agentauthlayer 0.1.0__tar.gz → 0.1.2__tar.gz

agentauthlayer-0.1.2/PKG-INFO

@@ -0,0 +1,194 @@
+Metadata-Version: 2.4
+Name: agentauthlayer
+Version: 0.1.2
+Summary: Library-first authentication and authorization SDK for AI agents
+Author: Vaibhav Ahluwalia
+License: MIT
+Project-URL: Homepage, https://pypi.org/project/agentauthlayer/
+Keywords: agents,auth,authorization,iam,security,sdk
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Requires-Dist: requests>=2.31.0
+Requires-Dist: python-jose>=3.3.0
+
+# agentauthlayer
+
+Python SDK for integrating agent runtimes with the Agent Auth control plane.
+
+`agentauthlayer` helps you:
+- authenticate once and reuse local credentials
+- register agents from code
+- sync tool and capability definitions
+- evaluate permissions against the control plane
+- apply permission checks inside runtime functions
+
+This package is the reusable SDK layer. It is intended for developers integrating Python agents, tools, and workflows with an Agent Auth deployment.
+
+## Install
+
+```bash
+pip install agentauthlayer
+```
+
+## Quickstart
+
+### 1. Log in once
+
+```bash
+agentauth login --base-url http://127.0.0.1:8002
+```
+
+This stores local credentials so your code can connect without manually pasting a token every time.
+
+Useful follow-up commands:
+
+```bash
+agentauth whoami
+agentauth logout
+agentauth ui
+```
+
+### 2. Define tools and agents in code
+
+```python
+from agent_auth import register_tool, register_agent, require_permission
+
+@register_tool(action="math.compute", description="Run approved math jobs")
+@require_permission("math.compute", resource="math/basic")
+def add(a: int, b: int, agent_id: str | None = None, role: str | None = None, context: dict | None = None):
+    return a + b
+
+register_agent(
+    agent_id="math-agent",
+    name="Math Agent",
+    owner="you@company.com",
+    role="research_agent",
+    project_id="ai-platform",
+    scopes=[],
+)
+```
+
+### 3. Sync everything with one command
+
+```bash
+agentauth sync --module your_module_name
+```
+
+This imports the module, discovers registered tools and agents, syncs capability definitions, and creates agents through the control plane.
+
+## SDK client usage
+
+```python
+from agent_auth import AuthAPIClient
+
+client = AuthAPIClient()
+
+agent = client.create_agent(
+    agent_id="research-bot-01",
+    name="Research Bot 01",
+    owner="vaibhav@company.com",
+    role="research_agent",
+    scopes=[],
+    project_id="ai-platform",
+)
+
+print(agent)
+```
+
+## Environment variables
+
+If you prefer non-interactive configuration, the SDK also supports environment variables:
+
+```bash
+export AGENT_AUTH_URL=http://127.0.0.1:8002
+export AGENT_AUTH_TOKEN=YOUR_ADMIN_OR_SERVICE_TOKEN
+```
+
+Resolution order used by `AuthAPIClient()`:
+1. explicit constructor arguments
+2. environment variables
+3. stored local credentials from `agentauth login`
+
+## Common tasks
+
+### Sync tools manually
+
+```python
+client.sync_tools([
+    {"action": "tool.search_web", "description": "Search the web"},
+    {"action": "docs.read", "description": "Read protected docs"},
+])
+```
+
+### Evaluate access
+
+```python
+decision = client.evaluate(
+    principal_id="research-bot-01",
+    action="tool.search_web",
+    resource="web/*",
+    role="research_agent",
+)
+
+print(decision)
+```
+
+### Fetch or delete an agent
+
+```python
+agent = client.get_agent("research-bot-01")
+print(agent)
+
+result = client.delete_agent("research-bot-01")
+print(result)
+```
+
+CLI equivalent:
+
+```bash
+agentauth delete-agent research-bot-01
+```
+
+## Public package scope
+
+This package provides:
+- the Python SDK (`agent_auth`)
+- CLI helpers for login, sync, and agent cleanup
+- registry-based tool and agent sync
+- permission evaluation helpers
+
+It does not package the full control plane server or admin dashboard.
+
+## Suitable use cases
+
+- Python agent runtimes
+- tool-based workflows
+- service-to-control-plane integrations
+- local development with stored credentials
+- CI or automation using environment variables
+
+## Requirements
+
+- Python 3.10+
+- access to a running Agent Auth control plane
+
+## Notes
+
+The import path remains:
+
+```python
+from agent_auth import ...
+```
+
+while the published package name is:
+
+```bash
+pip install agentauthlayer
+```

