fleet-python 0.2.66b3__tar.gz → 0.2.67__tar.gz

{fleet_python-0.2.66b3 → fleet_python-0.2.67}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fleet-python
-Version: 0.2.66b3
+Version: 0.2.67
 Summary: Python SDK for Fleet environments
 Author-email: Fleet AI <nic@fleet.so>
 License: Apache-2.0

{fleet_python-0.2.66b3 → fleet_python-0.2.67}/examples/export_tasks.py

@@ -27,6 +27,12 @@ def main():
         help="Optional task project key to filter tasks",
         default=None,
     )
+    parser.add_argument(
+        "--env-key",
+        "-e",
+        help="Optional environment key to filter tasks",
+        default=None,
+    )
     parser.add_argument(
         "--output",
         "-o",
@@ -42,12 +48,13 @@ def main():
             args.project_key is not None,
             args.task_keys is not None,
             args.task_project_key is not None,
+            args.env_key is not None,
         ]
     )
 
     if filters_specified > 1:
         parser.error(
-            "Cannot specify multiple filters. Use only one of --project-key, --task-keys, or --task-project-key."
+            "Cannot specify multiple filters. Use only one of --project-key, --task-keys, --task-project-key, or --env-key."
         )
 
     # Get account info
@@ -66,6 +73,9 @@ def main():
     elif args.task_project_key:
         print(f"Loading tasks from task project: {args.task_project_key}")
         tasks = fleet.load_tasks(task_project_key=args.task_project_key)
+    elif args.env_key:
+        print(f"Loading tasks from environment: {args.env_key}")
+        tasks = fleet.load_tasks(env_key=args.env_key)
     else:
         print("Loading all tasks")
         tasks = fleet.load_tasks()

{fleet_python-0.2.66b3 → fleet_python-0.2.67}/examples/import_tasks.py

@@ -210,9 +210,18 @@ async def main():
         action="store_true",
         help="Skip the verifier sanity check (not recommended)",
     )
+    parser.add_argument(
+        "--sanity-check-only",
+        action="store_true",
+        help="Only run the sanity check without importing tasks",
+    )
 
     args = parser.parse_args()
 
+    # Validate conflicting flags
+    if args.skip_sanity_check and args.sanity_check_only:
+        parser.error("Cannot use --skip-sanity-check and --sanity-check-only together")
+
     # Load and parse the JSON file
     try:
         with open(args.json_file, "r", encoding="utf-8") as f:
@@ -286,6 +295,12 @@ async def main():
         success, errors = await run_verifier_sanity_check(tasks, client)
         if not success:
             sys.exit(1)
+
+        # If only doing sanity check, exit successfully here
+        if args.sanity_check_only:
+            print("\n✓ Sanity check complete! (--sanity-check-only)")
+            print("Tasks are ready to import.")
+            sys.exit(0)
     else:
         print("\n⚠️  Skipping sanity check (--skip-sanity-check)")
 

{fleet_python-0.2.66b3 → fleet_python-0.2.67}/fleet/_async/client.py

@@ -553,7 +553,7 @@ class AsyncFleet:
                 env_variables=task_response.env_variables or {},
                 verifier_func=verifier_func,  # Set verifier code
                 verifier=verifier,  # Use created verifier or None
-                metadata={},  # Default empty metadata
+                metadata=task_response.metadata or {},
                 output_json_schema=getattr(task_response, "output_json_schema", None),  # Get output_json_schema if available
             )
             tasks.append(task)
@@ -708,6 +708,7 @@ class AsyncFleet:
         task_key: str,
         prompt: Optional[str] = None,
         verifier_code: Optional[str] = None,
+        metadata: Optional[Dict[str, Any]] = None,
     ) -> TaskResponse:
         """Update an existing task.
 
