agentnode-sdk 0.11.3__tar.gz → 0.11.4__tar.gz

{agentnode_sdk-0.11.3 → agentnode_sdk-0.11.4}/CHANGELOG.md

@@ -1,5 +1,23 @@
 # Changelog
 
+## 0.11.4 — Publish confirm gate
+
+### Added
+
+- **`agentnode publish` now asks for confirmation before publishing.** After the
+  preview, the command prompts `Publish <pkg>@<version> to <registry>? [y/N]`
+  (default No) and only uploads on explicit `y`. A new `--yes`/`-y` flag skips
+  the prompt for CI/automation. `--dry-run` is unchanged (never prompts, never
+  publishes). Prevents accidental publishes of the wrong package/version/folder.
+
+### BREAKING / Upgrade Notes
+
+- **Non-interactive publish now requires `--yes`.** Previously `agentnode publish`
+  in a non-interactive context (CI, piped stdin, or `AGENTNODE_NON_INTERACTIVE=1`)
+  uploaded silently. It now **refuses** without `--yes` and exits non-zero.
+  Automation that publishes must add `--yes`. Interactive use is unaffected
+  beyond the new prompt.
+
 ## 0.11.3 — Test hygiene + multi-tool run guidance
 
 ### Fixed

{agentnode_sdk-0.11.3 → agentnode_sdk-0.11.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: agentnode-sdk
-Version: 0.11.3
+Version: 0.11.4
 Summary: Python SDK for AgentNode — the open upgrade and discovery infrastructure for AI agents.
 Project-URL: Homepage, https://agentnode.net
 Project-URL: Repository, https://github.com/agentnode-ai/agentnode

{agentnode_sdk-0.11.3 → agentnode_sdk-0.11.4}/agentnode_sdk/__init__.py

@@ -38,7 +38,7 @@ from agentnode_sdk.runtime import AgentNodeRuntime
 Client = AgentNodeClient
 ToolError = AgentNodeToolError
 
-__version__ = "0.11.3"
+__version__ = "0.11.4"
 __all__ = [
     "AgentNode",
     "AsyncAgentNode",

{agentnode_sdk-0.11.3 → agentnode_sdk-0.11.4}/agentnode_sdk/cli/main.py

@@ -154,6 +154,7 @@ def main(argv: list[str] | None = None) -> int:
     publish_parser.add_argument("--dry-run", action="store_true", help="Validate and build without uploading")
     publish_parser.add_argument("--skip-validate", action="store_true", help="Continue despite validation errors")
     publish_parser.add_argument("--token", default=None, help="API key (default: AGENTNODE_API_KEY env)")
+    publish_parser.add_argument("--yes", "-y", action="store_true", help="Skip the confirmation prompt (required for non-interactive/CI publish)")
 
     # record-cases
     record_parser = sub.add_parser("record-cases", help="Record VCR cassettes for API verification cases")
@@ -338,7 +339,7 @@ def main(argv: list[str] | None = None) -> int:
             return commands.cmd_verify_local(args.path)
         if args.command == "publish":
             from agentnode_sdk.cli.publish import cmd_publish
-            return cmd_publish(args.path, dry_run=args.dry_run, skip_validate=args.skip_validate, token=args.token)
+            return cmd_publish(args.path, dry_run=args.dry_run, skip_validate=args.skip_validate, token=args.token, yes=args.yes)
         if args.command == "record-cases":
             return commands.cmd_record_cases(args.path, strict=args.strict)
         if args.command == "inspect":

{agentnode_sdk-0.11.3 → agentnode_sdk-0.11.4}/agentnode_sdk/cli/publish.py

@@ -286,12 +286,38 @@ def _post_publish(
     }
 
 
+def _confirm_publish(
+    pkg_id: str, version: str, registry: str, *, yes: bool, interactive: bool
+) -> bool:
+    """Final consent gate before an external publish. Returns True to proceed.
+
+    - ``yes``: explicit bypass for CI/automation → proceed.
+    - not ``interactive``: refuse — never publish non-interactively without --yes.
+    - interactive: prompt ``[y/N]``, default No.
+    """
+    if yes:
+        return True
+    if not interactive:
+        print(
+            "  Refusing to publish non-interactively. "
+            "Re-run with --yes to confirm in CI/automation.",
+            file=sys.stderr,
+        )
+        return False
+    answer = input(f"  Publish {pkg_id}@{version} to {registry}? [y/N] ").strip().lower()
+    if answer in ("y", "yes"):
+        return True
+    print("  Publish cancelled.")
+    return False
+
+
 def cmd_publish(
     path_str: str,
     *,
     dry_run: bool = False,
     skip_validate: bool = False,
     token: str | None = None,
+    yes: bool = False,
 ) -> int:
     """Publish a package to the AgentNode registry."""
     from agentnode_sdk.cli.validate import validate_package_dir
@@ -389,6 +415,19 @@ def cmd_publish(
         )
         return 1
 
