superwise-sentinel-cli 0.1.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- superwise_sentinel_cli-0.1.0/.ai/mcp/mcp.json +0 -0
- superwise_sentinel_cli-0.1.0/.claude/settings.local.json +7 -0
- superwise_sentinel_cli-0.1.0/.gitignore +6 -0
- superwise_sentinel_cli-0.1.0/.gitlab-ci.yml +107 -0
- superwise_sentinel_cli-0.1.0/.pre-commit-config.yaml +33 -0
- superwise_sentinel_cli-0.1.0/CLAUDE.md +65 -0
- superwise_sentinel_cli-0.1.0/PKG-INFO +9 -0
- superwise_sentinel_cli-0.1.0/README.md +64 -0
- superwise_sentinel_cli-0.1.0/poetry.lock +528 -0
- superwise_sentinel_cli-0.1.0/poetry.toml +2 -0
- superwise_sentinel_cli-0.1.0/pyproject.toml +21 -0
- superwise_sentinel_cli-0.1.0/src/sentinel_cli/__init__.py +1 -0
- superwise_sentinel_cli-0.1.0/src/sentinel_cli/auth.py +29 -0
- superwise_sentinel_cli-0.1.0/src/sentinel_cli/cli.py +232 -0
- superwise_sentinel_cli-0.1.0/src/sentinel_cli/config.py +104 -0
- superwise_sentinel_cli-0.1.0/src/sentinel_cli/docker_manager.py +142 -0
- superwise_sentinel_cli-0.1.0/src/sentinel_cli/runner.py +52 -0
- superwise_sentinel_cli-0.1.0/src/sentinel_cli/shell_profile.py +116 -0
- superwise_sentinel_cli-0.1.0/src/sentinel_cli/test_questionary.py +8 -0
|
File without changes
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
##################################
|
|
2
|
+
# Variables
|
|
3
|
+
##################################
|
|
4
|
+
variables:
|
|
5
|
+
API_GW_URL: "https://api-staging.staging.superwise.ai"
|
|
6
|
+
JOB_TAG: f0nl9KXRnY9vZaSJuQd2iigwi4nhFk
|
|
7
|
+
OPENAPI_FILE: openapi.json
|
|
8
|
+
PACKAGE_NAME: superwise_sentinel_cli
|
|
9
|
+
PYTHON_VERSION: "3.11"
|
|
10
|
+
|
|
11
|
+
##################################
|
|
12
|
+
# Workflow
|
|
13
|
+
##################################
|
|
14
|
+
workflow:
|
|
15
|
+
rules:
|
|
16
|
+
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
|
17
|
+
- if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_PIPELINE_SOURCE == "push"
|
|
18
|
+
when: never
|
|
19
|
+
- if: $CI_COMMIT_BRANCH
|
|
20
|
+
|
|
21
|
+
##################################
|
|
22
|
+
# Stages
|
|
23
|
+
##################################
|
|
24
|
+
stages:
|
|
25
|
+
- test
|
|
26
|
+
- code-review
|
|
27
|
+
- pre-commit
|
|
28
|
+
- build
|
|
29
|
+
- publish
|
|
30
|
+
- release
|
|
31
|
+
|
|
32
|
+
##################################
|
|
33
|
+
# Templates
|
|
34
|
+
##################################
|
|
35
|
+
include:
|
|
36
|
+
- project: "askboss/product/superwise/ci-templates"
|
|
37
|
+
file: "sw2/stages/test.gitlab-ci.yml"
|
|
38
|
+
- project: "askboss/product/superwise/ci-templates"
|
|
39
|
+
file: "sw2/stages/code-review.gitlab-ci.yml"
|
|
40
|
+
- project: "askboss/product/superwise/ci-templates"
|
|
41
|
+
