dominus-sdk-python 2.18.0__tar.gz → 3.0.0__tar.gz

{dominus_sdk_python-2.18.0 → dominus_sdk_python-3.0.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dominus-sdk-python
-Version: 2.18.0
+Version: 3.0.0
 Summary: Python SDK for the Dominus Orchestrator Platform
 Author-email: CareBridge Systems <dev@carebridge.io>
 License: Proprietary
@@ -49,7 +49,7 @@ Async Python SDK for CareBridge Dominus platform services. Routes calls through
 - Server-side, asyncio-first Python SDK (3.9+)
 - Namespace API with root-level shortcuts for common operations
 - Targets production Cloudflare Workers (gateway, JWT, logs) and Cloud Run (orchestrator)
-- Version: 2.18.0
+- Version: 3.0.0
 
 ## Quick Start
 
@@ -195,6 +195,13 @@ dominus.release_console()     # stop capturing
 - [Development](docs/development.md) -- Setup, testing, adding APIs
 - [Workflow hard-cut release notes](docs/workflow-hard-cut-release.md) -- cutover notes and operational checks
 
+## Verification (local)
+
+```bash
+pip install -e .
+python -m pytest tests -q
+```
+
 ## Workflow Surfaces
 
 - `dominus.workflow.*` is the saved-workflow facade through `dominus-workflow-manager`. Use it for stored workflow IDs and the artifact-aware run lifecycle: `create_run -> register_artifact -> validate_run -> start_run`.

{dominus_sdk_python-2.18.0 → dominus_sdk_python-3.0.0}/README.md

@@ -7,7 +7,7 @@ Async Python SDK for CareBridge Dominus platform services. Routes calls through
 - Server-side, asyncio-first Python SDK (3.9+)
 - Namespace API with root-level shortcuts for common operations
 - Targets production Cloudflare Workers (gateway, JWT, logs) and Cloud Run (orchestrator)
-- Version: 2.18.0
+- Version: 3.0.0
 
 ## Quick Start
 
@@ -153,6 +153,13 @@ dominus.release_console()     # stop capturing
 - [Development](docs/development.md) -- Setup, testing, adding APIs
 - [Workflow hard-cut release notes](docs/workflow-hard-cut-release.md) -- cutover notes and operational checks
 
+## Verification (local)
+
+```bash
+pip install -e .
+python -m pytest tests -q
+```
+
 ## Workflow Surfaces
 
 - `dominus.workflow.*` is the saved-workflow facade through `dominus-workflow-manager`. Use it for stored workflow IDs and the artifact-aware run lifecycle: `create_run -> register_artifact -> validate_run -> start_run`.

{dominus_sdk_python-2.18.0 → dominus_sdk_python-3.0.0}/dominus/__init__.py

@@ -154,6 +154,7 @@ from .helpers.cache import (
 from .helpers.core import (
     verify_jwt_locally,
     is_jwt_valid,
+    mint_selected_project_jwt,
 )
 
 # Export trace utilities for distributed tracing
@@ -180,7 +181,7 @@ from .errors import (
     TimeoutError as DominusTimeoutError,
 )
 
-__version__ = "2.18.0"
+__version__ = "3.0.0"
 __all__ = [
     # Main SDK instance
     "dominus",
@@ -250,6 +251,7 @@ __all__ = [
     # JWT verification utilities
     "verify_jwt_locally",
     "is_jwt_valid",
+    "mint_selected_project_jwt",
     # Trace utilities
     "generate_trace_id",
     "get_current_trace_id",

{dominus_sdk_python-2.18.0 → dominus_sdk_python-3.0.0}/dominus/helpers/core.py

@@ -521,29 +521,31 @@ async def _ensure_valid_jwt(psk_token: str, sovereign_url: str) -> str:
         return jwt
 
 
-async def delegate_jwt(
+async def mint_selected_project_jwt(
     psk_token: str,
     target_project_id: str,
     target_environment: str,
     use_shared: bool = False
 ) -> str:
     """
-    Mint a delegated JWT for a target project.
+    Mint a selected-project JWT for a target project.
 
-    This is used by admin-level services (like MCP) to get JWTs
-    that allow operations on behalf of other projects.
+    This is used by admin-level services to act within a selected project
+    context. The compatibility route name remains `/jwt/delegate`, but
+    the canonical contract is selected-project targeting, not a separate
+    delegated token family.
 
