rsc-client 1.0.20260413__tar.gz

rsc_client-1.0.20260413/.github/workflows/publish.yml

@@ -0,0 +1,21 @@
+name: Publish to PyPI
+
+on:
+  push:
+    tags:
+      - "[0-9]*"
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - run: pip install hatch
+      - run: hatch build
+      - uses: pypa/gh-action-pypi-publish@release/v1

rsc_client-1.0.20260413/.github/workflows/schema-update.yml

@@ -0,0 +1,76 @@
+name: Update Schema
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "schemas/*.graphql"
+  workflow_dispatch:
+
+jobs:
+  generate:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install dependencies
+        run: pip install sgqlc graphql-core hatch twine
+
+      - name: Find latest schema file
+        id: schema
+        run: |
+          SCHEMA_FILE=$(ls schemas/*.graphql | sort | tail -1)
+          BASENAME=$(basename "$SCHEMA_FILE" .graphql)
+          CURRENT_VERSION=$(grep '^version = ' pyproject.toml | sed 's/version = "\(.*\)"/\1/')
+          MAJOR=$(echo "$CURRENT_VERSION" | cut -d. -f1)
+          MINOR=$(echo "$CURRENT_VERSION" | cut -d. -f2)
+          VERSION="${MAJOR}.${MINOR}.${BASENAME}"
+          echo "file=$SCHEMA_FILE" >> "$GITHUB_OUTPUT"
+          echo "date=$BASENAME" >> "$GITHUB_OUTPUT"
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: Convert SDL to introspection JSON
+        run: |
+          python3 - <<'EOF'
+          import json
+          from graphql import build_schema, introspection_from_schema
+          with open("${{ steps.schema.outputs.file }}") as f:
+              sdl = f.read()
+          schema = build_schema(sdl)
+          result = introspection_from_schema(schema)
+          with open("/tmp/rsc_schema.json", "w") as f:
+              json.dump({"data": result}, f)
+          EOF
+
+      - name: Generate schema bindings
+        run: python3 -m sgqlc.codegen schema /tmp/rsc_schema.json src/rsc/schema.py
+
+      - name: Generate operation index
+        run: PYTHONPATH=src python3 -m rsc.mcp_indexer
+
+      - name: Update version in pyproject.toml
+        run: |
+          VERSION="${{ steps.schema.outputs.version }}"
+          sed -i "s/^version = .*/version = \"$VERSION\"/" pyproject.toml
+
+      - name: Commit and tag
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add src/rsc/schema.py src/rsc/mcp_index.json src/rsc/mcp_types.json pyproject.toml
+          git restore --staged .github/
+          git commit -m "chore: generate schema for ${{ steps.schema.outputs.date }}"
+          git tag "${{ steps.schema.outputs.version }}"
+          git pull --rebase origin main
+          git push origin main --tags
+
+      - name: Build
+        run: hatch build

rsc_client-1.0.20260413/.gitignore

@@ -0,0 +1,9 @@
+__pycache__/
+*.py[cod]
+*.egg-info/
+dist/
+build/
+.DS_Store
+.venv/
+*.egg
+.claude/