file: "sw2/templates/publish-package.gitlab-ci.yml"
|
|
42
|
+
- project: "askboss/product/superwise/ci-templates"
|
|
43
|
+
file: "sw2/stages/release.gitlab-ci.yml"
|
|
44
|
+
- project: "askboss/product/superwise/ci-templates"
|
|
45
|
+
file: "sw2/stages/post-python.gitlab-ci.yml"
|
|
46
|
+
- project: "askboss/product/superwise/ci-templates"
|
|
47
|
+
file: "sw2/templates/post.gitlab-ci.yml"
|
|
48
|
+
|
|
49
|
+
##################################
|
|
50
|
+
# Jobs
|
|
51
|
+
##################################
|
|
52
|
+
pytest:
|
|
53
|
+
cache:
|
|
54
|
+
paths:
|
|
55
|
+
- .venv/
|
|
56
|
+
- $PRE_COMMIT_HOME
|
|
57
|
+
- $XDG_CACHE_HOME
|
|
58
|
+
rules:
|
|
59
|
+
- if: $CI_PIPELINE_SOURCE != "web"
|
|
60
|
+
|
|
61
|
+
pre-commit:
|
|
62
|
+
stage: pre-commit
|
|
63
|
+
rules:
|
|
64
|
+
- if: $CI_PIPELINE_SOURCE != "web"
|
|
65
|
+
|
|
66
|
+
publish-testpypi:
|
|
67
|
+
stage: publish
|
|
68
|
+
image:
|
|
69
|
+
name: $SUPERWISE_STAGE_BASE_IMAGE
|
|
70
|
+
rules:
|
|
71
|
+
- if: $CI_COMMIT_BRANCH == "master"
|
|
72
|
+
cache:
|
|
73
|
+
key: $CI_JOB_NAME
|
|
74
|
+
policy: pull-push
|
|
75
|
+
paths:
|
|
76
|
+
- .venv/
|
|
77
|
+
- $XDG_CACHE_HOME
|
|
78
|
+
needs:
|
|
79
|
+
- job: pytest
|
|
80
|
+
optional: true
|
|
81
|
+
script:
|
|
82
|
+
- export VERSION="$(date +%Y%m%d%H%M%S)-dev"
|
|
83
|
+
- pyenv local ${PYTHON_VERSION}
|
|
84
|
+
- poetry version $VERSION
|
|
85
|
+
- poetry config repositories.test-pypi $POETRY_REPOSITORIES_TESTPYPI_URL
|
|
86
|
+
- poetry publish -r test-pypi --build -u $POETRY_HTTP_BASIC_TESTPYPI_USERNAME -p $POETRY_HTTP_BASIC_TESTPYPI_PASSWORD
|
|
87
|
+
tags:
|
|
88
|
+
- $JOB_TAG
|
|
89
|
+
|
|
90
|
+
publish-internal-testpypi:
|
|
91
|
+
extends: .poetry-publish
|
|
92
|
+
variables:
|
|
93
|
+
POETRY_PUBLISH_REPOSITORY: testpypi
|
|
94
|
+
POETRY_PUBLISH_VERSION: ${CI_PIPELINE_ID}.dev0
|
|
95
|
+
POETRY_PUBLISH_USERNAME: $GOOGLE_ARTIFACT_REGISTRY_TESTPYPI_USER
|
|
96
|
+
POETRY_PUBLISH_PASSWORD: $GOOGLE_ARTIFACT_REGISTRY_TESTPYPI_PASSWORD
|
|
97
|
+
POETRY_PUBLISH_REPOSITORY_URL: $GOOGLE_ARTIFACT_REGISTRY_TESTPYPI_URL
|
|
98
|
+
|
|
99
|
+
release:
|
|
100
|
+
needs:
|
|
101
|
+
- publish-testpypi
|
|
102
|
+
rules:
|
|
103
|
+
- if: $CI_COMMIT_BRANCH == "master" && $CI_PIPELINE_SOURCE == "web"
|
|
104
|
+
when: manual
|
|
105
|
+
|
|
106
|
+
check-conventional-commits:
|
|
107
|
+
extends: .check-conventional-commits
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
repos:
|
|
2
|
+
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
3
|
+
rev: v4.4.0
|
|
4
|
+
hooks:
|
|
5
|
+
- id: check-added-large-files
|
|
6
|
+
- id: check-ast
|
|
7
|
+
- id: check-case-conflict
|
|
8
|
+
- id: check-docstring-first
|
|
9
|
+
- id: check-json
|
|
10
|
