agentauthlayer 0.1.1__tar.gz → 0.1.3__tar.gz

agentauthlayer-0.1.3/PKG-INFO

@@ -0,0 +1,221 @@
+Metadata-Version: 2.4
+Name: agentauthlayer
+Version: 0.1.3
+Summary: Library-first authentication and authorization SDK for AI agents
+Author: Vaibhav Ahluwalia
+License: MIT
+Project-URL: Homepage, https://pypi.org/project/agentauthlayer/
+Keywords: agents,auth,authorization,iam,security,sdk
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Requires-Dist: requests>=2.31.0
+Requires-Dist: python-jose>=3.3.0
+
+# agentauthlayer
+
+Python SDK for integrating agent runtimes with the Agent Auth control plane.
+
+`agentauthlayer` helps you:
+- authenticate once and reuse local credentials
+- register agents from code
+- sync tool and capability definitions
+- evaluate permissions against the control plane
+- apply permission checks inside runtime functions
+
+This package is the reusable SDK layer. It is intended for developers integrating Python agents, tools, and workflows with an Agent Auth deployment.
+
+## Install
+
+```bash
+pip install agentauthlayer
+```
+
+## Quickstart
+
+### 1. First-time developer setup
+
+For a fresh self-hosted deployment, complete the control plane setup before using `agentauth login`.
+
+1. Start your Agent Auth deployment.
+2. Open the UI in your browser.
+3. Create the first super admin password.
+4. Create your first project.
+5. Then log in from the CLI.
+
+Open the UI with:
+
+```bash
+agentauth ui --base-url http://127.0.0.1:8002
+```
+
+Then log in once:
+
+```bash
+agentauth login --base-url http://127.0.0.1:8002
+```
+
+This stores local credentials so your code can connect without manually pasting a token every time.
+
+Useful follow-up commands:
+
+```bash
+agentauth whoami
+agentauth logout
+agentauth ui
+```
+
+If the deployment has not been initialized yet, `agentauth login` will tell you to finish setup in the UI first.
+
+### 2. Define tools and agents in code
+
+```python
+from agent_auth import register_tool, register_agent, require_permission
+
+@register_tool(action="math.compute", description="Run approved math jobs")
+@require_permission("math.compute", resource="math/basic")
+def add(a: int, b: int, agent_id: str | None = None, role: str | None = None, context: dict | None = None):
+    return a + b
+
+register_agent(
+    agent_id="math-agent",
+    name="Math Agent",
+    owner="you@company.com",
+    role="research_agent",
+    project_id="ai-platform",
+    scopes=[],
+)
+```
+
+### 3. Sync everything with one command
+
+```bash
+agentauth sync --module your_module_name
+```
+
+This imports the module, discovers registered tools and agents, syncs capability definitions, and creates agents through the control plane.
+
+## SDK client usage
+
+```python
+from agent_auth import AuthAPIClient
+
+client = AuthAPIClient()
+
+agent = client.create_agent(
+    agent_id="research-bot-01",
+    name="Research Bot 01",
+    owner="vaibhav@company.com",
+    role="research_agent",
+    scopes=[],
+    project_id="ai-platform",
+)
+
+print(agent)
+```
+
+## Environment variables
+
+If you prefer non-interactive configuration, the SDK also supports environment variables:
+
+```bash
+export AGENT_AUTH_URL=http://127.0.0.1:8002
+export AGENT_AUTH_TOKEN=YOUR_ADMIN_OR_SERVICE_TOKEN
+```
+
+`AGENT_AUTH_TOKEN` is typically a bearer token, often represented as a long JWT string.
+
+Recommended usage:
+- use `agentauth login` for local human developer workflows
+- use `AGENT_AUTH_TOKEN` for CI, automation, or service-driven execution
+
+If an env token expires, requests will fail until you replace it or log in again.
+Avoid committing tokens into source control or long-lived shared `.env` files.
+
+Resolution order used by `AuthAPIClient()`:
+1. explicit constructor arguments
+2. environment variables
+3. stored local credentials from `agentauth login`
+
+## Common tasks
+
+### Sync tools manually
+
+```python
+client.sync_tools([
+    {"action": "tool.search_web", "description": "Search the web"},
+    {"action": "docs.read", "description": "Read protected docs"},
+])
+```
+
+### Evaluate access
+
+```python
+decision = client.evaluate(
+    principal_id="research-bot-01",
+    action="tool.search_web",
+    resource="web/*",
+    role="research_agent",
+)
+
+print(decision)
+```
+
+### Fetch or delete an agent
+
+```python
+agent = client.get_agent("research-bot-01")
+print(agent)
+
+result = client.delete_agent("research-bot-01")
+print(result)
+```
+
+CLI equivalent:
+
+```bash
+agentauth delete-agent research-bot-01
+```
+
+## Public package scope
+
+This package provides:
+- the Python SDK (`agent_auth`)
+- CLI helpers for login, sync, and agent cleanup
+- registry-based tool and agent sync
+- permission evaluation helpers
+
+It does not package the full control plane server or admin dashboard.
+
+## Suitable use cases
+
+- Python agent runtimes
+- tool-based workflows
+- service-to-control-plane integrations
+- local development with stored credentials
+- CI or automation using environment variables
+
+## Requirements
+
+- Python 3.10+
+- access to a running Agent Auth control plane
+
+## Notes
+
+The import path remains:
+
+```python
+from agent_auth import ...
+```
+
+while the published package name is:
+
+```bash
+pip install agentauthlayer
+```

