dominus-sdk-python 4.0.6__tar.gz → 4.0.8__tar.gz

{dominus_sdk_python-4.0.6 → dominus_sdk_python-4.0.8}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dominus-sdk-python
-Version: 4.0.6
+Version: 4.0.8
 Summary: Python SDK for the Dominus gateway-first platform
 Author-email: CareBridge Systems <dev@carebridge.io>
 License: Proprietary
@@ -42,7 +42,7 @@ Async Python SDK for the Dominus gateway-first service plane.
 - Gateway-scoped client mode for MCP and other user-JWT sessions
 - Transport compatibility for wrapped `{success,data}` responses and unwrapped Warden/control-plane success objects
 - Local helpers for JWT verification, trace propagation, retries, and console capture
-- Current package version: `4.0.6`
+- Current package version: `4.0.8`
 
 ## Install
 
@@ -115,6 +115,34 @@ buffer_cleanup = await dominus.logs.run_archive_buffer_maintenance(
 schedules = await dominus.authority.list_schedules(all_scopes=True)
 ```
 
+## Browser Automation
+
+`dominus.browser` exposes the first-class Dominus browser automation primitive through authenticated gateway routes under `/svc/browser/*`. SDK methods use `/api/browser/*` internally with gateway routing enabled; worker-local routes remain `/health` and `/runs/*`.
+
+```python
+health = await dominus.browser.get_health()
+run = await dominus.browser.ensure_run(
+    idempotency_key="route-check-1",
+    target={"url": "https://example.com/dashboard"},
+    provider="auto",
+    mode="playwright",
+    capture_policy={
+        "screenshots": "never",
+        "trace": "never",
+        "har": "never",
+        "video": "never",
+        "dom_snapshot": "never",
+        "raw_response_bodies": "never",
+        "phi_risk": "possible",
+    },
+    assertions=[{"kind": "status_code", "expected": 200}],
+)
+await dominus.browser.start_run(run["run_id"])
+status = await dominus.browser.get_run_status(run["run_id"])
+```
+
+Cloudflare Browser Run is the default provider. Browserbase is the fallback for future persistent authenticated/HITL work. Browser run metadata is runtime state owned by the browser worker; Artifact V2 is only for sanitized result/capture payloads.
+
 ## Session-Scoped Clients
 
 Production MCP and other user-session callers should instantiate `Dominus` with
@@ -169,6 +197,7 @@ JWT and selected scope headers directly through Gateway.
 | `processor` | Processor | Batch and single-job processing |
 | `sync` | Sync Worker | KV synchronization |
 | `authority` | Dominus Authority | Runs, companies, deploys, managed clients, context |
+| `browser` | Browser Worker | Browser run health, ensure/start/status/result/retry/nudge/cancel/timeline/dossier |
 | `deployer` | Deployer | Thin operator control-plane request surface |
 | `warden` | Warden | Thin operator control-plane request surface |
 | `fastapi` | Local decorators | `@jwt`, `@psk`, `@scopes(...)` |
@@ -185,6 +214,8 @@ operations:
 
 New code should prefer namespace APIs.
 
+Guardian navigation helpers expose nav-row `path` on `create_nav_item()` and `update_nav_item()`. Use that field when a sidebar item must route to a concrete URL independent of, or more specific than, the linked Guardian page row.
+
 ## Documentation
 
 - [Architecture](docs/architecture.md) - request flow, gateway routing, resilience

{dominus_sdk_python-4.0.6 → dominus_sdk_python-4.0.8}/README.md

@@ -9,7 +9,7 @@ Async Python SDK for the Dominus gateway-first service plane.
 - Gateway-scoped client mode for MCP and other user-JWT sessions
 - Transport compatibility for wrapped `{success,data}` responses and unwrapped Warden/control-plane success objects
 - Local helpers for JWT verification, trace propagation, retries, and console capture
-- Current package version: `4.0.6`
+- Current package version: `4.0.8`
 
 ## Install
 
@@ -82,6 +82,34 @@ buffer_cleanup = await dominus.logs.run_archive_buffer_maintenance(
 schedules = await dominus.authority.list_schedules(all_scopes=True)
 ```
 
