macfleet 2.2.0__tar.gz → 2.2.1__tar.gz

{macfleet-2.2.0 → macfleet-2.2.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: macfleet
-Version: 2.2.0
+Version: 2.2.1
 Summary: Pool Apple Silicon Macs for distributed compute and ML training
 Author: MacFleet Contributors
 License: MIT
@@ -51,24 +51,28 @@ Provides-Extra: docs
 Requires-Dist: mkdocs-material>=9.5.0; extra == "docs"
 Requires-Dist: mkdocs>=1.5.0; extra == "docs"
 
+<div align="center">
+
 # MacFleet
 
-**Distributed ML training on Apple Silicon.** Pool your Macs into a
-cluster in 5 seconds, run PyTorch or MLX across them, keep zero cloud
-spend.
+### Distributed training for Apple Silicon fleets
 
+Run PyTorch or MLX across multiple Macs with secure peer discovery,
+TLS/HMAC authentication, and framework-agnostic gradient synchronization.
+
+```bash
+pip install macfleet
+macfleet join --bootstrap
 ```
-  macfleet join              macfleet join            macfleet join
- ┌──────────────┐          ┌──────────────┐          ┌──────────────┐
- │  MacBook Pro │◄────────►│  MacBook Air │◄────────►│  Mac Studio  │
- │  M4 Pro      │  WiFi /  │  M4          │  WiFi /  │  M4 Ultra    │
- │  16 GPU cores│  ETH /   │  10 GPU cores│  ETH /   │  60 GPU cores│
- │  48 GB RAM   │  TB4     │  16 GB RAM   │  TB4     │  192 GB RAM  │
- └──────────────┘          └──────────────┘          └──────────────┘
-         ▲                          ▲                          ▲
-         └──────────────────────────┴──────────────────────────┘
-                        Ring AllReduce (gradient sync)
-```
+
+**Local hardware. Real data parallelism. No cloud bill.**
+
+</div>
+
+MacFleet turns a room full of Apple Silicon machines into one training
+pool. Each Mac keeps a full model replica, processes its shard of the
+batch, and synchronizes gradients over a NumPy-only communication layer
+that never imports torch or MLX.
 
 ## Why MacFleet
 
@@ -118,41 +122,48 @@ On Mac #1:
 
 ```bash
 macfleet join --bootstrap
-# prints a QR code + pairing URL, also copies URL to pasteboard
+# first run auto-generates a fleet token and prints a short-lived
+# one-time pairing command. The permanent token is not printed.
 ```
 
-On Mac #2 (same Apple ID → Handoff pasteboard sync):
+On Mac #2:
 
 ```bash
-macfleet pair && macfleet join
+macfleet pair --host <Mac-1-IP>:<enrollment-port> --code <one-time-code>
+macfleet join
 ```
 
-Or: scan the QR from Mac #1 with your iPhone camera. Tap the link.
-Done.
+The enrollment code expires after 5 minutes and is single-use by default.
 
-**4. Set `enable_pool_distributed=True` in your script** — training now
-spans both Macs.
+**4. Set `enable_pool_distributed=True` and run the same script on both
+Macs** — training now spans both: the pool forms a gradient mesh, rank 0
+broadcasts initial weights, and every step's gradients are averaged
+across the fleet. The result dict's `params_sha256` matches on both
+Macs when the fleet stayed in sync; `degraded`, `unsynced_steps`, and
+`validation_fallback_steps` tell you if any step fell back locally.
 
 ## Features
 
 - **Dual engine** — PyTorch (MPS) and Apple MLX, same pool infrastructure
 - **Zero config** — mDNS discovery, no coordinator setup, no config files
 - **Safe task dispatch** — `@macfleet.task` registry + msgpack args
-  (no cloudpickle on the wire)
+  (no cloudpickle on the wire; local pickle fallback is explicit opt-in)
 - **Adaptive compression** — auto-selects TopK + FP16 based on link
   speed (locally; sparse-on-wire arrives in v2.3, see TODOS.md
   Issue 3)
 - **Heterogeneous scheduling** — faster Macs get bigger batches,
   adjusts for thermal throttling
-- **Secure by default** — auto-generated fleet tokens, HMAC mutual
-  auth, mandatory TLS, per-IP rate limiting
+- **Secure by default** — auto-generated fleet tokens (scrypt-derived
+  keys), client-first HMAC mutual auth (servers reveal nothing to
+  unauthenticated peers), mandatory TLS with channel-bound handshakes
+  (MITM-relay resistant), per-IP rate limiting
 - **Framework-agnostic core** — communication layer uses only numpy,
   never imports torch or mlx
 
 ## Security
 
 Security is on by default. The first `macfleet join` auto-generates a
-fleet token at `~/.macfleet/token` (mode 0600). See the
+fleet token at `~/.macfleet/fleet-token` (mode 0600). See the
 [security reference](docs/reference/security.md) for the full threat
 model.
 
@@ -168,12 +179,18 @@ Short version:
   1s to stop slowloris)
 - **No cloudpickle over the wire** — `@macfleet.task` routes
   registered callables by name, not by pickled closures
+- **One-time pairing** — `macfleet join --bootstrap` exposes only a
+  short-lived enrollment code, not the permanent fleet token
+- **Local audit trail** — auth failures, enrollment, token rotation,
+  legacy pickle use, and degraded training events are written to
+  `~/.macfleet/audit.jsonl` with credential fields redacted
 
 ## CLI
 