@@ -715,11 +716,12 @@ class AsyncFleet:
             task_key: The key of the task to update
             prompt: New prompt text for the task (optional)
             verifier_code: Python code for task verification (optional)
+            metadata: Additional metadata for the task (optional)
 
         Returns:
             TaskResponse containing the updated task details
         """
-        payload = TaskUpdateRequest(prompt=prompt, verifier_code=verifier_code)
+        payload = TaskUpdateRequest(prompt=prompt, verifier_code=verifier_code, metadata=metadata)
         response = await self.client.request(
             "PUT", f"/v1/tasks/{task_key}", json=payload.model_dump(exclude_none=True)
         )

{fleet_python-0.2.66b3 → fleet_python-0.2.67}/fleet/_async/models.py

@@ -155,12 +155,14 @@ class TaskRequest(BaseModel):
     verifier_id: Optional[str] = Field(None, title="Verifier Id")
     version: Optional[str] = Field(None, title="Version")
     env_variables: Optional[Dict[str, Any]] = Field(None, title="Env Variables")
+    metadata: Optional[Dict[str, Any]] = Field(None, title="Metadata")
     output_json_schema: Optional[Dict[str, Any]] = Field(None, title="Output Json Schema")
 
 
 class TaskUpdateRequest(BaseModel):
     prompt: Optional[str] = Field(None, title="Prompt")
     verifier_code: Optional[str] = Field(None, title="Verifier Code")
+    metadata: Optional[Dict[str, Any]] = Field(None, title="Metadata")
 
 
 class VerifierData(BaseModel):
@@ -186,6 +188,7 @@ class TaskResponse(BaseModel):
     data_version: Optional[str] = Field(None, title="Data Version")
     env_variables: Optional[Dict[str, Any]] = Field(None, title="Env Variables")
     verifier: Optional[VerifierData] = Field(None, title="Verifier")
+    metadata: Optional[Dict[str, Any]] = Field(None, title="Metadata")
     output_json_schema: Optional[Dict[str, Any]] = Field(None, title="Output Json Schema")
 
 

{fleet_python-0.2.66b3 → fleet_python-0.2.67}/fleet/_async/tasks.py

@@ -209,17 +209,19 @@ class Task(BaseModel):
             )
             self.verifier = verifier
 
-    async def make_env(self, region: Optional[str] = None):
+    async def make_env(
+        self,
+        region: Optional[str] = None,
+        image_type: Optional[str] = None,
+        ttl_seconds: Optional[int] = None,
+    ):
         """Create an environment instance for this task's environment.
 
-        Uses the task's env_id (and version if present) to create the env.
+        Alias for make() method. Uses the task's env_id (and version if present) to create the env.
         """
-        if not self.env_id:
-            raise ValueError("Task has no env_id defined")
-        # Deferred import to avoid circular dependencies
-        from .client import AsyncFleet
-
-        return await AsyncFleet().make(env_key=self.env_key, region=region)
+        return await self.make(
+            region=region, image_type=image_type, ttl_seconds=ttl_seconds
+        )
 
     async def make(
         self,
@@ -279,14 +281,17 @@ def verifier_from_string(
     """
     try:
         import inspect
+        import re
         from .verifiers.verifier import AsyncVerifierFunction
         from fleet.verifiers.code import TASK_SUCCESSFUL_SCORE, TASK_FAILED_SCORE
         from fleet.verifiers.db import IgnoreConfig
-        from fleet.verifiers.parsing import parse_and_validate_verifier
 
-        # Validate the code and extract function name
-        # This ensures no arbitrary code execution during import
-        func_name = parse_and_validate_verifier(verifier_func)
+        # Strip @verifier decorator if present to avoid double-wrapping
+        # Remove lines like: @verifier(key="...")
+        cleaned_code = re.sub(r"@verifier\([^)]*\)\s*\n", "", verifier_func)
+        # Also remove the verifier import if present
+        cleaned_code = re.sub(r"from fleet import.*verifier.*\n", "", cleaned_code)
+        cleaned_code = re.sub(r"import.*verifier.*\n", "", cleaned_code)
 
         # Create a local namespace for executing the code
         local_namespace = {
@@ -296,9 +301,8 @@ def verifier_from_string(
             "Environment": object,  # Add Environment type if needed
         }
 
-        # Execute the verifier code in the namespace
-        # This is now safe because we validated it contains only declarative code
-        exec(verifier_func, globals(), local_namespace)
+        # Execute the cleaned verifier code in the namespace
+        exec(cleaned_code, globals(), local_namespace)
 
         # Find the function that was defined (not imported)
         # Functions defined via exec have co_filename == '<string>'
@@ -384,7 +388,7 @@ async def load_tasks(
 
 
 async def update_task(
-    task_key: str, prompt: Optional[str] = None, verifier_code: Optional[str] = None
+    task_key: str, prompt: Optional[str] = None, verifier_code: Optional[str] = None, metadata: Optional[Dict[str, Any]] = None
 ):
     """Convenience function to update an existing task.
 