+## Browser Automation
+
+`dominus.browser` exposes the first-class Dominus browser automation primitive through authenticated gateway routes under `/svc/browser/*`. SDK methods use `/api/browser/*` internally with gateway routing enabled; worker-local routes remain `/health` and `/runs/*`.
+
+```python
+health = await dominus.browser.get_health()
+run = await dominus.browser.ensure_run(
+    idempotency_key="route-check-1",
+    target={"url": "https://example.com/dashboard"},
+    provider="auto",
+    mode="playwright",
+    capture_policy={
+        "screenshots": "never",
+        "trace": "never",
+        "har": "never",
+        "video": "never",
+        "dom_snapshot": "never",
+        "raw_response_bodies": "never",
+        "phi_risk": "possible",
+    },
+    assertions=[{"kind": "status_code", "expected": 200}],
+)
+await dominus.browser.start_run(run["run_id"])
+status = await dominus.browser.get_run_status(run["run_id"])
+```
+
+Cloudflare Browser Run is the default provider. Browserbase is the fallback for future persistent authenticated/HITL work. Browser run metadata is runtime state owned by the browser worker; Artifact V2 is only for sanitized result/capture payloads.
+
 ## Session-Scoped Clients
 
 Production MCP and other user-session callers should instantiate `Dominus` with
@@ -136,6 +164,7 @@ JWT and selected scope headers directly through Gateway.
 | `processor` | Processor | Batch and single-job processing |
 | `sync` | Sync Worker | KV synchronization |
 | `authority` | Dominus Authority | Runs, companies, deploys, managed clients, context |
+| `browser` | Browser Worker | Browser run health, ensure/start/status/result/retry/nudge/cancel/timeline/dossier |
 | `deployer` | Deployer | Thin operator control-plane request surface |
 | `warden` | Warden | Thin operator control-plane request surface |
 | `fastapi` | Local decorators | `@jwt`, `@psk`, `@scopes(...)` |
@@ -152,6 +181,8 @@ operations:
 
 New code should prefer namespace APIs.
 
+Guardian navigation helpers expose nav-row `path` on `create_nav_item()` and `update_nav_item()`. Use that field when a sidebar item must route to a concrete URL independent of, or more specific than, the linked Guardian page row.
+
 ## Documentation
 
 - [Architecture](docs/architecture.md) - request flow, gateway routing, resilience

{dominus_sdk_python-4.0.6 → dominus_sdk_python-4.0.8}/dominus/__init__.py

@@ -111,6 +111,7 @@ from .namespaces.jobs import JobsNamespace
 from .namespaces.processor import ProcessorNamespace
 from .namespaces.sync import SyncNamespace
 from .namespaces.authority import AuthorityNamespace
+from .namespaces.browser import BrowserNamespace
 from .namespaces.deployer import DeployerNamespace
 from .namespaces.warden import WardenNamespace
 
@@ -163,7 +164,7 @@ from .errors import (
     TimeoutError as DominusTimeoutError,
 )
 
-__version__ = "4.0.5"
+__version__ = "4.0.8"
 __all__ = [
     # Main SDK instance
     "dominus",
@@ -213,6 +214,7 @@ __all__ = [
     "ProcessorNamespace",
     "SyncNamespace",
     "AuthorityNamespace",
+    "BrowserNamespace",
     "DeployerNamespace",
     "WardenNamespace",
     # AI namespace for agent-runtime operations

{dominus_sdk_python-4.0.6 → dominus_sdk_python-4.0.8}/dominus/namespaces/__init__.py

@@ -15,6 +15,7 @@ from .jobs import JobsNamespace
 from .processor import ProcessorNamespace
 from .sync import SyncNamespace
 from .authority import AuthorityNamespace
+from .browser import BrowserNamespace
 from .deployer import DeployerNamespace
 from .warden import WardenNamespace
 from .ai import (
@@ -42,6 +43,7 @@ __all__ = [
     "ProcessorNamespace",
     "SyncNamespace",
     "AuthorityNamespace",
+    "BrowserNamespace",
     "DeployerNamespace",
     "WardenNamespace",
     "AiNamespace",

