plato-sdk-v2 2.7.0__py3-none-any.whl → 2.7.1__py3-none-any.whl

plato/v1/cli/pm.py

@@ -6,10 +6,12 @@ import os
 import re
 import shutil
 import tempfile
+from datetime import datetime, timedelta
 from pathlib import Path
 
 import httpx
 import typer
+import yaml
 from rich.table import Table
 
 from plato._generated.api.v1.env import get_simulator_by_name, get_simulators
@@ -25,6 +27,7 @@ from plato._generated.models import (
     AddReviewRequest,
     AppApiV1SimulatorRoutesUpdateSimulatorRequest,
     Authentication,
+    Flow,
     Outcome,
     ReviewType,
     UpdateStatusRequest,
@@ -41,6 +44,7 @@ from plato.v1.cli.utils import (
 )
 from plato.v1.cli.verify import pm_verify_app
 from plato.v2.async_.client import AsyncPlato
+from plato.v2.async_.flow_executor import FlowExecutor
 from plato.v2.types import Env
 
 # =============================================================================
@@ -282,6 +286,17 @@ def review_base(
         "--skip-review",
         help="Run login flow and check state, but skip interactive review. For automated verification.",
     ),
+    local: str = typer.Option(
+        None,
+        "--local",
+        "-l",
+        help="Path to a local flow YAML file to run instead of the default login flow.",
+    ),
+    clock: str = typer.Option(
+        None,
+        "--clock",
+        help="Set fake browser time (ISO format or offset like '-30d' for 30 days ago).",
+    ),
 ):
     """Review base/environment artifact for a simulator.
 
@@ -373,16 +388,87 @@ def review_base(
                 playwright = await async_playwright().start()
                 browser = await playwright.chromium.launch(headless=False)
 
-                try:
-                    login_result = await session.login(browser, dataset="base")
-                    page = list(login_result.pages.values())[0] if login_result.pages else None
-                    console.print("[green]✅ Logged into environment[/green]")
-                except Exception as e:
-                    console.print(f"[yellow]⚠️  Login error: {e}[/yellow]")
+                # Install fake clock if requested
+                fake_time = None
+                if clock:
+                    # Parse clock option: ISO format or offset like '-30d'
+                    if clock.startswith("-") and clock[-1] in "dhms":
+                        # Offset format: -30d, -1h, -30m, -60s
+                        unit = clock[-1]
+                        amount = int(clock[1:-1])
+                        if unit == "d":
+                            fake_time = datetime.now() - timedelta(days=amount)
+                        elif unit == "h":
+                            fake_time = datetime.now() - timedelta(hours=amount)
+                        elif unit == "m":
+                            fake_time = datetime.now() - timedelta(minutes=amount)
+                        elif unit == "s":
+                            fake_time = datetime.now() - timedelta(seconds=amount)
+                    else:
+                        # ISO format
+                        fake_time = datetime.fromisoformat(clock)
+
+                    console.print(f"[cyan]Setting fake browser time to:[/cyan] {fake_time.isoformat()}")
+
+                if local:
+                    # Use local flow file instead of default login
+                    local_path = Path(local)
+                    if not local_path.exists():
+                        console.print(f"[red]❌ Local flow file not found: {local}[/red]")
+                        raise typer.Exit(1)
+
+                    console.print(f"[cyan]Loading local flow from: {local}[/cyan]")
+                    with open(local_path) as f:
+                        flow_dict = yaml.safe_load(f)
+
+                    # Find login flow (or first flow if only one)
+                    flows = flow_dict.get("flows", [])
+                    if not flows:
+                        console.print("[red]❌ No flows found in flow file[/red]")
+                        raise typer.Exit(1)
+
+                    # Try to find 'login' flow, otherwise use first flow
+                    flow_data = next((f for f in flows if f.get("name") == "login"), flows[0])
+                    flow = Flow.model_validate(flow_data)
+                    console.print(f"[cyan]Running flow: {flow.name}[/cyan]")
+
+                    # Create page and navigate to public URL
                     page = await browser.new_page()
+
+                    # Install fake clock if requested
+                    if fake_time:
+                        await page.clock.install(time=fake_time)
+                        console.print(f"[green]✅ Fake clock installed: {fake_time.isoformat()}[/green]")
+
                     if public_url:
                         await page.goto(public_url)
 
