agentnode-sdk 0.11.2__tar.gz → 0.11.4__tar.gz

{agentnode_sdk-0.11.2 → agentnode_sdk-0.11.4}/CHANGELOG.md

@@ -1,5 +1,42 @@
 # Changelog
 
+## 0.11.4 — Publish confirm gate
+
+### Added
+
+- **`agentnode publish` now asks for confirmation before publishing.** After the
+  preview, the command prompts `Publish <pkg>@<version> to <registry>? [y/N]`
+  (default No) and only uploads on explicit `y`. A new `--yes`/`-y` flag skips
+  the prompt for CI/automation. `--dry-run` is unchanged (never prompts, never
+  publishes). Prevents accidental publishes of the wrong package/version/folder.
+
+### BREAKING / Upgrade Notes
+
+- **Non-interactive publish now requires `--yes`.** Previously `agentnode publish`
+  in a non-interactive context (CI, piped stdin, or `AGENTNODE_NON_INTERACTIVE=1`)
+  uploaded silently. It now **refuses** without `--yes` and exits non-zero.
+  Automation that publishes must add `--yes`. Interactive use is unaffected
+  beyond the new prompt.
+
+## 0.11.3 — Test hygiene + multi-tool run guidance
+
+### Fixed
+
+- **Stale lock-integrity field-classification test.** `test_real_lockfile_fields_classified`
+  used the V1 `CANONICAL_FIELDS` set, so it flagged the V3 field `publisher_slug`
+  as "unclassified" on real lockfiles and failed. The integrity model itself
+  already seals `publisher_slug` (`CANONICAL_FIELDS_V3`); only the test was stale.
+  Updated to `CANONICAL_FIELDS_V3` — no change to the integrity model.
+
+### Changed
+
+- **Clearer `agentnode run <slug>` error for multi-tool packs.** When a package
+  exposes more than one tool and resolution fails without an explicit tool name,
+  the error now lists the available tools and points at
+  `agentnode run <slug>:<tool>` instead of a generic "no entrypoint" / "Function
+  'run' not found". Message-only — single-tool auto-select and multi-tool dispatch
+  behaviour are unchanged. Applied consistently to the host and container paths.
+
 ## 0.11.2 — CLI run resolution fixes
 
 ### Fixed

{agentnode_sdk-0.11.2 → agentnode_sdk-0.11.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: agentnode-sdk
-Version: 0.11.2
+Version: 0.11.4
 Summary: Python SDK for AgentNode — the open upgrade and discovery infrastructure for AI agents.
 Project-URL: Homepage, https://agentnode.net
 Project-URL: Repository, https://github.com/agentnode-ai/agentnode

{agentnode_sdk-0.11.2 → agentnode_sdk-0.11.4}/agentnode_sdk/__init__.py

@@ -38,7 +38,7 @@ from agentnode_sdk.runtime import AgentNodeRuntime
 Client = AgentNodeClient
 ToolError = AgentNodeToolError
 
-__version__ = "0.11.2"
+__version__ = "0.11.4"
 __all__ = [
     "AgentNode",
     "AsyncAgentNode",

{agentnode_sdk-0.11.2 → agentnode_sdk-0.11.4}/agentnode_sdk/cli/main.py

@@ -154,6 +154,7 @@ def main(argv: list[str] | None = None) -> int:
     publish_parser.add_argument("--dry-run", action="store_true", help="Validate and build without uploading")
     publish_parser.add_argument("--skip-validate", action="store_true", help="Continue despite validation errors")
     publish_parser.add_argument("--token", default=None, help="API key (default: AGENTNODE_API_KEY env)")
+    publish_parser.add_argument("--yes", "-y", action="store_true", help="Skip the confirmation prompt (required for non-interactive/CI publish)")
 
     # record-cases
     record_parser = sub.add_parser("record-cases", help="Record VCR cassettes for API verification cases")
@@ -338,7 +339,7 @@ def main(argv: list[str] | None = None) -> int:
             return commands.cmd_verify_local(args.path)
         if args.command == "publish":
             from agentnode_sdk.cli.publish import cmd_publish
-            return cmd_publish(args.path, dry_run=args.dry_run, skip_validate=args.skip_validate, token=args.token)
+            return cmd_publish(args.path, dry_run=args.dry_run, skip_validate=args.skip_validate, token=args.token, yes=args.yes)
         if args.command == "record-cases":
             return commands.cmd_record_cases(args.path, strict=args.strict)
         if args.command == "inspect":

