dominus-sdk-python 6.1.0__tar.gz → 6.1.2__tar.gz

{dominus_sdk_python-6.1.0 → dominus_sdk_python-6.1.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dominus-sdk-python
-Version: 6.1.0
+Version: 6.1.2
 Summary: Python SDK for the Dominus gateway-first platform
 Author-email: CareBridge Systems <dev@carebridge.io>
 License-Expression: LicenseRef-Proprietary
@@ -42,7 +42,7 @@ Async Python SDK for the Dominus gateway-first service plane.
 - Gateway-scoped client mode for MCP and other user-JWT sessions
 - Transport compatibility for wrapped `{success,data}` responses and unwrapped Warden/control-plane success objects
 - Local helpers for JWT verification, trace propagation, retries, and console capture
-- Current package version: `6.0.0`
+- Current package version: `6.1.1`
 
 ## Install
 
@@ -94,6 +94,20 @@ machine_logs = await dominus.logs.tail(
     since="2026-04-11T08:33:00Z",
     level="error",
 )
+policy = await dominus.platform.ensure_policy_decision(
+    {
+        "group": "dominus",
+        "repository": "carebridgesystems/dominus-platform-worker",
+    },
+    actor_context={"type": "user", "id": "operator-1"},
+)
+coder_run = await dominus.coder.ensure_run(
+    policy_decision_id=policy["data"]["policy_decision"]["decision_id"],
+    workflow_recipe_ref="recipe://workflow-recipe-v1/coder-feature@head",
+    repository="carebridgesystems/dominus-platform-worker",
+    instructions="Fix failing tests",
+    actor_context={"type": "user", "id": "operator-1"},
+)
 
 # Archive maintenance is explicit and dry-run first.
 verify = await dominus.authority.verify_timeline_archive_manifests(
@@ -206,6 +220,8 @@ JWT and selected scope headers directly through Gateway.
 | `browser` | Browser Worker | Browser run health, ensure/start/status/result/retry/nudge/cancel/timeline/dossier |
 | `deployer` | Deployer | Thin operator control-plane request surface |
 | `warden` | Warden | Thin operator control-plane request surface |
+| `platform` | Platform Worker | Group/repository policy decisions with actor attribution |
+| `coder` | Coder Runtime | Policy-bound Coder run lifecycle with workflow/pipeline recipe launch sources |
 | `fastapi` | Local decorators | `@jwt`, `@psk`, `@scopes(...)` |
 
 ## Root Shortcuts

{dominus_sdk_python-6.1.0 → dominus_sdk_python-6.1.2}/README.md

@@ -9,7 +9,7 @@ Async Python SDK for the Dominus gateway-first service plane.
 - Gateway-scoped client mode for MCP and other user-JWT sessions
 - Transport compatibility for wrapped `{success,data}` responses and unwrapped Warden/control-plane success objects
 - Local helpers for JWT verification, trace propagation, retries, and console capture
-- Current package version: `6.0.0`
+- Current package version: `6.1.1`
 
 ## Install
 
@@ -61,6 +61,20 @@ machine_logs = await dominus.logs.tail(
     since="2026-04-11T08:33:00Z",
     level="error",
 )
+policy = await dominus.platform.ensure_policy_decision(
+    {
+        "group": "dominus",
+        "repository": "carebridgesystems/dominus-platform-worker",
+    },
+    actor_context={"type": "user", "id": "operator-1"},
+)
+coder_run = await dominus.coder.ensure_run(
+    policy_decision_id=policy["data"]["policy_decision"]["decision_id"],
+    workflow_recipe_ref="recipe://workflow-recipe-v1/coder-feature@head",
+    repository="carebridgesystems/dominus-platform-worker",
+    instructions="Fix failing tests",
+    actor_context={"type": "user", "id": "operator-1"},
+)
 
 # Archive maintenance is explicit and dry-run first.
 verify = await dominus.authority.verify_timeline_archive_manifests(
@@ -173,6 +187,8 @@ JWT and selected scope headers directly through Gateway.
 | `browser` | Browser Worker | Browser run health, ensure/start/status/result/retry/nudge/cancel/timeline/dossier |
 | `deployer` | Deployer | Thin operator control-plane request surface |
 | `warden` | Warden | Thin operator control-plane request surface |
+| `platform` | Platform Worker | Group/repository policy decisions with actor attribution |
+| `coder` | Coder Runtime | Policy-bound Coder run lifecycle with workflow/pipeline recipe launch sources |
 | `fastapi` | Local decorators | `@jwt`, `@psk`, `@scopes(...)` |
 
