getstack 0.11.0__tar.gz → 0.13.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. {getstack-0.11.0 → getstack-0.13.0}/.gitignore +8 -4
  2. {getstack-0.11.0 → getstack-0.13.0}/PKG-INFO +1 -1
  3. {getstack-0.11.0 → getstack-0.13.0}/pyproject.toml +1 -1
  4. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/identity.py +3 -0
  5. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/agents.py +29 -3
  6. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/identity.py +3 -0
  7. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/types.py +3 -0
  8. {getstack-0.11.0 → getstack-0.13.0}/CLAUDE.md +0 -0
  9. {getstack-0.11.0 → getstack-0.13.0}/LICENSE +0 -0
  10. {getstack-0.11.0 → getstack-0.13.0}/README.md +0 -0
  11. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/__init__.py +0 -0
  12. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/__init__.py +0 -0
  13. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/agents.py +0 -0
  14. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/audit.py +0 -0
  15. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/credentials.py +0 -0
  16. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/dropoffs.py +0 -0
  17. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/inbound_webhooks.py +0 -0
  18. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/intents.py +0 -0
  19. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/llm.py +0 -0
  20. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/missions.py +0 -0
  21. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/notifications.py +0 -0
  22. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/partner_tenants.py +0 -0
  23. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/passport_session.py +0 -0
  24. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/passports.py +0 -0
  25. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/proxy.py +0 -0
  26. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/reviews.py +0 -0
  27. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/scan.py +0 -0
  28. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/security_events.py +0 -0
  29. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/services.py +0 -0
  30. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/_async/skills.py +0 -0
  31. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/agent_auth.py +0 -0
  32. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/audit.py +0 -0
  33. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/auth.py +0 -0
  34. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/browser_bootstrap.py +0 -0
  35. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/client.py +0 -0
  36. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/credentials.py +0 -0
  37. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/dropoffs.py +0 -0
  38. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/errors.py +0 -0
  39. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/evidence_packs.py +0 -0
  40. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/inbound_webhooks.py +0 -0
  41. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/intents.py +0 -0
  42. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/llm.py +0 -0
  43. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/missions.py +0 -0
  44. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/notifications.py +0 -0
  45. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/partner_tenants.py +0 -0
  46. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/passport_header_verify.py +0 -0
  47. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/passport_session.py +0 -0
  48. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/passports.py +0 -0
  49. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/proxy.py +0 -0
  50. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/py.typed +0 -0
  51. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/reviews.py +0 -0
  52. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/scan.py +0 -0
  53. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/security_events.py +0 -0
  54. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/services.py +0 -0
  55. {getstack-0.11.0 → getstack-0.13.0}/src/getstack/skills.py +0 -0
@@ -18,10 +18,8 @@ scripts/.env.cto
18
18
  .npmrc.local
19
19
  ~/.npmrc
20
20
 
21
- # Strategy docs (not sensitive, but private)
22
- stack-claude-code-spec-v3.md
23
- stack-gtm-distribution.md
24
- stack-platform-spec-v2.md
21
+ # Strategy docs: now tracked in this private repo so they survive a laptop
22
+ # wipe (were gitignored + local-only, a backup gap). Not sensitive.
25
23
 
26
24
  # IDE
27
25
  .vscode/settings.json
@@ -42,6 +40,7 @@ mcp-publisher.exe
42
40
  # Fly.io deployment config (contains app names, regions)
43
41
  **/fly.toml
44
42
  !apps/*/fly.toml
43
+ !infra/**/fly.toml
45
44
  !**/fly.toml.example
46
45
 
47
46
  # Logs
@@ -54,6 +53,11 @@ npm-debug.log*
54
53
  # Claude Code per-machine state (background scheduler)
55
54
  .claude/scheduled_tasks.lock
56
55
 
56
+ # spec-judge per-session state (active plan pointer + judge verdict; never committed)
57
+ .claude/active-plan.json
58
+ .claude/judge-verdict.json
59
+ .claude/.verify*
60
+
57
61
  # OpenAPI spec cache (regenerated by scripts/verify-intents-openapi.ts)
58
62
  scripts/.openapi-cache/
59
63
 
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: getstack
3
- Version: 0.11.0
3
+ Version: 0.13.0
4
4
  Summary: Python SDK for STACK — trust infrastructure for AI agents
5
5
  Project-URL: Homepage, https://getstack.run
6
6
  Project-URL: Documentation, https://getstack.run/docs/sdk
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
4
4
 