+
- id: check-merge-conflict
|
|
11
|
+
- id: check-symlinks
|
|
12
|
+
- id: check-xml
|
|
13
|
+
- id: pretty-format-json
|
|
14
|
+
args: [ --autofix ]
|
|
15
|
+
- id: check-yaml
|
|
16
|
+
- id: end-of-file-fixer
|
|
17
|
+
- id: trailing-whitespace
|
|
18
|
+
- repo: https://github.com/psf/black
|
|
19
|
+
rev: 23.3.0
|
|
20
|
+
hooks:
|
|
21
|
+
- id: black
|
|
22
|
+
args: [ --line-length=120 ]
|
|
23
|
+
- repo: https://github.com/asottile/reorder_python_imports
|
|
24
|
+
rev: v3.10.0
|
|
25
|
+
hooks:
|
|
26
|
+
- id: reorder-python-imports
|
|
27
|
+
- repo: https://github.com/python-poetry/poetry
|
|
28
|
+
rev: 2.1.4
|
|
29
|
+
hooks:
|
|
30
|
+
- id: poetry-check
|
|
31
|
+
- id: poetry-lock
|
|
32
|
+
additional_dependencies:
|
|
33
|
+
- keyrings.google-artifactregistry-auth==1.1.2
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
# CLAUDE.md
|
|
2
|
+
|
|
3
|
+
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
|
|
4
|
+
|
|
5
|
+
## Project overview
|
|
6
|
+
|
|
7
|
+
`superwise-sentinel-cli` is a Python CLI tool (`sentinel`) that routes LLM provider traffic through a Superwise Sentinel guardrails proxy. It supports a **local** mode (starts a Docker container) and a **remote** mode (points at a configured cloud URL). The `proxy on`/`proxy off` commands persist env var assignments to a sourced shell file so that new terminals pick up the proxy configuration automatically.
|
|
8
|
+
|
|
9
|
+
## Setup & development
|
|
10
|
+
|
|
11
|
+
```bash
|
|
12
|
+
# Install dependencies (poetry manages the .venv in-project)
|
|
13
|
+
poetry install
|
|
14
|
+
|
|
15
|
+
# Run the CLI during development
|
|
16
|
+
poetry run sentinel --help
|
|
17
|
+
|
|
18
|
+
# Build the package
|
|
19
|
+
poetry run hatch build
|
|
20
|
+
|
|
21
|
+
# Install pre-commit hooks
|
|
22
|
+
pre-commit install
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
The `poetry.toml` pins `virtualenvs.in-project = true`, so the venv lives at `.venv/`.
|
|
26
|
+
|
|
27
|
+
## Tests
|
|
28
|
+
|
|
29
|
+
There is no test suite. `src/sentinel_cli/test_questionary.py` is a scratch file, not a test module.
|
|
30
|
+
|
|
31
|
+
## Linting
|
|
32
|
+
|
|
33
|
+
Pre-commit hooks enforce:
|
|
34
|
+
- **black** at 120-character line length
|
|
35
|
+
- **reorder-python-imports** for import ordering
|
|
36
|
+
|
|
37
|
+
Run manually: `pre-commit run --all-files`
|
|
38
|
+
|
|
39
|
+
## Architecture
|
|
40
|
+
|
|
41
|
+
All source lives under `src/sentinel_cli/`:
|
|
42
|
+
|
|
43
|
+
- **`cli.py`** — Click command tree: root group `main`, with subgroups `gateway` (start/stop) and `proxy` (on/off), plus top-level commands `auth` and `config`. Imports from `auth`, `runner`, `shell_profile`, and `config`.