 ## Root Shortcuts

{dominus_sdk_python-6.1.0 → dominus_sdk_python-6.1.2}/dominus/__init__.py

@@ -114,6 +114,7 @@ from .namespaces.deployer import DeployerNamespace
 from .namespaces.warden import WardenNamespace
 from .namespaces.platform import PlatformNamespace
 from .namespaces.coder import CoderNamespace
+from .namespaces.publisher import PublisherNamespace
 
 # Export AI namespace for agent-runtime operations
 from .namespaces.ai import (
@@ -164,7 +165,7 @@ from .errors import (
     TimeoutError as DominusTimeoutError,
 )
 
-__version__ = "6.1.0"
+__version__ = "6.1.2"
 __all__ = [
     # Main SDK instance
     "dominus",
@@ -217,6 +218,7 @@ __all__ = [
     "WardenNamespace",
     "PlatformNamespace",
     "CoderNamespace",
+    "PublisherNamespace",
     # AI namespace for agent-runtime operations
     "AiNamespace",
     "RagSubNamespace",

{dominus_sdk_python-6.1.0 → dominus_sdk_python-6.1.2}/dominus/namespaces/coder.py

@@ -54,6 +54,26 @@ def _mutation_body(
     )
 
 
+def _actor_headers(actor_context: Optional[Dict[str, str]]) -> Optional[Dict[str, str]]:
+    if not actor_context:
+        return None
+    actor_type = str(actor_context.get("type") or actor_context.get("actor_type") or "").strip()
+    actor_id = str(actor_context.get("id") or actor_context.get("actor_id") or "").strip()
+    if not actor_type or not actor_id:
+        return None
+    return {"X-Actor-Type": actor_type, "X-Actor-Id": actor_id}
+
+
+def _assert_one_launch_source(workflow_recipe_ref: Optional[str], pipeline_recipe_ref: Optional[str]) -> None:
+    present = [
+        ref
+        for ref in (workflow_recipe_ref, pipeline_recipe_ref)
+        if isinstance(ref, str) and ref.strip()
+    ]
+    if len(present) != 1:
+        raise ValueError("ensure_run requires exactly one of workflow_recipe_ref or pipeline_recipe_ref")
+
+
 class CoderNamespace:
     """Coder run lifecycle helpers."""
 
@@ -101,9 +121,11 @@ class CoderNamespace:
         instructions: Optional[str] = None,
         inputs: Optional[Dict[str, Any]] = None,
         metadata: Optional[Dict[str, Any]] = None,
+        actor_context: Optional[Dict[str, str]] = None,
     ) -> Dict[str, Any]:
         if not policy_decision_id or policy_decision_id.strip() == "":
             raise ValueError("ensure_run requires policy_decision_id")
+        _assert_one_launch_source(workflow_recipe_ref, pipeline_recipe_ref)
 
         body = _compact(
             {
@@ -128,6 +150,7 @@ class CoderNamespace:
             "/runs/ensure",
             method="POST",
             body=body,
+            headers=_actor_headers(actor_context),
             timeout=600.0,
         )
 
@@ -139,6 +162,7 @@ class CoderNamespace:
         repository: Optional[str] = None,
         limit: Optional[int] = None,
         offset: Optional[int] = None,
+        actor_context: Optional[Dict[str, str]] = None,
     ) -> Dict[str, Any]:
         qs = _query_string(
             {
@@ -149,10 +173,19 @@ class CoderNamespace:
                 "offset": offset,
             }
         )
-        return await self.request(f"/runs{qs}", method="GET")
+        return await self.request(f"/runs{qs}", method="GET", headers=_actor_headers(actor_context))
 
