pyspiral 0.2.5__cp310-abi3-macosx_11_0_arm64.whl → 0.4.0__cp310-abi3-macosx_11_0_arm64.whl

pyspiral-0.2.5.dist-info/RECORD

@@ -1,81 +0,0 @@
-pyspiral-0.2.5.dist-info/METADATA,sha256=v9fKmJB3Y9Qss3pzr-rtw4PGnry0iBaFLN3_fwefN2s,1699
-pyspiral-0.2.5.dist-info/WHEEL,sha256=j3ku1HwtRttgdyoybPiqmsz03FP6lDUkPQNFM63xZJo,103
-pyspiral-0.2.5.dist-info/entry_points.txt,sha256=uft7u-a6g40NLt4Q6BleWbK4NY0M8nZuYPpP8DV0EOk,45
-spiral/catalog.py,sha256=BtthmRApU1RSb6KbUfVTM2aYeLsnlO0nKDYHBYhdr9M,2496
-spiral/scan_.py,sha256=rbLl85yeOkRuLsbk6QKng0_U4gtGGsW6C-aJiJSxuv8,5946
-spiral/substrait_.py,sha256=5ZXnYcsXEdrBogECnoL6IMlsjsseYHEnVARgRpy2vt8,12671
-spiral/config.py,sha256=ovtE5D3r6_g90ZRDJhlJyWhOBlxLjagvomOyA-VZmdc,911
-spiral/core/core/__init__.pyi,sha256=-OCtTgqjUN7sACAmgrAA_TrqmuP7epNSyL9XjqnNTa4,1914
-spiral/core/spec/__init__.pyi,sha256=zwOPhpBS_iOrPkOdc4ySpgzICZNbteMZf4c2wdkWw1Y,7251
-spiral/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-spiral/core/manifests/__init__.pyi,sha256=DXr4Ab_Xo11AzrJlSj7FTSJc8qoO-SkL-_ik4kB855U,1516
-spiral/core/metastore/__init__.pyi,sha256=pdKED91GVJ9XWxTWc9gwkHvVHV_RKxvL43Ofs5ndmew,3145
-spiral/types_.py,sha256=W_jyO7F6rpPiH69jhgSgV7OxQZbOlb1Ho3InpKUP6Eo,155
-spiral/proto/scandal/__init__.py,sha256=wAAEkPN4S4XDpGQtw1MV5zFUeHM01XSAa5tgUgcALvg,777
-spiral/proto/util.py,sha256=smnvVo6nYH3FfDm9jqhNLaXz4bbTBaQezHQDCTvZyiQ,1486
-spiral/proto/spiral/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-spiral/proto/spiral/table/__init__.py,sha256=_F1f52RMkZsXofPXpJb2KE8KR5l6zxCtrGrabR1uDxo,2816
-spiral/proto/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-spiral/proto/_/scandal/__init__.py,sha256=rQJdbN3UKDJ8vOJ5V7l3KumNHlRyY8iw25HCLsIDB4I,6582
-spiral/proto/_/arrow/flight/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-spiral/proto/_/arrow/flight/protocol/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-spiral/proto/_/arrow/flight/protocol/sql/__init__.py,sha256=_xhj9QkWEW1qZ-iVxcQ8k4EjYr7KJ5ofitJGqVUGQi4,79921
-spiral/proto/_/arrow/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-spiral/proto/_/spiral/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-spiral/proto/_/spiral/table/__init__.py,sha256=sjK2dmvB09PqV3lxKMEk5QoHjC37HMW0MnxR1QDuBg0,7387
-spiral/proto/_/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-spiral/proto/_/spiraldb/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-spiral/proto/_/spiraldb/metastore/__init__.py,sha256=40Egtg8MRYTaTTYRKOHkwuiyXEkw3Yg7ETCQskIzpIg,16873
-spiral/proto/_/spfs/__init__.py,sha256=9WtIXr7HGslKWRHHieFDo8N_qnGL4QQyLOCWEkOKRvk,1017
-spiral/proto/substrait/__init__.py,sha256=pV4-T-lwAHKkfFrNYSUGY4IkbIvuKjSo_imzF7BLj_s,126526
-spiral/proto/substrait/extensions/__init__.py,sha256=yD7dg0TBqn-GK_L0qeVof1GKnwSLg_kPyQSV3kcSljs,3655
-spiral/arrow.py,sha256=LBPwZcGkP4kXb42_kl5IUwWW3DO84CV3QJDwCHjG5Dg,7225
-spiral/__init__.py,sha256=4EiQkY17qHT9dpxu41fdOV1kqGl_b-HXNRQg--ZwJbo,286
-spiral/cli/console.py,sha256=-OP0bB_efxhWh4lZ95KRdu-SRgSUMJ47Rbi9FHv1TlY,2577
-spiral/cli/org.py,sha256=ezWhoGUkJQQAwI1jKvDP8uZPNlnou_hXtRDa1us5cSE,2935
-spiral/cli/token.py,sha256=dv30aa745bbS-c3tyzQUTSxGG_N0kCt8G4bip9fP_EM,968
-spiral/cli/__init__.py,sha256=CoiAJ7FDgqjG_TrU-6SpP1hyZloIlEP4wcwnrF8flHM,2237
-spiral/cli/types.py,sha256=4cphJs-i0vfq_CcnHxT9FpHiZdGwxME5GnOmIGB6Thw,1436