|
|
44
|
+
- **`config.py`** — `AppConfig` (pydantic-settings). Settings priority: env vars (`SENTINEL_*`) > `~/.config/sentinel/config.json` > field defaults. Also owns `_PROVIDER_CONFIG` (provider → env var + URL path mapping) and `VALID_PROVIDERS`. `AppConfig.load()` / `.save()` are the only intended access points.
|
|
45
|
+
- **`auth.py`** — `authenticate()` hits the Superwise auth API and caches the token at `~/.config/sentinel/token`. Skips the network call on subsequent invocations unless `force=True`.
|
|
46
|
+
- **`runner.py`** — `get_or_create_local_endpoint()` starts the Docker container and returns its base URL. `resolve_env_vars()` maps provider names to `(env_var, full_url)` pairs using `_PROVIDER_CONFIG` from `config.py`.
|
|
47
|
+
- **`docker_manager.py`** — Manages the `sentinel-local` Docker container (image: `us-central1-docker.pkg.dev/admina33d6818/docker/platform/sentinel:<tag>`). `ensure_container_running()` pulls, starts, and returns a `ContainerEndpoint`; `stop_container()` stops and removes it. Falls back to `linux/amd64` when native platform image is unavailable.
|
|
48
|
+
- **`shell_profile.py`** — `ShellContext` abstraction with `_UnixShellContext` (bash/zsh, auto-detected) and `_WindowsShellContext` (PowerShell). `ensure_shell_integration()` / `remove_shell_integration()` patch the shell profile. `write_env_vars()` / `remove_env_vars()` manage `~/.config/sentinel/protected_vars.json` and a sourced env file. On macOS, also calls `launchctl setenv/unsetenv` for GUI app visibility. The module-level `SHELL` constant holds the current platform context.
|
|
49
|
+
|
|
50
|
+
## Config & state files
|
|
51
|
+
|
|
52
|
+
| Path | Purpose |
|
|
53
|
+
|---|---|
|
|
54
|
+
| `~/.config/sentinel/config.json` | Persisted `AppConfig` |
|
|
55
|
+
| `~/.config/sentinel/protected_vars.json` | Currently active env var→URL mappings |
|
|
56
|
+
| `~/.config/sentinel/token` | Cached Superwise auth token |
|
|
57
|
+
| `~/.config/sentinel/env.sh` (Unix) / `env.ps1` (Windows) | Sourced by the shell wrapper on each new session |
|
|
58
|
+
|
|
59
|
+
## Key design constraint
|
|
60
|
+
|
|
61
|
+
`proxy on` writes env var assignments to `~/.config/sentinel/env.sh` (or `env.ps1` on Windows), which the shell profile sources automatically on new sessions. `proxy off` deletes those files and the state JSON. On macOS, `launchctl setenv/unsetenv` is also called so GUI apps (not just terminal sessions) pick up the change immediately.
|
|
62
|
+
|
|
63
|
+
Env var changes are therefore **not visible in the current shell session** — they take effect in new terminals. On macOS, GUI apps see the change immediately via launchctl.
|
|
64
|
+
|
|
65
|
+
The `ensure_shell_integration()` / `remove_shell_integration()` functions in `shell_profile.py` add/remove the `source` line from the user's shell profile (`~/.zshrc` or `~/.bashrc`).
