antioch-py 2.2.3__py3-none-any.whl → 3.0.0__py3-none-any.whl

common/ark/node.py

@@ -3,6 +3,7 @@ from enum import Enum
 
 from pydantic import Field
 
+from common.ark.token import InputToken
 from common.message import Message
 
 
@@ -42,10 +43,7 @@ class NodeTimer(Message):
         else:
             raise ValueError("Timer must specify frequency or period")
 
-        # Convert to microseconds
         period_us = int(period_ms * 1000)
-
-        # Round to nearest millisecond
         rounded_us = ((period_us + 500) // 1000) * 1000
         if rounded_us == 0:
             raise ValueError("Timer frequency is too high (sub-millisecond period)")
@@ -92,3 +90,48 @@ class Node(Message):
     inputs: dict[str, NodeInput] = Field(default_factory=dict)
     outputs: dict[str, NodeOutput] = Field(default_factory=dict)
     hardware_access: dict[str, HardwareAccessMode] = Field(default_factory=dict)
+
+
+class NodeEdge(Message):
+    """
+    Directed edge representing data flow between nodes.
+    """
+
+    _type = "antioch/ark/node_edge"
+    source_module: str
+    source_node: str
+    source_output_name: str
+    target_module: str
+    target_node: str
+    target_input_name: str
+    type: str
+
+
+class SimNodeStart(Message):
+    """
+    Ark signals node to start execution (sim mode).
+
+    Sent from Ark to node via publisher to trigger node start with hardware reads.
+    """
+
+    _type = "antioch/ark/sim_node_start"
+    module_name: str
+    node_name: str
+    start_let_us: int
+    start_timestamp_us: int
+    input_tokens: list[InputToken]
+    hardware_reads: dict[str, bytes]
+
+
+class SimNodeComplete(Message):
+    """
+    Node signals completion to Ark (sim mode).
+
+    Sent from node to Ark to indicate completion with optional hardware writes.
+    """
+
+    _type = "antioch/ark/sim_node_complete"
+    module_name: str
+    node_name: str
+    completion_let_us: int
+    hardware_writes: dict[str, bytes] | None = None

common/ark/scheduler.py

@@ -3,38 +3,11 @@ from abc import ABC, abstractmethod
 from sortedcontainers import SortedDict
 
 from common.ark.module import Module
+from common.ark.node import NodeEdge
+from common.ark.token import InputToken
 from common.message import Message
 
 
-class NodeEdge(Message):
-    """
-    Directed edge representing data flow between nodes.
-    """
-
-    _type = "antioch/ark/node_edge"
-    source_module: str
-    source_node: str
-    source_output_name: str
-    target_module: str
-    target_node: str
-    target_input_name: str
-    type: str
-
-
-class InputToken(Message):
-    """
-    Input token representing data flow to a node.
-    """
-
-    _type = "antioch/ark/input_token"
-    source_module: str
-    source_node: str
-    source_output_name: str
-    target_input_name: str
-    let_us: int
-    budget_us: int
-
-
 class ScheduleEvent(Message, ABC):
     """
     Base class for schedule events.

common/ark/sim.py

@@ -1,4 +1,4 @@
-from common.ark.scheduler import InputToken
+from common.ark.token import InputToken
 from common.message import Message
 
 

{antioch/module → common/ark}/token.py

@@ -3,6 +3,23 @@ from enum import Enum
 from common.message import Message
 from common.utils.time import now_us
 
+# Synchronization path for token communication
+ARK_TOKEN_PATH = "_ark/token/{path}"
+
+
+class InputToken(Message):
+    """
+    Input token representing data flow to a node.
+    """
+
+    _type = "antioch/ark/input_token"
+    source_module: str
+    source_node: str
+    source_output_name: str
+    target_input_name: str
+    let_us: int
+    budget_us: int
+
 
 class TokenType(str, Enum):
     """

common/constants.py

@@ -1,11 +1,20 @@
 import os
 from pathlib import Path
 
+# =============================================================================
+# Environment
+# =============================================================================
+
 ANTIOCH_ENV = os.environ.get("ANTIOCH_ENV", "prod").lower()
-if ANTIOCH_ENV not in ("prod", "staging"):
+if ANTIOCH_ENV not in ("prod", "staging", "local"):
     raise ValueError(f"Invalid ANTIOCH_ENV: {ANTIOCH_ENV}")
 