agentauthlayer-0.1.3/README.md

@@ -0,0 +1,201 @@
+# agentauthlayer
+
+Python SDK for integrating agent runtimes with the Agent Auth control plane.
+
+`agentauthlayer` helps you:
+- authenticate once and reuse local credentials
+- register agents from code
+- sync tool and capability definitions
+- evaluate permissions against the control plane
+- apply permission checks inside runtime functions
+
+This package is the reusable SDK layer. It is intended for developers integrating Python agents, tools, and workflows with an Agent Auth deployment.
+
+## Install
+
+```bash
+pip install agentauthlayer
+```
+
+## Quickstart
+
+### 1. First-time developer setup
+
+For a fresh self-hosted deployment, complete the control plane setup before using `agentauth login`.
+
+1. Start your Agent Auth deployment.
+2. Open the UI in your browser.
+3. Create the first super admin password.
+4. Create your first project.
+5. Then log in from the CLI.
+
+Open the UI with:
+
+```bash
+agentauth ui --base-url http://127.0.0.1:8002
+```
+
+Then log in once:
+
+```bash
+agentauth login --base-url http://127.0.0.1:8002
+```
+
+This stores local credentials so your code can connect without manually pasting a token every time.
+
+Useful follow-up commands:
+
+```bash
+agentauth whoami
+agentauth logout
+agentauth ui
+```
+
+If the deployment has not been initialized yet, `agentauth login` will tell you to finish setup in the UI first.
+
+### 2. Define tools and agents in code
+
+```python
+from agent_auth import register_tool, register_agent, require_permission
+
+@register_tool(action="math.compute", description="Run approved math jobs")
+@require_permission("math.compute", resource="math/basic")
+def add(a: int, b: int, agent_id: str | None = None, role: str | None = None, context: dict | None = None):
+    return a + b
+
+register_agent(
+    agent_id="math-agent",
+    name="Math Agent",
+    owner="you@company.com",
+    role="research_agent",
+    project_id="ai-platform",
+    scopes=[],
+)
+```
+
+### 3. Sync everything with one command
+
+```bash
+agentauth sync --module your_module_name
+```
+
+This imports the module, discovers registered tools and agents, syncs capability definitions, and creates agents through the control plane.
+
+## SDK client usage
+
+```python
+from agent_auth import AuthAPIClient
+
+client = AuthAPIClient()
+
+agent = client.create_agent(
+    agent_id="research-bot-01",
+    name="Research Bot 01",
+    owner="vaibhav@company.com",
+    role="research_agent",
+    scopes=[],
+    project_id="ai-platform",
+)
+
+print(agent)
+```
+
+## Environment variables
+
+If you prefer non-interactive configuration, the SDK also supports environment variables:
+
+```bash
+export AGENT_AUTH_URL=http://127.0.0.1:8002
+export AGENT_AUTH_TOKEN=YOUR_ADMIN_OR_SERVICE_TOKEN
+```
+
+`AGENT_AUTH_TOKEN` is typically a bearer token, often represented as a long JWT string.
+
+Recommended usage:
+- use `agentauth login` for local human developer workflows