+                    # Execute the flow
+                    try:
+                        executor = FlowExecutor(page, flow)
+                        await executor.execute()
+                        console.print("[green]✅ Local flow executed successfully[/green]")
+                    except Exception as e:
+                        console.print(f"[yellow]⚠️  Flow execution error: {e}[/yellow]")
+                else:
+                    # Use default login via session.login()
+                    if fake_time:
+                        console.print("[yellow]⚠️  --clock with default login may not work correctly.[/yellow]")
+                        console.print("[yellow]   Use --local with a flow file for reliable clock testing.[/yellow]")
+                    try:
+                        login_result = await session.login(browser, dataset="base")
+                        page = list(login_result.pages.values())[0] if login_result.pages else None
+                        console.print("[green]✅ Logged into environment[/green]")
+                    except Exception as e:
+                        console.print(f"[yellow]⚠️  Login error: {e}[/yellow]")
+                        page = await browser.new_page()
+                        # Install fake clock on fallback page
+                        if fake_time:
+                            await page.clock.install(time=fake_time)
+                            console.print(f"[green]✅ Fake clock installed: {fake_time.isoformat()}[/green]")
+                        if public_url:
+                            await page.goto(public_url)
+
                 # ALWAYS check state after login to verify no mutations
                 console.print("\n[cyan]Checking environment state after login...[/cyan]")
                 has_mutations = False

plato/v1/cli/sandbox.py

@@ -1,5 +1,6 @@
 """Sandbox CLI commands for Plato."""
 
+import asyncio
 import base64
 import io
 import json
@@ -13,11 +14,12 @@ import tempfile
 import time
 from datetime import datetime, timezone
 from pathlib import Path
-from urllib.parse import quote
+from urllib.parse import quote, quote_plus
 
 import typer
 import yaml
 from rich.logging import RichHandler
+from sqlalchemy import create_engine, text
 
 from plato._generated.api.v1.gitea import (
     create_simulator_repository,
@@ -82,6 +84,7 @@ from plato.v1.cli.verify import sandbox_verify_app
 from plato.v2.async_.flow_executor import FlowExecutor
 from plato.v2.sync.client import Plato as PlatoV2
 from plato.v2.types import Env, SimConfigCompute
+from plato.v2.utils.proxy_tunnel import ProxyTunnel, find_free_port
 
 # UUID pattern for detecting artifact IDs in colon notation
 UUID_PATTERN = re.compile(r"^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", re.IGNORECASE)
@@ -141,7 +144,6 @@ def sandbox_start(
     disk: int = typer.Option(10240, "--disk", help="Disk in MB (blank VM)"),
     # Common options
     timeout: int = typer.Option(1800, "--timeout", help="VM lifetime in seconds (default: 30 minutes)"),
-    no_reset: bool = typer.Option(False, "--no-reset", help="Skip initial reset after ready"),
     connect_network: bool = typer.Option(
         True, "--network/--no-network", help="Connect VMs to WireGuard network for SSH access (default: enabled)"
     ),
@@ -377,11 +379,8 @@ def sandbox_start(
             if not json_output:
                 console.print(f"[yellow]Could not get public URL: {e}[/yellow]")
 
-        # Reset environment unless --no-reset
-        if not no_reset:
-            if not json_output:
-                console.print("[cyan]Resetting environment...[/cyan]")
-            session.reset()
+        # Note: We don't reset here - start just launches the sandbox.
+        # Reset is a separate action the user can take later if needed.
 
         # Setup SSH for ALL modes (so you can SSH into any sandbox)
         ssh_private_key_path = None
@@ -1770,13 +1769,10 @@ def sandbox_clear_audit(
         -j, --json: Output results as JSON instead of formatted text
     """
     state = require_sandbox_state()
+    job_id = state.get("job_id")
 
-    # Get SSH info
-    ssh_host = state.get("ssh_host")
-    ssh_config_path = state.get("ssh_config_path")
-
-    if not ssh_host or not ssh_config_path:
-        console.print("[red]❌ SSH not configured. Missing ssh_host or ssh_config_path in .sandbox.yaml[/red]")
+    if not job_id:
+        console.print("[red]❌ No job_id found in .sandbox.yaml[/red]")
         raise typer.Exit(1)
 