{agentnode_sdk-0.11.2 → agentnode_sdk-0.11.4}/agentnode_sdk/cli/publish.py

@@ -286,12 +286,38 @@ def _post_publish(
     }
 
 
+def _confirm_publish(
+    pkg_id: str, version: str, registry: str, *, yes: bool, interactive: bool
+) -> bool:
+    """Final consent gate before an external publish. Returns True to proceed.
+
+    - ``yes``: explicit bypass for CI/automation → proceed.
+    - not ``interactive``: refuse — never publish non-interactively without --yes.
+    - interactive: prompt ``[y/N]``, default No.
+    """
+    if yes:
+        return True
+    if not interactive:
+        print(
+            "  Refusing to publish non-interactively. "
+            "Re-run with --yes to confirm in CI/automation.",
+            file=sys.stderr,
+        )
+        return False
+    answer = input(f"  Publish {pkg_id}@{version} to {registry}? [y/N] ").strip().lower()
+    if answer in ("y", "yes"):
+        return True
+    print("  Publish cancelled.")
+    return False
+
+
 def cmd_publish(
     path_str: str,
     *,
     dry_run: bool = False,
     skip_validate: bool = False,
     token: str | None = None,
+    yes: bool = False,
 ) -> int:
     """Publish a package to the AgentNode registry."""
     from agentnode_sdk.cli.validate import validate_package_dir
@@ -389,6 +415,19 @@ def cmd_publish(
         )
         return 1
 
+    # Publish confirm gate — publish is an external, hard-to-undo action.
+    # Detect interactivity robustly (CI/pipes have a non-TTY stdin even without
+    # AGENTNODE_NON_INTERACTIVE set); non-interactive requires explicit --yes.
+    registry = _resolve_api_base().replace("https://", "").replace("http://", "")
+    interactive = sys.stdin.isatty() and os.environ.get(
+        "AGENTNODE_NON_INTERACTIVE", ""
+    ).lower() not in ("true", "1")
+    if not _confirm_publish(pkg_id, version, registry, yes=yes, interactive=interactive):
+        # interactive decline = clean cancel (0); non-interactive without --yes
+        # = refusal (1). When yes=True the gate always proceeds, so we never land
+        # here in that case.
+        return 0 if interactive else 1
+
     try:
         sig_block = _sign_for_publish(pkg_id, manifest, artifact_bytes)
         manifest["_signatures"] = {"publisher": [sig_block]}

{agentnode_sdk-0.11.2 → agentnode_sdk-0.11.4}/agentnode_sdk/installer.py

@@ -1051,6 +1051,20 @@ def _default_tool_entrypoint(entry: dict) -> str | None:
     return entry.get("entrypoint")
 
 
+def _multi_tool_hint(entry: dict, slug: str = "<slug>") -> str:
+    """Trailing hint for resolution-failure errors: if the pack exposes MORE than
+    one tool, point the user at ``agentnode run <slug>:<tool>`` and list the tools.
+    Empty string for single-tool / no-tools packs. Message-only — does not change
+    which entrypoint is chosen."""
+    names = [t.get("name") for t in (entry.get("tools") or []) if t.get("name")]
+    if len(names) > 1:
+        return (
+            f" This package exposes multiple tools: {names}. "
+            f"Run a specific one with: agentnode run {slug}:<tool>."
+        )
+    return ""
+
+
 def load_tool(slug: str, tool_name: str | None = None, *, _internal: bool = False) -> Any:
     """Load an installed package's tool function.
 
@@ -1120,7 +1134,10 @@ def load_tool(slug: str, tool_name: str | None = None, *, _internal: bool = Fals
     # else fall back to the package-level entrypoint (multi-tool unchanged).
     entrypoint = _default_tool_entrypoint(pkg)
     if not entrypoint:
-        raise ImportError(f"Package '{slug}' has no entrypoint in lockfile.")
+        raise ImportError(
+            f"Package '{slug}' has no entrypoint in lockfile."
+            + _multi_tool_hint(pkg, slug)
+        )
 
     module_path, func_name = _resolve_entrypoint(entrypoint)
     mod = _import_module(module_path, slug)
@@ -1129,6 +1146,7 @@ def load_tool(slug: str, tool_name: str | None = None, *, _internal: bool = Fals
         raise ImportError(
             f"Function '{func_name}' not found in module '{module_path}' "
             f"for package '{slug}'."
+            + _multi_tool_hint(pkg, slug)
         )
     return func
 