+- use `AGENT_AUTH_TOKEN` for CI, automation, or service-driven execution
+
+If an env token expires, requests will fail until you replace it or log in again.
+Avoid committing tokens into source control or long-lived shared `.env` files.
+
+Resolution order used by `AuthAPIClient()`:
+1. explicit constructor arguments
+2. environment variables
+3. stored local credentials from `agentauth login`
+
+## Common tasks
+
+### Sync tools manually
+
+```python
+client.sync_tools([
+    {"action": "tool.search_web", "description": "Search the web"},
+    {"action": "docs.read", "description": "Read protected docs"},
+])
+```
+
+### Evaluate access
+
+```python
+decision = client.evaluate(
+    principal_id="research-bot-01",
+    action="tool.search_web",
+    resource="web/*",
+    role="research_agent",
+)
+
+print(decision)
+```
+
+### Fetch or delete an agent
+
+```python
+agent = client.get_agent("research-bot-01")
+print(agent)
+
+result = client.delete_agent("research-bot-01")
+print(result)
+```
+
+CLI equivalent:
+
+```bash
+agentauth delete-agent research-bot-01
+```
+
+## Public package scope
+
+This package provides:
+- the Python SDK (`agent_auth`)
+- CLI helpers for login, sync, and agent cleanup
+- registry-based tool and agent sync
+- permission evaluation helpers
+
+It does not package the full control plane server or admin dashboard.
+
+## Suitable use cases
+
+- Python agent runtimes
+- tool-based workflows
+- service-to-control-plane integrations
+- local development with stored credentials
+- CI or automation using environment variables
+
+## Requirements
+
+- Python 3.10+
+- access to a running Agent Auth control plane
+
+## Notes
+
+The import path remains:
+
+```python
+from agent_auth import ...
+```
+
+while the published package name is:
+
+```bash
+pip install agentauthlayer
+```

{agentauthlayer-0.1.1 → agentauthlayer-0.1.3}/agent_auth/__init__.py

@@ -15,6 +15,13 @@ from agent_auth.exceptions import (
 from agent_auth.models import Agent, TokenClaims, TokenRecord, User, UserClaims
 from agent_auth.policy import PolicyDecision, PolicyEvaluator, PolicyRequest, PolicyStatement, RoleDefinition, require_permission
 from agent_auth.principals import AgentPrincipal, Principal, SystemPrincipal, UserPrincipal, user_scopes_for_role
+from agent_auth.registry import (
+    clear_registries,
+    list_registered_agents,
+    list_registered_tools,
+    register_agent,
+    register_tool,
+)
 
 __all__ = [
     "Agent",
@@ -40,9 +47,14 @@ __all__ = [
     "User",
     "UserClaims",
     "UserPrincipal",
+    "clear_registries",
+    "list_registered_agents",
+    "list_registered_tools",
     "principal_fields",
     "principal_from_agent",
     "principal_from_user",
+    "register_agent",
+    "register_tool",
     "require_permission",
     "user_scopes_for_role",
 ]

agentauthlayer-0.1.3/agent_auth/__main__.py

@@ -0,0 +1,5 @@
+from agent_auth.cli import main
+
+
+if __name__ == '__main__':
+    raise SystemExit(main())

