poelis-sdk 0.2.2__py3-none-any.whl → 0.3.1__py3-none-any.whl

poelis_sdk/_transport.py

@@ -1,12 +1,12 @@
 from __future__ import annotations
 
 from typing import Any, Dict, Mapping, Optional
+import os
 import time
 import random
 import httpx
 
 from .exceptions import ClientError, HTTPError, NotFoundError, RateLimitError, ServerError, UnauthorizedError
-from .auth0 import Auth0TokenManager
 
 """HTTP transport abstraction for the Poelis SDK.
 
@@ -29,7 +29,7 @@ class Transport:
 
         Args:
             base_url: Base API URL.
-            api_key: API key for Auth0 authentication.
+            api_key: API key provided by backend to authenticate requests.
             org_id: Organization id for tenant scoping.
             timeout_seconds: Request timeout in seconds.
         """
@@ -38,18 +38,32 @@ class Transport:
         self._api_key = api_key
         self._org_id = org_id
         self._timeout = timeout_seconds
+        # Auth mode is intentionally read from environment to keep the public
+        # constructor signature stable for tests and backwards-compatibility.
+        # Supported values:
+        # - "bearer" (default): Authorization: Bearer <api_key>
+        # - "api_key": X-API-Key/X-Poelis-Api-Key headers with no Authorization
+        self._auth_mode = os.environ.get("POELIS_AUTH_MODE", "api_key").strip().lower()
         
-        # Initialize Auth0 token manager
-        self._auth0_manager = Auth0TokenManager(api_key, org_id, base_url)
 
     def _headers(self, extra: Optional[Mapping[str, str]] = None) -> Dict[str, str]:
         headers: Dict[str, str] = {
             "Accept": "application/json",
             "Content-Type": "application/json",
         }
-        # Get fresh JWT token from Auth0
-        token = self._auth0_manager.get_token()
-        headers["Authorization"] = f"Bearer {token}"
+        # Resolve auth mode with a safe fallback in case tests monkeypatch __init__
+        auth_mode = getattr(self, "_auth_mode", None) or os.environ.get("POELIS_AUTH_MODE", "api_key").strip().lower()
+        if auth_mode == "api_key":
+            # Some staging environments expect an API key header and reject Bearer
+            # Include common header variants for compatibility; backend may accept either.
+            headers["X-API-Key"] = self._api_key
+            headers["X-Poelis-Api-Key"] = self._api_key
+            # Additionally include Authorization with Api-Key scheme for services
+            # that only read credentials from Authorization.
+            headers["Authorization"] = f"Api-Key {self._api_key}"
+        else:
+            # Default: send API key as Bearer token
+            headers["Authorization"] = f"Bearer {self._api_key}"
         headers["X-Poelis-Org"] = self._org_id
         if extra:
             headers.update(dict(extra))

poelis_sdk/browser.py

@@ -56,6 +56,10 @@ class _Node:
         self._load_children()
         return [child._name or "" for child in self._children_cache.values()]
 
+    def names(self) -> List[str]:
+        """Public: return display names of children at this level."""
+        return self._names()
+
     def _suggest(self) -> List[str]:
         """Return suggested attribute names for interactive usage.
 
@@ -249,10 +253,22 @@ class Browser:
         """Return display names of root-level children (workspaces)."""
         return self._root._names()
 
+    def names(self) -> List[str]:
+        """Public: return display names of root-level children (workspaces)."""
+        return self._root._names()
+
     # keep suggest internal so it doesn't appear in help/dir
     def _suggest(self) -> List[str]:
         return self._root._suggest()
 
+    def suggest(self) -> List[str]:
+        """Return curated attribute suggestions at the current root level.
+
+        This mirrors the internal `_suggest` used for interactive completion,
+        but is exposed publicly for tests and programmatic usage.
+        """
+        return self._root._suggest()
+
 
 def _safe_key(name: str) -> str:
     """Convert arbitrary display name to a safe attribute key (letters/digits/_)."""