     Args:
         psk_token: Admin PSK token (DOMINUS_TOKEN for admin project)
         target_project_id: UUID of the target project
         target_environment: Environment (development, staging, production)
-        use_shared: If True, includes shared_project_id in claims
+        use_shared: Deprecated compatibility flag; selected-project JWTs infer shared context from the target project
 
     Returns:
-        Delegated JWT token string with system=delegated
+        Selected-project JWT string
 
     Raises:
-        RuntimeError: If delegation fails
+        RuntimeError: If selected-project minting fails
     """
     from ..config.endpoints import get_gateway_url, get_proxy_config
     gateway_url = get_gateway_url()
@@ -557,13 +559,11 @@ async def delegate_jwt(
         "X-Parent-Span-Id": get_current_span_id(),
     }
 
-    # Body format for /jwt/delegate endpoint
     body_json = {
         "target_project_id": target_project_id,
         "target_environment": target_environment
     }
-    if use_shared:
-        body_json["use_shared"] = True
+    _ = use_shared
 
     body_b64 = _b64_encode(body_json)
 
@@ -576,13 +576,13 @@ async def delegate_jwt(
             result = _b64_decode(response.text)
 
             if not result.get("success"):
-                error_msg = result.get("error", "Unknown delegation error")
-                raise RuntimeError(f"Delegation error: {error_msg}")
+                error_msg = result.get("error", "Unknown selected-project mint error")
+                raise RuntimeError(f"Selected-project mint error: {error_msg}")
 
             data = result.get("data", {})
             jwt = data.get("token") or data.get("access_token")
             if not jwt:
-                raise RuntimeError("No JWT token in delegation response")
+                raise RuntimeError("No JWT token in selected-project mint response")
 
             return jwt
 
@@ -594,10 +594,31 @@ async def delegate_jwt(
                 error_detail = error_body.get("error") or str(error_body)
         except Exception:
             error_detail = e.response.text[:200] if e.response.text else str(e)
-        raise RuntimeError(f"Delegation failed: {error_detail}") from e
+        raise RuntimeError(f"Selected-project JWT mint failed: {error_detail}") from e
 
     except Exception as e:
-        raise RuntimeError(f"Delegation failed: {e}") from e
+        raise RuntimeError(f"Selected-project JWT mint failed: {e}") from e
+
+
+async def delegate_jwt(
+    psk_token: str,
+    target_project_id: str,
+    target_environment: str,
+    use_shared: bool = False
+) -> str:
+    """
+    Compatibility alias for :func:`mint_selected_project_jwt`.
+
+    .. deprecated::
+        Prefer :func:`mint_selected_project_jwt` for new code; "delegated" naming is
+        legacy terminology only.
+    """
+    return await mint_selected_project_jwt(
+        psk_token=psk_token,
+        target_project_id=target_project_id,
+        target_environment=target_environment,
+        use_shared=use_shared,
+    )
 
 
 def verify_token_format(token: str) -> bool:

{dominus_sdk_python-2.18.0 → dominus_sdk_python-3.0.0}/dominus/namespaces/artifacts.py

@@ -4,10 +4,14 @@ Artifacts Namespace - Temporary artifact storage.
 Provides auto-tiered artifact storage (Redis < 1MB, B2 >= 1MB)
 with TTL-based expiration. Routes through gateway to artifact-worker.
 
+The artifact worker returns HTTP 410 for legacy paths (/store, /retrieve, /list, /delete).
+This SDK only calls /api/artifact/v2/*; convenience ``store``/``retrieve``/``delete`` map
+those shapes to V2 compatibility addressing (see ``store_v2`` for canonical addressed writes).
+
 Usage:
     from dominus import dominus
 
-    # Store
+    # Prefer store_v2 / addressed refs for new code; legacy-shaped store maps to V2 internally
     result = await dominus.artifacts.store(data="base64data...", ttl_seconds=7200)
 
     # Retrieve
@@ -271,6 +275,21 @@ class ArtifactsNamespace:
     def __init__(self, client: "Dominus"):
         self._client = client
 
+    async def _legacy_project_context(self) -> tuple[str, str]:
+        """project_id and env from the cached service JWT (for V1-shaped -> V2 compat calls)."""
+        from ..helpers.core import _ensure_valid_jwt
+        from ..start import _BASE_URL, _TOKEN
+
+        jwt = await _ensure_valid_jwt(_TOKEN, _BASE_URL)
+        claims = await self._client.validate_jwt(jwt)
+        pid = _safe_string(claims.get("project_id"))
+        env = _safe_string(claims.get("env")) or "production"
+        if not pid:
+            raise RuntimeError(
+                "dominus.artifacts legacy methods require project_id on the service JWT",
+            )
+        return pid, env
+
     async def _api(
         self,
         endpoint: str,
@@ -293,19 +312,27 @@ class ArtifactsNamespace:
         category: Optional[str] = None,
     ) -> Dict[str, Any]:
         """
-        List artifacts for the current project/environment.
+        List artifact heads (V2 / legacy kind) for the service JWT project.
 