{agentnode_sdk-0.11.2 → agentnode_sdk-0.11.4}/agentnode_sdk/runtimes/python_runner.py

@@ -445,7 +445,9 @@ def _resolve_container_target(entry: dict, tool_name: str | None) -> tuple[str,
         first then the default function (``run``), matching load_tool's getattr order;
       - no tool_name → package entrypoint module + its function.
     """
-    from agentnode_sdk.installer import _resolve_entrypoint, _default_tool_entrypoint
+    from agentnode_sdk.installer import (
+        _resolve_entrypoint, _default_tool_entrypoint, _multi_tool_hint,
+    )
 
     tools = entry.get("tools") or []
     if tool_name:
@@ -466,7 +468,8 @@ def _resolve_container_target(entry: dict, tool_name: str | None) -> tuple[str,
     ep = _default_tool_entrypoint(entry)
     if not ep:
         raise AgentNodeToolError(
-            "Package has no entrypoint in the lockfile.", tool_name=None,
+            "Package has no entrypoint in the lockfile." + _multi_tool_hint(entry),
+            tool_name=None,
         )
     module, func = _resolve_entrypoint(ep)
     return module, [func]

{agentnode_sdk-0.11.2 → agentnode_sdk-0.11.4}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "agentnode-sdk"
-version = "0.11.2"
+version = "0.11.4"
 description = "Python SDK for AgentNode — the open upgrade and discovery infrastructure for AI agents."
 readme = "README.md"
 requires-python = ">=3.10"

{agentnode_sdk-0.11.2 → agentnode_sdk-0.11.4}/tests/test_lock_integrity.py

@@ -595,7 +595,14 @@ class TestFieldClassification:
     """Every field in a real lockfile entry must be either canonical,
     mutable, or the _integrity seal itself."""
 
-    KNOWN_FIELDS = set(CANONICAL_FIELDS) | set(MUTABLE_FIELDS) | {"_integrity", "_signatures"}
+    # V3 = canonical V1 + _signatures + publisher_slug (all integrity-sealed).
+    KNOWN_FIELDS = set(CANONICAL_FIELDS_V3) | set(MUTABLE_FIELDS) | {"_integrity"}
+
+    def test_known_fields_cover_v3(self):
+        """Regression: V3 canonical fields (incl. _signatures, publisher_slug)
+        must be classified, else a real lockfile carrying them trips the check."""
+        assert "publisher_slug" in self.KNOWN_FIELDS
+        assert "_signatures" in self.KNOWN_FIELDS
 
     def test_toolpack_entry_fields_classified(self):
         e = seal_entry(_make_entry())

{agentnode_sdk-0.11.2 → agentnode_sdk-0.11.4}/tests/test_publish.py

@@ -4,7 +4,9 @@ from __future__ import annotations
 import io
 import json
 import os
+import sys
 import tarfile
+import types
 from pathlib import Path
 from unittest.mock import patch, MagicMock
 
@@ -15,6 +17,7 @@ from agentnode_sdk.cli.publish import (
     PUBLISH_EXCLUDE_FILES,
     PUBLISH_EXCLUDE_SUFFIXES,
     _build_artifact,
+    _confirm_publish,
     _should_exclude,
     cmd_publish,
 )
@@ -259,7 +262,7 @@ class TestCmdPublish:
             "message": "Published test-pack@1.0.0",
         }
         with patch("agentnode_sdk.cli.publish._post_publish", return_value=mock_resp):
-            rc = cmd_publish(str(tmp_path), token="test-key-123")
+            rc = cmd_publish(str(tmp_path), token="test-key-123", yes=True)
         assert rc == 0
         out = capsys.readouterr().out
         assert "Published test-pack@1.0.0" in out
@@ -276,7 +279,7 @@ class TestCmdPublish:
             "details": [],
         }
         with patch("agentnode_sdk.cli.publish._post_publish", return_value=mock_resp):
-            rc = cmd_publish(str(tmp_path), token="test-key-123")
+            rc = cmd_publish(str(tmp_path), token="test-key-123", yes=True)
         assert rc == 1
         out = capsys.readouterr().out
         assert "already exists" in out
@@ -484,7 +487,7 @@ class TestCmdPublishSigning:
             return mock_resp
 
         with patch("agentnode_sdk.cli.publish._post_publish", side_effect=capture_post):
-            rc = cmd_publish(str(tmp_path), token="test-key")
+            rc = cmd_publish(str(tmp_path), token="test-key", yes=True)
 