-spiral/cli/workload.py,sha256=-XreFPJcX7kZvcYE3oQMeGkkYoXi25R5nuktJPg-PuY,2000
-spiral/cli/admin.py,sha256=3pIs6PxDugMtdgzfRpn_HfBDv-cwAYtF0cJP2INB01A,579
-spiral/cli/fs.py,sha256=8sQAgMahAq0gtXJqnuiKUkx4sO6vEEF4Iaq_-AF3wro,1524
-spiral/cli/app.py,sha256=2oZfDTgj_gZ-lFMMzzJJTnvVzQhp_iedvH-FJnaaMW0,1487
-spiral/cli/table.py,sha256=eh2NAk0GlfvthwRNeIbcZTsRWU3ypFx_uu9OaOLHPUo,628
-spiral/cli/login.py,sha256=C7VpqVyYO2daUeIWHoelWnSGN7cju8YEuqOy12ImH4c,381
-spiral/cli/printer.py,sha256=5HD3UcszFfPk-dK8U5akuvtXqMB7PMgOB1DFYMqspG8,1625
-spiral/cli/__main__.py,sha256=kNaKM2xgJo7GRogf83nYldLM-RGUR6vymdGwZxywQu0,71
-spiral/cli/project.py,sha256=aCxvw8UVwSmh_anArizIQ3_pLVT6QH9jYwMsGfpJUgM,4486
-spiral/cli/state.py,sha256=1quvei8TnDTT6mDRo58P8FUfy4w16Z9sggBz7cFgllY,70
-spiral/dataset.py,sha256=jUeXvE4B5nKh9VNmHxvROQbEkTUxqyYS8oS6EQyRbng,7555
-spiral/grpc_.py,sha256=f3czdP1Mxme42Y5--a5ogYq1TTiWn-J_MlGjwJ2mWwM,1015
-spiral/debug.py,sha256=t590eAUtNWwMTsSdkjVNN7J1iMqY2p4PRJ3BWR_ozho,8999
-spiral/expressions/tiff.py,sha256=k5GMzm4FmGBJMyja-D6u_kt_-vHYIdj4bnYYZut5lK4,7579
-spiral/expressions/io.py,sha256=gJ2a0FKMmdxarWKENulPRwH7KDvSJTIh_OUxX306xAM,3045
-spiral/expressions/__init__.py,sha256=T2POn0Z-mQj9PY8ukYWYn5A832Fz7Y6F8RRASo6Xl3A,5638
-spiral/expressions/list_.py,sha256=nbo4xQAuqBsQGajq_JgORaJl8_CDvOAv14zMbqmtZh4,1814
-spiral/expressions/http.py,sha256=begUydWoFHEqjeLkATvI_v66Ez6_rR-OQBWO5cHbb9c,2742
-spiral/expressions/refs.py,sha256=F3xr7wmrbAawMkLTWcvVwczbOMNOnIttSMRDuzjZHbo,1774
-spiral/expressions/udf.py,sha256=vOlrdxiVpt7vdSgiTKX_XR86YKyu02Fdwb9xlINCby4,1363
-spiral/expressions/str_.py,sha256=tY8RXW3JWvr1-bEfCZtk5FAf11wKJnXPuA9EoeJ9tA4,1265
-spiral/expressions/base.py,sha256=mTBwS6CwdDaV8uotjZUiKi7GHQzX2TRPpnseJJUDrR0,4776
-spiral/expressions/struct.py,sha256=MuxoBP6ESpwmjzusG-_HxHGYKvQQz6AZWzvw7vNUHJM,2007
-spiral/settings.py,sha256=e_F6GQea6ljXzCRgFxMBMecoGhFpEhePhMRQkYOoVO4,4555
-spiral/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-spiral/api/filesystems.py,sha256=NPf5PCyCQ7eEU723fOdKcuGPgn83pthkb_jJ9aB0fwM,3431
-spiral/api/workloads.py,sha256=4MWs2pp9AWvx6cZhgyW-ehyCRxpHc_NAQgHaoYOEBfg,1266
-spiral/api/__init__.py,sha256=Ub3IYeQUJ_z0-Y_SXmNasxb6uefKynQkuUZgRM1enyc,6660
-spiral/api/tokens.py,sha256=WaSRr_l3i81t5u2qi3kWW-fySbyKFm-PQK1ZlmoSByc,1464
-spiral/api/admin.py,sha256=HJBrRJScbcdDuFhF_06E0EyE-_Y0osfYPxVoRAyEoTc,837
-spiral/api/organizations.py,sha256=-PO93HTX02IxhXM6SJpAhnAXpVW1WjthFO4-AOzZAC4,2670
-spiral/api/tables.py,sha256=uPoWkkcW7lJUxU0fUgDK5Gy_DT8y7gJFXdgxQpqcc5w,2548
-spiral/api/projects.py,sha256=-VGlu5V3TJ3XLCGu85bPHRFiktIADnAxfLWIH8Rmxug,4986
-spiral/table.py,sha256=iJ-Lhu9ieSNg728cvUNRERcxKz7pj8hMCXPGBFHg7tI,4845
-spiral/authn/modal_.py,sha256=agcnR3dYTslkH2K_a2Eis_2JWn9Ps11FVrGG_jkOdGk,472
-spiral/authn/device.py,sha256=ohHSVLW3a-qLNYQGN-3kXxV_836xOe0UYBN8i63cqAQ,6796
-spiral/authn/authn.py,sha256=OCGJAUfoKLiXw9xAcAnX6i6mBRlvsl6qEFcimqQOu7g,2555
-spiral/authn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-spiral/authn/github_.py,sha256=K-0RUHDreINjnCDHyT9aeVDRk6WtNP7noBYEcwdz2W4,1313
-spiral/adbc.py,sha256=H_bzevPy5teyZKzjczh1gQ_zPcfk5sNASiJKQvyab9E,13830
-spiral/project.py,sha256=q9jHql7hz5OQzPfDfvE_hN3K9cZotD0cxkdug9EUTwM,4889
-spiral/_lib.abi3.so,sha256=Te1P4F2PJPY2E7qn69_ApKZwKkIp93sdpf21XZJZ6jU,61005104
-pyspiral-0.2.5.dist-info/RECORD,,

