agentauthlayer 0.1.2__tar.gz → 0.1.4__tar.gz

agentauthlayer-0.1.4/MANIFEST.in

@@ -0,0 +1,2 @@
+recursive-include agent_auth/web_dist *
+include agent_auth_definitive_guide.pdf

{agentauthlayer-0.1.2 → agentauthlayer-0.1.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: agentauthlayer
-Version: 0.1.2
+Version: 0.1.4
 Summary: Library-first authentication and authorization SDK for AI agents
 Author: Vaibhav Ahluwalia
 License: MIT
@@ -17,19 +17,33 @@ Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 Requires-Dist: requests>=2.31.0
 Requires-Dist: python-jose>=3.3.0
+Requires-Dist: fastapi
+Requires-Dist: uvicorn
+Requires-Dist: pydantic
+Requires-Dist: pydantic-settings
+Requires-Dist: passlib[bcrypt]
+Requires-Dist: bcrypt==4.0.1
+Requires-Dist: python-multipart
+Requires-Dist: httpx
+Requires-Dist: sqlalchemy
+Requires-Dist: email-validator
 
 # agentauthlayer
 
-Python SDK for integrating agent runtimes with the Agent Auth control plane.
+Unified SDK and local control plane package for Agent Auth.
 
 `agentauthlayer` helps you:
+- start a local Agent Auth backend and UI with one command
 - authenticate once and reuse local credentials
 - register agents from code
 - sync tool and capability definitions
 - evaluate permissions against the control plane
 - apply permission checks inside runtime functions
 
-This package is the reusable SDK layer. It is intended for developers integrating Python agents, tools, and workflows with an Agent Auth deployment.
+This package now ships as a unified developer install containing:
+- the reusable Python SDK layer
+- the local control plane backend runtime
+- the packaged admin UI assets
 
 ## Install
 
@@ -39,7 +53,38 @@ pip install agentauthlayer
 
 ## Quickstart
 
-### 1. Log in once
+### 1. Start the local control plane
+
+For a local developer setup, start Agent Auth with one command:
+
+```bash
+agentauth up
+```
+
+This starts the packaged local control plane on `http://127.0.0.1:8002` by default.
+
+If you want a different port:
+
+```bash
+agentauth up --port 8014
+```
+
+### 2. First-time developer setup
+
+For a fresh deployment:
+
+1. Open the UI in your browser.
+2. Create the first super admin password.
+3. Create your first project.
+4. Then log in from the CLI.
+
+Open the UI with:
+
+```bash
+agentauth ui --base-url http://127.0.0.1:8002
+```
+
+Then log in once:
 
 ```bash
 agentauth login --base-url http://127.0.0.1:8002
@@ -55,7 +100,9 @@ agentauth logout
 agentauth ui
 ```
 
-### 2. Define tools and agents in code
+If the deployment has not been initialized yet, `agentauth login` will tell you to finish setup in the UI first.
+
+### 3. Define tools and agents in code
 
 ```python
 from agent_auth import register_tool, register_agent, require_permission
@@ -75,7 +122,7 @@ register_agent(
 )
 ```
 
-### 3. Sync everything with one command
+### 4. Sync everything with one command
 
 ```bash
 agentauth sync --module your_module_name
@@ -111,6 +158,15 @@ export AGENT_AUTH_URL=http://127.0.0.1:8002
 export AGENT_AUTH_TOKEN=YOUR_ADMIN_OR_SERVICE_TOKEN
 ```
 
+`AGENT_AUTH_TOKEN` is typically a bearer token, often represented as a long JWT string.
+
+Recommended usage:
+- use `agentauth login` for local human developer workflows
+- use `AGENT_AUTH_TOKEN` for CI, automation, or service-driven execution
+
+If an env token expires, requests will fail until you replace it or log in again.
+Avoid committing tokens into source control or long-lived shared `.env` files.
+
 Resolution order used by `AuthAPIClient()`:
 1. explicit constructor arguments
 2. environment variables
@@ -160,12 +216,13 @@ agentauth delete-agent research-bot-01
 
 This package provides:
 - the Python SDK (`agent_auth`)
+- local control plane startup via `agentauth up`
+- packaged backend runtime (`auth_app`)
+- packaged admin UI assets
 - CLI helpers for login, sync, and agent cleanup
 - registry-based tool and agent sync
 - permission evaluation helpers
 
-It does not package the full control plane server or admin dashboard.
-
 ## Suitable use cases
 
 - Python agent runtimes
@@ -181,6 +238,12 @@ It does not package the full control plane server or admin dashboard.
 
