agentnode-sdk 0.11.1__tar.gz → 0.11.3__tar.gz

{agentnode_sdk-0.11.1 → agentnode_sdk-0.11.3}/CHANGELOG.md

@@ -1,5 +1,44 @@
 # Changelog
 
+## 0.11.3 — Test hygiene + multi-tool run guidance
+
+### Fixed
+
+- **Stale lock-integrity field-classification test.** `test_real_lockfile_fields_classified`
+  used the V1 `CANONICAL_FIELDS` set, so it flagged the V3 field `publisher_slug`
+  as "unclassified" on real lockfiles and failed. The integrity model itself
+  already seals `publisher_slug` (`CANONICAL_FIELDS_V3`); only the test was stale.
+  Updated to `CANONICAL_FIELDS_V3` — no change to the integrity model.
+
+### Changed
+
+- **Clearer `agentnode run <slug>` error for multi-tool packs.** When a package
+  exposes more than one tool and resolution fails without an explicit tool name,
+  the error now lists the available tools and points at
+  `agentnode run <slug>:<tool>` instead of a generic "no entrypoint" / "Function
+  'run' not found". Message-only — single-tool auto-select and multi-tool dispatch
+  behaviour are unchanged. Applied consistently to the host and container paths.
+
+## 0.11.2 — CLI run resolution fixes
+
+### Fixed
+
+- **`agentnode run <slug>` auto-selects a single-tool pack's tool.** When a
+  toolpack declares exactly one tool with an entrypoint, `run <slug>` (no tool
+  name) now resolves that tool instead of a non-existent default `run` function
+  (which raised `ImportError: Function 'run' not found`). Multi-tool packs are
+  unchanged — the runner does not guess among several tools. Applied
+  consistently to the host (`load_tool`) and container (`_resolve_container_target`)
+  paths via a shared `_default_tool_entrypoint` helper.
+- **`agentnode run <slug>:<tool>` resolves the real package trust/lockfile.**
+  The `slug:tool` form is now split at the CLI boundary, so the lockfile entry
+  and trust level come from the real slug instead of being treated as an unknown
+  (and therefore `unverified`) package. The sandbox/trust gate is unchanged and
+  still keys on the real slug — community/unverified packages stay
+  sandbox-mandatory or fail-closed. Slug/tool parsing is now a shared
+  `references.parse_tool_reference` helper used by both the CLI and the agent
+  runtime.
+
 ## 0.11.1 — Bugfix + hardening
 
 ### Fixed

{agentnode_sdk-0.11.1 → agentnode_sdk-0.11.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: agentnode-sdk
-Version: 0.11.1
+Version: 0.11.3
 Summary: Python SDK for AgentNode — the open upgrade and discovery infrastructure for AI agents.
 Project-URL: Homepage, https://agentnode.net
 Project-URL: Repository, https://github.com/agentnode-ai/agentnode

{agentnode_sdk-0.11.1 → agentnode_sdk-0.11.3}/agentnode_sdk/__init__.py

@@ -38,7 +38,7 @@ from agentnode_sdk.runtime import AgentNodeRuntime
 Client = AgentNodeClient
 ToolError = AgentNodeToolError
 
-__version__ = "0.11.1"
+__version__ = "0.11.3"
 __all__ = [
     "AgentNode",
     "AsyncAgentNode",

{agentnode_sdk-0.11.1 → agentnode_sdk-0.11.3}/agentnode_sdk/cli/commands.py

@@ -837,6 +837,13 @@ def cmd_run(
     if " " in capability.strip():
         return _cmd_run_smart(capability, raw=raw, explain=explain, dry_run=dry_run, json_output=json_output)
 
+    # Slug mode: support `slug:tool`. Split at the CLI boundary so trust and the
+    # lockfile entry resolve on the REAL slug (slugs are kebab-case and never
+    # contain ':'); the tool name is forwarded to run_tool. The sandbox/trust
+    # gate is unchanged — it keys on the real slug's entry just like a bare slug.
+    from agentnode_sdk.references import parse_tool_reference
+    slug, tool_name = parse_tool_reference(capability)
+
     if input_data and file_path:
         print("--input and --file are mutually exclusive.", file=sys.stderr)
         return 1
@@ -875,10 +882,10 @@ def cmd_run(
         is_interactive = os.environ.get("AGENTNODE_NON_INTERACTIVE", "").lower() not in ("true", "1")
         callback = cli_confirmation_callback if is_interactive else None
 
