authsec-sdk-vnext 4.2.0__tar.gz

authsec_sdk_vnext-4.2.0/MANIFEST.in

@@ -0,0 +1,3 @@
+include README.md
+recursive-include src/authsec_sdk/spiffe_workload_api/api *.proto
+global-exclude __pycache__ *.py[cod] .DS_Store

authsec_sdk_vnext-4.2.0/PKG-INFO

@@ -0,0 +1,134 @@
+Metadata-Version: 2.4
+Name: authsec-sdk-vnext
+Version: 4.2.0
+Summary: Preview AuthSec SDK for bearer-first MCP auth, services, CIBA, and SPIFFE integration
+Author-email: AuthSec Team <a@authnull.com>
+Keywords: authsec,mcp,oauth,rbac,spiffe,ciba,authentication,authorization
+Requires-Python: >=3.10.11
+Description-Content-Type: text/markdown
+Requires-Dist: aiohttp>=3.9.0
+Requires-Dist: certifi>=2024.0.0
+Requires-Dist: fastapi>=0.110.0
+Requires-Dist: grpcio>=1.60.0
+Requires-Dist: protobuf<6.0.0,>=5.29.0
+Requires-Dist: requests>=2.31.0
+Requires-Dist: uvicorn>=0.27.0
+Provides-Extra: dev
+Requires-Dist: build>=1.2.0; extra == "dev"
+Requires-Dist: pytest>=8.0.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.23.0; extra == "dev"
+Requires-Dist: twine>=5.0.0; extra == "dev"
+
+# AuthSec Python SDK vNext
+
+Preview Python SDK for AuthSec bearer-first MCP authentication, RBAC, service access, CIBA, delegation, and SPIFFE integrations.
+
+## Install
+
+From PyPI:
+
+```bash
+pip install authsec-sdk-vnext
+```
+
+For local SDK development:
+
+```bash
+cd packages/python-sdk
+pip install -e ".[dev]"
+```
+
+## Recommended Setup Flow
+
+The default user flow is:
+
+```bash
+pip install authsec-sdk-vnext
+authsec init
+```
+
+`authsec init` writes `.authsec.json` in the current working directory. If you choose the default setup path, it writes these prod endpoints:
+
+- `https://prod.api.authsec.ai/sdkmgr/mcp-auth`
+- `https://prod.api.authsec.ai/sdkmgr/services`
+- `https://prod.api.authsec.ai`
+
+Use `authsec config show` to verify the saved configuration.
+
+If you need localhost, staging, or self-hosted AuthSec, choose the custom path in `authsec init` or set explicit environment overrides.
+
+## Team Knowledge Base Flow
+
+The intended acceptance flow matches the protected Team Knowledge Base example:
+
+1. `pip install authsec-sdk-vnext`
+2. `authsec init`
+3. Run your protected MCP server
+4. Confirm startup logs show the prod AuthSec endpoints by default
+
+When the app name is `Team Knowledge Base (Protected)`, the expected startup output is:
+
+```text
+Auth configured: Team Knowledge Base (Protected) with client_id: 921c2209...
+Auth service URL: https://prod.api.authsec.ai/sdkmgr/mcp-auth
+Services URL: https://prod.api.authsec.ai/sdkmgr/services
+Starting Team Knowledge Base (Protected) MCP Server on 0.0.0.0:3005
+Authentication via: https://prod.api.authsec.ai/sdkmgr/mcp-auth
+Services via: https://prod.api.authsec.ai/sdkmgr/services
+SPIRE Workload Identity: DISABLED
+```
+
+## Example Server
+
+This package includes a Python MCP demo at `examples/local_authsec_demo_server.py`.
+
+Run it like this:
+
+```bash
+cd packages/python-sdk-vnext
+authsec init
+set -a
+source examples/local_authsec_demo.env.example
+set +a
+python examples/local_authsec_demo_server.py
+```
+
+By default, the example relies on `.authsec.json` created by `authsec init`. Only set `AUTHSEC_AUTH_SERVICE_URL` or `AUTHSEC_SERVICES_URL` if you intentionally want to override the prod defaults.
+
+## Testing
+
+Install the dev extras and run tests:
+
+```bash
+cd packages/python-sdk-vnext
+pip install -e ".[dev]"
+pytest tests/test_config_flow.py
+```
+
+The existing integration tests that point at localhost remain explicit local-service tests; they are not the default user path.
+
+## Maintainer Release Flow
+
+Build and verify locally:
+
+```bash
+cd packages/python-sdk-vnext
+python -m build
+python -m twine check dist/*
+```
+
+Smoke test the built artifact in a fresh virtualenv:
+
+```bash
+python -m venv /tmp/authsec-sdk-smoke
+source /tmp/authsec-sdk-smoke/bin/activate
+pip install /absolute/path/to/packages/python-sdk-vnext/dist/authsec_sdk_vnext-<version>-py3-none-any.whl
+authsec init
+```
+
+Publish with token-based Twine auth supplied via environment variables or `.pypirc`, then verify in a fresh virtualenv with:
+
+```bash
+pip install authsec-sdk-vnext
+authsec init
+```

