getstack 0.11.0__tar.gz → 0.13.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {getstack-0.11.0 → getstack-0.13.0}/.gitignore +8 -4
- {getstack-0.11.0 → getstack-0.13.0}/PKG-INFO +1 -1
- {getstack-0.11.0 → getstack-0.13.0}/pyproject.toml +1 -1
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/identity.py +3 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/agents.py +29 -3
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/identity.py +3 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/types.py +3 -0
- {getstack-0.11.0 → getstack-0.13.0}/CLAUDE.md +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/LICENSE +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/README.md +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/__init__.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/__init__.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/agents.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/audit.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/credentials.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/dropoffs.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/inbound_webhooks.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/intents.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/llm.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/missions.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/notifications.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/partner_tenants.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/passport_session.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/passports.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/proxy.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/reviews.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/scan.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/security_events.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/services.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/skills.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/agent_auth.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/audit.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/auth.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/browser_bootstrap.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/client.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/credentials.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/dropoffs.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/errors.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/evidence_packs.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/inbound_webhooks.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/intents.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/llm.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/missions.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/notifications.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/partner_tenants.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/passport_header_verify.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/passport_session.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/passports.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/proxy.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/py.typed +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/reviews.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/scan.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/security_events.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/services.py +0 -0
- {getstack-0.11.0 → getstack-0.13.0}/src/getstack/skills.py +0 -0
|
@@ -18,10 +18,8 @@ scripts/.env.cto
|
|
|
18
18
|
.npmrc.local
|
|
19
19
|
~/.npmrc
|
|
20
20
|
|
|
21
|
-
# Strategy docs
|
|
22
|
-
|
|
23
|
-
stack-gtm-distribution.md
|
|
24
|
-
stack-platform-spec-v2.md
|
|
21
|
+
# Strategy docs: now tracked in this private repo so they survive a laptop
|
|
22
|
+
# wipe (were gitignored + local-only, a backup gap). Not sensitive.
|
|
25
23
|
|
|
26
24
|
# IDE
|
|
27
25
|
.vscode/settings.json
|
|
@@ -42,6 +40,7 @@ mcp-publisher.exe
|
|
|
42
40
|
# Fly.io deployment config (contains app names, regions)
|
|
43
41
|
**/fly.toml
|
|
44
42
|
!apps/*/fly.toml
|
|
43
|
+
!infra/**/fly.toml
|
|
45
44
|
!**/fly.toml.example
|
|
46
45
|
|
|
47
46
|
# Logs
|
|
@@ -54,6 +53,11 @@ npm-debug.log*
|
|
|
54
53
|
# Claude Code per-machine state (background scheduler)
|
|
55
54
|
.claude/scheduled_tasks.lock
|
|
56
55
|
|
|
56
|
+
# spec-judge per-session state (active plan pointer + judge verdict; never committed)
|
|
57
|
+
.claude/active-plan.json
|
|
58
|
+
.claude/judge-verdict.json
|
|
59
|
+
.claude/.verify*
|
|
60
|
+
|
|
57
61
|
# OpenAPI spec cache (regenerated by scripts/verify-intents-openapi.ts)
|
|
58
62
|
scripts/.openapi-cache/
|
|
59
63
|
|
|
@@ -90,3 +90,6 @@ class AsyncIdentityService:
|
|
|
90
90
|
|
|
91
91
|
async def set_service_requirement(self, service_id: str, **kwargs: Any) -> dict[str, Any]:
|
|
92
92
|
return await self._client.post(f"/v1/services/{service_id}/requirements", json=kwargs)
|
|
93
|
+
|
|
94
|
+
async def delete_service_requirement(self, service_id: str, requirement_id: str) -> None:
|
|
95
|
+
await self._client.delete(f"/v1/services/{service_id}/requirements/{requirement_id}")
|
|
@@ -15,7 +15,10 @@ def _to_agent(data: dict[str, Any]) -> Agent:
|
|
|
15
15
|
name=data["name"],
|
|
16
16
|
description=data.get("description"),
|
|
17
17
|
status=data["status"],
|
|
18
|
-
|
|
18
|
+
# DB default for new agents is "enforced" (matches the API), not
|
|
19
|
+
# "standard" — the old fallback misreported the mode when the
|
|
20
|
+
# field was absent from a response.
|
|
21
|
+
accountability_mode=data.get("accountability_mode", "enforced"),
|
|
19
22
|
on_warning=data.get("on_warning", "notify"),
|
|
20
23
|
on_critical=data.get("on_critical", "notify"),
|
|
21
24
|
passport_blocked=data.get("passport_blocked", False),
|
|
@@ -23,6 +26,7 @@ def _to_agent(data: dict[str, Any]) -> Agent:
|
|
|
23
26
|
passport_blocked_at=data.get("passport_blocked_at"),
|
|
24
27
|
created_at=data["created_at"],
|
|
25
28
|
updated_at=data["updated_at"],
|
|
29
|
+
credential_access=data.get("credential_access", "direct"),
|
|
26
30
|
)
|
|
27
31
|
|
|
28
32
|
|
|
@@ -34,13 +38,35 @@ class AgentService:
|
|
|
34
38
|
self,
|
|
35
39
|
name: str,
|
|
36
40
|
description: str | None = None,
|
|
37
|
-
|
|
41
|
+
profile: str | None = None,
|
|
42
|
+
accountability_mode: str | None = None,
|
|
43
|
+
credential_access: str | None = None,
|
|
38
44
|
on_warning: str = "notify",
|
|
39
45
|
on_critical: str = "notify",
|
|
40
46
|
) -> Agent:
|
|
41
|
-
|
|
47
|
+
"""Register an agent.
|
|
48
|
+
|
|
49
|
+
For a bot that just runs (calls an LLM through STACK, no provider
|
|
50
|
+
key on its box), pass ``profile="proxied-llm-bot"`` — it expands
|
|
51
|
+
server-side to ``credential_access="proxy_only"`` +
|
|
52
|
+
``accountability_mode="logged"`` + ``key_mode="stack_managed"`` so
|
|
53
|
+
the first call works with no approval-header dance. Any field you
|
|
54
|
+
also pass explicitly overrides the preset.
|
|
55
|
+
|
|
56
|
+
Omitting ``accountability_mode``/``credential_access`` leaves the
|
|
57
|
+
server default (``enforced`` + ``direct``) OR the profile value —
|
|
58
|
+
they are only sent when provided, so an unset value never clobbers
|
|
59
|
+
a preset.
|
|
60
|
+
"""
|
|
61
|
+
body: dict[str, Any] = {"name": name}
|
|
42
62
|
if description:
|
|
43
63
|
body["description"] = description
|
|
64
|
+
if profile is not None:
|
|
65
|
+
body["profile"] = profile
|
|
66
|
+
if accountability_mode is not None:
|
|
67
|
+
body["accountability_mode"] = accountability_mode
|
|
68
|
+
if credential_access is not None:
|
|
69
|
+
body["credential_access"] = credential_access
|
|
44
70
|
if on_warning != "notify":
|
|
45
71
|
body["on_warning"] = on_warning
|
|
46
72
|
if on_critical != "notify":
|
|
@@ -117,3 +117,6 @@ class IdentityService:
|
|
|
117
117
|
|
|
118
118
|
def set_service_requirement(self, service_id: str, **kwargs: Any) -> dict[str, Any]:
|
|
119
119
|
return self._client.post(f"/v1/services/{service_id}/requirements", json=kwargs)
|
|
120
|
+
|
|
121
|
+
def delete_service_requirement(self, service_id: str, requirement_id: str) -> None:
|
|
122
|
+
self._client.delete(f"/v1/services/{service_id}/requirements/{requirement_id}")
|
|
@@ -20,6 +20,9 @@ class Agent:
|
|
|
20
20
|
passport_blocked_at: str | None
|
|
21
21
|
created_at: str
|
|
22
22
|
updated_at: str
|
|
23
|
+
# Raw-secret access policy: "direct" | "proxy_preferred" | "proxy_only".
|
|
24
|
+
# Defaulted for backward compatibility with older API responses.
|
|
25
|
+
credential_access: str = "direct"
|
|
23
26
|
|
|
24
27
|
|
|
25
28
|
@dataclass
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|