dominus-sdk-python 3.0.2__tar.gz → 3.0.3__tar.gz

{dominus_sdk_python-3.0.2 → dominus_sdk_python-3.0.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dominus-sdk-python
-Version: 3.0.2
+Version: 3.0.3
 Summary: Python SDK for the Dominus gateway-first platform
 Author-email: CareBridge Systems <dev@carebridge.io>
 License: Proprietary
@@ -95,6 +95,7 @@ JWT and selected scope headers directly through Gateway.
 
 ## Transport Model
 
+- Default HTTP targets are the production gateway (`https://gateway.getdominus.app`); they do not change based on your app’s git branch or PyPI package variant. Set `DOMINUS_GATEWAY_URL` (or `DOMINUS_BASE_URL` / `DOMINUS_JWT_URL`) only for local or custom routing.
 - `DOMINUS_TOKEN` is exchanged for a JWT through `POST /jwt/mint`
 - Service JWTs are cached for 14 minutes with a 60-second refresh window
 - Auth-required worker routes still send base64-encoded JSON bodies as `text/plain`

{dominus_sdk_python-3.0.2 → dominus_sdk_python-3.0.3}/README.md

@@ -62,6 +62,7 @@ JWT and selected scope headers directly through Gateway.
 
 ## Transport Model
 
+- Default HTTP targets are the production gateway (`https://gateway.getdominus.app`); they do not change based on your app’s git branch or PyPI package variant. Set `DOMINUS_GATEWAY_URL` (or `DOMINUS_BASE_URL` / `DOMINUS_JWT_URL`) only for local or custom routing.
 - `DOMINUS_TOKEN` is exchanged for a JWT through `POST /jwt/mint`
 - Service JWTs are cached for 14 minutes with a 60-second refresh window
 - Auth-required worker routes still send base64-encoded JSON bodies as `text/plain`

{dominus_sdk_python-3.0.2 → dominus_sdk_python-3.0.3}/dominus/config/endpoints.py

@@ -2,13 +2,17 @@
 Dominus SDK Endpoints
 
 Gateway URL for service routing and health checks.
-JWT URL for authentication (JWT minting).
+JWT URL for authentication (JWT minting) — defaults to the same host as the gateway.
 Logs URL for log ingestion.
 Base URL for SDK requests (defaults to gateway).
 
+Defaults always target the production gateway. They do not depend on the caller’s
+git branch, PyPI package variant, or deployment environment. Override only with
+DOMINUS_* env vars for local or advanced routing.
+
 Configuration:
     Set DOMINUS_GATEWAY_URL to override the gateway URL.
-    Set DOMINUS_JWT_URL to override the JWT minting URL.
+    Set DOMINUS_JWT_URL to override the JWT minting URL (defaults to gateway URL).
     Set DOMINUS_LOGS_URL to override the logs URL.
     Set DOMINUS_BASE_URL to override the SDK request base URL.
     Example: export DOMINUS_BASE_URL=http://localhost:5000
@@ -18,23 +22,21 @@ Usage:
 """
 import os
 
-# Default URLs - Cloudflare Workers
+# Production gateway (Cloudflare Worker). Canonical default for all SDK HTTP traffic.
 _DEFAULT_GATEWAY_URL = "https://gateway.getdominus.app"
-_DEFAULT_JWT_URL = "https://jwt.getdominus.app"
 _DEFAULT_LOGS_URL = "https://logs.getdominus.app"
-_DEFAULT_BASE_URL = _DEFAULT_GATEWAY_URL
 
 # Gateway URL for service routing (can be overridden via DOMINUS_GATEWAY_URL)
 GATEWAY_URL = os.environ.get("DOMINUS_GATEWAY_URL", _DEFAULT_GATEWAY_URL)
 
-# JWT URL for authentication (can be overridden via DOMINUS_JWT_URL)
-JWT_URL = os.environ.get("DOMINUS_JWT_URL", _DEFAULT_JWT_URL)
+# JWT mint/JWKS: same host as gateway by default (matches Node SDK).
+JWT_URL = os.environ.get("DOMINUS_JWT_URL", GATEWAY_URL)
 
 # Logs URL for log ingestion (can be overridden via DOMINUS_LOGS_URL)
 LOGS_URL = os.environ.get("DOMINUS_LOGS_URL", _DEFAULT_LOGS_URL)
 
-# Base URL for SDK requests (can be overridden via DOMINUS_BASE_URL environment variable)
-BASE_URL = os.environ.get("DOMINUS_BASE_URL", _DEFAULT_BASE_URL)
+# Base URL for non-gateway SDK paths defaults to the same resolved gateway URL.
+BASE_URL = os.environ.get("DOMINUS_BASE_URL", GATEWAY_URL)
 
 # Legacy aliases retained as gateway-first aliases.
 SOVEREIGN_URL = BASE_URL
@@ -77,12 +79,11 @@ def get_gateway_url() -> str:
 
 def get_jwt_url() -> str:
     """
-    Get the JWT worker URL for authentication (JWT minting/validation).
+    Get the base URL for JWT mint/JWKS (defaults to the same host as the gateway).
 
