shield-python 0.1.4__py3-none-any.whl → 0.1.6__py3-none-any.whl

shield/__init__.py

@@ -2,4 +2,4 @@ from .client import Client
 from .exceptions import ShieldError
 
 __all__ = ["Client", "ShieldError"]
-__version__ = "0.1.4"
+__version__ = "0.1.5"

shield/client.py

@@ -3,7 +3,7 @@ import hmac as hmac_mod
 import json
 import time
 from typing import Any, Dict, Optional
-from urllib.parse import urlparse
+from urllib.parse import urlencode
 
 import requests
 
@@ -12,6 +12,10 @@ from .resources.sessions import Sessions
 from .resources.events import Events
 from .resources.verify import Verify
 
+# ARCH-019: kept static to avoid leaking Python version / OS into server logs.
+# Bumped alongside setup.py version on each release.
+SDK_USER_AGENT = "shield-python/0.1.6"
+
 
 class Client:
     """Official Shield Python SDK client.
@@ -64,12 +68,29 @@ class Client:
         Raises:
             ShieldError: On non-2xx responses or request failures.
         """
-        url = f"{self.base_url}{path}"
         method = method.upper()
 
+        # C-1 (v0.1.6): fold query params into `path` BEFORE signing so the
+        # canonical message matches what the server validates against
+        # http.Request.URL.RequestURI(). Previously `params` was passed to
+        # requests.request() separately — requests would append them to the
+        # wire URL, but the SDK signed only the bare path, guaranteeing a
+        # signature mismatch on any request with query params. We pre-encode
+        # here and pass params=None to requests so there is exactly one
+        # canonical query string, controlled by this SDK, for both signing
+        # and transmission. doseq=True matches requests' own encoding for
+        # list-valued params (?tag=a&tag=b).
+        if params:
+            path_with_query = f"{path}?{urlencode(params, doseq=True)}"
+        else:
+            path_with_query = path
+
+        url = f"{self.base_url}{path_with_query}"
+
         headers = {
             "X-Shield-Key": self.api_key,
             "Content-Type": "application/json",
+            "User-Agent": SDK_USER_AGENT,
         }
 
         # Serialize body
@@ -83,7 +104,7 @@ class Client:
             timestamp = str(int(time.time()))
             nonce = str(uuid.uuid4())
             body_hash = hashlib.sha256(body).hexdigest()
-            message = f"{timestamp}.{method}.{path}.{body_hash}"
+            message = f"{timestamp}.{method}.{path_with_query}.{body_hash}"
             signature = hmac_mod.new(
                 self.hmac_secret.encode("utf-8"),
                 message.encode("utf-8"),
@@ -99,29 +120,31 @@ class Client:
                 url=url,
                 headers=headers,
                 data=body if body else None,
-                params=params,
+                params=None,
                 timeout=self.timeout,
             )
         except requests.RequestException as e:
             raise ShieldError(
                 message=f"Request failed: {str(e)}",
                 status_code=0,
-                code="request_error",
             )
 
         if not (200 <= response.status_code < 300):
-            error_message = response.text
-            error_code = "api_error"
+            # Backend returns {"error": "..."} (always) and sometimes
+            # {"message": "..."} with extra detail. Prefer message when present.
+            error_message = response.text or response.reason
             try:
                 error_body = response.json()
-                error_message = error_body.get("error", error_message)
-                error_code = error_body.get("code", error_code)
-            except (ValueError, KeyError):
+                error_message = (
+                    error_body.get("message")
+                    or error_body.get("error")
+                    or error_message
+                )
+            except ValueError:
                 pass
             raise ShieldError(
                 message=error_message,
                 status_code=response.status_code,
-                code=error_code,
             )
 
         if raw_response:

shield/exceptions.py

@@ -1,23 +1,15 @@
 class ShieldError(Exception):
     """Base exception for Shield SDK errors."""
 