rsc_client-1.0.20260413/CLAUDE.md

@@ -0,0 +1,95 @@
+# RSC Python GraphQL Client
+
+Python client for the Rubrik Security Cloud (RSC) GraphQL API. Provides authenticated GraphQL execution, OAuth2 token management, a generated typed schema, and a discovery index for all available operations.
+
+## Project structure
+
+```
+src/rsc/
+  __init__.py        # Exports RSCClient + index functions
+  client.py          # RSCClient — execute queries/mutations
+  config.py          # Credential loading (env vars, files)
+  auth.py            # OAuth2 token management + caching
+  schema.py          # Auto-generated sgqlc type bindings (DO NOT EDIT)
+  index.py           # Discovery functions (search_operations, describe_operation, ...)
+  mcp_index.json     # Pre-generated operations index (DO NOT EDIT — regenerated by CI)
+  mcp_types.json     # Pre-generated types index (DO NOT EDIT — regenerated by CI)
+  mcp_indexer.py     # Script that builds the two JSON files above from the SDL
+
+schemas/             # GraphQL SDL source files (YYYYMMDD.graphql)
+```
+
+## Important constraints
+
+- **`src/rsc/schema.py`** — auto-generated by `sgqlc.codegen`. Never edit by hand.
+- **`src/rsc/mcp_index.json` and `mcp_types.json`** — auto-generated by `mcp_indexer.py`. Never edit by hand.
+- **`schemas/*.graphql`** — the SDL is the source of truth for all schema changes.
+- No new runtime dependencies should be added without good reason. Current deps: `sgqlc`, `requests`. `graphql-core` is a transitive dep of `sgqlc` and is used at build time only.
+
+## Key APIs
+
+### RSCClient
+
+```python
+from rsc import RSCClient
+
+client = RSCClient()                                      # loads creds from env / ~/.rsc/config.json
+client = RSCClient(service_account_file="path/to/sa.json")
+client.execute("query { accountId }")                    # raw GraphQL string
+client.execute("query { accountId }", variables={...})   # with variables
+client.execute(sgqlc_operation)                          # typed sgqlc Operation
+```
+
+### Discovery index
+
+```python
+from rsc import search_operations, describe_operation, describe_type, list_queries, list_mutations, list_types
+
+search_operations("snapshot", "query")        # [{name, type, description, return_type}]
+describe_operation("slaDomains", "query")     # {name, type, description, return_type, args}
+describe_type("CreateGlobalSlaInput")         # {name, kind, fields: {fieldName: {type, description}}}
+describe_type("SlaAssignTypeEnum")            # {name, kind, values: [...]}
+list_queries()                                # [camelCase names]
+list_mutations()
+list_types()
+```
+
+Operation names are camelCase (as in GraphQL), e.g. `slaDomains`, `vSphereVmNewConnection`. The sgqlc Python API uses snake_case equivalents.
+
+## Updating the schema
+
+Replace the existing SDL file and push — CI handles everything:
+
+```bash
+rm schemas/*.graphql
+cp ~/Downloads/rsc-schema.graphql schemas/$(date +%Y%m%d).graphql
+git add schemas/
+git commit -m "schema: replace with YYYYMMDD"
+git push origin main
+```
+
+CI will: generate `schema.py`, regenerate `mcp_index.json`/`mcp_types.json`, bump version to `X.Y.YYYYMMDD`, commit, tag, and publish to PyPI.
+
+## Regenerating the index locally
+
+After adding a new schema or modifying `mcp_indexer.py`:
+
+```bash
+PYTHONPATH=src python3 -m rsc.mcp_indexer
+```
+
+Commit the resulting `mcp_index.json` and `mcp_types.json`.
+
+## Versioning
+
+Format: `X.Y.YYYYMMDD` (e.g. `1.0.20260316`)
+- **YYYYMMDD** — bumped automatically by CI for each new schema
+- **X.Y** — bumped manually for breaking (major) or additive (minor) library API changes
+
+## Credential loading precedence
+
+1. `RSC_SERVICE_ACCOUNT_FILE` env var (path to service account JSON)
+2. `RSC_URL` + `RSC_CLIENT_ID` + `RSC_CLIENT_SECRET` env vars
+3. `~/.rsc/config.json` (direct credentials or `service_account_file` pointer)
+
+Tokens are cached in `~/.rsc/token_cache_<url-hash>.json` with `0600` permissions and reused until 60 seconds before expiry.

rsc_client-1.0.20260413/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Rubrik, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

