dtSpark 1.0.5__py3-none-any.whl → 1.0.8__py3-none-any.whl

dtSpark/_version.txt

@@ -1 +1 @@
-1.0.5
+1.0.8

dtSpark/core/application.py

@@ -1327,8 +1327,14 @@ class AWSBedrockCLI(AbstractApp):
         # ═══════════════════════════════════════════════════════════════
         # AWS Bedrock Configuration
         # ═══════════════════════════════════════════════════════════════
+        aws_auth_method = "sso"
         aws_profile = "default"
         aws_region = "us-east-1"
+        aws_account_name = ""
+        aws_account_id = ""
+        aws_access_key_id = ""
+        aws_secret_access_key = ""
+        aws_session_token = ""
         enable_cost_tracking = False
 
         if use_aws_bedrock:
@@ -1338,16 +1344,97 @@ class AWSBedrockCLI(AbstractApp):
             cli.print_separator("═")
             cli.console.print()
 
-            aws_profile = Prompt.ask(
-                "AWS SSO profile name",
-                default="default"
+            # Authentication method selection
+            cli.console.print("[bold]Authentication Method[/bold]")
+            cli.console.print()
+            cli.console.print("  [1] SSO Profile - AWS Single Sign-On (recommended for interactive use)")
+            cli.console.print("  [2] IAM Access Keys - Long-lived credentials (recommended for autonomous actions)")
+            cli.console.print("  [3] Session Credentials - Temporary credentials with session token")
+            cli.console.print()
+            cli.console.print("[dim]Note: SSO and session credentials have timeouts which may interrupt[/dim]")
+            cli.console.print("[dim]autonomous actions running on a schedule. IAM access keys are recommended[/dim]")
+            cli.console.print("[dim]for unattended/scheduled operations as they do not expire.[/dim]")
+            cli.console.print()
+
+            auth_method_choices = {
+                "1": "sso",
+                "2": "iam",
+                "3": "session"
+            }
+            auth_method_choice = Prompt.ask(
+                "Select authentication method",
+                choices=["1", "2", "3"],
+                default="1"
             )
+            aws_auth_method = auth_method_choices[auth_method_choice]
 
+            cli.console.print()
+
+            # Region (common to all methods)
             aws_region = Prompt.ask(
                 "AWS region",
                 default="us-east-1"
             )
 
+            # SSO Profile authentication
+            if aws_auth_method == "sso":
+                cli.console.print()
+                aws_profile = Prompt.ask(
+                    "AWS SSO profile name",
+                    default="default"
+                )
+
+            # IAM or Session authentication
+            if aws_auth_method in ["iam", "session"]:
+                cli.console.print()
+                cli.console.print("[dim]AWS Account Information (optional, for reference):[/dim]")
+                aws_account_name = Prompt.ask(
+                    "AWS account name (friendly name)",
+                    default=""
+                )
+                aws_account_id = Prompt.ask(
+                    "AWS account ID (12-digit number)",
+                    default=""
+                )
+
+                cli.console.print()
+                cli.console.print("[dim]AWS Credentials (stored securely in secrets manager):[/dim]")
+
+                # Access Key ID (not typically considered secret, but mask anyway for consistency)
+                aws_access_key_id_input = Prompt.ask(
+                    "AWS access key ID",
+                    default=""
+                )
+                if aws_access_key_id_input:
+                    secret_manager.set_secret("aws_access_key_id", aws_access_key_id_input)
+                    aws_access_key_id = "SEC/aws_access_key_id"
+                    cli.print_success("✓ AWS access key ID securely stored in secrets manager")
+
+                # Secret Access Key (sensitive - mask input)
+                aws_secret_access_key_input = Prompt.ask(
+                    "AWS secret access key",
+                    default="",
+                    password=True
+                )
+                if aws_secret_access_key_input:
+                    secret_manager.set_secret("aws_secret_access_key", aws_secret_access_key_input)
+                    aws_secret_access_key = "SEC/aws_secret_access_key"
+                    cli.print_success("✓ AWS secret access key securely stored in secrets manager")
+
+                # Session Token (only for session auth)
+                if aws_auth_method == "session":
+                    cli.console.print()
+                    aws_session_token_input = Prompt.ask(
+                        "AWS session token",
+                        default="",
+                        password=True
+                    )
+                    if aws_session_token_input:
+                        secret_manager.set_secret("aws_session_token", aws_session_token_input)
+                        aws_session_token = "SEC/aws_session_token"
+                        cli.print_success("✓ AWS session token securely stored in secrets manager")
+
+            cli.console.print()
             enable_cost_tracking = Confirm.ask(
                 "Enable AWS cost tracking?",
                 default=False
@@ -1384,7 +1471,8 @@ class AWSBedrockCLI(AbstractApp):
 
