getstack 0.1.0__tar.gz → 0.2.0__tar.gz

getstack-0.2.0/.gitignore

@@ -0,0 +1,61 @@
+node_modules/
+dist/
+.turbo/
+*.tsbuildinfo
+__pycache__/
+*.pyc
+
+# Environment / secrets
+.env
+.env.*
+*.env
+.npmrc
+scripts/.env.cto
+
+# Strategy docs (not sensitive, but private)
+stack-claude-code-spec-v3.md
+stack-gtm-distribution.md
+stack-platform-spec-v2.md
+
+# IDE
+.vscode/settings.json
+.idea/
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Next.js
+.next/
+out/
+
+# MCP publisher
+mcp-publisher.exe
+.mcpregistry_*
+
+# Fly.io deployment config (contains app names, regions)
+**/fly.toml
+!apps/*/fly.toml
+!**/fly.toml.example
+
+# Logs
+*.log
+npm-debug.log*
+
+# Claude Code edit audit log (per-machine paper trail of hook-logged mutations)
+.claude/audit/
+
+# Claude Code per-machine state (background scheduler)
+.claude/scheduled_tasks.lock
+
+# OpenAPI spec cache (regenerated by scripts/verify-intents-openapi.ts)
+scripts/.openapi-cache/
+
+# Local dev screenshots
+*-stripe.png
+
+# YC application session exports (founder voice + redacted creds — never commit)
+docs/yc-q18/
+docs/yc-application-session-preface.md
+*-YC.md
+*-yc.md

getstack-0.2.0/CLAUDE.md

@@ -0,0 +1,47 @@
+# getstack (Python SDK)
+
+Published to PyPI as `getstack`. Not a workspace member of the main monorepo
+(Python has its own tooling via `pyproject.toml` + its own tests).
+
+## Purpose
+
+- Python ergonomic equivalent of `@getstackrun/sdk`
+- `with stack.passports.mission(...) as m:` context manager that handles
+  checkpoints + checkout automatically
+- Same RESTful coverage: agents, passports, services, credentials, drop-offs,
+  skills, identity, audit, notifications, security-events, proxy
+
+## Where to look
+
+- Package metadata: `sdk-python/pyproject.toml`
+- Module entry: `sdk-python/src/getstack/`
+- Tests: `sdk-python/tests/`
+- User-facing quickstart + examples: `sdk-python/README.md`
+- License: `sdk-python/LICENSE`
+
+## Key divergence from JS SDK
+
+The Python SDK has a **mission context manager** the JS SDK doesn't have:
+
+```python
+with stack.passports.mission(
+    agent_id=agent.id,
+    intent="Process invoices from Slack",
+    services=["slack", "stripe"],
+    checkpoint_interval="5m",
+) as mission:
+    mission.log("slack", "read_channel", "#invoices")
+    mission.log("stripe", "create_invoice")
+    # Checkpoints submitted automatically on schedule
+# Checkout submitted automatically when the block exits
+```
+
+When the JS SDK adds an equivalent, align the shape (same keyword args,
+same method names) for cross-language familiarity.
+
+## Gotchas
+
+- **Not installed by `npm install` at monorepo root.** Python devs run `pip install -e sdk-python/` or `uv pip install -e sdk-python/`. The JS monorepo lockfile does not resolve Python deps.
+- **Published to PyPI separately.** There's no coordinated release between the JS + Python SDKs; they can (and sometimes do) drift in version numbers.
+- **Same authentication posture.** API keys, session JWTs, and the same `sk_live_*` prefix convention. Token type detection works identically to JS.
+- **Offline passport verification is also available** (mirrors `verify_passport_offline` from the JS SDK) — but confirm the exact function name in `sdk-python/src/getstack/` before citing.

{getstack-0.1.0 → getstack-0.2.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: getstack
-Version: 0.1.0
+Version: 0.2.0
 Summary: Python SDK for STACK — trust infrastructure for AI agents
 Project-URL: Homepage, https://getstack.run
 Project-URL: Documentation, https://getstack.run/docs/sdk

{getstack-0.1.0 → getstack-0.2.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "getstack"
-version = "0.1.0"
+version = "0.2.0"
 description = "Python SDK for STACK — trust infrastructure for AI agents"
 readme = "README.md"
 license = "MIT"