-        Args:
-            limit: Max items to return (default 100, max 500)
-            category: Optional category filter
-
-        Returns:
-            {artifacts: [...], count: int, total_size_bytes: int}
+        Category filtering is client-side when rows include ``category``.
         """
-        body: Dict[str, Any] = {"limit": limit}
+        project_id, environment = await self._legacy_project_context()
+        lim = max(1, min(int(limit or 100), 500))
+        raw = await self.list_v2(
+            lim,
+            group="dominus",
+            owner=f"project:{project_id}",
+            environment=environment,
+            kind="legacy",
+        )
+        artifacts = list(raw.get("artifacts") or [])
         if category:
-            body["category"] = category
-        return await self._api("/api/artifact/list", body=body)
+            artifacts = [a for a in artifacts if (a or {}).get("category") == category]
+        count = raw.get("count", len(artifacts))
+        total = raw.get("total_size_bytes")
+        if total is None:
+            total = sum(int((a or {}).get("size_bytes") or 0) for a in artifacts)
+        return {"artifacts": artifacts, "count": count, "total_size_bytes": total}
 
     async def get_health(self) -> Dict[str, Any]:
         """Check artifact worker health."""
@@ -320,52 +347,56 @@ class ArtifactsNamespace:
         content_type: Optional[str] = None,
     ) -> Dict[str, Any]:
         """
-        Store an artifact.
-
-        Args:
-            data: Base64-encoded data
-            key: Optional caller-provided key (UUID generated if not provided)
-            ttl_seconds: Time-to-live in seconds (default 3600)
-            category: Optional category for organization
-
-        Returns:
-            {key, ref, storage_type, size_bytes, expires_at}
+        Legacy-shaped store mapped to V2 (dominus / project:{id} / legacy / encoded key).
         """
-        body: Dict[str, Any] = {
-            "data": data,
-            "ttl_seconds": ttl_seconds,
+        import uuid
+
+        project_id, environment = await self._legacy_project_context()
+        use_key = key or str(uuid.uuid4())
+        v2 = await self.store_v2(
+            group="dominus",
+            owner=f"project:{project_id}",
+            environment=environment,
+            kind="legacy",
+            artifact_key=quote(use_key, safe=""),
+            data=data,
+            ttl_seconds=ttl_seconds,
+            category=category,
+            content_type=content_type,
+        )
+        disp = build_display_artifact_ref(use_key)
+        return {
+            "key": use_key,
+            "ref": v2.get("compatibility_ref") or v2.get("head_ref") or disp,
+            "storage_type": v2.get("storage_type") or "redis",
+            "size_bytes": v2.get("size_bytes", 0),
+            "expires_at": v2.get("expires_at") or "",
         }
-        if key:
-            body["key"] = key
-        if category:
-            body["category"] = category
-        if content_type:
-            body["content_type"] = content_type
-        return await self._api("/api/artifact/store", body=body)
 
     async def retrieve(self, key: str) -> Dict[str, Any]:
         """
-        Retrieve an artifact by key.
-
-        Args:
-            key: Artifact key
-
-        Returns:
-            {key, data, storage_type, size_bytes, expires_at}
+        Retrieve by key via V2 display ref + target_project_id (compat with legacy data).
         """
-        return await self._api("/api/artifact/retrieve", body={"key": key})
+        project_id, _environment = await self._legacy_project_context()
+        return await self._api(
+            "/api/artifact/v2/retrieve",
+            body={
+                "ref": f"{DISPLAY_REF_PREFIX}{key}",
+                "target_project_id": project_id,
+            },
+        )
 
     async def delete(self, key: str) -> Dict[str, Any]:
-        """
-        Delete an artifact by key.
-
-        Args:
-            key: Artifact key
-
-        Returns:
-            {deleted: bool, key: str}
-        """
-        return await self._api("/api/artifact/delete", body={"key": key})
+        """Delete legacy compatibility head via V2 selector."""
+        project_id, environment = await self._legacy_project_context()
+        await self.delete_v2(
+            group="dominus",
+            owner=f"project:{project_id}",
+            environment=environment,
+            kind="legacy",
+            artifact_key=quote(key, safe=""),
+        )
+        return {"deleted": True, "key": key}
 
     async def cleanup(
         self,
@@ -373,19 +404,12 @@ class ArtifactsNamespace:
         limit: int = 100,
     ) -> Dict[str, Any]:
         """
-        Cleanup expired artifacts (admin only).
-
-        Args:
-            force: Skip throttle check
-            limit: Max items to clean (default 100)
+        HTTP /cleanup is not exposed on the worker; opportunistic cleanup runs after v2 store.
 
