PyPI - dominus-sdk-python - Versions diffs - 2.8.0__tar.gz → 2.8.1__tar.gz - Mend

dominus-sdk-python 2.8.0tar.gz → 2.8.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

{dominus_sdk_python-2.8.0 → dominus_sdk_python-2.8.1}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dominus-sdk-python
-Version: 2.8.0
+Version: 2.8.1
 Summary: Python SDK for the Dominus Orchestrator Platform
 Author-email: CareBridge Systems <dev@carebridge.io>
 License: Proprietary

{dominus_sdk_python-2.8.0 → dominus_sdk_python-2.8.1}/dominus/config/endpoints.py RENAMED Viewed

@@ -30,6 +30,33 @@ ARCHITECT_URL = BASE_URL
 ORCHESTRATOR_URL = BASE_URL
 WARDEN_URL = BASE_URL
+# Proxy configuration (optional)
+# DOMINUS_* variants take precedence over standard HTTP_PROXY/HTTPS_PROXY
+HTTP_PROXY = os.environ.get("DOMINUS_HTTP_PROXY") or os.environ.get("HTTP_PROXY")
+HTTPS_PROXY = os.environ.get("DOMINUS_HTTPS_PROXY") or os.environ.get("HTTPS_PROXY")
+def get_proxy_config() -> dict | None:
+    """
+    Get proxy configuration for httpx clients.
+    Returns a dict suitable for httpx's `proxies` parameter, or None if no proxy is configured.
+    Environment variables (in order of precedence):
+        - DOMINUS_HTTP_PROXY / DOMINUS_HTTPS_PROXY (SDK-specific)
+        - HTTP_PROXY / HTTPS_PROXY (standard)
+    Returns:
+        Dict mapping protocol to proxy URL, or None if no proxies configured.
+        Example: {"http://": "http://proxy:8080", "https://": "http://proxy:8080"}
+    """
+    proxies = {}
+    if HTTP_PROXY:
+        proxies["http://"] = HTTP_PROXY
+    if HTTPS_PROXY:
+        proxies["https://"] = HTTPS_PROXY
+    return proxies if proxies else None
 def get_gateway_url() -> str:
     """

{dominus_sdk_python-2.8.0 → dominus_sdk_python-2.8.1}/dominus/helpers/core.py RENAMED Viewed