     # Find plato-config.yml
@@ -1813,43 +1809,99 @@ def sandbox_clear_audit(
 
     results = []
 
-    for name, db_config in db_listeners:
+    def _execute_db_cleanup(name: str, db_config: dict, local_port: int) -> dict:
+        """Execute DB cleanup using sync SQLAlchemy (called after tunnel is up)."""
         db_type = db_config.get("db_type", "postgresql").lower()
         db_user = db_config.get("db_user", "postgres" if db_type == "postgresql" else "root")
         db_password = db_config.get("db_password", "")
         db_database = db_config.get("db_database", "postgres")
 
-        if not json_output:
-            console.print(f"[cyan]Clearing audit_log for listener '{name}' ({db_type})...[/cyan]")
+        # Build SQLAlchemy URL based on db_type (sync drivers)
+        user = quote_plus(db_user)
+        password = quote_plus(db_password)
+        database = quote_plus(db_database)
 
-        # Build SQL command based on db_type
-        # Use docker exec since psql/mysql aren't installed on the VM directly
         if db_type == "postgresql":
-            # Find the postgres container and truncate all audit_log tables across all schemas
-            # Use $body$ delimiter instead of $$ to avoid shell expansion
-            truncate_sql = "DO \\$body\\$ DECLARE r RECORD; BEGIN FOR r IN SELECT schemaname FROM pg_tables WHERE tablename = 'audit_log' LOOP EXECUTE format('TRUNCATE TABLE %I.audit_log RESTART IDENTITY CASCADE', r.schemaname); END LOOP; END \\$body\\$;"
-            sql_cmd = f"CONTAINER=$(docker ps --format '{{{{.Names}}}}\\t{{{{.Image}}}}' | grep -i postgres | head -1 | cut -f1) && docker exec $CONTAINER psql -U {db_user} -d {db_database} -c \"{truncate_sql}\""
+            db_url = f"postgresql+psycopg2://{user}:{password}@127.0.0.1:{local_port}/{database}"
         elif db_type in ("mysql", "mariadb"):
-            # Find the mysql/mariadb container and exec into it
-            # Use mariadb client (mysql is a symlink or may not exist in newer mariadb images)
-            sql_cmd = f"CONTAINER=$(docker ps --format '{{{{.Names}}}}\\t{{{{.Image}}}}' | grep -iE 'mysql|mariadb' | head -1 | cut -f1) && docker exec $CONTAINER mariadb -u {db_user} -p'{db_password}' {db_database} -e 'SET FOREIGN_KEY_CHECKS=0; DELETE FROM audit_log; SET FOREIGN_KEY_CHECKS=1;'"
+            db_url = f"mysql+pymysql://{user}:{password}@127.0.0.1:{local_port}/{database}"
         else:
-            if not json_output:
-                console.print(f"[yellow]⚠ Unsupported db_type '{db_type}' for listener '{name}'[/yellow]")
-            results.append({"listener": name, "success": False, "error": f"Unsupported db_type: {db_type}"})
-            continue
+            return {"listener": name, "success": False, "error": f"Unsupported db_type: {db_type}"}
+
+        engine = create_engine(db_url, pool_pre_ping=True)
+        tables_truncated = []
+
+        with engine.begin() as conn:
+            if db_type == "postgresql":
+                # Find and truncate audit_log tables in all schemas
+                result = conn.execute(text("SELECT schemaname, tablename FROM pg_tables WHERE tablename = 'audit_log'"))
+                tables = result.fetchall()
+                for schema, table in tables:
+                    conn.execute(text(f"TRUNCATE TABLE {schema}.{table} RESTART IDENTITY CASCADE"))
+                    tables_truncated.append(f"{schema}.{table}")
+
+            elif db_type in ("mysql", "mariadb"):
+                # Find and delete from audit_log tables
+                result = conn.execute(
+                    text(
+                        "SELECT table_schema, table_name FROM information_schema.tables "
+                        "WHERE table_name = 'audit_log' AND table_schema = DATABASE()"
+                    )
+                )
+                tables = result.fetchall()
+                conn.execute(text("SET FOREIGN_KEY_CHECKS = 0"))
+                for schema, table in tables:
+                    conn.execute(text(f"DELETE FROM `{table}`"))
+                    tables_truncated.append(table)
+                conn.execute(text("SET FOREIGN_KEY_CHECKS = 1"))
+
+        engine.dispose()
+        return {"listener": name, "success": True, "tables_truncated": tables_truncated}
+
+    async def clear_audit_via_tunnel(name: str, db_config: dict) -> dict:
+        """Clear audit_log by connecting via proxy tunnel."""
+        db_type = db_config.get("db_type", "postgresql").lower()
+        db_port = db_config.get("db_port", 5432 if db_type == "postgresql" else 3306)
+
+        if not json_output:
+            console.print(f"[cyan]Clearing audit_log for listener '{name}' ({db_type})...[/cyan]")
 