 ```
 macfleet join         Join the pool (auto-discovers peers)
-macfleet pair         Read a pairing URL from pasteboard / stdin
+macfleet pair         Pair with a one-time enrollment code
+macfleet rotate-token Rotate the local fleet token
 macfleet status       Show pool members and network info
 macfleet info         Show local hardware profile
 macfleet train        Run training (demo or custom script)

{macfleet-2.2.0 → macfleet-2.2.1}/README.md

@@ -1,21 +1,25 @@
+<div align="center">
+
 # MacFleet
 
-**Distributed ML training on Apple Silicon.** Pool your Macs into a
-cluster in 5 seconds, run PyTorch or MLX across them, keep zero cloud
-spend.
+### Distributed training for Apple Silicon fleets
 
+Run PyTorch or MLX across multiple Macs with secure peer discovery,
+TLS/HMAC authentication, and framework-agnostic gradient synchronization.
+
+```bash
+pip install macfleet
+macfleet join --bootstrap
 ```
-  macfleet join              macfleet join            macfleet join
- ┌──────────────┐          ┌──────────────┐          ┌──────────────┐
- │  MacBook Pro │◄────────►│  MacBook Air │◄────────►│  Mac Studio  │
- │  M4 Pro      │  WiFi /  │  M4          │  WiFi /  │  M4 Ultra    │
- │  16 GPU cores│  ETH /   │  10 GPU cores│  ETH /   │  60 GPU cores│
- │  48 GB RAM   │  TB4     │  16 GB RAM   │  TB4     │  192 GB RAM  │
- └──────────────┘          └──────────────┘          └──────────────┘
-         ▲                          ▲                          ▲
-         └──────────────────────────┴──────────────────────────┘
-                        Ring AllReduce (gradient sync)
-```
+
+**Local hardware. Real data parallelism. No cloud bill.**
+
+</div>
+
+MacFleet turns a room full of Apple Silicon machines into one training
+pool. Each Mac keeps a full model replica, processes its shard of the
+batch, and synchronizes gradients over a NumPy-only communication layer
+that never imports torch or MLX.
 
 ## Why MacFleet
 
@@ -65,41 +69,48 @@ On Mac #1:
 
 ```bash
 macfleet join --bootstrap
-# prints a QR code + pairing URL, also copies URL to pasteboard
+# first run auto-generates a fleet token and prints a short-lived
+# one-time pairing command. The permanent token is not printed.
 ```
 
-On Mac #2 (same Apple ID → Handoff pasteboard sync):
+On Mac #2:
 