             anthropic_api_key_input = Prompt.ask(
                 "Anthropic API key (or press Enter to set via environment variable later)",
-                default=""
+                default="",
+                password=True
             )
 
             # Store API key in secrets manager if provided
@@ -1459,7 +1547,7 @@ class AWSBedrockCLI(AbstractApp):
             else:
                 db_username = "null"
 
-            db_password_input = Prompt.ask("Database password (or press Enter for null)", default="")
+            db_password_input = Prompt.ask("Database password (or press Enter for null)", default="", password=True)
 
             # Store database password in secrets manager if provided
             if db_password_input:
@@ -1811,21 +1899,66 @@ class AWSBedrockCLI(AbstractApp):
             )
 
             # AWS settings
-            config_content = re.sub(
-                r'(sso_profile:\s+)[^\s#]+',
-                f'\\g<1>{aws_profile}',
-                config_content
-            )
-            config_content = re.sub(
-                r'(region:\s+)[^\s#]+',
-                f'\\g<1>{aws_region}',
-                config_content
-            )
-            config_content = re.sub(
-                r'(cost_tracking:\s*\n\s+enabled:\s+)(true|false)',
-                f'\\g<1>{str(enable_cost_tracking).lower()}',
-                config_content
-            )
+            if use_aws_bedrock:
+                # Auth method
+                config_content = re.sub(
+                    r'(auth_method:\s+)[^\s#]+',
+                    f'\\g<1>{aws_auth_method}',
+                    config_content
+                )
+                # Region
+                config_content = re.sub(
+                    r'(aws_bedrock:\s*\n(?:.*\n)*?\s+region:\s+)[^\s#]+',
+                    f'\\g<1>{aws_region}',
+                    config_content
+                )
+                # Account name (only if provided)
+                if aws_account_name:
+                    config_content = re.sub(
+                        r'(account_name:\s+)[^\s#]+',
+                        f'\\g<1>{aws_account_name}',
+                        config_content
+                    )
+                # Account ID (only if provided)
+                if aws_account_id:
+                    config_content = re.sub(
+                        r'(account_id:\s+)[^\s#]+',
+                        f'\\g<1>{aws_account_id}',
+                        config_content
+                    )
+                # SSO profile
+                config_content = re.sub(
+                    r'(sso_profile:\s+)[^\s#]+',
+                    f'\\g<1>{aws_profile}',
+                    config_content
+                )
+                # Access key ID (only if provided)
+                if aws_access_key_id:
+                    config_content = re.sub(
+                        r'(access_key_id:\s+)[^\s#]+',
+                        f'\\g<1>{aws_access_key_id}',
+                        config_content
+                    )
+                # Secret access key (only if provided)
+                if aws_secret_access_key:
+                    config_content = re.sub(
+                        r'(secret_access_key:\s+)[^\s#]+',
+                        f'\\g<1>{aws_secret_access_key}',
+                        config_content
+                    )
+                # Session token (only if provided)
+                if aws_session_token:
+                    config_content = re.sub(
+                        r'(session_token:\s+)[^\s#]+',
+                        f'\\g<1>{aws_session_token}',
+                        config_content
+                    )
+                # Cost tracking
+                config_content = re.sub(
+                    r'(cost_tracking:\s*\n\s+enabled:\s+)(true|false)',
+                    f'\\g<1>{str(enable_cost_tracking).lower()}',
+                    config_content
+                )
 