 ## Notes
 
+The package naming model is:
+
+- install name: `agentauthlayer`
+- CLI: `agentauth`
+- Python import namespace: `agent_auth`
+
 The import path remains:
 
 ```python

{agentauthlayer-0.1.2 → agentauthlayer-0.1.4}/README.md

@@ -1,15 +1,19 @@
 # agentauthlayer
 
-Python SDK for integrating agent runtimes with the Agent Auth control plane.
+Unified SDK and local control plane package for Agent Auth.
 
 `agentauthlayer` helps you:
+- start a local Agent Auth backend and UI with one command
 - authenticate once and reuse local credentials
 - register agents from code
 - sync tool and capability definitions
 - evaluate permissions against the control plane
 - apply permission checks inside runtime functions
 
-This package is the reusable SDK layer. It is intended for developers integrating Python agents, tools, and workflows with an Agent Auth deployment.
+This package now ships as a unified developer install containing:
+- the reusable Python SDK layer
+- the local control plane backend runtime
+- the packaged admin UI assets
 
 ## Install
 
@@ -19,7 +23,38 @@ pip install agentauthlayer
 
 ## Quickstart
 
-### 1. Log in once
+### 1. Start the local control plane
+
+For a local developer setup, start Agent Auth with one command:
+
+```bash
+agentauth up
+```
+
+This starts the packaged local control plane on `http://127.0.0.1:8002` by default.
+
+If you want a different port:
+
+```bash
+agentauth up --port 8014
+```
+
+### 2. First-time developer setup
+
+For a fresh deployment:
+
+1. Open the UI in your browser.
+2. Create the first super admin password.
+3. Create your first project.
+4. Then log in from the CLI.
+
+Open the UI with:
+
+```bash
+agentauth ui --base-url http://127.0.0.1:8002
+```
+
+Then log in once:
 
 ```bash
 agentauth login --base-url http://127.0.0.1:8002
@@ -35,7 +70,9 @@ agentauth logout
 agentauth ui
 ```
 
-### 2. Define tools and agents in code
+If the deployment has not been initialized yet, `agentauth login` will tell you to finish setup in the UI first.
+
+### 3. Define tools and agents in code
 
 ```python
 from agent_auth import register_tool, register_agent, require_permission
@@ -55,7 +92,7 @@ register_agent(
 )
 ```
 
-### 3. Sync everything with one command
+### 4. Sync everything with one command
 
 ```bash
 agentauth sync --module your_module_name
@@ -91,6 +128,15 @@ export AGENT_AUTH_URL=http://127.0.0.1:8002
 export AGENT_AUTH_TOKEN=YOUR_ADMIN_OR_SERVICE_TOKEN
 ```
 
+`AGENT_AUTH_TOKEN` is typically a bearer token, often represented as a long JWT string.
+
+Recommended usage:
+- use `agentauth login` for local human developer workflows
+- use `AGENT_AUTH_TOKEN` for CI, automation, or service-driven execution
+
+If an env token expires, requests will fail until you replace it or log in again.
+Avoid committing tokens into source control or long-lived shared `.env` files.
+
 Resolution order used by `AuthAPIClient()`:
 1. explicit constructor arguments
 2. environment variables
@@ -140,12 +186,13 @@ agentauth delete-agent research-bot-01
 
 This package provides:
 - the Python SDK (`agent_auth`)
+- local control plane startup via `agentauth up`
+- packaged backend runtime (`auth_app`)
+- packaged admin UI assets
 - CLI helpers for login, sync, and agent cleanup
 - registry-based tool and agent sync
 - permission evaluation helpers
 
-It does not package the full control plane server or admin dashboard.
-
 ## Suitable use cases
 
 - Python agent runtimes
@@ -161,6 +208,12 @@ It does not package the full control plane server or admin dashboard.
 
 ## Notes
 
+The package naming model is:
+
+- install name: `agentauthlayer`
+- CLI: `agentauth`
+- Python import namespace: `agent_auth`
+
 The import path remains:
 
 ```python

{agentauthlayer-0.1.2 → agentauthlayer-0.1.4}/agent_auth/cli.py

@@ -12,12 +12,51 @@ import requests
 from agent_auth.client import AuthAPIClient
 from agent_auth.credentials import clear_credentials, load_credentials, save_credentials
 from agent_auth.registry import clear_registries, list_registered_agents, list_registered_tools
+from agent_auth.server_runtime import DEFAULT_BASE_URL, start_local_server, wait_for_health
+
+
+def _response_detail(response: requests.Response) -> str:
+    try:
+        payload = response.json()
+        if isinstance(payload, dict) and payload.get('detail'):
+            return str(payload['detail'])
+    except Exception:
+        pass
+    return response.text.strip() or f'Request failed with status {response.status_code}'
+
+
+def _bootstrap_status(base_url: str) -> bool | None:
+    try:
+        response = requests.get(f"{base_url}/bootstrap/status", timeout=10)
+    except requests.RequestException:
+        return None
+    if not response.ok:
+        return None
+    try:
+        payload = response.json()
+        return bool(payload.get('is_setup'))
+    except Exception:
+        return None
 