{getstack-0.1.0 → getstack-0.2.0}/src/getstack/__init__.py

@@ -43,6 +43,11 @@ from .dropoffs import DropoffService
 from .reviews import ReviewService
 from .notifications import NotificationService
 from .audit import AuditService
+from .proxy import ProxyService as ProxySvc, ProxyResponse
+from .scan import ScanService
+from .security_events import SecurityEventService as SecurityEventSvc
+from .skills import SkillService
+from .identity import IdentityService
 from .types import (
     Agent,
     Passport,
@@ -56,6 +61,13 @@ from .types import (
     Credential,
     NotificationChannel,
     ToolCall,
+    Skill,
+    SkillInvocation,
+    SkillRequest,
+    IdentityProvider,
+    IdentityClaim,
+    IdentitySettings,
+    VerificationSession,
 )
 from .errors import (
     StackError,
@@ -66,7 +78,7 @@ from .errors import (
     PassportBlockedError,
 )
 
-__version__ = "0.1.0"
+__version__ = "0.2.0"
 
 __all__ = [
     "Stack",
@@ -86,6 +98,14 @@ __all__ = [
     "NotificationChannel",
     "Mission",
     "ToolCall",
+    "ProxyResponse",
+    "Skill",
+    "SkillInvocation",
+    "SkillRequest",
+    "IdentityProvider",
+    "IdentityClaim",
+    "IdentitySettings",
+    "VerificationSession",
     # Errors
     "StackError",
     "NotFoundError",
@@ -129,6 +149,11 @@ class Stack:
         self.reviews = ReviewService(self._client)
         self.notifications = NotificationService(self._client)
         self.audit = AuditService(self._client)
+        self.proxy = ProxySvc(self._client)
+        self.scan = ScanService(self._client)
+        self.security_events = SecurityEventSvc(self._client)
+        self.skills = SkillService(self._client)
+        self.identity = IdentityService(self._client)
 
     @classmethod
     def from_session(cls, session_token: str, **kwargs) -> Stack:

getstack-0.2.0/src/getstack/audit.py

@@ -0,0 +1,56 @@
+"""Audit log access."""
+
+from __future__ import annotations
+
+from typing import Any
+
+from .client import HttpClient
+
+
+class AuditService:
+    def __init__(self, client: HttpClient):
+        self._client = client
+
+    def list(
+        self,
+        limit: int = 20,
+        since: int | None = None,
+        agent_id: str | None = None,
+        passport_jti: str | None = None,
+    ) -> dict[str, Any]:
+        """Tail recent audit entries (newest-first).
+
+        Returns ``{"entries": [...], "max_timestamp": int | None}``.
+        Pass ``since`` (epoch ms) to fetch only entries newer than the
+        last seen timestamp — useful for incremental polling. Pass
+        ``agent_id`` or ``passport_jti`` to narrow to a single agent
+        or single passport.
+        """
+        params: dict[str, str] = {"limit": str(limit)}
+        if since is not None:
+            params["since"] = str(since)
+        if agent_id is not None:
+            params["agent_id"] = agent_id
+        if passport_jti is not None:
+            params["passport_jti"] = passport_jti
+        return self._client.get("/v1/audit", params=params)
+
+    def chain_head(self) -> dict[str, Any]:
+        """Current chain head — latest entry hash + entry count."""
+        return self._client.get("/v1/audit/chain-head")
+
+    def verify_chain(
+        self,
+        from_date: str | None = None,
+        to_date: str | None = None,
+        limit: int | None = None,
+    ) -> dict[str, Any]:
+        """Walk the per-operator chain and report tamper status."""
+        params: dict[str, str] = {}
+        if from_date is not None:
+            params["from"] = from_date
+        if to_date is not None:
+            params["to"] = to_date
+        if limit is not None:
+            params["limit"] = str(limit)
+        return self._client.get("/v1/audit/verify-chain", params=params)

{getstack-0.1.0 → getstack-0.2.0}/src/getstack/client.py

@@ -20,10 +20,11 @@ class HttpClient:
         self.base_url = base_url.rstrip("/")
         self._client = httpx.Client(timeout=timeout)
 
-    def request(self, method: str, path: str, json: Any = None, params: dict[str, Any] | None = None) -> Any:
+    def request(self, method: str, path: str, json: Any = None, params: dict[str, Any] | None = None, extra_headers: dict[str, str] | None = None) -> Any:
         headers = {
             "Content-Type": "application/json",
             **self.auth.get_headers(),
+            **(extra_headers or {}),
         }
 
         url = f"{self.base_url}{path}"
@@ -41,8 +42,8 @@ class HttpClient:
 
         return resp.json()
 
