agentnode-sdk 0.12.1__tar.gz → 0.14.0__tar.gz

{agentnode_sdk-0.12.1 → agentnode_sdk-0.14.0}/CHANGELOG.md

@@ -1,5 +1,98 @@
 # Changelog
 
+## 0.14.0 — Setup wizard: guided credentials + sandbox onboarding
+
+### Added
+
+- **`agentnode setup` now guides through optional LLM credentials.** A new
+  wizard screen offers storing a provider key (OpenAI, Anthropic, OpenRouter —
+  or Skip, the default). Entry is via hidden getpass or an import from an
+  existing environment variable; the honest storage label (OS keychain /
+  plaintext file) is shown, and an optional key test runs against a free
+  endpoint (no completion call) without ever blocking the wizard.
+- **`agentnode setup` now includes a "Local sandbox" screen.** It shows the
+  doctor's diagnosis (runtime, daemon, pinned image, digest) with clear next
+  steps. If only the image is missing, the wizard offers the digest-pinned
+  pull — on a TTY and only after an explicit Yes (default No).
+- **Optional agent-sandbox enable prompt.** Only when the sandbox is fully
+  ready, the wizard asks "Enable sandboxed community agents now? [y/N]"
+  (default No). The choice is persisted with the wizard's normal save step;
+  cancelling saves nothing.
+- The summary and finish screens show credentials, sandbox status, and the
+  exact follow-up commands (`agentnode auth status`, `agentnode sandbox
+  doctor`, `agentnode sandbox pull`, `agentnode config set
+  agent_sandbox.enabled true`).
+
+### Hardened
+
+- No keys in wizard output (masked last-4 only), no keys in config files, no
+  keys via CLI arguments — entry is getpass or env import only.
+- No automatic Docker pull: the only pull path is the existing, fully guarded
+  `agentnode sandbox pull`, offered solely on a TTY after an explicit Yes.
+- The sandbox flag is never enabled without an explicit Yes, and never offered
+  when the sandbox is not ready.
+- Pull failures never abort setup; non-interactive sessions never block
+  (credential and sandbox prompts skip themselves with guidance).
+
+### BREAKING / Upgrade Notes
+
+- None. The wizard changes are additive; all defaults preserve previous
+  behavior (credentials skipped, sandbox flag stays off). No new dependency.
+
+## 0.13.0 — Credential vault for LLM providers
+
+### Added
+
+- **OS-keychain credential storage:** `agentnode auth set openai|anthropic|openrouter`
+  now stores the key in the OS keychain (Windows Credential Manager, macOS
+  Keychain, Linux Secret Service). `credentials.json` keeps only non-secret
+  metadata for keychain-backed entries. If no keychain is available (e.g.
+  headless Linux/CI), storage falls back to the plaintext file (0600) — and
+  says so honestly.
+- **The LLM runtime now reads stored credentials:** `_auto_detect_llm` falls
+  back to the credential store when no env var is set — `agentnode auth set
+  openai` is finally picked up by host agents AND the sandboxed-agent LLM
+  broker (the key still never enters the sandbox container).
+- `agentnode auth test <provider>` — validates the effective key via a free
+  provider endpoint (no completion call, no cost). Exit codes: 0 valid,
+  1 rejected, 2 not configured, 3 indeterminate (network errors are never
+  reported as "invalid").
+- `agentnode auth set <provider> --from-env ENV_VAR` — import an existing
+  environment key into the store.
+- `llm.default_provider` config key — which stored credential to try first
+  (`openai`, `anthropic`, `openrouter`). OpenRouter bindings pin the
+  namespaced default model (`openai/gpt-4o-mini`).
+
+### Changed
+
+- `agentnode auth status` now leads with an LLM-provider section showing the
+  storage backend and the EFFECTIVE source per provider — including an
+  explicit "env var X — overrides stored credential" callout when an
+  environment variable shadows a stored key.
+- `agentnode auth list` shows a storage column (OS keychain / plaintext file).
+- Environment variables (and `~/.agentnode/.env`) always override stored
+  credentials — explicit/CI intent wins.
+
+### Hardened
+
+- Keys are never printed (masked last-4 only), never logged (provider/backend
+  errors are reported by type, never message), never echoed from provider
+  responses, and never enter the sandbox container, audit records, manifests,
+  or lockfiles. `auth test` never accepts a key as a CLI argument.
+- Keychain access is probed once per process with a timeout — a locked or
+  hanging Secret Service degrades cleanly to file storage instead of blocking.
+
+### Upgrade Notes
+
+- New dependency: `keyring>=24` (pure Python, installed automatically).
+- Honest scope of the OS keychain: it protects against other local users and
+  accidental file exposure; it does NOT protect against programs running as
+  the same user. The fallback is a plaintext file (0600) when no keychain is
+  available — neither mode is "encrypted at rest by AgentNode".
+- Existing plaintext credentials keep working unchanged. Nothing migrates on
+  read; a credential moves into the keychain the next time you `auth set` it.
+- No breaking changes.
+
 ## 0.12.1 — agent_sandbox config fix
 