-    Returns the value of DOMINUS_JWT_URL environment variable if set,
-    otherwise returns the default Cloudflare Worker URL.
+    Returns DOMINUS_JWT_URL if set, otherwise the same resolution as get_gateway_url().
     """
-    return os.environ.get("DOMINUS_JWT_URL", _DEFAULT_JWT_URL)
+    return os.environ.get("DOMINUS_JWT_URL", get_gateway_url())
 
 
 def get_logs_url() -> str:
@@ -99,10 +100,9 @@ def get_base_url() -> str:
     """
     Get the SDK request base URL.
 
-    Returns the value of DOMINUS_BASE_URL environment variable if set,
-    otherwise returns the default gateway URL.
+    Returns DOMINUS_BASE_URL if set, otherwise the same resolution as get_gateway_url().
     """
-    return os.environ.get("DOMINUS_BASE_URL", _DEFAULT_BASE_URL)
+    return os.environ.get("DOMINUS_BASE_URL", get_gateway_url())
 
 
 # DEPRECATED - use get_base_url()

{dominus_sdk_python-3.0.2 → dominus_sdk_python-3.0.3}/dominus/namespaces/authority.py

@@ -37,6 +37,17 @@ def _compact(payload: Mapping[str, Any]) -> Dict[str, Any]:
     return out
 
 
+def _normalize_run_kind_token(raw: Optional[str]) -> str:
+    if not raw:
+        return ""
+    s = str(raw).strip().lower().replace(".", "_").replace("-", "_")
+    return s
+
+
+def _is_company_bootstrap_run_kind(run_kind: Optional[str]) -> bool:
+    return _normalize_run_kind_token(run_kind) == "company_bootstrap"
+
+
 def _query_string(params: Mapping[str, Any]) -> str:
     cleaned = {k: v for k, v in params.items() if v is not None and v != ""}
     if not cleaned:
@@ -110,17 +121,37 @@ class AuthorityNamespace:
     ) -> Dict[str, Any]:
         out: Dict[str, Any] = {}
         if app_slug:
-            out["project_slug"] = app_slug
+            out["app_slug"] = app_slug
         if env:
-            out["environment"] = env
+            out["env"] = env
         if target_org_id:
-            out["target_project_id"] = target_org_id
+            out["target_org_id"] = target_org_id
         if target_app_slug:
-            out["target_project_slug"] = target_app_slug
+            out["target_app_slug"] = target_app_slug
         if target_env:
-            out["target_environment"] = target_env
+            out["target_env"] = target_env
         return out
 
+    def _target_query_params(
+        self,
+        target_org_id: Optional[str],
+        target_env: Optional[str],
+    ) -> tuple[Optional[str], Optional[str]]:
+        """
+        Omit target_org_id / target_env from GET query strings when they
+        duplicate the JWT gateway org/env (selected-scope MCP and operators).
+        """
+        client = self._client
+        gw_org = getattr(client, "_gateway_org_id", None)
+        gw_env = getattr(client, "_gateway_env", None)
+        tid = target_org_id
+        tev = target_env
+        if tid is not None and gw_org is not None and str(tid) == str(gw_org):
+            tid = None
+        if tev is not None and gw_env is not None and str(tev) == str(gw_env):
+            tev = None
+        return tid, tev
+
     @staticmethod
     def _http_timeout(explicit: Optional[float], default: float) -> float:
         """Use explicit client timeout when provided; otherwise the historical SDK default."""
@@ -135,6 +166,9 @@ class AuthorityNamespace:
         *,
         workflow_id: Optional[str] = None,
         workflow_ref: Optional[str] = None,
+        run_kind: Optional[str] = None,
+        company_slug: Optional[str] = None,
+        slug: Optional[str] = None,
         instance_id: Optional[str] = None,
         instance_key: Optional[str] = None,
         group: Optional[str] = None,
@@ -149,6 +183,18 @@ class AuthorityNamespace:
         env: Optional[str] = None,
         target_org_id: Optional[str] = None,
         target_env: Optional[str] = None,
+        target_app_slug: Optional[str] = None,
+        shared_app_slug: Optional[str] = None,
+        execution_mode: Optional[str] = None,
+        region: Optional[str] = None,
+        system: Optional[str] = None,
+        github_mode: Optional[str] = None,
+        overwrite_existing: Optional[bool] = None,
+        owner_email: Optional[str] = None,
+        include: Optional[Dict[str, Any]] = None,
+        metadata: Optional[Dict[str, Any]] = None,
+        display_name: Optional[str] = None,
+        description: Optional[str] = None,
         initiator_type: Optional[str] = None,
         initiator_id: Optional[str] = None,
         idempotency_key: Optional[str] = None,
@@ -158,30 +204,79 @@ class AuthorityNamespace:
         Ensure (and optionally launch) an Authority-backed workflow run.
 
