tescmd 0.1.2__py3-none-any.whl → 0.3.1__py3-none-any.whl

tescmd/cli/vehicle.py

@@ -4,6 +4,8 @@ from __future__ import annotations
 
 import asyncio
 import contextlib
+import logging
+import os
 from typing import TYPE_CHECKING
 
 import click
@@ -22,6 +24,10 @@ from tescmd.cli._client import (
     require_vin,
 )
 from tescmd.cli._options import global_options
+from tescmd.models.sharing import ShareDriverInfo
+from tescmd.models.vehicle import NearbyChargingSites, Vehicle
+
+logger = logging.getLogger(__name__)
 
 if TYPE_CHECKING:
     from tescmd.cli.main import AppContext
@@ -60,6 +66,7 @@ async def _cmd_list(app_ctx: AppContext) -> None:
             endpoint="vehicle.list",
             fetch=lambda: api.list_vehicles(),
             ttl=TTL_SLOW,
+            model_class=Vehicle,
         )
     finally:
         await client.close()
@@ -90,6 +97,7 @@ async def _cmd_get(app_ctx: AppContext, vin_positional: str | None) -> None:
             endpoint="vehicle.get",
             fetch=lambda: api.get_vehicle(vin),
             ttl=TTL_DEFAULT,
+            model_class=Vehicle,
         )
     finally:
         await client.close()
@@ -174,7 +182,7 @@ async def _cmd_location(app_ctx: AppContext, vin_positional: str | None) -> None
     vin = require_vin(vin_positional, app_ctx.vin)
     client, api = get_vehicle_api(app_ctx)
     try:
-        vdata = await cached_vehicle_data(app_ctx, api, vin, endpoints=["drive_state"])
+        vdata = await cached_vehicle_data(app_ctx, api, vin, endpoints=["location_data"])
     finally:
         await client.close()
 
@@ -322,6 +330,7 @@ async def _cmd_nearby_chargers(app_ctx: AppContext, vin_positional: str | None)
             endpoint="vehicle.nearby-chargers",
             fetch=lambda: api.nearby_charging_sites(vin),
             ttl=TTL_FAST,
+            model_class=NearbyChargingSites,
         )
     finally:
         await client.close()
@@ -361,9 +370,12 @@ async def _cmd_alerts(app_ctx: AppContext, vin_positional: str | None) -> None:
     else:
         if alerts:
             for alert in alerts:
-                name = alert.get("name", "Unknown")
-                ts = alert.get("time", "")
-                formatter.rich.info(f"  {name}  [dim]{ts}[/dim]")
+                if isinstance(alert, dict):
+                    name = alert.get("name", "Unknown")
+                    ts = alert.get("time", "")
+                    formatter.rich.info(f"  {name}  [dim]{ts}[/dim]")
+                else:
+                    formatter.rich.info(f"  {alert}")
         else:
             formatter.rich.info("[dim]No recent alerts.[/dim]")
 
@@ -448,6 +460,7 @@ async def _cmd_drivers(app_ctx: AppContext, vin_positional: str | None) -> None:
             endpoint="vehicle.drivers",
             fetch=lambda: api.list_drivers(vin),
             ttl=TTL_SLOW,
+            model_class=ShareDriverInfo,
         )
     finally:
         await client.close()
@@ -456,39 +469,98 @@ async def _cmd_drivers(app_ctx: AppContext, vin_positional: str | None) -> None:
         formatter.output(drivers, command="vehicle.drivers")
     else:
         if drivers:
+            formatter.rich.info("[bold]Drivers[/bold]")
             for d in drivers:
-                email = (d.get("email") if isinstance(d, dict) else d.email) or "unknown"
-                status = (d.get("status") if isinstance(d, dict) else d.status) or ""
-                formatter.rich.info(f"  {email}  [dim]{status}[/dim]")
+                row = d if isinstance(d, dict) else d.model_dump(exclude_none=True)
+                user_id = row.get("share_user_id", "")
+                email = row.get("email") or "(no email)"
+                status = row.get("status") or ""
+                parts = [f"  {email}"]
+                if status:
+                    parts.append(f"[dim]{status}[/dim]")
+                if user_id:
+                    parts.append(f"[dim](id: {user_id})[/dim]")
+                formatter.rich.info("  ".join(parts))
         else:
             formatter.rich.info("[dim]No drivers found.[/dim]")
 