-        # Run via SSH
-        ret, stdout, stderr = _run_ssh_command(ssh_config_path, ssh_host, sql_cmd)
+        # Find a free local port for the tunnel
+        local_port = find_free_port()
 
-        if ret == 0:
-            if not json_output:
-                console.print(f"[green]✅ Cleared audit_log for '{name}'[/green]")
-            results.append({"listener": name, "success": True})
-        else:
+        # Create tunnel and connect
+        tunnel = ProxyTunnel(
+            env_id=job_id,
+            db_port=db_port,
+            temp_password="newpass",
+            host_port=local_port,
+        )
+
+        try:
+            await tunnel.start()
+
+            # Run sync DB cleanup in a thread to avoid blocking the event loop
+            result = await asyncio.to_thread(_execute_db_cleanup, name, db_config, local_port)
+
+            if result["success"]:
+                tables_truncated = result.get("tables_truncated", [])
+                if not json_output:
+                    console.print(f"[green]✅ Cleared audit_log for '{name}' ({len(tables_truncated)} tables)[/green]")
+            return result
+
+        except Exception as e:
             if not json_output:
-                console.print(f"[red]❌ Failed to clear audit_log for '{name}': {stderr}[/red]")
-            results.append({"listener": name, "success": False, "error": stderr})
+                console.print(f"[red]❌ Failed to clear audit_log for '{name}': {e}[/red]")
+            return {"listener": name, "success": False, "error": str(e)}
+        finally:
+            await tunnel.stop()
+
+    # Run async cleanup for each listener
+    async def run_all():
+        tasks = [clear_audit_via_tunnel(name, db_config) for name, db_config in db_listeners]
+        return await asyncio.gather(*tasks)
+
+    results = asyncio.run(run_all())
 
     # Call state API to refresh in-memory mutation cache
     session_id = state.get("session_id")
@@ -2300,9 +2352,33 @@ def sandbox_start_services(
             if not json_output:
                 console.print(f"[green]✓ Code cloned to {repo_dir}[/green]")
 
-            # Step 6: Start services
+            # Step 6: Authenticate ECR
+            if not json_output:
+                console.print("[cyan]Step 6: Authenticating Docker with ECR...[/cyan]")
+
+            ecr_registry = "383806609161.dkr.ecr.us-west-1.amazonaws.com"
+            ecr_token_result = subprocess.run(
+                ["aws", "ecr", "get-login-password", "--region", "us-west-1"],
+                capture_output=True,
+                text=True,
+            )
+            if ecr_token_result.returncode != 0:
+                console.print(f"[red]❌ Failed to get ECR token: {ecr_token_result.stderr}[/red]")
+                raise typer.Exit(1)
+
+            ecr_token = ecr_token_result.stdout.strip()
+            docker_login_cmd = f"echo '{ecr_token}' | docker login --username AWS --password-stdin {ecr_registry}"
+            ret, stdout, stderr = _run_ssh_command(ssh_config_path, ssh_host, docker_login_cmd)
+            if ret != 0:
+                console.print(f"[red]❌ Failed to authenticate Docker with ECR: {stderr}[/red]")
+                raise typer.Exit(1)
+
+            if not json_output:
+                console.print("[green]✓ Docker authenticated with ECR[/green]")
+
+            # Step 7: Start services
             if not json_output:
-                console.print("[cyan]Step 6: Starting services...[/cyan]")
+                console.print("[cyan]Step 7: Starting services...[/cyan]")
 
             services_started = start_services_on_vm(repo_dir)
 

