PyPI - fruxon - Versions diffs - 0.9.2__tar.gz → 0.9.4__tar.gz - Mend

fruxon 0.9.2tar.gz → 0.9.4tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (74) hide show

{fruxon-0.9.2 → fruxon-0.9.4}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fruxon
-Version: 0.9.2
+Version: 0.9.4
 Summary: The Fruxon SDK is a lightweight Python client for integrating with the Fruxon platform.
 Project-URL: bugs, https://github.com/fruxon-ai/fruxon-sdk/issues
 Project-URL: changelog, https://github.com/fruxon-ai/fruxon-sdk/blob/main/HISTORY.md

{fruxon-0.9.2 → fruxon-0.9.4}/src/fruxon/_version.py RENAMED Viewed

@@ -18,7 +18,7 @@ version_tuple: tuple[int | str, ...]
 commit_id: str | None
 __commit_id__: str | None
-__version__ = version = '0.9.2'
-__version_tuple__ = version_tuple = (0, 9, 2)
+__version__ = version = '0.9.4'
+__version_tuple__ = version_tuple = (0, 9, 4)
 __commit_id__ = commit_id = None

{fruxon-0.9.2 → fruxon-0.9.4}/src/fruxon/cli/auth.py RENAMED Viewed

@@ -221,9 +221,15 @@ def _browser_login(
     # the CLI uses (override > stored > default).
     resolved_base = override_base_url or FruxonClient.DEFAULT_BASE_URL
-    # 1) Kick off the grant.
+    # 1) Kick off the grant. Pass this machine's stable device id so a
+    # re-login from here rotates the existing credential in place instead of
+    # minting a new one (and orphaning the old).
     try:
-        grant = cli_auth.start_grant(resolved_base)
+        grant = cli_auth.start_grant(
+            resolved_base,
+            device_id=credentials.device_id(),
+            device_label=credentials.device_label(),
+        )
     except Exception as exc:  # noqa: BLE001 — surface anything here as a clean error
         fail(
             f"Couldn't start the browser sign-in: {exc}",

{fruxon-0.9.2 → fruxon-0.9.4}/src/fruxon/cli_auth.py RENAMED Viewed

@@ -86,20 +86,36 @@ class PollExpired:
 PollResult = PollPending | PollApproved | PollExpired
-def start_grant(base_url: str, *, timeout: float = DEFAULT_TIMEOUT_SECONDS) -> GrantStart:
+def start_grant(
+    base_url: str,
+    *,
+    device_id: str | None = None,
+    device_label: str | None = None,
+    timeout: float = DEFAULT_TIMEOUT_SECONDS,
+) -> GrantStart:
     """Begin a CLI login flow. Returns the verification URL + grant code.
+    ``device_id`` / ``device_label`` identify this machine so the backend
+    binds the minted credential to it and rotates in place on re-login
+    (see ``credentials.device_id``). Omitting them is valid — the backend
+    falls back to minting a fresh credential.
     Network errors raise :class:`FruxonConnectionError`; API errors
     (rate limit, 5xx) raise :class:`FruxonAPIError`. The CLI surfaces
     these with their normal hint mapping.
     """
     url = base_url.rstrip("/") + _PATH_START
+    # Only include keys we actually have, so an older backend that ignores
+    # them and a newer one that reads them both stay happy.
+    payload: dict[str, str] = {}
+    if device_id:
+        payload["deviceId"] = device_id
+    if device_label:
+        payload["deviceLabel"] = device_label
     req = urllib.request.Request(
         url,
         method="POST",
-        # Empty body — backend accepts an empty POST. ``Content-Type``
-        # set so the server's request-parser doesn't 415 on us.
-        data=b"{}",
+        data=json.dumps(payload).encode("utf-8"),
         headers={
             "Accept": "application/json",
             "Content-Type": "application/json",