@@ -392,6 +396,7 @@ async def update_task(
         task_key: The key of the task to update
         prompt: New prompt text for the task (optional)
         verifier_code: Python code for task verification (optional)
+        metadata: Additional metadata for the task (optional)
 
     Returns:
         TaskResponse containing the updated task details
@@ -399,16 +404,19 @@ async def update_task(
     Examples:
         response = await fleet.update_task("my-task", prompt="New prompt text")
         response = await fleet.update_task("my-task", verifier_code="def verify(env): return True")
+        response = await fleet.update_task("my-task", metadata={"seed": 42, "story": "Updated story"})
     """
     from .global_client import get_client
 
     client = get_client()
     return await client.update_task(
-        task_key=task_key, prompt=prompt, verifier_code=verifier_code
+        task_key=task_key, prompt=prompt, verifier_code=verifier_code, metadata=metadata
     )
 
 
-async def get_task(task_key: str, version_id: Optional[str] = None, team_id: Optional[str] = None):
+async def get_task(
+    task_key: str, version_id: Optional[str] = None, team_id: Optional[str] = None
+):
     """Convenience function to get a task by key and optional version.
 
     Args:
@@ -427,7 +435,9 @@ async def get_task(task_key: str, version_id: Optional[str] = None, team_id: Opt
     from .global_client import get_client
 
     client = get_client()
-    return await client.get_task(task_key=task_key, version_id=version_id, team_id=team_id)
+    return await client.get_task(
+        task_key=task_key, version_id=version_id, team_id=team_id
+    )
 
 
 async def import_task(task: Task, project_key: Optional[str] = None):

{fleet_python-0.2.66b3 → fleet_python-0.2.67}/fleet/client.py

@@ -559,7 +559,7 @@ class Fleet:
                 env_variables=task_response.env_variables or {},
                 verifier_func=verifier_func,  # Set verifier code
                 verifier=verifier,  # Use created verifier or None
-                metadata={},  # Default empty metadata
+                metadata=task_response.metadata or {},
                 output_json_schema=getattr(task_response, "output_json_schema", None),  # Get output_json_schema if available
             )
             tasks.append(task)
@@ -706,6 +706,7 @@ class Fleet:
         task_key: str,
         prompt: Optional[str] = None,
         verifier_code: Optional[str] = None,
+        metadata: Optional[Dict[str, Any]] = None,
     ) -> TaskResponse:
         """Update an existing task.
 
@@ -713,11 +714,12 @@ class Fleet:
             task_key: The key of the task to update
             prompt: New prompt text for the task (optional)
             verifier_code: Python code for task verification (optional)
+            metadata: Additional metadata for the task (optional)
 
         Returns:
             TaskResponse containing the updated task details
         """
-        payload = TaskUpdateRequest(prompt=prompt, verifier_code=verifier_code)
+        payload = TaskUpdateRequest(prompt=prompt, verifier_code=verifier_code, metadata=metadata)
         response = self.client.request(
             "PUT", f"/v1/tasks/{task_key}", json=payload.model_dump(exclude_none=True)
         )

{fleet_python-0.2.66b3 → fleet_python-0.2.67}/fleet/models.py

@@ -158,6 +158,7 @@ class TaskRequest(BaseModel):
     verifier_id: Optional[str] = Field(None, title="Verifier Id")
     version: Optional[str] = Field(None, title="Version")
     env_variables: Optional[Dict[str, Any]] = Field(None, title="Env Variables")
+    metadata: Optional[Dict[str, Any]] = Field(None, title="Metadata")
     output_json_schema: Optional[Dict[str, Any]] = Field(
         None, title="Output Json Schema"
     )
@@ -166,6 +167,7 @@ class TaskRequest(BaseModel):
 class TaskUpdateRequest(BaseModel):
     prompt: Optional[str] = Field(None, title="Prompt")
     verifier_code: Optional[str] = Field(None, title="Verifier Code")
+    metadata: Optional[Dict[str, Any]] = Field(None, title="Metadata")
 
 
 class VerifierData(BaseModel):
@@ -191,6 +193,7 @@ class TaskResponse(BaseModel):
     data_version: Optional[str] = Field(None, title="Data Version")
     env_variables: Optional[Dict[str, Any]] = Field(None, title="Env Variables")
     verifier: Optional[VerifierData] = Field(None, title="Verifier")
+    metadata: Optional[Dict[str, Any]] = Field(None, title="Metadata")
     output_json_schema: Optional[Dict[str, Any]] = Field(
         None, title="Output Json Schema"
     )