-    async def get_run(self, run_id: str) -> Dict[str, Any]:
-        return await self.request(f"/runs/{quote(run_id, safe='')}", method="GET")
+    async def get_run(
+        self,
+        run_id: str,
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
+        return await self.request(
+            f"/runs/{quote(run_id, safe='')}",
+            method="GET",
+            headers=_actor_headers(actor_context),
+        )
 
     async def cancel_run(
         self,
@@ -161,6 +194,7 @@ class CoderNamespace:
         reason: Optional[str] = None,
         idempotency_key: Optional[str] = None,
         metadata: Optional[Dict[str, Any]] = None,
+        actor_context: Optional[Dict[str, str]] = None,
     ) -> Dict[str, Any]:
         return await self.request(
             f"/runs/{quote(run_id, safe='')}/cancel",
@@ -170,6 +204,7 @@ class CoderNamespace:
                 idempotency_key=idempotency_key,
                 metadata=metadata,
             ),
+            headers=_actor_headers(actor_context),
         )
 
     async def retry_run(
@@ -179,6 +214,7 @@ class CoderNamespace:
         reason: Optional[str] = None,
         idempotency_key: Optional[str] = None,
         metadata: Optional[Dict[str, Any]] = None,
+        actor_context: Optional[Dict[str, str]] = None,
     ) -> Dict[str, Any]:
         return await self.request(
             f"/runs/{quote(run_id, safe='')}/retry",
@@ -188,6 +224,7 @@ class CoderNamespace:
                 idempotency_key=idempotency_key,
                 metadata=metadata,
             ),
+            headers=_actor_headers(actor_context),
         )
 
     async def nudge_run(
@@ -197,6 +234,7 @@ class CoderNamespace:
         reason: Optional[str] = None,
         idempotency_key: Optional[str] = None,
         metadata: Optional[Dict[str, Any]] = None,
+        actor_context: Optional[Dict[str, str]] = None,
     ) -> Dict[str, Any]:
         return await self.request(
             f"/runs/{quote(run_id, safe='')}/nudge",
@@ -206,16 +244,29 @@ class CoderNamespace:
                 idempotency_key=idempotency_key,
                 metadata=metadata,
             ),
+            headers=_actor_headers(actor_context),
         )
 
-    async def get_run_summary(self, run_id: str) -> Dict[str, Any]:
+    async def get_run_summary(
+        self,
+        run_id: str,
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
         return await self.request(
             f"/runs/{quote(run_id, safe='')}/summary",
             method="GET",
+            headers=_actor_headers(actor_context),
         )
 
-    async def get_run_artifacts(self, run_id: str) -> Dict[str, Any]:
+    async def get_run_artifacts(
+        self,
+        run_id: str,
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
         return await self.request(
             f"/runs/{quote(run_id, safe='')}/artifacts",
             method="GET",
+            headers=_actor_headers(actor_context),
         )

{dominus_sdk_python-6.1.0 → dominus_sdk_python-6.1.2}/dominus/namespaces/platform.py

@@ -23,6 +23,16 @@ def _normalize_platform_path(path: str) -> str:
     return f"/svc/platform{normalized}"
 
 
+def _actor_headers(actor_context: Optional[Dict[str, str]]) -> Optional[Dict[str, str]]:
+    if not actor_context:
+        return None
+    actor_type = str(actor_context.get("type") or actor_context.get("actor_type") or "").strip()
+    actor_id = str(actor_context.get("id") or actor_context.get("actor_id") or "").strip()
+    if not actor_type or not actor_id:
+        return None
+    return {"X-Actor-Type": actor_type, "X-Actor-Id": actor_id}
+
+
 class PlatformNamespace:
     """Platform group/repository policy helpers."""
 
@@ -105,26 +115,41 @@ class PlatformNamespace:
             body=repository,
         )
 
-    async def ensure_policy_decision(self, options: Dict[str, Any]) -> Dict[str, Any]:
+    async def ensure_policy_decision(
+        self,
+        options: Dict[str, Any],
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
         return await self.request(
             "/policy/decisions/ensure",
             method="POST",
             body=options,
+            headers=_actor_headers(actor_context),
         )
 
