shield-python 0.1.4__py3-none-any.whl → 0.2.0__py3-none-any.whl

shield/__init__.py

@@ -2,4 +2,4 @@ from .client import Client
 from .exceptions import ShieldError
 
 __all__ = ["Client", "ShieldError"]
-__version__ = "0.1.4"
+__version__ = "0.1.6"

shield/client.py

@@ -3,7 +3,7 @@ import hmac as hmac_mod
 import json
 import time
 from typing import Any, Dict, Optional
-from urllib.parse import urlparse
+from urllib.parse import urlencode
 
 import requests
 
@@ -12,6 +12,10 @@ from .resources.sessions import Sessions
 from .resources.events import Events
 from .resources.verify import Verify
 
+# ARCH-019: kept static to avoid leaking Python version / OS into server logs.
+# Bumped alongside setup.py version on each release.
+SDK_USER_AGENT = "shield-python/0.2.0"
+
 
 class Client:
     """Official Shield Python SDK client.
@@ -30,6 +34,14 @@ class Client:
         hmac_secret: Optional[str] = None,
         timeout: int = 30,
     ):
+        if not hmac_secret:
+            raise ShieldError(
+                message=(
+                    "hmac_secret is required. All write operations must be signed. "
+                    "See https://docs.getshield.dev/authentication"
+                ),
+                status_code=0,
+            )
         self.api_key = api_key
         self.base_url = base_url.rstrip("/")
         self.hmac_secret = hmac_secret
@@ -64,12 +76,29 @@ class Client:
         Raises:
             ShieldError: On non-2xx responses or request failures.
         """
-        url = f"{self.base_url}{path}"
         method = method.upper()
 
+        # C-1 (v0.1.6): fold query params into `path` BEFORE signing so the
+        # canonical message matches what the server validates against
+        # http.Request.URL.RequestURI(). Previously `params` was passed to
+        # requests.request() separately — requests would append them to the
+        # wire URL, but the SDK signed only the bare path, guaranteeing a
+        # signature mismatch on any request with query params. We pre-encode
+        # here and pass params=None to requests so there is exactly one
+        # canonical query string, controlled by this SDK, for both signing
+        # and transmission. doseq=True matches requests' own encoding for
+        # list-valued params (?tag=a&tag=b).
+        if params:
+            path_with_query = f"{path}?{urlencode(params, doseq=True)}"
+        else:
+            path_with_query = path
+
+        url = f"{self.base_url}{path_with_query}"
+
         headers = {
             "X-Shield-Key": self.api_key,
             "Content-Type": "application/json",
+            "User-Agent": SDK_USER_AGENT,
         }
 
         # Serialize body
@@ -83,7 +112,7 @@ class Client:
             timestamp = str(int(time.time()))
             nonce = str(uuid.uuid4())
             body_hash = hashlib.sha256(body).hexdigest()
-            message = f"{timestamp}.{method}.{path}.{body_hash}"
+            message = f"{timestamp}.{method}.{path_with_query}.{body_hash}"
             signature = hmac_mod.new(
                 self.hmac_secret.encode("utf-8"),
                 message.encode("utf-8"),
@@ -99,29 +128,31 @@ class Client:
                 url=url,
                 headers=headers,
                 data=body if body else None,
-                params=params,
+                params=None,
                 timeout=self.timeout,
             )
         except requests.RequestException as e:
             raise ShieldError(
                 message=f"Request failed: {str(e)}",
                 status_code=0,
-                code="request_error",
             )
 
         if not (200 <= response.status_code < 300):
-            error_message = response.text
-            error_code = "api_error"
+            # Backend returns {"error": "..."} (always) and sometimes
+            # {"message": "..."} with extra detail. Prefer message when present.
+            error_message = response.text or response.reason
             try:
                 error_body = response.json()
-                error_message = error_body.get("error", error_message)
-                error_code = error_body.get("code", error_code)
-            except (ValueError, KeyError):
+                error_message = (
+                    error_body.get("message")
+                    or error_body.get("error")
+                    or error_message
+                )
+            except ValueError:
                 pass
             raise ShieldError(
                 message=error_message,
                 status_code=response.status_code,
-                code=error_code,
             )
 
         if raw_response:

shield/exceptions.py

@@ -1,23 +1,15 @@
 class ShieldError(Exception):
     """Base exception for Shield SDK errors."""
 
-    def __init__(self, message: str, status_code: int = None, code: str = None):
+    def __init__(self, message: str, status_code: int = None):
         super().__init__(message)
         self.message = message
         self.status_code = status_code
-        self.code = code
 
     def __str__(self):
-        parts = []
         if self.status_code:
-            parts.append(f"[{self.status_code}]")
-        if self.code:
-            parts.append(f"({self.code})")
-        parts.append(self.message)
-        return " ".join(parts)
+            return f"[{self.status_code}] {self.message}"
+        return self.message
 
     def __repr__(self):
-        return (
-            f"ShieldError(message={self.message!r}, "
-            f"status_code={self.status_code!r}, code={self.code!r})"
-        )
+        return f"ShieldError(message={self.message!r}, status_code={self.status_code!r})"

{shield_python-0.1.4.dist-info → shield_python-0.2.0.dist-info}/METADATA

@@ -1,13 +1,15 @@
 Metadata-Version: 2.4
 Name: shield-python
-Version: 0.1.4
+Version: 0.2.0
 Summary: Official Shield SDK for Python
 License: MIT
 Project-URL: Homepage, https://getshield.dev
-Project-URL: Documentation, https://docs.getshield.dev
+Project-URL: Documentation, https://getshield.dev/docs
 Requires-Python: >=3.8
 Description-Content-Type: text/markdown
+License-File: LICENSE
 Requires-Dist: requests>=2.28.0
+Dynamic: license-file
 