-if ANTIOCH_ENV == "staging":
+# =============================================================================
+# API URLs
+# =============================================================================
+
+# Local dev uses staging APIs
+if ANTIOCH_ENV in ("staging", "local"):
     ANTIOCH_API_URL = "https://staging.api.antioch.com"
     AUTH_DOMAIN = "https://staging.auth.antioch.com"
     AUTH_CLIENT_ID = "x0aOquV43Xe76ehqAm6Zir80O0MWpqTV"
@@ -14,9 +23,58 @@ else:
     AUTH_DOMAIN = "https://auth.antioch.com"
     AUTH_CLIENT_ID = "8RLoPEgMP3ih10sfJsGPkwbUWGilsoyX"
 
+# Allow environment variable overrides
 ANTIOCH_API_URL = os.environ.get("ANTIOCH_API_URL", ANTIOCH_API_URL)
 AUTH_DOMAIN = os.environ.get("AUTH_DOMAIN", AUTH_DOMAIN)
-ANTIOCH_DIR = os.environ.get("ANTIOCH_DIR", str(Path.home() / ".antioch" / ANTIOCH_ENV))
+
+# =============================================================================
+# Local Storage Directories
+# =============================================================================
+
+ANTIOCH_DIR = os.environ.get("ANTIOCH_DIR", f"{os.environ.get('HOME', '.')}/.antioch/{ANTIOCH_ENV}")
+ANTIOCH_ARKS_DIR = os.environ.get("ANTIOCH_ARKS_DIR", f"{ANTIOCH_DIR}/arks")
+ANTIOCH_ASSETS_DIR = os.environ.get("ANTIOCH_ASSETS_DIR", f"{ANTIOCH_DIR}/assets")
+
+# =============================================================================
+# Auth0 Configuration
+# =============================================================================
+
+AUTH_TOKEN_URL = f"{AUTH_DOMAIN}/oauth/token"
+DEVICE_CODE_URL = f"{AUTH_DOMAIN}/oauth/device/code"
+
+AUTH_SCOPE = "openid profile email"
+AUDIENCE = "https://sessions.antioch.com"
+AUTH_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code"
+AUTH_TIMEOUT_SECONDS = 120
+
+# JWT claim names (namespaced for Auth0)
+AUTH_ORG_ID_CLAIM = "https://antioch.com/org_id"
+AUTH_ORG_NAME_CLAIM = "https://antioch.com/org_name"
+
+# =============================================================================
+# Telemetry Configuration
+# =============================================================================
+
+FOXGLOVE_WEBSOCKET_PORT = 8765
+
+# =============================================================================
+# Zenoh Shared Memory Configuration
+# =============================================================================
+
+# Enable shared memory transport for high-performance IPC between processes
+# When enabled, large messages use shared memory instead of TCP, providing
+# 4-8x latency improvement for messages > 64 KB. Falls back to TCP when SHM
+# is unavailable (cross-machine, pool exhausted, etc.)
+SHM_ENABLED = True
+
+# Shared memory pool size in bytes (256 MB)
+# This is the total amount of shared memory allocated for message transport
+SHM_POOL_SIZE_BYTES = 256 * 1024 * 1024
+
+# Message size threshold in bytes for SHM transport (64 KB)
+# Messages larger than this use SHM; smaller messages use TCP
+# Based on benchmarks showing SHM wins for messages >= 64 KB
+SHM_MESSAGE_SIZE_THRESHOLD_BYTES = 64 * 1024
 
 
 def get_auth_dir() -> Path:
@@ -42,7 +100,7 @@ def get_ark_dir() -> Path:
     :return: Path to the arks directory.
     """
 
-    ark_dir = Path(ANTIOCH_DIR) / "arks"
+    ark_dir = Path(ANTIOCH_ARKS_DIR)
     ark_dir.mkdir(parents=True, exist_ok=True)
     return ark_dir
 
@@ -56,6 +114,6 @@ def get_asset_dir() -> Path:
     :return: Path to the assets directory.
     """
 