-    def get(self, path: str, params: dict[str, Any] | None = None) -> Any:
-        return self.request("GET", path, params=params)
+    def get(self, path: str, params: dict[str, Any] | None = None, extra_headers: dict[str, str] | None = None) -> Any:
+        return self.request("GET", path, params=params, extra_headers=extra_headers)
 
     def post(self, path: str, json: Any = None) -> Any:
         return self.request("POST", path, json=json)

getstack-0.2.0/src/getstack/credentials.py

@@ -0,0 +1,44 @@
+"""Credential retrieval."""
+
+from __future__ import annotations
+
+from typing import Any
+from urllib.parse import quote
+
+from .client import HttpClient
+from .types import Credential
+
+
+class CredentialService:
+    def __init__(self, client: HttpClient):
+        self._client = client
+
+    def get(self, provider: str, passport_token: str | None = None) -> Credential:
+        """Retrieve credential for a provider. Optionally pass passport token for security signal tracking."""
+        extra_headers = {}
+        if passport_token:
+            extra_headers["X-Passport-Token"] = passport_token
+        data = self._client.get(
+            f"/v1/credentials/{quote(provider)}",
+            extra_headers=extra_headers if extra_headers else None,
+        )
+        return Credential(
+            provider=data["provider"],
+            credential=data.get("credential"),
+            credentials=data.get("credentials"),
+        )
+
+    def get_by_connection(self, connection_id: str, passport_token: str | None = None) -> Credential:
+        """Retrieve credential by connection ID."""
+        extra_headers = {}
+        if passport_token:
+            extra_headers["X-Passport-Token"] = passport_token
+        data = self._client.get(
+            f"/v1/credentials/by-connection/{connection_id}",
+            extra_headers=extra_headers if extra_headers else None,
+        )
+        return Credential(
+            provider=data["provider"],
+            credential=data.get("credential"),
+            credentials=data.get("credentials"),
+        )

getstack-0.2.0/src/getstack/identity.py

@@ -0,0 +1,119 @@
+"""Identity verification — providers, claims, and verification flow."""
+
+from __future__ import annotations
+
+from typing import Any
+
+from .client import HttpClient
+from .types import IdentityProvider, IdentityClaim, IdentitySettings, VerificationSession
+
+
+def _to_provider(data: dict[str, Any]) -> IdentityProvider:
+    return IdentityProvider(
+        key=data["key"],
+        name=data["name"],
+        layers=data.get("layers", []),
+        assurance=data.get("assurance", ""),
+        description=data.get("description", ""),
+    )
+
+
+def _to_claim(data: dict[str, Any]) -> IdentityClaim:
+    return IdentityClaim(
+        id=data["id"],
+        operator_id=data["operator_id"],
+        provider_key=data["provider_key"],
+        layer=data["layer"],
+        claim_type=data["claim_type"],
+        claim_ref=data["claim_ref"],
+        assurance_level=data["assurance_level"],
+        verified_at=data["verified_at"],
+        expires_at=data.get("expires_at"),
+    )
+
+
+class IdentityService:
+    def __init__(self, client: HttpClient):
+        self._client = client
+
+    def get_settings(self) -> IdentitySettings:
+        data = self._client.get("/v1/operators/me/identity-settings")
+        return IdentitySettings(
+            identity_claim_ttl=data["identity_claim_ttl"],
+            identity_claim_inheritance=data["identity_claim_inheritance"],
+            identity_auto_revoke=data["identity_auto_revoke"],
+        )
+
+    def update_settings(
+        self,
+        *,
+        identity_claim_ttl: str | None = None,
+        identity_claim_inheritance: str | None = None,
+        identity_auto_revoke: bool | None = None,
+    ) -> IdentitySettings:
+        body: dict[str, Any] = {}
+        if identity_claim_ttl is not None:
+            body["identity_claim_ttl"] = identity_claim_ttl
+        if identity_claim_inheritance is not None:
+            body["identity_claim_inheritance"] = identity_claim_inheritance
+        if identity_auto_revoke is not None:
+            body["identity_auto_revoke"] = identity_auto_revoke
+        data = self._client.patch("/v1/operators/me/identity-settings", json=body)
+        return IdentitySettings(
+            identity_claim_ttl=data["identity_claim_ttl"],
+            identity_claim_inheritance=data["identity_claim_inheritance"],
+            identity_auto_revoke=data["identity_auto_revoke"],
+        )
+
+    def list_providers(self) -> list[IdentityProvider]:
+        data = self._client.get("/v1/identity/providers")
+        return [_to_provider(p) for p in data]
+
+    def initiate_verification(
+        self,
+        provider_key: str,
+        *,
+        requested_claims: list[str] | None = None,
+        return_url: str | None = None,
+    ) -> VerificationSession:
+        body: dict[str, Any] = {"provider_key": provider_key}
+        if requested_claims:
+            body["requested_claims"] = requested_claims
+        if return_url:
+            body["return_url"] = return_url
+        data = self._client.post("/v1/identity/verify/initiate", json=body)
+        return VerificationSession(
+            session_ref=data["session_ref"],
+            authorization_url=data.get("authorization_url"),
+            status=data.get("status", "pending"),
+        )
+
+    def complete_verification(
+        self,
+        provider_key: str,
+        session_ref: str,
+    ) -> dict[str, Any]:
+        return self._client.post(
+            "/v1/identity/verify/complete",
+            json={"provider_key": provider_key, "session_ref": session_ref},
+        )
+
+    def grant_delegation(self, delegated_scopes: list[str]) -> IdentityClaim:
+        data = self._client.post(
+            "/v1/identity/delegate",
+            json={"delegated_scopes": delegated_scopes},
+        )
+        return _to_claim(data)
+
+    def list_claims(self) -> list[IdentityClaim]:
+        data = self._client.get("/v1/identity/claims")
+        return [_to_claim(c) for c in data]
+
+    def revoke_claim(self, claim_id: str) -> dict[str, Any]:
+        return self._client.delete(f"/v1/identity/claims/{claim_id}")
+
+    def get_service_requirements(self, service_id: str) -> dict[str, Any]:
+        return self._client.get(f"/v1/services/{service_id}/requirements")
+
+    def set_service_requirement(self, service_id: str, **kwargs: Any) -> dict[str, Any]:
+        return self._client.post(f"/v1/services/{service_id}/requirements", json=kwargs)

