superwise-sentinel-cli 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
File without changes
@@ -0,0 +1,7 @@
1
+ {
2
+ "permissions": {
3
+ "allow": [
4
+ "Bash(curl -s \"https://raw.githubusercontent.com/google/generative-ai-python/main/google/generativeai/client.py\")"
5
+ ]
6
+ }
7
+ }
@@ -0,0 +1,6 @@
1
+ __pycache__/
2
+ *.py[cod]
3
+ .venv/
4
+ dist/
5
+ *.egg-info/
6
+ .idea/
@@ -0,0 +1,107 @@
1
+ ##################################
2
+ # Variables
3
+ ##################################
4
+ variables:
5
+ API_GW_URL: "https://api-staging.staging.superwise.ai"
6
+ JOB_TAG: f0nl9KXRnY9vZaSJuQd2iigwi4nhFk
7
+ OPENAPI_FILE: openapi.json
8
+ PACKAGE_NAME: superwise_sentinel_cli
9
+ PYTHON_VERSION: "3.11"
10
+
11
+ ##################################
12
+ # Workflow
13
+ ##################################
14
+ workflow:
15
+ rules:
16
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
17
+ - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_PIPELINE_SOURCE == "push"
18
+ when: never
19
+ - if: $CI_COMMIT_BRANCH
20
+
21
+ ##################################
22
+ # Stages
23
+ ##################################
24
+ stages:
25
+ - test
26
+ - code-review
27
+ - pre-commit
28
+ - build
29
+ - publish
30
+ - release
31
+
32
+ ##################################
33
+ # Templates
34
+ ##################################
35
+ include:
36
+ - project: "askboss/product/superwise/ci-templates"
37
+ file: "sw2/stages/test.gitlab-ci.yml"
38
+ - project: "askboss/product/superwise/ci-templates"
39
+ file: "sw2/stages/code-review.gitlab-ci.yml"
40
+ - project: "askboss/product/superwise/ci-templates"
41
+ file: "sw2/templates/publish-package.gitlab-ci.yml"
42
+ - project: "askboss/product/superwise/ci-templates"
43
+ file: "sw2/stages/release.gitlab-ci.yml"
44
+ - project: "askboss/product/superwise/ci-templates"
45
+ file: "sw2/stages/post-python.gitlab-ci.yml"
46
+ - project: "askboss/product/superwise/ci-templates"
47
+ file: "sw2/templates/post.gitlab-ci.yml"
48
+
49
+ ##################################
50
+ # Jobs
51
+ ##################################
52
+ pytest:
53
+ cache:
54
+ paths:
55
+ - .venv/
56
+ - $PRE_COMMIT_HOME
57
+ - $XDG_CACHE_HOME
58
+ rules:
59
+ - if: $CI_PIPELINE_SOURCE != "web"
60
+
61
+ pre-commit:
62
+ stage: pre-commit
63
+ rules:
64
+ - if: $CI_PIPELINE_SOURCE != "web"
65
+
66
+ publish-testpypi:
67
+ stage: publish
68
+ image:
69
+ name: $SUPERWISE_STAGE_BASE_IMAGE
70
+ rules:
71
+ - if: $CI_COMMIT_BRANCH == "master"
72
+ cache:
73
+ key: $CI_JOB_NAME
74
+ policy: pull-push
75
+ paths:
76
+ - .venv/
77
+ - $XDG_CACHE_HOME
78
+ needs:
79
+ - job: pytest
80
+ optional: true
81
+ script:
82
+ - export VERSION="$(date +%Y%m%d%H%M%S)-dev"
83
+ - pyenv local ${PYTHON_VERSION}
84
+ - poetry version $VERSION
85
+ - poetry config repositories.test-pypi $POETRY_REPOSITORIES_TESTPYPI_URL
86
+ - poetry publish -r test-pypi --build -u $POETRY_HTTP_BASIC_TESTPYPI_USERNAME -p $POETRY_HTTP_BASIC_TESTPYPI_PASSWORD
87
+ tags:
88
+ - $JOB_TAG
89
+
90
+ publish-internal-testpypi:
91
+ extends: .poetry-publish
92
+ variables:
93
+ POETRY_PUBLISH_REPOSITORY: testpypi
94
+ POETRY_PUBLISH_VERSION: ${CI_PIPELINE_ID}.dev0
95
+ POETRY_PUBLISH_USERNAME: $GOOGLE_ARTIFACT_REGISTRY_TESTPYPI_USER
96
+ POETRY_PUBLISH_PASSWORD: $GOOGLE_ARTIFACT_REGISTRY_TESTPYPI_PASSWORD
97
+ POETRY_PUBLISH_REPOSITORY_URL: $GOOGLE_ARTIFACT_REGISTRY_TESTPYPI_URL
98
+
99
+ release:
100
+ needs:
101
+ - publish-testpypi
102
+ rules:
103
+ - if: $CI_COMMIT_BRANCH == "master" && $CI_PIPELINE_SOURCE == "web"
104
+ when: manual
105
+
106
+ check-conventional-commits:
107
+ extends: .check-conventional-commits
@@ -0,0 +1,33 @@
1
+ repos:
2
+ - repo: https://github.com/pre-commit/pre-commit-hooks
3
+ rev: v4.4.0
4
+ hooks:
5
+ - id: check-added-large-files
6
+ - id: check-ast
7
+ - id: check-case-conflict
8
+ - id: check-docstring-first
9
+ - id: check-json
