dinie-sdk 1.0.0__tar.gz

dinie_sdk-1.0.0/.github/workflows/ci.yml

@@ -0,0 +1,100 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  build:
+    name: ruff · mypy · pytest (Python ${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.10", "3.11", "3.12"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: pip install -e ".[dev]"
+
+      - name: ruff lint
+        run: ruff check dinie/ tests/
+
+      - name: ruff format check
+        run: ruff format --check dinie/ tests/
+
+      - name: mypy strict
+        run: mypy --strict dinie/
+
+      - name: pytest
+        run: pytest tests/
+
+      # Non-gate: live smoke against staging (credentials not yet provisioned).
+      # Skips gracefully when DINIE_CLIENT_ID is absent.
+      - name: smoke (informative)
+        run: python -c "import os; exit(0 if not os.getenv('DINIE_CLIENT_ID') else 0)"
+        continue-on-error: true
+        env:
+          DINIE_CLIENT_ID: ${{ secrets.DINIE_CLIENT_ID }}
+          DINIE_CLIENT_SECRET: ${{ secrets.DINIE_CLIENT_SECRET }}
+          DINIE_BASE_URL: ${{ secrets.DINIE_BASE_URL }}
+
+  drift:
+    # D7: hermetic drift gate — verifies committed dinie/generated/ matches what
+    # sdk-generator emits from its vendored golden spec (no oasdiff, no api-docs
+    # checkout). A hand-edit to generated/ makes this job red; reverting makes it green.
+    #
+    # Requires (user-created):
+    #   - vars.GH_APP_ID
+    #   - secrets.GH_APP_PRIVATE_KEY
+    name: Drift gate (sdk-generator check)
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout sdk-python
+        uses: actions/checkout@v4
+
+      - name: Mint GitHub App token (org-scoped — generator access)
+        id: app
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          owner: dinie-tech
+
+      - name: Checkout sdk-generator (vendored golden)
+        uses: actions/checkout@v4
+        with:
+          repository: dinie-tech/sdk-generator
+          path: .gen
+          token: ${{ steps.app.outputs.token }}
+
+      - name: Set up Bun
+        uses: oven-sh/setup-bun@v2
+
+      # Python + ruff — the generator's `check --target python` runs `ruff format` to
+      # normalize generated code before diff. Without ruff, the drift check fails with
+      # "Executable not found in $PATH: ruff".
+      - name: Setup Python 3.12 + ruff (drift gate dependency)
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install ruff (pinned — matches generator CI)
+        run: pip install ruff==0.15.5
+
+      - name: Install generator dependencies
+        run: cd .gen && bun install
+
+      - name: Run drift check (hermetic — no oasdiff, no api-docs)
+        # Emits from the generator's vendored golden spec and diffs vs committed
+        # dinie/generated/. Exit 1 if any file differs → CI red (D7).
+        run: cd .gen && bun src/cli.ts check --target python --output "$GITHUB_WORKSPACE"