spiral/api/tables.py

@@ -1,94 +0,0 @@
-from typing import Annotated
-
-from pydantic import (
-    AfterValidator,
-    BaseModel,
-    StringConstraints,
-)
-
-from . import ArrowSchema, Paged, PagedRequest, PagedResponse, ProjectId, ServiceBase
-
-
-def _validate_root_uri(uri: str) -> str:
-    if uri.endswith("/"):
-        raise ValueError("Root URI must not end with a slash.")
-    return uri
-
-
-RootUri = Annotated[str, AfterValidator(_validate_root_uri)]
-DatasetName = Annotated[str, StringConstraints(max_length=128, pattern=r"^[a-zA-Z_][a-zA-Z0-9_-]+$")]
-TableName = Annotated[str, StringConstraints(max_length=128, pattern=r"^[a-zA-Z_][a-zA-Z0-9_-]+$")]
-
-
-class TableMetadata(BaseModel):
-    key_schema: ArrowSchema
-    root_uri: RootUri
-    spfs_mount_id: str | None = None
-
-    # TODO(marko): Randomize this on creation of metadata.
-    # Column group salt is used to compute column group IDs.
-    # It's used to ensure that column group IDs are unique
-    # across different tables, even if paths are the same.
-    # It's never modified.
-    column_group_salt: int = 0
-
-
-class Table(BaseModel):
-    id: str
-    project_id: ProjectId
-    dataset: DatasetName
-    table: TableName
-    metadata: TableMetadata
-
-
-class CreateTable:
-    class Request(BaseModel):
-        project_id: ProjectId
-        dataset: DatasetName
-        table: TableName
-        key_schema: ArrowSchema
-        root_uri: RootUri | None = None
-        exist_ok: bool = False
-
-    class Response(BaseModel):
-        table: Table
-
-
-class FindTable:
-    class Request(BaseModel):
-        project_id: ProjectId
-        dataset: DatasetName = None
-        table: TableName = None
-
-    class Response(BaseModel):
-        table: Table | None
-
-
-class GetTable:
-    class Request(BaseModel):
-        id: str
-
-    class Response(BaseModel):
-        table: Table
-
-
-class ListTables:
-    class Request(PagedRequest):
-        project_id: ProjectId
-        dataset: DatasetName | None = None
-
-    class Response(PagedResponse[Table]): ...
-
-
-class TableService(ServiceBase):
-    def create(self, req: CreateTable.Request) -> CreateTable.Response:
-        return self.client.post("/table/create", req, CreateTable.Response)
-
-    def find(self, req: FindTable.Request) -> FindTable.Response:
-        return self.client.put("/table/find", req, FindTable.Response)
-
-    def get(self, req: GetTable.Request) -> GetTable.Response:
-        return self.client.put(f"/table/{req.id}", GetTable.Response)
-
-    def list(self, req: ListTables.Request) -> Paged[Table]:
-        return self.client.paged("/table/list", req, ListTables.Response)

spiral/api/tokens.py

@@ -1,56 +0,0 @@
-from pydantic import BaseModel
-
-from . import Paged, PagedRequest, PagedResponse, ServiceBase
-
-
-class Token(BaseModel):
-    id: str
-    project_id: str
-    on_behalf_of: str
-
-
-class ExchangeToken:
-    class Request(BaseModel): ...
-
-    class Response(BaseModel):
-        token: str
-
-
-class IssueToken:
-    class Request(BaseModel): ...
-
-    class Response(BaseModel):
-        token: Token
-        token_secret: str
-
-
-class RevokeToken:
-    class Request(BaseModel):
-        token_id: str
-
-    class Response(BaseModel):
-        token: Token
-
-
-class ListTokens:
-    class Request(PagedRequest):
-        project_id: str
-        on_behalf_of: str | None = None
-
-    class Response(PagedResponse[Token]): ...
-
-
-class TokenService(ServiceBase):
-    def exchange(self) -> ExchangeToken.Response:
-        """Exchange a basic / identity token to a short-lived Spiral token."""
-        return self.client.post("/token/exchange", ExchangeToken.Request(), ExchangeToken.Response)
-
-    def issue(self) -> IssueToken.Response:
-        """Issue an API token on behalf of a principal."""
-        return self.client.post("/token/issue", IssueToken.Request(), IssueToken.Response)
-
-    def revoke(self, request: RevokeToken.Request) -> RevokeToken.Response:
-        return self.client.put("/token/revoke", request, RevokeToken.Response)
-
-    def list(self, request: ListTokens.Request) -> Paged[Token]:
-        return self.client.paged("/token/list", request, ListTokens.Response)