{poelis_sdk-0.2.2.dist-info → poelis_sdk-0.3.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: poelis-sdk
-Version: 0.2.2
+Version: 0.3.1
 Summary: Official Python SDK for Poelis
 Project-URL: Homepage, https://poelis.com
 Project-URL: Source, https://github.com/PoelisTechnologies/poelis-python-sdk
@@ -60,6 +60,24 @@ export POELIS_ORG_ID=tenant_id_001
 ```
 
 
+### How authentication works
+
+The SDK does not talk to Auth0. It sends your API key directly to the Poelis backend for validation on every request.
+
+- Default headers sent by the SDK:
+
+  - `X-API-Key: <api_key>` (and `X-Poelis-Api-Key` as a compatibility alias)
+  - `Authorization: Api-Key <api_key>` (compatibility for gateways expecting Authorization-only)
+  - `X-Poelis-Org: <org_id>`
+
+You can opt into Bearer mode (legacy) by setting `POELIS_AUTH_MODE=bearer`, which will send:
+
+  - `Authorization: Bearer <api_key>`
+  - `X-Poelis-Org: <org_id>`
+
+The backend validates the API key against your organization, applies authorization and filtering, and returns data.
+
+
 ## Dot-path browser (Notebook UX)
 
 The SDK exposes a dot-path browser for easy exploration:
@@ -69,7 +87,7 @@ client.browser  # then use TAB to explore
 # client.browser.<workspace>.<product>.<item>.<child>.properties
 ```
 
-See the example notebook in `notebooks/try_poelis_sdk.ipynb` for an end-to-end walkthrough (authentication, listing workspaces/products/items, and simple search queries).
+See the example notebook in `notebooks/try_poelis_sdk.ipynb` for an end-to-end walkthrough (authentication, listing workspaces/products/items, and simple search queries). The client defaults to `https://api.poelis.ai` unless `POELIS_BASE_URL` is set.
 
 ## Requirements
 

{poelis_sdk-0.2.2.dist-info → poelis_sdk-0.3.1.dist-info}/RECORD

@@ -1,7 +1,6 @@
 poelis_sdk/__init__.py,sha256=vRKuvnMGtq2_6SYDPNpckSPYXTgMDD1vBAfZ1bXlHL0,924
-poelis_sdk/_transport.py,sha256=F5EX0EJFHJPAE638nKzlX5zLSU6FIMzMemqgh05_V6U,6061
-poelis_sdk/auth0.py,sha256=VDZHCv9YpsW55H-PLINKMq74UhevP6OWyBHQyEFIpvw,3163
-poelis_sdk/browser.py,sha256=D-9Xgj1SBy4DQa6Ow8gQ1DOWhy373WqYJMYIiXFXlgM,19803
+poelis_sdk/_transport.py,sha256=Na1neuS9JyLwHqhWkqwpQiGdbRtS0EJlWd587kQ88-s,7069
+poelis_sdk/browser.py,sha256=mmtG9WUCYmBLFCiElXPjXnKm_kWvPw6nvyakGr05heI,20393
 poelis_sdk/client.py,sha256=10__5po-foX36ZCCduQmzdoh9NNS320kyaqztUNtPvo,3872
 poelis_sdk/exceptions.py,sha256=qX5kpAr8ozJUOW-CNhmspWVIE-bvUZT_PUnimYuBxNY,1101
 poelis_sdk/items.py,sha256=vomXn43gcUlX2iUro3mpb8Qicmmt4sWFB2vXXxIfLsM,2575
@@ -11,7 +10,7 @@ poelis_sdk/org_validation.py,sha256=c4fB6ySTvcovWxG4F1wU_OBlP-FyuIaAUzCwqgJKzBE,
 poelis_sdk/products.py,sha256=bwV2mOPvBriy83F3BxWww1oSsyLZFQvh4XOiIE9fI1s,3240
 poelis_sdk/search.py,sha256=KQbdnu2khQDewddSJHR7JWysH1f2M7swK6MR-ZwrLAE,4101
 poelis_sdk/workspaces.py,sha256=hpmRl-Hswr4YDvObQdyVpegIYjUWno7A_BiVBz-AQGc,2383
-poelis_sdk-0.2.2.dist-info/METADATA,sha256=cMTXDB8V-RCcTq0dffqeSuPCYM4pb67nz6Fx0nGl3yc,2219
-poelis_sdk-0.2.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-poelis_sdk-0.2.2.dist-info/licenses/LICENSE,sha256=EEmE_r8wk_pdXB8CWp1LG6sBOl7--hNSS2kV94cI6co,1075
-poelis_sdk-0.2.2.dist-info/RECORD,,
+poelis_sdk-0.3.1.dist-info/METADATA,sha256=nqjn38g9SKvJ13LJk0aP0DgGy3y8txsAQVnbvxv_QQw,2968
+poelis_sdk-0.3.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+poelis_sdk-0.3.1.dist-info/licenses/LICENSE,sha256=EEmE_r8wk_pdXB8CWp1LG6sBOl7--hNSS2kV94cI6co,1075
+poelis_sdk-0.3.1.dist-info/RECORD,,