             # Ollama settings
             if use_ollama:
@@ -1835,11 +1968,11 @@ class AWSBedrockCLI(AbstractApp):
                     config_content
                 )
 
-            # Anthropic settings
+            # Anthropic settings - update api_key under anthropic section
             if use_anthropic and anthropic_api_key:
                 config_content = re.sub(
-                    r'(api_key:\s+")[^"]*(")',
-                    f'\\g<1>{anthropic_api_key}\\g<2>',
+                    r'(anthropic:\s*\n\s+enabled:\s+(?:true|false)\s*#[^\n]*\n\s+api_key:\s+)[^\s#]+',
+                    f'\\g<1>{anthropic_api_key}',
                     config_content
                 )
 
@@ -1972,6 +2105,13 @@ class AWSBedrockCLI(AbstractApp):
 
             # Display summary of secrets stored
             secrets_stored = []
+            if use_aws_bedrock and aws_auth_method in ["iam", "session"]:
+                if aws_access_key_id.startswith("SEC/"):
+                    secrets_stored.append("• AWS access key ID")
+                if aws_secret_access_key.startswith("SEC/"):
+                    secrets_stored.append("• AWS secret access key")
+                if aws_session_token.startswith("SEC/"):
+                    secrets_stored.append("• AWS session token")
             if use_anthropic and anthropic_api_key.startswith("SEC/"):
                 secrets_stored.append("• Anthropic API key")
             if database_type != "sqlite":
@@ -3211,6 +3351,7 @@ class AWSBedrockCLI(AbstractApp):
             self.settings = Settings()
             self.settings.init_settings_readers()
 
+
             # Check if model is locked via configuration
             # Priority 1: Check for mandatory_model (forces model for ALL conversations)
             # Priority 2: Check for bedrock.model_id (legacy configuration)

dtSpark/resources/config.yaml.template

@@ -83,20 +83,29 @@ llm_providers:
     enabled: true  # Set to false to disable AWS Bedrock
     region: us-east-1  # AWS region for Bedrock API
 
-    # Authentication method: Choose one of the following:
-    #
-    # 1. SSO Profile (recommended for interactive use)
+    # Authentication method: sso, iam, or session
+    # - sso: AWS SSO profile (recommended for interactive use, has session timeout)
+    # - iam: IAM access keys (recommended for autonomous actions, no timeout)
+    # - session: Temporary session credentials (has session timeout)
+    auth_method: sso  # Authentication method to use
+
+    # AWS Account Information (optional, for reference/logging)
+    account_name: null  # Friendly name for the AWS account
+    account_id: null  # AWS account ID (12-digit number)
+
+    # SSO Profile Authentication (used when auth_method: sso)
     sso_profile: default  # AWS SSO profile name
-    #
-    # 2. API Keys (for programmatic access, CI/CD, or when SSO is not available)
-    # Uncomment and set these to use API keys instead of SSO:
-    # access_key_id: YOUR_ACCESS_KEY_ID
-    # secret_access_key: YOUR_SECRET_ACCESS_KEY
-    # session_token: YOUR_SESSION_TOKEN  # Optional: for temporary credentials
-    #
-    # Note: API keys take precedence over SSO profile if both are configured
-    #
+
+    # API Key Authentication (used when auth_method: iam or session)
+    # For IAM: Set access_key_id and secret_access_key
+    # For Session: Also set session_token
+    # Note: Use SEC/<key_name> to reference secrets stored in secrets manager
+    access_key_id: null  # AWS access key ID
+    secret_access_key: null  # AWS secret access key (use SEC/aws_secret_access_key)
+    session_token: null  # Session token for temporary credentials (use SEC/aws_session_token)
+
     # Security Warning: Do NOT commit API keys to version control!
+    # Use the setup wizard (--setup) to securely store credentials in secrets manager
 
     cost_tracking:
       enabled: false  # Set to true to enable AWS Bedrock cost gathering and display