-    asset_dir = Path(ANTIOCH_DIR) / "assets"
+    asset_dir = Path(ANTIOCH_ASSETS_DIR)
     asset_dir.mkdir(parents=True, exist_ok=True)
     return asset_dir

common/core/__init__.py

@@ -1,16 +1,5 @@
-from common.core.agent import (
-    Agent,
-    AgentError,
-    AgentResponse,
-    AgentStateResponse,
-    AgentValidationError,
-    ArkStateResponse,
-    ContainerSource,
-    ContainerState,
-    RecordTelemetryRequest,
-    StartArkRequest,
-)
 from common.core.auth import AuthError, AuthHandler, Organization
+from common.core.container import ContainerManager, ContainerManagerError, ContainerSource
 from common.core.registry import (
     get_ark_version_reference,
     get_asset_path,
@@ -22,24 +11,41 @@ from common.core.registry import (
     pull_remote_ark,
     pull_remote_asset,
 )
+from common.core.rome import RomeAuthError, RomeClient, RomeError, RomeNetworkError
+from common.core.telemetry import TelemetryManager
+from common.core.types import (
+    ArkReference,
+    ArkRegistryMetadata,
+    ArkVersionReference,
+    AssetReference,
+    AssetVersionReference,
+    TaskOutcome,
+    TaskRun,
+    TaskRunner,
+    TaskTriggerSource,
+)
 
 __all__ = [
-    # Agent
-    "Agent",
-    "AgentError",
-    "AgentResponse",
-    "AgentStateResponse",
-    "AgentValidationError",
-    "ArkStateResponse",
-    "ContainerSource",
-    "ContainerState",
-    "RecordTelemetryRequest",
-    "StartArkRequest",
     # Auth
     "AuthError",
     "AuthHandler",
     "Organization",
-    # Registry
+    # Containers
+    "ContainerManager",
+    "ContainerManagerError",
+    "ContainerSource",
+    # Registry types
+    "ArkReference",
+    "ArkRegistryMetadata",
+    "ArkVersionReference",
+    "AssetReference",
+    "AssetVersionReference",
+    # Task types
+    "TaskOutcome",
+    "TaskRun",
+    "TaskRunner",
+    "TaskTriggerSource",
+    # Registry functions
     "get_ark_version_reference",
     "get_asset_path",
     "list_local_arks",
@@ -49,4 +55,11 @@ __all__ = [
     "load_local_ark",
     "pull_remote_ark",
     "pull_remote_asset",
+    # Rome
+    "RomeAuthError",
+    "RomeClient",
+    "RomeError",
+    "RomeNetworkError",
+    # Telemetry
+    "TelemetryManager",
 ]

common/core/auth.py

@@ -7,23 +7,18 @@ from pathlib import Path
 import requests
 from pydantic import BaseModel
 
-from common.constants import AUTH_CLIENT_ID, AUTH_DOMAIN, get_auth_dir
-
-# Authentication routes
-AUTH_TOKEN_URL = f"{AUTH_DOMAIN}/oauth/token"
-DEVICE_CODE_URL = f"{AUTH_DOMAIN}/oauth/device/code"
-
-# Authentication constants
-ALGORITHMS = ["RS256"]
-AUDIENCE = "https://sessions.antioch.com"
-AUTH_SCOPE = "openid profile email"
-AUTH_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code"
-AUTH_TIMEOUT_SECONDS = 120
-
-# Authentication claims
-AUTH_ORG_ID_CLAIM = "https://antioch.com/org_id"
-AUTH_ORG_NAME_CLAIM = "https://antioch.com/org_name"
-AUTH_ORGANIZATIONS_CLAIM = "https://antioch.com/organizations"
+from common.constants import (
+    AUDIENCE,
+    AUTH_CLIENT_ID,
+    AUTH_GRANT_TYPE,
+    AUTH_ORG_ID_CLAIM,
+    AUTH_ORG_NAME_CLAIM,
+    AUTH_SCOPE,
+    AUTH_TIMEOUT_SECONDS,
+    AUTH_TOKEN_URL,
+    DEVICE_CODE_URL,
+    get_auth_dir,
+)
 
 
 class AuthError(Exception):
@@ -34,38 +29,51 @@ class AuthError(Exception):
 
 class Organization(BaseModel):
     """
-    Organization information.
+    Organization information extracted from JWT token.
     """
 
     org_id: str
     org_name: str
 
 
+class UserInfo(BaseModel):
+    """
+    User information extracted from JWT token.
+    """
+
+    user_id: str
+    name: str | None = None
+    email: str | None = None
+
+
 class AuthHandler:
     """
-    Client for handling authentication.
+    Client for handling authentication via OAuth2 device code flow.
 