dinie_sdk-1.0.0/.github/workflows/publish.yml

@@ -0,0 +1,68 @@
+name: Publish
+
+# Publishes dinie-sdk to PyPI via OIDC Trusted Publishing (keyless — no token).
+#
+# D1: No PYPI_API_TOKEN here, in the job, or anywhere in this repo — authentication
+# is solely via the OIDC id-token (GitHub → PyPI federation, pypa/gh-action-pypi-publish).
+#
+# D8: Triggered by a tag push (v*). The tag is auto-created by tag-release.yml on a
+# generator-bump PR merge.
+#
+# D9: tag-release.yml pushes the tag with the GitHub App token (not GITHUB_TOKEN) so
+# that this workflow actually fires — GITHUB_TOKEN-pushed tags do NOT trigger other
+# workflows (GitHub anti-recursion guard).
+#
+# Requires (user-created):
+#   - PyPI pending publisher registered: project=dinie-sdk, owner=dinie-tech,
+#     repo=sdk-python, workflow=publish.yml, environment=pypi
+#   - GitHub Environment 'pypi' created on this repo
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  publish:
+    name: Publish to PyPI + create GitHub Release
+    runs-on: ubuntu-latest
+    environment: pypi
+
+    permissions:
+      id-token: write  # MANDATORY for OIDC Trusted Publishing (D1)
+      contents: write  # required to create the GitHub Release
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python 3.12
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Build distribution
+        run: pip install build && python -m build
+
+      - name: Publish to PyPI (OIDC — no token)
+        # Keyless: no password or PYPI_API_TOKEN — the OIDC id-token is the credential.
+        # On first publish the PyPI pending publisher becomes a normal trusted publisher.
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+      - name: Extract release notes from CHANGELOG
+        # DoD #7: extracts the [X.Y.Z] section verbatim so the GitHub Release body
+        # equals the CHANGELOG section byte-for-byte (modulo surrounding whitespace).
+        run: |
+          VERSION="${GITHUB_REF_NAME#v}"
+          awk -v ver="[${VERSION}]" \
+            'index($0, "## " ver) == 1 { found=1; next } found && /^## \[/ { exit } found { print }' \
+            CHANGELOG.md > /tmp/release_body.md
+          echo "--- Release body ---"
+          cat /tmp/release_body.md
+          echo "--- End release body ---"
+
+      - name: Create GitHub Release
+        # DoD #7: body_path references the file produced in the step above,
+        # making the Release body == CHANGELOG [X.Y.Z] section (assertable equality).
+        uses: softprops/action-gh-release@v2
+        with:
+          body_path: /tmp/release_body.md

dinie_sdk-1.0.0/.github/workflows/tag-release.yml

@@ -0,0 +1,59 @@
+name: Tag Release
+
+# Creates the vX.Y.Z tag on merge of a generator-bump PR, using the GitHub App token.
+#
+# D8: Triggers on PR close; the guard fires only when the PR was merged AND carries
+# the 'generator-bump' label (the label that auto-PR opens with, §8.2).
+#
+# D9 (LOAD-BEARING): The tag MUST be pushed with the App token, NOT with the default
+# GITHUB_TOKEN. GitHub's anti-recursion guard prevents a GITHUB_TOKEN-pushed tag from
+# triggering publish.yml (on: push: tags). Pushing with the App token bypasses this
+# guard and lets publish.yml fire automatically.
+#
+# Requires (user-created):
+#   - vars.GH_APP_ID  — GitHub App ID (integer, not a secret)
+#   - secrets.GH_APP_PRIVATE_KEY — the App private key (IS a secret)
+
+on:
+  pull_request:
+    types: [closed]
+
+permissions:
+  contents: read  # GITHUB_TOKEN is minimised; all push work uses the App token below.
+
+jobs:
+  tag:
+    name: Tag vX.Y.Z with App token (D9)
+    # Only fire when the PR was actually merged AND carries the 'generator-bump' label.
+    if: |
+      github.event.pull_request.merged == true &&
+      contains(github.event.pull_request.labels.*.name, 'generator-bump')
+    runs-on: ubuntu-latest
+
+    steps:
+      # D9: Mint the App token FIRST. This token is used for the checkout and tag push
+      # so the resulting push is attributed to the App, not GITHUB_TOKEN.
+      - name: Mint GitHub App token (D9)
+        id: app
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+
+      # Checkout with the App token so the remote is configured to use it for push.
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ steps.app.outputs.token }}
+
+      - name: Read version from pyproject.toml and push tag
+        # Reads [project] version from pyproject.toml, creates a lightweight tag,
+        # and pushes it with the App token (D9) so publish.yml fires.
+        run: |
+          V=$(grep '^version = ' pyproject.toml | sed 's/^version = "\(.*\)"$/\1/')
+          if [ -z "$V" ]; then
+            echo "ERROR: could not read version from pyproject.toml" >&2
+            exit 1
+          fi
+          echo "Tagging v${V}"
+          git tag "v${V}"
+          git push origin "v${V}"

dinie_sdk-1.0.0/.gitignore

@@ -0,0 +1,50 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+*.pyd
+
+# Build / distribution
+build/
+dist/
+*.egg-info/
+.eggs/
+*.egg
+MANIFEST
+
+# Virtual environments
+.venv/
+venv/
+ENV/
+env/
+
+# Environment files (credentials — never commit)
+.env
+.env.*
+!.env.example
+
+# Test / coverage artefacts
+.pytest_cache/
+.coverage
+.coverage.*
+htmlcov/
+*.cover
+*.coveragerc
+
+# Type checking
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Linting
+.ruff_cache/
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# macOS
+.DS_Store