poelis_sdk/auth0.py

@@ -1,87 +0,0 @@
-"""Auth0 Client Credentials flow for SDK authentication.
-
-This module handles automatic JWT token acquisition using Auth0 Client Credentials
-flow when users provide API keys. The API key serves as the client_id, and we
-derive the client_secret and audience from the API key format.
-"""
-
-from __future__ import annotations
-
-import time
-from typing import Optional
-
-import httpx
-
-
-class Auth0TokenManager:
-    """Manages Auth0 JWT tokens using Client Credentials flow.
-    
-    Automatically acquires and refreshes tokens based on API keys.
-    """
-    
-    def __init__(self, api_key: str, org_id: str, base_url: str) -> None:
-        """Initialize token manager.
-        
-        Args:
-            api_key: API key from webapp (used as client_id)
-            org_id: Organization ID for audience
-            base_url: Base URL to derive Auth0 domain and audience
-        """
-        self.api_key = api_key
-        self.org_id = org_id
-        self.base_url = base_url
-        
-        # Extract Auth0 domain from API key format
-        # Format: poelis_live_org_dev_<client_id>
-        parts = api_key.split('_')
-        if len(parts) >= 4 and parts[0] == 'poelis' and parts[1] == 'live' and parts[2] == 'org' and parts[3] == 'dev':
-            # For now, use the Machine to Machine application credentials
-            # TODO: Parse client_id from API key when webapp generates proper format
-            self.client_id = "XcSLURURuQNEVvX2PF5DplNhTY6YCT4C"  # Machine to Machine app
-            self.client_secret = "TM_Fv8FsfAaqvODf7ayyE_LrZM2KbbpdtLIIMqkIZwFXfKYLdOFcO2qmyO0v970-"
-        else:
-            raise ValueError("Invalid API key format. Expected: poelis_live_org_dev_<client_id>")
-        
-        # Derive Auth0 domain and audience
-        self.auth0_domain = "poelis-prod.eu.auth0.com" 
-        self.audience = "poelis-auth-api"  # Use the API identifier, not the GCP URL
-        
-        self._token: Optional[str] = None
-        self._expires_at: float = 0
-    
-    def get_token(self) -> str:
-        """Get valid JWT token, refreshing if needed.
-        
-        Returns:
-            str: JWT token for Authorization header
-        """
-        if self._token and time.time() < self._expires_at - 60:  # Refresh 1min early
-            return self._token
-        
-        return self._refresh_token()
-    
-    def _refresh_token(self) -> str:
-        """Acquire new JWT token from Auth0.
-        
-        Returns:
-            str: Fresh JWT token
-        """
-        token_url = f"https://{self.auth0_domain}/oauth/token"
-        
-        data = {
-            "client_id": self.client_id,
-            "client_secret": self.client_secret,
-            "audience": self.audience,
-            "grant_type": "client_credentials"
-        }
-        
-        with httpx.Client() as client:
-            response = client.post(token_url, data=data)
-            response.raise_for_status()
-            
-            token_data = response.json()
-            self._token = token_data["access_token"]
-            expires_in = token_data.get("expires_in", 3600)
-            self._expires_at = time.time() + expires_in
-            
-            return self._token