agentauthlayer-0.1.3/agent_auth/cli.py

@@ -0,0 +1,188 @@
+from __future__ import annotations
+
+import argparse
+import getpass
+import importlib
+import json
+import sys
+import webbrowser
+
+import requests
+
+from agent_auth.client import AuthAPIClient
+from agent_auth.credentials import clear_credentials, load_credentials, save_credentials
+from agent_auth.registry import clear_registries, list_registered_agents, list_registered_tools
+
+
+def _response_detail(response: requests.Response) -> str:
+    try:
+        payload = response.json()
+        if isinstance(payload, dict) and payload.get('detail'):
+            return str(payload['detail'])
+    except Exception:
+        pass
+    return response.text.strip() or f'Request failed with status {response.status_code}'
+
+
+def _bootstrap_status(base_url: str) -> bool | None:
+    try:
+        response = requests.get(f"{base_url}/bootstrap/status", timeout=10)
+    except requests.RequestException:
+        return None
+    if not response.ok:
+        return None
+    try:
+        payload = response.json()
+        return bool(payload.get('is_setup'))
+    except Exception:
+        return None
+
+
+def login_command(args) -> int:
+    base_url = (args.base_url or 'http://127.0.0.1:8002').rstrip('/')
+    setup_status = _bootstrap_status(base_url)
+
+    if setup_status is False:
+        print(
+            '\nThis Agent Auth deployment has not been initialized yet.\n'
+            'First-time developer setup:\n'
+            f'  1. Open the UI: {base_url}\n'
+            '  2. Create the first super admin password\n'
+            '  3. Create your first project\n'
+            '  4. Run agentauth login again\n',
+            file=sys.stderr,
+        )
+        return 1
+
+    email = args.email or input('Email: ').strip()
+    password = args.password or getpass.getpass('Password: ')
+
+    response = requests.post(
+        f"{base_url}/users/login",
+        json={"email": email, "password": password},
+        timeout=30,
+    )
+    if not response.ok:
+        detail = _response_detail(response)
+        if response.status_code == 401 and setup_status is not True:
+            print(
+                f"{detail}\n\n"
+                'If this is your first time using this deployment, initialize it first in the UI, then try logging in again.',
+                file=sys.stderr,
+            )
+        else:
+            print(detail, file=sys.stderr)
+        return 1
+
+    payload = response.json()
+    save_credentials({
+        'base_url': base_url,
+        'token': payload['access_token'],
+        'email': payload['user']['email'],
+    })
+    print(f"Logged in to {base_url} as {payload['user']['email']}")
+    return 0
+
+
+def whoami_command(args) -> int:
+    creds = load_credentials()
+    if not creds:
+        print('Not logged in.')
+        return 1
+    client = AuthAPIClient()
+    me = client.me()
+    print(json.dumps(me, indent=2))
+    return 0
+
+
+def logout_command(args) -> int:
+    clear_credentials()
+    print('Logged out.')
+    return 0
+
+
+def sync_command(args) -> int:
+    clear_registries()
+    importlib.import_module(args.module)
+
+    client = AuthAPIClient()
+    tools = list_registered_tools()
+    agents = list_registered_agents()
+
+    if tools:
+        client.sync_tools([
+            {'action': tool.action, 'description': tool.description}
+            for tool in tools
+        ])
+
+    created_agents = []
+    for agent in agents:
+        created_agents.append(client.create_agent(
+            agent_id=agent.agent_id,
+            name=agent.name,
+            owner=agent.owner,
+            role=agent.role,
+            scopes=agent.scopes,
+            project_id=agent.project_id,
+        ))
+
+    print(json.dumps({
+        'module': args.module,
+        'synced_tools': [tool.action for tool in tools],
+        'synced_agents': [agent['agent_id'] for agent in created_agents],
+    }, indent=2))
+    return 0
+
+
+def delete_agent_command(args) -> int:
+    client = AuthAPIClient()
+    result = client.delete_agent(args.agent_id)
+    print(json.dumps(result, indent=2))
+    return 0
+
+
+def ui_command(args) -> int:
+    creds = load_credentials() or {}
+    base_url = (args.base_url or creds.get('base_url') or 'http://127.0.0.1:8002').rstrip('/')
+    webbrowser.open(base_url)
+    print(f'Opened UI: {base_url}')
+    return 0
+
+
+def main():
+    parser = argparse.ArgumentParser(prog='agentauth', description='Agent Auth SDK CLI')
+    subparsers = parser.add_subparsers(dest='command')
+
+    login_parser = subparsers.add_parser('login', help='Log in and store local credentials')
+    login_parser.add_argument('--base-url', default='http://127.0.0.1:8002')
+    login_parser.add_argument('--email')
+    login_parser.add_argument('--password')
+    login_parser.set_defaults(func=login_command)
+
+    whoami_parser = subparsers.add_parser('whoami', help='Show the currently stored user context')
+    whoami_parser.set_defaults(func=whoami_command)
+
+    logout_parser = subparsers.add_parser('logout', help='Clear stored local credentials')
+    logout_parser.set_defaults(func=logout_command)
+
+    sync_parser = subparsers.add_parser('sync', help='Import a module and sync its registered tools and agents')
+    sync_parser.add_argument('--module', required=True)
+    sync_parser.set_defaults(func=sync_command)
+
+    delete_agent_parser = subparsers.add_parser('delete-agent', help='Delete an agent by ID')
+    delete_agent_parser.add_argument('agent_id')
+    delete_agent_parser.set_defaults(func=delete_agent_command)
+
+    ui_parser = subparsers.add_parser('ui', help='Open the configured control plane UI in a browser')
+    ui_parser.add_argument('--base-url')
+    ui_parser.set_defaults(func=ui_command)
+
+    args = parser.parse_args()
+    if not hasattr(args, 'func'):
+        parser.print_help()
+        return 1
+    return args.func(args)
+
+
+if __name__ == '__main__':
+    raise SystemExit(main())

