tripwire-server 0.1.0__tar.gz

tripwire_server-0.1.0/.github/workflows/ci.yml

@@ -0,0 +1,56 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+      - codex/**
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - run: python -m pip install --upgrade pip build
+      - run: python -m pip install -e .
+      - run: python -m unittest tests.test_client tests.test_contract tests.test_sealed_token
+      - run: python -m build
+
+  spec-sync:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check synced spec
+        run: bash ./scripts/check-spec-sync.sh
+
+  live-smoke:
+    runs-on: ubuntu-latest
+    needs: [test, spec-sync]
+    if: ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref == 'refs/heads/main') }}
+    env:
+      TRIPWIRE_LIVE_SMOKE: "1"
+      TRIPWIRE_SMOKE_SECRET_KEY: ${{ secrets.TRIPWIRE_SMOKE_SECRET_KEY }}
+      TRIPWIRE_SMOKE_TEAM_ID: ${{ secrets.TRIPWIRE_SMOKE_TEAM_ID }}
+      TRIPWIRE_SMOKE_BASE_URL: ${{ secrets.TRIPWIRE_SMOKE_BASE_URL }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - name: Require smoke secrets
+        if: ${{ env.TRIPWIRE_SMOKE_SECRET_KEY == '' || env.TRIPWIRE_SMOKE_TEAM_ID == '' }}
+        run: |
+          echo "TRIPWIRE_SMOKE_SECRET_KEY and TRIPWIRE_SMOKE_TEAM_ID are required for live smoke tests."
+          exit 1
+      - run: python -m pip install --upgrade pip
+      - run: python -m pip install -e .
+      - name: Run live smoke suite
+        run: python -m unittest tests.test_live

tripwire_server-0.1.0/.github/workflows/release.yml

@@ -0,0 +1,142 @@
+name: Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      confirm_version:
+        description: Version in pyproject.toml to release
+        required: true
+        type: string
+      dry_run:
+        description: Build and verify without tagging or publishing
+        required: true
+        default: true
+        type: boolean
+
+permissions:
+  contents: read
+
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+      tag: ${{ steps.version.outputs.tag }}
+      commit_sha: ${{ steps.commit.outputs.sha }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - id: commit
+        run: echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
+
+      - id: version
+        run: |
+          VERSION=$(python - <<'PY'
+          import pathlib
+          import tomllib
+
+          with pathlib.Path("pyproject.toml").open("rb") as handle:
+              data = tomllib.load(handle)
+          print(data["project"]["version"])
+          PY
+          )
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+          echo "tag=v$VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: Validate release inputs
+        env:
+          EXPECTED_VERSION: ${{ inputs.confirm_version }}
+          ACTUAL_VERSION: ${{ steps.version.outputs.version }}
+          DRY_RUN: ${{ inputs.dry_run }}
+          REF_NAME: ${{ github.ref_name }}
+        run: |
+          if [ "$EXPECTED_VERSION" != "$ACTUAL_VERSION" ]; then
+            echo "Expected version $EXPECTED_VERSION, found $ACTUAL_VERSION."
+            exit 1
+          fi
+
+          if [ "$DRY_RUN" != "true" ] && [ "$REF_NAME" != "main" ]; then
+            echo "Real releases must run from main."
+            exit 1
+          fi
+
+      - name: Ensure release tag is new
+        env:
+          TAG: ${{ steps.version.outputs.tag }}
+        run: |
+          git fetch --tags --force
+          if git rev-parse -q --verify "refs/tags/$TAG" >/dev/null; then
+            echo "Tag $TAG already exists."
+            exit 1
+          fi
+
+      - run: python -m pip install --upgrade pip build
+      - run: python -m pip install -e .
+      - run: python -m unittest tests.test_client tests.test_contract tests.test_sealed_token
+      - run: python -m build
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: release-artifacts
+          path: dist/*
+          if-no-files-found: error
+          retention-days: 7
+
+  publish:
+    if: ${{ !inputs.dry_run }}
+    needs: prepare
+    runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      contents: write
+      id-token: write
+    env:
+      GH_TOKEN: ${{ github.token }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ needs.prepare.outputs.commit_sha }}
+
+      - uses: actions/download-artifact@v4
+        with:
+          name: release-artifacts
+          path: dist
+
+      - name: Ensure release is still new
+        env:
+          TAG: ${{ needs.prepare.outputs.tag }}
+        run: |
+          git fetch --tags --force
+          if git rev-parse -q --verify "refs/tags/$TAG" >/dev/null; then
+            echo "Tag $TAG already exists."
+            exit 1
+          fi
+          if gh release view "$TAG" >/dev/null 2>&1; then
+            echo "GitHub release $TAG already exists."
+            exit 1
+          fi
+
+      - name: Create and push release tag
+        env:
+          TAG: ${{ needs.prepare.outputs.tag }}
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git tag -a "$TAG" -m "Release $TAG"
+          git push origin "$TAG"
+
+      - uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          packages-dir: dist
+
+      - name: Create GitHub release
+        env:
+          TAG: ${{ needs.prepare.outputs.tag }}
+        run: gh release create "$TAG" dist/* --title "$TAG" --generate-notes --verify-tag

