mainsequence 4.3.24__tar.gz → 4.3.25__tar.gz

{mainsequence-4.3.24/mainsequence.egg-info → mainsequence-4.3.25}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mainsequence
-Version: 4.3.24
+Version: 4.3.25
 Summary: Main Sequence SDK 
 Author-email: Main Sequence GmbH <dev@main-sequence.io>
 License: MainSequence GmbH SDK License Agreement

{mainsequence-4.3.24 → mainsequence-4.3.25}/mainsequence/cli/api.py

@@ -567,8 +567,8 @@ def get_logged_user_details() -> dict[str, Any]:
     Return the authenticated user via SDK client `User.get_logged_user()`.
 
     The CLI does not naturally run inside a request context, so this bridge resolves
-    the current user id from the authenticated API session and temporarily binds
-    `X-User-ID` plus `Authorization` into
+    the current user UID from the authenticated API session and temporarily binds
+    `X-User-UID` plus `Authorization` into
     `mainsequence.client.models_user._CURRENT_AUTH_HEADERS`
     before calling the SDK method.
     """
@@ -598,14 +598,13 @@ def get_logged_user_details() -> dict[str, Any]:
     try:
         who = authed("GET", AUTH_PATHS["ping"])
         data = who.json() if who.ok else {}
-        user_id = (
-            data.get("id")
-            or data.get("pk")
-            or (data.get("user") or {}).get("id")
-            or data.get("user_id")
+        user_uid = (
+            data.get("uid")
+            or (data.get("user") or {}).get("uid")
+            or data.get("user_uid")
         )
-        if user_id in (None, ""):
-            raise ApiError("Could not determine the authenticated user id.")
+        if user_uid in (None, ""):
+            raise ApiError("Could not determine the authenticated user uid.")
 
         os.environ["MAINSEQUENCE_AUTH_MODE"] = "jwt"
         os.environ["MAINSEQUENCE_ACCESS_TOKEN"] = access
@@ -637,17 +636,26 @@ def get_logged_user_details() -> dict[str, Any]:
         ClientUser.ROOT_URL = root_url
         headers_token = current_auth_headers.set(
             {
-                "X-User-ID": str(user_id),
+                "X-User-UID": str(user_uid),
                 "Authorization": f"Bearer {access}",
             }
         )
 
         user = ClientUser.get_logged_user()
         if isinstance(user, dict):
+            user.pop("id", None)
+            organization = user.get("organization")
+            if isinstance(organization, dict):
+                organization.pop("id", None)
             return user
         if hasattr(user, "model_dump"):
-            return user.model_dump()
-        return {"id": getattr(user, "id", None)}
+            payload = user.model_dump()
+            payload.pop("id", None)
+            organization = payload.get("organization")
+            if isinstance(organization, dict):
+                organization.pop("id", None)
+            return payload
+        return {"uid": getattr(user, "uid", None)}
 
     except Exception as e:
         err_name = type(e).__name__

{mainsequence-4.3.24 → mainsequence-4.3.25}/mainsequence/cli/cli.py

@@ -2601,14 +2601,14 @@ def user_show():
 
     organization = user.get("organization")
     if isinstance(organization, dict):
-        organization_name = str(organization.get("name") or organization.get("id") or "-")
+        organization_name = str(organization.get("name") or organization.get("uid") or "-")
     else:
         organization_name = str(organization or "-")
 
     print_kv(
         "MainSequence User",
         [
-            ("ID", str(user.get("id") or "-")),
+            ("UID", str(user.get("uid") or "-")),
             ("Username", str(user.get("username") or "-")),
             ("Email", str(user.get("email") or "-")),
             ("Organization", organization_name),

{mainsequence-4.3.24 → mainsequence-4.3.25}/mainsequence/client/agent_runtime_models.py