-    async def get_policy_decision(self, decision_id: str) -> Dict[str, Any]:
+    async def get_policy_decision(
+        self,
+        decision_id: str,
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
         return await self.request(
             f"/policy/decisions/{quote(decision_id, safe='')}",
             method="GET",
+            headers=_actor_headers(actor_context),
         )
 
     async def rehydrate_policy_decision(
         self,
         decision_id: str,
         options: Optional[Dict[str, Any]] = None,
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
     ) -> Dict[str, Any]:
         return await self.request(
             f"/policy/decisions/{quote(decision_id, safe='')}/rehydrate",
             method="POST",
             body=options or {},
+            headers=_actor_headers(actor_context),
         )

dominus_sdk_python-6.1.2/dominus/namespaces/publisher.py

@@ -0,0 +1,300 @@
+"""Publisher namespace.
+
+Build-artifact lifecycle, signing, release records, channel pins, and resolver
+reads for dominus-publisher. This surface intentionally does not expose raw
+runner credentials or direct byte upload shortcuts.
+"""
+from __future__ import annotations
+
+from typing import Any, Dict, Optional, TYPE_CHECKING
+from urllib.parse import quote, urlencode
+
+if TYPE_CHECKING:
+    from ..start import Dominus
+
+
+def _compact(payload: Dict[str, Any]) -> Dict[str, Any]:
+    out: Dict[str, Any] = {}
+    for key, value in payload.items():
+        if value is None:
+            continue
+        if isinstance(value, str) and value.strip() == "":
+            continue
+        out[key] = value
+    return out
+
+
+def _query_string(params: Dict[str, Any]) -> str:
+    cleaned = _compact(params)
+    return f"?{urlencode(cleaned)}" if cleaned else ""
+
+
+def _normalize_publisher_path(path: str) -> str:
+    trimmed = path.strip()
+    normalized = trimmed if trimmed.startswith("/") else f"/{trimmed}"
+    if normalized == "/svc/publisher" or normalized.startswith("/svc/publisher/"):
+        return normalized
+    if normalized == "/api/publisher" or normalized.startswith("/api/publisher/"):
+        return normalized.replace("/api/", "/svc/", 1)
+    return f"/svc/publisher{normalized}"
+
+
+def _actor_headers(actor_context: Optional[Dict[str, str]]) -> Optional[Dict[str, str]]:
+    if not actor_context:
+        return None
+    actor_type = str(actor_context.get("type") or actor_context.get("actor_type") or "").strip()
+    actor_id = str(actor_context.get("id") or actor_context.get("actor_id") or "").strip()
+    if not actor_type or not actor_id:
+        return None
+    return {"X-Actor-Type": actor_type, "X-Actor-Id": actor_id}
+
+
+def _mutation_body(
+    *,
+    reason: Optional[str] = None,
+    idempotency_key: Optional[str] = None,
+    metadata: Optional[Dict[str, Any]] = None,
+) -> Dict[str, Any]:
+    return _compact(
+        {
+            "reason": reason,
+            "idempotency_key": idempotency_key,
+            "metadata": metadata,
+        }
+    )
+
+
+class PublisherNamespace:
+    """Publisher build-artifact lifecycle helpers."""
+
+    def __init__(self, client: "Dominus"):
+        self._client = client
+
+    async def request(
+        self,
+        path: str,
+        *,
+        method: str = "GET",
+        body: Optional[Dict[str, Any]] = None,
+        headers: Optional[Dict[str, str]] = None,
+        timeout: float = 30.0,
+    ) -> Any:
+        return await self._client.gateway_fetch(
+            _normalize_publisher_path(path),
+            method=method,
+            body=body,
+            headers=headers,
+            timeout=timeout,
+        )
+
+    async def health(self) -> Dict[str, Any]:
+        return await self.request("/health", method="GET")
+
+    async def ready(self) -> Dict[str, Any]:
+        return await self.request("/ready", method="GET")
+
+    async def list_builds(
+        self,
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
+        return await self.request("/builds", method="GET", headers=_actor_headers(actor_context))
+
+    async def ensure_build(
+        self,
+        payload: Dict[str, Any],
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
+        return await self.request(
+            "/builds/ensure",
+            method="POST",
+            body=payload,
+            headers=_actor_headers(actor_context),
+            timeout=600.0,
+        )
+
+    async def get_build(
+        self,
+        build_id: str,
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
+        return await self.request(
+            f"/builds/{quote(build_id, safe='')}",
+            method="GET",
+            headers=_actor_headers(actor_context),
+        )
+
+    async def retry_build(
+        self,
+        build_id: str,
+        *,
+        reason: Optional[str] = None,
+        idempotency_key: Optional[str] = None,
+        metadata: Optional[Dict[str, Any]] = None,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