rsc_client-1.0.20260413/PKG-INFO

@@ -0,0 +1,289 @@
+Metadata-Version: 2.4
+Name: rsc-client
+Version: 1.0.20260413
+Summary: Low-level Python bindings for the Rubrik Security Cloud GraphQL API
+Project-URL: Homepage, https://github.com/rubrikinc/rubrik-security-cloud-python-graphql-client
+Project-URL: Repository, https://github.com/rubrikinc/rubrik-security-cloud-python-graphql-client
+Project-URL: Bug Tracker, https://github.com/rubrikinc/rubrik-security-cloud-python-graphql-client/issues
+Author: Rubrik, Inc.
+License: MIT License
+        
+        Copyright (c) 2026 Rubrik, Inc.
+        
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+        
+        The above copyright notice and this permission notice shall be included in all
+        copies or substantial portions of the Software.
+        
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+        SOFTWARE.
+License-File: LICENSE
+Keywords: api,backup,client,graphql,rsc,rubrik,security
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.9
+Requires-Dist: requests>=2.28
+Requires-Dist: sgqlc>=9.0
+Description-Content-Type: text/markdown
+
+# rubrik-security-cloud-python-graphql-client
+
+Python client for the Rubrik Security Cloud (RSC) GraphQL API. Provides authenticated GraphQL execution via [sgqlc](https://github.com/profusion/sgqlc), with OAuth2 token management and a generated typed schema so you never have to write raw GraphQL strings.
+
+## Installation
+
+```bash
+pip install rsc-client
+```
+
+To install directly from this repo:
+
+```bash
+pip install git+https://github.com/rubrikinc/rubrik-security-cloud-python-graphql-client.git
+```
+
+## Authentication
+
+### Service account file (recommended)
+
+Download a service account JSON file from the RSC UI (**Access Control → Service Accounts**) and pass it to the client:
+
+```python
+from rsc import RSCClient
+
+client = RSCClient(service_account_file="~/Downloads/my-service-account.json")
+```
+
+Or set an environment variable and call `RSCClient()` with no arguments:
+
+```bash
+export RSC_SERVICE_ACCOUNT_FILE=~/Downloads/my-service-account.json
+```
+
+### `~/.rsc/config.json`
+
+```json
+{
+  "url": "https://myaccount.my.rubrik.com",
+  "client_id": "client|...",
+  "client_secret": "..."
+}
+```
+
+You can also point this file at a service account file:
+
+```json
+{
+  "service_account_file": "/path/to/service-account.json"
+}
+```
+
+### Environment variables
+
+| Variable | Description |
+|---|---|
+| `RSC_SERVICE_ACCOUNT_FILE` | Path to a service account JSON file |
+| `RSC_URL` | RSC base URL |
+| `RSC_CLIENT_ID` | OAuth2 client ID |
+| `RSC_CLIENT_SECRET` | OAuth2 client secret |
+
+**Precedence:** `RSC_SERVICE_ACCOUNT_FILE` → `RSC_URL`/`RSC_CLIENT_ID`/`RSC_CLIENT_SECRET` → `~/.rsc/config.json`
+
+---
+
+## Usage
+
+`RSCClient.execute()` accepts either a raw GraphQL string or an sgqlc `Operation`. The sgqlc approach is recommended — it gives you typed, auto-completed Python objects and catches field name errors before the request is sent.
+
+### Query example — list SLA domains
+
+<table>
+<tr><th>Raw GraphQL string</th><th>sgqlc Operation</th></tr>
+<tr>
+<td>
+
+```python
+result = client.execute("""
+  query {
+    slaDomains {
+      nodes {
+        id
+        name
+      }
+    }
+  }
+""")
+
+for node in result['data']['slaDomains']['nodes']:
+    print(node['id'], node['name'])
+```
+
+</td>
+<td>
+
+```python
+from sgqlc.operation import Operation
+from rsc.schema import Query
+
+op = Operation(Query)
+nodes = op.sla_domains().nodes()
+nodes.__fields__('id', 'name')
+
+result = client.execute(op)
+
+# Deserialize into typed objects
+data = (op + result).sla_domains
+for node in data.nodes:
+    print(node.id, node.name)
+```
+
+</td>
+</tr>
+</table>
+
+### Mutation example — assign an SLA domain
+
+<table>
+<tr><th>Raw GraphQL string</th><th>sgqlc Operation</th></tr>
+<tr>
+<td>
+
+```python
+result = client.execute("""
+  mutation {
+    assignSla(input: {
+      objectIds: ["<object-id>"],
+      slaDomainAssignType: PROTECT,
+      slaOptionalId: "<sla-id>"
+    }) {
+      success
+    }
+  }
+""")
+
+print(result['data']['assignSla']['success'])
+```
+
+</td>
+<td>
+
+```python