authsec_sdk_vnext-4.2.0/README.md

@@ -0,0 +1,113 @@
+# AuthSec Python SDK vNext
+
+Preview Python SDK for AuthSec bearer-first MCP authentication, RBAC, service access, CIBA, delegation, and SPIFFE integrations.
+
+## Install
+
+From PyPI:
+
+```bash
+pip install authsec-sdk-vnext
+```
+
+For local SDK development:
+
+```bash
+cd packages/python-sdk
+pip install -e ".[dev]"
+```
+
+## Recommended Setup Flow
+
+The default user flow is:
+
+```bash
+pip install authsec-sdk-vnext
+authsec init
+```
+
+`authsec init` writes `.authsec.json` in the current working directory. If you choose the default setup path, it writes these prod endpoints:
+
+- `https://prod.api.authsec.ai/sdkmgr/mcp-auth`
+- `https://prod.api.authsec.ai/sdkmgr/services`
+- `https://prod.api.authsec.ai`
+
+Use `authsec config show` to verify the saved configuration.
+
+If you need localhost, staging, or self-hosted AuthSec, choose the custom path in `authsec init` or set explicit environment overrides.
+
+## Team Knowledge Base Flow
+
+The intended acceptance flow matches the protected Team Knowledge Base example:
+
+1. `pip install authsec-sdk-vnext`
+2. `authsec init`
+3. Run your protected MCP server
+4. Confirm startup logs show the prod AuthSec endpoints by default
+
+When the app name is `Team Knowledge Base (Protected)`, the expected startup output is:
+
+```text
+Auth configured: Team Knowledge Base (Protected) with client_id: 921c2209...
+Auth service URL: https://prod.api.authsec.ai/sdkmgr/mcp-auth
+Services URL: https://prod.api.authsec.ai/sdkmgr/services
+Starting Team Knowledge Base (Protected) MCP Server on 0.0.0.0:3005
+Authentication via: https://prod.api.authsec.ai/sdkmgr/mcp-auth
+Services via: https://prod.api.authsec.ai/sdkmgr/services
+SPIRE Workload Identity: DISABLED
+```
+
+## Example Server
+
+This package includes a Python MCP demo at `examples/local_authsec_demo_server.py`.
+
+Run it like this:
+
+```bash
+cd packages/python-sdk-vnext
+authsec init
+set -a
+source examples/local_authsec_demo.env.example
+set +a
+python examples/local_authsec_demo_server.py
+```
+
+By default, the example relies on `.authsec.json` created by `authsec init`. Only set `AUTHSEC_AUTH_SERVICE_URL` or `AUTHSEC_SERVICES_URL` if you intentionally want to override the prod defaults.
+
+## Testing
+
+Install the dev extras and run tests:
+
+```bash
+cd packages/python-sdk-vnext
+pip install -e ".[dev]"
+pytest tests/test_config_flow.py
+```
+
+The existing integration tests that point at localhost remain explicit local-service tests; they are not the default user path.
+
+## Maintainer Release Flow
+
+Build and verify locally:
+
+```bash
+cd packages/python-sdk-vnext
+python -m build
+python -m twine check dist/*
+```
+
+Smoke test the built artifact in a fresh virtualenv:
+
+```bash
+python -m venv /tmp/authsec-sdk-smoke
+source /tmp/authsec-sdk-smoke/bin/activate
+pip install /absolute/path/to/packages/python-sdk-vnext/dist/authsec_sdk_vnext-<version>-py3-none-any.whl
+authsec init
+```
+
+Publish with token-based Twine auth supplied via environment variables or `.pypirc`, then verify in a fresh virtualenv with:
+
+```bash
+pip install authsec-sdk-vnext
+authsec init
+```