 # Shield Python SDK
 
@@ -16,7 +18,7 @@ Official Python SDK for [Shield](https://getshield.dev) ??tamper-evident session
 ## Installation
 
 ```bash
-pip install shield-python
+pip install shield-python==0.1.6
 ```
 
 ## Quick Start
@@ -54,7 +56,7 @@ client.events.create(
 
 # Verify session integrity
 result = client.verify.session(session_id)
-print(result["intact"])  # True
+print(result["valid"])  # True
 
 # Export session
 pdf_bytes = client.sessions.export(session_id, format="pdf")
@@ -123,7 +125,7 @@ def sign_agreement(session_id):
         session_id=session_id,
         event_type="shield.agreement.signed",
         actor=data["signer_email"],
-        data={"document": data["document_name"], "ip": request.remote_addr},
+        data={"document": data["document_name"]},
     )
     return jsonify({"status": "signed"}), 200
 ```
@@ -192,7 +194,7 @@ async def verify_session(session_id: str):
 
 ## Event Types Reference
 
-Shield Standard Event Taxonomy v1.0 ??37 event types across 7 categories:
+Shield Standard Event Taxonomy v1.0 — 39 event types across 8 categories:
 
 ### Party Events
 | Event Type | Description |
@@ -264,3 +266,12 @@ Shield Standard Event Taxonomy v1.0 ??37 event types across 7 categories:
 | `shield.evidence.exported` | Evidence was exported |
 | `shield.evidence.verified` | Evidence was verified |
 | `shield.evidence.tampered_detected` | Evidence tampering was detected |
+
+## Versioning & API compatibility
+
+This SDK follows [Semantic Versioning](https://semver.org/).
+
+- **Pre-1.0** (current): minor-version bumps may ship breaking changes. Pin the full version in `requirements.txt`.
+- **1.0 and later**: the public API is stable within a major version. Breaking changes require a major-version bump.
+
+The Shield HTTP API is versioned at the URL path (`/api/v1`). This SDK targets `/api/v1` and will not transparently follow a server-side version bump — a new server major version will be delivered as a new SDK major version so callers opt in explicitly.

shield_python-0.2.0.dist-info/RECORD

@@ -0,0 +1,12 @@
+shield/__init__.py,sha256=5SoNzgp4CLk9XCzh3XlYfdRtXZXkXRBvtnKAIU0T6xA,122
+shield/client.py,sha256=hNzvYzymJmwR-nrn3wQJ2QvBlORfGBPDMJsNoXmZqt8,5583
+shield/exceptions.py,sha256=GgC2gtEvgCTxqekJyu7BJdHGi3sY1NzGWOEWkARpci8,500
+shield/resources/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+shield/resources/events.py,sha256=uH0TG235kRsoS6sOp-zPIcy5WbbtaPNAhC8aFMy00Po,1093
+shield/resources/sessions.py,sha256=qOnJlpCx2Zk5nEh5TCFkf6v05l4M5SKAeF7klQ9YCQM,1268
+shield/resources/verify.py,sha256=vGN51EWU56jOl8BVfNlfiP0ivkNvkLykicupGIGcpAw,498
+shield_python-0.2.0.dist-info/licenses/LICENSE,sha256=q9AbInAHssIXz7La3zZMTD7ZAkEdS7RZ3W1rBiDrmAw,1063
+shield_python-0.2.0.dist-info/METADATA,sha256=MXqZ_3B22TaQT_i84s9RvEtEnRy0JmQ5L-DOXpUHa08,8668
+shield_python-0.2.0.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+shield_python-0.2.0.dist-info/top_level.txt,sha256=XumpIzJqChucal6arFU8u2d4ua7RA9yPcBSJFUi0JDU,7
+shield_python-0.2.0.dist-info/RECORD,,

shield_python-0.2.0.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Shield
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

shield_python-0.1.4.dist-info/RECORD

@@ -1,11 +0,0 @@
-shield/__init__.py,sha256=nXw1gar8DlzsZvb057b9Z3Gn4Fuudow06cbyizD4yfM,122
-shield/client.py,sha256=bTt-QylDQ92sIVBo3Q5aBe9aCDNmWmlQDYby8s5dGl4,4091
-shield/exceptions.py,sha256=PunpNnkqyP-9ZhLwPAwH4ZqpxL6rg_KxwaQi9_hdo9I,717
-shield/resources/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-shield/resources/events.py,sha256=uH0TG235kRsoS6sOp-zPIcy5WbbtaPNAhC8aFMy00Po,1093
-shield/resources/sessions.py,sha256=qOnJlpCx2Zk5nEh5TCFkf6v05l4M5SKAeF7klQ9YCQM,1268
-shield/resources/verify.py,sha256=vGN51EWU56jOl8BVfNlfiP0ivkNvkLykicupGIGcpAw,498
-shield_python-0.1.4.dist-info/METADATA,sha256=fUMubnzO_KaApcKE6hLQJzbgveIocWYNwO_v_itkXYI,8044
-shield_python-0.1.4.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
-shield_python-0.1.4.dist-info/top_level.txt,sha256=XumpIzJqChucal6arFU8u2d4ua7RA9yPcBSJFUi0JDU,7
-shield_python-0.1.4.dist-info/RECORD,,