agentauthlayer-0.1.2/README.md

@@ -0,0 +1,174 @@
+# agentauthlayer
+
+Python SDK for integrating agent runtimes with the Agent Auth control plane.
+
+`agentauthlayer` helps you:
+- authenticate once and reuse local credentials
+- register agents from code
+- sync tool and capability definitions
+- evaluate permissions against the control plane
+- apply permission checks inside runtime functions
+
+This package is the reusable SDK layer. It is intended for developers integrating Python agents, tools, and workflows with an Agent Auth deployment.
+
+## Install
+
+```bash
+pip install agentauthlayer
+```
+
+## Quickstart
+
+### 1. Log in once
+
+```bash
+agentauth login --base-url http://127.0.0.1:8002
+```
+
+This stores local credentials so your code can connect without manually pasting a token every time.
+
+Useful follow-up commands:
+
+```bash
+agentauth whoami
+agentauth logout
+agentauth ui
+```
+
+### 2. Define tools and agents in code
+
+```python
+from agent_auth import register_tool, register_agent, require_permission
+
+@register_tool(action="math.compute", description="Run approved math jobs")
+@require_permission("math.compute", resource="math/basic")
+def add(a: int, b: int, agent_id: str | None = None, role: str | None = None, context: dict | None = None):
+    return a + b
+
+register_agent(
+    agent_id="math-agent",
+    name="Math Agent",
+    owner="you@company.com",
+    role="research_agent",
+    project_id="ai-platform",
+    scopes=[],
+)
+```
+
+### 3. Sync everything with one command
+
+```bash
+agentauth sync --module your_module_name
+```
+
+This imports the module, discovers registered tools and agents, syncs capability definitions, and creates agents through the control plane.
+
+## SDK client usage
+
+```python
+from agent_auth import AuthAPIClient
+
+client = AuthAPIClient()
+
+agent = client.create_agent(
+    agent_id="research-bot-01",
+    name="Research Bot 01",
+    owner="vaibhav@company.com",
+    role="research_agent",
+    scopes=[],
+    project_id="ai-platform",
+)
+
+print(agent)
+```
+
+## Environment variables
+
+If you prefer non-interactive configuration, the SDK also supports environment variables:
+
+```bash
+export AGENT_AUTH_URL=http://127.0.0.1:8002
+export AGENT_AUTH_TOKEN=YOUR_ADMIN_OR_SERVICE_TOKEN
+```
+
+Resolution order used by `AuthAPIClient()`:
+1. explicit constructor arguments
+2. environment variables
+3. stored local credentials from `agentauth login`
+
+## Common tasks
+
+### Sync tools manually
+
+```python
+client.sync_tools([
+    {"action": "tool.search_web", "description": "Search the web"},
+    {"action": "docs.read", "description": "Read protected docs"},
+])
+```
+
+### Evaluate access
+
+```python
+decision = client.evaluate(
+    principal_id="research-bot-01",
+    action="tool.search_web",
+    resource="web/*",
+    role="research_agent",
+)
+
+print(decision)
+```
+
+### Fetch or delete an agent
+
+```python
+agent = client.get_agent("research-bot-01")
+print(agent)
+
+result = client.delete_agent("research-bot-01")
+print(result)
+```
+
+CLI equivalent:
+
+```bash
+agentauth delete-agent research-bot-01
+```
+
+## Public package scope
+
+This package provides:
+- the Python SDK (`agent_auth`)
+- CLI helpers for login, sync, and agent cleanup
+- registry-based tool and agent sync
+- permission evaluation helpers
+
+It does not package the full control plane server or admin dashboard.
+
+## Suitable use cases
+
+- Python agent runtimes
+- tool-based workflows
+- service-to-control-plane integrations
+- local development with stored credentials
+- CI or automation using environment variables
+
+## Requirements
+
+- Python 3.10+
+- access to a running Agent Auth control plane
+
+## Notes
+
+The import path remains:
+
+```python
+from agent_auth import ...
+```
+
+while the published package name is:
+
+```bash
+pip install agentauthlayer
+```

