PyPI - cemi-cli - Versions diffs - 0.1.1__py3-none-any.whl - Mend

cemi-cli 0.1.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

cemi/__init__.py +3 -0
cemi/api.py +49 -0
cemi/auth.py +107 -0
cemi/cli.py +629 -0
cemi/config.py +78 -0
cemi/contract.py +474 -0
cemi/decision_layer.py +353 -0
cemi/defaults.py +16 -0
cemi/examples/__init__.py +3 -0
cemi/examples/test_writer.py +50 -0
cemi/local_server.py +704 -0
cemi/workspace_dist/assets/bc28cd3b23be4b191421f0ead27bb2b9b7c23ff5-BAdrl-eN.png +0 -0
cemi/workspace_dist/assets/index-APOCwJvs.js +234 -0
cemi/workspace_dist/assets/index-S1cVBpyp.css +1 -0
cemi/workspace_dist/index.html +45 -0
cemi/writer.py +1239 -0
cemi_cli-0.1.1.dist-info/METADATA +362 -0
cemi_cli-0.1.1.dist-info/RECORD +21 -0
cemi_cli-0.1.1.dist-info/WHEEL +5 -0
cemi_cli-0.1.1.dist-info/entry_points.txt +2 -0
cemi_cli-0.1.1.dist-info/top_level.txt +1 -0

cemi/__init__.py ADDED Viewed

@@ -0,0 +1,3 @@
+"""CEMI CLI — authenticate, create runs, and stream metrics."""
+__version__ = "0.1.1"

cemi/api.py ADDED Viewed

@@ -0,0 +1,49 @@
+"""CEMI backend API client for CLI.
+Retained for future cloud work, but not surfaced in the closed-beta CLI.
+"""
+from __future__ import annotations
+from typing import Any
+import requests
+def start_run(
+    api_base: str,
+    access_token: str,
+    project: str | None,
+    name: str | None,
+) -> dict:
+    url = f"{api_base.rstrip('/')}/runs/start"
+    payload = {"project": project, "name": name}
+    r = requests.post(
+        url,
+        json=payload,
+        headers={"Authorization": f"Bearer {access_token}"},
+        timeout=30,
+    )
+    r.raise_for_status()
+    return r.json()
+def send_run_record(
+    api_base: str,
+    run_id: str,
+    run_token: str,
+    record: dict[str, Any],
+) -> dict:
+    """Send a run_record event to the ingestion API (future cloud path)."""
+    url = f"{api_base.rstrip('/')}/runs/{run_id}/events"
+    r = requests.post(
+        url,
+        json=record,
+        headers={
+            "Authorization": f"Bearer {run_token}",
+            "Content-Type": "application/json",
+        },
+        timeout=30,
+    )
+    r.raise_for_status()
+    return r.json() if r.text else {}

cemi/auth.py ADDED Viewed

@@ -0,0 +1,107 @@
+"""MSAL device-code auth and token cache for CEMI CLI.
+Retained for future cloud work, but not surfaced in the closed-beta CLI.
+"""
+from __future__ import annotations
+import os
+from pathlib import Path
+import msal
+ALLOWED_DOMAIN = os.environ.get("CEMI_ALLOWED_EMAIL_DOMAIN", "").strip().lower()
+def _load_cache(cache_path: Path) -> msal.SerializableTokenCache:
+    cache = msal.SerializableTokenCache()
+    if cache_path.exists():
+        cache.deserialize(cache_path.read_text())
+    return cache
+def _save_cache(cache_path: Path, cache: msal.SerializableTokenCache) -> None:
+    if cache.has_state_changed:
+        cache_path.write_text(cache.serialize())
+        try:
+            os.chmod(cache_path, 0o600)
+        except OSError:
+            pass
+def _build_app(
+    client_id: str,
+    authority: str,
+    cache: msal.SerializableTokenCache,
+) -> msal.PublicClientApplication:
+    return msal.PublicClientApplication(
+        client_id=client_id,
+        authority=authority,
+        token_cache=cache,
+    )
+def ensure_domain(result: dict) -> None:
+    if not ALLOWED_DOMAIN:
+        return
+    claims = result.get("id_token_claims") or {}
+    username = (claims.get("preferred_username") or claims.get("upn") or "").lower()
+    if not username.endswith("@" + ALLOWED_DOMAIN):
+        raise RuntimeError(
+            f"Only @{ALLOWED_DOMAIN} accounts are allowed (got: {username or 'unknown'})."
+        )
+def device_code_login(
+    client_id: str,
+    authority: str,
+    scopes: list[str],
+    cache_path: Path,
+) -> dict:
+    import json
+    cache = _load_cache(cache_path)
+    app = _build_app(client_id, authority, cache)
+    flow = app.initiate_device_flow(scopes=scopes)
+    if "user_code" not in flow:
+        raise RuntimeError(f"Failed to start device flow: {json.dumps(flow, indent=2)}")
+    print(flow["message"], flush=True)
+    result = app.acquire_token_by_device_flow(flow)
+    if "access_token" not in result:
+        err = result.get("error", "")
+        desc = result.get("error_description", "")
+        if "AADSTS7000218" in desc or "client_assertion" in desc or "client_secret" in desc:
+            raise RuntimeError(
+                "Auth failed: this app registration requires a client secret. "
+                "For CLI device-code flow, in Azure Portal go to App registration → Authentication → "
+                "Advanced settings → set 'Allow public client flows' to Yes, then try again."
+            )
+        raise RuntimeError(f"Auth failed: {err} - {desc}")
+    ensure_domain(result)
+    _save_cache(cache_path, cache)
+    return result
+def acquire_token_silent(
+    client_id: str,
+    authority: str,
+    scopes: list[str],
+    cache_path: Path,
+) -> str | None:
+    cache = _load_cache(cache_path)
+    app = _build_app(client_id, authority, cache)
+    accounts = app.get_accounts()
+    if not accounts:
+        return None
+    result = app.acquire_token_silent(scopes=scopes, account=accounts[0])
+    if result and "access_token" in result:
+        _save_cache(cache_path, cache)
+        return result["access_token"]
+    return None