 ### Fixed

{agentnode_sdk-0.12.1 → agentnode_sdk-0.14.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: agentnode-sdk
-Version: 0.12.1
+Version: 0.14.0
 Summary: Python SDK for AgentNode — the open upgrade and discovery infrastructure for AI agents.
 Project-URL: Homepage, https://agentnode.net
 Project-URL: Repository, https://github.com/agentnode-ai/agentnode
@@ -16,6 +16,7 @@ Classifier: Topic :: Software Development :: Libraries
 Requires-Python: >=3.10
 Requires-Dist: cryptography>=41.0
 Requires-Dist: httpx>=0.25
+Requires-Dist: keyring>=24
 Requires-Dist: mcp>=1.0.0
 Requires-Dist: pyyaml>=6.0
 Provides-Extra: dev

{agentnode_sdk-0.12.1 → agentnode_sdk-0.14.0}/agentnode_sdk/__init__.py

@@ -38,7 +38,7 @@ from agentnode_sdk.runtime import AgentNodeRuntime
 Client = AgentNodeClient
 ToolError = AgentNodeToolError
 
-__version__ = "0.12.1"
+__version__ = "0.14.0"
 __all__ = [
     "AgentNode",
     "AsyncAgentNode",

agentnode_sdk-0.14.0/agentnode_sdk/cli/auth.py

@@ -0,0 +1,243 @@
+"""agentnode auth — credential management CLI.
+
+Secrets are entered via getpass (never argv, never echoed) and only ever
+shown masked (last 4 chars). Storage labels are honest: "OS keychain" or
+"plaintext file" — never "encrypted"."""
+from __future__ import annotations
+
+import getpass
+import os
+import sys
+
+from agentnode_sdk.credential_store import (
+    LLM_PROVIDER_ENV,
+    has_credential,
+    list_credentials,
+    load_credentials,
+    remove_credential,
+    set_credential,
+)
+from agentnode_sdk.installer import read_lockfile
+from agentnode_sdk.cli.output import bold, dim, section
+
+
+def _masked(token: str) -> str:
+    """Only ever show the last 4 chars of a secret."""
+    return "..." + token[-4:] if len(token) >= 8 else "..."
+
+
+def _storage_short(storage: str) -> str:
+    return "OS keychain" if storage == "keyring" else "plaintext file"
+
+
+def _llm_effective_source(provider: str) -> tuple[str | None, str]:
+    """(effective key or None, human-readable source) for an LLM provider.
+
+    Mirrors the runtime's resolution: env (incl. ~/.agentnode/.env) overrides
+    the stored credential. Uses metadata only for the stored check here —
+    the real keychain read happens in ``auth test``."""
+    from agentnode_sdk.runtimes.agent_runner import _load_agentnode_env
+    _load_agentnode_env()
+
+    env_var = LLM_PROVIDER_ENV[provider]
+    env_key = os.environ.get(env_var) or None
+    meta = load_credentials().get("providers", {}).get(provider)
+    stored = isinstance(meta, dict)
+    storage = (meta or {}).get("storage", "file")
+
+    if env_key and stored:
+        return env_key, f"env var {env_var} — overrides stored credential"
+    if env_key:
+        return env_key, f"env var {env_var}"
+    if stored:
+        return None, _storage_short(storage)
+    return None, "not configured"
+
+
+def _resolve_auth_type(provider: str) -> str:
+    """Read auth_type from lockfile connector entry. Falls back to 'api_key'.
+
+    If multiple installed connectors share a provider with different auth
+    types, this returns the first match — may need disambiguation later.
+    """
+    lock = read_lockfile()
+    for _slug, info in lock.get("packages", {}).items():
+        connector = info.get("connector")
+        if isinstance(connector, dict) and connector.get("provider", "").lower() == provider:
+            return connector.get("auth_type", "api_key")
+    return "api_key"
+
+
+def cmd_auth_set(provider: str, from_env: str | None = None) -> int:
+    provider = provider.lower().strip()
+    if not provider:
+        print("  Error: provider name required.", file=sys.stderr)
+        return 1
+    if from_env:
+        # Import an existing env key (also honors ~/.agentnode/.env). A flag,
+        # not a prompt — keeps piped-stdin flows intact.
+        from agentnode_sdk.runtimes.agent_runner import _load_agentnode_env
+        _load_agentnode_env()
+        token = (os.environ.get(from_env) or "").strip()
+        if not token:
+            print(f"  Error: environment variable {from_env} is not set.", file=sys.stderr)
+            return 1
+    else:
+        try:
+            token = getpass.getpass(f"  Enter access token for {provider}: ")
+        except (KeyboardInterrupt, EOFError):
+            print("\n  Cancelled.")
+            return 130
+        token = token.strip()
+        if not token:
+            print("  Error: no token provided.", file=sys.stderr)
+            return 1
+    auth_type = _resolve_auth_type(provider)
+    storage = set_credential(provider, token, auth_type=auth_type)
+    if storage == "keyring":
+        where = "OS keychain"
+    else:
+        where = "plaintext file (0600) — OS keychain unavailable on this system"
+    print(f"\n  Credential stored for {provider} ({_masked(token)}) — storage: {where}.\n")
+    return 0
+
+
+def cmd_auth_list() -> int:
+    creds = list_credentials()
+    if not creds:
+        print("\n  No credentials configured.")
+        print(dim("  Run `agentnode auth set <provider>` to store a credential.\n"))
+        return 0
+    print()
+    print(section("Credentials"))
+    print(f"  {'Provider':<14}{'Auth type':<13}{'Storage':<16}{'Stored'}")
+    print(f"  {'--------':<14}{'--------':<13}{'-------':<16}{'------'}")