-        result = run_tool(capability, confirmation_callback=callback, **data)
+        result = run_tool(slug, tool_name=tool_name, confirmation_callback=callback, **data)
 
         if result.mode_used == "policy_denied" and result.policy:
-            _print_guard_block(capability, None, result)
+            _print_guard_block(slug, tool_name, result)
             return 1
 
         if explain and hasattr(result, "policy") and result.policy:

{agentnode_sdk-0.11.1 → agentnode_sdk-0.11.3}/agentnode_sdk/installer.py

@@ -1036,6 +1036,35 @@ def _resolve_entrypoint(entrypoint: str) -> tuple[str, str]:
     return entrypoint, "run"
 
 
+def _default_tool_entrypoint(entry: dict) -> str | None:
+    """Entrypoint to use when no explicit ``tool_name`` is given.
+
+    Auto-selects the sole tool when the pack declares EXACTLY one tool with an
+    entrypoint, so ``agentnode run <slug>`` works for single-tool packs without
+    the caller knowing the tool name. Otherwise falls back to the package-level
+    entrypoint — multi-tool packs are unchanged (the runner must not guess
+    among several tools). Returns ``None`` when neither is available.
+    """
+    tools = entry.get("tools") or []
+    if len(tools) == 1 and tools[0].get("entrypoint"):
+        return tools[0]["entrypoint"]
+    return entry.get("entrypoint")
+
+
+def _multi_tool_hint(entry: dict, slug: str = "<slug>") -> str:
+    """Trailing hint for resolution-failure errors: if the pack exposes MORE than
+    one tool, point the user at ``agentnode run <slug>:<tool>`` and list the tools.
+    Empty string for single-tool / no-tools packs. Message-only — does not change
+    which entrypoint is chosen."""
+    names = [t.get("name") for t in (entry.get("tools") or []) if t.get("name")]
+    if len(names) > 1:
+        return (
+            f" This package exposes multiple tools: {names}. "
+            f"Run a specific one with: agentnode run {slug}:<tool>."
+        )
+    return ""
+
+
 def load_tool(slug: str, tool_name: str | None = None, *, _internal: bool = False) -> Any:
     """Load an installed package's tool function.
 
@@ -1101,10 +1130,14 @@ def load_tool(slug: str, tool_name: str | None = None, *, _internal: bool = Fals
             f"Available tools: {[t.get('name') for t in pkg.get('tools', [])]}"
         )
 
-    # v0.1 fallback / single-tool: use package-level entrypoint
-    entrypoint = pkg.get("entrypoint")
+    # No tool_name: auto-select the sole tool when exactly one is declared,
+    # else fall back to the package-level entrypoint (multi-tool unchanged).
+    entrypoint = _default_tool_entrypoint(pkg)
     if not entrypoint:
-        raise ImportError(f"Package '{slug}' has no entrypoint in lockfile.")
+        raise ImportError(
+            f"Package '{slug}' has no entrypoint in lockfile."
+            + _multi_tool_hint(pkg, slug)
+        )
 
     module_path, func_name = _resolve_entrypoint(entrypoint)
     mod = _import_module(module_path, slug)
@@ -1113,6 +1146,7 @@ def load_tool(slug: str, tool_name: str | None = None, *, _internal: bool = Fals
         raise ImportError(
             f"Function '{func_name}' not found in module '{module_path}' "
             f"for package '{slug}'."
+            + _multi_tool_hint(pkg, slug)
         )
     return func
 

agentnode_sdk-0.11.3/agentnode_sdk/references.py

@@ -0,0 +1,21 @@
+"""Shared parsing for package/tool references.
+
+A reference is either a bare package slug (``"word-counter-pack"``) or a
+``slug:tool`` pair (``"word-counter-pack:count_words"``). Package slugs are
+kebab-case (``[a-z0-9-]``) and never contain ``':'``, so the first ``':'``
+unambiguously separates the slug from an optional tool name.
+
+Used by both the CLI run path (``cli.commands.cmd_run``) and the agent runtime
+(``runtimes.agent_runner``) so the two stay in lock-step.
+"""
+from __future__ import annotations
+
+
+def parse_tool_reference(ref: str) -> tuple[str, str | None]:
+    """Parse ``'slug:tool'`` or ``'slug'`` into ``(slug, tool_name)``.
+
+    Returns ``(slug, None)`` when no tool is given (or the tool part is empty,
+    e.g. ``"slug:"``), so callers can treat it as "no specific tool".
+    """
+    slug, _, tool = ref.partition(":")
+    return slug, (tool or None)

{agentnode_sdk-0.11.1 → agentnode_sdk-0.11.3}/agentnode_sdk/runtimes/agent_runner.py