spiral/authn/authn.py

@@ -1,89 +0,0 @@
-import base64
-import logging
-import os
-
-from spiral.api import Authn, SpiralAPI
-
-ENV_TOKEN_ID = "SPIRAL_TOKEN_ID"
-ENV_TOKEN_SECRET = "SPIRAL_TOKEN_SECRET"
-
-log = logging.getLogger(__name__)
-
-
-class FallbackAuthn(Authn):
-    """Credential provider that tries multiple providers in order."""
-
-    def __init__(self, providers: list[Authn]):
-        self._providers = providers
-
-    def token(self) -> str | None:
-        for provider in self._providers:
-            token = provider.token()
-            if token is not None:
-                return token
-        return None
-
-
-class TokenAuthn(Authn):
-    """Credential provider that returns a fixed token."""
-
-    def __init__(self, token: str):
-        self._token = token
-
-    def token(self) -> str:
-        return self._token
-
-
-class EnvironmentAuthn(Authn):
-    """Credential provider that returns a basic token from the environment.
-
-    NOTE: Returns basic token. Must be exchanged.
-    """
-
-    def token(self) -> str | None:
-        if ENV_TOKEN_ID not in os.environ:
-            return None
-        if ENV_TOKEN_SECRET not in os.environ:
-            raise ValueError(f"{ENV_TOKEN_SECRET} is missing.")
-
-        token_id = os.environ[ENV_TOKEN_ID]
-        token_secret = os.environ[ENV_TOKEN_SECRET]
-        basic_token = base64.b64encode(f"{token_id}:{token_secret}".encode()).decode("utf-8")
-
-        return basic_token
-
-
-class DeviceAuthProvider(Authn):
-    """Auth provider that uses the device flow to authenticate a Spiral user."""
-
-    def __init__(self, device_auth):
-        # NOTE(ngates): device_auth: spiral.auth.device_code.DeviceAuth
-        #  We don't type it to satisfy our import linter
-        self._device_auth = device_auth
-
-    def token(self) -> str | None:
-        # TODO(ngates): only run this if we're in a notebook, CLI, or otherwise on the user's machine.
-        return self._device_auth.authenticate().access_token
-
-
-class TokenExchangeProvider(Authn):
-    """Auth provider that exchanges a basic token for a Spiral token."""
-
-    def __init__(self, authn: Authn, base_url: str):
-        self._authn = authn
-        self._token_service = SpiralAPI(authn, base_url).token
-
-        self._sp_token = None
-
-    def token(self) -> str | None:
-        if self._sp_token is not None:
-            return self._sp_token
-
-        # Don't try to exchange if token is not discovered.
-        if self._authn.token() is None:
-            return None
-
-        log.debug("Exchanging token")
-        self._sp_token = self._token_service.exchange().token
-
-        return self._sp_token