{agentauthlayer-0.1.0 → agentauthlayer-0.1.2}/agent_auth/__init__.py

@@ -15,6 +15,13 @@ from agent_auth.exceptions import (
 from agent_auth.models import Agent, TokenClaims, TokenRecord, User, UserClaims
 from agent_auth.policy import PolicyDecision, PolicyEvaluator, PolicyRequest, PolicyStatement, RoleDefinition, require_permission
 from agent_auth.principals import AgentPrincipal, Principal, SystemPrincipal, UserPrincipal, user_scopes_for_role
+from agent_auth.registry import (
+    clear_registries,
+    list_registered_agents,
+    list_registered_tools,
+    register_agent,
+    register_tool,
+)
 
 __all__ = [
     "Agent",
@@ -40,9 +47,14 @@ __all__ = [
     "User",
     "UserClaims",
     "UserPrincipal",
+    "clear_registries",
+    "list_registered_agents",
+    "list_registered_tools",
     "principal_fields",
     "principal_from_agent",
     "principal_from_user",
+    "register_agent",
+    "register_tool",
     "require_permission",
     "user_scopes_for_role",
 ]

agentauthlayer-0.1.2/agent_auth/__main__.py

@@ -0,0 +1,5 @@
+from agent_auth.cli import main
+
+
+if __name__ == '__main__':
+    raise SystemExit(main())