{dominus_sdk_python-4.0.6 → dominus_sdk_python-4.0.8}/dominus/namespaces/auth.py

@@ -1421,7 +1421,8 @@ class AuthNamespace:
         item_type: str = "link",
         is_active: bool = True,
         sort_order: int = 0,
-        is_expanded_default: bool = False
+        is_expanded_default: bool = False,
+        path: Optional[str] = None
     ) -> Dict[str, Any]:
         """
         Create a new navigation item.
@@ -1436,6 +1437,7 @@ class AuthNamespace:
             is_active: Whether item is active
             sort_order: Sort position
             is_expanded_default: Whether group is expanded by default
+            path: Direct navigation path. When set, Portal may use it instead of the linked page path.
         """
         body = {
             "title": title,
@@ -1444,6 +1446,8 @@ class AuthNamespace:
             "is_active": is_active,
             "is_expanded_default": is_expanded_default
         }
+        if path:
+            body["path"] = path
         if icon:
             body["icon"] = icon
         if description:
@@ -1515,12 +1519,15 @@ class AuthNamespace:
         item_type: Optional[str] = None,
         is_active: Optional[bool] = None,
         sort_order: Optional[int] = None,
-        is_expanded_default: Optional[bool] = None
+        is_expanded_default: Optional[bool] = None,
+        path: Optional[str] = None
     ) -> Dict[str, Any]:
         """Update navigation item."""
         body = {}
         if title is not None:
             body["title"] = title
+        if path is not None:
+            body["path"] = path
         if icon is not None:
             body["icon"] = icon
         if description is not None:

dominus_sdk_python-4.0.8/dominus/namespaces/browser.py

@@ -0,0 +1,198 @@
+"""
+Browser Namespace - first-class Dominus browser automation primitive.
+
+All methods route through gateway (``/api/browser/*`` -> ``/svc/browser/*``).
+Worker-local routes remain ``/health`` and ``/runs/*``; application code should
+use this namespace instead of constructing worker-local paths directly.
+"""
+from __future__ import annotations
+
+from typing import Any, Dict, Mapping, Optional, TYPE_CHECKING
+from urllib.parse import quote
+
+if TYPE_CHECKING:
+    from ..start import Dominus
+
+
+def _compact(payload: Mapping[str, Any]) -> Dict[str, Any]:
+    """Drop None and empty-string values."""
+    out: Dict[str, Any] = {}
+    for key, value in payload.items():
+        if value is None:
+            continue
+        if isinstance(value, str) and value == "":
+            continue
+        out[key] = value
+    return out
+
+
+class BrowserNamespace:
+    """
+    Browser automation namespace.
+
+    Usage::
+
+        health = await dominus.browser.get_health()
+        run = await dominus.browser.ensure_run(
+            target={"url": "https://example.com/dashboard"},
+            assertions=[{"kind": "status_code", "expected": 200}],
+        )
+        await dominus.browser.start_run(run["run_id"])
+    """
+
+    def __init__(self, client: "Dominus"):
+        self._client = client
+
+    async def _post(
+        self,
+        endpoint: str,
+        body: Optional[Dict[str, Any]] = None,
+        *,
+        timeout: float = 30.0,
+    ) -> Dict[str, Any]:
+        return await self._client._request(
+            endpoint=endpoint,
+            method="POST",
+            body=body or {},
+            use_gateway=True,
+            timeout=timeout,
+        )
+
+    async def _get(self, endpoint: str, *, timeout: float = 30.0) -> Dict[str, Any]:
+        return await self._client._request(
+            endpoint=endpoint,
+            method="GET",
+            use_gateway=True,
+            timeout=timeout,
+        )
+
+    async def get_health(self, *, timeout: float = 15.0) -> Dict[str, Any]:
+        """Authenticated browser worker health. ``GET /api/browser/health``."""
+        return await self._get("/api/browser/health", timeout=timeout)
+
+    async def health(self, *, timeout: float = 15.0) -> Dict[str, Any]:
+        """Alias for :meth:`get_health`."""
+        return await self.get_health(timeout=timeout)
+
+    async def ensure_run(
+        self,
+        *,
+        target: Dict[str, Any],
+        idempotency_key: Optional[str] = None,
+        run_kind: Optional[str] = None,
+        route_label: Optional[str] = None,
+        route_policy_ref: Optional[str] = None,
+        provider: Optional[str] = None,
+        mode: Optional[str] = None,
+        auth_ref: Optional[Dict[str, Any]] = None,
+        capture_policy: Optional[Dict[str, Any]] = None,
+        assertions: Optional[list[Dict[str, Any]]] = None,
+        authority: Optional[Dict[str, Any]] = None,
+        metadata: Optional[Dict[str, Any]] = None,
+        org_id: Optional[str] = None,
+        app_slug: Optional[str] = None,
+        env: Optional[str] = None,
+        timeout: float = 30.0,
+    ) -> Dict[str, Any]:
+        """
+        Ensure a browser run. ``POST /api/browser/runs/ensure``.
+
+        Browser run metadata remains browser-worker runtime state. Artifact V2
+        is only used by the worker for sanitized result/capture payloads.
+        """
+        if not target:
+            raise ValueError("target is required")
+        body = _compact({
+            "idempotency_key": idempotency_key,
+            "run_kind": run_kind,
+            "route_label": route_label,
+            "route_policy_ref": route_policy_ref,
+            "target": target,
+            "provider": provider,
+            "mode": mode,
+            "auth_ref": auth_ref,
+            "capture_policy": capture_policy,
+            "assertions": assertions,
+            "authority": authority,
+            "metadata": metadata,
+            "org_id": org_id,
+            "app_slug": app_slug,
+            "env": env,
+        })
+        return await self._post("/api/browser/runs/ensure", body, timeout=timeout)
+
+    async def start_run(self, run_id: str, *, timeout: float = 30.0) -> Dict[str, Any]:
+        """Start a queued browser run. ``POST /api/browser/runs/{run_id}/start``."""
+        if not run_id:
+            raise ValueError("run_id is required")
+        return await self._post(
+            f"/api/browser/runs/{quote(run_id, safe='')}/start",
+            {},
+            timeout=timeout,
+        )
+
+    async def get_run_status(self, run_id: str, *, timeout: float = 30.0) -> Dict[str, Any]:
+        """Read browser run runtime state. ``GET /api/browser/runs/{run_id}/status``."""
+        if not run_id:
+            raise ValueError("run_id is required")
+        return await self._get(
+            f"/api/browser/runs/{quote(run_id, safe='')}/status",
+            timeout=timeout,
+        )
+
+    async def get_run_result(self, run_id: str, *, timeout: float = 30.0) -> Dict[str, Any]:
+        """Read browser run result availability. ``GET /api/browser/runs/{run_id}/result``."""
+        if not run_id:
+            raise ValueError("run_id is required")
+        return await self._get(
+            f"/api/browser/runs/{quote(run_id, safe='')}/result",
+            timeout=timeout,
+        )
+
+    async def retry_run(self, run_id: str, *, timeout: float = 30.0) -> Dict[str, Any]:
+        """Retry a failed or expired browser run. ``POST /api/browser/runs/{run_id}/retry``."""
+        if not run_id:
+            raise ValueError("run_id is required")
+        return await self._post(
+            f"/api/browser/runs/{quote(run_id, safe='')}/retry",
+            {},
+            timeout=timeout,
+        )
+
+    async def nudge_run(self, run_id: str, *, timeout: float = 30.0) -> Dict[str, Any]:
+        """Nudge a paused or waiting browser run. ``POST /api/browser/runs/{run_id}/nudge``."""
+        if not run_id:
+            raise ValueError("run_id is required")
+        return await self._post(
+            f"/api/browser/runs/{quote(run_id, safe='')}/nudge",
+            {},
+            timeout=timeout,
+        )
+
+    async def cancel_run(self, run_id: str, *, timeout: float = 30.0) -> Dict[str, Any]:
+        """Cancel a non-terminal browser run. ``POST /api/browser/runs/{run_id}/cancel``."""
+        if not run_id:
+            raise ValueError("run_id is required")
+        return await self._post(
+            f"/api/browser/runs/{quote(run_id, safe='')}/cancel",
+            {},
+            timeout=timeout,
+        )
+
+    async def get_run_timeline(self, run_id: str, *, timeout: float = 30.0) -> Dict[str, Any]:
+        """Read browser run timeline. ``GET /api/browser/runs/{run_id}/timeline``."""
+        if not run_id:
+            raise ValueError("run_id is required")
+        return await self._get(
+            f"/api/browser/runs/{quote(run_id, safe='')}/timeline",
+            timeout=timeout,
+        )
+
+    async def get_run_dossier(self, run_id: str, *, timeout: float = 30.0) -> Dict[str, Any]:
+        """Read browser run dossier. ``GET /api/browser/runs/{run_id}/dossier``."""
+        if not run_id:
+            raise ValueError("run_id is required")
+        return await self._get(
+            f"/api/browser/runs/{quote(run_id, safe='')}/dossier",
+            timeout=timeout,
+        )