@@ -559,10 +559,7 @@ class AgentContext:
                         tc_args = {}
 
                 # Parse slug:tool_name from the tool call name
-                if ":" in tc_name:
-                    slug, tool_name = tc_name.split(":", 1)
-                else:
-                    slug, tool_name = tc_name, None
+                slug, tool_name = _parse_tool_reference(tc_name)
 
                 tool_result = self.try_tool(slug, tool_name, **tc_args)
 
@@ -2203,11 +2200,13 @@ def _parse_literal(value: str) -> Any:
 # ---------------------------------------------------------------------------
 
 def _parse_tool_reference(ref: str) -> tuple[str, str | None]:
-    """Parse 'slug:tool_name' or 'slug' into (slug, tool_name)."""
-    if ":" in ref:
-        slug, tool_name = ref.split(":", 1)
-        return slug, tool_name
-    return ref, None
+    """Parse 'slug:tool_name' or 'slug' into (slug, tool_name).
+
+    Thin wrapper over the shared :func:`agentnode_sdk.references.parse_tool_reference`
+    so the agent runtime and the CLI run path stay in lock-step.
+    """
+    from agentnode_sdk.references import parse_tool_reference
+    return parse_tool_reference(ref)
 
 
 def _resolve_input_mapping(

{agentnode_sdk-0.11.1 → agentnode_sdk-0.11.3}/agentnode_sdk/runtimes/python_runner.py

@@ -445,7 +445,9 @@ def _resolve_container_target(entry: dict, tool_name: str | None) -> tuple[str,
         first then the default function (``run``), matching load_tool's getattr order;
       - no tool_name → package entrypoint module + its function.
     """
-    from agentnode_sdk.installer import _resolve_entrypoint
+    from agentnode_sdk.installer import (
+        _resolve_entrypoint, _default_tool_entrypoint, _multi_tool_hint,
+    )
 
     tools = entry.get("tools") or []
     if tool_name:
@@ -463,10 +465,11 @@ def _resolve_container_target(entry: dict, tool_name: str | None) -> tuple[str,
             tool_name=tool_name,
         )
 
-    ep = entry.get("entrypoint")
+    ep = _default_tool_entrypoint(entry)
     if not ep:
         raise AgentNodeToolError(
-            "Package has no entrypoint in the lockfile.", tool_name=None,
+            "Package has no entrypoint in the lockfile." + _multi_tool_hint(entry),
+            tool_name=None,
         )
     module, func = _resolve_entrypoint(ep)
     return module, [func]

{agentnode_sdk-0.11.1 → agentnode_sdk-0.11.3}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "agentnode-sdk"
-version = "0.11.1"
+version = "0.11.3"
 description = "Python SDK for AgentNode — the open upgrade and discovery infrastructure for AI agents."
 readme = "README.md"
 requires-python = ">=3.10"

agentnode_sdk-0.11.3/tests/test_cli_run_resolution.py

@@ -0,0 +1,36 @@
+"""CLI `run` resolution (0.11.2): `slug:tool` is split at the CLI boundary so the
+real slug feeds trust/lockfile resolution, and the tool name is forwarded."""
+from agentnode_sdk.cli import commands
+from agentnode_sdk.models import RunToolResult
+
+
+def _spy_run_tool(captured):
+    def fake(slug, tool_name=None, confirmation_callback=None, **kwargs):
+        captured["slug"] = slug
+        captured["tool_name"] = tool_name
+        captured["kwargs"] = kwargs
+        return RunToolResult(success=True, result={"ok": True}, mode_used="subprocess")
+    return fake
+
+
+def test_cmd_run_splits_slug_tool(monkeypatch):
+    """`run <slug>:<tool>` → run_tool(real_slug, tool_name=tool). The real slug
+    is what reaches run_tool, so trust/lockfile resolve on it (not the colon
+    string treated as an unknown unverified package)."""
+    captured = {}
+    monkeypatch.setattr("agentnode_sdk.runner.run_tool", _spy_run_tool(captured))
+    rc = commands.cmd_run("word-counter-pack:count_words", input_data='{"text":"a b"}', json_output=True)
+    assert rc == 0
+    assert captured["slug"] == "word-counter-pack"
+    assert captured["tool_name"] == "count_words"
+    assert captured["kwargs"] == {"text": "a b"}
+
+
+def test_cmd_run_bare_slug_has_no_tool(monkeypatch):
+    """Bare `run <slug>` still forwards tool_name=None (unchanged)."""
+    captured = {}
+    monkeypatch.setattr("agentnode_sdk.runner.run_tool", _spy_run_tool(captured))
+    rc = commands.cmd_run("word-counter-pack", input_data='{"text":"a"}', json_output=True)
+    assert rc == 0
+    assert captured["slug"] == "word-counter-pack"
+    assert captured["tool_name"] is None

{agentnode_sdk-0.11.1 → agentnode_sdk-0.11.3}/tests/test_lock_integrity.py

@@ -595,7 +595,14 @@ class TestFieldClassification:
     """Every field in a real lockfile entry must be either canonical,
     mutable, or the _integrity seal itself."""
 