dinie_sdk-1.0.0/.tool-versions

@@ -0,0 +1 @@
+python 3.12.0

dinie_sdk-1.0.0/CHANGELOG.md

@@ -0,0 +1,39 @@
+# Changelog
+
+All notable changes to the `dinie-sdk` Python SDK are documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [1.0.0] - 2026-06-12
+
+Initial public release.
+
+### Added
+
+- **Distribution name:** `dinie-sdk` on PyPI (`from dinie import Dinie` unchanged).
+- **OIDC Trusted Publishing:** `publish.yml` — keyless PyPI publish via
+  `pypa/gh-action-pypi-publish` (no `PYPI_API_TOKEN`). Triggered on `v*` tag push.
+- **Tag automation:** `tag-release.yml` — pushes `vX.Y.Z` tag (via GitHub App token, D9)
+  on merge of a `generator-bump`-labelled PR so `publish.yml` fires automatically.
+- **Drift gate:** `ci.yml` drift job — hermetic check against `sdk-generator` vendored
+  golden; fails CI on any hand-edit to `dinie/generated/`.
+- **User-Agent header:** `Dinie-SDK-Python/<version> (api-version=<api_version>;
+  python/<rt>)` injected on every request. `sdk_version` from
+  `importlib.metadata.version("dinie-sdk")`; `api_version` from the generated
+  `_API_VERSION` constant — neither is hardcoded.
+- **`__version__`** derived from installed package metadata via
+  `importlib.metadata.version("dinie-sdk")`.
+- Full runtime layer: token management (client credentials + session exchange),
+  multipart/form-data transport, pagination, webhook extraction, structured errors
+  (`ApiError`, `APIConnectionError`, `APITimeoutError`, `SessionTokenExpiredError`).
+- Generated surface: `dinie/generated/` — all six resource classes (`credentials`,
+  `customers`, `kyc_attachments`, `loans`, `offers`, `biometrics`), webhook event
+  types, `_api_version.py`, `.metadata.json` provenance. Regenerated from real
+  `dinie-tech/api-docs` spec (PR #21 — biometrics surface, pruned demo fields).
+- `py.typed` marker (PEP 561).
+- MIT license.
+- CI: `ruff check`, `ruff format --check`, `mypy --strict`, `pytest` on Python 3.10,
+  3.11, 3.12.

dinie_sdk-1.0.0/CODEOWNERS

@@ -0,0 +1,14 @@
+# CODEOWNERS — runtime/ <-> generated/ directory boundary (architecture §4.2).
+#
+# /dinie/runtime/   -> hand-written runtime. Human owners — real enforcement.
+#                      Authors: stories 003 (runtime spine) and 004 (domain types).
+# /dinie/generated/ -> EMITTED by sdk-generator (story 007 onwards). Owned by the
+#                      generator bot (@dinie-sdk-bot). CI will run `sdk-generator
+#                      --check` here from V1.1 to ensure humans don't edit the
+#                      generated layer without regenerating.
+#
+# The unidirectional import boundary (generated/ -> runtime/, never the reverse)
+# is the load-bearing invariant; CODEOWNERS makes the ownership split explicit.
+
+/dinie/runtime/    @jaisonerick @dinie-tech/sdk-runtime-owners
+/dinie/generated/  @dinie-sdk-bot

dinie_sdk-1.0.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Dinie
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