spiral/authn/device.py

@@ -1,206 +0,0 @@
-import logging
-import sys
-import textwrap
-import time
-import webbrowser
-from pathlib import Path
-
-import httpx
-import jwt
-from pydantic import BaseModel
-
-log = logging.getLogger(__name__)
-
-
-class TokensModel(BaseModel):
-    access_token: str
-    refresh_token: str
-
-    @property
-    def organization_id(self) -> str | None:
-        return self.unverified_access_token().get("org_id")
-
-    def unverified_access_token(self):
-        return jwt.decode(self.access_token, options={"verify_signature": False})
-
-
-class AuthModel(BaseModel):
-    tokens: TokensModel | None = None
-
-
-class DeviceAuth:
-    def __init__(
-        self,
-        auth_file: Path,
-        domain: str,
-        client_id: str,
-        http: httpx.Client = None,
-    ):
-        self._auth_file = auth_file
-        self._domain = domain
-        self._client_id = client_id
-        self._http = http or httpx.Client()
-
-        if self._auth_file.exists():
-            with self._auth_file.open("r") as f:
-                self._auth = AuthModel.model_validate_json(f.read())
-        else:
-            self._auth = AuthModel()
-
-        self._default_scope = ["email", "profile"]
-
-    def is_authenticated(self) -> bool:
-        """Check if the user is authenticated."""
-        tokens = self._auth.tokens
-        if tokens is None:
-            return False
-
-        # Give ourselves a 30-second buffer before the token expires.
-        return tokens.unverified_access_token()["exp"] - 30 > time.time()
-
-    def authenticate(self, force: bool = False, refresh: bool = False, organization_id: str = None) -> TokensModel:
-        """Blocking call to authenticate the user.
-
-        Triggers a device code flow and polls for the user to login.
-        """
-        if force:
-            return self._device_code(organization_id)
-
-        if refresh:
-            if self._auth.tokens is None:
-                raise ValueError("No tokens to refresh.")
-            tokens = self._refresh(self._auth.tokens, organization_id)
-            if not tokens:
-                raise ValueError("Failed to refresh token.")
-            return tokens
-
-        # Check for mis-matched organization.
-        if organization_id is not None:
-            tokens = self._auth.tokens
-            if tokens is not None and tokens.unverified_access_token().get("org_id") != organization_id:
-                tokens = self._refresh(self._auth.tokens, organization_id)
-                if tokens is None:
-                    return self._device_code(organization_id)
-
-        if self.is_authenticated():
-            return self._auth.tokens
-
-        # Try to refresh.
-        tokens = self._auth.tokens
-        if tokens is not None:
-            tokens = self._refresh(tokens)
-            if tokens is not None:
-                return tokens
-
-        # Otherwise, we kick off the device code flow.
-        return self._device_code(organization_id)
-
-    def logout(self):
-        self._remove_tokens()
-
-    def _device_code(self, organization_id: str | None):
-        scope = " ".join(self._default_scope)
-        res = self._http.post(
-            f"{self._domain}/auth/device/code",
-            data={
-                "client_id": self._client_id,
-                "scope": scope,
-                "organization_id": organization_id,
-            },
-        )
-        res = res.raise_for_status().json()
-        device_code = res["device_code"]
-        user_code = res["user_code"]
-        expires_at = res["expires_in"] + time.time()
-        interval = res["interval"]
-        verification_uri_complete = res["verification_uri_complete"]
-
-        # We need to detect if the user is running in a terminal, in Jupyter, etc.
-        # For now, we'll try to open the browser.
-        sys.stderr.write(
-            textwrap.dedent(
-                f"""
-                Please login here: {verification_uri_complete}
-                Your code is {user_code}.
-            """
-            )
-        )
-
-        # Try to open the browser (this also works if the Jupiter notebook is running on the user's machine).