@@ -340,6 +340,7 @@ class UserOrchestratorAgentService(BaseObjectOrm, BasePydanticModel):
     agent_uid: str | None = Field(None, description="Public UID of the resolved astro Agent.")
     user_uid: str | None = Field(None, description="Public UID of the owning user.")
     is_ready: bool = Field(False, description="Whether the service runtime is routable.")
+    automatic_deployment: bool = Field(False, description="Whether this coding-agent service is eligible for automatic deployment flows.")
     orchestrator_image_has_drift: bool = Field(False, description="Whether the orchestrator image is stale.")
     related_job: Any | None = Field(None, description="Backing job payload or UID when returned by the backend.")
     knative_service_runtime: Any | None = Field(None, description="Backing Knative service runtime payload.")
@@ -352,6 +353,7 @@ class UserProjectExecutorAgentService(BaseObjectOrm, BasePydanticModel):
     uid: str | None = Field(None, description="Public UID of the project executor service.")
     agent_uid: str | None = Field(None, description="Public UID of the resolved executor Agent.")
     is_ready: bool = Field(False, description="Whether the executor runtime is currently ready.")
+    automatic_deployment: bool = Field(False, description="Whether this coding-agent service is eligible for automatic deployment flows.")
     image_drift: dict[str, Any] | None = Field(None, description="Executor image drift status payload.")
     project: Any | None = Field(None, description="Owning project payload or UID when returned by the backend.")
     related_job: Any | None = Field(None, description="Backing job payload or UID when returned by the backend.")

{mainsequence-4.3.24 → mainsequence-4.3.25}/mainsequence/client/fastapi/auth.py

@@ -60,10 +60,11 @@ class LoggedUserContextMiddleware:
         authorization_scheme = _authorization_scheme(request.headers)
         logger.info(
             "LoggedUserContextMiddleware request context method=%s path=%s "
-            "x-user-id=%r x-username=%r x-resource-release-id=%r x-fastapi-id=%r "
+            "x-user-uid=%r x-user-id=%r x-username=%r x-resource-release-id=%r x-fastapi-id=%r "
             "authorization_present=%s authorization_scheme=%r",
             request.method,
             request.url.path,
+            request.headers.get("x-user-uid"),
             request.headers.get("x-user-id"),
             request.headers.get("x-username"),
             request.headers.get("x-resource-release-id"),
@@ -74,9 +75,10 @@ class LoggedUserContextMiddleware:
         bound_headers = current_auth_headers.get()
         logger.info(
             "LoggedUserContextMiddleware bound context current_auth_headers_is_none=%s "
-            "header_keys=%s x-user-id=%r",
+            "header_keys=%s x-user-uid=%r x-user-id=%r",
             bound_headers is None,
             _header_keys(bound_headers),
+            _header_get(bound_headers, "x-user-uid"),
             _header_get(bound_headers, "x-user-id"),
         )
 
@@ -93,9 +95,11 @@ class LoggedUserContextMiddleware:
                 raise
 
             request.state.user = user
+            request.state.user_uid = user.uid
             request.state.user_id = user.id
             logger.info(
-                "LoggedUserContextMiddleware User.get_logged_user resolved user_id=%s for %s %s",
+                "LoggedUserContextMiddleware User.get_logged_user resolved user_uid=%s user_id=%s for %s %s",
+                request.state.user_uid,
                 request.state.user_id,
                 request.method,
                 request.url.path,