{getstack-0.1.0 → getstack-0.2.0}/src/getstack/notifications.py

@@ -44,11 +44,16 @@ class NotificationService:
             body["events"] = events
         return _to_channel(self._client.post("/v1/notifications/channels", json=body))
 
-    def verify(self, channel_id: str, code: str | None = None) -> dict[str, Any]:
-        body: dict[str, Any] = {}
-        if code:
-            body["code"] = code
-        return self._client.post(f"/v1/notifications/channels/{channel_id}/verify", json=body)
+    def send_verification_code(self, channel_id: str) -> dict[str, Any]:
+        """Send a verification code to the channel."""
+        return self._client.post(f"/v1/notifications/channels/{channel_id}/send-code")
+
+    def verify(self, channel_id: str, code: str) -> dict[str, Any]:
+        """Submit a verification code."""
+        return self._client.post(
+            f"/v1/notifications/channels/{channel_id}/verify",
+            json={"code": code},
+        )
 
     def test(self, channel_id: str) -> dict[str, Any]:
         return self._client.post(f"/v1/notifications/channels/{channel_id}/test")

{getstack-0.1.0 → getstack-0.2.0}/src/getstack/passports.py

@@ -9,6 +9,7 @@ from contextlib import contextmanager
 from typing import Any, Generator
 
 from .client import HttpClient
+from .proxy import ProxyService, ProxyResponse
 from .types import Passport, CheckpointResult, CheckoutResult, PassportReport, ToolCall
 
 
@@ -85,6 +86,49 @@ class Mission:
         """Record that delegation occurred to a child agent."""
         self._delegated_to.append(child_agent_id)
 
+    @property
+    def token(self) -> str | None:
+        """Current passport token, for passing to credential retrieval."""
+        return self.passport.token if self.passport else None
+
+    def proxy(
+        self,
+        service: str,
+        url: str,
+        method: str = "GET",
+        *,
+        headers: dict[str, str] | None = None,
+        body: Any = None,
+        query: dict[str, str] | None = None,
+        _proxy_service: ProxyService | None = None,
+    ) -> ProxyResponse:
+        """Send a request through STACK's credential proxy using this mission's passport.
+
+        Requires passing the proxy service from the Stack client, or set it via
+        ``mission._proxy = stack.proxy`` before calling.
+
+        Args:
+            service: Provider slug (e.g. "openai", "slack").
+            url: Full target URL.
+            method: HTTP method.
+            headers: Extra headers (auth headers will be stripped).
+            body: Request body.
+            query: Query parameters.
+            _proxy_service: ProxyService instance (falls back to self._proxy).
+        """
+        ps = _proxy_service or getattr(self, "_proxy", None)
+        if ps is None:
+            raise RuntimeError(
+                "No proxy service available. Set mission._proxy = stack.proxy before calling proxy()."
+            )
+        resp = ps.request(
+            service, url, method,
+            headers=headers, body=body, query=query,
+            passport_token=self.token,
+        )
+        self.log(service, method, url)
+        return resp
+
     def _enter(self) -> None:
         """Issue passport and start checkpoint timer."""
         self.passport = self._service.issue(