 
 @vehicle_group.command("calendar")
 @click.argument("vin_positional", required=False, default=None, metavar="VIN")
-@click.argument("calendar_data")
+@click.option(
+    "--file",
+    "-f",
+    "calendar_file",
+    type=click.File("r"),
+    default=None,
+    help="Read calendar JSON from file (use '-' for stdin)",
+)
+@click.argument("calendar_data", required=False, default=None)
 @global_options
-def calendar_cmd(app_ctx: AppContext, vin_positional: str | None, calendar_data: str) -> None:
+def calendar_cmd(
+    app_ctx: AppContext,
+    vin_positional: str | None,
+    calendar_file: click.utils.LazyFile | None,
+    calendar_data: str | None,
+) -> None:
     """Send calendar entries to the vehicle.
 
-    CALENDAR_DATA should be a JSON string of calendar entries.
+    Pass calendar JSON as an argument, via --file, or piped through stdin.
+
+    \b
+    Example JSON:
+      {
+        "calendars": [{
+          "name": "Work",
+          "color": "#4285F4",
+          "events": [{
+            "name": "Team Standup",
+            "location": "1 Market St, San Francisco, CA",
+            "start": 1738573200000,
+            "end": 1738576800000,
+            "all_day": false,
+            "organizer": "alice@example.com"
+          }]
+        }],
+        "phone_name": "My Phone",
+        "uuid": "abc-123"
+      }
+
+    \b
+    Usage:
+      tescmd vehicle calendar --file cal.json
+      tescmd vehicle calendar '{"calendars": [...]}'
+      cat cal.json | tescmd vehicle calendar --file -
     """
+    import sys
+
+    if calendar_file is not None:
+        data = calendar_file.read()
+    elif calendar_data is not None:
+        data = calendar_data
+    elif not sys.stdin.isatty():
+        data = sys.stdin.read()
+    else:
+        raise click.UsageError(
+            "No calendar data provided.\n\n"
+            "Usage:\n"
+            "  tescmd vehicle calendar --file cal.json\n"
+            "  tescmd vehicle calendar '{\"calendars\": [...]}'\n"
+            "  cat cal.json | tescmd vehicle calendar --file -\n\n"
+            "Run --help for a full JSON example."
+        )
+
     run_async(
         execute_command(
             app_ctx,
             vin_positional,
             "upcoming_calendar_entries",
             "vehicle.calendar",
-            body={"calendar_data": calendar_data},
+            body={"calendar_data": data.strip()},
         )
     )
 
 
-# ---------------------------------------------------------------------------
-# Power management commands
-# ---------------------------------------------------------------------------
-
-
 # ---------------------------------------------------------------------------
 # Extended vehicle data endpoints
 # ---------------------------------------------------------------------------
@@ -615,13 +687,14 @@ async def _cmd_specs(app_ctx: AppContext, vin_positional: str | None) -> None:
 
 
 @vehicle_group.command("warranty")
+@click.argument("vin_positional", required=False, default=None, metavar="VIN")
 @global_options
-def warranty_cmd(app_ctx: AppContext) -> None:
-    """Fetch warranty details for the account."""
-    run_async(_cmd_warranty(app_ctx))
+def warranty_cmd(app_ctx: AppContext, vin_positional: str | None) -> None:
+    """Fetch warranty details for the vehicle."""
+    run_async(_cmd_warranty(app_ctx, vin_positional))
 
 
-async def _cmd_warranty(app_ctx: AppContext) -> None:
+async def _cmd_warranty(app_ctx: AppContext, vin_positional: str | None) -> None:
     formatter = app_ctx.formatter
     client, api = get_vehicle_api(app_ctx)
     try:
@@ -794,6 +867,69 @@ async def _cmd_telemetry_errors(app_ctx: AppContext, vin_positional: str | None)
         formatter.rich.telemetry_errors(data)
 