 
 def login_command(args) -> int:
+    base_url = (args.base_url or 'http://127.0.0.1:8002').rstrip('/')
+    setup_status = _bootstrap_status(base_url)
+
+    if setup_status is False:
+        print(
+            '\nThis Agent Auth deployment has not been initialized yet.\n'
+            'First-time developer setup:\n'
+            f'  1. Open the UI: {base_url}\n'
+            '  2. Create the first super admin password\n'
+            '  3. Create your first project\n'
+            '  4. Run agentauth login again\n',
+            file=sys.stderr,
+        )
+        return 1
+
     email = args.email or input('Email: ').strip()
     password = args.password or getpass.getpass('Password: ')
-    base_url = (args.base_url or 'http://127.0.0.1:8002').rstrip('/')
 
     response = requests.post(
         f"{base_url}/users/login",
@@ -25,7 +64,15 @@ def login_command(args) -> int:
         timeout=30,
     )
     if not response.ok:
-        print(response.text, file=sys.stderr)
+        detail = _response_detail(response)
+        if response.status_code == 401 and setup_status is not True:
+            print(
+                f"{detail}\n\n"
+                'If this is your first time using this deployment, initialize it first in the UI, then try logging in again.',
+                file=sys.stderr,
+            )
+        else:
+            print(detail, file=sys.stderr)
         return 1
 
     payload = response.json()
@@ -97,18 +144,58 @@ def delete_agent_command(args) -> int:
 
 def ui_command(args) -> int:
     creds = load_credentials() or {}
-    base_url = (args.base_url or creds.get('base_url') or 'http://127.0.0.1:8002').rstrip('/')
+    base_url = (args.base_url or creds.get('base_url') or DEFAULT_BASE_URL).rstrip('/')
     webbrowser.open(base_url)
     print(f'Opened UI: {base_url}')
     return 0
 
 
+def up_command(args) -> int:
+    host = args.host
+    port = args.port
+    process, base_url = start_local_server(host=host, port=port)
+
+    if process is None:
+        print(f'Agent Auth server is already running at {base_url}')
+    else:
+        print(f'Starting Agent Auth local control plane at {base_url}...')
+
+    healthy = wait_for_health(base_url, timeout_seconds=args.wait)
+    if not healthy:
+        print(
+            f'Agent Auth did not become ready at {base_url} within {args.wait} seconds. '
+            'Check ~/.agentauth/server.log for details.',
+            file=sys.stderr,
+        )
+        return 1
+
+    print(f'Agent Auth is running at {base_url}')
+    print('Next steps:')
+    print(f'  1. Open the UI: {base_url}')
+    print('  2. If first time, create the super admin and first project')
+    print(f'  3. Log in: agentauth login --base-url {base_url}')
+    print('  4. Sync your module: agentauth sync --module your_module_name')
+
+    if args.open_browser:
+        webbrowser.open(base_url)
+        print('Opened browser.')
+
+    return 0
+
+
 def main():
     parser = argparse.ArgumentParser(prog='agentauth', description='Agent Auth SDK CLI')
     subparsers = parser.add_subparsers(dest='command')
 
+    up_parser = subparsers.add_parser('up', help='Start the local Agent Auth control plane')
+    up_parser.add_argument('--host', default='127.0.0.1')
+    up_parser.add_argument('--port', type=int, default=8002)
+    up_parser.add_argument('--wait', type=int, default=20)
+    up_parser.add_argument('--open-browser', action='store_true')
+    up_parser.set_defaults(func=up_command)
+
     login_parser = subparsers.add_parser('login', help='Log in and store local credentials')
-    login_parser.add_argument('--base-url', default='http://127.0.0.1:8002')
+    login_parser.add_argument('--base-url', default=DEFAULT_BASE_URL)
     login_parser.add_argument('--email')
     login_parser.add_argument('--password')
     login_parser.set_defaults(func=login_command)

agentauthlayer-0.1.4/agent_auth/runtime.py

@@ -0,0 +1,25 @@
+from __future__ import annotations
+
+from pathlib import Path
+
+
+def project_root() -> Path:
+    return Path(__file__).resolve().parent.parent
+
+
+def packaged_frontend_dist_dir() -> Path:
+    return Path(__file__).resolve().parent / "web_dist"
+
+
+def frontend_dist_dir() -> Path:
+    packaged = packaged_frontend_dist_dir()
+    if packaged.is_dir() and (packaged / "index.html").is_file():
+        return packaged
+    return project_root() / "frontend" / "dist"
+
+
+def project_pdf_path() -> Path:
+    packaged = project_root() / "agent_auth_definitive_guide.pdf"
+    if packaged.is_file():
+        return packaged
+    return Path(__file__).resolve().parent.parent / "agent_auth_definitive_guide.pdf"