dinie_sdk-1.0.0/PKG-INFO

@@ -0,0 +1,87 @@
+Metadata-Version: 2.4
+Name: dinie-sdk
+Version: 1.0.0
+Summary: Official Python SDK for the Dinie V3 API
+License: MIT
+License-File: LICENSE
+Requires-Python: >=3.10
+Requires-Dist: httpx>=0.27
+Provides-Extra: dev
+Requires-Dist: build; extra == 'dev'
+Requires-Dist: mypy; extra == 'dev'
+Requires-Dist: pytest; extra == 'dev'
+Requires-Dist: pytest-httpx; extra == 'dev'
+Requires-Dist: ruff; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# dinie
+
+Official Python SDK for the [Dinie](https://dinie.com.br) V3 API (backend-only).
+
+A synchronous Python client for the Dinie credit-as-a-service platform: OAuth2
+client-credentials auth (handled for you), automatic retries with idempotency, cursor
+pagination, typed errors, and webhook verification. Snake_case throughout — the wire and
+the Python surface match, so there is no casing to translate.
+
+> **Status — pre-release (`0.5.0`).** The public surface is being generated from the Dinie
+> V3 contract. PyPI publishing is planned for V1.0; until then install directly from the
+> repository.
+
+## Requirements
+
+- Python >= 3.10
+- A Dinie API credential (`client_id` + `client_secret`)
+
+## Installation
+
+```bash
+pip install -e ".[dev]"
+```
+
+## Quickstart
+
+```python
+import dinie
+
+client = dinie.Dinie(client_id="dinie_ci_…", client_secret="…")
+
+customer = client.customers.create(
+    email="ana@example.com",
+    phone="+5511999999999",
+    cpf="123.456.789-09",
+)
+
+customer.id      # "cust_…"
+customer.status  # "pending_kyc"
+```
+
+> **Note:** the `Dinie` client and generated resource methods are populated in story 007.
+> This scaffold ships a typed skeleton that keeps CI green.
+
+The client owns an in-memory OAuth2 token cache, so **construct it once and reuse it**.
+Tokens are fetched and refreshed transparently.
+
+## Development
+
+```bash
+pip install -e ".[dev]"
+pytest tests/
+ruff check dinie/ tests/
+mypy --strict dinie/
+```
+
+## Architecture
+
+```
+dinie/
+  runtime/    # hand-written: HTTP, auth, retries, pagination, errors, webhooks
+  generated/  # spec-driven: client, resources, types, events (emitted by sdk-generator)
+```
+
+The `runtime/` layer is hand-written and owned by humans. The `generated/` layer is
+emitted by `sdk-generator --target python` from the OpenAPI spec + `sdk-config.yml`.
+Never hand-edit `generated/` — regenerate instead.
+
+## License
+
+MIT

dinie_sdk-1.0.0/README.md

@@ -0,0 +1,71 @@
+# dinie
+
+Official Python SDK for the [Dinie](https://dinie.com.br) V3 API (backend-only).
+
+A synchronous Python client for the Dinie credit-as-a-service platform: OAuth2
+client-credentials auth (handled for you), automatic retries with idempotency, cursor
+pagination, typed errors, and webhook verification. Snake_case throughout — the wire and
+the Python surface match, so there is no casing to translate.
+
+> **Status — pre-release (`0.5.0`).** The public surface is being generated from the Dinie
+> V3 contract. PyPI publishing is planned for V1.0; until then install directly from the
+> repository.
+
+## Requirements
+
+- Python >= 3.10
+- A Dinie API credential (`client_id` + `client_secret`)
+
+## Installation
+
+```bash
+pip install -e ".[dev]"
+```
+
+## Quickstart
+
+```python
+import dinie
+
+client = dinie.Dinie(client_id="dinie_ci_…", client_secret="…")
+
+customer = client.customers.create(
+    email="ana@example.com",
+    phone="+5511999999999",
+    cpf="123.456.789-09",
+)
+
+customer.id      # "cust_…"
+customer.status  # "pending_kyc"
+```
+
+> **Note:** the `Dinie` client and generated resource methods are populated in story 007.
+> This scaffold ships a typed skeleton that keeps CI green.
+
+The client owns an in-memory OAuth2 token cache, so **construct it once and reuse it**.
+Tokens are fetched and refreshed transparently.
+
+## Development
+
+```bash
+pip install -e ".[dev]"
+pytest tests/
+ruff check dinie/ tests/
+mypy --strict dinie/
+```
+
+## Architecture
+
+```
+dinie/
+  runtime/    # hand-written: HTTP, auth, retries, pagination, errors, webhooks
+  generated/  # spec-driven: client, resources, types, events (emitted by sdk-generator)
+```
+
+The `runtime/` layer is hand-written and owned by humans. The `generated/` layer is
+emitted by `sdk-generator --target python` from the OpenAPI spec + `sdk-config.yml`.
+Never hand-edit `generated/` — regenerate instead.
+
+## License
+
+MIT