{dtspark-1.0.5.dist-info → dtspark-1.0.8.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dtSpark
-Version: 1.0.5
+Version: 1.0.8
 Summary: Secure Personal AI Research Kit - Multi-provider LLM CLI/Web interface with MCP tool integration
 Home-page: https://github.com/digital-thought/dtSpark
 Author: Matthew Westwood-Hill

{dtspark-1.0.5.dist-info → dtspark-1.0.8.dist-info}/RECORD

@@ -4,7 +4,7 @@ dtSpark/_full_name.txt,sha256=wsMYXtT12WMrY9gT1JHiKdE4k7H59psECS6cSD07giQ,31
 dtSpark/_licence.txt,sha256=Mvt5wkOkst8VGlk48vwN3CgHwMHLfmplKSPOUEbTfOw,1071
 dtSpark/_metadata.yaml,sha256=h3PQd2QsY5yUBzS2b6EueTwkmd57svsbAKcwDVVEfIo,188
 dtSpark/_name.txt,sha256=kDZC5_a3iMKIPOUvtLXl0C9N5DiOfgUCsecwTUnkJhs,7
-dtSpark/_version.txt,sha256=jFS_q38a6b0acUjq5B57Co9K03JuDKxw-COi1F255gw,6
+dtSpark/_version.txt,sha256=Mm3V2GQfOZmQ3kLe9QrCnrTJIiYBwKCj_DyUfdO-xl0,6
 dtSpark/cli_interface.py,sha256=aB-rFAh6o8GOwwecx-rSHEj3W4bmQHp51OPEBtC2CEw,96911
 dtSpark/conversation_manager.py,sha256=e1aTJpUjxV96G9xrssJl1ujPJMZZwtfufQ8ZDb1WyAI,132270
 dtSpark/launch.py,sha256=j8XYpmDswWUIzhpMc32E0Fhbhk_qhOQUAwJSpqh37f0,892
@@ -14,7 +14,7 @@ dtSpark/aws/bedrock.py,sha256=j1OknN76LehIMRmoqzx8G3DUSqk2IsO3Fiy5AxQp7Fw,24250
 dtSpark/aws/costs.py,sha256=eyjigH_Yef7g5cKqhR2QUx_7y4E6-NsLd9-WL52I2vM,11931
 dtSpark/aws/pricing.py,sha256=pk85e--C5Iz0Y-6iWv_VfENAnrcWQ_9XK0fJQSlk5Xk,23388
 dtSpark/core/__init__.py,sha256=kORX-9C7L91WxMTMUHXr3Yc09rb6oJNzEH5_KDRdgqM,477
-dtSpark/core/application.py,sha256=sPGXH3GNH7VszCaBR8WW8GvSzfQ-7ccAs2U2BT6e15o,154605
+dtSpark/core/application.py,sha256=YJpwCicq-44gvoO7N7pvLgzEL761txRpBho1xaoFybQ,161278
 dtSpark/core/context_compaction.py,sha256=FWN352EW8n-eWv0MzbOiWIiKcooRxeIAb7611eN-kdY,31898
 dtSpark/daemon/__init__.py,sha256=xdKEyMsNXgIv6nNerpDcwf94c80n-BFoJFaucWxVF64,3300
 dtSpark/daemon/__main__.py,sha256=sRNG4RJ-Ejvd-f7OAU5slPOtxVpCoC2OfazdTJro69Q,170
@@ -49,7 +49,7 @@ dtSpark/llm/ollama.py,sha256=r7ePWK1sfSveN6--Ln-Brtrxkli61uJWSrPU0Qy0MZg,20633
 dtSpark/mcp_integration/__init__.py,sha256=pFw-yTSSJ1yx_ksTe94eq8pBrwDD-5Z-UqSM3VO4deQ,157
 dtSpark/mcp_integration/manager.py,sha256=b-FfmAas344Ordj6AIdwxCgl0dqPx0WiLIu4Vt4URBA,25149