-    KNOWN_FIELDS = set(CANONICAL_FIELDS) | set(MUTABLE_FIELDS) | {"_integrity", "_signatures"}
+    # V3 = canonical V1 + _signatures + publisher_slug (all integrity-sealed).
+    KNOWN_FIELDS = set(CANONICAL_FIELDS_V3) | set(MUTABLE_FIELDS) | {"_integrity"}
+
+    def test_known_fields_cover_v3(self):
+        """Regression: V3 canonical fields (incl. _signatures, publisher_slug)
+        must be classified, else a real lockfile carrying them trips the check."""
+        assert "publisher_slug" in self.KNOWN_FIELDS
+        assert "_signatures" in self.KNOWN_FIELDS
 
     def test_toolpack_entry_fields_classified(self):
         e = seal_entry(_make_entry())

agentnode_sdk-0.11.3/tests/test_references.py

@@ -0,0 +1,16 @@
+"""Shared slug/tool reference parsing (0.11.2)."""
+import pytest
+
+from agentnode_sdk.references import parse_tool_reference
+
+
+@pytest.mark.parametrize("ref,expected", [
+    ("word-counter-pack", ("word-counter-pack", None)),
+    ("word-counter-pack:count_words", ("word-counter-pack", "count_words")),
+    ("a-b", ("a-b", None)),
+    ("a-b:c", ("a-b", "c")),
+    ("a-b:", ("a-b", None)),            # empty tool part → None
+    ("a-b:c:d", ("a-b", "c:d")),        # only the first colon splits
+])
+def test_parse_tool_reference(ref, expected):
+    assert parse_tool_reference(ref) == expected

{agentnode_sdk-0.11.1 → agentnode_sdk-0.11.3}/tests/test_sandbox_gate.py

@@ -82,6 +82,20 @@ def test_other_nontrusted_blocked_when_unavailable(tmp_path, trust):
     assert res.mode_used == "sandbox_unavailable"
 
 
+def test_cli_community_slug_tool_still_failclosed(tmp_path, monkeypatch, capsys):
+    """0.11.2: splitting `slug:tool` at the CLI must NOT bypass the sandbox gate.
+    A community (unverified) pack run as `slug:tool` with no container runtime
+    stays fail-closed — cmd_run forwards the REAL slug, whose trust the gate reads."""
+    from agentnode_sdk.cli import commands
+    set_default_backend(_FakeBackend(available=False))
+    lf = _write_lockfile(tmp_path, "evil-pack", "unverified")
+    monkeypatch.setattr(installer, "_lockfile_path", lambda: lf)
+    rc = commands.cmd_run("evil-pack:dotool", input_data='{"x":1}', json_output=True)
+    out = capsys.readouterr().out
+    assert rc == 1
+    assert "sandbox_unavailable" in out
+
+
 def test_curated_not_blocked_when_unavailable(tmp_path, monkeypatch):
     set_default_backend(_FakeBackend(available=False))
     _stub_check_run_deny(monkeypatch)

{agentnode_sdk-0.11.1 → agentnode_sdk-0.11.3}/tests/test_toolpack_sandbox.py

@@ -339,6 +339,31 @@ def test_resolve_target_v01_package_default():
     assert _resolve_container_target(entry, None) == ("mod.tool", ["run"])
 