         Calls ``POST /api/authority/runs/ensure``.
+
+        For company bootstrap, pass ``run_kind="company.bootstrap"`` (or ``company_bootstrap``) plus
+        ``company``, ``company_slug``, or ``slug``. Optional bootstrap fields mirror
+        ``bootstrap_company`` (``execution_mode``, ``region``, …).
         """
-        if not workflow_id and not workflow_ref:
-            raise ValueError("ensure_run requires workflow_id or workflow_ref")
+        bootstrap = _is_company_bootstrap_run_kind(run_kind)
+        if not bootstrap and not workflow_id and not workflow_ref:
+            raise ValueError(
+                "ensure_run requires workflow_id or workflow_ref unless run_kind is "
+                "company.bootstrap / company_bootstrap"
+            )
+        if bootstrap:
+            co = (company_slug or slug or company or "").strip()
+            if not co:
+                raise ValueError(
+                    "ensure_run with run_kind company.bootstrap requires company, company_slug, or slug"
+                )
         if mode == "streaming":
             raise ValueError(
                 "Authority runs do not support streaming mode; "
                 "use blocking, async, or ensure_only"
             )
-        body = _compact({
-            "workflow_id": workflow_id,
-            "workflow_ref": workflow_ref,
-            "instance_id": instance_id,
-            "instance_key": instance_key,
-            "group": group,
-            "owner": owner,
-            "subject": subject,
-            "company": company,
-            "mode": mode,
-            "bindings": bindings,
-            "inputs": inputs,
-            "context": context,
-            **self._initiator(initiator_type, initiator_id, idempotency_key),
-            **self._scope(app_slug, env, target_org_id, target_env),
-        })
+
+        initiator = self._initiator(initiator_type, initiator_id, idempotency_key)
+        scope = self._scope(app_slug, env, target_org_id, target_env, target_app_slug=target_app_slug)
+
+        if bootstrap:
+            body = _compact({
+                "run_kind": run_kind,
+                "workflow_id": workflow_id,
+                "workflow_ref": workflow_ref,
+                "instance_id": instance_id,
+                "instance_key": instance_key,
+                "group": group,
+                "owner": owner,
+                "subject": subject,
+                "company": company,
+                "company_slug": company_slug,
+                "slug": slug,
+                "bindings": bindings,
+                "inputs": inputs,
+                "context": context,
+                "execution_mode": execution_mode,
+                "region": region,
+                "system": system,
+                "github_mode": github_mode,
+                "overwrite_existing": overwrite_existing,
+                "owner_email": owner_email,
+                "include": include,
+                "metadata": metadata,
+                "display_name": display_name,
+                "description": description,
+                "shared_app_slug": shared_app_slug,
+                **initiator,
+                **scope,
+            })
+        else:
+            body = _compact({
+                "workflow_id": workflow_id,
+                "workflow_ref": workflow_ref,
+                "instance_id": instance_id,
+                "instance_key": instance_key,
+                "group": group,
+                "owner": owner,
+                "subject": subject,
+                "company": company,
+                "mode": mode,
+                "bindings": bindings,
+                "inputs": inputs,
+                "context": context,
+                **initiator,
+                **scope,
+            })
         return await self._post(
             "/api/authority/runs/ensure",
             body,
@@ -213,15 +308,16 @@ class AuthorityNamespace:
         timeout: Optional[float] = None,
     ) -> Dict[str, Any]:
         """List Authority-backed runs. ``GET /api/authority/runs``."""
+        tid, tev = self._target_query_params(target_org_id, target_env)
         qs = _query_string({
             "workflow_id": workflow_id,
             "status": status,
             "group": group,
             "owner": owner,
-            "project_slug": app_slug,
-            "environment": env,
-            "target_project_id": target_org_id,
-            "target_environment": target_env,
+            "app_slug": app_slug,
+            "env": env,
+            "target_org_id": tid,
+            "target_env": tev,
             "limit": limit,
             "offset": offset,
         })
@@ -418,14 +514,15 @@ class AuthorityNamespace:
         offset: int = 0,
     ) -> Dict[str, Any]:
         """List Authority workflow bindings. ``GET /api/authority/workflow-bindings``."""
+        tid, tev = self._target_query_params(target_org_id, target_env)
         qs = _query_string({
             "workflow_ref": workflow_ref,
             "workflow_id": workflow_id,
             "status": status,
-            "project_slug": app_slug,
-            "environment": env,
-            "target_project_id": target_org_id,
-            "target_environment": target_env,
+            "app_slug": app_slug,
+            "env": env,
+            "target_org_id": tid,
+            "target_env": tev,
             "limit": limit,
             "offset": offset,
         })
@@ -444,13 +541,14 @@ class AuthorityNamespace:
         offset: int = 0,
     ) -> Dict[str, Any]:
         """List Authority workflow publications. ``GET /api/authority/workflow-publications``."""
+        tid, tev = self._target_query_params(target_org_id, target_env)
         qs = _query_string({
             "workflow_ref": workflow_ref,
             "status": status,
-            "project_slug": app_slug,
-            "environment": env,
-            "target_project_id": target_org_id,
-            "target_environment": target_env,
+            "app_slug": app_slug,
+            "env": env,
+            "target_org_id": tid,
+            "target_env": tev,
             "limit": limit,
             "offset": offset,
         })
@@ -510,11 +608,12 @@ class AuthorityNamespace:
         """Get an Authority company. ``GET /api/authority/companies/{company}``."""
         if not company_slug:
