xenfra 0.3.1__py3-none-any.whl

xenfra/commands/security_cmd.py

@@ -0,0 +1,233 @@
+"""
+Security configuration commands for Xenfra CLI.
+"""
+
+import os
+
+import click
+from rich.console import Console
+from rich.panel import Panel
+from rich.table import Table
+
+from ..utils.security import ALLOWED_DOMAINS, security_config, validate_and_get_api_url
+
+console = Console()
+
+
+@click.group(hidden=True)
+def security():
+    """Security and configuration management (for debugging/advanced users)."""
+    pass
+
+
+@security.command()
+def check():
+    """Display current security configuration."""
+    # Get current API URL
+    try:
+        api_url = validate_and_get_api_url()
+    except click.Abort:
+        api_url = os.getenv("XENFRA_API_URL", "Not set")
+
+    # Display configuration
+    console.print("\n[bold cyan]🔒 Xenfra CLI Security Configuration[/bold cyan]\n")
+
+    # API URL
+    console.print(f"[bold]API URL:[/bold] {api_url}")
+
+    # Environment
+    env_color = "green" if security_config.is_production() else "yellow"
+    console.print(
+        f"[bold]Environment:[/bold] [{env_color}]{security_config.environment}[/{env_color}]"
+    )
+
+    console.print()
+
+    # Security features table
+    table = Table(title="Security Features", show_header=True)
+    table.add_column("Feature", style="cyan")
+    table.add_column("Status", style="white")
+    table.add_column("Description", style="dim")
+
+    features = [
+        (
+            "HTTPS Enforcement",
+            "✅ Enabled" if security_config.enforce_https else "⚠️  Disabled",
+            "Blocks HTTP connections (except localhost)",
+        ),
+        (
+            "Domain Whitelist",
+            "✅ Enforced" if security_config.enforce_whitelist else "⚠️  Warning Only",
+            "Restricts connections to approved domains",
+        ),
+        (
+            "HTTP Warning",
+            "✅ Enabled" if security_config.warn_on_http else "❌ Disabled",
+            "Warns when using insecure HTTP",
+        ),
+        (
+            "Certificate Pinning",
+            "✅ Enabled" if security_config.enable_cert_pinning else "❌ Disabled",
+            "Validates SSL certificate fingerprints",
+        ),
+    ]
+
+    for feature, status, description in features:
+        table.add_row(feature, status, description)
+
+    console.print(table)
+    console.print()
+
+    # Whitelisted domains
+    console.print("[bold]Whitelisted Domains:[/bold]")
+    for domain in ALLOWED_DOMAINS:
+        console.print(f"  • {domain}")
+
+    console.print()
+
+    # Environment variables
+    console.print("[bold]Configuration via Environment Variables:[/bold]")
+    env_vars = [
+        ("XENFRA_ENV", os.getenv("XENFRA_ENV", "development")),
+        ("XENFRA_API_URL", os.getenv("XENFRA_API_URL", "http://localhost:8000")),
+        ("XENFRA_ENFORCE_HTTPS", os.getenv("XENFRA_ENFORCE_HTTPS", "auto")),
+        ("XENFRA_ENFORCE_WHITELIST", os.getenv("XENFRA_ENFORCE_WHITELIST", "auto")),
+        ("XENFRA_ENABLE_CERT_PINNING", os.getenv("XENFRA_ENABLE_CERT_PINNING", "auto")),
+        ("XENFRA_WARN_ON_HTTP", os.getenv("XENFRA_WARN_ON_HTTP", "true")),
+    ]
+
+    for var, value in env_vars:
+        console.print(f"  {var}=[cyan]{value}[/cyan]")
+
+    console.print()
+
+    # Security recommendations
+    if not security_config.is_production():
+        console.print(
+            Panel(
+                "[yellow]⚠️  Development Mode Active[/yellow]\n\n"
+                "For production use:\n"
+                "1. Set XENFRA_ENV=production\n"
+                "2. Use HTTPS API URL\n"
+                "3. All security features will auto-enable",
+                title="Recommendation",
+                border_style="yellow",
+            )
+        )
+    else:
+        console.print(
+            Panel(
+                "[green]✅ Production Security Enabled[/green]\n\n"
+                "All security features are active.\n"
+                "Your credentials and data are protected.",
+                title="Status",
+                border_style="green",
+            )
+        )
+
+
+@security.command()
+@click.argument("url")
+def validate(url):
+    """Validate an API URL against security policies."""
+    console.print(f"\n[cyan]Validating URL:[/cyan] {url}\n")
+
+    try:
+        validated_url = validate_and_get_api_url(url)
+        console.print("[bold green]✅ URL is valid and passed all security checks![/bold green]")
+        console.print(f"[dim]Validated URL: {validated_url}[/dim]")
+    except click.Abort:
+        console.print("[bold red]❌ URL failed security validation[/bold red]")
+    except Exception as e:
+        console.print(f"[bold red]❌ Validation error: {e}[/bold red]")
+
+
+@security.command()
+def docs():
+    """Show security documentation."""
+    docs_text = """
+[bold cyan]Xenfra CLI Security Guide[/bold cyan]
+
+[bold]Environment Detection:[/bold]
+The CLI automatically adjusts security based on the environment:
+
+• [green]production[/green]: All security features enforced
+• [yellow]staging[/yellow]: HTTPS required, whitelist warnings
+• [blue]development[/blue]: Permissive (localhost allowed)
+
+[bold]Security Features:[/bold]
+
+1. [cyan]URL Validation[/cyan]
+   - Prevents malicious URL patterns
+   - Blocks URLs with embedded credentials
+   - Validates scheme (http/https only)
+
+2. [cyan]Domain Whitelist[/cyan]
+   - Restricts connections to approved domains
+   - Prevents credential theft via fake APIs
+   - Can be disabled for self-hosted instances
+
+3. [cyan]HTTPS Enforcement[/cyan]
+   - Requires encrypted connections in production
+   - Warns on insecure HTTP (non-localhost)
+   - Protects credentials and data in transit
+
+4. [cyan]Certificate Pinning[/cyan]
+   - Validates SSL certificate fingerprints
+   - Prevents man-in-the-middle attacks
+   - Optional (enabled in production by default)
+
+[bold]Configuration Examples:[/bold]
+
+[yellow]Development (default):[/yellow]
+  $ xenfra login
+  # Uses http://localhost:8000
+
+[yellow]Self-hosted instance:[/yellow]
+  $ export XENFRA_API_URL=https://xenfra.mycompany.com
+  $ export XENFRA_ENFORCE_WHITELIST=false
+  $ xenfra login
+
+[yellow]Production (strict):[/yellow]
+  $ export XENFRA_ENV=production
+  $ xenfra login
+  # All security features enabled
+
+[bold]Environment Variables:[/bold]
+
+XENFRA_ENV
+  Values: production | staging | development
+  Default: development
+
+XENFRA_API_URL
+  Default: http://localhost:8000 (dev), https://api.xenfra.tech (prod)
+
+XENFRA_ENFORCE_HTTPS
+  Values: true | false
+  Default: false (dev), true (prod)
+
+XENFRA_ENFORCE_WHITELIST
+  Values: true | false
+  Default: false (dev), true (prod)
+
+XENFRA_ENABLE_CERT_PINNING
+  Values: true | false
+  Default: false (dev), true (prod)
+
+XENFRA_WARN_ON_HTTP
+  Values: true | false
+  Default: true
+
+[bold]Security Best Practices:[/bold]
+
+1. Always use HTTPS in production
+2. Never disable security features without understanding risks
+3. Keep whitelisted domains list updated
+4. Rotate credentials if you suspect compromise
+5. Use environment-specific configurations
+6. Enable all features for production deployments
+
+[dim]For more information: https://docs.xenfra.tech/security[/dim]
+"""
+
+    console.print(Panel(docs_text, border_style="cyan", padding=(1, 2)))