+        return await self.request(
+            f"/builds/{quote(build_id, safe='')}/retry",
+            method="POST",
+            body=_mutation_body(reason=reason, idempotency_key=idempotency_key, metadata=metadata),
+            headers=_actor_headers(actor_context),
+        )
+
+    async def cancel_build(
+        self,
+        build_id: str,
+        *,
+        reason: Optional[str] = None,
+        idempotency_key: Optional[str] = None,
+        metadata: Optional[Dict[str, Any]] = None,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
+        return await self.request(
+            f"/builds/{quote(build_id, safe='')}/cancel",
+            method="POST",
+            body=_mutation_body(reason=reason, idempotency_key=idempotency_key, metadata=metadata),
+            headers=_actor_headers(actor_context),
+        )
+
+    async def evaluate_signing(
+        self,
+        payload: Dict[str, Any],
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
+        return await self.request(
+            "/builds/signing/evaluate",
+            method="POST",
+            body=payload,
+            headers=_actor_headers(actor_context),
+        )
+
+    async def record_signing_evidence(
+        self,
+        payload: Dict[str, Any],
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
+        return await self.request(
+            "/builds/signing/evidence",
+            method="POST",
+            body=payload,
+            headers=_actor_headers(actor_context),
+        )
+
+    async def list_artifacts(
+        self,
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
+        return await self.request("/artifacts", method="GET", headers=_actor_headers(actor_context))
+
+    async def record_release(
+        self,
+        payload: Dict[str, Any],
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
+        return await self.request(
+            "/artifacts/releases/record",
+            method="POST",
+            body=payload,
+            headers=_actor_headers(actor_context),
+            timeout=600.0,
+        )
+
+    async def resolve_artifact(
+        self,
+        artifact_key: str,
+        *,
+        selector: Optional[str] = None,
+        environment: Optional[str] = None,
+        target_app: Optional[str] = None,
+        architecture: Optional[str] = None,
+        runtime_family: Optional[str] = None,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
+        qs = _query_string(
+            {
+                "selector": selector,
+                "environment": environment,
+                "target_app": target_app,
+                "architecture": architecture,
+                "runtime_family": runtime_family,
+            }
+        )
+        return await self.request(
+            f"/artifacts/{quote(artifact_key, safe='')}{qs}",
+            method="GET",
+            headers=_actor_headers(actor_context),
+        )
+
+    async def list_channels(
+        self,
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
+        return await self.request("/channels", method="GET", headers=_actor_headers(actor_context))
+
+    async def get_channel(
+        self,
+        artifact_key: str,
+        selector: str,
+        *,
+        environment: Optional[str] = None,
+        target_app: Optional[str] = None,
+        architecture: Optional[str] = None,
+        runtime_family: Optional[str] = None,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
+        qs = _query_string(
+            {
+                "environment": environment,
+                "target_app": target_app,
+                "architecture": architecture,
+                "runtime_family": runtime_family,
+            }
+        )
+        return await self.request(
+            f"/channels/{quote(artifact_key, safe='')}/{quote(selector, safe='')}{qs}",
+            method="GET",
+            headers=_actor_headers(actor_context),
+        )
+
+    async def pin_channel(
+        self,
+        artifact_key: str,
+        selector: str,
+        payload: Dict[str, Any],
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
+        return await self.request(
+            f"/channels/{quote(artifact_key, safe='')}/{quote(selector, safe='')}/pin",
+            method="POST",
+            body=payload,
+            headers=_actor_headers(actor_context),
+        )
+
+    async def list_prestage(
+        self,
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
+        return await self.request("/prestage", method="GET", headers=_actor_headers(actor_context))
+
+    async def ensure_prestage(
+        self,
+        payload: Dict[str, Any],
+        *,
+        actor_context: Optional[Dict[str, str]] = None,
+    ) -> Dict[str, Any]:
+        return await self.request(
+            "/prestage/ensure",
+            method="POST",
+            body=payload,
+            headers=_actor_headers(actor_context),
+            timeout=600.0,
+        )