tripwire_server-0.1.0/.gitignore

@@ -0,0 +1,7 @@
+__pycache__/
+*.pyc
+.pytest_cache/
+.venv/
+dist/
+build/
+*.egg-info/

tripwire_server-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 ABXY Labs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

tripwire_server-0.1.0/PKG-INFO

@@ -0,0 +1,121 @@
+Metadata-Version: 2.4
+Name: tripwire-server
+Version: 0.1.0
+Summary: Official Tripwire Python server SDK
+Project-URL: Homepage, https://github.com/abxy-labs/tripwire-server-python
+Project-URL: Repository, https://github.com/abxy-labs/tripwire-server-python
+Project-URL: Issues, https://github.com/abxy-labs/tripwire-server-python/issues
+Author: ABXY Labs
+License: MIT
+License-File: LICENSE
+Requires-Python: >=3.10
+Requires-Dist: cryptography<47,>=42
+Requires-Dist: httpx<1,>=0.27
+Description-Content-Type: text/markdown
+
+# Tripwire Python Library
+
+![Preview](https://img.shields.io/badge/status-preview-111827)
+![Python 3.10+](https://img.shields.io/badge/python-3.10%2B-3776AB?logo=python&logoColor=white)
+![License: MIT](https://img.shields.io/badge/license-MIT-0f766e.svg)
+
+The Tripwire Python library provides convenient access to the Tripwire API from applications written in Python. It includes a synchronous client for Sessions, Fingerprints, Teams, Team API key management, and sealed token verification.
+
+The library also provides:
+
+- a fast configuration path using `TRIPWIRE_SECRET_KEY`
+- iterator helpers for cursor-based pagination
+- structured API errors and built-in sealed token verification
+
+## Documentation
+
+See the [Tripwire docs](https://tripwirejs.com/docs) and [API reference](https://tripwirejs.com/docs/api-reference/introduction).
+
+## Installation
+
+You don't need this source code unless you want to modify the package. If you just want to use the package, run:
+
+```bash
+pip install tripwire-server
+```
+
+## Requirements
+
+- Python 3.10+
+
+## Usage
+
+The library needs to be configured with your account's secret key. Set `TRIPWIRE_SECRET_KEY` in your environment or pass `secret_key` directly:
+
+```python
+from tripwire_server import Tripwire
+
+client = Tripwire(secret_key="sk_live_...")
+
+page = client.sessions.list(verdict="bot", limit=25)
+session = client.sessions.get("sid_123")
+```
+
+### Sealed token verification
+
+```python
+from tripwire_server import safe_verify_tripwire_token
+
+result = safe_verify_tripwire_token(
+    sealed_token,
+    "sk_live_...",
+)
+
+if result.ok:
+    print(result.data.verdict, result.data.score)
+else:
+    print(result.error)
+```
+
+### Pagination
+
+```python
+for session in client.sessions.iter(search="signup"):
+    print(session.id, session.latest_result.verdict)
+```
+
+### Fingerprints
+
+```python
+page = client.fingerprints.list(sort="seen_count")
+fingerprint = client.fingerprints.get("vis_123")
+```
+
+### Teams
+
+```python
+team = client.teams.get("team_123")
+updated = client.teams.update("team_123", name="New Name")
+```
+
+### Team API keys
+
+```python
+created = client.teams.api_keys.create(
+    "team_123",
+    name="Production",
+    allowed_origins=["https://example.com"],
+)
+
+client.teams.api_keys.revoke("team_123", created.id)
+```
+
+### Error handling
+
+```python
+from tripwire_server import TripwireApiError
+
+try:
+    client.sessions.list(limit=999)
+except TripwireApiError as error:
+    print(error.status, error.code, error.message)
+```
+
+## Support
+
+If you need help integrating Tripwire, start with [tripwirejs.com/docs](https://tripwirejs.com/docs).