xenfra/main.py

@@ -0,0 +1,75 @@
+"""
+Xenfra CLI - Main entry point.
+
+A modern, AI-powered CLI for deploying Python apps to DigitalOcean.
+"""
+
+import os
+
+import click
+from rich.console import Console
+
+from .commands.auth import auth
+from .commands.deployments import deploy, logs, report, status
+from .commands.intelligence import analyze, diagnose, init
+from .commands.projects import projects
+from .commands.security_cmd import security
+
+console = Console()
+
+# Production-ready: API URL is hardcoded as https://api.xenfra.tech
+# No configuration needed - works out of the box after pip install
+
+
+@click.group()
+@click.version_option(version="0.2.9")
+def cli():
+    """
+    Xenfra CLI: Deploy Python apps to DigitalOcean with zero configuration.
+
+    Quick Start:
+      xenfra auth login     # Authenticate with Xenfra
+      xenfra init           # Initialize your project (AI-powered)
+      xenfra deploy         # Deploy to DigitalOcean
+
+    Commands:
+      auth        Authentication (login, logout, whoami)
+      projects    Manage projects (list, show, delete)
+      init        Smart project initialization (AI-powered)
+      diagnose    Diagnose deployment failures (AI-powered)
+      analyze     Analyze codebase without creating config
+
+    For help on a specific command:
+      xenfra <command> --help
+    """
+    # Configure keyring backend
+    os.environ["KEYRING_BACKEND"] = "keyrings.alt.file.PlaintextKeyring"
+
+    # Security works silently in the background
+    # Only shows warnings if there's an actual security issue
+
+
+# Register command groups
+cli.add_command(auth)
+cli.add_command(projects)
+cli.add_command(security)
+
+# Register intelligence commands at root level
+cli.add_command(init)
+cli.add_command(diagnose)
+cli.add_command(analyze)
+
+# Register deployment commands at root level
+cli.add_command(deploy)
+cli.add_command(status)
+cli.add_command(logs)
+cli.add_command(report)
+
+
+def main():
+    """Main entry point."""
+    cli()
+
+
+if __name__ == "__main__":
+    main()