+    for provider, info in sorted(creds.items()):
+        stored = info.get("stored_at", "")[:10]
+        auth_type = info.get("auth_type", "unknown")
+        storage = _storage_short(info.get("storage", "file"))
+        print(f"  {provider:<14}{auth_type:<13}{storage:<16}{stored}")
+    print(f"\n  {len(creds)} credential(s) configured.\n")
+    return 0
+
+
+def cmd_auth_remove(provider: str) -> int:
+    provider = provider.lower().strip()
+    if remove_credential(provider):
+        print(f"\n  Removed credential for {provider}.\n")
+        return 0
+    print(f"\n  No credential found for {provider}.\n")
+    return 1
+
+
+def cmd_auth_status() -> int:
+    # --- LLM providers (host runtime / sandbox broker) -----------------------
+    print()
+    print(section("LLM Providers"))
+    print(f"  {'Provider':<14}{'Status':<16}{'Effective source'}")
+    print(f"  {'--------':<14}{'------':<16}{'----------------'}")
+    for provider in sorted(LLM_PROVIDER_ENV):
+        key, source = _llm_effective_source(provider)
+        configured = key is not None or source not in ("not configured",)
+        status = "configured" if configured else "missing"
+        print(f"  {provider:<14}{status:<16}{source}")
+    print(dim("  Env vars always override stored credentials. "
+              "Test a key: agentnode auth test <provider>"))
+
+    # --- connector packages (unchanged) --------------------------------------
+    lock = read_lockfile()
+    pkgs = lock.get("packages", {})
+
+    # Collect provider → list of slugs
+    provider_packages: dict[str, list[str]] = {}
+    for slug, info in pkgs.items():
+        connector = info.get("connector")
+        if isinstance(connector, dict) and connector.get("provider"):
+            provider = connector["provider"].lower().strip()
+            provider_packages.setdefault(provider, []).append(slug)
+
+    if not provider_packages:
+        print("\n  No installed packages require connector credentials.\n")
+        return 0
+
+    print()
+    print(section("Credential Status"))
+    print(f"  {'Provider':<14}{'Status':<16}{'Used by'}")
+    print(f"  {'--------':<14}{'------':<16}{'------'}")
+    missing: list[str] = []
+    for provider in sorted(provider_packages):
+        configured = has_credential(provider)
+        status = "configured" if configured else "missing"
+        slugs = ", ".join(sorted(provider_packages[provider]))
+        print(f"  {provider:<14}{status:<16}{slugs}")
+        if not configured:
+            missing.append(provider)
+
+    if missing:
+        print()
+        print(dim("  Fix missing:"))
+        for p in missing:
+            print(dim(f"    agentnode auth set {p}"))
+    print()
+    return 0
+
+
+# Free, cost-less validation endpoints (no completion call, no charge).
+# anthropic REQUIRES the anthropic-version header (a 400 without it would be
+# misread as a bad key); openrouter's /models is UNAUTHENTICATED (validates
+# nothing) — /auth/key is the correct probe.
+_TEST_REQUESTS = {
+    "openai": lambda key: (
+        "https://api.openai.com/v1/models",
+        {"Authorization": f"Bearer {key}"},
+    ),
+    "anthropic": lambda key: (
+        "https://api.anthropic.com/v1/models",
+        {"x-api-key": key, "anthropic-version": "2023-06-01"},
+    ),
+    "openrouter": lambda key: (
+        "https://openrouter.ai/api/v1/auth/key",
+        {"Authorization": f"Bearer {key}"},
+    ),
+}
+
+
+def cmd_auth_test(provider: str) -> int:
+    """Validate the EFFECTIVE key for an LLM provider (env beats vault) via a
+    free endpoint. Exit codes: 0 valid / 1 rejected (401/403) / 2 not
+    configured or unsupported / 3 indeterminate (network/5xx — never reported
+    as invalid). Never prints the key (masked last-4 only) and never echoes
+    the provider's response body (it can contain key fragments)."""
+    provider = provider.lower().strip()
+    if provider not in _TEST_REQUESTS:
+        supported = ", ".join(sorted(_TEST_REQUESTS))
+        print(f"  auth test supports: {supported}", file=sys.stderr)
+        return 2
+
+    key, source = _llm_effective_source(provider)
+    if key is None:
+        # No env override — resolve the stored credential (real keychain read).
+        from agentnode_sdk.credential_store import get_llm_api_key
+        key = get_llm_api_key(provider)
+    if not key:
+        print(f"\n  {provider}: not configured. Run `agentnode auth set {provider}`.\n")
+        return 2
+
+    url, headers = _TEST_REQUESTS[provider](key)
+    import httpx
+    try:
+        resp = httpx.get(url, headers=headers, timeout=10.0)
+    except Exception:
+        print(f"\n  {provider} ({_masked(key)}, {source}): could not reach the "
+              "provider — key validity unknown.\n")
+        return 3
+    if resp.status_code == 200:
+        print(f"\n  {provider} ({_masked(key)}, {source}): key is valid.\n")
+        return 0
+    if resp.status_code in (401, 403):
+        print(f"\n  {provider} ({_masked(key)}, {source}): key was rejected by "
+              f"the provider (HTTP {resp.status_code}).\n")
+        return 1
+    print(f"\n  {provider} ({_masked(key)}, {source}): unexpected provider "
+          f"response (HTTP {resp.status_code}) — key validity unknown.\n")
+    return 3