 
+@telemetry_group.command("stream")
+@click.argument("vin_positional", required=False, default=None, metavar="VIN")
+@click.option(
+    "--port",
+    "telemetry_port",
+    type=int,
+    default=None,
+    help="Local server port (random if omitted)",
+)
+@click.option("--fields", default="default", help="Field preset or comma-separated names")
+@click.option("--interval", type=int, default=None, help="Override interval for all fields")
+@click.option("--no-log", is_flag=True, default=False, help="Disable CSV telemetry log")
+@click.option(
+    "--legacy-dashboard",
+    is_flag=True,
+    default=False,
+    help="Use legacy Rich Live dashboard",
+)
+@global_options
+def telemetry_stream_cmd(
+    app_ctx: AppContext,
+    vin_positional: str | None,
+    telemetry_port: int | None,
+    fields: str,
+    interval: int | None,
+    no_log: bool,
+    legacy_dashboard: bool,
+) -> None:
+    """Stream real-time telemetry via Tailscale Funnel.
+
+    Alias for ``tescmd serve --no-mcp``.  Starts a local WebSocket server,
+    exposes it via Tailscale Funnel, configures the vehicle to push
+    telemetry, and displays a full-screen TUI dashboard (TTY) or JSONL
+    stream (piped).  A CSV log is written by default.
+
+    Requires Tailscale with Funnel enabled.
+    """
+    from tescmd.cli.serve import _cmd_serve
+
+    run_async(
+        _cmd_serve(
+            app_ctx,
+            vin_positional=vin_positional,
+            transport="streamable-http",
+            mcp_port=int(os.environ.get("TESCMD_MCP_PORT", "8080")),
+            telemetry_port=telemetry_port,
+            fields_spec=fields,
+            interval_override=interval,
+            no_telemetry=False,
+            no_mcp=True,
+            no_log=no_log,
+            legacy_dashboard=legacy_dashboard,
+            openclaw_url=None,
+            openclaw_token=None,
+            openclaw_config_path=None,
+            dry_run=False,
+            tailscale=False,
+            client_id="",
+            client_secret="",
+        )
+    )
+
+
 # ---------------------------------------------------------------------------
 # Power management commands
 # ---------------------------------------------------------------------------

tescmd/crypto/__init__.py

@@ -1,4 +1,4 @@
-"""EC key management for Tesla Fleet API command signing."""
+"""EC key management and signing for Tesla Fleet API."""
 
 from tescmd.crypto.keys import (
     generate_ec_key_pair,
@@ -8,6 +8,7 @@ from tescmd.crypto.keys import (
     load_private_key,
     load_public_key_pem,
 )
+from tescmd.crypto.schnorr import sign_fleet_telemetry_config
 
 __all__ = [
     "generate_ec_key_pair",
@@ -16,4 +17,5 @@ __all__ = [
     "has_key_pair",
     "load_private_key",
     "load_public_key_pem",
+    "sign_fleet_telemetry_config",
 ]

tescmd/crypto/ecdh.py

@@ -13,6 +13,15 @@ def derive_session_key(
 ) -> bytes:
     """Derive a 16-byte session key via ECDH + SHA-1 truncation.
 
+    .. note::
+
+        SHA-1 is required by Tesla's Vehicle Command Protocol — the
+        vehicle firmware expects ``SHA1(shared_secret)[:16]``.  SHA-1's
+        known collision weaknesses do not affect this usage (only
+        preimage resistance matters for key derivation, and SHA-1
+        remains preimage-resistant).  See ``vehicle-command`` Go SDK
+        reference implementation.
+
     Parameters
     ----------
     private_key:

tescmd/crypto/schnorr.py

@@ -0,0 +1,191 @@
+"""Schnorr signatures over NIST P-256 for Tesla Fleet Telemetry JWS.
+
+Implements the ``Tesla.SS256`` signing algorithm used by the Vehicle
+Command HTTP Proxy to sign fleet telemetry configurations.  This lets
+tescmd call the ``fleet_telemetry_config_jws`` endpoint directly,
+without requiring the Go-based ``tesla-http-proxy`` binary.
+
+Algorithm reference: github.com/teslamotors/vehicle-command
+    internal/schnorr/sign.go   — Sign()
+    internal/schnorr/schnorr.go — challenge(), Verify()
+    internal/authentication/jwt.go — SignMessage()
+"""
+
+from __future__ import annotations
+
+import base64
+import hashlib
+import hmac
+import json
+import struct
+from typing import Any
+
+from cryptography.hazmat.primitives.asymmetric import ec
+from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
+
+# ---------------------------------------------------------------------------
+# P-256 curve constants
+# ---------------------------------------------------------------------------
+
+P256_ORDER = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
+
+_P256_GX = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296
+_P256_GY = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5
+
+# Generator point G in uncompressed X9.62 form (04 || X || Y).
+P256_GENERATOR_BYTES = b"\x04" + _P256_GX.to_bytes(32, "big") + _P256_GY.to_bytes(32, "big")
+
+_SCALAR_LEN = 32
+
+
+# ---------------------------------------------------------------------------
+# Low-level Schnorr primitives
+# ---------------------------------------------------------------------------
+
+
+def _deterministic_nonce(scalar: bytes, message_hash: bytes) -> bytes:
+    """RFC 6979 deterministic nonce generation for P-256 / SHA-256.
+
+    Mirrors ``DeterministicNonce`` in the Go SDK's ``internal/schnorr/sign.go``.
+    """
+    # Reduce message hash mod n
+    h1_int = int.from_bytes(message_hash, "big") % P256_ORDER
+    h1 = h1_int.to_bytes(32, "big")
+
+    # HMAC-DRBG initialisation (RFC 6979 S3.2 steps a-d)
+    k_mac = b"\x00" * 32
+    v = b"\x01" * 32
+
+    # Step d
+    k_mac = hmac.new(k_mac, v + b"\x00" + scalar + h1, hashlib.sha256).digest()
+    # Step e
+    v = hmac.new(k_mac, v, hashlib.sha256).digest()
+    # Step f
+    k_mac = hmac.new(k_mac, v + b"\x01" + scalar + h1, hashlib.sha256).digest()
+    # Step g
+    v = hmac.new(k_mac, v, hashlib.sha256).digest()
+
+    # Step h — generate candidates
+    while True:
+        v = hmac.new(k_mac, v, hashlib.sha256).digest()
+        nonce_int = int.from_bytes(v, "big")
+        if 0 < nonce_int < P256_ORDER:
+            return v
+
+        # Retry per spec
+        k_mac = hmac.new(k_mac, v + b"\x00", hashlib.sha256).digest()
+        v = hmac.new(k_mac, v, hashlib.sha256).digest()
+
+
+def _write_length_value(h: Any, data: bytes) -> None:
+    """Write a 4-byte big-endian length prefix then the data into *h*."""
+    h.update(struct.pack(">I", len(data)))
+    h.update(data)
+
+
+def _challenge(
+    public_nonce_uncompressed: bytes,
+    sender_public_uncompressed: bytes,
+    message: bytes,
+) -> bytes:
+    """Compute the Schnorr challenge hash.
+
+    ``SHA-256(len(G) || G || len(R) || R || len(P) || P || len(m) || m)``
+
+    Mirrors ``challenge()`` in ``internal/schnorr/schnorr.go``.
+    """
+    h = hashlib.sha256()
+    _write_length_value(h, P256_GENERATOR_BYTES)