             raise ValueError("company_slug is required")
+        tid, tev = self._target_query_params(target_org_id, target_env)
         qs = _query_string({
-            "project_slug": app_slug,
-            "environment": env,
-            "target_project_id": target_org_id,
-            "target_environment": target_env,
+            "app_slug": app_slug,
+            "env": env,
+            "target_org_id": tid,
+            "target_env": tev,
         })
         return await self._get(
             f"/api/authority/companies/{quote(company_slug, safe='')}{qs}",
@@ -534,11 +633,12 @@ class AuthorityNamespace:
         timeout: Optional[float] = None,
     ) -> Dict[str, Any]:
         """List Authority companies. ``GET /api/authority/companies``."""
+        tid, tev = self._target_query_params(target_org_id, target_env)
         qs = _query_string({
-            "project_slug": app_slug,
-            "environment": env,
-            "target_project_id": target_org_id,
-            "target_environment": target_env,
+            "app_slug": app_slug,
+            "env": env,
+            "target_org_id": tid,
+            "target_env": tev,
             "status": status,
             "limit": limit,
             "offset": offset,
@@ -584,7 +684,7 @@ class AuthorityNamespace:
             "action": action,
             "run_id": run_id,
             "reason": reason,
-            "shared_project_slug": shared_app_slug,
+            "shared_app_slug": shared_app_slug,
             "region": region,
             "system": system,
             "github_mode": github_mode,
@@ -625,8 +725,8 @@ class AuthorityNamespace:
         if not company_slug:
             raise ValueError("company_slug is required")
         qs = _query_string({
-            "project_slug": app_slug,
-            "environment": env,
+            "app_slug": app_slug,
+            "env": env,
             "run_id": run_id,
         })
         return await self._get(
@@ -647,11 +747,12 @@ class AuthorityNamespace:
         """Get full Authority dossier for a company. ``GET /api/authority/dossiers/company/{company}``."""
         if not company_slug:
             raise ValueError("company_slug is required")
+        tid, tev = self._target_query_params(target_org_id, target_env)
         qs = _query_string({
-            "project_slug": app_slug,
-            "environment": env,
-            "target_project_id": target_org_id,
-            "target_environment": target_env,
+            "app_slug": app_slug,
+            "env": env,
+            "target_org_id": tid,
+            "target_env": tev,
         })
         return await self._get(
             f"/api/authority/dossiers/company/{quote(company_slug, safe='')}{qs}",
@@ -726,11 +827,12 @@ class AuthorityNamespace:
         timeout: Optional[float] = None,
     ) -> Dict[str, Any]:
         """List deploys. ``GET /api/authority/deploys``."""
+        tid, tev = self._target_query_params(target_org_id, target_env)
         qs = _query_string({
-            "project_slug": app_slug,
-            "environment": env,
-            "target_project_id": target_org_id,
-            "target_environment": target_env,
+            "app_slug": app_slug,
+            "env": env,
+            "target_org_id": tid,
+            "target_env": tev,
             "repo_full_name": repo_full_name,
             "status": status,
             "limit": limit,
@@ -753,6 +855,8 @@ class AuthorityNamespace:
         company: Optional[str] = None,
         subject: Optional[str] = None,
         metadata: Optional[Dict[str, Any]] = None,
+        force: Optional[bool] = None,
+        allow_duplicate_sha: Optional[bool] = None,
         app_slug: Optional[str] = None,
         env: Optional[str] = None,
         target_org_id: Optional[str] = None,
@@ -774,6 +878,8 @@ class AuthorityNamespace:
             "company": company,
             "subject": subject,
             "metadata": metadata,
+            "force": force,
+            "allow_duplicate_sha": allow_duplicate_sha,
             **self._initiator(initiator_type, initiator_id, idempotency_key),
             **self._scope(app_slug, env, target_org_id, target_env),
         })
@@ -882,7 +988,7 @@ class AuthorityNamespace:
         *,
         variant_slug: str,
         version: str,
-        manifest_path: str,
+        manifest_path: Optional[str] = None,
         status: str = "published",
         storage_app_slug: Optional[str] = None,
         storage_env: Optional[str] = None,
@@ -898,19 +1004,29 @@ class AuthorityNamespace:
         idempotency_key: Optional[str] = None,
         timeout: Optional[float] = None,
     ) -> Dict[str, Any]:
-        """Publish a managed-client release. ``POST /api/authority/clients/releases``."""
+        """
+        Create or upsert a managed-client release.
+
+        ``POST /api/authority/clients/releases``.
+
+        Use ``status="proposed"`` to start the release FSM without publishing;
+        ``manifest_path`` may be omitted for proposed releases. Use
+        ``approve_client_release`` → ``publish_approved_client_release`` →
+        ``distribute_client_release`` for staged rollout.
+        """
         if not variant_slug:
             raise ValueError("publish_client_release requires variant_slug")
         if not version:
             raise ValueError("publish_client_release requires version")
-        if not manifest_path:
-            raise ValueError("publish_client_release requires manifest_path")
+        status_eff = str(status or "published").strip().lower()
+        if not manifest_path and status_eff != "proposed":
+            raise ValueError("publish_client_release requires manifest_path unless status is proposed")
         body = _compact({
             "variant_slug": variant_slug,
             "version": version,
             "status": status,
-            "storage_project_slug": storage_app_slug,
-            "storage_environment": storage_env,
+            "storage_app_slug": storage_app_slug,
+            "storage_env": storage_env,
             "storage_category": storage_category,
             "manifest_path": manifest_path,
             "bootstrapper_path": bootstrapper_path,
@@ -926,6 +1042,95 @@ class AuthorityNamespace:
             timeout=self._http_timeout(timeout, 30.0),
         )
 