-        Returns:
-            {cleaned: int, skipped: bool}
+        Returns a skipped sentinel for API compatibility.
         """
-        body: Dict[str, Any] = {"limit": limit}
-        if force:
-            body["force"] = True
-        return await self._api("/api/artifact/cleanup", body=body)
+        del force, limit
+        return {"cleaned": 0, "skipped": True}
 
     def _selector_body(self, options: Dict[str, Any]) -> Dict[str, Any]:
         body: Dict[str, Any] = {}

{dominus_sdk_python-2.18.0 → dominus_sdk_python-3.0.0}/dominus/namespaces/logs.py

@@ -11,6 +11,7 @@ import sys
 import time
 from datetime import datetime, timezone
 from typing import Any, Dict, List, Optional, Tuple, TYPE_CHECKING
+from urllib.parse import urlencode
 
 if TYPE_CHECKING:
     from ..start import Dominus
@@ -321,6 +322,13 @@ class LogsNamespace:
         minutes: int = 10,
         limit: int = 100,
         trace_id: Optional[str] = None,
+        since: Optional[str] = None,
+        company: Optional[str] = None,
+        subject: Optional[str] = None,
+        run_id: Optional[str] = None,
+        deploy_id: Optional[str] = None,
+        installation_id: Optional[str] = None,
+        artifact_ref: Optional[str] = None,
     ) -> List[Dict[str, Any]]:
         """Tail recent logs from the Logs Worker.
 
@@ -330,18 +338,39 @@ class LogsNamespace:
             minutes: Time window — 1, 10, or 60 (default: 10)
             limit: Maximum results, 1-1000 (default: 100)
             trace_id: Optional trace_id filter to return only events from a specific trace
+            since: Optional ISO timestamp lower bound
+            company: Optional canonical company slug filter
+            subject: Optional domain subject filter
+            run_id: Optional workflow or Authority run id filter
+            deploy_id: Optional deploy authority id filter
+            installation_id: Optional managed-client installation id filter
+            artifact_ref: Optional artifact ref filter
 
         Returns:
             List of log event dicts
         """
-        params = []
+        params: Dict[str, Any] = {}
         if minutes != 10:
-            params.append(f"minutes={minutes}")
+            params["minutes"] = minutes
         if limit != 100:
-            params.append(f"limit={limit}")
+            params["limit"] = limit
         if trace_id:
-            params.append(f"trace_id={trace_id}")
-        qs = "&".join(params)
+            params["trace_id"] = trace_id
+        if since:
+            params["since"] = since
+        if company:
+            params["company"] = company
+        if subject:
+            params["subject"] = subject
+        if run_id:
+            params["run_id"] = run_id
+        if deploy_id:
+            params["deploy_id"] = deploy_id
+        if installation_id:
+            params["installation_id"] = installation_id
+        if artifact_ref:
+            params["artifact_ref"] = artifact_ref
+        qs = urlencode(params)
         endpoint = f"/api/logs/tail?{qs}" if qs else "/api/logs/tail"
 
         try:
@@ -372,7 +401,7 @@ class LogsNamespace:
         Returns:
             List of log event dicts
         """
-        return await self.tail(minutes=minutes, limit=limit)
+        return await self.tail(minutes=minutes, limit=limit, **kwargs)
 
     async def batch(
         self,

{dominus_sdk_python-2.18.0 → dominus_sdk_python-3.0.0}/dominus/namespaces/workflow.py

@@ -29,10 +29,15 @@ Usage:
     templates = await dominus.workflow.list_templates()
     await dominus.workflow.copy_template(template_id)
 
-    # Saved-workflow lifecycle
-    run = await dominus.workflow.create_run(workflow_id=workflow_id, context={"key": "value"})
-    await dominus.workflow.validate_run(run["run_id"])
-    result = await dominus.workflow.start_run(run["run_id"], mode="async")
+    # Canonical saved-workflow launch (Authority POST /api/authority/runs/ensure)
+    execution = await dominus.workflow.ensure(
+        "my-workflow-id",
+        subject="PCM47474562",
+        company="acme",
+        inputs={"key": "value"},
+        mode="async",
+    )
+    # Legacy create_run / validate_run / start_run against /api/workflow/runs are removed.
 """
 import base64
 import json
@@ -55,6 +60,12 @@ class WorkflowNamespace:
     def __init__(self, client: "Dominus"):
         self._client = client
 