{fruxon-0.9.2 → fruxon-0.9.4}/src/fruxon/credentials.py RENAMED Viewed

@@ -100,6 +100,62 @@ def credentials_path() -> Path:
     return config_dir() / CREDENTIALS_FILE
+DEVICE_ID_FILE = "device-id"
+def device_id_path() -> Path:
+    return config_dir() / DEVICE_ID_FILE
+def device_id() -> str:
+    """Stable per-install id identifying this machine to the CLI-auth flow.
+    Generated once and persisted under the config dir in its own file —
+    deliberately separate from the credentials file so it survives
+    ``logout`` / ``clear()``. It's machine identity, not a secret: the
+    backend uses it to bind the minted CLI token to this machine, so a
+    later ``fruxon login`` from here rotates that credential in place
+    (continuous activity, no orphaned keys) rather than minting a new one.
+    """
+    path = device_id_path()
+    try:
+        existing = path.read_text(encoding="utf-8").strip()
+        if existing:
+            return existing
+    except OSError:
+        pass
+    import uuid
+    new_id = str(uuid.uuid4())
+    try:
+        path.parent.mkdir(parents=True, exist_ok=True)
+        tmp = path.with_name(path.name + ".tmp")
+        tmp.write_text(new_id + "\n", encoding="utf-8")
+        os.replace(tmp, path)
+    except OSError:
+        # Can't persist (read-only home, locked-down container) — return the
+        # fresh id anyway. This login just won't get rotation continuity;
+        # it'll mint a new credential, same as a first-ever login.
+        _logger.debug("could not persist device id", exc_info=True)
+    return new_id
+def device_label() -> str | None:
+    """Best-effort human-readable machine label (hostname) for the dashboard.
+    Attribution only — never sent as anything load-bearing. Returns None if
+    the hostname can't be resolved.
+    """
+    try:
+        import socket
+        name = socket.gethostname().strip()
+        return name or None
+    except OSError:
+        return None
 def load() -> StoredCredentials:
     """Read the stored credentials: keyring for the secret, file for the rest.

{fruxon-0.9.2 → fruxon-0.9.4}/tests/conftest.py RENAMED Viewed

@@ -59,6 +59,14 @@ def _scrub_cli_env(monkeypatch: pytest.MonkeyPatch, tmp_path_factory: pytest.Tem
     for var in _SCRUB_ENV:
         monkeypatch.delenv(var, raising=False)
+    # Hard-disable telemetry for the whole suite. Without this, any test
+    # that drives a real CLI command flow (e.g. the doctor tests, which
+    # set FRUXON_TOKEN=fx_pat_x) spins up the background telemetry thread
+    # and POSTs to the *production* ingest endpoint — leaking bogus events
+    # under a fake token and tripping its rate limiter. Tests that assert
+    # telemetry's own on/off resolution clear this var in their local
+    # fixture (and mock the network), so they're unaffected.
+    monkeypatch.setenv("FRUXON_NO_TELEMETRY", "1")
     monkeypatch.setenv("FRUXON_NO_KEYRING", "1")
     config_dir = tmp_path_factory.mktemp("fruxon-config")
     monkeypatch.setenv("FRUXON_CONFIG_DIR", str(config_dir))

{fruxon-0.9.2 → fruxon-0.9.4}/tests/test_cli.py RENAMED Viewed

@@ -221,7 +221,7 @@ class TestLoginLogoutWhoami:
         # must keep polling until it sees the terminal state.
         poll_calls = {"n": 0}
-        def fake_start(base_url):
+        def fake_start(base_url, **kwargs):
             return cli_auth.GrantStart(
                 grant_code="abcdef1234567890",
                 verification_url="https://app.fruxon.com/cli-auth?code=abcdef1234567890",
@@ -265,7 +265,7 @@ class TestLoginLogoutWhoami:
         monkeypatch.setattr(
             cli_auth,
             "start_grant",
-            lambda _base: cli_auth.GrantStart(
+            lambda _base, **_kw: cli_auth.GrantStart(
                 grant_code="x" * 32,
                 verification_url="https://app.fruxon.com/cli-auth?code=x",
                 expires_in_seconds=60,
@@ -297,7 +297,7 @@ class TestLoginLogoutWhoami:
         monkeypatch.setattr(
             cli_auth,
             "start_grant",
-            lambda _base: cli_auth.GrantStart(
+            lambda _base, **_kw: cli_auth.GrantStart(
                 grant_code="x" * 32,
                 verification_url="https://app.fruxon.com/cli-auth?code=x",
                 expires_in_seconds=60,

{fruxon-0.9.2 → fruxon-0.9.4}/tests/test_credentials.py RENAMED Viewed

@@ -306,3 +306,24 @@ class TestLoadCache:
         credentials.save(credentials.StoredCredentials(token="fx_pat_x", org="acme"))
         credentials.load()
         assert calls["n"] == 2
+class TestDeviceId:
+    """The per-install device id used by the CLI-auth rotate-in-place flow."""
+    def test_device_id_is_stable_and_persisted(self):
+        first = credentials.device_id()
+        assert first  # non-empty UUID
+        # Written to its own file under the config dir.
+        assert credentials.device_id_path().is_file()
+        # Stable across calls (re-reads the same persisted value).
+        assert credentials.device_id() == first
+    def test_device_id_survives_logout(self):
+        # Device id is machine identity, not a credential — clearing the
+        # login (logout) must not regenerate it, or every re-login would
+        # look like a new machine and mint a fresh key.
+        did = credentials.device_id()
+        credentials.save(credentials.StoredCredentials(token="fx_pat_x", org="acme"))
+        credentials.clear()
+        assert credentials.device_id() == did