{fleet_python-0.2.66b3 → fleet_python-0.2.67}/fleet/tasks.py

@@ -202,17 +202,17 @@ class Task(BaseModel):
             )
             self.verifier = verifier
 
-    def make_env(self, region: Optional[str] = None):
+    def make_env(
+        self,
+        region: Optional[str] = None,
+        image_type: Optional[str] = None,
+        ttl_seconds: Optional[int] = None,
+    ):
         """Create an environment instance for this task's environment.
 
-        Uses the task's env_id (and version if present) to create the env.
+        Alias for make() method. Uses the task's env_id (and version if present) to create the env.
         """
-        if not self.env_id:
-            raise ValueError("Task has no env_id defined")
-        # Deferred import to avoid circular dependencies
-        from .client import Fleet
-
-        return Fleet().make(env_key=self.env_key, region=region)
+        return self.make(region=region, image_type=image_type, ttl_seconds=ttl_seconds)
 
     def make(
         self,
@@ -272,14 +272,17 @@ def verifier_from_string(
     """
     try:
         import inspect
+        import re
         from .verifiers import SyncVerifierFunction
         from .verifiers.code import TASK_SUCCESSFUL_SCORE, TASK_FAILED_SCORE
         from .verifiers.db import IgnoreConfig
-        from .verifiers.parsing import parse_and_validate_verifier
 
-        # Validate the code and extract function name
-        # This ensures no arbitrary code execution during import
-        func_name = parse_and_validate_verifier(verifier_func)
+        # Strip @verifier decorator if present to avoid double-wrapping
+        # Remove lines like: @verifier(key="...")
+        cleaned_code = re.sub(r"@verifier\([^)]*\)\s*\n", "", verifier_func)
+        # Also remove the verifier import if present
+        cleaned_code = re.sub(r"from fleet import.*verifier.*\n", "", cleaned_code)
+        cleaned_code = re.sub(r"import.*verifier.*\n", "", cleaned_code)
 
         # Create a globals namespace with all required imports
         exec_globals = globals().copy()
@@ -295,9 +298,8 @@ def verifier_from_string(
         # Create a local namespace for executing the code
         local_namespace = {}
 
-        # Execute the verifier code in the namespace
-        # This is now safe because we validated it contains only declarative code
-        exec(verifier_func, exec_globals, local_namespace)
+        # Execute the cleaned verifier code in the namespace
+        exec(cleaned_code, exec_globals, local_namespace)
 
         # Find the function that was defined (not imported)
         # Functions defined via exec have co_filename == '<string>'
@@ -387,7 +389,7 @@ def load_tasks(
 
 
 def update_task(
-    task_key: str, prompt: Optional[str] = None, verifier_code: Optional[str] = None
+    task_key: str, prompt: Optional[str] = None, verifier_code: Optional[str] = None, metadata: Optional[Dict[str, Any]] = None
 ):
     """Convenience function to update an existing task.
 
@@ -395,6 +397,7 @@ def update_task(
         task_key: The key of the task to update
         prompt: New prompt text for the task (optional)
         verifier_code: Python code for task verification (optional)
+        metadata: Additional metadata for the task (optional)
 
     Returns:
         TaskResponse containing the updated task details
@@ -402,16 +405,19 @@ def update_task(
     Examples:
         response = fleet.update_task("my-task", prompt="New prompt text")
         response = fleet.update_task("my-task", verifier_code="def verify(env): return True")
+        response = fleet.update_task("my-task", metadata={"seed": 42, "story": "Updated story"})
     """
     from .global_client import get_client
 
     client = get_client()
     return client.update_task(
-        task_key=task_key, prompt=prompt, verifier_code=verifier_code
+        task_key=task_key, prompt=prompt, verifier_code=verifier_code, metadata=metadata
     )
 
 
-def get_task(task_key: str, version_id: Optional[str] = None, team_id: Optional[str] = None):
+def get_task(
+    task_key: str, version_id: Optional[str] = None, team_id: Optional[str] = None
+):
     """Convenience function to get a task by key and optional version.
 