agentauthlayer-0.1.4/agent_auth/server_runtime.py

@@ -0,0 +1,123 @@
+from __future__ import annotations
+
+import os
+import secrets
+import subprocess
+import sys
+import time
+from pathlib import Path
+
+import requests
+
+from agent_auth.runtime import project_root
+
+
+DEFAULT_HOST = "127.0.0.1"
+DEFAULT_PORT = 8002
+DEFAULT_BASE_URL = f"http://{DEFAULT_HOST}:{DEFAULT_PORT}"
+
+
+def local_data_dir() -> Path:
+    return Path.home() / ".agentauth"
+
+
+def _server_key(host: str, port: int) -> str:
+    safe_host = host.replace(":", "_").replace("/", "_")
+    return f"{safe_host}_{port}"
+
+
+def local_db_path(host: str = DEFAULT_HOST, port: int = DEFAULT_PORT) -> Path:
+    return local_data_dir() / f"auth_{_server_key(host, port)}.db"
+
+
+def local_log_path(host: str = DEFAULT_HOST, port: int = DEFAULT_PORT) -> Path:
+    return local_data_dir() / f"server_{_server_key(host, port)}.log"
+
+
+def local_pid_path(host: str = DEFAULT_HOST, port: int = DEFAULT_PORT) -> Path:
+    return local_data_dir() / f"server_{_server_key(host, port)}.pid"
+
+
+def ensure_local_env(host: str = DEFAULT_HOST, port: int = DEFAULT_PORT) -> dict[str, str]:
+    data_dir = local_data_dir()
+    data_dir.mkdir(parents=True, exist_ok=True)
+
+    env = os.environ.copy()
+    env.setdefault("STORAGE_BACKEND", "sqlite")
+    env.setdefault("DATABASE_URL", f"sqlite:///{local_db_path(host, port)}")
+    env.setdefault("JWT_SECRET_KEY", f"agentauth_local_{secrets.token_urlsafe(24)}")
+    env.setdefault("CORS_ORIGINS", "*")
+    return env
+
+
+def is_running(pid: int) -> bool:
+    try:
+        os.kill(pid, 0)
+    except OSError:
+        return False
+    return True
+
+
+def read_pid(host: str = DEFAULT_HOST, port: int = DEFAULT_PORT) -> int | None:
+    pid_path = local_pid_path(host, port)
+    if not pid_path.exists():
+        return None
+    try:
+        return int(pid_path.read_text().strip())
+    except Exception:
+        return None
+
+
+def write_pid(pid: int, host: str = DEFAULT_HOST, port: int = DEFAULT_PORT) -> None:
+    local_pid_path(host, port).write_text(str(pid))
+
+
+def server_url(host: str = DEFAULT_HOST, port: int = DEFAULT_PORT) -> str:
+    return f"http://{host}:{port}"
+
+
+def wait_for_health(base_url: str, timeout_seconds: int = 20) -> bool:
+    deadline = time.time() + timeout_seconds
+    while time.time() < deadline:
+        try:
+            response = requests.get(f"{base_url}/health", timeout=2)
+            if response.ok:
+                return True
+        except requests.RequestException:
+            pass
+        time.sleep(0.5)
+    return False
+
+
+def start_local_server(host: str = DEFAULT_HOST, port: int = DEFAULT_PORT) -> tuple[subprocess.Popen[bytes] | None, str]:
+    existing_pid = read_pid(host, port)
+    base_url = server_url(host, port)
+    if existing_pid and is_running(existing_pid) and wait_for_health(base_url, timeout_seconds=2):
+        return None, base_url
+
+    env = ensure_local_env(host, port)
+    log_path = local_log_path(host, port)
+    log_path.parent.mkdir(parents=True, exist_ok=True)
+
+    cmd = [
+        sys.executable,
+        "-m",
+        "uvicorn",
+        "auth_app.main:app",
+        "--host",
+        host,
+        "--port",
+        str(port),
+    ]
+
+    with log_path.open("ab") as log_file:
+        process = subprocess.Popen(
+            cmd,
+            cwd=str(project_root()),
+            env=env,
+            stdout=log_file,
+            stderr=subprocess.STDOUT,
+        )
+
+    write_pid(process.pid, host, port)
+    return process, base_url