+    async def get_client_release(
+        self,
+        release_id: str,
+        *,
+        app_slug: Optional[str] = None,
+        env: Optional[str] = None,
+        timeout: Optional[float] = None,
+    ) -> Dict[str, Any]:
+        """Fetch one release by id. ``GET /api/authority/clients/releases/{release_id}``."""
+        if not release_id:
+            raise ValueError("get_client_release requires release_id")
+        qs = _query_string({"app_slug": app_slug, "env": env})
+        return await self._get(
+            f"/api/authority/clients/releases/{quote(release_id, safe='')}{qs}",
+            timeout=self._http_timeout(timeout, 30.0),
+        )
+
+    async def approve_client_release(
+        self,
+        release_id: str,
+        *,
+        app_slug: Optional[str] = None,
+        env: Optional[str] = None,
+        initiator_type: Optional[str] = None,
+        initiator_id: Optional[str] = None,
+        idempotency_key: Optional[str] = None,
+        timeout: Optional[float] = None,
+    ) -> Dict[str, Any]:
+        """Approve a proposed release. ``POST /api/authority/clients/releases/{id}/approve``."""
+        if not release_id:
+            raise ValueError("approve_client_release requires release_id")
+        body = _compact({
+            **self._initiator(initiator_type, initiator_id, idempotency_key),
+            **self._scope(app_slug, env, None, None),
+        })
+        return await self._post(
+            f"/api/authority/clients/releases/{quote(release_id, safe='')}/approve",
+            body,
+            timeout=self._http_timeout(timeout, 30.0),
+        )
+
+    async def publish_approved_client_release(
+        self,
+        release_id: str,
+        *,
+        app_slug: Optional[str] = None,
+        env: Optional[str] = None,
+        initiator_type: Optional[str] = None,
+        initiator_id: Optional[str] = None,
+        idempotency_key: Optional[str] = None,
+        timeout: Optional[float] = None,
+    ) -> Dict[str, Any]:
+        """Publish an approved release (gateway health handshake). ``POST .../publish``."""
+        if not release_id:
+            raise ValueError("publish_approved_client_release requires release_id")
+        body = _compact({
+            **self._initiator(initiator_type, initiator_id, idempotency_key),
+            **self._scope(app_slug, env, None, None),
+        })
+        return await self._post(
+            f"/api/authority/clients/releases/{quote(release_id, safe='')}/publish",
+            body,
+            timeout=self._http_timeout(timeout, 30.0),
+        )
+
+    async def distribute_client_release(
+        self,
+        release_id: str,
+        *,
+        app_slug: Optional[str] = None,
+        env: Optional[str] = None,
+        initiator_type: Optional[str] = None,
+        initiator_id: Optional[str] = None,
+        idempotency_key: Optional[str] = None,
+        timeout: Optional[float] = None,
+    ) -> Dict[str, Any]:
+        """Mark a published release as distributed. ``POST .../distribute``."""
+        if not release_id:
+            raise ValueError("distribute_client_release requires release_id")
+        body = _compact({
+            **self._initiator(initiator_type, initiator_id, idempotency_key),
+            **self._scope(app_slug, env, None, None),
+        })
+        return await self._post(
+            f"/api/authority/clients/releases/{quote(release_id, safe='')}/distribute",
+            body,
+            timeout=self._http_timeout(timeout, 30.0),
+        )
+
     async def create_client_bootstrap_session(
         self,
         *,
@@ -987,8 +1192,8 @@ class AuthorityNamespace:
     ) -> Dict[str, Any]:
         """List managed client installations. ``GET /api/authority/clients/installations``."""
         qs = _query_string({
-            "project_slug": app_slug,
-            "environment": env,
+            "app_slug": app_slug,
+            "env": env,
             "status": status,
             "variant_slug": variant_slug,
             "company": company,