 dtSpark/mcp_integration/tool_selector.py,sha256=VYtKXdYEFK_aC22wOWKI0hm9S67DsZtHScI1HpZVnjE,10003
-dtSpark/resources/config.yaml.template,sha256=A3goAx9qD9_lqbfB6UqKoIVSDYjo_EZFVP-snqQnwHA,23966
+dtSpark/resources/config.yaml.template,sha256=pp_iPQXUFe4VLgHa6YRE3vIlZpY8SniAGk1o069Nn1c,24578
 dtSpark/safety/__init__.py,sha256=fdcZ4qNbYhH7Un9iKLwNe2GDr_doUmpSgtv-oNS8qPE,460
 dtSpark/safety/llm_service.py,sha256=N2J9_Od-fGGvk9BkddD6CFd81PrJ03sMjSz6egBDYr4,3820
 dtSpark/safety/patterns.py,sha256=W9xe-HoeQOl4UfGz7xxFm9VldKeoUg79FVd7ZUXQswE,8040
@@ -88,9 +88,9 @@ dtSpark/web/templates/goodbye.html,sha256=4VnUgq6gHCMeJuty51qq8SZuTtpEMMUOsgTBut
 dtSpark/web/templates/login.html,sha256=OkLf_uzMYhl_o9ER1RQZc8ch6-bCaiOokEhKbeEl8E8,3274
 dtSpark/web/templates/main_menu.html,sha256=AXVFdEwAUWLFF_hXB7GrutwLTtfCqmuR1Yl5i39y3Co,37871
 dtSpark/web/templates/new_conversation.html,sha256=hoiQ4Ew3lpFWHTsYza0JiBqqWJs7St7jTusKDnxRR8w,6844
-dtspark-1.0.5.dist-info/licenses/LICENSE,sha256=jIuWlmbirwQabTwxfzE7SXT1LpCG-y_GRQ3VnoRTKgo,1101
-dtspark-1.0.5.dist-info/METADATA,sha256=JbWx4UUpB2oX3HiBsGS8xvKg0sxil3PQM2Sd_RN478Q,5999
-dtspark-1.0.5.dist-info/WHEEL,sha256=qELbo2s1Yzl39ZmrAibXA2jjPLUYfnVhUNTlyF1rq0Y,92
-dtspark-1.0.5.dist-info/entry_points.txt,sha256=IpIwa_a6XY8Z2w7DtgYAhpFHHEbha-zhLkyttWd3zpw,76
-dtspark-1.0.5.dist-info/top_level.txt,sha256=x-6lMA6vNuxyDNJGNOKI4dyy7L0kOb9V98I5z46bJVY,8
-dtspark-1.0.5.dist-info/RECORD,,
+dtspark-1.0.8.dist-info/licenses/LICENSE,sha256=jIuWlmbirwQabTwxfzE7SXT1LpCG-y_GRQ3VnoRTKgo,1101
+dtspark-1.0.8.dist-info/METADATA,sha256=L5pNPgcWZtKY9m-UTT8PIO2m5r-aVGvrdMhMVN91c4k,5999
+dtspark-1.0.8.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+dtspark-1.0.8.dist-info/entry_points.txt,sha256=IpIwa_a6XY8Z2w7DtgYAhpFHHEbha-zhLkyttWd3zpw,76
+dtspark-1.0.8.dist-info/top_level.txt,sha256=x-6lMA6vNuxyDNJGNOKI4dyy7L0kOb9V98I5z46bJVY,8
+dtspark-1.0.8.dist-info/RECORD,,

{dtspark-1.0.5.dist-info → dtspark-1.0.8.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (80.10.1)
+Generator: setuptools (80.10.2)
 Root-Is-Purelib: true
 Tag: py3-none-any