+    # Publish confirm gate — publish is an external, hard-to-undo action.
+    # Detect interactivity robustly (CI/pipes have a non-TTY stdin even without
+    # AGENTNODE_NON_INTERACTIVE set); non-interactive requires explicit --yes.
+    registry = _resolve_api_base().replace("https://", "").replace("http://", "")
+    interactive = sys.stdin.isatty() and os.environ.get(
+        "AGENTNODE_NON_INTERACTIVE", ""
+    ).lower() not in ("true", "1")
+    if not _confirm_publish(pkg_id, version, registry, yes=yes, interactive=interactive):
+        # interactive decline = clean cancel (0); non-interactive without --yes
+        # = refusal (1). When yes=True the gate always proceeds, so we never land
+        # here in that case.
+        return 0 if interactive else 1
+
     try:
         sig_block = _sign_for_publish(pkg_id, manifest, artifact_bytes)
         manifest["_signatures"] = {"publisher": [sig_block]}

{agentnode_sdk-0.11.3 → agentnode_sdk-0.11.4}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "agentnode-sdk"
-version = "0.11.3"
+version = "0.11.4"
 description = "Python SDK for AgentNode — the open upgrade and discovery infrastructure for AI agents."
 readme = "README.md"
 requires-python = ">=3.10"

{agentnode_sdk-0.11.3 → agentnode_sdk-0.11.4}/tests/test_publish.py

@@ -4,7 +4,9 @@ from __future__ import annotations
 import io
 import json
 import os
+import sys
 import tarfile
+import types
 from pathlib import Path
 from unittest.mock import patch, MagicMock
 
@@ -15,6 +17,7 @@ from agentnode_sdk.cli.publish import (
     PUBLISH_EXCLUDE_FILES,
     PUBLISH_EXCLUDE_SUFFIXES,
     _build_artifact,
+    _confirm_publish,
     _should_exclude,
     cmd_publish,
 )
@@ -259,7 +262,7 @@ class TestCmdPublish:
             "message": "Published test-pack@1.0.0",
         }
         with patch("agentnode_sdk.cli.publish._post_publish", return_value=mock_resp):
-            rc = cmd_publish(str(tmp_path), token="test-key-123")
+            rc = cmd_publish(str(tmp_path), token="test-key-123", yes=True)
         assert rc == 0
         out = capsys.readouterr().out
         assert "Published test-pack@1.0.0" in out
@@ -276,7 +279,7 @@ class TestCmdPublish:
             "details": [],
         }
         with patch("agentnode_sdk.cli.publish._post_publish", return_value=mock_resp):
-            rc = cmd_publish(str(tmp_path), token="test-key-123")
+            rc = cmd_publish(str(tmp_path), token="test-key-123", yes=True)
         assert rc == 1
         out = capsys.readouterr().out
         assert "already exists" in out
@@ -484,7 +487,7 @@ class TestCmdPublishSigning:
             return mock_resp
 
         with patch("agentnode_sdk.cli.publish._post_publish", side_effect=capture_post):
-            rc = cmd_publish(str(tmp_path), token="test-key")
+            rc = cmd_publish(str(tmp_path), token="test-key", yes=True)
 
         assert rc == 0
         assert "_signatures" in captured_manifest
@@ -517,7 +520,7 @@ class TestCmdPublishSigning:
             return {"slug": "test-pack", "version": "1.0.0", "message": "ok"}
 
         with patch("agentnode_sdk.cli.publish._post_publish", side_effect=capture_post):
-            rc = cmd_publish(str(tmp_path), token="test-key")
+            rc = cmd_publish(str(tmp_path), token="test-key", yes=True)
 
         assert rc == 0
 
@@ -544,7 +547,7 @@ class TestCmdPublishSigning:
 
         with patch("agentnode_sdk.cli.publish._sign_for_publish", side_effect=RuntimeError("key error")):
             with patch("agentnode_sdk.cli.publish._post_publish", return_value=mock_resp):
-                rc = cmd_publish(str(tmp_path), token="test-key")
+                rc = cmd_publish(str(tmp_path), token="test-key", yes=True)
 