         assert rc == 0
         assert "_signatures" in captured_manifest
@@ -517,7 +520,7 @@ class TestCmdPublishSigning:
             return {"slug": "test-pack", "version": "1.0.0", "message": "ok"}
 
         with patch("agentnode_sdk.cli.publish._post_publish", side_effect=capture_post):
-            rc = cmd_publish(str(tmp_path), token="test-key")
+            rc = cmd_publish(str(tmp_path), token="test-key", yes=True)
 
         assert rc == 0
 
@@ -544,7 +547,7 @@ class TestCmdPublishSigning:
 
         with patch("agentnode_sdk.cli.publish._sign_for_publish", side_effect=RuntimeError("key error")):
             with patch("agentnode_sdk.cli.publish._post_publish", return_value=mock_resp):
-                rc = cmd_publish(str(tmp_path), token="test-key")
+                rc = cmd_publish(str(tmp_path), token="test-key", yes=True)
 
         assert rc == 0
         err = capsys.readouterr().err
@@ -591,3 +594,85 @@ class TestPublisherSlugRegressionGuards:
         from agentnode_sdk.cli.publish import manifest_to_entry
         entry = manifest_to_entry(MINIMAL_MANIFEST, "sha256:abc123")
         assert "publisher_slug" not in entry
+
+
+# ---------------------------------------------------------------------------
+# Publish confirm gate (0.11.4)
+# ---------------------------------------------------------------------------
+
+class TestConfirmPublishHelper:
+    """The decision logic in isolation — the security-critical part."""
+
+    def test_yes_bypasses(self):
+        assert _confirm_publish("p", "1.0", "reg", yes=True, interactive=False) is True
+
+    def test_non_interactive_without_yes_refuses(self, capsys):
+        assert _confirm_publish("p", "1.0", "reg", yes=False, interactive=False) is False
+        assert "non-interactively" in capsys.readouterr().err
+
+    def test_interactive_y_proceeds(self, monkeypatch):
+        monkeypatch.setattr("builtins.input", lambda *a, **k: "y")
+        assert _confirm_publish("p", "1.0", "reg", yes=False, interactive=True) is True
+
+    def test_interactive_yes_word_proceeds(self, monkeypatch):
+        monkeypatch.setattr("builtins.input", lambda *a, **k: "YES")
+        assert _confirm_publish("p", "1.0", "reg", yes=False, interactive=True) is True
+
+    def test_interactive_n_cancels(self, monkeypatch, capsys):
+        monkeypatch.setattr("builtins.input", lambda *a, **k: "n")
+        assert _confirm_publish("p", "1.0", "reg", yes=False, interactive=True) is False
+        assert "cancelled" in capsys.readouterr().out
+
+    def test_interactive_enter_default_cancels(self, monkeypatch):
+        monkeypatch.setattr("builtins.input", lambda *a, **k: "")
+        assert _confirm_publish("p", "1.0", "reg", yes=False, interactive=True) is False
+
+
+class TestCmdPublishConfirmGate:
+    """End-to-end wiring: the gate must sit before _post_publish."""
+
+    def test_non_interactive_without_yes_refuses(self, tmp_path, capsys, monkeypatch):
+        _write_manifest(tmp_path)
+        (tmp_path / "tools.py").write_text("def run(): pass")
+        # force non-tty deterministically (independent of pytest -s)
+        monkeypatch.setattr(sys, "stdin", types.SimpleNamespace(isatty=lambda: False))
+        with patch("agentnode_sdk.cli.publish._post_publish") as mock_post:
+            rc = cmd_publish(str(tmp_path), token="test-key")  # no --yes
+        assert rc == 1
+        mock_post.assert_not_called()
+        assert "non-interactively" in capsys.readouterr().err
+
+    def test_non_interactive_with_yes_publishes(self, tmp_path, monkeypatch):
+        monkeypatch.setenv("AGENTNODE_CONFIG", str(tmp_path / "config"))
+        _write_manifest(tmp_path)
+        (tmp_path / "tools.py").write_text("def run(): pass")
+        monkeypatch.setattr(sys, "stdin", types.SimpleNamespace(isatty=lambda: False))
+        resp = {"slug": "test-pack", "version": "1.0.0", "message": "Published"}
+        with patch("agentnode_sdk.cli.publish._post_publish", return_value=resp) as mock_post:
+            rc = cmd_publish(str(tmp_path), token="test-key", yes=True)
+        assert rc == 0
+        mock_post.assert_called_once()
+
+    def test_interactive_decline_does_not_publish(self, tmp_path, monkeypatch):
+        _write_manifest(tmp_path)
+        (tmp_path / "tools.py").write_text("def run(): pass")
+        monkeypatch.delenv("AGENTNODE_NON_INTERACTIVE", raising=False)
+        monkeypatch.setattr(sys, "stdin", types.SimpleNamespace(isatty=lambda: True))
+        monkeypatch.setattr("builtins.input", lambda *a, **k: "n")
+        with patch("agentnode_sdk.cli.publish._post_publish") as mock_post:
+            rc = cmd_publish(str(tmp_path), token="test-key")
+        assert rc == 0
+        mock_post.assert_not_called()
+
+    def test_interactive_accept_publishes(self, tmp_path, monkeypatch):
+        monkeypatch.setenv("AGENTNODE_CONFIG", str(tmp_path / "config"))
+        _write_manifest(tmp_path)
+        (tmp_path / "tools.py").write_text("def run(): pass")
+        monkeypatch.delenv("AGENTNODE_NON_INTERACTIVE", raising=False)
+        monkeypatch.setattr(sys, "stdin", types.SimpleNamespace(isatty=lambda: True))
+        monkeypatch.setattr("builtins.input", lambda *a, **k: "y")
+        resp = {"slug": "test-pack", "version": "1.0.0", "message": "Published"}
+        with patch("agentnode_sdk.cli.publish._post_publish", return_value=resp) as mock_post:
+            rc = cmd_publish(str(tmp_path), token="test-key")
+        assert rc == 0
+        mock_post.assert_called_once()