{mainsequence-4.3.24 → mainsequence-4.3.25}/mainsequence/client/models_user.py

@@ -67,6 +67,7 @@ def _logged_user_header_context(
         return {
             "header_source": header_source,
             "header_keys": [],
+            "x_user_uid": None,
             "x_user_id": None,
             "authorization_present": False,
             "authorization_scheme": None,
@@ -86,6 +87,12 @@ def _logged_user_header_context(
     return {
         "header_source": header_source,
         "header_keys": sorted(str(key) for key in headers.keys()),
+        "x_user_uid": (
+            normalized_headers.get("X-User-UID")
+            or normalized_headers.get("x-user-uid")
+            or normalized_headers.get("HTTP_X_USER_UID")
+            or normalized_headers.get("http_x_user_uid")
+        ),
         "x_user_id": (
             normalized_headers.get("X-User-ID")
             or normalized_headers.get("x-user-id")
@@ -1063,15 +1070,17 @@ class User(UserApiBaseObjectOrm, BasePydanticModel):
         cls,
         *,
         normalized_headers: Mapping[str, Any],
-        user_id: int,
+        user_uid: str | None = None,
+        user_id: int | None = None,
     ):
+        identity = user_uid or user_id
         username = str(
             normalized_headers.get("X-Username")
             or normalized_headers.get("x-username")
             or normalized_headers.get("X-User-Email")
             or normalized_headers.get("x-user-email")
-            or f"user-{user_id}"
-        ).strip() or f"user-{user_id}"
+            or f"user-{identity}"
+        ).strip() or f"user-{identity}"
         email = str(
             normalized_headers.get("X-User-Email")
             or normalized_headers.get("x-user-email")
@@ -1080,6 +1089,7 @@ class User(UserApiBaseObjectOrm, BasePydanticModel):
 
         payload = {
             "id": user_id,
+            "uid": user_uid,
             "username": username,
             "email": email,
             "date_joined": None,
@@ -1138,10 +1148,14 @@ class User(UserApiBaseObjectOrm, BasePydanticModel):
         cls,
         *,
         headers: Mapping[str, Any],
+        user_uid: str | None = None,
         user_id: int | None = None,
     ) -> User:
         outbound_headers = _build_request_bound_outbound_headers(headers)
-        if user_id is None:
+        if user_uid:
+            url = f"{cls.get_object_url()}/get_user_details/"
+            params = None
+        elif user_id is None:
             url = f"{cls.get_object_url()}/get_user_details/"
             params = None
         else:
@@ -1170,8 +1184,10 @@ class User(UserApiBaseObjectOrm, BasePydanticModel):
         Use this when code is running with request-scoped identity context, such
         as FastAPI middleware, Streamlit, or code that explicitly binds
         `_CURRENT_AUTH_HEADERS`. This method first uses the bound request/user
-        context and only falls back to `get_authenticated_user_details()` when
-        request headers are present with Bearer auth but no `X-User-ID`.
+        context and only falls back to the current-user details endpoint when
+        request headers are present with Bearer auth but no request-bound user
+        identity header. `X-User-UID` is the public identity header; `X-User-ID`
+        is kept only for legacy request-bound callers.
 
         For standalone authenticated CLI or script code that is not request-bound,
         prefer `get_authenticated_user_details()`.
@@ -1220,6 +1236,12 @@ class User(UserApiBaseObjectOrm, BasePydanticModel):
             and str(authorization_value).split(" ", 1)[0].lower() == "bearer"
         )
 
+        user_uid_raw = (
+            normalized_headers.get("X-User-UID")
+            or normalized_headers.get("x-user-uid")
+            or normalized_headers.get("HTTP_X_USER_UID")
+            or normalized_headers.get("http_x_user_uid")
+        )
         user_id_raw = (
             normalized_headers.get("X-User-ID")
             or normalized_headers.get("x-user-id")
@@ -1227,6 +1249,28 @@ class User(UserApiBaseObjectOrm, BasePydanticModel):
             or normalized_headers.get("http_x_user_id")
         )
 