-    def __init__(self, message: str, status_code: int = None, code: str = None):
+    def __init__(self, message: str, status_code: int = None):
         super().__init__(message)
         self.message = message
         self.status_code = status_code
-        self.code = code
 
     def __str__(self):
-        parts = []
         if self.status_code:
-            parts.append(f"[{self.status_code}]")
-        if self.code:
-            parts.append(f"({self.code})")
-        parts.append(self.message)
-        return " ".join(parts)
+            return f"[{self.status_code}] {self.message}"
+        return self.message
 
     def __repr__(self):
-        return (
-            f"ShieldError(message={self.message!r}, "
-            f"status_code={self.status_code!r}, code={self.code!r})"
-        )
+        return f"ShieldError(message={self.message!r}, status_code={self.status_code!r})"

{shield_python-0.1.4.dist-info → shield_python-0.1.6.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: shield-python
-Version: 0.1.4
+Version: 0.1.6
 Summary: Official Shield SDK for Python
 License: MIT
 Project-URL: Homepage, https://getshield.dev
@@ -264,3 +264,12 @@ Shield Standard Event Taxonomy v1.0 ??37 event types across 7 categories:
 | `shield.evidence.exported` | Evidence was exported |
 | `shield.evidence.verified` | Evidence was verified |
 | `shield.evidence.tampered_detected` | Evidence tampering was detected |
+
+## Versioning & API compatibility
+
+This SDK follows [Semantic Versioning](https://semver.org/).
+
+- **Pre-1.0** (current): minor-version bumps may ship breaking changes. Pin the full version in `requirements.txt`.
+- **1.0 and later**: the public API is stable within a major version. Breaking changes require a major-version bump.
+
+The Shield HTTP API is versioned at the URL path (`/api/v1`). This SDK targets `/api/v1` and will not transparently follow a server-side version bump — a new server major version will be delivered as a new SDK major version so callers opt in explicitly.

shield_python-0.1.6.dist-info/RECORD

@@ -0,0 +1,11 @@
+shield/__init__.py,sha256=Uktse_UZlAOJnYVIKLKzeXFL6kiSJEEqNy0BMDHIYM4,122
+shield/client.py,sha256=1bVkTyvgtCQX4vxpAOPTFE6z5OEPMHoKR4PHw90l0wE,5281
+shield/exceptions.py,sha256=GgC2gtEvgCTxqekJyu7BJdHGi3sY1NzGWOEWkARpci8,500
+shield/resources/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+shield/resources/events.py,sha256=uH0TG235kRsoS6sOp-zPIcy5WbbtaPNAhC8aFMy00Po,1093
+shield/resources/sessions.py,sha256=qOnJlpCx2Zk5nEh5TCFkf6v05l4M5SKAeF7klQ9YCQM,1268
+shield/resources/verify.py,sha256=vGN51EWU56jOl8BVfNlfiP0ivkNvkLykicupGIGcpAw,498
+shield_python-0.1.6.dist-info/METADATA,sha256=GvbinXKIOVhxlBz5irtD6pcFvadRMy_qwd8hPw2F-AI,8641
+shield_python-0.1.6.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+shield_python-0.1.6.dist-info/top_level.txt,sha256=XumpIzJqChucal6arFU8u2d4ua7RA9yPcBSJFUi0JDU,7
+shield_python-0.1.6.dist-info/RECORD,,

shield_python-0.1.4.dist-info/RECORD

@@ -1,11 +0,0 @@
-shield/__init__.py,sha256=nXw1gar8DlzsZvb057b9Z3Gn4Fuudow06cbyizD4yfM,122
-shield/client.py,sha256=bTt-QylDQ92sIVBo3Q5aBe9aCDNmWmlQDYby8s5dGl4,4091
-shield/exceptions.py,sha256=PunpNnkqyP-9ZhLwPAwH4ZqpxL6rg_KxwaQi9_hdo9I,717
-shield/resources/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-shield/resources/events.py,sha256=uH0TG235kRsoS6sOp-zPIcy5WbbtaPNAhC8aFMy00Po,1093
-shield/resources/sessions.py,sha256=qOnJlpCx2Zk5nEh5TCFkf6v05l4M5SKAeF7klQ9YCQM,1268
-shield/resources/verify.py,sha256=vGN51EWU56jOl8BVfNlfiP0ivkNvkLykicupGIGcpAw,498
-shield_python-0.1.4.dist-info/METADATA,sha256=fUMubnzO_KaApcKE6hLQJzbgveIocWYNwO_v_itkXYI,8044
-shield_python-0.1.4.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
-shield_python-0.1.4.dist-info/top_level.txt,sha256=XumpIzJqChucal6arFU8u2d4ua7RA9yPcBSJFUi0JDU,7
-shield_python-0.1.4.dist-info/RECORD,,