-    Auth is used for:
-    - Pulling artifacts from the remote Ark registry
-    - Pulling assets from the remote asset registry
+    Manages authentication tokens and organization context for interacting
+    with Antioch services.
     """
 
     def __init__(self):
         """
         Initialize the auth handler.
+
+        Automatically loads any existing token from disk.
         """
 
         self._token: str | None = None
-        self._user_id: str | None = None
-        self._current_org: Organization | None = None
-        self._available_orgs: list[Organization] = []
+        self._org: Organization | None = None
+        self._user: UserInfo | None = None
         self._load_local_token()
 
     def login(self) -> None:
         """
-        Authenticate the user via device code flow.
+        Authenticate the user via OAuth2 device code flow.
 
-        :raises AuthError: If authentication fails.
+        Initiates the device code flow, prompts the user to authenticate
+        in their browser, and saves the token to disk on success.
+
+        :raises AuthError: If authentication fails or times out.
         """
 
         if self.is_authenticated():
@@ -95,26 +103,27 @@ class AuthHandler:
             "client_id": AUTH_CLIENT_ID,
         }
 
-        authenticated = False
         start_time = time.time()
-        while not authenticated:
+        while True:
             token_response = requests.post(AUTH_TOKEN_URL, data=token_payload)
             token_data = token_response.json()
             if token_response.status_code == 200:
                 print("Authenticated!")
-                authenticated = True
-            elif token_data["error"] not in ("authorization_pending", "slow_down"):
+                self._token = token_data["access_token"]
+                break
+
+            if token_data["error"] not in ("authorization_pending", "slow_down"):
                 print(token_data["error_description"])
                 raise AuthError("Error authenticating the user") from Exception(token_data)
-            else:
-                if time.time() - start_time > AUTH_TIMEOUT_SECONDS:
-                    raise AuthError("Timeout waiting for authentication")
-                time.sleep(device_code_data["interval"])
 
-        # Save token
-        self._token = token_data["access_token"]
+            if time.time() - start_time > AUTH_TIMEOUT_SECONDS:
+                raise AuthError("Timeout waiting for authentication")
+
+            time.sleep(device_code_data["interval"])
+
         if self._token is None:
             raise AuthError("No token received")
+
         self._validate_token_claims(self._token)
         self.save_token()
 
@@ -122,69 +131,44 @@ class AuthHandler:
         """
         Check if the user is authenticated.
 
-        :return: True if authenticated, False otherwise.
+        :return: True if authenticated with a valid token, False otherwise.
         """
 
-        return self._current_org is not None
+        return self._org is not None
 
-    def select_organization(self, org_id: str):
+    def get_org(self) -> Organization:
         """
-        Select the organization to use for the session.
+        Get the current organization.
 
-        :param org_id: The ID of the organization to select.
+        :return: The current organization.
         :raises AuthError: If the user is not authenticated.
         """
 
-        if not self.is_authenticated():
+        if not self.is_authenticated() or self._org is None:
             raise AuthError("Not authenticated. Please login first")
+        return self._org
 
-        for org in self._available_orgs:
-            if org.org_id == org_id:
-                self._current_org = org
-                return
-
-        raise AuthError(f"Organization '{org_id}' is not in your available organizations")
-
-    def get_current_org(self) -> Organization | None:
+    def get_user_info(self) -> UserInfo | None:
         """
-        Get the current organization.
+        Get the current user information.
 
-        :return: The current organization.
+        :return: The current user info, or None if not available.
         :raises AuthError: If the user is not authenticated.
         """
 
         if not self.is_authenticated():
             raise AuthError("Not authenticated. Please login first")
+        return self._user
 
-        return self._current_org
-
-    def get_user_id(self) -> str | None:
-        """
-        Get the user ID.
-
-        :return: The user ID.
+    def get_token(self) -> str:
         """
+        Get the current authentication token.
 
-        return self._user_id
-
-    def get_available_orgs(self) -> list[Organization]:
-        """
-        Get the available organizations.
-
-        :return: The available organizations.
-        """
-
-        return self._available_orgs
-
-    def get_token(self) -> str | None:
-        """
-        Get the token.
-
-        :return: The token.
+        :return: The JWT access token.
         :raises AuthError: If the user is not authenticated.
         """
 
-        if not self.is_authenticated():
+        if not self.is_authenticated() or self._token is None:
             raise AuthError("Not authenticated. Please login first")
         return self._token
 
@@ -192,22 +176,16 @@ class AuthHandler:
         """
         Save the authentication token and organization data to disk.
 