{dominus_sdk_python-6.1.0 → dominus_sdk_python-6.1.2}/dominus/start.py

@@ -181,10 +181,12 @@ class Dominus:
         from .namespaces.warden import WardenNamespace
         from .namespaces.platform import PlatformNamespace
         from .namespaces.coder import CoderNamespace
+        from .namespaces.publisher import PublisherNamespace
         self.deployer = DeployerNamespace(self)
         self.warden = WardenNamespace(self)
         self.platform = PlatformNamespace(self)
         self.coder = CoderNamespace(self)
+        self.publisher = PublisherNamespace(self)
 
         # Stash worker (per-scope durable items: credentials + configs)
         from .namespaces.stash import StashNamespace
@@ -539,6 +541,7 @@ class Dominus:
             or "/svc/admin/" in path
             or "/svc/platform/" in path
             or "/svc/coder/" in path
+            or "/svc/publisher/" in path
         )
         decode_base64 = (
             "/svc/warden/secrets" in path

{dominus_sdk_python-6.1.0 → dominus_sdk_python-6.1.2}/dominus_sdk_python.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dominus-sdk-python
-Version: 6.1.0
+Version: 6.1.2
 Summary: Python SDK for the Dominus gateway-first platform
 Author-email: CareBridge Systems <dev@carebridge.io>
 License-Expression: LicenseRef-Proprietary
@@ -42,7 +42,7 @@ Async Python SDK for the Dominus gateway-first service plane.
 - Gateway-scoped client mode for MCP and other user-JWT sessions
 - Transport compatibility for wrapped `{success,data}` responses and unwrapped Warden/control-plane success objects
 - Local helpers for JWT verification, trace propagation, retries, and console capture
-- Current package version: `6.0.0`
+- Current package version: `6.1.1`
 
 ## Install
 
@@ -94,6 +94,20 @@ machine_logs = await dominus.logs.tail(
     since="2026-04-11T08:33:00Z",
     level="error",
 )
+policy = await dominus.platform.ensure_policy_decision(
+    {
+        "group": "dominus",
+        "repository": "carebridgesystems/dominus-platform-worker",
+    },
+    actor_context={"type": "user", "id": "operator-1"},
+)
+coder_run = await dominus.coder.ensure_run(
+    policy_decision_id=policy["data"]["policy_decision"]["decision_id"],
+    workflow_recipe_ref="recipe://workflow-recipe-v1/coder-feature@head",
+    repository="carebridgesystems/dominus-platform-worker",
+    instructions="Fix failing tests",
+    actor_context={"type": "user", "id": "operator-1"},
+)
 
 # Archive maintenance is explicit and dry-run first.
 verify = await dominus.authority.verify_timeline_archive_manifests(
@@ -206,6 +220,8 @@ JWT and selected scope headers directly through Gateway.
 | `browser` | Browser Worker | Browser run health, ensure/start/status/result/retry/nudge/cancel/timeline/dossier |
 | `deployer` | Deployer | Thin operator control-plane request surface |
 | `warden` | Warden | Thin operator control-plane request surface |
+| `platform` | Platform Worker | Group/repository policy decisions with actor attribution |
+| `coder` | Coder Runtime | Policy-bound Coder run lifecycle with workflow/pipeline recipe launch sources |
 | `fastapi` | Local decorators | `@jwt`, `@psk`, `@scopes(...)` |
 
 ## Root Shortcuts

{dominus_sdk_python-6.1.0 → dominus_sdk_python-6.1.2}/dominus_sdk_python.egg-info/SOURCES.txt

@@ -33,6 +33,7 @@ dominus/namespaces/logs.py
 dominus/namespaces/platform.py
 dominus/namespaces/portal.py
 dominus/namespaces/processor.py
+dominus/namespaces/publisher.py
 dominus/namespaces/recipes.py
 dominus/namespaces/redis.py
 dominus/namespaces/secrets.py
@@ -58,6 +59,7 @@ tests/test_logs.py
 tests/test_platform_coder_namespaces.py
 tests/test_provisioning_parity.py
 tests/test_public_exports.py
+tests/test_publisher_namespace.py
 tests/test_recipes_namespace.py
 tests/test_transport_compat.py
 tests/test_workflow_lifecycle.py