agentauthlayer-0.1.2/agent_auth/cli.py

@@ -0,0 +1,142 @@
+from __future__ import annotations
+
+import argparse
+import getpass
+import importlib
+import json
+import sys
+import webbrowser
+
+import requests
+
+from agent_auth.client import AuthAPIClient
+from agent_auth.credentials import clear_credentials, load_credentials, save_credentials
+from agent_auth.registry import clear_registries, list_registered_agents, list_registered_tools
+
+
+def login_command(args) -> int:
+    email = args.email or input('Email: ').strip()
+    password = args.password or getpass.getpass('Password: ')
+    base_url = (args.base_url or 'http://127.0.0.1:8002').rstrip('/')
+
+    response = requests.post(
+        f"{base_url}/users/login",
+        json={"email": email, "password": password},
+        timeout=30,
+    )
+    if not response.ok:
+        print(response.text, file=sys.stderr)
+        return 1
+
+    payload = response.json()
+    save_credentials({
+        'base_url': base_url,
+        'token': payload['access_token'],
+        'email': payload['user']['email'],
+    })
+    print(f"Logged in to {base_url} as {payload['user']['email']}")
+    return 0
+
+
+def whoami_command(args) -> int:
+    creds = load_credentials()
+    if not creds:
+        print('Not logged in.')
+        return 1
+    client = AuthAPIClient()
+    me = client.me()
+    print(json.dumps(me, indent=2))
+    return 0
+
+
+def logout_command(args) -> int:
+    clear_credentials()
+    print('Logged out.')
+    return 0
+
+
+def sync_command(args) -> int:
+    clear_registries()
+    importlib.import_module(args.module)
+
+    client = AuthAPIClient()
+    tools = list_registered_tools()
+    agents = list_registered_agents()
+
+    if tools:
+        client.sync_tools([
+            {'action': tool.action, 'description': tool.description}
+            for tool in tools
+        ])
+
+    created_agents = []
+    for agent in agents:
+        created_agents.append(client.create_agent(
+            agent_id=agent.agent_id,
+            name=agent.name,
+            owner=agent.owner,
+            role=agent.role,
+            scopes=agent.scopes,
+            project_id=agent.project_id,
+        ))
+
+    print(json.dumps({
+        'module': args.module,
+        'synced_tools': [tool.action for tool in tools],
+        'synced_agents': [agent['agent_id'] for agent in created_agents],
+    }, indent=2))
+    return 0
+
+
+def delete_agent_command(args) -> int:
+    client = AuthAPIClient()
+    result = client.delete_agent(args.agent_id)
+    print(json.dumps(result, indent=2))
+    return 0
+
+
+def ui_command(args) -> int:
+    creds = load_credentials() or {}
+    base_url = (args.base_url or creds.get('base_url') or 'http://127.0.0.1:8002').rstrip('/')
+    webbrowser.open(base_url)
+    print(f'Opened UI: {base_url}')
+    return 0
+
+
+def main():
+    parser = argparse.ArgumentParser(prog='agentauth', description='Agent Auth SDK CLI')
+    subparsers = parser.add_subparsers(dest='command')
+
+    login_parser = subparsers.add_parser('login', help='Log in and store local credentials')
+    login_parser.add_argument('--base-url', default='http://127.0.0.1:8002')
+    login_parser.add_argument('--email')
+    login_parser.add_argument('--password')
+    login_parser.set_defaults(func=login_command)
+
+    whoami_parser = subparsers.add_parser('whoami', help='Show the currently stored user context')
+    whoami_parser.set_defaults(func=whoami_command)
+
+    logout_parser = subparsers.add_parser('logout', help='Clear stored local credentials')
+    logout_parser.set_defaults(func=logout_command)
+
+    sync_parser = subparsers.add_parser('sync', help='Import a module and sync its registered tools and agents')
+    sync_parser.add_argument('--module', required=True)
+    sync_parser.set_defaults(func=sync_command)
+
+    delete_agent_parser = subparsers.add_parser('delete-agent', help='Delete an agent by ID')
+    delete_agent_parser.add_argument('agent_id')
+    delete_agent_parser.set_defaults(func=delete_agent_command)
+
+    ui_parser = subparsers.add_parser('ui', help='Open the configured control plane UI in a browser')
+    ui_parser.add_argument('--base-url')
+    ui_parser.set_defaults(func=ui_command)
+
+    args = parser.parse_args()
+    if not hasattr(args, 'func'):
+        parser.print_help()
+        return 1
+    return args.func(args)
+
+
+if __name__ == '__main__':
+    raise SystemExit(main())

{agentauthlayer-0.1.0 → agentauthlayer-0.1.2}/agent_auth/client.py

@@ -6,6 +6,7 @@ from typing import Any
 import requests
 
 from agent_auth.context import AuthContext
+from agent_auth.credentials import load_credentials
 from agent_auth.exceptions import (
     AgentNotFoundError,
     AuthServiceError,
@@ -19,8 +20,9 @@ class AuthAPIClient:
     """Thin SDK client for talking to the Agent Auth control plane."""
 
     def __init__(self, base_url: str | None = None, token: str | None = None, timeout: int = 30) -> None:
-        self.base_url = (base_url or os.getenv("AGENT_AUTH_URL") or "http://127.0.0.1:8002").rstrip("/")
-        self.token = token or os.getenv("AGENT_AUTH_TOKEN")
+        stored = load_credentials() or {}
+        self.base_url = (base_url or os.getenv("AGENT_AUTH_URL") or stored.get("base_url") or "http://127.0.0.1:8002").rstrip("/")
+        self.token = token or os.getenv("AGENT_AUTH_TOKEN") or stored.get("token")
         self.timeout = timeout
 
     def _headers(self) -> dict[str, str]:
@@ -62,6 +64,9 @@ class AuthAPIClient:
     def health(self) -> dict[str, Any]:
         return self._request("GET", "/health")
 