xenfra/utils/__init__.py

@@ -0,0 +1,3 @@
+"""
+Utility functions for Xenfra CLI.
+"""

xenfra/utils/auth.py

@@ -0,0 +1,243 @@
+"""
+Authentication utilities for Xenfra CLI.
+Handles OAuth2 PKCE flow and token management.
+"""
+
+from http.server import BaseHTTPRequestHandler, HTTPServer
+from urllib.parse import parse_qs, urlparse
+
+import httpx
+import keyring
+from rich.console import Console
+from tenacity import (
+    retry,
+    retry_if_exception_type,
+    stop_after_attempt,
+    wait_exponential,
+)
+
+from .security import validate_and_get_api_url
+
+console = Console()
+
+# Get validated API URL (includes all security checks)
+API_BASE_URL = validate_and_get_api_url()
+SERVICE_ID = "xenfra"
+
+# CLI OAuth2 Configuration
+CLI_CLIENT_ID = "xenfra-cli"
+CLI_REDIRECT_PATH = "/auth/callback"
+CLI_LOCAL_SERVER_START_PORT = 8001
+CLI_LOCAL_SERVER_END_PORT = 8005
+
+# HTTP request timeout (30 seconds)
+HTTP_TIMEOUT = 30.0
+
+# Global storage for OAuth callback data
+oauth_data = {"code": None, "state": None, "error": None}
+
+
+class AuthCallbackHandler(BaseHTTPRequestHandler):
+    """HTTP handler for OAuth redirect callback."""
+
+    def do_GET(self):
+        global oauth_data
+        self.send_response(200)
+        self.send_header("Content-type", "text/html")
+        self.end_headers()
+
+        query_params = parse_qs(urlparse(self.path).query)
+
+        if "code" in query_params:
+            oauth_data["code"] = query_params["code"][0]
+            oauth_data["state"] = query_params["state"][0] if "state" in query_params else None
+            self.wfile.write(
+                b"<html><body><h1>Authentication successful!</h1><p>You can close this window.</p></body></html>"
+            )
+        elif "error" in query_params:
+            oauth_data["error"] = query_params["error"][0]
+            self.wfile.write(
+                f"<html><body><h1>Authentication failed!</h1><p>Error: {oauth_data['error']}</p></body></html>".encode()
+            )
+        else:
+            self.wfile.write(
+                b"<html><body><h1>Authentication callback received.</h1><p>Waiting for code...</p></body></html>"
+            )
+
+        # Shut down the server after processing
+        self.server.shutdown()  # type: ignore
+
+
+def run_local_oauth_server(port: int, redirect_path: str):
+    """Start a local HTTP server to capture the OAuth redirect."""
+    server_address = ("127.0.0.1", port)
+    httpd = HTTPServer(server_address, AuthCallbackHandler)
+    httpd.timeout = 30  # seconds
+    console.print(
+        f"[dim]Listening for OAuth redirect on http://localhost:{port}{redirect_path}...[/dim]"
+    )
+
+    # Store the server instance in the handler for shutdown
+    AuthCallbackHandler.server = httpd  # type: ignore
+
+    # Handle a single request (blocking call)
+    httpd.handle_request()
+    console.print("[dim]Local OAuth server shut down.[/dim]")
+
+
+@retry(
+    stop=stop_after_attempt(3),
+    wait=wait_exponential(multiplier=1, min=2, max=10),
+    retry=retry_if_exception_type((httpx.TimeoutException, httpx.NetworkError)),
+    reraise=True,
+)
+def _refresh_token_with_retry(refresh_token: str) -> dict:
+    """
+    Refresh access token with retry logic.
+
+    Returns token data dictionary.
+    """
+    with httpx.Client(timeout=HTTP_TIMEOUT) as client:
+        response = client.post(
+            f"{API_BASE_URL}/auth/refresh",
+            data={"refresh_token": refresh_token, "client_id": CLI_CLIENT_ID},
+            headers={"Accept": "application/json"},
+        )
+        response.raise_for_status()
+
+        # Safe JSON parsing with content-type check
+        content_type = response.headers.get("content-type", "")
+        if "application/json" not in content_type:
+            raise ValueError(f"Expected JSON response, got {content_type}")
+
+        try:
+            token_data = response.json()
+        except (ValueError, TypeError) as e:
+            raise ValueError(f"Failed to parse JSON response: {e}")
+
+        return token_data
+
+
+def get_auth_token() -> str | None:
+    """
+    Retrieve a valid access token, refreshing it if necessary.
+
+    Returns:
+        Valid access token or None if not authenticated
+    """
+    try:
+        access_token = keyring.get_password(SERVICE_ID, "access_token")
+        refresh_token = keyring.get_password(SERVICE_ID, "refresh_token")
+    except keyring.errors.KeyringError as e:
+        console.print(f"[yellow]Warning: Could not access keyring: {e}[/yellow]")
+        return None
+
+    if not access_token:
+        return None
