Skip to content

Releases: KeyNetra/keynetra

KeyNetra v0.1.1

08 Apr 15:09
@github-actions github-actions
v0.1.1
85ed123

Choose a tag to compare

View all tags
KeyNetra v0.1.1 Latest
Latest

PR: KeyNetra v0.1.1 Initial Release Hardening (Headless-First, API+CLI+Embedded)

Summary

This PR finalizes KeyNetra v0.1.1 as a production-ready, headless authorization platform that
works in three modes without UI dependency:

  1. HTTP Server mode
  2. CLI mode
  3. Embedded Python engine mode

It also standardizes config-driven startup, policy/model file loading, admin login flow, Docker
runtime behavior, and terminal startup/log UX.

Why

To ensure KeyNetra can be operated in real environments where UI may not exist and can be integrated
into backend systems directly with stable API/CLI/embedded interfaces.

Scope

1) Headless engine and embedded usage

  • Added/validated direct embedded facade:
    • from keynetra import KeyNetra
    • KeyNetra.from_config(...)
    • load_policies(...)
    • load_model(...)
    • check_access(...)
  • Ensured pure engine remains usable directly:
    • from keynetra.engine import KeyNetraEngine

Files

  • keynetra/__init__.py
  • keynetra/headless.py
  • keynetra/engine/__init__.py
  • keynetra/engine/keynetra_engine.py

2) Config file loader (YAML/JSON/TOML)

  • Implemented config loader and env mapping for file-driven operation.
  • Supports database, redis, policy paths, model paths, seed flag, server host/port.
  • CLI supports global --config flow.

Files

  • keynetra/config/config_loader.py
  • keynetra/config/settings.py
  • keynetra/cli.py

3) Policy/model file support

  • Policy file loading support for:
    • .yaml/.yml
    • .json
    • .polar
  • Authorization model loading support for:
    • .yaml/.yml
    • .json
    • .toml
    • raw schema files
  • Startup bootstrap loads file-backed policies/models when configured.

Files

  • keynetra/config/file_loaders.py
  • keynetra/api/main.py

4) CLI extensions for headless operation

  • Added/validated commands:
    • serve
    • start (compat alias)
    • check
    • simulate
    • impact
    • compile-policies
    • doctor
    • version
    • help-cli
    • admin-login
    • ACL + model subcommands
  • Config file handling integrated across commands.

Files

  • keynetra/cli.py
  • keynetra/version.py

5) Admin login (username/password)

  • Added admin token issuance endpoint:
    • POST /admin/login
  • Validates configured KEYNETRA_ADMIN_USERNAME + KEYNETRA_ADMIN_PASSWORD
  • Returns JWT with admin role claims for management APIs.

Files

  • keynetra/api/routes/admin_auth.py
  • keynetra/config/admin_auth.py
  • keynetra/config/settings.py
  • contracts/openapi/keynetra-v0.1.1.yaml (parity update)

6) Startup terminal UX + colored logs

  • Added startup dashboard rendering with pyfiglet (slant) + Rich layout.
  • Added mode/config/runtime/security/storage info in startup output.
  • Enabled rich-colored logs with env controls:
    • KEYNETRA_LOG_FORMAT=rich
    • KEYNETRA_FORCE_COLOR=1
  • Added warning suppression for Pydantic non-fatal schema field shadowing noise in CLI startup.

Files

  • keynetra/cli.py
  • keynetra/infrastructure/logging.py

7) Docker runtime and compose modernization

  • Standardized v0 compose setup (no legacy split).
  • Added/updated:
    • docker-compose.yml (main stack)
    • docker-compose.dev.yml (dev stack)
  • Docker startup script now:
    • runs migrations (optional)
    • renders startup screen in container too
    • enables rich/color logs by default
    • starts uvicorn workers

Files

  • docker-compose.yml
  • docker-compose.dev.yml
  • Dockerfile
  • infra/docker/start.sh
  • .env.example

8) Examples and operational config

  • Added/updated example configs and sample policy/model files for config-driven and embedded usage.

Files

  • examples/keynetra.yaml
  • examples/auth-model.yaml
  • examples/policies/*
  • examples/policy_tests.yaml

API Changes

Added

  • POST /admin/login

Confirmed available

  • POST /check-access
  • POST /check-access-batch
  • POST /simulate
  • POST /simulate-policy
  • POST /impact-analysis
  • POST /auth-model
  • GET /auth-model
  • POST /acl
  • GET /acl/{resource_type}/{resource_id}
  • DELETE /acl/{acl_id}
  • GET /metrics
  • GET /health
  • GET /health/live
  • GET /health/ready

Backward Compatibility

  • start command retained as alias for serve.
  • Existing API and layered architecture preserved.
  • No UI dependency introduced; UI remains optional.
  • No breaking schema behavior intended for existing consumers.

Risk Assessment

Low/medium risk areas

  • CLI startup rendering and logging behavior
  • Docker startup UX path and worker startup semantics
  • Admin login credential handling configuration

Mitigations

  • Defaults remain safe and env-driven.
  • Fallback logging path remains JSON if Rich unavailable.
  • Admin login can be disabled by unsetting admin credentials.
  • OpenAPI parity update included for new route visibility.

Validation Performed

  • Route and command surfaces verified in code.
  • OpenAPI contract updated for /admin/login.
  • Headless config/policy/model loading paths validated at code level.
  • Docker startup path includes startup screen + color log enablement.

Release Checklist (v0.1.1)

  • Version aligned (pyproject.toml, keynetra/version.py, OpenAPI info)
  • Headless operation (API, CLI, embedded)
  • Config-driven startup (YAML/JSON/TOML)
  • Policy/model file loaders wired
  • Admin login route implemented and documented in contract
  • Docker main + dev compose available
  • Startup UX and colored logging enabled
Assets 4
Loading