     Args:

{fleet_python-0.2.66b3 → fleet_python-0.2.67}/fleet_python.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fleet-python
-Version: 0.2.66b3
+Version: 0.2.67
 Summary: Python SDK for Fleet environments
 Author-email: Fleet AI <nic@fleet.so>
 License: Apache-2.0

{fleet_python-0.2.66b3 → fleet_python-0.2.67}/fleet_python.egg-info/SOURCES.txt

@@ -70,7 +70,6 @@ fleet/verifiers/code.py
 fleet/verifiers/db.py
 fleet/verifiers/decorator.py
 fleet/verifiers/parse.py
-fleet/verifiers/parsing.py
 fleet/verifiers/sql_differ.py
 fleet/verifiers/verifier.py
 fleet_python.egg-info/PKG-INFO
@@ -81,5 +80,4 @@ fleet_python.egg-info/top_level.txt
 scripts/fix_sync_imports.py
 scripts/unasync.py
 tests/__init__.py
-tests/test_verifier_from_string.py
-tests/test_verifier_security.py
+tests/test_verifier_from_string.py

{fleet_python-0.2.66b3 → fleet_python-0.2.67}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "fleet-python"
-version = "0.2.66b3"
+version = "0.2.67"
 description = "Python SDK for Fleet environments"
 authors = [
     {name = "Fleet AI", email = "nic@fleet.so"},

fleet_python-0.2.66b3/fleet/verifiers/parsing.py

@@ -1,106 +0,0 @@
-"""Verifier code parsing and validation utilities."""
-
-import ast
-from typing import Set
-
-
-def parse_and_validate_verifier(code: str) -> str:
-    """Parse and validate verifier code, returning the first function name.
-
-    This function ensures that the verifier code only contains safe declarative
-    statements and does not execute arbitrary code during import.
-
-    Args:
-        code: Python code string containing the verifier function
-
-    Returns:
-        Name of the first function found in the code
-
-    Raises:
-        ValueError: If code is invalid or contains unsafe statements
-        SyntaxError: If code has syntax errors
-    """
-    try:
-        tree = ast.parse(code)
-    except SyntaxError as e:
-        raise SyntaxError(f"Syntax error in verifier code: {e}")
-
-    first_function_name = None
-
-    for node in tree.body:
-        # Check for function definitions
-        if isinstance(node, (ast.FunctionDef, ast.AsyncFunctionDef)):
-            # Validate that decorators don't contain function calls
-            for decorator in node.decorator_list:
-                if _contains_call(decorator):
-                    raise ValueError(
-                        f"Line {node.lineno}: Function decorators with function calls "
-                        f"are not allowed. Decorators execute during import and could "
-                        f"run arbitrary code."
-                    )
-
-            if first_function_name is None:
-                first_function_name = node.name
-            continue
-
-        # Allow imports
-        if isinstance(node, (ast.Import, ast.ImportFrom)):
-            continue
-
-        # Allow class definitions
-        if isinstance(node, ast.ClassDef):
-            continue
-
-        # Allow docstrings and other expression statements (but not calls)
-        if isinstance(node, ast.Expr):
-            if isinstance(node.value, ast.Constant):
-                # Docstring or constant expression - safe
-                continue
-            else:
-                # Check if it's a call or other dangerous expression
-                raise ValueError(
-                    f"Line {node.lineno}: Expression statements that are not "
-                    f"constants are not allowed at module level. Found: {ast.dump(node.value)}"
-                )
-
-        # Allow variable assignments, but check the value
-        if isinstance(node, (ast.Assign, ast.AnnAssign)):
-            # Check if the assignment value contains any function calls
-            if _contains_call(node.value if isinstance(node, ast.AnnAssign) else node.value):
-                raise ValueError(
-                    f"Line {node.lineno}: Variable assignments with function calls "
-                    f"are not allowed at module level. This prevents arbitrary code "
-                    f"execution during import."
-                )
-            continue
-
-        # If we get here, it's an unsupported statement type
-        raise ValueError(
-            f"Line {node.lineno}: Unsupported statement type at module level: "
-            f"{node.__class__.__name__}. Only imports, function/class definitions, "
-            f"and constant assignments are allowed."
-        )
-
-    if first_function_name is None:
-        raise ValueError("No function found in verifier code")
-
-    return first_function_name
-
-
-def _contains_call(node: ast.AST) -> bool:
-    """Recursively check if an AST node contains any Call nodes.
-
-    Args:
-        node: AST node to check
-
-    Returns:
-        True if the node or any of its children is a Call node
-    """
-    if isinstance(node, ast.Call):
-        return True
-
-    for child in ast.walk(node):
-        if isinstance(child, ast.Call):
-            return True
-
-    return False