{dominus_sdk_python-6.1.0 → dominus_sdk_python-6.1.2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "dominus-sdk-python"
-version = "6.1.0"
+version = "6.1.2"
 description = "Python SDK for the Dominus gateway-first platform"
 readme = "README.md"
 license = "LicenseRef-Proprietary"

{dominus_sdk_python-6.1.0 → dominus_sdk_python-6.1.2}/tests/test_platform_coder_namespaces.py

@@ -31,7 +31,8 @@ async def test_platform_namespace_normalizes_helpers_onto_service_routes():
             "group": "dominus",
             "repository": "carebridgesystems/dominus-platform-worker",
             "metadata": {"safe": "ok"},
-        }
+        },
+        actor_context={"type": "user", "id": "user-1"},
     )
     await platform.rehydrate_policy_decision("pd_123", {"run_id": "run_123"})
 
@@ -51,6 +52,7 @@ async def test_platform_namespace_normalizes_helpers_onto_service_routes():
         "repository": "carebridgesystems/dominus-platform-worker",
         "metadata": {"safe": "ok"},
     }
+    assert client.calls[5][1]["headers"] == {"X-Actor-Type": "user", "X-Actor-Id": "user-1"}
 
 
 @pytest.mark.asyncio
@@ -76,8 +78,10 @@ async def test_coder_namespace_exposes_lifecycle_helpers_but_no_raw_shell():
         policy_decision_id="pd_123",
         mode="async",
         task_recipe_ref="recipe://coder-task-recipe-v1/fix-tests@head",
+        workflow_recipe_ref="recipe://workflow-recipe-v1/coder-feature@head",
         repository="carebridgesystems/dominus-platform-worker",
         instructions="Fix failing tests",
+        actor_context={"type": "user", "id": "user-1"},
     )
     await coder.list_runs(status="running", limit=10)
     await coder.cancel_run("run_123", reason="operator requested")
@@ -99,9 +103,11 @@ async def test_coder_namespace_exposes_lifecycle_helpers_but_no_raw_shell():
         "policy_decision_id": "pd_123",
         "mode": "async",
         "task_recipe_ref": "recipe://coder-task-recipe-v1/fix-tests@head",
+        "workflow_recipe_ref": "recipe://workflow-recipe-v1/coder-feature@head",
         "repository": "carebridgesystems/dominus-platform-worker",
         "instructions": "Fix failing tests",
     }
+    assert client.calls[0][1]["headers"] == {"X-Actor-Type": "user", "X-Actor-Id": "user-1"}
     assert not hasattr(coder, "shell")
     assert not hasattr(coder, "exec")
     assert not hasattr(coder, "command")
@@ -116,3 +122,21 @@ async def test_coder_ensure_run_requires_policy_decision_id():
         await coder.ensure_run(policy_decision_id="")
 
     assert client.calls == []
+
+
+@pytest.mark.asyncio
+async def test_coder_ensure_run_requires_exactly_one_authority_launch_source():
+    client = MockGatewayClient()
+    coder = CoderNamespace(client)
+
+    with pytest.raises(ValueError, match="exactly one"):
+        await coder.ensure_run(policy_decision_id="pd_123")
+
+    with pytest.raises(ValueError, match="exactly one"):
+        await coder.ensure_run(
+            policy_decision_id="pd_123",
+            workflow_recipe_ref="recipe://workflow-recipe-v1/coder@head",
+            pipeline_recipe_ref="recipe://pipeline-recipe-v1/coder@head",
+        )
+
+    assert client.calls == []

{dominus_sdk_python-6.1.0 → dominus_sdk_python-6.1.2}/tests/test_public_exports.py