10
+ - id: check-merge-conflict
11
+ - id: check-symlinks
12
+ - id: check-xml
13
+ - id: pretty-format-json
14
+ args: [ --autofix ]
15
+ - id: check-yaml
16
+ - id: end-of-file-fixer
17
+ - id: trailing-whitespace
18
+ - repo: https://github.com/psf/black
19
+ rev: 23.3.0
20
+ hooks:
21
+ - id: black
22
+ args: [ --line-length=120 ]
23
+ - repo: https://github.com/asottile/reorder_python_imports
24
+ rev: v3.10.0
25
+ hooks:
26
+ - id: reorder-python-imports
27
+ - repo: https://github.com/python-poetry/poetry
28
+ rev: 2.1.4
29
+ hooks:
30
+ - id: poetry-check
31
+ - id: poetry-lock
32
+ additional_dependencies:
33
+ - keyrings.google-artifactregistry-auth==1.1.2
@@ -0,0 +1,65 @@
1
+ # CLAUDE.md
2
+
3
+ This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
4
+
5
+ ## Project overview
6
+
7
+ `superwise-sentinel-cli` is a Python CLI tool (`sentinel`) that routes LLM provider traffic through a Superwise Sentinel guardrails proxy. It supports a **local** mode (starts a Docker container) and a **remote** mode (points at a configured cloud URL). The `proxy on`/`proxy off` commands persist env var assignments to a sourced shell file so that new terminals pick up the proxy configuration automatically.
8
+
9
+ ## Setup & development
10
+
11
+ ```bash
12
+ # Install dependencies (poetry manages the .venv in-project)
13
+ poetry install
14
+
15
+ # Run the CLI during development
16
+ poetry run sentinel --help
17
+
18
+ # Build the package
19
+ poetry run hatch build
20
+
21
+ # Install pre-commit hooks
22
+ pre-commit install
23
+ ```
24
+
25
+ The `poetry.toml` pins `virtualenvs.in-project = true`, so the venv lives at `.venv/`.
26
+
27
+ ## Tests
28
+
29
+ There is no test suite. `src/sentinel_cli/test_questionary.py` is a scratch file, not a test module.
30
+
31
+ ## Linting
32
+
33
+ Pre-commit hooks enforce:
34
+ - **black** at 120-character line length
35
+ - **reorder-python-imports** for import ordering
36
+
37
+ Run manually: `pre-commit run --all-files`
38
+
39
+ ## Architecture
40
+
41
+ All source lives under `src/sentinel_cli/`:
42
+
43
+ - **`cli.py`** — Click command tree: root group `main`, with subgroups `gateway` (start/stop) and `proxy` (on/off), plus top-level commands `auth` and `config`. Imports from `auth`, `runner`, `shell_profile`, and `config`.
44
+ - **`config.py`** — `AppConfig` (pydantic-settings). Settings priority: env vars (`SENTINEL_*`) > `~/.config/sentinel/config.json` > field defaults. Also owns `_PROVIDER_CONFIG` (provider → env var + URL path mapping) and `VALID_PROVIDERS`. `AppConfig.load()` / `.save()` are the only intended access points.
45
+ - **`auth.py`** — `authenticate()` hits the Superwise auth API and caches the token at `~/.config/sentinel/token`. Skips the network call on subsequent invocations unless `force=True`.
46
+ - **`runner.py`** — `get_or_create_local_endpoint()` starts the Docker container and returns its base URL. `resolve_env_vars()` maps provider names to `(env_var, full_url)` pairs using `_PROVIDER_CONFIG` from `config.py`.
47
+ - **`docker_manager.py`** — Manages the `sentinel-local` Docker container (image: `us-central1-docker.pkg.dev/admina33d6818/docker/platform/sentinel:<tag>`). `ensure_container_running()` pulls, starts, and returns a `ContainerEndpoint`; `stop_container()` stops and removes it. Falls back to `linux/amd64` when native platform image is unavailable.
48
+ - **`shell_profile.py`** — `ShellContext` abstraction with `_UnixShellContext` (bash/zsh, auto-detected) and `_WindowsShellContext` (PowerShell). `ensure_shell_integration()` / `remove_shell_integration()` patch the shell profile. `write_env_vars()` / `remove_env_vars()` manage `~/.config/sentinel/protected_vars.json` and a sourced env file. On macOS, also calls `launchctl setenv/unsetenv` for GUI app visibility. The module-level `SHELL` constant holds the current platform context.