+    def _reject_legacy_runs_facade(self, method: str) -> None:
+        raise RuntimeError(
+            f"dominus.workflow.{method} was removed: /api/workflow/runs is retired. "
+            "Use ensure() with Authority fields (subject, company, inputs, context, ...) or ensure_instance()."
+        )
+
     @staticmethod
     def _is_workflow_ref(value: Optional[str]) -> bool:
         return str(value or "").strip().startswith("wf://")
@@ -758,32 +769,8 @@ class WorkflowNamespace:
         use_shared: Optional[bool] = None,
         shared_project_id: Optional[str] = None,
     ) -> Dict[str, Any]:
-        """
-        Create a saved-workflow run through workflow-manager's lifecycle facade.
-
-        Args:
-            workflow_id: Workflow UUID
-            workflow_ref: Stable workflow_ref for the saved workflow
-        """
-        body: Dict[str, Any] = self._workflow_identifier_body(
-            workflow_id=workflow_id,
-            workflow_ref=workflow_ref,
-        )
-        if run_id:
-            body["run_id"] = run_id
-        if metadata:
-            body["metadata"] = metadata
-        if context:
-            body["context"] = context
-        if use_shared is not None:
-            body["use_shared"] = use_shared
-        if shared_project_id:
-            body["shared_project_id"] = shared_project_id
-
-        return await self._api(
-            endpoint="/api/workflow/runs",
-            body=body,
-        )
+        del workflow_id, workflow_ref, run_id, metadata, context, use_shared, shared_project_id
+        self._reject_legacy_runs_facade("create_run")
 
     async def ensure(
         self,
@@ -1190,18 +1177,12 @@ class WorkflowNamespace:
         )
 
     async def get_run(self, run_id: str) -> Dict[str, Any]:
-        """Get a saved-workflow run."""
-        return await self._api(
-            endpoint=f"/api/workflow/runs/{run_id}",
-            method="GET",
-        )
+        del run_id
+        self._reject_legacy_runs_facade("get_run")
 
     async def get_manifest(self, run_id: str) -> Dict[str, Any]:
-        """Get the artifact manifest for a saved-workflow run."""
-        return await self._api(
-            endpoint=f"/api/workflow/runs/{run_id}/manifest",
-            method="GET",
-        )
+        del run_id
+        self._reject_legacy_runs_facade("get_manifest")
 
     async def register_artifact(
         self,
@@ -1223,43 +1204,26 @@ class WorkflowNamespace:
         """
         Register a source artifact with a saved-workflow run.
         """
-        body: Dict[str, Any] = {
-            "artifact_key": artifact_key,
-        }
-        if artifact_id:
-            body["artifact_id"] = artifact_id
-        if artifact_ref:
-            body["artifact_ref"] = artifact_ref
-        if source_artifact_key:
-            body["source_artifact_key"] = source_artifact_key
-        if source_namespace:
-            body["source_namespace"] = source_namespace
-        if source_conversation_id:
-            body["source_conversation_id"] = source_conversation_id
-        if source_project:
-            body["source_project"] = source_project
-        if source_env:
-            body["source_env"] = source_env
-        if source_project_id:
-            body["source_project_id"] = source_project_id
-        if source_tenant:
-            body["source_tenant"] = source_tenant
-        if metadata:
-            body["metadata"] = metadata
-        if metadata_trusted is not None:
-            body["metadata_trusted"] = metadata_trusted
-
-        return await self._api(
-            endpoint=f"/api/workflow/runs/{run_id}/artifacts",
-            body=body,
+        del (
+            run_id,
+            artifact_key,
+            artifact_id,
+            artifact_ref,
+            source_artifact_key,
+            source_namespace,
+            source_conversation_id,
+            source_project,
+            source_env,
+            source_project_id,
+            source_tenant,
+            metadata,
+            metadata_trusted,
         )
+        self._reject_legacy_runs_facade("register_artifact")
 
     async def validate_run(self, run_id: str) -> Dict[str, Any]:
-        """Validate that a saved-workflow run is ready to start."""
-        return await self._api(
-            endpoint=f"/api/workflow/runs/{run_id}/validate",
-            body={},
-        )
+        del run_id
+        self._reject_legacy_runs_facade("validate_run")
 
     async def start_run(
         self,
@@ -1270,18 +1234,8 @@ class WorkflowNamespace:
         save_events: Optional[bool] = None,
         webhook_url: Optional[str] = None,
     ) -> Dict[str, Any]:
-        """Start a saved-workflow run after validation."""
-        return await self._api(
-            endpoint=f"/api/workflow/runs/{run_id}/start",
-            body={
-                "config": self._build_start_config(
-                    mode=mode,
-                    timeout_seconds=timeout_seconds,
-                    save_events=save_events,
-                    webhook_url=webhook_url,
-                )
-            },
-        )
+        del run_id, mode, timeout_seconds, save_events, webhook_url
+        self._reject_legacy_runs_facade("start_run")
 