getstack-0.2.0/src/getstack/proxy.py

@@ -0,0 +1,109 @@
+"""Credential proxy — send requests through STACK without seeing secrets."""
+
+from __future__ import annotations
+
+from typing import Any
+
+from .client import HttpClient
+
+
+class ProxyResponse:
+    """Response from a proxied request."""
+
+    __slots__ = ("status", "headers", "body")
+
+    def __init__(self, status: int, headers: dict[str, str], body: Any):
+        self.status = status
+        self.headers = headers
+        self.body = body
+
+    def ok(self) -> bool:
+        return 200 <= self.status < 400
+
+    def json(self) -> Any:
+        return self.body
+
+    def __repr__(self) -> str:
+        return f"ProxyResponse(status={self.status})"
+
+
+class ProxyService:
+    def __init__(self, client: HttpClient):
+        self._client = client
+
+    def request(
+        self,
+        service: str,
+        url: str,
+        method: str = "GET",
+        *,
+        headers: dict[str, str] | None = None,
+        body: Any | None = None,
+        query: dict[str, str] | None = None,
+        passport_token: str | None = None,
+    ) -> ProxyResponse:
+        """Send a request through STACK's credential proxy.
+
+        Args:
+            service: Provider slug (e.g. "openai", "slack").
+            url: Full target URL.
+            method: HTTP method.
+            headers: Extra headers (auth headers will be stripped).
+            body: Request body.
+            query: Query parameters.
+            passport_token: Passport JWT (required).
+        """
+        extra_headers = {}
+        if passport_token:
+            extra_headers["X-Passport-Token"] = passport_token
+
+        payload: dict[str, Any] = {
+            "service": service,
+            "url": url,
+            "method": method,
+        }
+        if headers:
+            payload["headers"] = headers
+        if body is not None:
+            payload["body"] = body
+        if query:
+            payload["query"] = query
+
+        data = self._client.request(
+            "POST",
+            "/v1/proxy",
+            json=payload,
+            extra_headers=extra_headers if extra_headers else None,
+        )
+        return ProxyResponse(
+            status=data.get("status", 0),
+            headers=data.get("headers", {}),
+            body=data.get("body"),
+        )
+
+    def get(self, service: str, url: str, **kwargs) -> ProxyResponse:
+        """GET through proxy."""
+        return self.request(service, url, "GET", **kwargs)
+
+    def post(self, service: str, url: str, **kwargs) -> ProxyResponse:
+        """POST through proxy."""
+        return self.request(service, url, "POST", **kwargs)
+
+    def put(self, service: str, url: str, **kwargs) -> ProxyResponse:
+        """PUT through proxy."""
+        return self.request(service, url, "PUT", **kwargs)
+
+    def patch(self, service: str, url: str, **kwargs) -> ProxyResponse:
+        """PATCH through proxy."""
+        return self.request(service, url, "PATCH", **kwargs)
+
+    def delete(self, service: str, url: str, **kwargs) -> ProxyResponse:
+        """DELETE through proxy."""
+        return self.request(service, url, "DELETE", **kwargs)
+
+    def usage(self) -> dict:
+        """Get monthly proxy usage stats.
+
+        Returns dict with: tier, limit, used, remaining, period.
+        """
+        return self._client.request("GET", "/v1/proxy/usage")

getstack-0.2.0/src/getstack/scan.py

@@ -0,0 +1,77 @@
+"""Content-scanning service — `/v1/scan` (L1+L2 prompt-injection detector).
+
+Scan retrieved content (emails, documents, web pages, API responses)
+for prompt-injection markers BEFORE feeding it into your LLM. Reuses
+the same detector chain that runs on `/v1/proxy` and
+`/v1/skills/:id/invoke` — L1 regex catalog + L2 encoding-aware
+normalization.
+
+Example::
+
+    result = stack.scan.scan(
+        content=email_body,
+        context="email",
+        source=sender_address,
+    )
+    if result["verdict"] == "critical":
+        raise RuntimeError(f"Indirect injection caught: {result['match']['pattern_id']}")
+"""
+
+from __future__ import annotations
+
+from typing import Any
+
+from .client import HttpClient
+
+
+class ScanService:
+    def __init__(self, client: HttpClient):
+        self._client = client
+
+    def scan(
+        self,
+        content: str | dict[str, Any],
+        *,
+        context: str | None = None,
+        source: str | None = None,
+        passport_token: str | None = None,
+    ) -> dict[str, Any]:
+        """Scan retrieved content for prompt-injection markers.
+
+        Args:
+            content: The content to scan. Strings are scanned directly;
+                dicts are walked one level deep, same as proxy bodies.
+            context: Optional context tag — one of "email", "document",
+                "webpage", "chat_log", "api_response", "calendar", "other".
+            source: Optional source identifier (URL / sender / filename).
+            passport_token: Optional passport JWT for attribution to a
+                specific agent context.
+
+        Returns:
+            Dict with keys: verdict ("clean" | "suspicious" | "critical"),
+            scan_id, duration_ms, match (or None).
+        """
+        payload: dict[str, Any] = {"content": content}
+        if context is not None:
+            payload["context"] = context
+        if source is not None:
+            payload["source"] = source
+
+        extra_headers = None
+        if passport_token:
+            extra_headers = {"X-Passport-Token": passport_token}
+
+        return self._client.request(
+            "POST",
+            "/v1/scan",
+            json=payload,
+            extra_headers=extra_headers,
+        )
+
+    def usage(self) -> dict[str, Any]:
+        """Get monthly scan usage stats.
+
+        Returns:
+            Dict with keys: tier, limit, used, remaining, period.
+        """
+        return self._client.request("GET", "/v1/scan/usage")