+        Creates the token file with restrictive permissions (0600).
+
         :raises AuthError: If not authenticated.
         """
 
         if not self.is_authenticated():
             raise AuthError("Not authenticated. Please login first")
 
-        stored_data = {
-            "token": self._token,
-            "current_org": self._current_org.model_dump() if self._current_org else None,
-            "available_orgs": [org.model_dump() for org in self._available_orgs],
-        }
-
+        stored_data = {"token": self._token, "org": self._org.model_dump() if self._org else None}
         token_path = self._get_token_path()
-
-        # Create file with restrictive permissions (owner read/write only)
-        # Use os.open to atomically create file with 0o600 permissions
         fd = os.open(token_path, os.O_WRONLY | os.O_CREAT | os.O_TRUNC, 0o600)
         with os.fdopen(fd, "w") as f:
             json.dump(stored_data, f, indent=2)
@@ -223,9 +201,9 @@ class AuthHandler:
 
     def _load_local_token(self) -> None:
         """
-        Load the authentication token and organization data from disk.
+        Load the authentication token from disk.
 
-        Silently returns if no token exists or if loading fails. Clears invalid tokens.
+        Silently returns if no token exists. Clears invalid or expired tokens.
         """
 
         token_path = self._get_token_path()
@@ -242,17 +220,16 @@ class AuthHandler:
 
             # Validate and extract all claims from token
             self._validate_token_claims(self._token)
+            if stored_data.get("org"):
+                self._org = Organization(**stored_data["org"])
         except Exception as e:
             print(f"Error loading local token: {e}")
-
-            # Clear invalid or expired tokens
             self._token = None
             self.clear_token()
-            return
 
-    def _validate_token_claims(self, token: str):
+    def _validate_token_claims(self, token: str) -> None:
         """
-        Validate the token and extract all claims including user ID and organization information.
+        Validate the token and extract organization and user information.
 
         :param token: The JWT token to validate.
         :raises AuthError: If the token is invalid, expired, or missing required claims.
@@ -262,7 +239,7 @@ class AuthHandler:
         if len(parts) != 3:
             raise AuthError("Invalid token format")
 
-        # Decode the payload (middle part)
+        # Decode the payload
         payload_encoded = parts[1]
         padding = len(payload_encoded) % 4
         if padding:
@@ -275,29 +252,27 @@ class AuthHandler:
         if exp and time.time() > exp:
             raise AuthError("Token has expired")
 
-        # Extract user ID
-        self._user_id = payload.get("sub")
-        if self._user_id is None:
-            raise AuthError("User ID not found in token claims")
-
-        # Extract current organization
-        self._current_org = Organization(
-            org_id=payload.get(AUTH_ORG_ID_CLAIM),
-            org_name=payload.get(AUTH_ORG_NAME_CLAIM),
-        )
-
-        # Extract available organizations
-        # Note: Auth0 returns organizations with "id" and "name" keys, not "org_id" and "org_name"
-        self._available_orgs = [
-            Organization(org_id=org.get("id") or org.get("org_id"), org_name=org.get("name") or org.get("org_name"))
-            for org in payload.get(AUTH_ORGANIZATIONS_CLAIM, [])
-        ]
+        # Extract organization
+        org_id = payload.get(AUTH_ORG_ID_CLAIM)
+        org_name = payload.get(AUTH_ORG_NAME_CLAIM)
+        if not org_id or not org_name:
+            raise AuthError("Organization information not found in token claims")
+        self._org = Organization(org_id=org_id, org_name=org_name)
+
+        # Extract user info (optional claims)
+        user_id = payload.get("sub")
+        if user_id:
+            self._user = UserInfo(
+                user_id=user_id,
+                name=payload.get("name") or payload.get("nickname"),
+                email=payload.get("email"),
+            )
 
     def _get_token_path(self) -> Path:
         """
         Get the token file path.
 
-        :return: Path to the token file.
+        :return: Path to the token.json file.
         """
 
         return get_auth_dir() / "token.json"