     async def stream_start_run(
         self,
@@ -1291,21 +1245,9 @@ class WorkflowNamespace:
         save_events: Optional[bool] = None,
         on_chunk: Optional[Any] = None,
     ):
-        """Start a saved-workflow run with SSE streaming."""
-        async for chunk in self._client._stream_request(
-            endpoint=f"/api/workflow/runs/{run_id}/start",
-            body={
-                "config": self._build_start_config(
-                    mode="streaming",
-                    timeout_seconds=timeout_seconds,
-                    save_events=save_events,
-                )
-            },
-            on_chunk=on_chunk,
-            timeout=float(timeout_seconds or 600),
-            use_gateway=True,
-        ):
-            yield chunk
+        del run_id, timeout_seconds, save_events, on_chunk
+        self._reject_legacy_runs_facade("stream_start_run")
+        yield  # pragma: no cover
 
     async def status(self, execution_id: str) -> Dict[str, Any]:
         """Get saved-workflow execution status."""

{dominus_sdk_python-2.18.0 → dominus_sdk_python-3.0.0}/dominus_sdk_python.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dominus-sdk-python
-Version: 2.18.0
+Version: 3.0.0
 Summary: Python SDK for the Dominus Orchestrator Platform
 Author-email: CareBridge Systems <dev@carebridge.io>
 License: Proprietary
@@ -49,7 +49,7 @@ Async Python SDK for CareBridge Dominus platform services. Routes calls through
 - Server-side, asyncio-first Python SDK (3.9+)
 - Namespace API with root-level shortcuts for common operations
 - Targets production Cloudflare Workers (gateway, JWT, logs) and Cloud Run (orchestrator)
-- Version: 2.18.0
+- Version: 3.0.0
 
 ## Quick Start
 
@@ -195,6 +195,13 @@ dominus.release_console()     # stop capturing
 - [Development](docs/development.md) -- Setup, testing, adding APIs
 - [Workflow hard-cut release notes](docs/workflow-hard-cut-release.md) -- cutover notes and operational checks
 
+## Verification (local)
+
+```bash
+pip install -e .
+python -m pytest tests -q
+```
+
 ## Workflow Surfaces
 
 - `dominus.workflow.*` is the saved-workflow facade through `dominus-workflow-manager`. Use it for stored workflow IDs and the artifact-aware run lifecycle: `create_run -> register_artifact -> validate_run -> start_run`.

{dominus_sdk_python-2.18.0 → dominus_sdk_python-3.0.0}/dominus_sdk_python.egg-info/SOURCES.txt

@@ -46,5 +46,7 @@ dominus_sdk_python.egg-info/SOURCES.txt
 dominus_sdk_python.egg-info/dependency_links.txt
 dominus_sdk_python.egg-info/requires.txt
 dominus_sdk_python.egg-info/top_level.txt
+tests/test_logs.py
+tests/test_public_exports.py
 tests/test_workflow_lifecycle.py
 tests/test_workflow_refs.py

{dominus_sdk_python-2.18.0 → dominus_sdk_python-3.0.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "dominus-sdk-python"
-version = "2.18.0"
+version = "3.0.0"
 description = "Python SDK for the Dominus Orchestrator Platform"
 readme = "README.md"
 license = {text = "Proprietary"}