-        opened = webbrowser.open(verification_uri_complete)
-
-        # If we have a server-side Jupyter notebook, we can try to open with client-side JavaScript.
-        if not opened and _in_notebook():
-            from IPython.display import Javascript, display
-
-            display(Javascript(f'window.open("{verification_uri_complete}");'))
-
-        # In the meantime, we need to poll for the user to login.
-        while True:
-            if time.time() > expires_at:
-                raise TimeoutError("Login timed out.")
-            time.sleep(interval)
-            res = self._http.post(
-                f"{self._domain}/auth/token",
-                data={
-                    "client_id": self._client_id,
-                    "device_code": device_code,
-                    "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
-                },
-            )
-            if not res.is_success:
-                continue
-
-            tokens = TokensModel(
-                access_token=res.json()["access_token"],
-                refresh_token=res.json()["refresh_token"],
-            )
-            self._save_tokens(tokens)
-            return self._auth.tokens
-
-    def _refresh(self, tokens: TokensModel, organization_id: str = None) -> TokensModel | None:
-        """Attempt to use the refresh token."""
-        log.debug("Refreshing token %s", self._client_id)
-
-        res = self._http.post(
-            f"{self._domain}/auth/refresh",
-            data={
-                "client_id": self._client_id,
-                "grant_type": "refresh_token",
-                "refresh_token": tokens.refresh_token,
-                "organization_id": organization_id,
-            },
-        )
-        if not res.is_success:
-            print("Failed to refresh token", res.status_code, res.text)
-            return None
-
-        tokens = TokensModel(
-            access_token=res.json()["access_token"],
-            refresh_token=res.json()["refresh_token"],
-        )
-        self._save_tokens(tokens)
-        return tokens
-
-    def _save_tokens(self, tokens: TokensModel):
-        self._auth = self._auth.model_copy(update={"tokens": tokens})
-        self._auth_file.parent.mkdir(parents=True, exist_ok=True)
-        with self._auth_file.open("w") as f:
-            f.write(self._auth.model_dump_json(exclude_defaults=True))
-
-    def _remove_tokens(self):
-        self._auth_file.unlink(missing_ok=True)
-        self._auth = self._auth.model_copy(update={"tokens": None})
-
-
-def _in_notebook():
-    try:
-        from IPython import get_ipython
-
-        if "IPKernelApp" not in get_ipython().config:  # pragma: no cover
-            return False
-    except ImportError:
-        return False
-    except AttributeError:
-        return False
-    return True

spiral/authn/github_.py

@@ -1,33 +0,0 @@
-import os
-
-import httpx
-
-from spiral.api import Authn
-
-
-class GitHubActionsProvider(Authn):
-    AUDIENCE = "https://iss.spiraldb.com"
-
-    def __init__(self):
-        self._gh_token = None
-
-    def token(self) -> str | None:
-        if self._gh_token is not None:
-            return self._gh_token
-
-        if os.environ.get("GITHUB_ACTIONS") == "true":
-            # Next, we check to see if we're running in GitHub actions and if so, grab an ID token.
-            if "ACTIONS_ID_TOKEN_REQUEST_TOKEN" in os.environ and "ACTIONS_ID_TOKEN_REQUEST_URL" in os.environ:
-                if not hasattr(self, "__gh_token"):
-                    resp = httpx.get(
-                        f"{os.environ['ACTIONS_ID_TOKEN_REQUEST_URL']}&audience={self.AUDIENCE}",
-                        headers={"Authorization": f'Bearer {os.environ["ACTIONS_ID_TOKEN_REQUEST_TOKEN"]}'},
-                    )
-                    if not resp.is_success:
-                        raise ValueError(f"Failed to get GitHub Actions ID token: {resp.text}", resp)
-                    self._gh_token = resp.json()["value"]
-            else:
-                raise ValueError("Please set 'id-token: write' permission for this GitHub Actions workflow.")
-
-        # For now, we don't exchange the token for a Spiral one.
-        return self._gh_token