getstack-0.2.0/src/getstack/security_events.py

@@ -0,0 +1,27 @@
+"""Security event management."""
+
+from __future__ import annotations
+
+from typing import Any
+
+from .client import HttpClient
+
+
+class SecurityEventService:
+    def __init__(self, client: HttpClient):
+        self._client = client
+
+    def list(self, agent_id: str | None = None, page: int = 1, limit: int = 50) -> dict[str, Any]:
+        """List unresolved security events."""
+        params: dict[str, str] = {"page": str(page), "limit": str(limit)}
+        if agent_id:
+            params["agent_id"] = agent_id
+        return self._client.get("/v1/security-events", params=params)
+
+    def get(self, event_id: str) -> dict[str, Any]:
+        """Get a specific security event."""
+        return self._client.get(f"/v1/security-events/{event_id}")
+
+    def resolve(self, event_id: str) -> dict[str, Any]:
+        """Mark a security event as resolved."""
+        return self._client.post(f"/v1/security-events/{event_id}/resolve")

getstack-0.2.0/src/getstack/skills.py

@@ -0,0 +1,199 @@
+"""Skills marketplace — publish, invoke, browse, and manage skills."""
+
+from __future__ import annotations
+
+import time
+from typing import Any
+
+from .client import HttpClient
+from .types import Skill, SkillInvocation, SkillRequest
+
+
+def _to_skill(data: dict[str, Any]) -> Skill:
+    return Skill(
+        id=data["id"],
+        operator_id=data["operator_id"],
+        name=data["name"],
+        description=data["description"],
+        version=data.get("version", "1.0.0"),
+        tags=data.get("tags", []),
+        trust_level_required=data.get("trust_level_required", "L0"),
+        status=data.get("status", "active"),
+        execution_mode=data.get("execution_mode", "open"),
+        price_per_invocation=data.get("price_per_invocation", 0),
+        invocation_count=data.get("invocation_count", 0),
+        created_at=data["created_at"],
+        updated_at=data["updated_at"],
+    )
+
+
+def _to_invocation(data: dict[str, Any]) -> SkillInvocation:
+    return SkillInvocation(
+        id=data["id"],
+        skill_id=data["skill_id"],
+        status=data["status"],
+        output=data.get("output"),
+        error=data.get("error"),
+        expires_at=data.get("expires_at", ""),
+        created_at=data.get("created_at", ""),
+        started_at=data.get("started_at"),
+        completed_at=data.get("completed_at"),
+        llm_tokens_input=data.get("llm_tokens_input"),
+        llm_tokens_output=data.get("llm_tokens_output"),
+        execution_duration_ms=data.get("execution_duration_ms"),
+    )
+
+
+def _to_request(data: dict[str, Any]) -> SkillRequest:
+    return SkillRequest(
+        id=data["id"],
+        operator_id=data["operator_id"],
+        description=data["description"],
+        desired_input_schema=data.get("desired_input_schema"),
+        desired_output_schema=data.get("desired_output_schema"),
+        max_price_cents=data.get("max_price_cents"),
+        tags=data.get("tags", []),
+        status=data.get("status", "open"),
+        created_at=data["created_at"],
+    )
+
+
+class SkillService:
+    def __init__(self, client: HttpClient):
+        self._client = client
+
+    # ─── Publishing ──────────────────────────────────────────────────
+
+    def publish(self, **kwargs: Any) -> Skill:
+        """Publish a new skill to the marketplace."""
+        return _to_skill(self._client.post("/v1/skills", json=kwargs))
+
+    def get(self, skill_id: str) -> Skill:
+        return _to_skill(self._client.get(f"/v1/skills/{skill_id}"))
+
+    def browse(
+        self,
+        *,
+        query: str | None = None,
+        tags: str | None = None,
+        trust_level: str | None = None,
+        status: str | None = None,
+        limit: int | None = None,
+        offset: int | None = None,
+    ) -> list[Skill]:
+        params: dict[str, str] = {}
+        if query:
+            params["query"] = query
+        if tags:
+            params["tags"] = tags
+        if trust_level:
+            params["trust_level"] = trust_level
+        if status:
+            params["status"] = status
+        if limit is not None:
+            params["limit"] = str(limit)
+        if offset is not None:
+            params["offset"] = str(offset)