fleet_python-0.2.66b3/tests/test_verifier_security.py

@@ -1,427 +0,0 @@
-"""Security tests for verifier_from_string function.
-
-Tests that the verifier parsing and validation properly blocks
-arbitrary code execution during import.
-"""
-
-import pytest
-from fleet.tasks import verifier_from_string as sync_verifier_from_string
-from fleet._async.tasks import verifier_from_string as async_verifier_from_string
-
-
-class TestSyncVerifierSecurity:
-    """Security tests for sync version of verifier_from_string."""
-
-    def test_blocks_module_level_subprocess_run(self):
-        """Test that module-level subprocess.run() is blocked."""
-        code = """
-import subprocess
-subprocess.run(['echo', 'malicious'])
-
-def my_verifier(env):
-    return 1.0
-"""
-        with pytest.raises(ValueError, match="Expression statements that are not constants"):
-            sync_verifier_from_string(
-                verifier_func=code,
-                verifier_id="test-verifier",
-                verifier_key="test-key",
-                sha256="test-sha",
-            )
-
-    def test_blocks_module_level_open(self):
-        """Test that module-level open() is blocked."""
-        code = """
-open('/etc/passwd', 'r')
-
-def my_verifier(env):
-    return 1.0
-"""
-        with pytest.raises(ValueError, match="Expression statements that are not constants"):
-            sync_verifier_from_string(
-                verifier_func=code,
-                verifier_id="test-verifier",
-                verifier_key="test-key",
-                sha256="test-sha",
-            )
-
-    def test_blocks_assignment_with_subprocess_call(self):
-        """Test that variable assignment with subprocess call is blocked."""
-        code = """
-import subprocess
-result = subprocess.run(['echo', 'malicious'])
-
-def my_verifier(env):
-    return 1.0
-"""
-        with pytest.raises(ValueError, match="Variable assignments with function calls"):
-            sync_verifier_from_string(
-                verifier_func=code,
-                verifier_id="test-verifier",
-                verifier_key="test-key",
-                sha256="test-sha",
-            )
-
-    def test_blocks_assignment_with_open_call(self):
-        """Test that variable assignment with open() is blocked."""
-        code = """
-file_handle = open('/etc/passwd', 'r')
-
-def my_verifier(env):
-    return 1.0
-"""
-        with pytest.raises(ValueError, match="Variable assignments with function calls"):
-            sync_verifier_from_string(
-                verifier_func=code,
-                verifier_id="test-verifier",
-                verifier_key="test-key",
-                sha256="test-sha",
-            )
-
-    def test_blocks_assignment_with_any_function_call(self):
-        """Test that variable assignment with any function call is blocked."""
-        code = """
-import os
-path = os.getcwd()
-
-def my_verifier(env):
-    return 1.0
-"""
-        with pytest.raises(ValueError, match="Variable assignments with function calls"):
-            sync_verifier_from_string(
-                verifier_func=code,
-                verifier_id="test-verifier",
-                verifier_key="test-key",
-                sha256="test-sha",
-            )
-
-    def test_allows_constant_assignment(self):
-        """Test that constant variable assignments are allowed."""
-        code = """
-CONSTANT_VALUE = 42
-ANOTHER_CONSTANT = "test"
-PI = 3.14159
-
-def my_verifier(env):
-    return CONSTANT_VALUE
-"""
-        # Should not raise
-        verifier = sync_verifier_from_string(
-            verifier_func=code,
-            verifier_id="test-verifier",
-            verifier_key="test-key",
-            sha256="test-sha",
-        )
-        assert verifier is not None
-
-    def test_allows_list_dict_constant_assignment(self):
-        """Test that list/dict constant assignments are allowed."""
-        code = """
-MY_LIST = [1, 2, 3]
-MY_DICT = {"key": "value"}
-MY_TUPLE = (1, 2, 3)
-
-def my_verifier(env):
-    return 1.0
-"""
-        # Should not raise
-        verifier = sync_verifier_from_string(
-            verifier_func=code,
-            verifier_id="test-verifier",
-            verifier_key="test-key",
-            sha256="test-sha",
-        )
-        assert verifier is not None
-
-    def test_allows_valid_imports(self):
-        """Test that imports are allowed."""
-        code = """
-import json