{dominus_sdk_python-3.0.2 → dominus_sdk_python-3.0.3}/dominus/namespaces/db.py

@@ -449,7 +449,7 @@ class DbNamespace:
     async def provision_neon_complete(
         self,
         *,
-        project_slug: str,
+        app_slug: str,
         region: Optional[str] = None,
         timeout: float = 300.0,
     ) -> Dict[str, Any]:
@@ -459,7 +459,7 @@ class DbNamespace:
             endpoint="/api/provision/complete",
             method="POST",
             body={
-                "project_slug": project_slug,
+                "app_slug": app_slug,
                 "region": region or "aws-us-east-1",
             },
             use_gateway=True,
@@ -469,7 +469,7 @@ class DbNamespace:
     async def provision_neon_delete(
         self,
         *,
-        project_slug: str,
+        app_slug: str,
         timeout: float = 120.0,
     ) -> Dict[str, Any]:
         """Neon teardown via ``DELETE /api/provision/delete``."""
@@ -477,7 +477,7 @@ class DbNamespace:
         return await self._client._request(
             endpoint="/api/provision/delete",
             method="DELETE",
-            body={"project_slug": project_slug},
+            body={"app_slug": app_slug},
             use_gateway=True,
             timeout=cap,
         )

{dominus_sdk_python-3.0.2 → dominus_sdk_python-3.0.3}/dominus/namespaces/secrets.py

@@ -199,7 +199,7 @@ class SecretsNamespace:
             endpoint="/api/warden/secrets",
             body={
                 "action": "list-all-environments",
-                "project_id": infisical_project_id,
+                "infisical_project_id": infisical_project_id,
             },
             use_gateway=True,
         )

{dominus_sdk_python-3.0.2 → dominus_sdk_python-3.0.3}/dominus/namespaces/workflow.py