{agentnode_sdk-0.11.2 → agentnode_sdk-0.11.4}/tests/test_toolpack_sandbox.py

@@ -354,6 +354,16 @@ def test_resolve_target_multi_tool_keeps_package_default():
     assert _resolve_container_target(entry, None) == ("mod.tool", ["dispatch"])
 
 
+def test_resolve_target_multi_tool_no_entrypoint_hints():
+    # 0.11.3: multi-tool pack with NO package-level entrypoint → helpful hint
+    # listing tools + slug:tool (message-only; container path mirrors the host).
+    from agentnode_sdk.exceptions import AgentNodeToolError
+    entry = {"tools": [{"name": "a", "entrypoint": "m:a"},
+                       {"name": "b", "entrypoint": "m:b"}]}
+    with pytest.raises(AgentNodeToolError, match="multiple tools"):
+        _resolve_container_target(entry, None)
+
+
 def test_resolve_target_v02_colon_function():
     entry = {"entrypoint": "mod.tool:describe", "tools": []}
     assert _resolve_container_target(entry, None) == ("mod.tool", ["describe"])

{agentnode_sdk-0.11.2 → agentnode_sdk-0.11.4}/tests/test_v02.py

@@ -111,6 +111,31 @@ class TestLoadTool:
                 func = load_tool("multi-pack")
                 assert func == mock_module.dispatch
 
+    def test_load_multi_tool_no_toolname_lists_tools(self, tmp_path):
+        """0.11.3: multi-tool pack run without a tool name and an unresolvable
+        package entrypoint → helpful error listing tools + slug:tool hint.
+        Message-only; dispatch behaviour unchanged."""
+        self._write_lockfile(tmp_path, {
+            "multi-pack": {
+                "version": "1.0.0",
+                "entrypoint": "multi.tool",  # colon-less → 'run', which won't exist
+                "tools": [
+                    {"name": "a", "entrypoint": "multi.tool:a"},
+                    {"name": "b", "entrypoint": "multi.tool:b"},
+                ],
+            }
+        })
+        mock_module = MagicMock(spec=["a", "b"])  # no 'run' attribute
+
+        with patch("agentnode_sdk.installer._lockfile_path", return_value=tmp_path / "agentnode.lock"):
+            with patch("agentnode_sdk.installer.importlib.import_module", return_value=mock_module):
+                with pytest.raises(ImportError) as ei:
+                    load_tool("multi-pack")
+        msg = str(ei.value)
+        assert "multiple tools" in msg
+        assert "'a'" in msg and "'b'" in msg
+        assert "multi-pack:<tool>" in msg
+
     def test_load_v02_with_tool_name(self, tmp_path):
         """v0.2 pack — load_tool(slug, tool_name) returns specific function."""
         self._write_lockfile(tmp_path, {