dominus_sdk_python-3.0.0/tests/test_logs.py

@@ -0,0 +1,65 @@
+import sys
+from pathlib import Path
+
+import pytest
+
+
+ROOT = Path(__file__).resolve().parents[1]
+if str(ROOT) not in sys.path:
+    sys.path.insert(0, str(ROOT))
+
+from dominus.namespaces.logs import LogsNamespace  # noqa: E402
+
+
+class FakeClient:
+    def __init__(self):
+        self.calls = []
+
+    async def _request(
+        self,
+        endpoint,
+        method="POST",
+        body=None,
+        user_token=None,
+        use_gateway=False,
+        timeout=30.0,
+    ):
+        self.calls.append(
+            {
+                "endpoint": endpoint,
+                "method": method,
+                "body": body,
+                "user_token": user_token,
+                "use_gateway": use_gateway,
+                "timeout": timeout,
+            }
+        )
+        return {"events": [{"event_id": "log-1"}]}
+
+
+@pytest.mark.asyncio
+async def test_logs_tail_forwards_business_filters():
+    client = FakeClient()
+    namespace = LogsNamespace(client)
+
+    events = await namespace.tail(
+        limit=25,
+        since="2026-04-11T08:33:00Z",
+        company="carebridge-summit",
+        subject="PCM47474562",
+        run_id="run-123",
+        deploy_id="deploy-123",
+        installation_id="inst-123",
+        artifact_ref="ar://carebridge/summit/production/company/report_snapshot_current",
+    )
+
+    assert len(events) == 1
+    assert client.calls[0]["endpoint"] == (
+        "/api/logs/tail?"
+        "limit=25&since=2026-04-11T08%3A33%3A00Z&company=carebridge-summit"
+        "&subject=PCM47474562&run_id=run-123&deploy_id=deploy-123"
+        "&installation_id=inst-123&artifact_ref="
+        "ar%3A%2F%2Fcarebridge%2Fsummit%2Fproduction%2Fcompany%2Freport_snapshot_current"
+    )
+    assert client.calls[0]["method"] == "GET"
+    assert client.calls[0]["use_gateway"] is True

dominus_sdk_python-3.0.0/tests/test_public_exports.py

@@ -0,0 +1,11 @@
+from dominus import mint_selected_project_jwt
+
+
+def test_top_level_exports_drop_delegate_alias():
+    assert callable(mint_selected_project_jwt)
+    try:
+        from dominus import delegate_jwt  # type: ignore[attr-defined]
+    except ImportError:
+        delegate_jwt = None
+
+    assert delegate_jwt is None

{dominus_sdk_python-2.18.0 → dominus_sdk_python-3.0.0}/tests/test_workflow_lifecycle.py

@@ -167,104 +167,44 @@ async def test_ai_workflow_two_phase_lifecycle_routes_match_node_surface():
 
 
 @pytest.mark.asyncio
-async def test_saved_workflow_facade_lifecycle_contract_supports_processor_shape():
+async def test_saved_workflow_facade_legacy_chain_raises():
     client = FakeClient(stream_chunks=[{"_event": "workflow_start"}])
     namespace = WorkflowNamespace(client)
 
-    await namespace.create_run(
-        "wf-123",
-        run_id="report-run-1",
-        context={
-            "report_ref": {
-                "report_id": "report-1",
-                "accession": "acc-1",
-                "session_number": "2",
-            }
-        },
-        metadata={"source": "processor"},
-        use_shared=True,
-        shared_project_id="fdcd5800-c735-4a45-90be-51b621bd4127",
-    )
-    await namespace.register_artifact(
-        "report-run-1",
-        "report_snapshot_current",
-        artifact_ref="ar://carebridge-summit/production/company/carebridge%2Fcarebridge-summit%2Fproduction%2Freport-workflow%2Freport%2Freport-1%2Freport_snapshot_current.json",
-        source_artifact_key="carebridge/carebridge-summit/production/report-workflow/report/report-1/report_snapshot_current.json",
-        source_namespace="company",
-        source_project="carebridge-summit",
-        source_env="production",
-        source_project_id="project-123",
-        source_tenant="tenant-a",
-        metadata={
-            "report_ref": {
-                "report_id": "report-1",
-                "accession": "acc-1",
-                "session_number": "2",
-            },
-            "freshness": {
-                "state": "fresh",
-                "age_seconds": 12,
-            },
-        },
-        metadata_trusted=True,
-    )
-    await namespace.validate_run("report-run-1")
-    await namespace.start_run("report-run-1", timeout_seconds=120)
-    streamed = [chunk async for chunk in namespace.stream_start_run("report-run-1", timeout_seconds=90)]
+    with pytest.raises(RuntimeError, match="removed"):
+        await namespace.create_run(
+            "wf-123",
+            run_id="report-run-1",
+            context={"report_ref": {"report_id": "report-1"}},
+        )
+    with pytest.raises(RuntimeError, match="removed"):
+        await namespace.register_artifact("report-run-1", "k", artifact_id="x")
+    with pytest.raises(RuntimeError, match="removed"):
+        await namespace.validate_run("report-run-1")
+    with pytest.raises(RuntimeError, match="removed"):
+        await namespace.start_run("report-run-1", timeout_seconds=120)
+    with pytest.raises(RuntimeError, match="removed"):
+        _ = [c async for c in namespace.stream_start_run("report-run-1", timeout_seconds=90)]
+
+    assert client.calls == []
+
+
+@pytest.mark.asyncio
+async def test_saved_workflow_execution_poll_endpoints_unchanged():
+    client = FakeClient(stream_chunks=[])
+    namespace = WorkflowNamespace(client)
+
     await namespace.messages("exec-456", count=15)
     await namespace.events("exec-456", from_id="evt-2", count=20)
     await namespace.status("exec-456")
     await namespace.output("exec-456")
     await namespace.cancel("exec-456")
 