authsec_sdk_vnext-4.2.0/pyproject.toml

@@ -0,0 +1,45 @@
+[build-system]
+requires = ["setuptools>=69", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "authsec-sdk-vnext"
+version = "4.2.0"
+description = "Preview AuthSec SDK for bearer-first MCP auth, services, CIBA, and SPIFFE integration"
+readme = "README.md"
+requires-python = ">=3.10.11"
+authors = [
+  { name = "AuthSec Team", email = "a@authnull.com" }
+]
+dependencies = [
+  "aiohttp>=3.9.0",
+  "certifi>=2024.0.0",
+  "fastapi>=0.110.0",
+  "grpcio>=1.60.0",
+  "protobuf>=5.29.0,<6.0.0",
+  "requests>=2.31.0",
+  "uvicorn>=0.27.0"
+]
+keywords = ["authsec", "mcp", "oauth", "rbac", "spiffe", "ciba", "authentication", "authorization"]
+
+[project.scripts]
+authsec = "authsec_sdk.cli:main"
+
+[project.optional-dependencies]
+dev = [
+  "build>=1.2.0",
+  "pytest>=8.0.0",
+  "pytest-asyncio>=0.23.0",
+  "twine>=5.0.0",
+]
+
+[tool.setuptools]
+package-dir = {"" = "src"}
+include-package-data = true
+
+[tool.setuptools.packages.find]
+where = ["src"]
+include = ["authsec_sdk*"]
+
+[tool.setuptools.package-data]
+authsec_sdk = ["spiffe_workload_api/api/*.proto"]

authsec_sdk_vnext-4.2.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

authsec_sdk_vnext-4.2.0/setup.py

@@ -0,0 +1,3 @@
+from setuptools import setup
+
+setup()

authsec_sdk_vnext-4.2.0/src/authsec_sdk/__init__.py

@@ -0,0 +1,54 @@
+from .core import (
+    mcp_tool,
+    protected_by_AuthSec,
+    run_mcp_server_with_oauth,
+    ServiceAccessSDK,
+    ServiceAccessError,
+    configure_auth,
+    get_config,
+    is_configured,
+    load_config,
+    test_auth_service,
+    test_services
+)
+
+# Import CIBA SDK for voice clients and passwordless authentication
+from .ciba_sdk import CIBAClient
+
+# Import Delegation SDK for AI agent trust delegation
+from .delegation_sdk import DelegationClient, DelegationError, DelegationTokenExpired, DelegationTokenNotFound
+
+# Import standalone SPIFFE Workload API SDK
+from .spiffe_workload_api import QuickStartSVID, WorkloadAPIClient
+
+# Also import SDK Manager SPIRE integration (optional)
+try:
+    from .spire_sdk import WorkloadSVID
+except ImportError:
+    WorkloadSVID = None
+
+__version__ = "4.2.0"
+__all__ = [
+    # MCP Auth & Services
+    "protected_by_AuthSec",
+    "run_mcp_server_with_oauth",
+    "ServiceAccessSDK",
+    "ServiceAccessError",
+    "configure_auth",
+    "get_config",
+    "is_configured",
+    "load_config",
+    "test_auth_service",
+    "test_services",
+    # CIBA SDK for Voice Clients
+    "CIBAClient",
+    # Delegation SDK for AI Agent Trust Delegation
+    "DelegationClient",
+    "DelegationError",
+    "DelegationTokenExpired",
+    "DelegationTokenNotFound",
+    # SPIRE Workload Identity (Standalone SDK)
+    "QuickStartSVID",
+    "WorkloadAPIClient",
+    "WorkloadSVID",
+]