@@ -16,6 +16,10 @@ from .cache import dominus_cache, sovereign_circuit_breaker, exponential_backoff
 # Max retries for HTTP requests (reduced from implicit to explicit)
 MAX_RETRIES = 3
+# Mutex for JWT refresh to prevent race conditions
+# When multiple concurrent coroutines need a new JWT, only one will mint
+_jwt_refresh_lock = asyncio.Lock()
 # Type alias
 DominusResponse = dict[str, Any]
@@ -103,11 +107,12 @@ async def _fetch_jwks() -> dict:
     if _cached_jwks and time.time() - _jwks_cache_time < _JWKS_CACHE_TTL:
         return _cached_jwks
-    from ..config.endpoints import get_gateway_url
+    from ..config.endpoints import get_gateway_url, get_proxy_config
     gateway_url = get_gateway_url()
+    proxy_config = get_proxy_config()
     try:
-        async with httpx.AsyncClient(timeout=10.0) as client:
+        async with httpx.AsyncClient(timeout=10.0, proxies=proxy_config) as client:
             response = await client.get(f"{gateway_url}/jwt/jwks")
             response.raise_for_status()
@@ -329,8 +334,9 @@ async def _get_service_jwt(psk_token: str, base_url: str) -> str:
     Raises:
         RuntimeError: If circuit is open or auth fails after retries
     """
-    from ..config.endpoints import get_gateway_url
+    from ..config.endpoints import get_gateway_url, get_proxy_config
     gateway_url = get_gateway_url()
+    proxy_config = get_proxy_config()
     # Circuit breaker check
     if not sovereign_circuit_breaker.can_execute():
@@ -357,7 +363,7 @@ async def _get_service_jwt(psk_token: str, base_url: str) -> str:
     for attempt in range(JWT_MINT_RETRIES):
         try:
-            async with httpx.AsyncClient(base_url=gateway_url, headers=headers, timeout=30.0) as client:
+            async with httpx.AsyncClient(base_url=gateway_url, headers=headers, timeout=30.0, proxies=proxy_config) as client:
                 response = await client.post("/jwt/mint", content=body_b64)
                 # Check for retryable status codes before raise_for_status
@@ -455,43 +461,56 @@ def _get_architect_url(psk_token: str = None, sovereign_url: str = None, environ
 async def _ensure_valid_jwt(psk_token: str, sovereign_url: str) -> str:
     """
     Ensure we have a valid JWT, fetching and caching if needed.
+    Thread-safe via asyncio.Lock to prevent duplicate mints when
+    multiple concurrent coroutines need a new JWT.
     Cache key: "jwt:self:service"
     Cache TTL: 14 minutes (JWT lifetime is 15 minutes)
     Refresh when <60 seconds remain.
     Args:
         psk_token: PSK token (DOMINUS_TOKEN)
         sovereign_url: Sovereign base URL
     Returns:
         Valid JWT token string
     """
     cache_key = "jwt:self:service"
-    # Check cache
+    # Fast path: check cache without lock
     cached_jwt = dominus_cache.get(cache_key)
     if cached_jwt:
         try:
-            # Decode payload to check expiry
             payload = _decode_jwt_payload(cached_jwt)
             exp = payload.get("exp", 0)
             current_time = int(time.time())
-            # Refresh if <60 seconds remain
             if exp - current_time > 60:
                 return cached_jwt
         except Exception:
-            # If decode fails, fetch new JWT
             pass
-    # Fetch new JWT
-    jwt = await _get_service_jwt(psk_token, sovereign_url)
-    # Cache for 14 minutes (840 seconds)
-    dominus_cache.set(cache_key, jwt, ttl=840)
-    return jwt
+    # Slow path: acquire lock and refresh
+    async with _jwt_refresh_lock:
+        # Double-check cache (another coroutine may have refreshed while we waited)
+        cached_jwt = dominus_cache.get(cache_key)
+        if cached_jwt:
+            try:
+                payload = _decode_jwt_payload(cached_jwt)
+                exp = payload.get("exp", 0)
+                current_time = int(time.time())
+                if exp - current_time > 60:
+                    return cached_jwt
+            except Exception:
+                pass
+        # Fetch new JWT
+        jwt = await _get_service_jwt(psk_token, sovereign_url)
+        # Cache for 14 minutes (840 seconds)
+        dominus_cache.set(cache_key, jwt, ttl=840)
+        return jwt
 def verify_token_format(token: str) -> bool:
@@ -524,12 +543,16 @@ async def health_check_all(base_url: str) -> dict:
     Returns:
         Health status dict with service results
     """
+    from ..config.endpoints import get_proxy_config
+    proxy_config = get_proxy_config()
     results = {}
     # Check orchestrator via /api/health
+    # Timeout: 15s to handle cold starts on Cloud Run
     try:
         start = time.time()
-        async with httpx.AsyncClient(base_url=base_url, timeout=5.0) as client:
+        async with httpx.AsyncClient(base_url=base_url, timeout=15.0, proxies=proxy_config) as client:
             response = await client.get("/api/health")
             response.raise_for_status()
@@ -587,32 +610,35 @@ async def execute_with_retry(
 ) -> DominusResponse:
     """
     Execute HTTP request with retry logic.
     Args:
         route_info: (method, path, requires_auth, cacheable)
         base_url: Base URL for API
         token: Auth token (if needed)
         kwargs: Request parameters
     Returns:
         Response dict
     """
+    from ..config.endpoints import get_proxy_config
+    proxy_config = get_proxy_config()
     method, path, requires_auth, cacheable = route_info
     # Check cache first
     if cacheable and kwargs:
         cache_key = f"{path}:{str(sorted(kwargs.items()))}"
         cached = dominus_cache.get(cache_key)
         if cached:
             return cached
     # Validate token
     if requires_auth and not token:
         raise RuntimeError(
             "DOMINUS_TOKEN not set. "
             "Set the environment variable: export DOMINUS_TOKEN=your_token"
         )
     # Retry loop with exponential backoff and jitter
     for attempt in range(MAX_RETRIES):
         try:
@@ -620,7 +646,7 @@ async def execute_with_retry(
             headers = {}
             if requires_auth:
                 headers["Authorization"] = f"Bearer {_b64_token(token)}"
             # Prepare body (encode if auth required and kwargs provided)
             # For auth routes: send raw base64 string as text/plain (matches middleware expectation)
             # For non-auth routes: send JSON as normal
@@ -630,9 +656,9 @@ async def execute_with_retry(
                 body = body_b64
             else:
                 body = kwargs if kwargs else {}
             # Make request
-            async with httpx.AsyncClient(base_url=base_url, headers=headers, timeout=30.0) as client:
+            async with httpx.AsyncClient(base_url=base_url, headers=headers, timeout=30.0, proxies=proxy_config) as client:
                 if method == "GET":
                     response = await client.get(path, params=kwargs if kwargs else None)
                 else:
@@ -720,6 +746,9 @@ async def execute_bridge_call(
     Returns:
         Response data (the "data" field from successful response)
     """
+    from ..config.endpoints import get_proxy_config
+    proxy_config = get_proxy_config()
     # Check cache first
     if cacheable and params:
         cache_key = f"bridge:{method}:{str(sorted(params.items()))}"
@@ -749,7 +778,7 @@ async def execute_bridge_call(
     # Retry loop with exponential backoff and jitter
     for attempt in range(MAX_RETRIES):
         try:
-            async with httpx.AsyncClient(base_url=base_url, headers=headers, timeout=30.0) as client:
+            async with httpx.AsyncClient(base_url=base_url, headers=headers, timeout=30.0, proxies=proxy_config) as client:
                 response = await client.post(endpoint, content=body_b64)
             response.raise_for_status()
@@ -878,8 +907,9 @@ async def _execute_auth_call(
     Returns:
         Response data
     """
-    from ..config.endpoints import get_gateway_url
+    from ..config.endpoints import get_gateway_url, get_proxy_config
     gateway_url = get_gateway_url()
+    proxy_config = get_proxy_config()
     headers = {
         "Content-Type": "text/plain"
@@ -901,7 +931,7 @@ async def _execute_auth_call(
     else:
         endpoint = "/jwt/mint"
-    async with httpx.AsyncClient(base_url=gateway_url, headers=headers, timeout=30.0) as client:
+    async with httpx.AsyncClient(base_url=gateway_url, headers=headers, timeout=30.0, proxies=proxy_config) as client:
         # JWKS uses GET (public endpoint), other auth endpoints use POST
         if method == "auth.jwks":
             response = await client.get(endpoint)

{dominus_sdk_python-2.8.0 → dominus_sdk_python-2.8.1}/dominus_sdk_python.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dominus-sdk-python
-Version: 2.8.0
+Version: 2.8.1
 Summary: Python SDK for the Dominus Orchestrator Platform
 Author-email: CareBridge Systems <dev@carebridge.io>
 License: Proprietary

{dominus_sdk_python-2.8.0 → dominus_sdk_python-2.8.1}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "dominus-sdk-python"
-version = "2.8.0"
+version = "2.8.1"
 description = "Python SDK for the Dominus Orchestrator Platform"
 readme = "README.md"
 license = {text = "Proprietary"}