 ```bash
-macfleet pair && macfleet join
+macfleet pair --host <Mac-1-IP>:<enrollment-port> --code <one-time-code>
+macfleet join
 ```
 
-Or: scan the QR from Mac #1 with your iPhone camera. Tap the link.
-Done.
+The enrollment code expires after 5 minutes and is single-use by default.
 
-**4. Set `enable_pool_distributed=True` in your script** — training now
-spans both Macs.
+**4. Set `enable_pool_distributed=True` and run the same script on both
+Macs** — training now spans both: the pool forms a gradient mesh, rank 0
+broadcasts initial weights, and every step's gradients are averaged
+across the fleet. The result dict's `params_sha256` matches on both
+Macs when the fleet stayed in sync; `degraded`, `unsynced_steps`, and
+`validation_fallback_steps` tell you if any step fell back locally.
 
 ## Features
 
 - **Dual engine** — PyTorch (MPS) and Apple MLX, same pool infrastructure
 - **Zero config** — mDNS discovery, no coordinator setup, no config files
 - **Safe task dispatch** — `@macfleet.task` registry + msgpack args
-  (no cloudpickle on the wire)
+  (no cloudpickle on the wire; local pickle fallback is explicit opt-in)
 - **Adaptive compression** — auto-selects TopK + FP16 based on link
   speed (locally; sparse-on-wire arrives in v2.3, see TODOS.md
   Issue 3)
 - **Heterogeneous scheduling** — faster Macs get bigger batches,
   adjusts for thermal throttling
-- **Secure by default** — auto-generated fleet tokens, HMAC mutual
-  auth, mandatory TLS, per-IP rate limiting
+- **Secure by default** — auto-generated fleet tokens (scrypt-derived
+  keys), client-first HMAC mutual auth (servers reveal nothing to
+  unauthenticated peers), mandatory TLS with channel-bound handshakes
+  (MITM-relay resistant), per-IP rate limiting
 - **Framework-agnostic core** — communication layer uses only numpy,
   never imports torch or mlx
 
 ## Security
 
 Security is on by default. The first `macfleet join` auto-generates a
-fleet token at `~/.macfleet/token` (mode 0600). See the
+fleet token at `~/.macfleet/fleet-token` (mode 0600). See the
 [security reference](docs/reference/security.md) for the full threat
 model.
 
@@ -115,12 +126,18 @@ Short version:
   1s to stop slowloris)
 - **No cloudpickle over the wire** — `@macfleet.task` routes
   registered callables by name, not by pickled closures
+- **One-time pairing** — `macfleet join --bootstrap` exposes only a
+  short-lived enrollment code, not the permanent fleet token
+- **Local audit trail** — auth failures, enrollment, token rotation,
+  legacy pickle use, and degraded training events are written to
+  `~/.macfleet/audit.jsonl` with credential fields redacted
 
 ## CLI
 
 ```
 macfleet join         Join the pool (auto-discovers peers)
-macfleet pair         Read a pairing URL from pasteboard / stdin
+macfleet pair         Pair with a one-time enrollment code
+macfleet rotate-token Rotate the local fleet token
 macfleet status       Show pool members and network info
 macfleet info         Show local hardware profile
 macfleet train        Run training (demo or custom script)

{macfleet-2.2.0 → macfleet-2.2.1}/macfleet/__init__.py

@@ -8,13 +8,14 @@ Zero-config discovery. Framework-agnostic engines. Adaptive networking.
 import logging
 from typing import TYPE_CHECKING
 
-__version__ = "2.2.0"
+__version__ = "2.2.1"
 
 logging.getLogger(__name__).addHandler(logging.NullHandler())
 
 # Type checkers see real symbols here; runtime uses __getattr__ below to
 # keep heavy framework imports off the cold path.
 if TYPE_CHECKING:
+    from macfleet.compute.authz import TaskAuthorizationError, TaskAuthorizationPolicy
     from macfleet.compute.models import RemoteTaskError, TaskFuture
     from macfleet.compute.registry import task
     from macfleet.engines.mlx_engine import MLXEngine
@@ -51,6 +52,12 @@ def __getattr__(name: str):
     if name == "RemoteTaskError":
         from macfleet.compute.models import RemoteTaskError
         return RemoteTaskError
+    if name == "TaskAuthorizationError":
+        from macfleet.compute.authz import TaskAuthorizationError
+        return TaskAuthorizationError
+    if name == "TaskAuthorizationPolicy":
+        from macfleet.compute.authz import TaskAuthorizationPolicy
+        return TaskAuthorizationPolicy
     # v2.2 PR 7: @macfleet.task decorator
     if name == "task":
         from macfleet.compute.registry import task
@@ -68,5 +75,7 @@ __all__ = [
     "MLXEngine",
     "TaskFuture",
     "RemoteTaskError",
+    "TaskAuthorizationError",
+    "TaskAuthorizationPolicy",
     "task",
 ]