{agentauthlayer-0.1.1 → agentauthlayer-0.1.3}/agent_auth/client.py

@@ -6,6 +6,7 @@ from typing import Any
 import requests
 
 from agent_auth.context import AuthContext
+from agent_auth.credentials import load_credentials
 from agent_auth.exceptions import (
     AgentNotFoundError,
     AuthServiceError,
@@ -19,8 +20,9 @@ class AuthAPIClient:
     """Thin SDK client for talking to the Agent Auth control plane."""
 
     def __init__(self, base_url: str | None = None, token: str | None = None, timeout: int = 30) -> None:
-        self.base_url = (base_url or os.getenv("AGENT_AUTH_URL") or "http://127.0.0.1:8002").rstrip("/")
-        self.token = token or os.getenv("AGENT_AUTH_TOKEN")
+        stored = load_credentials() or {}
+        self.base_url = (base_url or os.getenv("AGENT_AUTH_URL") or stored.get("base_url") or "http://127.0.0.1:8002").rstrip("/")
+        self.token = token or os.getenv("AGENT_AUTH_TOKEN") or stored.get("token")
         self.timeout = timeout
 
     def _headers(self) -> dict[str, str]:
@@ -62,6 +64,9 @@ class AuthAPIClient:
     def health(self) -> dict[str, Any]:
         return self._request("GET", "/health")
 
+    def me(self) -> dict[str, Any]:
+        return self._request("GET", "/users/me")
+
     def create_agent(self, agent_id: str, name: str, owner: str, role: str, scopes: list[str], project_id: str | None = None) -> dict[str, Any]:
         payload = {
             "agent_id": agent_id,
@@ -74,6 +79,9 @@ class AuthAPIClient:
             payload["project_id"] = project_id
         return self._request("POST", "/agents", json=payload)
 
+    def delete_agent(self, agent_id: str) -> dict[str, Any]:
+        return self._request("DELETE", f"/agents/{agent_id}")
+
     def get_agent(self, agent_id: str) -> dict[str, Any]:
         return self._request("GET", f"/agents/{agent_id}")