+
+    # Check if access token is expired
+    # Manually decode JWT payload to check expiration without verifying signature
+    try:
+        import base64
+        import json
+        
+        # JWT format: header.payload.signature
+        parts = access_token.split(".")
+        if len(parts) != 3:
+            claims = None
+        else:
+            # Decode payload (second part)
+            payload_b64 = parts[1]
+            # Add padding if needed
+            padding = 4 - len(payload_b64) % 4
+            if padding != 4:
+                payload_b64 += "=" * padding
+            payload_bytes = base64.urlsafe_b64decode(payload_b64)
+            claims = json.loads(payload_bytes)
+            
+            # Check expiration manually
+            exp = claims.get("exp")
+            if exp:
+                import time
+                if time.time() >= exp:
+                    claims = None  # Token expired
+    except Exception:
+        claims = None
+
+    # Refresh token if expired
+    if not claims and refresh_token:
+        console.print("[dim]Access token expired. Attempting to refresh...[/dim]")
+        try:
+            token_data = _refresh_token_with_retry(refresh_token)
+            new_access_token = token_data.get("access_token")
+            new_refresh_token = token_data.get("refresh_token")
+
+            if new_access_token:
+                try:
+                    keyring.set_password(SERVICE_ID, "access_token", new_access_token)
+                    if new_refresh_token:
+                        keyring.set_password(SERVICE_ID, "refresh_token", new_refresh_token)
+                    console.print("[bold green]Token refreshed successfully.[/bold green]")
+                    return new_access_token
+                except keyring.errors.KeyringError as e:
+                    console.print(
+                        f"[yellow]Warning: Could not save refreshed token to keyring: {e}[/yellow]"
+                    )
+                    # Return the token anyway, but warn user
+                    return new_access_token
+            else:
+                console.print("[bold red]Failed to get new access token.[/bold red]")
+                return None
+
+        except httpx.TimeoutException:
+            console.print("[bold red]Token refresh failed: Request timed out.[/bold red]")
+            return None
+        except httpx.NetworkError:
+            console.print("[bold red]Token refresh failed: Network error.[/bold red]")
+            return None
+        except httpx.HTTPStatusError as exc:
+            if exc.response.status_code == 400:
+                console.print("[bold red]Refresh token expired. Please log in again.[/bold red]")
+            else:
+                error_detail = "Unknown error"
+                try:
+                    if exc.response.content:
+                        content_type = exc.response.headers.get("content-type", "")
+                        if "application/json" in content_type:
+                            error_data = exc.response.json()
+                            error_detail = error_data.get("detail", str(error_data))
+                except Exception:
+                    error_detail = exc.response.text[:200] if exc.response.text else "Unknown error"
+
+                console.print(
+                    f"[bold red]Token refresh failed: {exc.response.status_code} - {error_detail}[/bold red]"
+                )
+
+            # Clear tokens on refresh failure
+            try:
+                keyring.delete_password(SERVICE_ID, "access_token")
+                keyring.delete_password(SERVICE_ID, "refresh_token")
+            except keyring.errors.KeyringError:
+                pass  # Ignore errors when clearing
+            return None
+        except ValueError as e:
+            console.print(f"[bold red]Token refresh failed: {e}[/bold red]")
+            return None
+        except Exception as e:
+            console.print(
+                f"[bold red]Token refresh failed: Unexpected error - {type(e).__name__}[/bold red]"
+            )
+            return None
+
+    return access_token
+
+
+def clear_tokens():
+    """Clear stored access and refresh tokens."""
+    try:
+        keyring.delete_password(SERVICE_ID, "access_token")
+        keyring.delete_password(SERVICE_ID, "refresh_token")
+    except keyring.errors.PasswordDeleteError:
+        pass  # Tokens already cleared
+    except keyring.errors.KeyringError as e:
+        console.print(f"[yellow]Warning: Could not clear tokens from keyring: {e}[/yellow]")