+    _write_length_value(h, public_nonce_uncompressed)
+    _write_length_value(h, sender_public_uncompressed)
+    _write_length_value(h, message)
+    return h.digest()
+
+
+def schnorr_sign(
+    private_key: ec.EllipticCurvePrivateKey,
+    message: bytes,
+) -> bytes:
+    """Produce a 96-byte Tesla Schnorr/P-256 signature.
+
+    Returns ``nonce_X (32) || nonce_Y (32) || r (32)``.
+    """
+    # Private scalar bytes (big-endian, zero-padded to 32 bytes)
+    priv_numbers = private_key.private_numbers()
+    scalar = priv_numbers.private_value.to_bytes(_SCALAR_LEN, "big")
+
+    # Public key (uncompressed X9.62)
+    sender_public = private_key.public_key().public_bytes(
+        Encoding.X962, PublicFormat.UncompressedPoint
+    )
+
+    # 1. Deterministic nonce
+    digest = hashlib.sha256(message).digest()
+    nonce_bytes = _deterministic_nonce(scalar, digest)
+    nonce_int = int.from_bytes(nonce_bytes, "big")
+
+    # 2. Nonce public key  (k·G)
+    nonce_key = ec.derive_private_key(nonce_int, ec.SECP256R1())
+    nonce_public = nonce_key.public_key().public_bytes(
+        Encoding.X962, PublicFormat.UncompressedPoint
+    )  # 65 bytes: 04 || X || Y
+
+    # 3. Challenge  c = H(G, R, P, m)
+    c_bytes = _challenge(nonce_public, sender_public, message)
+    c_int = int.from_bytes(c_bytes, "big")
+
+    # 4. Response  r = k - x*c  (mod n)
+    x_int = priv_numbers.private_value
+    r_int = (nonce_int - x_int * c_int) % P256_ORDER
+
+    # 5. Signature = nonce_X || nonce_Y || r  (strip 0x04 prefix)
+    sig = nonce_public[1:] + r_int.to_bytes(_SCALAR_LEN, "big")
+    assert len(sig) == 3 * _SCALAR_LEN
+    return sig
+
+
+# ---------------------------------------------------------------------------
+# JWS token construction  (Tesla.SS256)
+# ---------------------------------------------------------------------------
+
+_JWS_HEADER = {"alg": "Tesla.SS256", "typ": "JWT"}
+
+
+def _b64url(data: bytes) -> str:
+    """Base64url-encode without padding (per RFC 7515)."""
+    return base64.urlsafe_b64encode(data).rstrip(b"=").decode("ascii")
+
+
+def sign_fleet_telemetry_config(
+    private_key: ec.EllipticCurvePrivateKey,
+    config: dict[str, Any],
+) -> str:
+    """Create a JWS token for a fleet telemetry config payload.
+
+    The *config* dict (hostname, ca, fields, alert_types) is signed with the
+    Tesla.SS256 algorithm.  ``iss`` and ``aud`` claims are set automatically.
+
+    Returns the compact JWS string for the ``fleet_telemetry_config_jws``
+    endpoint's ``token`` field.
+    """
+    # Build claims — shallow copy so we don't mutate the caller's dict
+    claims: dict[str, Any] = dict(config)
+
+    # iss = base64(uncompressed public key bytes)
+    pub_bytes = private_key.public_key().public_bytes(
+        Encoding.X962, PublicFormat.UncompressedPoint
+    )
+    claims["iss"] = base64.standard_b64encode(pub_bytes).decode("ascii")
+    claims["aud"] = "com.tesla.fleet.TelemetryClient"
+
+    # Serialise header & payload
+    header_b64 = _b64url(json.dumps(_JWS_HEADER, separators=(",", ":")).encode())
+    payload_b64 = _b64url(json.dumps(claims, separators=(",", ":")).encode())
+
+    signing_input = f"{header_b64}.{payload_b64}".encode("ascii")
+
+    # Sign
+    sig = schnorr_sign(private_key, signing_input)
+    sig_b64 = _b64url(sig)
+
+    return f"{header_b64}.{payload_b64}.{sig_b64}"