@@ -246,9 +246,9 @@ class WorkflowNamespace:
         if instance_id:
             body["instance_id"] = instance_id
         if target_project_id:
-            body["target_project_id"] = target_project_id
+            body["target_org_id"] = target_project_id
         if target_environment:
-            body["target_environment"] = target_environment
+            body["target_env"] = target_environment
         return self._authority_mutation_body(
             body,
             idempotency_key=idempotency_key,
@@ -1035,9 +1035,9 @@ class WorkflowNamespace:
         if status:
             params.append(f"status={status}")
         if target_project_id:
-            params.append(f"target_project_id={target_project_id}")
+            params.append(f"target_org_id={target_project_id}")
         if target_environment:
-            params.append(f"target_environment={target_environment}")
+            params.append(f"target_env={target_environment}")
 
         result = await self._api(
             endpoint=f"/api/authority/runs?{'&'.join(params)}",
@@ -1114,9 +1114,9 @@ class WorkflowNamespace:
             if trigger_artifact:
                 body["trigger_artifact"] = trigger_artifact
             if target_project_id:
-                body["target_project_id"] = target_project_id
+                body["target_org_id"] = target_project_id
             if target_environment:
-                body["target_environment"] = target_environment
+                body["target_env"] = target_environment
             return await self._api(
                 endpoint=f"/api/authority/runs/{workflow_id}/nudge",
                 body=self._authority_mutation_body(
@@ -1202,9 +1202,9 @@ class WorkflowNamespace:
             if trigger_artifact:
                 body["trigger_artifact"] = trigger_artifact
             if target_project_id:
-                body["target_project_id"] = target_project_id
+                body["target_org_id"] = target_project_id
             if target_environment:
-                body["target_environment"] = target_environment
+                body["target_env"] = target_environment
             return await self._api(
                 endpoint=f"/api/authority/runs/{workflow_id}/retry",
                 body=self._authority_mutation_body(
@@ -1385,9 +1385,9 @@ class WorkflowNamespace:
         if self._is_authority_run_id(execution_id):
             body: Dict[str, Any] = {}
             if target_project_id:
-                body["target_project_id"] = target_project_id
+                body["target_org_id"] = target_project_id
             if target_environment:
-                body["target_environment"] = target_environment
+                body["target_env"] = target_environment
             return await self._api(
                 endpoint=f"/api/authority/runs/{execution_id}/cancel",
                 body=self._authority_mutation_body(

{dominus_sdk_python-3.0.2 → dominus_sdk_python-3.0.3}/dominus_sdk_python.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dominus-sdk-python
-Version: 3.0.2
+Version: 3.0.3
 Summary: Python SDK for the Dominus gateway-first platform
 Author-email: CareBridge Systems <dev@carebridge.io>
 License: Proprietary
@@ -95,6 +95,7 @@ JWT and selected scope headers directly through Gateway.
 
 ## Transport Model
 
+- Default HTTP targets are the production gateway (`https://gateway.getdominus.app`); they do not change based on your app’s git branch or PyPI package variant. Set `DOMINUS_GATEWAY_URL` (or `DOMINUS_BASE_URL` / `DOMINUS_JWT_URL`) only for local or custom routing.
 - `DOMINUS_TOKEN` is exchanged for a JWT through `POST /jwt/mint`
 - Service JWTs are cached for 14 minutes with a 60-second refresh window
 - Auth-required worker routes still send base64-encoded JSON bodies as `text/plain`

{dominus_sdk_python-3.0.2 → dominus_sdk_python-3.0.3}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "dominus-sdk-python"
-version = "3.0.2"
+version = "3.0.3"
 description = "Python SDK for the Dominus gateway-first platform"
 readme = "README.md"
 license = {text = "Proprietary"}

{dominus_sdk_python-3.0.2 → dominus_sdk_python-3.0.3}/tests/test_authority_public_vocabulary.py

@@ -78,7 +78,7 @@ def test_authority_scope_signatures_use_new_public_vocabulary():
     context_sig = inspect.signature(AuthorityNamespace.context_resolve)
     mint_sig = inspect.signature(core_helpers.mint_selected_scope_jwt)
 
-    for name in ("app_slug", "env", "target_org_id", "target_env"):
+    for name in ("app_slug", "env", "target_org_id", "target_env", "run_kind", "target_app_slug"):
         assert name in ensure_sig.parameters
     for legacy in ("project_slug", "environment", "target_project_id", "target_environment"):
         assert legacy not in ensure_sig.parameters
@@ -142,21 +142,21 @@ async def test_authority_scope_methods_use_canonical_context_wire_names():
     )
 
     ensure_body = client.calls[0]["body"]
-    assert ensure_body["project_slug"] == "carebridge"
-    assert ensure_body["environment"] == "production"
-    assert ensure_body["target_project_id"] == "org-123"
-    assert ensure_body["target_environment"] == "production"
+    assert ensure_body["app_slug"] == "carebridge"
+    assert ensure_body["env"] == "production"
+    assert ensure_body["target_org_id"] == "org-123"
+    assert ensure_body["target_env"] == "production"
 