+from sgqlc.operation import Operation
+from rsc.schema import Mutation, AssignSlaInput, SlaAssignTypeEnum
+
+op = Operation(Mutation)
+result_field = op.assign_sla(input=AssignSlaInput(
+    object_ids=["<object-id>"],
+    sla_domain_assign_type=SlaAssignTypeEnum.PROTECT,
+    sla_optional_id="<sla-id>",
+))
+result_field.__fields__('success')
+
+result = client.execute(op)
+
+data = (op + result).assign_sla
+print(data.success)
+```
+
+</td>
+</tr>
+</table>
+
+---
+
+## Discovery index
+
+The package ships two pre-generated JSON indexes built from the GraphQL SDL: `mcp_index.json` (all queries and mutations with their argument signatures) and `mcp_types.json` (all named types with their fields, enum values, or union members). These are parsed once at import time and cached in memory.
+
+### Why it exists
+
+A common mistake when building an MCP server for a GraphQL API is to create one MCP tool per operation — a pattern that produces thousands of redundant tools and defeats the purpose of both technologies. GraphQL was designed so that a single endpoint can express any query or mutation; MCP tools should reflect that by exposing a small, generic surface: one tool to search operations, one to describe an operation, one to execute it. The LLM then does what it's good at — using those tools to discover and compose the right call at runtime.
+
+The discovery index makes this practical. The RSC schema is large, and an LLM needs a fast way to answer "what operations exist and how do I call them?" without parsing the raw SDL on every request. The indexes are pre-built by CI whenever the schema changes and committed into the package, so discovery works instantly with no credentials, no network access, and no heavy runtime dependencies.
+
+### Functions
+
+```python
+from rsc import (
+    search_operations,   # full-text search across names + descriptions
+    describe_operation,  # full argument signature for one operation
+    describe_type,       # fields/values for any named type
+    list_queries,        # all query names
+    list_mutations,      # all mutation names
+    list_types,          # all type names
+)
+```
+
+#### `search_operations(search, operation_type="all")`
+
+Case-insensitive substring search across operation names and descriptions. Useful for finding the right operation when you know roughly what you're looking for.
+
+```python
+search_operations("snapshot", "query")
+# [{"name": "...", "type": "query", "description": "...", "return_type": "..."}, ...]
+
+search_operations("assign", "mutation")
+```
+
+#### `describe_operation(name, operation_type)`
+
+Returns the full argument signature for a single query or mutation. Operation names are camelCase as they appear in GraphQL (e.g. `vSphereVmNewConnection`).
+
+```python
+op = describe_operation("slaDomains", "query")
+# {
+#   "name": "slaDomains",
+#   "type": "query",
+#   "description": "...",
+#   "return_type": "SlaDomainConnection",
+#   "args": {
+#     "filter": {"type": "[Filter!]", "description": "..."},
+#     ...
+#   }
+# }
+```
+
+#### `describe_type(name)`
+
+Returns the fields (with types and descriptions) for object/input/interface types, the possible values for enums, or the member types for unions.
+
+```python
+describe_type("CreateGlobalSlaInput")
+# {"name": "CreateGlobalSlaInput", "kind": "input", "fields": {"name": {"type": "String!", ...}, ...}}
+
+describe_type("SlaAssignTypeEnum")
+# {"name": "SlaAssignTypeEnum", "kind": "enum", "values": ["PROTECT", "UNPROTECT", ...]}
+```
+
+### Keeping the index in sync
+
+The indexes are regenerated automatically by the CI workflow whenever a new schema file is added. To regenerate locally after adding a schema or modifying `mcp_indexer.py`:
+
+```bash
+PYTHONPATH=src python3 -m rsc.mcp_indexer
+```
+
+Then commit the updated `mcp_index.json` and `mcp_types.json`.
+
+---
+
+## Token caching
+
+Tokens are cached in `~/.rsc/token_cache_<hash>.json` (`0600` permissions) and reused until 60 seconds before expiry. Short-lived callers like cron jobs or Telegraf scripts won't re-authenticate on every run. Cache files are keyed by a hash of the RSC URL so multiple accounts on the same machine stay isolated.