tescmd/deploy/github_pages.py

@@ -27,8 +27,15 @@ POLL_INTERVAL = 5  # seconds
 # ---------------------------------------------------------------------------
 
 
+def _check_tool(name: str) -> None:
+    """Raise FileNotFoundError if *name* is not on PATH."""
+    if shutil.which(name) is None:
+        raise FileNotFoundError(f"Required tool {name!r} is not installed or not on PATH")
+
+
 def _run_gh(args: list[str], *, check: bool = True) -> subprocess.CompletedProcess[str]:
     """Run a ``gh`` CLI command and return the result."""
+    _check_tool("gh")
     return subprocess.run(
         ["gh", *args],
         capture_output=True,
@@ -44,6 +51,7 @@ def _run_git(
     check: bool = True,
 ) -> subprocess.CompletedProcess[str]:
     """Run a ``git`` command and return the result."""
+    _check_tool("git")
     return subprocess.run(
         ["git", *args],
         capture_output=True,

tescmd/deploy/tailscale_serve.py

@@ -0,0 +1,154 @@
+"""Tailscale Funnel deployment helpers for Tesla Fleet API public keys.
+
+Serves the public key at the Tesla-required ``.well-known`` path via
+Tailscale's ``serve`` + ``funnel`` commands.  All Tailscale interaction
+goes through :class:`~tescmd.telemetry.tailscale.TailscaleManager`.
+"""
+
+from __future__ import annotations
+
+import asyncio
+import logging
+import time
+from pathlib import Path
+
+import httpx
+
+from tescmd.api.errors import TailscaleError
+from tescmd.telemetry.tailscale import TailscaleManager
+
+logger = logging.getLogger(__name__)
+
+WELL_KNOWN_PATH = ".well-known/appspecific/com.tesla.3p.public-key.pem"
+DEFAULT_SERVE_DIR = Path("~/.config/tescmd/serve")
+
+# Polling for deployment validation
+DEFAULT_DEPLOY_TIMEOUT = 60  # seconds (faster than GitHub Pages)
+POLL_INTERVAL = 3  # seconds
+
+
+# ---------------------------------------------------------------------------
+# Key file management
+# ---------------------------------------------------------------------------
+
+
+async def deploy_public_key_tailscale(
+    public_key_pem: str,
+    serve_dir: Path | None = None,
+) -> Path:
+    """Write the PEM key into the serve directory structure.
+
+    Creates ``<serve_dir>/.well-known/appspecific/com.tesla.3p.public-key.pem``.
+
+    Returns the path to the written key file.
+    """
+    base = (serve_dir or DEFAULT_SERVE_DIR).expanduser()
+    key_path = base / WELL_KNOWN_PATH
+    key_path.parent.mkdir(parents=True, exist_ok=True)
+    key_path.write_text(public_key_pem)
+    logger.info("Public key written to %s", key_path)
+    return key_path
+
+
+# ---------------------------------------------------------------------------
+# Serve / Funnel lifecycle
+# ---------------------------------------------------------------------------
+
+
+async def start_key_serving(serve_dir: Path | None = None) -> str:
+    """Start ``tailscale serve`` for ``.well-known`` and enable Funnel.
+
+    Returns the public hostname (e.g. ``machine.tailnet.ts.net``).
+
+    Raises:
+        TailscaleError: If Tailscale is not ready or Funnel cannot start.
+    """
+    base = (serve_dir or DEFAULT_SERVE_DIR).expanduser()
+    well_known_dir = base / ".well-known"
+    if not well_known_dir.exists():
+        raise TailscaleError(
+            f"Serve directory not found: {well_known_dir}. "
+            "Run deploy_public_key_tailscale() first."
+        )
+
+    ts = TailscaleManager()
+    await ts.check_available()
+    hostname = await ts.get_hostname()
+
+    # Serve the .well-known directory at /.well-known/
+    await ts.start_serve("/.well-known/", str(well_known_dir))
+
+    # Enable Funnel to make it publicly accessible
+    await ts.enable_funnel()
+
+    logger.info("Key serving started at https://%s/%s", hostname, WELL_KNOWN_PATH)
+    return hostname
+
+
+async def stop_key_serving() -> None:
+    """Remove the ``.well-known`` serve handler."""
+    ts = TailscaleManager()
+    await ts.stop_serve("/.well-known/")
+    logger.info("Key serving stopped")
+
+
+# ---------------------------------------------------------------------------
+# Readiness check
+# ---------------------------------------------------------------------------
+
+
+async def is_tailscale_serve_ready() -> bool:
+    """Quick check: CLI on PATH + daemon running + Funnel available.
+
+    Returns bool, never raises.
+    """
+    try:
+        ts = TailscaleManager()
+        await ts.check_available()
+        await ts.check_running()
+        return await ts.check_funnel_available()
+    except (TailscaleError, Exception):
+        return False
+
+
+# ---------------------------------------------------------------------------
+# URL helpers and validation
+# ---------------------------------------------------------------------------
+
+
+def get_key_url(hostname: str) -> str:
+    """Return full URL to the public key."""
+    return f"https://{hostname}/{WELL_KNOWN_PATH}"
+
+
+async def validate_tailscale_key_url(hostname: str) -> bool:
+    """HTTP GET to verify key is accessible.
+
+    Returns True if the key is reachable and contains PEM content.
+    """
+    url = get_key_url(hostname)
+    try:
+        async with httpx.AsyncClient() as client:
+            resp = await client.get(url, follow_redirects=True, timeout=10)
+            return resp.status_code == 200 and "BEGIN PUBLIC KEY" in resp.text
+    except httpx.HTTPError:
+        return False
+
+
+async def wait_for_tailscale_deployment(
+    hostname: str,
+    *,
+    timeout: int = DEFAULT_DEPLOY_TIMEOUT,
+) -> bool:
+    """Poll key URL until accessible or *timeout* elapses.
+
+    Returns True if the key became accessible, False on timeout.
+    """
+    deadline = time.monotonic() + timeout
+
+    while time.monotonic() < deadline:
+        if await validate_tailscale_key_url(hostname):
+            return True
+        await asyncio.sleep(POLL_INTERVAL)
+
+    return False

tescmd/mcp/__init__.py

@@ -0,0 +1,7 @@
+"""MCP (Model Context Protocol) server for tescmd."""
+
+from __future__ import annotations
+
+from tescmd.mcp.server import create_mcp_server
+
+__all__ = ["create_mcp_server"]