+    def me(self) -> dict[str, Any]:
+        return self._request("GET", "/users/me")
+
     def create_agent(self, agent_id: str, name: str, owner: str, role: str, scopes: list[str], project_id: str | None = None) -> dict[str, Any]:
         payload = {
             "agent_id": agent_id,
@@ -74,6 +79,9 @@ class AuthAPIClient:
             payload["project_id"] = project_id
         return self._request("POST", "/agents", json=payload)
 
+    def delete_agent(self, agent_id: str) -> dict[str, Any]:
+        return self._request("DELETE", f"/agents/{agent_id}")
+
     def get_agent(self, agent_id: str) -> dict[str, Any]:
         return self._request("GET", f"/agents/{agent_id}")
 

agentauthlayer-0.1.2/agent_auth/credentials.py

@@ -0,0 +1,31 @@
+from __future__ import annotations
+
+import json
+from pathlib import Path
+from typing import Any
+
+CONFIG_DIR = Path.home() / '.agentauth'
+CREDENTIALS_FILE = CONFIG_DIR / 'credentials.json'
+
+
+def credentials_path() -> Path:
+    CONFIG_DIR.mkdir(parents=True, exist_ok=True)
+    return CREDENTIALS_FILE
+
+
+def load_credentials() -> dict[str, Any] | None:
+    path = credentials_path()
+    if not path.exists():
+        return None
+    return json.loads(path.read_text())
+
+
+def save_credentials(data: dict[str, Any]) -> None:
+    path = credentials_path()
+    path.write_text(json.dumps(data, indent=2))
+
+
+def clear_credentials() -> None:
+    path = credentials_path()
+    if path.exists():
+        path.unlink()

agentauthlayer-0.1.2/agent_auth/registry.py

@@ -0,0 +1,61 @@
+from __future__ import annotations
+
+from dataclasses import dataclass
+from typing import Any, Callable
+
+
+@dataclass(slots=True)
+class RegisteredTool:
+    action: str
+    description: str
+    func_name: str
+
+
+@dataclass(slots=True)
+class RegisteredAgent:
+    agent_id: str
+    name: str
+    owner: str
+    role: str
+    project_id: str | None
+    scopes: list[str]
+
+
+_TOOL_REGISTRY: list[RegisteredTool] = []
+_AGENT_REGISTRY: list[RegisteredAgent] = []
+
+
+def register_tool(action: str, description: str):
+    def decorator(func: Callable[..., Any]):
+        setattr(func, "_agentauth_tool_action", action)
+        setattr(func, "_agentauth_tool_description", description)
+        _TOOL_REGISTRY.append(RegisteredTool(action=action, description=description, func_name=func.__name__))
+        return func
+
+    return decorator
+
+
+def register_agent(*, agent_id: str, name: str, owner: str, role: str, project_id: str | None = None, scopes: list[str] | None = None):
+    agent = RegisteredAgent(
+        agent_id=agent_id,
+        name=name,
+        owner=owner,
+        role=role,
+        project_id=project_id,
+        scopes=scopes or [],
+    )
+    _AGENT_REGISTRY.append(agent)
+    return agent
+
+
+def list_registered_tools() -> list[RegisteredTool]:
+    return list(_TOOL_REGISTRY)
+
+
+def list_registered_agents() -> list[RegisteredAgent]:
+    return list(_AGENT_REGISTRY)
+
+
+def clear_registries() -> None:
+    _TOOL_REGISTRY.clear()
+    _AGENT_REGISTRY.clear()