+        data = self._client.get("/v1/skills", params=params)
+        return [_to_skill(s) for s in data]
+
+    def list_owned(self) -> list[Skill]:
+        data = self._client.get("/v1/skills/mine")
+        return [_to_skill(s) for s in data]
+
+    def update(self, skill_id: str, **kwargs: Any) -> Skill:
+        return _to_skill(self._client.patch(f"/v1/skills/{skill_id}", json=kwargs))
+
+    def suspend(self, skill_id: str) -> Skill:
+        return _to_skill(self._client.post(f"/v1/skills/{skill_id}/suspend"))
+
+    def activate(self, skill_id: str) -> Skill:
+        return _to_skill(self._client.post(f"/v1/skills/{skill_id}/activate"))
+
+    def check_trust(self, skill_id: str) -> dict[str, Any]:
+        # Trust claims are resolved server-side from the caller's DB-stored
+        # identity claims; callers no longer pass them in.
+        return self._client.post(f"/v1/skills/{skill_id}/check-trust", json={})
+
+    # ─── Invocations ─────────────────────────────────────────────────
+
+    def invoke(
+        self,
+        skill_id: str,
+        *,
+        agent_id: str,
+        input: dict[str, Any],
+        passport_id: str | None = None,
+    ) -> SkillInvocation:
+        body: dict[str, Any] = {"agent_id": agent_id, "input": input}
+        if passport_id:
+            body["passport_id"] = passport_id
+        return _to_invocation(self._client.post(f"/v1/skills/{skill_id}/invoke", json=body))
+
+    def get_invocation(self, invocation_id: str) -> SkillInvocation:
+        return _to_invocation(self._client.get(f"/v1/skills/invocations/{invocation_id}"))
+
+    def list_invocations(self) -> list[SkillInvocation]:
+        data = self._client.get("/v1/skills/invocations/mine")
+        return [_to_invocation(i) for i in data]
+
+    def list_pending_invocations(self, skill_id: str | None = None) -> list[SkillInvocation]:
+        params = {"skill_id": skill_id} if skill_id else {}
+        data = self._client.get("/v1/skills/invocations/pending", params=params)
+        return [_to_invocation(i) for i in data]
+
+    def claim_invocation(self, invocation_id: str) -> dict[str, Any]:
+        return self._client.post(f"/v1/skills/invocations/{invocation_id}/claim")
+
+    def complete_invocation(self, invocation_id: str, output: dict[str, Any]) -> dict[str, Any]:
+        return self._client.post(
+            f"/v1/skills/invocations/{invocation_id}/complete",
+            json={"output": output},
+        )
+
+    def poll(
+        self,
+        invocation_id: str,
+        *,
+        interval_seconds: float = 1.0,
+        timeout_seconds: float = 60.0,
+    ) -> SkillInvocation:
+        """Poll an invocation until it reaches a terminal state."""
+        start = time.time()
+        while time.time() - start < timeout_seconds:
+            result = self.get_invocation(invocation_id)
+            if result.status in ("completed", "failed", "expired"):
+                return result
+            time.sleep(interval_seconds)
+        raise TimeoutError(f"Invocation {invocation_id} timed out after {timeout_seconds}s")
+
+    # ─── Requests ────────────────────────────────────────────────────
+
+    def post_request(self, **kwargs: Any) -> SkillRequest:
+        return _to_request(self._client.post("/v1/skill-requests", json=kwargs))
+
+    def list_requests(
+        self,
+        *,
+        status: str | None = None,
+        limit: int | None = None,
+        offset: int | None = None,
+    ) -> list[SkillRequest]:
+        params: dict[str, str] = {}
+        if status:
+            params["status"] = status
+        if limit is not None:
+            params["limit"] = str(limit)
+        if offset is not None:
+            params["offset"] = str(offset)
+        data = self._client.get("/v1/skill-requests", params=params)
+        return [_to_request(r) for r in data]
+
+    def get_request(self, request_id: str) -> SkillRequest:
+        return _to_request(self._client.get(f"/v1/skill-requests/{request_id}"))
+
+    def get_request_matches(self, request_id: str) -> dict[str, Any]:
+        return self._client.get(f"/v1/skill-requests/{request_id}/matches")
+
+    def suggest_composition(self, request_id: str) -> dict[str, Any]:
+        return self._client.get(f"/v1/skill-requests/{request_id}/suggest")