@@ -3,6 +3,7 @@ from dominus import (
     CoderNamespace,
     DeployerNamespace,
     PlatformNamespace,
+    PublisherNamespace,
     RecipesNamespace,
     WardenNamespace,
     gateway_circuit_breaker,
@@ -37,6 +38,7 @@ def test_top_level_exports_drop_delegate_alias():
     assert RecipesNamespace is not None
     assert PlatformNamespace is not None
     assert CoderNamespace is not None
+    assert PublisherNamespace is not None
 
 
 def test_singleton_exposes_browser_namespace():
@@ -46,3 +48,4 @@ def test_singleton_exposes_browser_namespace():
     assert callable(dominus.recipes.list_types)
     assert callable(dominus.platform.ensure_policy_decision)
     assert callable(dominus.coder.ensure_run)
+    assert callable(dominus.publisher.resolve_artifact)

dominus_sdk_python-6.1.2/tests/test_publisher_namespace.py

@@ -0,0 +1,82 @@
+import pytest
+
+from dominus.namespaces.publisher import PublisherNamespace
+
+
+class MockGatewayClient:
+    def __init__(self):
+        self.calls = []
+
+    async def gateway_fetch(self, path, **kwargs):
+        self.calls.append((path, kwargs))
+        return {"ok": True}
+
+
+@pytest.mark.asyncio
+async def test_publisher_namespace_normalizes_lifecycle_and_resolver_helpers():
+    client = MockGatewayClient()
+    publisher = PublisherNamespace(client)
+
+    await publisher.health()
+    await publisher.ready()
+    await publisher.list_builds()
+    await publisher.ensure_build(
+        {"artifact_key": "envoy_binary"},
+        actor_context={"type": "service", "id": "dominus-deployer"},
+    )
+    await publisher.get_build("pub_123")
+    await publisher.retry_build("pub_123", reason="rerun", idempotency_key="retry-1")
+    await publisher.cancel_build("pub_123", metadata={"requested_by": "operator"})
+    await publisher.evaluate_signing({"environment": "production"})
+    await publisher.record_signing_evidence({"artifact_key": "envoy_binary"})
+    await publisher.list_artifacts()
+    await publisher.record_release({"artifact_key": "envoy_binary"})
+    await publisher.resolve_artifact(
+        "envoy_binary",
+        selector="stable",
+        environment="production",
+        target_app="powerscribe",
+        architecture="x64",
+        runtime_family="rust-tauri",
+    )
+    await publisher.list_channels()
+    await publisher.get_channel("envoy_binary", "stable", environment="production")
+    await publisher.pin_channel("envoy_binary", "stable", {"release_ref": "ar://..."})
+    await publisher.list_prestage()
+
+    assert [(path, kwargs["method"]) for path, kwargs in client.calls] == [
+        ("/svc/publisher/health", "GET"),
+        ("/svc/publisher/ready", "GET"),
+        ("/svc/publisher/builds", "GET"),
+        ("/svc/publisher/builds/ensure", "POST"),
+        ("/svc/publisher/builds/pub_123", "GET"),
+        ("/svc/publisher/builds/pub_123/retry", "POST"),
+        ("/svc/publisher/builds/pub_123/cancel", "POST"),
+        ("/svc/publisher/builds/signing/evaluate", "POST"),
+        ("/svc/publisher/builds/signing/evidence", "POST"),
+        ("/svc/publisher/artifacts", "GET"),
+        ("/svc/publisher/artifacts/releases/record", "POST"),
+        ("/svc/publisher/artifacts/envoy_binary?selector=stable&environment=production&target_app=powerscribe&architecture=x64&runtime_family=rust-tauri", "GET"),
+        ("/svc/publisher/channels", "GET"),
+        ("/svc/publisher/channels/envoy_binary/stable?environment=production", "GET"),
+        ("/svc/publisher/channels/envoy_binary/stable/pin", "POST"),
+        ("/svc/publisher/prestage", "GET"),
+    ]
+    assert client.calls[3][1]["headers"] == {"X-Actor-Type": "service", "X-Actor-Id": "dominus-deployer"}
+    assert client.calls[5][1]["body"] == {"reason": "rerun", "idempotency_key": "retry-1"}
+    assert not hasattr(publisher, "shell")
+    assert not hasattr(publisher, "command")
+
+
+@pytest.mark.asyncio
+async def test_publisher_request_rewrites_api_paths_to_svc_paths():
+    client = MockGatewayClient()
+    publisher = PublisherNamespace(client)
+
+    await publisher.request("/api/publisher/builds", method="GET")
+    await publisher.request("/svc/publisher/channels", method="GET")
+
+    assert [path for path, _ in client.calls] == [
+        "/svc/publisher/builds",
+        "/svc/publisher/channels",
+    ]