5
5
  [project]
6
6
  name = "getstack"
7
- version = "0.11.0"
7
+ version = "0.13.0"
8
8
  description = "Python SDK for STACK — trust infrastructure for AI agents"
9
9
  readme = "README.md"
10
10
  license = "MIT"
@@ -90,3 +90,6 @@ class AsyncIdentityService:
90
90
 
91
91
  async def set_service_requirement(self, service_id: str, **kwargs: Any) -> dict[str, Any]:
92
92
  return await self._client.post(f"/v1/services/{service_id}/requirements", json=kwargs)
93
+
94
+ async def delete_service_requirement(self, service_id: str, requirement_id: str) -> None:
95
+ await self._client.delete(f"/v1/services/{service_id}/requirements/{requirement_id}")
@@ -15,7 +15,10 @@ def _to_agent(data: dict[str, Any]) -> Agent:
15
15
  name=data["name"],
16
16
  description=data.get("description"),
17
17
  status=data["status"],
18
- accountability_mode=data.get("accountability_mode", "standard"),
18
+ # DB default for new agents is "enforced" (matches the API), not
19
+ # "standard" — the old fallback misreported the mode when the
20
+ # field was absent from a response.
21
+ accountability_mode=data.get("accountability_mode", "enforced"),
19
22
  on_warning=data.get("on_warning", "notify"),
20
23
  on_critical=data.get("on_critical", "notify"),
21
24
  passport_blocked=data.get("passport_blocked", False),
@@ -23,6 +26,7 @@ def _to_agent(data: dict[str, Any]) -> Agent:
23
26
  passport_blocked_at=data.get("passport_blocked_at"),
24
27
  created_at=data["created_at"],
25
28
  updated_at=data["updated_at"],
29
+ credential_access=data.get("credential_access", "direct"),
26
30
  )
27
31
 
28
32
 
@@ -34,13 +38,35 @@ class AgentService:
34
38
  self,
35
39
  name: str,
36
40
  description: str | None = None,
37
- accountability_mode: str = "enforced",
41
+ profile: str | None = None,
42
+ accountability_mode: str | None = None,
43
+ credential_access: str | None = None,
38
44
  on_warning: str = "notify",
39
45
  on_critical: str = "notify",
40
46
  ) -> Agent:
41
- body: dict[str, Any] = {"name": name, "accountability_mode": accountability_mode}
47
+ """Register an agent.
48
+
49
+ For a bot that just runs (calls an LLM through STACK, no provider
50
+ key on its box), pass ``profile="proxied-llm-bot"`` — it expands
51
+ server-side to ``credential_access="proxy_only"`` +
52
+ ``accountability_mode="logged"`` + ``key_mode="stack_managed"`` so
53
+ the first call works with no approval-header dance. Any field you
54
+ also pass explicitly overrides the preset.
55
+
56
+ Omitting ``accountability_mode``/``credential_access`` leaves the
57
+ server default (``enforced`` + ``direct``) OR the profile value —
58
+ they are only sent when provided, so an unset value never clobbers
59
+ a preset.
60
+ """
61
+ body: dict[str, Any] = {"name": name}
42
62
  if description:
43
63
  body["description"] = description
64
+ if profile is not None:
65
+ body["profile"] = profile
66
+ if accountability_mode is not None:
67
+ body["accountability_mode"] = accountability_mode
68
+ if credential_access is not None:
69
+ body["credential_access"] = credential_access
44
70
  if on_warning != "notify":
45
71
  body["on_warning"] = on_warning
46
72
  if on_critical != "notify":
@@ -117,3 +117,6 @@ class IdentityService:
117
117
 
118
118
  def set_service_requirement(self, service_id: str, **kwargs: Any) -> dict[str, Any]:
119
119
  return self._client.post(f"/v1/services/{service_id}/requirements", json=kwargs)
120
+
121
+ def delete_service_requirement(self, service_id: str, requirement_id: str) -> None:
122
+ self._client.delete(f"/v1/services/{service_id}/requirements/{requirement_id}")
@@ -20,6 +20,9 @@ class Agent:
20
20
  passport_blocked_at: str | None
21
21
  created_at: str
22
22
  updated_at: str
23
+ # Raw-secret access policy: "direct" | "proxy_preferred" | "proxy_only".
24
+ # Defaulted for backward compatibility with older API responses.
25
+ credential_access: str = "direct"
23
26
 
24
27
 
25
28
  @dataclass
File without changes
File without changes
File without changes
File without changes