{getstack-0.1.0 → getstack-0.2.0}/src/getstack/types.py

@@ -154,3 +154,91 @@ class ToolCall:
         if self.target:
             d["target"] = self.target
         return d
+
+
+# ─── Skills ──────────────────────────────────────────────────────────
+
+
+@dataclass
+class Skill:
+    id: str
+    operator_id: str
+    name: str
+    description: str
+    version: str = "1.0.0"
+    tags: list[str] = field(default_factory=list)
+    trust_level_required: str = "L0"
+    status: str = "active"
+    execution_mode: str = "open"
+    price_per_invocation: int = 0
+    invocation_count: int = 0
+    created_at: str = ""
+    updated_at: str = ""
+
+
+@dataclass
+class SkillInvocation:
+    id: str
+    skill_id: str
+    status: str
+    output: Any = None
+    error: dict[str, str] | None = None
+    expires_at: str = ""
+    created_at: str = ""
+    started_at: str | None = None
+    completed_at: str | None = None
+    llm_tokens_input: int | None = None
+    llm_tokens_output: int | None = None
+    execution_duration_ms: int | None = None
+
+
+@dataclass
+class SkillRequest:
+    id: str
+    operator_id: str
+    description: str
+    desired_input_schema: dict[str, Any] | None = None
+    desired_output_schema: dict[str, Any] | None = None
+    max_price_cents: int | None = None
+    tags: list[str] = field(default_factory=list)
+    status: str = "open"
+    created_at: str = ""
+
+
+# ─── Identity ────────────────────────────────────────────────────────
+
+
+@dataclass
+class IdentityProvider:
+    key: str
+    name: str
+    layers: list[str] = field(default_factory=list)
+    assurance: str = ""
+    description: str = ""
+
+
+@dataclass
+class IdentityClaim:
+    id: str
+    operator_id: str
+    provider_key: str
+    layer: str
+    claim_type: str
+    claim_ref: str
+    assurance_level: str
+    verified_at: str
+    expires_at: str | None = None
+
+
+@dataclass
+class IdentitySettings:
+    identity_claim_ttl: str  # 30d | 90d | 180d | 1y
+    identity_claim_inheritance: str  # auto | opt_in
+    identity_auto_revoke: bool
+
+
+@dataclass
+class VerificationSession:
+    session_ref: str
+    authorization_url: str | None = None
+    status: str = "pending"

getstack-0.1.0/.gitignore

@@ -1,38 +0,0 @@
-node_modules/
-dist/
-.turbo/
-*.tsbuildinfo
-
-# Environment / secrets
-.env
-.env.*
-*.env
-
-# Strategy docs (not sensitive, but private)
-stack-claude-code-spec-v3.md
-stack-gtm-distribution.md
-stack-platform-spec-v2.md
-
-# IDE
-.vscode/settings.json
-.idea/
-
-# OS
-.DS_Store
-Thumbs.db
-
-# Next.js
-.next/
-out/
-
-# MCP publisher
-mcp-publisher.exe
-.mcpregistry_*
-
-# Fly.io deployment config (contains app names, regions)
-**/fly.toml
-!**/fly.toml.example
-
-# Logs
-*.log
-npm-debug.log*

getstack-0.1.0/src/getstack/audit.py

@@ -1,26 +0,0 @@
-"""Audit log access."""
-
-from __future__ import annotations
-
-from typing import Any
-
-from .client import HttpClient
-
-
-class AuditService:
-    def __init__(self, client: HttpClient):
-        self._client = client
-
-    def list(
-        self,
-        page: int = 1,
-        limit: int = 50,
-        action: str | None = None,
-        agent_id: str | None = None,
-    ) -> list[dict[str, Any]]:
-        params: dict[str, str] = {"page": str(page), "limit": str(limit)}
-        if action:
-            params["action"] = action
-        if agent_id:
-            params["agent_id"] = agent_id
-        return self._client.get("/v1/audit", params=params)

getstack-0.1.0/src/getstack/credentials.py

@@ -1,33 +0,0 @@
-"""Credential retrieval."""
-
-from __future__ import annotations
-
-from typing import Any
-from urllib.parse import quote
-
-from .client import HttpClient
-from .types import Credential
-
-
-class CredentialService:
-    def __init__(self, client: HttpClient):
-        self._client = client
-
-    def get(self, provider: str, passport: Any | None = None) -> Credential:
-        headers_extra = {}
-        if passport and hasattr(passport, "token"):
-            headers_extra["X-Passport-Token"] = passport.token
-        data = self._client.get(f"/v1/credentials/{quote(provider)}")
-        return Credential(
-            provider=data["provider"],
-            credential=data.get("credential"),
-            credentials=data.get("credentials"),
-        )
-
-    def get_by_connection(self, connection_id: str) -> Credential:
-        data = self._client.get(f"/v1/credentials/by-connection/{connection_id}")
-        return Credential(
-            provider=data["provider"],
-            credential=data.get("credential"),
-            credentials=data.get("credentials"),
-        )