+        if user_uid_raw not in (None, ""):
+            user_uid = str(user_uid_raw).strip()
+            if not has_bearer_authorization:
+                user = cls._build_request_bound_identity_user(
+                    normalized_headers=normalized_headers,
+                    user_uid=user_uid,
+                )
+                _CURRENT_USER.set(user)
+                logger.info(
+                    "User.get_logged_user resolved user_uid=%s via request identity headers without backend auth",
+                    user.uid,
+                )
+                return user
+
+            user = cls._get_request_bound_user(headers=headers, user_uid=user_uid)
+            _CURRENT_USER.set(user)
+            logger.info(
+                "User.get_logged_user resolved user_uid=%s via X-User-UID header",
+                user.uid,
+            )
+            return user
+
         if user_id_raw in (None, ""):
             if has_bearer_authorization:
                 outgoing_authorization = None
@@ -1256,10 +1300,11 @@ class User(UserApiBaseObjectOrm, BasePydanticModel):
                     context = _logged_user_header_context(headers, header_source=header_source)
                     logger.exception(
                         "User.get_logged_user failed during bearer fallback; "
-                        "header_source=%s header_keys=%s X-User-ID=%r "
+                        "header_source=%s header_keys=%s X-User-UID=%r X-User-ID=%r "
                         "authorization_present=%s authorization_scheme=%r",
                         context["header_source"],
                         context["header_keys"],
+                        context["x_user_uid"],
                         context["x_user_id"],
                         context["authorization_present"],
                         context["authorization_scheme"],
@@ -1274,16 +1319,17 @@ class User(UserApiBaseObjectOrm, BasePydanticModel):
 
             context = _logged_user_header_context(headers, header_source=header_source)
             logger.error(
-                "User.get_logged_user failed: missing X-User-ID in request headers; "
-                "header_source=%s header_keys=%s X-User-ID=%r "
+                "User.get_logged_user failed: missing X-User-UID or X-User-ID in request headers; "
+                "header_source=%s header_keys=%s X-User-UID=%r X-User-ID=%r "
                 "authorization_present=%s authorization_scheme=%r",
                 context["header_source"],
                 context["header_keys"],
+                context["x_user_uid"],
                 context["x_user_id"],
                 context["authorization_present"],
                 context["authorization_scheme"],
             )
-            raise RuntimeError("Missing X-User-ID in request headers.")
+            raise RuntimeError("Missing X-User-UID or X-User-ID in request headers.")
 
         try:
             user_id = int(str(user_id_raw).strip())
@@ -1291,10 +1337,11 @@ class User(UserApiBaseObjectOrm, BasePydanticModel):
             context = _logged_user_header_context(headers, header_source=header_source)
             logger.exception(
                 "User.get_logged_user failed: invalid X-User-ID value; "
-                "header_source=%s header_keys=%s X-User-ID=%r "
+                "header_source=%s header_keys=%s X-User-UID=%r X-User-ID=%r "
                 "authorization_present=%s authorization_scheme=%r",
                 context["header_source"],
                 context["header_keys"],
+                context["x_user_uid"],
                 context["x_user_id"],
                 context["authorization_present"],
                 context["authorization_scheme"],

{mainsequence-4.3.24 → mainsequence-4.3.25/mainsequence.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mainsequence
-Version: 4.3.24
+Version: 4.3.25
 Summary: Main Sequence SDK 
 Author-email: Main Sequence GmbH <dev@main-sequence.io>
 License: MainSequence GmbH SDK License Agreement

{mainsequence-4.3.24 → mainsequence-4.3.25}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "mainsequence"
-version = "4.3.24"
+version = "4.3.25"
 description = "Main Sequence SDK "
 readme = "README.md"
 requires-python = ">=3.11"