-    create_call = client.calls[0]
-    assert create_call["endpoint"] == "/api/workflow/runs"
-    assert create_call["body"] == {
-        "workflow_id": "wf-123",
-        "run_id": "report-run-1",
-        "metadata": {"source": "processor"},
-        "context": {
-            "report_ref": {
-                "report_id": "report-1",
-                "accession": "acc-1",
-                "session_number": "2",
-            }
-        },
-        "use_shared": True,
-        "shared_project_id": "fdcd5800-c735-4a45-90be-51b621bd4127",
-    }
-
-    register_call = client.calls[1]
-    assert register_call["endpoint"] == "/api/workflow/runs/report-run-1/artifacts"
-    assert register_call["body"] == {
-        "artifact_key": "report_snapshot_current",
-        "artifact_ref": "ar://carebridge-summit/production/company/carebridge%2Fcarebridge-summit%2Fproduction%2Freport-workflow%2Freport%2Freport-1%2Freport_snapshot_current.json",
-        "source_artifact_key": "carebridge/carebridge-summit/production/report-workflow/report/report-1/report_snapshot_current.json",
-        "source_namespace": "company",
-        "source_project": "carebridge-summit",
-        "source_env": "production",
-        "source_project_id": "project-123",
-        "source_tenant": "tenant-a",
-        "metadata": {
-            "report_ref": {
-                "report_id": "report-1",
-                "accession": "acc-1",
-                "session_number": "2",
-            },
-            "freshness": {
-                "state": "fresh",
-                "age_seconds": 12,
-            },
-        },
-        "metadata_trusted": True,
-    }
-
-    assert client.calls[-5]["endpoint"] == "/api/workflow/executions/exec-456/messages?count=15"
-    assert client.calls[-4]["endpoint"] == "/api/workflow/executions/exec-456/events?from_id=evt-2&count=20"
-    assert client.calls[-3]["endpoint"] == "/api/workflow/executions/exec-456/status"
-    assert client.calls[-2]["endpoint"] == "/api/workflow/executions/exec-456/output"
-    assert client.calls[-1]["endpoint"] == "/api/workflow/executions/exec-456/cancel"
-    assert streamed == [{"_event": "workflow_start"}]
+    assert client.calls[0]["endpoint"] == "/api/workflow/executions/exec-456/messages?count=15"
+    assert client.calls[1]["endpoint"] == "/api/workflow/executions/exec-456/events?from_id=evt-2&count=20"
+    assert client.calls[2]["endpoint"] == "/api/workflow/executions/exec-456/status"
+    assert client.calls[3]["endpoint"] == "/api/workflow/executions/exec-456/output"
+    assert client.calls[4]["endpoint"] == "/api/workflow/executions/exec-456/cancel"
 
 
 @pytest.mark.asyncio

{dominus_sdk_python-2.18.0 → dominus_sdk_python-3.0.0}/tests/test_workflow_refs.py

@@ -53,22 +53,24 @@ async def test_workflow_get_accepts_workflow_ref():
 
 
 @pytest.mark.asyncio
-async def test_workflow_create_run_accepts_workflow_ref():
+async def test_workflow_ensure_accepts_workflow_ref():
     client = FakeClient()
     namespace = WorkflowNamespace(client)
 
-    await namespace.create_run(
-        workflow_ref="wf://carebridge-platform/production/shared/patient-intake",
-        run_id="run-123",
+    await namespace.ensure(
+        "wf://carebridge-platform/production/shared/patient-intake",
+        subject="sub-1",
+        company="co-1",
+        instance_id="run-123",
         context={"report_ref": {"report_id": "r-1"}},
+        mode="async",
     )
 
-    assert client.calls[0]["endpoint"] == "/api/workflow/runs"
-    assert client.calls[0]["body"] == {
-        "workflow_ref": "wf://carebridge-platform/production/shared/patient-intake",
-        "run_id": "run-123",
-        "context": {"report_ref": {"report_id": "r-1"}},
-    }
+    assert client.calls[0]["endpoint"] == "/api/authority/runs/ensure"
+    body = client.calls[0]["body"]
+    assert body["workflow_ref"] == "wf://carebridge-platform/production/shared/patient-intake"
+    assert body["instance_id"] == "run-123"
+    assert body["context"] == {"report_ref": {"report_id": "r-1"}}
 
 
 @pytest.mark.asyncio