 
+def test_resolve_target_single_tool_autoselect():
+    # 0.11.2: single-tool pack, no tool_name → auto-select the sole tool (not run)
+    entry = {"entrypoint": "wc.tool",
+             "tools": [{"name": "count_words", "entrypoint": "wc.tool:count_words"}]}
+    assert _resolve_container_target(entry, None) == ("wc.tool", ["count_words"])
+
+
+def test_resolve_target_multi_tool_keeps_package_default():
+    # 0.11.2: multi-tool, no tool_name → package-level entrypoint (unchanged)
+    entry = {"entrypoint": "mod.tool:dispatch",
+             "tools": [{"name": "a", "entrypoint": "mod.tool:a"},
+                       {"name": "b", "entrypoint": "mod.tool:b"}]}
+    assert _resolve_container_target(entry, None) == ("mod.tool", ["dispatch"])
+
+
+def test_resolve_target_multi_tool_no_entrypoint_hints():
+    # 0.11.3: multi-tool pack with NO package-level entrypoint → helpful hint
+    # listing tools + slug:tool (message-only; container path mirrors the host).
+    from agentnode_sdk.exceptions import AgentNodeToolError
+    entry = {"tools": [{"name": "a", "entrypoint": "m:a"},
+                       {"name": "b", "entrypoint": "m:b"}]}
+    with pytest.raises(AgentNodeToolError, match="multiple tools"):
+        _resolve_container_target(entry, None)
+
+
 def test_resolve_target_v02_colon_function():
     entry = {"entrypoint": "mod.tool:describe", "tools": []}
     assert _resolve_container_target(entry, None) == ("mod.tool", ["describe"])

{agentnode_sdk-0.11.1 → agentnode_sdk-0.11.3}/tests/test_v02.py

@@ -69,6 +69,73 @@ class TestLoadTool:
                 func = load_tool("my-pack")
                 assert func == mock_module.run
 
+    def test_load_single_tool_autoselect(self, tmp_path):
+        """0.11.2: single-tool pack — load_tool(slug) with no tool_name
+        auto-selects the sole tool's entrypoint instead of the default `run`."""
+        self._write_lockfile(tmp_path, {
+            "word-counter-pack": {
+                "version": "1.0.0",
+                "entrypoint": "wc.tool",  # colon-less → old code defaulted to run()
+                "tools": [
+                    {"name": "count_words", "entrypoint": "wc.tool:count_words"},
+                ],
+            }
+        })
+        # spec=[...] so the module has NO `run` attr — old behavior would raise.
+        mock_module = MagicMock(spec=["count_words"])
+        mock_module.count_words = lambda text="": {"words": 0}
+
+        with patch("agentnode_sdk.installer._lockfile_path", return_value=tmp_path / "agentnode.lock"):
+            with patch("agentnode_sdk.installer.importlib.import_module", return_value=mock_module):
+                func = load_tool("word-counter-pack")
+                assert func == mock_module.count_words
+
+    def test_load_multi_tool_uses_package_entrypoint(self, tmp_path):
+        """0.11.2: multi-tool pack — load_tool(slug) with no tool_name still uses
+        the package-level entrypoint (no guessing among tools). Unchanged."""
+        self._write_lockfile(tmp_path, {
+            "multi-pack": {
+                "version": "1.0.0",
+                "entrypoint": "multi.tool:dispatch",
+                "tools": [
+                    {"name": "a", "entrypoint": "multi.tool:a"},
+                    {"name": "b", "entrypoint": "multi.tool:b"},
+                ],
+            }
+        })
+        mock_module = MagicMock(spec=["dispatch", "a", "b"])
+        mock_module.dispatch = lambda **k: "dispatched"
+
+        with patch("agentnode_sdk.installer._lockfile_path", return_value=tmp_path / "agentnode.lock"):
+            with patch("agentnode_sdk.installer.importlib.import_module", return_value=mock_module):
+                func = load_tool("multi-pack")
+                assert func == mock_module.dispatch
+
+    def test_load_multi_tool_no_toolname_lists_tools(self, tmp_path):
+        """0.11.3: multi-tool pack run without a tool name and an unresolvable
+        package entrypoint → helpful error listing tools + slug:tool hint.
+        Message-only; dispatch behaviour unchanged."""
+        self._write_lockfile(tmp_path, {
+            "multi-pack": {
+                "version": "1.0.0",
+                "entrypoint": "multi.tool",  # colon-less → 'run', which won't exist
+                "tools": [
+                    {"name": "a", "entrypoint": "multi.tool:a"},
+                    {"name": "b", "entrypoint": "multi.tool:b"},
+                ],
+            }
+        })
+        mock_module = MagicMock(spec=["a", "b"])  # no 'run' attribute
+
+        with patch("agentnode_sdk.installer._lockfile_path", return_value=tmp_path / "agentnode.lock"):
+            with patch("agentnode_sdk.installer.importlib.import_module", return_value=mock_module):
+                with pytest.raises(ImportError) as ei:
+                    load_tool("multi-pack")
+        msg = str(ei.value)
+        assert "multiple tools" in msg
+        assert "'a'" in msg and "'b'" in msg
+        assert "multi-pack:<tool>" in msg
+
     def test_load_v02_with_tool_name(self, tmp_path):
         """v0.2 pack — load_tool(slug, tool_name) returns specific function."""
         self._write_lockfile(tmp_path, {