{plato_sdk_v2-2.7.0.dist-info → plato_sdk_v2-2.7.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: plato-sdk-v2
-Version: 2.7.0
+Version: 2.7.1
 Summary: Python SDK for the Plato API
 Author-email: Plato <support@plato.so>
 License-Expression: MIT

{plato_sdk_v2-2.7.0.dist-info → plato_sdk_v2-2.7.1.dist-info}/RECORD

@@ -425,9 +425,9 @@ plato/v1/cli/__init__.py,sha256=om4b7PxgsoI7rEwuQelmQkqPdhMVn53_5qEN8kvksYw,105
 plato/v1/cli/agent.py,sha256=r5Eh2e2-rUIGjK5uevnGKqScABtFK-Spomrrytj-3og,44053
 plato/v1/cli/chronos.py,sha256=lzFY0nomP1AY14i8oc8OvWOdq9ydCiE3dN2XrSupvA4,27827
 plato/v1/cli/main.py,sha256=Yqy1vn4sGyAWKNpDVcLl9pbzkMn89tYVBIxFU30ZtPk,6905
-plato/v1/cli/pm.py,sha256=t14gBRAks1TYxPQLj9x4rgJAGudn47vLH8M0Cd2ocVU,48701
+plato/v1/cli/pm.py,sha256=zrWGwYRC4e0d_KjOLNOqVcnJVMgS_Iw5vJ2F61jLX5s,52921
 plato/v1/cli/proxy.py,sha256=WmCt0R9Gos1q0FZTQSsbloNC3-Cnx6Yb60RZF1BzC18,12178
-plato/v1/cli/sandbox.py,sha256=hEcI0Ve5UahYwIlyB7djuyb41JfWVtg-m2NivC36kJA,98859
+plato/v1/cli/sandbox.py,sha256=SQb5XCdYvTHEyZxOv9ECtafTdkxpjfq45pYd-m1z7k0,101506
 plato/v1/cli/ssh.py,sha256=9ypjn5kQuaTcVjsWMDIUDyehXRH9fauk_z-C3mXzYJ8,2381
 plato/v1/cli/utils.py,sha256=ba7Crv4OjDmgCv4SeB8UeZDin-iOdQw_3N6fd-g5XVk,4572
 plato/v1/cli/verify.py,sha256=D-hyiCBPL_G_9uTIEugUsq_B9y6mRVAUWILpfUx4YAo,22814
@@ -503,7 +503,7 @@ plato/worlds/base.py,sha256=-RR71bSxEFI5yydtrtq-AAbuw98CIjvmrbztqzB9oIc,31041
 plato/worlds/build_hook.py,sha256=KSoW0kqa5b7NyZ7MYOw2qsZ_2FkWuz0M3Ru7AKOP7Qw,3486
 plato/worlds/config.py,sha256=O1lUXzxp-Z_M7izslT8naXgE6XujjzwYFFrDDzUOueI,12736
 plato/worlds/runner.py,sha256=r9B2BxBae8_dM7y5cJf9xhThp_I1Qvf_tlPq2rs8qC8,4013
-plato_sdk_v2-2.7.0.dist-info/METADATA,sha256=-42a-9UgtVuRD6KfkM1Wy1uaCbICSh7uGgxLKuCj7xs,8652
-plato_sdk_v2-2.7.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-plato_sdk_v2-2.7.0.dist-info/entry_points.txt,sha256=upGMbJCx6YWUTKrPoYvYUYfFCqYr75nHDwhA-45m6p8,136
-plato_sdk_v2-2.7.0.dist-info/RECORD,,
+plato_sdk_v2-2.7.1.dist-info/METADATA,sha256=W64dXq4E_YTbyTp5SBJJBm3sxSryOHQSB6oXU8x5_mI,8652
+plato_sdk_v2-2.7.1.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+plato_sdk_v2-2.7.1.dist-info/entry_points.txt,sha256=upGMbJCx6YWUTKrPoYvYUYfFCqYr75nHDwhA-45m6p8,136
+plato_sdk_v2-2.7.1.dist-info/RECORD,,