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: superwise-sentinel-cli
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: Sentinel is an LLM proxy that intercepts traffic, enabling you to monitor, secure, and optimize your AI usage. This CLI tool helps you quickly set up traffic interception on this machine
|
|
5
|
+
Requires-Python: <4.0,>=3.11
|
|
6
|
+
Requires-Dist: click>=8.1
|
|
7
|
+
Requires-Dist: docker>=7.0
|
|
8
|
+
Requires-Dist: pydantic-settings>=2.3
|
|
9
|
+
Requires-Dist: pydantic>=2.0
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
# superwise-sentinel-cli
|
|
2
|
+
|
|
3
|
+
CLI for [Superwise Sentinel](https://docs.superwise.ai) — routes LLM provider traffic through an AI guardrails proxy.
|
|
4
|
+
|
|
5
|
+
## Installation
|
|
6
|
+
|
|
7
|
+
```bash
|
|
8
|
+
pip install superwise-sentinel-cli
|
|
9
|
+
```
|
|
10
|
+
|
|
11
|
+
## Quick start
|
|
12
|
+
|
|
13
|
+
```bash
|
|
14
|
+
sentinel quickstart
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
The interactive wizard walks you through authentication, starting a local gateway container, and activating proxy interception. Open a new terminal after setup for env vars to take effect.
|
|
18
|
+
|
|
19
|
+
## Commands
|
|
20
|
+
|
|
21
|
+
### `sentinel auth`
|
|
22
|
+
|
|
23
|
+
Authenticate with Superwise (prompts for Client ID and Client Secret). Pass `--advanced` to override the auth/API host URLs.
|
|
24
|
+
|
|
25
|
+
### `sentinel gateway`
|
|
26
|
+
|
|
27
|
+
| Command | Description |
|
|
28
|
+
|---|---|
|
|
29
|
+
| `sentinel gateway start` | Pull and start the local Docker gateway container |
|
|
30
|
+
| `sentinel gateway stop` | Stop and remove the container |
|
|
31
|
+
|
|
32
|
+
Pass `--sentinel-id <uuid>` to `start` to use an existing sentinel rather than creating a new one.
|
|
33
|
+
|
|
34
|
+
### `sentinel config`
|
|
35
|
+
|
|
36
|
+
Configure the gateway URL and which LLM providers to intercept. Valid providers: `anthropic`, `openai`, `google`. Use `all` to select every provider.
|
|
37
|
+
|
|
38
|
+
### `sentinel proxy`
|
|
39
|
+
|
|
40
|
+
| Command | Description |
|
|
41
|
+
|---|---|
|
|
42
|
+
| `sentinel proxy on` | Write proxy env vars; takes effect in new shell sessions |
|
|
43
|
+
| `sentinel proxy off` | Remove proxy env vars |
|
|
44
|
+
|
|
45
|
+
`proxy on` persists env var assignments to `~/.config/sentinel/env.sh`, which your shell profile sources on startup. On macOS, `launchctl setenv` is also called so GUI apps pick up the change immediately. Changes are **not** visible in the current terminal — open a new one.
|
|
46
|
+
|
|
47
|
+
## Configuration
|
|
48
|
+
|
|
49
|
+
Config is stored at `~/.config/sentinel/config.json` and can be overridden with `SENTINEL_*` environment variables.
|
|
50
|
+
|
|
51
|
+
| Setting | Env var | Description |
|
|
52
|
+
|---|---|---|
|
|
53
|
+
| `gateway_url` | `SENTINEL_GATEWAY_URL` | Gateway endpoint URL |
|
|
54
|
+
| `providers` | `SENTINEL_PROVIDERS` | Providers to intercept (`anthropic`, `openai`, `google`) |
|
|
55
|
+
| `superwise_client_id` | `SENTINEL_SUPERWISE_CLIENT_ID` | Superwise client ID |
|
|
56
|
+
| `superwise_client_secret` | `SENTINEL_SUPERWISE_CLIENT_SECRET` | Superwise client secret |
|
|
57
|
+
| `sentinel_id` | `SENTINEL_SENTINEL_ID` | Sentinel ID |
|
|
58
|
+
|
|
59
|
+
Credentials can be generated at [https://docs.superwise.ai/docs/generate-tokens](https://docs.superwise.ai/docs/generate-tokens).
|
|
60
|
+
|
|
61
|
+
## Requirements
|
|
62
|
+
|
|
63
|
+
- Python 3.11+
|
|
64
|
+
- Docker (local gateway mode only)
|