scrubbed_logs,
-                package_manager=package_manager,
-                dependency_file=dependency_file
+                logs=scrubbed_logs, package_manager=package_manager, dependency_file=dependency_file
             )
 
         # Display diagnosis
         console.print("\n")
-        console.print(Panel(result.diagnosis, title="[bold red]Diagnosis[/bold red]", border_style="red"))
-        console.print(Panel(result.suggestion, title="[bold yellow]Suggestion[/bold yellow]", border_style="yellow"))
+        console.print(
+            Panel(result.diagnosis, title="[bold red]Diagnosis[/bold red]", border_style="red")
+        )
+        console.print(
+            Panel(
+                result.suggestion,
+                title="[bold yellow]Suggestion[/bold yellow]",
+                border_style="yellow",
+            )
+        )
 
         # Handle patch
         if result.patch and result.patch.file:
@@ -300,7 +329,9 @@ def analyze():
         if analysis.notes:
             console.print(f"\n[dim]Notes: {analysis.notes}[/dim]")
 
-        console.print(f"\n[dim]Run 'xenfra init' to create xenfra.yaml with this configuration.[/dim]")
+        console.print(
+            "\n[dim]Run 'xenfra init' to create xenfra.yaml with this configuration.[/dim]"
+        )
 
     except XenfraAPIError as e:
         console.print(f"[bold red]API Error: {e.detail}[/bold red]")