49
+
50
+ ## Config & state files
51
+
52
+ | Path | Purpose |
53
+ |---|---|
54
+ | `~/.config/sentinel/config.json` | Persisted `AppConfig` |
55
+ | `~/.config/sentinel/protected_vars.json` | Currently active env var→URL mappings |
56
+ | `~/.config/sentinel/token` | Cached Superwise auth token |
57
+ | `~/.config/sentinel/env.sh` (Unix) / `env.ps1` (Windows) | Sourced by the shell wrapper on each new session |
58
+
59
+ ## Key design constraint
60
+
61
+ `proxy on` writes env var assignments to `~/.config/sentinel/env.sh` (or `env.ps1` on Windows), which the shell profile sources automatically on new sessions. `proxy off` deletes those files and the state JSON. On macOS, `launchctl setenv/unsetenv` is also called so GUI apps (not just terminal sessions) pick up the change immediately.
62
+
63
+ Env var changes are therefore **not visible in the current shell session** — they take effect in new terminals. On macOS, GUI apps see the change immediately via launchctl.
64
+
65
+ The `ensure_shell_integration()` / `remove_shell_integration()` functions in `shell_profile.py` add/remove the `source` line from the user's shell profile (`~/.zshrc` or `~/.bashrc`).
@@ -0,0 +1,9 @@
1
+ Metadata-Version: 2.4
2
+ Name: superwise-sentinel-cli
3
+ Version: 0.1.0
4
+ Summary: Sentinel is an LLM proxy that intercepts traffic, enabling you to monitor, secure, and optimize your AI usage. This CLI tool helps you quickly set up traffic interception on this machine
5
+ Requires-Python: <4.0,>=3.11
6
+ Requires-Dist: click>=8.1
7
+ Requires-Dist: docker>=7.0
8
+ Requires-Dist: pydantic-settings>=2.3
9
+ Requires-Dist: pydantic>=2.0
@@ -0,0 +1,64 @@
1
+ # superwise-sentinel-cli
2
+
3
+ CLI for [Superwise Sentinel](https://docs.superwise.ai) — routes LLM provider traffic through an AI guardrails proxy.
4
+
5
+ ## Installation
6
+
7
+ ```bash
8
+ pip install superwise-sentinel-cli
9
+ ```
10
+
11
+ ## Quick start
12
+
13
+ ```bash
14
+ sentinel quickstart
15
+ ```
16
+
17
+ The interactive wizard walks you through authentication, starting a local gateway container, and activating proxy interception. Open a new terminal after setup for env vars to take effect.
18
+
19
+ ## Commands
20
+
21
+ ### `sentinel auth`
22
+
23
+ Authenticate with Superwise (prompts for Client ID and Client Secret). Pass `--advanced` to override the auth/API host URLs.
24
+
25
+ ### `sentinel gateway`
26
+
27
+ | Command | Description |
28
+ |---|---|
29
+ | `sentinel gateway start` | Pull and start the local Docker gateway container |
30
+ | `sentinel gateway stop` | Stop and remove the container |
31
+
32
+ Pass `--sentinel-id <uuid>` to `start` to use an existing sentinel rather than creating a new one.
33
+
34
+ ### `sentinel config`
35
+
36
+ Configure the gateway URL and which LLM providers to intercept. Valid providers: `anthropic`, `openai`, `google`. Use `all` to select every provider.
37
+
38
+ ### `sentinel proxy`
39
+
40
+ | Command | Description |
41
+ |---|---|
42
+ | `sentinel proxy on` | Write proxy env vars; takes effect in new shell sessions |
43
+ | `sentinel proxy off` | Remove proxy env vars |
44
+
45
+ `proxy on` persists env var assignments to `~/.config/sentinel/env.sh`, which your shell profile sources on startup. On macOS, `launchctl setenv` is also called so GUI apps pick up the change immediately. Changes are **not** visible in the current terminal — open a new one.
46
+
47
+ ## Configuration
48
+
49
+ Config is stored at `~/.config/sentinel/config.json` and can be overridden with `SENTINEL_*` environment variables.
50
+
51
+ | Setting | Env var | Description |
52
+ |---|---|---|
53
+ | `gateway_url` | `SENTINEL_GATEWAY_URL` | Gateway endpoint URL |
54
+ | `providers` | `SENTINEL_PROVIDERS` | Providers to intercept (`anthropic`, `openai`, `google`) |
55
+ | `superwise_client_id` | `SENTINEL_SUPERWISE_CLIENT_ID` | Superwise client ID |
56
+ | `superwise_client_secret` | `SENTINEL_SUPERWISE_CLIENT_SECRET` | Superwise client secret |
57
+ | `sentinel_id` | `SENTINEL_SENTINEL_ID` | Sentinel ID |
58
+
59
+ Credentials can be generated at [https://docs.superwise.ai/docs/generate-tokens](https://docs.superwise.ai/docs/generate-tokens).
60
+
61
+ ## Requirements
62
+
63
+ - Python 3.11+
64
+ - Docker (local gateway mode only)