{mainsequence-4.3.24 → mainsequence-4.3.25}/tests/test_cli.py

@@ -96,10 +96,10 @@ def test_user_show(cli_mod, runner, monkeypatch):
         cli_mod,
         "get_logged_user_details",
         lambda: {
-            "id": 7,
+            "uid": "user-uid-7",
             "username": "jose",
             "email": "jose@main-sequence.io",
-            "organization": {"id": 2, "name": "Main Sequence"},
+            "organization": {"uid": "org-uid-2", "name": "Main Sequence"},
             "is_active": True,
             "is_verified": True,
             "mfa_enabled": False,
@@ -111,6 +111,7 @@ def test_user_show(cli_mod, runner, monkeypatch):
     result = runner.invoke(cli_mod.app, ["user"])
     assert result.exit_code == 0
     assert "MainSequence User" in result.output
+    assert "user-uid-7" in result.output
     assert "jose" in result.output
     assert "jose@main-sequence.io" in result.output
     assert "Main Sequence" in result.output
@@ -121,17 +122,18 @@ def test_user_show_json(cli_mod, runner, monkeypatch):
         cli_mod,
         "get_logged_user_details",
         lambda: {
-            "id": 7,
+            "uid": "user-uid-7",
             "username": "jose",
             "email": "jose@main-sequence.io",
-            "organization": {"id": 2, "name": "Main Sequence"},
+            "organization": {"uid": "org-uid-2", "name": "Main Sequence"},
         },
     )
 
     result = runner.invoke(cli_mod.app, ["user", "--json"])
     assert result.exit_code == 0
     payload = json.loads(result.output)
-    assert payload["id"] == 7
+    assert "id" not in payload
+    assert payload["uid"] == "user-uid-7"
     assert payload["username"] == "jose"
     assert payload["organization"]["name"] == "Main Sequence"
 
@@ -5668,7 +5670,7 @@ def test_get_logged_user_details_uses_client_model(cli_mod, monkeypatch):
         "authed",
         lambda method, api_path, body=None: types.SimpleNamespace(
             ok=True,
-            json=lambda: {"id": 7},
+            json=lambda: {"uid": "user-uid-7"},
         ),
     )
 
@@ -5722,10 +5724,10 @@ def test_get_logged_user_details_uses_client_model(cli_mod, monkeypatch):
             captured["headers_seen"] = fake_headers.current
             return types.SimpleNamespace(
                 model_dump=lambda: {
-                    "id": 7,
+                    "uid": "user-uid-7",
                     "username": "jose",
                     "email": "jose@main-sequence.io",
-                    "organization": {"id": 2, "name": "Main Sequence"},
+                    "organization": {"uid": "org-uid-2", "name": "Main Sequence"},
                 }
             )
 
@@ -5745,9 +5747,12 @@ def test_get_logged_user_details_uses_client_model(cli_mod, monkeypatch):
     assert fake_utils.API_ENDPOINT == "https://backend.test/orm/api"
     assert fake_utils.AUTH_ENDPOINT == "https://backend.test"
     assert captured["jwt"] == ("acc", "ref")
-    assert captured["headers_set"] == {"X-User-ID": "7", "Authorization": "Bearer acc"}
-    assert captured["headers_seen"] == {"X-User-ID": "7", "Authorization": "Bearer acc"}
+    assert captured["headers_set"] == {"X-User-UID": "user-uid-7", "Authorization": "Bearer acc"}
+    assert captured["headers_seen"] == {"X-User-UID": "user-uid-7", "Authorization": "Bearer acc"}
     assert captured["headers_reset"] == "token"
+    assert "id" not in out
+    assert "id" not in out["organization"]
+    assert out["uid"] == "user-uid-7"
     assert out["username"] == "jose"
 
 

{mainsequence-4.3.24 → mainsequence-4.3.25}/tests/test_models_user_request_bound_auth.py

@@ -73,6 +73,62 @@ def test_get_logged_user_uses_request_bound_headers_for_user_lookup(monkeypatch)
     assert "Host" not in captured["headers"]
 