{agentnode_sdk-0.12.1 → agentnode_sdk-0.14.0}/agentnode_sdk/cli/main.py

@@ -63,10 +63,14 @@ def main(argv: list[str] | None = None) -> int:
     auth_sub = auth_parser.add_subparsers(dest="auth_action")
     auth_set_p = auth_sub.add_parser("set", help="Store a credential for a provider")
     auth_set_p.add_argument("provider")
+    auth_set_p.add_argument("--from-env", default=None, metavar="ENV_VAR",
+                            help="Import the key from this environment variable instead of prompting")
     auth_sub.add_parser("list", help="Show configured credentials")
     auth_rm_p = auth_sub.add_parser("remove", help="Remove a stored credential")
     auth_rm_p.add_argument("provider")
     auth_sub.add_parser("status", help="Check credential status for installed packages")
+    auth_test_p = auth_sub.add_parser("test", help="Validate a stored LLM key via a free provider endpoint")
+    auth_test_p.add_argument("provider")
 
     # config
     config_parser = sub.add_parser("config", help="View or modify settings")
@@ -270,15 +274,18 @@ def main(argv: list[str] | None = None) -> int:
         if args.command == "auth":
             from agentnode_sdk.cli.auth import (
                 cmd_auth_set, cmd_auth_list, cmd_auth_remove, cmd_auth_status,
+                cmd_auth_test,
             )
             if args.auth_action == "set":
-                return cmd_auth_set(args.provider)
+                return cmd_auth_set(args.provider, from_env=args.from_env)
             if args.auth_action == "list":
                 return cmd_auth_list()
             if args.auth_action == "remove":
                 return cmd_auth_remove(args.provider)
             if args.auth_action == "status":
                 return cmd_auth_status()
+            if args.auth_action == "test":
+                return cmd_auth_test(args.provider)
             return cmd_auth_list()
         if args.command == "config":
             if args.config_action == "list":