{dominus_sdk_python-4.0.6 → dominus_sdk_python-4.0.8}/dominus/start.py

@@ -172,6 +172,10 @@ class Dominus:
         from .namespaces.authority import AuthorityNamespace
         self.authority = AuthorityNamespace(self)
 
+        # Browser automation primitive (Cloudflare Browser Run default)
+        from .namespaces.browser import BrowserNamespace
+        self.browser = BrowserNamespace(self)
+
         # Thin operator control-plane namespaces (Mothership / MCP parity)
         from .namespaces.deployer import DeployerNamespace
         from .namespaces.warden import WardenNamespace

{dominus_sdk_python-4.0.6 → dominus_sdk_python-4.0.8}/dominus_sdk_python.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dominus-sdk-python
-Version: 4.0.6
+Version: 4.0.8
 Summary: Python SDK for the Dominus gateway-first platform
 Author-email: CareBridge Systems <dev@carebridge.io>
 License: Proprietary
@@ -42,7 +42,7 @@ Async Python SDK for the Dominus gateway-first service plane.
 - Gateway-scoped client mode for MCP and other user-JWT sessions
 - Transport compatibility for wrapped `{success,data}` responses and unwrapped Warden/control-plane success objects
 - Local helpers for JWT verification, trace propagation, retries, and console capture
-- Current package version: `4.0.6`
+- Current package version: `4.0.8`
 