 
+def test_get_logged_user_uses_request_bound_uid_header_for_user_lookup(monkeypatch):
+    monkeypatch.delenv("MAINSEQUENCE_ACCESS_TOKEN", raising=False)
+    monkeypatch.delenv("MAINSEQUENCE_REFRESH_TOKEN", raising=False)
+
+    captured: dict[str, object] = {}
+
+    class _FakeSession:
+        def get(self, url, *, headers=None, params=None, timeout=None):
+            captured["url"] = url
+            captured["headers"] = headers
+            captured["params"] = params
+            captured["timeout"] = timeout
+            return _FakeResponse(
+                {
+                    "uid": "user-uid-4",
+                    "username": "jose",
+                    "email": "jose@main-sequence.io",
+                    "date_joined": "2026-01-01T00:00:00Z",
+                    "is_active": True,
+                    "api_request_limit": 10000,
+                    "mfa_enabled": False,
+                    "groups": [],
+                    "user_permissions": [],
+                    "organization_teams": [],
+                }
+            )
+
+    monkeypatch.setattr(
+        models_user_mod.User,
+        "build_session",
+        classmethod(lambda cls: _FakeSession()),
+    )
+
+    auth_token = models_user_mod._CURRENT_AUTH_HEADERS.set(
+        {
+            "X-User-UID": "user-uid-4",
+            "Authorization": "Bearer inbound-token",
+            "Cookie": "sessionid=abc",
+            "Host": "frontend.test",
+        }
+    )
+    user_token = models_user_mod._CURRENT_USER.set(None)
+    try:
+        user = models_user_mod.User.get_logged_user()
+    finally:
+        models_user_mod._CURRENT_USER.reset(user_token)
+        models_user_mod._CURRENT_AUTH_HEADERS.reset(auth_token)
+
+    assert user.uid == "user-uid-4"
+    assert str(captured["url"]).endswith("/user/api/user/get_user_details/")
+    assert captured["params"] is None
+    assert captured["headers"]["Authorization"] == "Bearer inbound-token"
+    assert captured["headers"]["Cookie"] == "sessionid=abc"
+    assert "Host" not in captured["headers"]
+
+
 def test_get_logged_user_returns_header_identity_without_backend_auth(monkeypatch):
     monkeypatch.delenv("MAINSEQUENCE_ACCESS_TOKEN", raising=False)
     monkeypatch.delenv("MAINSEQUENCE_REFRESH_TOKEN", raising=False)
@@ -108,6 +164,42 @@ def test_get_logged_user_returns_header_identity_without_backend_auth(monkeypatc
     assert user.api_request_limit is None
 
 
+def test_get_logged_user_returns_uid_header_identity_without_backend_auth(monkeypatch):
+    monkeypatch.delenv("MAINSEQUENCE_ACCESS_TOKEN", raising=False)
+    monkeypatch.delenv("MAINSEQUENCE_REFRESH_TOKEN", raising=False)
+
+    class _FakeSession:
+        def get(self, url, *, headers=None, params=None, timeout=None):
+            raise AssertionError("header-only identity should not trigger backend lookup")
+
+    monkeypatch.setattr(
+        models_user_mod.User,
+        "build_session",
+        classmethod(lambda cls: _FakeSession()),
+    )
+
+    auth_token = models_user_mod._CURRENT_AUTH_HEADERS.set(
+        {
+            "X-User-UID": "user-uid-4",
+            "X-Username": "dashboard-user",
+            "X-Dashboard-ID": "dashboard-7",
+        }
+    )
+    user_token = models_user_mod._CURRENT_USER.set(None)
+    try:
+        user = models_user_mod.User.get_logged_user()
+    finally:
+        models_user_mod._CURRENT_USER.reset(user_token)
+        models_user_mod._CURRENT_AUTH_HEADERS.reset(auth_token)
+
+    assert user.uid == "user-uid-4"
+    assert user.id is None
+    assert user.username == "dashboard-user"
+    assert user.email == "dashboard-user"
+    assert user.date_joined is None
+    assert user.api_request_limit is None
+
+
 def test_get_logged_user_bearer_fallback_uses_request_bound_headers(monkeypatch):
     monkeypatch.delenv("MAINSEQUENCE_ACCESS_TOKEN", raising=False)
     monkeypatch.delenv("MAINSEQUENCE_REFRESH_TOKEN", raising=False)