PyPI - drukbox-python-sdk - Versions diffs - 0.0.1__tar.gz → 0.0.2__tar.gz - Mend

drukbox-python-sdk 0.0.1tar.gz → 0.0.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

{drukbox_python_sdk-0.0.1 → drukbox_python_sdk-0.0.2}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: drukbox-python-sdk
-Version: 0.0.1
+Version: 0.0.2
 Summary: Async Python client for Drukbox.
 Requires-Python: >=3.11
 Requires-Dist: httpx>=0.28
@@ -38,9 +38,13 @@ try:
         env={"FOO": "bar"},
         idempotency_key="agent-run-42",
     )
-    # Use host.external_ssh_host (or host.internal_ssh_host when the
-    # service runs with Tailscale enabled), host.external_ssh_port,
-    # and host.known_hosts with asyncssh or another SSH client.
+    # Dial whichever reachable address fits your network: host.external_ssh_host
+    # for the provider's public path (may be empty when the service runs an
+    # AWS-with-Tailscale-on deployment) or host.internal_ssh_host for the
+    # tailnet MagicDNS name (only when Tailscale is enabled). Use host.known_hosts
+    # for SSH host-key verification. If the provider mints a per-VM keypair
+    # (AWS with Tailscale off), host.private_key carries the private half —
+    # returned exactly once at create time; subsequent get_host returns None.
 finally:
     await sandbox.delete_host(host.id)
     await sandbox.aclose()

{drukbox_python_sdk-0.0.1 → drukbox_python_sdk-0.0.2}/README.md RENAMED Viewed

@@ -30,9 +30,13 @@ try:
         env={"FOO": "bar"},
         idempotency_key="agent-run-42",
     )
-    # Use host.external_ssh_host (or host.internal_ssh_host when the
-    # service runs with Tailscale enabled), host.external_ssh_port,
-    # and host.known_hosts with asyncssh or another SSH client.
+    # Dial whichever reachable address fits your network: host.external_ssh_host
+    # for the provider's public path (may be empty when the service runs an
+    # AWS-with-Tailscale-on deployment) or host.internal_ssh_host for the
+    # tailnet MagicDNS name (only when Tailscale is enabled). Use host.known_hosts
+    # for SSH host-key verification. If the provider mints a per-VM keypair
+    # (AWS with Tailscale off), host.private_key carries the private half —
+    # returned exactly once at create time; subsequent get_host returns None.
 finally:
     await sandbox.delete_host(host.id)
     await sandbox.aclose()

{drukbox_python_sdk-0.0.1 → drukbox_python_sdk-0.0.2}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 [project]
 name = "drukbox-python-sdk"
-version = "0.0.1"
+version = "0.0.2"
 description = "Async Python client for Drukbox."
 readme = "README.md"
 # Tracks the lowest Python any current consumer supports. Bump only
@@ -45,5 +45,10 @@ testpaths = ["tests"]
 [tool.pyright]
 include = ["src", "tests"]
 pythonVersion = "3.11"
-typeCheckingMode = "strict"
+typeCheckingMode = "standard"
+venvPath = "."
+venv = ".venv"
 reportMissingTypeStubs = false
+reportUnknownMemberType = false
+reportUnknownVariableType = false
+reportUnknownArgumentType = false

{drukbox_python_sdk-0.0.1 → drukbox_python_sdk-0.0.2}/src/drukbox_sdk/api.py RENAMED Viewed

@@ -61,13 +61,22 @@ _SANDBOX_HTTP_LIMITS = httpx.Limits(
 class SandboxHost:
     """Snapshot of a provisioned host as returned by the service.
-    The shape mirrors the Drukbox ``Host`` schema. ``external_ssh_host``
-    is always populated by the VM provider; ``internal_ssh_host`` is
-    populated only when the service runs with Tailscale enabled (MagicDNS
-    name on the tailnet). The internal path is always reached on port 22
-    by Tailscale convention, so there is no ``internal_ssh_port``.
-    Callers pick whichever path they can reach and dial it themselves —
-    this SDK doesn't speak SSH.
+    The shape mirrors the Drukbox ``Host`` schema. Either reachable
+    address may be empty/None depending on the provider and deployment:
+    ``external_ssh_host`` carries the provider's public path (always
+    populated by exe.dev; empty for an AWS host with Tailscale on);
+    ``internal_ssh_host`` carries the tailnet MagicDNS form, populated
+    only when the service runs with Tailscale enabled. The internal
+    path is always reached on port 22 by Tailscale convention, so
+    there is no ``internal_ssh_port``. Callers pick whichever path
+    they can reach and dial it themselves — this SDK doesn't speak SSH.
+    ``private_key`` carries per-VM SSH private key material returned
+    exactly once at create time, when the provider mints fresh material
+    per instance (AWS with Tailscale off). Providers that use a
+    different SSH auth model (exe.dev's edge proxy, Tailscale ACLs
+    via tailscaled-SSH) return None here. A later ``get_host`` call
+    always returns None — the key is not persisted server-side.
     """
     id: str
@@ -80,6 +89,7 @@ class SandboxHost:
     internal_ssh_host: str | None
     known_hosts: str
     tailscale_device_id: str | None
+    private_key: str | None
     last_error: str
     created_at: str
     updated_at: str

{drukbox_python_sdk-0.0.1 → drukbox_python_sdk-0.0.2}/tests/test_api.py RENAMED Viewed

@@ -49,6 +49,7 @@ def _host_payload(**overrides: Any) -> dict[str, Any]:
         "internal_ssh_host": "host-abc.example.ts.net",
         "known_hosts": "ssh-ed25519 AAAA...\n",
         "tailscale_device_id": None,
+        "private_key": None,
         "last_error": "",
         "created_at": "2026-05-28T12:00:00+00:00",
         "updated_at": "2026-05-28T12:00:00+00:00",
@@ -199,6 +200,37 @@ async def test_unknown_fields_in_host_payload_are_ignored(api: SandboxAPI):
     assert not hasattr(host, "future_field")  # New field silently dropped.
+@respx.mock
+async def test_create_host_returns_private_key_when_provider_mints_one(api: SandboxAPI):
+    """AWS with Tailscale-off mints a per-VM ed25519 keypair and returns
+    the private half exactly once at create time. The SDK must round-trip
+    it through to the caller."""
+    pem = "-----BEGIN OPENSSH PRIVATE KEY-----\nFAKE\n-----END OPENSSH PRIVATE KEY-----\n"
+    payload = _host_payload(provider="aws", private_key=pem, external_ssh_host="ec2-x.example")
+    respx.post(f"{BASE_URL}/hosts").mock(return_value=httpx.Response(201, json=payload))
+    host = await api.create_host()
+    assert host.provider == "aws"
+    assert host.private_key == pem
+@respx.mock
+async def test_get_host_returns_none_private_key_after_create(api: SandboxAPI):
+    """drukbox doesn't persist the key, so a subsequent GET should
+    return None regardless of what was returned at create time."""
+    payload = _host_payload(private_key=None)
+    respx.get(f"{BASE_URL}/hosts/{payload['id']}").mock(
+        return_value=httpx.Response(200, json=payload),
+    )
+    host = await api.get_host(payload["id"])
+    assert host.private_key is None
 # ---------------------------------------------------------------------------
 # Error classification
 # ---------------------------------------------------------------------------