 ## Install
 
@@ -115,6 +115,34 @@ buffer_cleanup = await dominus.logs.run_archive_buffer_maintenance(
 schedules = await dominus.authority.list_schedules(all_scopes=True)
 ```
 
+## Browser Automation
+
+`dominus.browser` exposes the first-class Dominus browser automation primitive through authenticated gateway routes under `/svc/browser/*`. SDK methods use `/api/browser/*` internally with gateway routing enabled; worker-local routes remain `/health` and `/runs/*`.
+
+```python
+health = await dominus.browser.get_health()
+run = await dominus.browser.ensure_run(
+    idempotency_key="route-check-1",
+    target={"url": "https://example.com/dashboard"},
+    provider="auto",
+    mode="playwright",
+    capture_policy={
+        "screenshots": "never",
+        "trace": "never",
+        "har": "never",
+        "video": "never",
+        "dom_snapshot": "never",
+        "raw_response_bodies": "never",
+        "phi_risk": "possible",
+    },
+    assertions=[{"kind": "status_code", "expected": 200}],
+)
+await dominus.browser.start_run(run["run_id"])
+status = await dominus.browser.get_run_status(run["run_id"])
+```
+
+Cloudflare Browser Run is the default provider. Browserbase is the fallback for future persistent authenticated/HITL work. Browser run metadata is runtime state owned by the browser worker; Artifact V2 is only for sanitized result/capture payloads.
+
 ## Session-Scoped Clients
 
 Production MCP and other user-session callers should instantiate `Dominus` with
@@ -169,6 +197,7 @@ JWT and selected scope headers directly through Gateway.
 | `processor` | Processor | Batch and single-job processing |
 | `sync` | Sync Worker | KV synchronization |
 | `authority` | Dominus Authority | Runs, companies, deploys, managed clients, context |
+| `browser` | Browser Worker | Browser run health, ensure/start/status/result/retry/nudge/cancel/timeline/dossier |
 | `deployer` | Deployer | Thin operator control-plane request surface |
 | `warden` | Warden | Thin operator control-plane request surface |
 | `fastapi` | Local decorators | `@jwt`, `@psk`, `@scopes(...)` |
@@ -185,6 +214,8 @@ operations:
 
 New code should prefer namespace APIs.
 
+Guardian navigation helpers expose nav-row `path` on `create_nav_item()` and `update_nav_item()`. Use that field when a sidebar item must route to a concrete URL independent of, or more specific than, the linked Guardian page row.
+
 ## Documentation
 
 - [Architecture](docs/architecture.md) - request flow, gateway routing, resilience

{dominus_sdk_python-4.0.6 → dominus_sdk_python-4.0.8}/dominus_sdk_python.egg-info/SOURCES.txt

@@ -19,6 +19,7 @@ dominus/namespaces/ai.py
 dominus/namespaces/artifacts.py
 dominus/namespaces/auth.py
 dominus/namespaces/authority.py
+dominus/namespaces/browser.py
 dominus/namespaces/courier.py
 dominus/namespaces/db.py
 dominus/namespaces/ddl.py
@@ -44,6 +45,7 @@ dominus_sdk_python.egg-info/requires.txt
 dominus_sdk_python.egg-info/top_level.txt
 tests/test_auth.py
 tests/test_authority_public_vocabulary.py
+tests/test_browser_namespace.py
 tests/test_control_plane_namespaces.py
 tests/test_errors.py
 tests/test_flat_commands.py

{dominus_sdk_python-4.0.6 → dominus_sdk_python-4.0.8}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "dominus-sdk-python"
-version = "4.0.6"
+version = "4.0.8"
 description = "Python SDK for the Dominus gateway-first platform"
 readme = "README.md"
 license = {text = "Proprietary"}

{dominus_sdk_python-4.0.6 → dominus_sdk_python-4.0.8}/tests/test_auth.py

@@ -40,7 +40,12 @@ class FakeAsyncClient:
 
 
 class FakeClient:
-    pass
+    def __init__(self):
+        self.calls = []
+
+    async def _request(self, **kwargs):
+        self.calls.append(kwargs)
+        return {"ok": True}
 
 
 @pytest.mark.asyncio
@@ -59,3 +64,44 @@ async def test_get_jwks_uses_gateway_jwt_route_and_caches(monkeypatch):
     assert second == first
     assert len(FakeAsyncClient.calls) == 1
     assert FakeAsyncClient.calls[0]["url"] == "https://gateway.example/jwt/jwks"
+
+
+@pytest.mark.asyncio
+async def test_nav_item_helpers_write_guardian_navigation_path():
+    client = FakeClient()
+    namespace = AuthNamespace(client)
+
+    await namespace.create_nav_item(
+        title="Structured Reporting",
+        path="/dashboard/radiologist/structured-reporting",
+        page_id="page-1",
+        icon="ListChecks",
+    )
+    await namespace.update_nav_item(
+        "nav-1",
+        path="/dashboard/radiologist/procedure-settings",
+        page_id="page-2",
+    )
+
+    assert client.calls[0]["endpoint"] == "/api/guardian/nav-items"
+    assert client.calls[0]["body"]["path"] == "/dashboard/radiologist/structured-reporting"
+    assert client.calls[0]["body"]["page_id"] == "page-1"
+    assert client.calls[1]["endpoint"] == "/api/guardian/nav-items/nav-1"
+    assert client.calls[1]["method"] == "PUT"
+    assert client.calls[1]["body"]["path"] == "/dashboard/radiologist/procedure-settings"
+    assert client.calls[1]["body"]["page_id"] == "page-2"
+
+
+@pytest.mark.asyncio
+async def test_nav_item_helpers_preserve_positional_icon_compatibility():
+    client = FakeClient()
+    namespace = AuthNamespace(client)
+
+    await namespace.create_nav_item("Structured Reporting", "ListChecks")