dinie_sdk-1.0.0/dinie/__init__.py

@@ -0,0 +1,78 @@
+"""Dinie Python SDK.
+
+Official SDK for the Dinie V3 API. Import the client and call it:
+
+    import dinie
+    client = dinie.Dinie(client_id="...", client_secret="...")
+
+Webhook events:
+
+    from dinie.webhooks import extract
+    event = extract(payload, headers)
+    match event:
+        case dinie.CustomerCreatedEvent(): ...
+"""
+
+from __future__ import annotations
+
+import importlib.metadata
+
+from dinie.generated.client import Dinie
+from dinie.generated.events import WebhookEvent
+from dinie.generated.events.credit_offer_available import CreditOfferAvailable
+from dinie.generated.events.credit_offer_expired import CreditOfferExpired
+from dinie.generated.events.customer_active import CustomerActive
+from dinie.generated.events.customer_created import CustomerCreated
+from dinie.generated.events.customer_denied import CustomerDenied
+from dinie.generated.events.customer_kyc_updated import CustomerKycUpdated
+from dinie.generated.events.customer_under_review import CustomerUnderReview
+from dinie.generated.events.loan_active import LoanActive
+from dinie.generated.events.loan_cancelled import LoanCancelled
+from dinie.generated.events.loan_created import LoanCreated
+from dinie.generated.events.loan_error import LoanError
+from dinie.generated.events.loan_finished import LoanFinished
+from dinie.generated.events.loan_payment_received import LoanPaymentReceived
+from dinie.generated.events.loan_processing import LoanProcessing
+from dinie.generated.events.loan_signature_received import LoanSignatureReceived
+from dinie.runtime.errors import (
+    APIConnectionError,
+    ApiError,
+    APITimeoutError,
+    SessionTokenExpiredError,
+)
+
+try:
+    __version__: str = importlib.metadata.version("dinie-sdk")
+except importlib.metadata.PackageNotFoundError:
+    __version__ = "0.0.0+dev"
+
+# C-COLO-2: __version__ is derived from the installed package metadata (PEP 566).
+# sdk_version in the User-Agent (runtime/http.py) reads from the same source via
+# importlib.metadata.version("dinie-sdk") so both track the manifest, not a second literal.
+
+__all__ = [
+    "__version__",
+    "Dinie",
+    "WebhookEvent",
+    # Event types (for match/case and isinstance checks)
+    "CreditOfferAvailable",
+    "CreditOfferExpired",
+    "CustomerActive",
+    "CustomerCreated",
+    "CustomerDenied",
+    "CustomerKycUpdated",
+    "CustomerUnderReview",
+    "LoanActive",
+    "LoanCancelled",
+    "LoanCreated",
+    "LoanError",
+    "LoanFinished",
+    "LoanPaymentReceived",
+    "LoanProcessing",
+    "LoanSignatureReceived",
+    # Errors
+    "ApiError",
+    "APIConnectionError",
+    "APITimeoutError",
+    "SessionTokenExpiredError",
+]

dinie_sdk-1.0.0/dinie/generated/.metadata.json

@@ -0,0 +1,8 @@
+{
+  "openapi_version": "2026-03-01",
+  "openapi_sha": "",
+  "openapi_blob": "bc13d03825a1e42e845726fef46a786838e5f9dc",
+  "generator_version": "0.4.0",
+  "generator_commit": "89a8b96",
+  "generated_at_utc": "2026-06-12T12:35:54.295Z"
+}

dinie_sdk-1.0.0/dinie/generated/__init__.py

@@ -0,0 +1,20 @@
+# generated — do not edit
+from __future__ import annotations
+
+from .client import Dinie
+from .errors import (
+    ERROR_REGISTRY_BY_STATUS,
+    ERROR_REGISTRY_BY_TYPE,
+    SERVER_ERROR_CLASS,
+)
+from .events import EVENT_DESERIALIZERS, WebhookEvent
+from .types import *  # noqa: F401, F403
+
+__all__ = [
+    "Dinie",
+    "ERROR_REGISTRY_BY_TYPE",
+    "ERROR_REGISTRY_BY_STATUS",
+    "SERVER_ERROR_CLASS",
+    "EVENT_DESERIALIZERS",
+    "WebhookEvent",
+]

dinie_sdk-1.0.0/dinie/generated/_api_version.py

@@ -0,0 +1,2 @@
+# generated — do not edit
+API_VERSION = "2026-03-01"