-import os
-from typing import Dict
-
-def my_verifier(env):
-    return 1.0
-"""
-        # Should not raise
-        verifier = sync_verifier_from_string(
-            verifier_func=code,
-            verifier_id="test-verifier",
-            verifier_key="test-key",
-            sha256="test-sha",
-        )
-        assert verifier is not None
-
-    def test_allows_class_definitions(self):
-        """Test that class definitions are allowed."""
-        code = """
-class MyHelper:
-    def __init__(self):
-        self.value = 42
-
-    def get_value(self):
-        return self.value
-
-def my_verifier(env):
-    helper = MyHelper()
-    return helper.get_value()
-"""
-        # Should not raise
-        verifier = sync_verifier_from_string(
-            verifier_func=code,
-            verifier_id="test-verifier",
-            verifier_key="test-key",
-            sha256="test-sha",
-        )
-        assert verifier is not None
-
-    def test_allows_multiple_functions(self):
-        """Test that multiple function definitions are allowed."""
-        code = """
-def helper_function(x):
-    return x * 2
-
-def my_verifier(env):
-    return helper_function(0.5)
-"""
-        # Should not raise
-        verifier = sync_verifier_from_string(
-            verifier_func=code,
-            verifier_id="test-verifier",
-            verifier_key="test-key",
-            sha256="test-sha",
-        )
-        assert verifier is not None
-
-    def test_extracts_first_function_name(self):
-        """Test that the first function name is correctly extracted."""
-        code = """
-def first_function(env):
-    return 1.0
-
-def second_function(env):
-    return 0.5
-"""
-        verifier = sync_verifier_from_string(
-            verifier_func=code,
-            verifier_id="test-verifier",
-            verifier_key="test-key",
-            sha256="test-sha",
-        )
-        # The first function should be used
-        assert verifier.func.__name__ == "first_function"
-
-    def test_error_message_includes_line_number(self):
-        """Test that error messages include helpful line numbers."""
-        code = """
-import subprocess
-
-subprocess.run(['echo', 'test'])
-
-def my_verifier(env):
-    return 1.0
-"""
-        with pytest.raises(ValueError, match=r"Line \d+"):
-            sync_verifier_from_string(
-                verifier_func=code,
-                verifier_id="test-verifier",
-                verifier_key="test-key",
-                sha256="test-sha",
-            )
-
-    def test_blocks_nested_function_call_in_list(self):
-        """Test that function calls nested in list assignments are blocked."""
-        code = """
-import os
-MY_LIST = [1, 2, os.getcwd()]
-
-def my_verifier(env):
-    return 1.0
-"""
-        with pytest.raises(ValueError, match="Variable assignments with function calls"):
-            sync_verifier_from_string(
-                verifier_func=code,
-                verifier_id="test-verifier",
-                verifier_key="test-key",
-                sha256="test-sha",
-            )
-
-    def test_blocks_nested_function_call_in_dict(self):
-        """Test that function calls nested in dict assignments are blocked."""
-        code = """
-import os
-MY_DICT = {"cwd": os.getcwd()}
-
-def my_verifier(env):
-    return 1.0
-"""
-        with pytest.raises(ValueError, match="Variable assignments with function calls"):
-            sync_verifier_from_string(
-                verifier_func=code,
-                verifier_id="test-verifier",
-                verifier_key="test-key",
-                sha256="test-sha",
-            )
-
-    def test_allows_docstrings(self):
-        """Test that module-level docstrings are allowed."""
-        code = '''
-"""This is a module docstring."""
-
-def my_verifier(env):
-    """This is a function docstring."""
-    return 1.0
-'''
-        # Should not raise
-        verifier = sync_verifier_from_string(
-            verifier_func=code,
-            verifier_id="test-verifier",
-            verifier_key="test-key",
-            sha256="test-sha",
-        )
-        assert verifier is not None
-
-    def test_function_with_decorator_extracts_correct_name(self):
-        """Test that decorators don't affect function name extraction."""
-        code = """
-def some_decorator(func):
-    return func
-
-@some_decorator
-def my_actual_function(env):
-    return 1.0
-"""