+    await namespace.update_nav_item("nav-1", "Procedure Settings", "ClipboardList")
+
+    assert client.calls[0]["body"]["icon"] == "ListChecks"
+    assert "path" not in client.calls[0]["body"]
+    assert client.calls[1]["body"]["title"] == "Procedure Settings"
+    assert client.calls[1]["body"]["icon"] == "ClipboardList"
+    assert "path" not in client.calls[1]["body"]

dominus_sdk_python-4.0.8/tests/test_browser_namespace.py

@@ -0,0 +1,107 @@
+import pytest
+
+import dominus.start as start_module
+
+
+@pytest.fixture()
+def sdk(monkeypatch):
+    monkeypatch.setattr(start_module, "_VALIDATION_ERROR", None)
+    monkeypatch.setattr(start_module, "_TOKEN", "a" * 64)
+    monkeypatch.setattr(start_module, "_VALIDATED", False)
+    monkeypatch.setattr(start_module, "_BASE_URL", "https://gateway.example")
+    monkeypatch.setattr(start_module, "_GATEWAY_URL", "https://gateway.example")
+    return start_module.Dominus()
+
+
+@pytest.mark.asyncio
+async def test_browser_namespace_uses_gateway_routed_api_browser_paths(monkeypatch, sdk):
+    calls = []
+
+    async def fake_request(**kwargs):
+        calls.append(kwargs)
+        return {
+            "ok": True,
+            "run_id": "br_123",
+            "status": "queued",
+            "provider": "cloudflare_browser_run",
+            "mode": "playwright",
+        }
+
+    monkeypatch.setattr(sdk, "_request", fake_request)
+
+    await sdk.browser.get_health()
+    await sdk.browser.ensure_run(
+        idempotency_key="idem-1",
+        run_kind="browser.route_check",
+        route_label="summit-dashboard",
+        route_policy_ref="rrc.v1:project",
+        target={"url": "https://summit.example/dashboard?token=redacted"},
+        provider="auto",
+        mode="playwright",
+        auth_ref={
+            "kind": "dominus_secret",
+            "secret_ref": "warden://browser/summit/session",
+            "expected_project_id": "project-123",
+            "expected_scopes": ["browser.run"],
+            "expected_view": "dashboard",
+            "session_probe": "#app",
+        },
+        capture_policy={
+            "screenshots": "on_failure",
+            "dom_snapshot": "always",
+            "raw_response_bodies": "always",
+            "phi_risk": "likely",
+            "retention_seconds": 900,
+        },
+        assertions=[
+            {"kind": "status_code", "expected": 200},
+            {"kind": "selector_visible", "selector": "#app", "timeout_ms": 5000},
+        ],
+        authority={"run_id": "auth-run-1", "artifact_observations": True},
+        metadata={"route": "dashboard"},
+    )
+    await sdk.browser.start_run("br_123")
+    await sdk.browser.get_run_status("br_123")
+    await sdk.browser.get_run_result("br_123")
+    await sdk.browser.retry_run("br_123")
+    await sdk.browser.nudge_run("br_123")
+    await sdk.browser.cancel_run("br_123")
+    await sdk.browser.get_run_timeline("br_123")
+    await sdk.browser.get_run_dossier("br_123")
+
+    assert [(call["method"], call["endpoint"], call["use_gateway"]) for call in calls] == [
+        ("GET", "/api/browser/health", True),
+        ("POST", "/api/browser/runs/ensure", True),
+        ("POST", "/api/browser/runs/br_123/start", True),
+        ("GET", "/api/browser/runs/br_123/status", True),
+        ("GET", "/api/browser/runs/br_123/result", True),
+        ("POST", "/api/browser/runs/br_123/retry", True),
+        ("POST", "/api/browser/runs/br_123/nudge", True),
+        ("POST", "/api/browser/runs/br_123/cancel", True),
+        ("GET", "/api/browser/runs/br_123/timeline", True),
+        ("GET", "/api/browser/runs/br_123/dossier", True),
+    ]
+
+    ensure_body = calls[1]["body"]
+    assert ensure_body["idempotency_key"] == "idem-1"
+    assert ensure_body["run_kind"] == "browser.route_check"
+    assert ensure_body["route_label"] == "summit-dashboard"
+    assert ensure_body["route_policy_ref"] == "rrc.v1:project"
+    assert ensure_body["auth_ref"]["secret_ref"] == "warden://browser/summit/session"
+    assert ensure_body["capture_policy"]["dom_snapshot"] == "always"
+    assert ensure_body["capture_policy"]["raw_response_bodies"] == "always"
+    assert ensure_body["assertions"][1] == {
+        "kind": "selector_visible",
+        "selector": "#app",
+        "timeout_ms": 5000,
+    }
+    assert ensure_body["authority"] == {
+        "run_id": "auth-run-1",
+        "artifact_observations": True,
+    }
+
+
+@pytest.mark.asyncio
+async def test_browser_ensure_run_requires_target(sdk):
+    with pytest.raises(ValueError, match="target is required"):
+        await sdk.browser.ensure_run(target={})

{dominus_sdk_python-4.0.6 → dominus_sdk_python-4.0.8}/tests/test_public_exports.py

@@ -1,4 +1,5 @@
 from dominus import (
+    BrowserNamespace,
     DeployerNamespace,
     WardenNamespace,
     gateway_circuit_breaker,
@@ -29,3 +30,10 @@ def test_top_level_exports_drop_delegate_alias():
     assert OpenNamespace is None
     assert DeployerNamespace is not None
     assert WardenNamespace is not None
+    assert BrowserNamespace is not None
+
+
+def test_singleton_exposes_browser_namespace():
+    from dominus import dominus
+
+    assert callable(dominus.browser.get_health)