xenfra/utils/codebase.py

@@ -0,0 +1,126 @@
+"""
+Codebase scanning utilities for AI-powered project initialization.
+"""
+
+import os
+from pathlib import Path
+
+
+def scan_codebase(max_files: int = 10, max_size: int = 50000) -> dict[str, str]:
+    """
+    Scan current directory for important code files.
+
+    Args:
+        max_files: Maximum number of files to include (validated: 1-100)
+        max_size: Maximum file size in bytes (validated: 1KB-10MB)
+
+    Returns:
+        Dictionary of filename -> content for AI analysis
+    """
+    # Validate limits
+    from .validation import validate_codebase_scan_limits
+
+    is_valid, error_msg = validate_codebase_scan_limits(max_files, max_size)
+    if not is_valid:
+        raise ValueError(f"Invalid scan limits: {error_msg}")
+
+    # Ensure limits are within bounds
+    max_files = max(1, min(100, max_files))
+    max_size = max(1024, min(10 * 1024 * 1024, max_size))
+    """
+    Scan current directory for important code files.
+
+    Args:
+        max_files: Maximum number of files to include
+        max_size: Maximum file size in bytes (default 50KB)
+
+    Returns:
+        Dictionary of filename -> content for AI analysis
+    """
+    code_snippets = {}
+
+    # Priority files to scan (in order)
+    important_files = [
+        # Python entry points
+        "main.py",
+        "app.py",
+        "wsgi.py",
+        "asgi.py",
+        "manage.py",
+        # Configuration files
+        "requirements.txt",
+        "pyproject.toml",
+        "Pipfile",
+        "setup.py",
+        # Django/Flask specific
+        "settings.py",
+        "config.py",
+        # Docker
+        "Dockerfile",
+        "docker-compose.yml",
+        # Xenfra config
+        "xenfra.yaml",
+        "xenfra.yml",
+    ]
+
+    # Scan for important files in current directory
+    for filename in important_files:
+        if len(code_snippets) >= max_files:
+            break
+
+        if os.path.exists(filename) and os.path.isfile(filename):
+            try:
+                file_size = os.path.getsize(filename)
+                if file_size > max_size:
+                    continue
+
+                with open(filename, "r", encoding="utf-8") as f:
+                    content = f.read(max_size)
+                    code_snippets[filename] = content
+            except (IOError, OSError, PermissionError, UnicodeDecodeError) as e:
+                # Skip files that can't be read (log but don't crash)
+                import logging
+
+                logger = logging.getLogger(__name__)
+                logger.debug(f"Skipping file {filename}: {type(e).__name__}")
+                continue
+
+    # If we haven't found enough files, look for Python files in common locations
+    if len(code_snippets) < 3:
+        search_patterns = [
+            "src/**/*.py",
+            "app/**/*.py",
+            "*.py",
+        ]
+
+        for pattern in search_patterns:
+            if len(code_snippets) >= max_files:
+                break
+
+            for filepath in Path(".").glob(pattern):
+                if len(code_snippets) >= max_files:
+                    break
+
+                if filepath.is_file() and filepath.name not in code_snippets:
+                    try:
+                        file_size = filepath.stat().st_size
+                        if file_size > max_size:
+                            continue
+
+                        with open(filepath, "r", encoding="utf-8") as f:
+                            content = f.read(max_size)
+                            code_snippets[str(filepath)] = content
+                    except (IOError, OSError, PermissionError, UnicodeDecodeError) as e:
+                        # Skip files that can't be read
+                        import logging
+
+                        logger = logging.getLogger(__name__)
+                        logger.debug(f"Skipping file {filepath}: {type(e).__name__}")
+                        continue
+
+    return code_snippets
+
+
+def has_xenfra_config() -> bool:
+    """Check if xenfra.yaml already exists."""
+    return os.path.exists("xenfra.yaml") or os.path.exists("xenfra.yml")