         assert rc == 0
         err = capsys.readouterr().err
@@ -591,3 +594,85 @@ class TestPublisherSlugRegressionGuards:
         from agentnode_sdk.cli.publish import manifest_to_entry
         entry = manifest_to_entry(MINIMAL_MANIFEST, "sha256:abc123")
         assert "publisher_slug" not in entry
+
+
+# ---------------------------------------------------------------------------
+# Publish confirm gate (0.11.4)
+# ---------------------------------------------------------------------------
+
+class TestConfirmPublishHelper:
+    """The decision logic in isolation — the security-critical part."""
+
+    def test_yes_bypasses(self):
+        assert _confirm_publish("p", "1.0", "reg", yes=True, interactive=False) is True
+
+    def test_non_interactive_without_yes_refuses(self, capsys):
+        assert _confirm_publish("p", "1.0", "reg", yes=False, interactive=False) is False
+        assert "non-interactively" in capsys.readouterr().err
+
+    def test_interactive_y_proceeds(self, monkeypatch):
+        monkeypatch.setattr("builtins.input", lambda *a, **k: "y")
+        assert _confirm_publish("p", "1.0", "reg", yes=False, interactive=True) is True
+
+    def test_interactive_yes_word_proceeds(self, monkeypatch):
+        monkeypatch.setattr("builtins.input", lambda *a, **k: "YES")
+        assert _confirm_publish("p", "1.0", "reg", yes=False, interactive=True) is True
+
+    def test_interactive_n_cancels(self, monkeypatch, capsys):
+        monkeypatch.setattr("builtins.input", lambda *a, **k: "n")
+        assert _confirm_publish("p", "1.0", "reg", yes=False, interactive=True) is False
+        assert "cancelled" in capsys.readouterr().out
+
+    def test_interactive_enter_default_cancels(self, monkeypatch):
+        monkeypatch.setattr("builtins.input", lambda *a, **k: "")
+        assert _confirm_publish("p", "1.0", "reg", yes=False, interactive=True) is False
+
+
+class TestCmdPublishConfirmGate:
+    """End-to-end wiring: the gate must sit before _post_publish."""
+
+    def test_non_interactive_without_yes_refuses(self, tmp_path, capsys, monkeypatch):
+        _write_manifest(tmp_path)
+        (tmp_path / "tools.py").write_text("def run(): pass")
+        # force non-tty deterministically (independent of pytest -s)
+        monkeypatch.setattr(sys, "stdin", types.SimpleNamespace(isatty=lambda: False))
+        with patch("agentnode_sdk.cli.publish._post_publish") as mock_post:
+            rc = cmd_publish(str(tmp_path), token="test-key")  # no --yes
+        assert rc == 1
+        mock_post.assert_not_called()
+        assert "non-interactively" in capsys.readouterr().err
+
+    def test_non_interactive_with_yes_publishes(self, tmp_path, monkeypatch):
+        monkeypatch.setenv("AGENTNODE_CONFIG", str(tmp_path / "config"))
+        _write_manifest(tmp_path)
+        (tmp_path / "tools.py").write_text("def run(): pass")
+        monkeypatch.setattr(sys, "stdin", types.SimpleNamespace(isatty=lambda: False))
+        resp = {"slug": "test-pack", "version": "1.0.0", "message": "Published"}
+        with patch("agentnode_sdk.cli.publish._post_publish", return_value=resp) as mock_post:
+            rc = cmd_publish(str(tmp_path), token="test-key", yes=True)
+        assert rc == 0
+        mock_post.assert_called_once()
+
+    def test_interactive_decline_does_not_publish(self, tmp_path, monkeypatch):
+        _write_manifest(tmp_path)
+        (tmp_path / "tools.py").write_text("def run(): pass")
+        monkeypatch.delenv("AGENTNODE_NON_INTERACTIVE", raising=False)
+        monkeypatch.setattr(sys, "stdin", types.SimpleNamespace(isatty=lambda: True))
+        monkeypatch.setattr("builtins.input", lambda *a, **k: "n")
+        with patch("agentnode_sdk.cli.publish._post_publish") as mock_post:
+            rc = cmd_publish(str(tmp_path), token="test-key")
+        assert rc == 0
+        mock_post.assert_not_called()
+
+    def test_interactive_accept_publishes(self, tmp_path, monkeypatch):
+        monkeypatch.setenv("AGENTNODE_CONFIG", str(tmp_path / "config"))
+        _write_manifest(tmp_path)
+        (tmp_path / "tools.py").write_text("def run(): pass")
+        monkeypatch.delenv("AGENTNODE_NON_INTERACTIVE", raising=False)
+        monkeypatch.setattr(sys, "stdin", types.SimpleNamespace(isatty=lambda: True))
+        monkeypatch.setattr("builtins.input", lambda *a, **k: "y")
+        resp = {"slug": "test-pack", "version": "1.0.0", "message": "Published"}
+        with patch("agentnode_sdk.cli.publish._post_publish", return_value=resp) as mock_post:
+            rc = cmd_publish(str(tmp_path), token="test-key")
+        assert rc == 0
+        mock_post.assert_called_once()