spiral/authn/modal_.py

@@ -1,18 +0,0 @@
-import os
-
-from spiral.api import Authn
-
-
-class ModalProvider(Authn):
-    def __init__(self):
-        self._modal_token = None
-
-    def token(self) -> str | None:
-        if self._modal_token is not None:
-            return self._modal_token
-
-        if os.environ.get("MODAL_IDENTITY_TOKEN") is not None:
-            self._modal_token = os.environ["MODAL_IDENTITY_TOKEN"]
-
-        # For now, we don't exchange the token for a Spiral one.
-        return self._modal_token

spiral/cli/org.py

@@ -1,90 +0,0 @@
-import webbrowser
-from typing import Annotated
-
-import jwt
-import rich
-import typer
-from rich.table import Table
-from typer import Option
-
-from spiral.api.organizations import CreateOrganization, InviteUser, OrganizationRole, PortalLink
-from spiral.cli import AsyncTyper, OptionalStr, state
-from spiral.cli.types import OrganizationArg
-
-app = AsyncTyper()
-
-
-@app.command(help="Switch the active organization.")
-def switch(org_id: OrganizationArg):
-    state.settings.spiraldb.device_auth().authenticate(refresh=True, organization_id=org_id)
-    rich.print(f"Switched to organization: {org_id}")
-
-
-@app.command(help="Create a new organization.")
-def create(
-    name: Annotated[OptionalStr, Option(help="The human-readable name of the organization.")] = None,
-):
-    res = state.settings.api.organization.create_organization(CreateOrganization.Request(name=name))
-
-    # Authenticate to the new organization
-    state.settings.spiraldb.device_auth().authenticate(refresh=True, organization_id=res.organization.id)
-
-    rich.print(f"{res.organization.name} [dim]{res.organization.id}[/dim]")
-
-
-@app.command(help="List organizations.")
-def ls():
-    org_id = current_org_id()
-
-    table = Table("", "id", "name", "role", title="Organizations")
-    for m in state.settings.api.organization.list_user_memberships():
-        table.add_row("👉" if m.organization.id == org_id else "", m.organization.id, m.organization.name, m.role)
-
-    rich.print(table)
-
-
-@app.command(help="Invite a user to the organization.")
-def invite(email: str, role: OrganizationRole = "member", expires_in_days: int = 7):
-    state.settings.api.organization.invite_user(
-        InviteUser.Request(email=email, role=role, expires_in_days=expires_in_days)
-    )
-    rich.print(f"Invited {email} as a {role.value}.")
-
-
-@app.command(help="Configure single sign-on for your organization.")
-def sso():
-    _do_action(PortalLink.Intent.SSO)
-
-
-@app.command(help="Configure directory services for your organization.")
-def directory():
-    _do_action(PortalLink.Intent.DIRECTORY)
-
-
-@app.command(help="Configure audit logs for your organization.")
-def audit_logs():
-    _do_action(PortalLink.Intent.AUDIT_LOGS)
-
-
-@app.command(help="Configure log streams for your organization.")
-def log_streams():
-    _do_action(PortalLink.Intent.LOG_STREAMS)
-
-
-@app.command(help="Configure domains for your organization.")
-def domains():
-    _do_action(PortalLink.Intent.DOMAIN_VERIFICATION)
-
-
-def _do_action(intent: PortalLink.Intent):
-    res = state.settings.api.organization.portal_link(PortalLink.Request(intent=intent))
-    rich.print(f"Opening the configuration portal:\n{res.url}")
-    webbrowser.open(res.url)
-
-
-def current_org_id():
-    org_id = jwt.decode(state.settings.authn.token(), options={"verify_signature": False}).get("org_id")
-    if not org_id:
-        rich.print("[red]You are not logged in to an organization.[/red]")
-        raise typer.Exit(1)
-    return org_id