-        verifier = sync_verifier_from_string(
-            verifier_func=code,
-            verifier_id="test-verifier",
-            verifier_key="test-key",
-            sha256="test-sha",
-        )
-        # Should extract 'some_decorator' (first function) or 'my_actual_function'
-        # depending on order, but NOT the decorator name itself
-        assert verifier.func.__name__ in ["some_decorator", "my_actual_function"]
-
-    def test_blocks_decorator_with_function_call(self):
-        """Test that decorators with function calls are blocked."""
-        code = """
-import subprocess
-
-@subprocess.run(['echo', 'bad'])
-def my_verifier(env):
-    return 1.0
-"""
-        # Decorators execute during import, so calls in decorators are dangerous
-        with pytest.raises(ValueError, match="Function decorators with function calls"):
-            sync_verifier_from_string(
-                verifier_func=code,
-                verifier_id="test-verifier",
-                verifier_key="test-key",
-                sha256="test-sha",
-            )
-
-    def test_allows_simple_decorator_reference(self):
-        """Test that simple decorator references (no calls) are allowed."""
-        code = """
-def my_decorator(func):
-    return func
-
-@my_decorator
-def my_verifier(env):
-    return 1.0
-"""
-        # Simple decorator reference (no call) should be allowed
-        verifier = sync_verifier_from_string(
-            verifier_func=code,
-            verifier_id="test-verifier",
-            verifier_key="test-key",
-            sha256="test-sha",
-        )
-        assert verifier is not None
-
-
-class TestAsyncVerifierSecurity:
-    """Security tests for async version of verifier_from_string."""
-
-    def test_blocks_module_level_subprocess_run(self):
-        """Test that module-level subprocess.run() is blocked."""
-        code = """
-import subprocess
-subprocess.run(['echo', 'malicious'])
-
-async def my_async_verifier(env):
-    return 1.0
-"""
-        with pytest.raises(ValueError, match="Expression statements that are not constants"):
-            async_verifier_from_string(
-                verifier_func=code,
-                verifier_id="test-verifier",
-                verifier_key="test-key",
-                sha256="test-sha",
-            )
-
-    def test_blocks_assignment_with_function_call(self):
-        """Test that variable assignment with function call is blocked."""
-        code = """
-import subprocess
-result = subprocess.run(['echo', 'malicious'])
-
-async def my_async_verifier(env):
-    return 1.0
-"""
-        with pytest.raises(ValueError, match="Variable assignments with function calls"):
-            async_verifier_from_string(
-                verifier_func=code,
-                verifier_id="test-verifier",
-                verifier_key="test-key",
-                sha256="test-sha",
-            )
-
-    def test_allows_constant_assignment(self):
-        """Test that constant variable assignments are allowed."""
-        code = """
-CONSTANT_VALUE = 42
-
-async def my_async_verifier(env):
-    return CONSTANT_VALUE
-"""
-        # Should not raise
-        verifier = async_verifier_from_string(
-            verifier_func=code,
-            verifier_id="test-verifier",
-            verifier_key="test-key",
-            sha256="test-sha",
-        )
-        assert verifier is not None
-
-    def test_allows_async_function_definitions(self):
-        """Test that async function definitions are recognized."""
-        code = """
-async def my_async_verifier(env):
-    return 1.0
-"""
-        # Should not raise
-        verifier = async_verifier_from_string(
-            verifier_func=code,
-            verifier_id="test-verifier",
-            verifier_key="test-key",
-            sha256="test-sha",
-        )
-        assert verifier is not None
-
-    def test_extracts_first_async_function_name(self):
-        """Test that the first async function name is correctly extracted."""
-        code = """
-async def first_async_function(env):
-    return 1.0
-
-async def second_async_function(env):
-    return 0.5
-"""
-        verifier = async_verifier_from_string(
-            verifier_func=code,
-            verifier_id="test-verifier",
-            verifier_key="test-key",
-            sha256="test-sha",
-        )
-        # The first function should be used
-        assert verifier.func.__name__ == "first_async_function"