     bootstrap_body = client.calls[1]["body"]
-    assert bootstrap_body["shared_project_slug"] == "shared-core"
-    assert bootstrap_body["project_slug"] == "carebridge"
-    assert bootstrap_body["target_project_slug"] == "carebridge"
-    assert bootstrap_body["target_environment"] == "production"
+    assert bootstrap_body["shared_app_slug"] == "shared-core"
+    assert bootstrap_body["app_slug"] == "carebridge"
+    assert bootstrap_body["target_app_slug"] == "carebridge"
+    assert bootstrap_body["target_env"] == "production"
 
     release_body = client.calls[2]["body"]
-    assert release_body["storage_project_slug"] == "storage-core"
-    assert release_body["storage_environment"] == "production"
-    assert release_body["project_slug"] == "carebridge"
+    assert release_body["storage_app_slug"] == "storage-core"
+    assert release_body["storage_env"] == "production"
+    assert release_body["app_slug"] == "carebridge"
 
     context_body = client.calls[3]["body"]
     assert context_body["org_id"] == "org-123"
@@ -190,3 +190,74 @@ async def test_selected_scope_mint_helper_uses_new_public_names_and_route_canoni
         "target_org_id": "org-123",
         "target_env": "production",
     }
+
+
+@pytest.mark.asyncio
+async def test_list_runs_drops_target_query_when_matching_gateway_scope():
+    client = FakeClient()
+    client._gateway_org_id = "a73627b4-071f-4d27-b964-d220464deb6e"
+    client._gateway_env = "production"
+    ns = AuthorityNamespace(client)
+    await ns.list_runs(
+        app_slug="dominus-authority",
+        env="production",
+        target_org_id="a73627b4-071f-4d27-b964-d220464deb6e",
+        target_env="production",
+        limit=5,
+        offset=0,
+    )
+    ep = client.calls[0]["endpoint"]
+    assert "target_org_id" not in ep
+    assert "target_env" not in ep
+    assert "app_slug=dominus-authority" in ep
+
+
+@pytest.mark.asyncio
+async def test_list_runs_keeps_target_query_when_org_differs_from_gateway():
+    client = FakeClient()
+    client._gateway_org_id = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
+    client._gateway_env = "production"
+    ns = AuthorityNamespace(client)
+    await ns.list_runs(
+        app_slug="dominus-authority",
+        env="production",
+        target_org_id="bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
+        target_env="production",
+        limit=3,
+    )
+    ep = client.calls[0]["endpoint"]
+    assert "target_org_id=bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb" in ep
+
+
+@pytest.mark.asyncio
+async def test_authority_ensure_run_company_bootstrap_omits_workflow_mode():
+    client = FakeClient()
+    namespace = AuthorityNamespace(client)
+    await namespace.ensure_run(
+        run_kind="company.bootstrap",
+        company="acme-corp",
+        app_slug="carebridge",
+        env="production",
+        target_org_id="org-1",
+        execution_mode="async",
+        shared_app_slug="shared-core",
+    )
+    body = client.calls[0]["body"]
+    assert body["run_kind"] == "company.bootstrap"
+    assert body["company"] == "acme-corp"
+    assert body["execution_mode"] == "async"
+    assert body["shared_app_slug"] == "shared-core"
+    assert "mode" not in body
+
+
+@pytest.mark.asyncio
+async def test_authority_ensure_run_bootstrap_requires_company_slug():
+    client = FakeClient()
+    namespace = AuthorityNamespace(client)
+    with pytest.raises(ValueError, match="company, company_slug, or slug"):
+        await namespace.ensure_run(
+            run_kind="company_bootstrap",
+            app_slug="carebridge",
+            env="production",
+        )
+    assert client.calls == []

{dominus_sdk_python-3.0.2 → dominus_sdk_python-3.0.3}/tests/test_provisioning_parity.py

@@ -65,8 +65,8 @@ async def test_provision_neon_delete_uses_delete_with_body():
         return {"deleted": True}
 
     with patch.object(dominus, "_request", side_effect=fake_request):
-        await dominus.db.provision_neon_delete(project_slug="proj-x", timeout=90.0)
+        await dominus.db.provision_neon_delete(app_slug="proj-x", timeout=90.0)
     assert len(calls) == 1
     assert calls[0]["method"] == "DELETE"
-    assert calls[0]["body"] == {"project_slug": "proj-x"}
+    assert calls[0]["body"] == {"app_slug": "proj-x"}
     assert calls[0]["endpoint"] == "/api/provision/delete"