tripwire_server-0.1.0/README.md

@@ -0,0 +1,106 @@
+# Tripwire Python Library
+
+![Preview](https://img.shields.io/badge/status-preview-111827)
+![Python 3.10+](https://img.shields.io/badge/python-3.10%2B-3776AB?logo=python&logoColor=white)
+![License: MIT](https://img.shields.io/badge/license-MIT-0f766e.svg)
+
+The Tripwire Python library provides convenient access to the Tripwire API from applications written in Python. It includes a synchronous client for Sessions, Fingerprints, Teams, Team API key management, and sealed token verification.
+
+The library also provides:
+
+- a fast configuration path using `TRIPWIRE_SECRET_KEY`
+- iterator helpers for cursor-based pagination
+- structured API errors and built-in sealed token verification
+
+## Documentation
+
+See the [Tripwire docs](https://tripwirejs.com/docs) and [API reference](https://tripwirejs.com/docs/api-reference/introduction).
+
+## Installation
+
+You don't need this source code unless you want to modify the package. If you just want to use the package, run:
+
+```bash
+pip install tripwire-server
+```
+
+## Requirements
+
+- Python 3.10+
+
+## Usage
+
+The library needs to be configured with your account's secret key. Set `TRIPWIRE_SECRET_KEY` in your environment or pass `secret_key` directly:
+
+```python
+from tripwire_server import Tripwire
+
+client = Tripwire(secret_key="sk_live_...")
+
+page = client.sessions.list(verdict="bot", limit=25)
+session = client.sessions.get("sid_123")
+```
+
+### Sealed token verification
+
+```python
+from tripwire_server import safe_verify_tripwire_token
+
+result = safe_verify_tripwire_token(
+    sealed_token,
+    "sk_live_...",
+)
+
+if result.ok:
+    print(result.data.verdict, result.data.score)
+else:
+    print(result.error)
+```
+
+### Pagination
+
+```python
+for session in client.sessions.iter(search="signup"):
+    print(session.id, session.latest_result.verdict)
+```
+
+### Fingerprints
+
+```python
+page = client.fingerprints.list(sort="seen_count")
+fingerprint = client.fingerprints.get("vis_123")
+```
+
+### Teams
+
+```python
+team = client.teams.get("team_123")
+updated = client.teams.update("team_123", name="New Name")
+```
+
+### Team API keys
+
+```python
+created = client.teams.api_keys.create(
+    "team_123",
+    name="Production",
+    allowed_origins=["https://example.com"],
+)
+
+client.teams.api_keys.revoke("team_123", created.id)
+```
+
+### Error handling
+
+```python
+from tripwire_server import TripwireApiError
+
+try:
+    client.sessions.list(limit=999)
+except TripwireApiError as error:
+    print(error.status, error.code, error.message)
+```
+
+## Support
+
+If you need help integrating Tripwire, start with [tripwirejs.com/docs](https://tripwirejs.com/docs).

tripwire_server-0.1.0/RELEASING.md

@@ -0,0 +1,35 @@
+# Releasing `tripwire-server`
+
+This repository uses a manual `release.yml` workflow. Versions are independent from the other Tripwire server SDKs.
+
+## Before the first real release
+
+Configure these GitHub and registry settings:
+
+1. Create a protected GitHub environment named `release` with required reviewer approval.
+2. Create the `tripwire-server` project on PyPI if it does not already exist.
+3. Add a pending PyPI trusted publisher for:
+   - repository: `abxy-labs/tripwire-server-python`
+   - workflow: `.github/workflows/release.yml`
+   - environment: `release`
+
+## Release flow
+
+1. Bump `pyproject.toml` to the target version in a pull request.
+2. Merge the version bump to `main`.
+3. Open GitHub Actions and run `Release`.
+4. Set `confirm_version` to the exact `pyproject.toml` version.
+5. Run a `dry_run=true` release first.
+6. Re-run with `dry_run=false` once the dry run looks correct and the `release` environment approval is in place.
+
+## What the workflow does
+
+- reads the release version from `pyproject.toml`
+- reruns the equivalent of the repo checks
+- builds the wheel and source distribution with `python -m build`
+- on real releases:
+  - creates tag `vX.Y.Z`
+  - publishes `tripwire-server` to PyPI with trusted publishing
+  - creates a GitHub Release with the built artifacts attached
+
+GitHub Release notes use autogenerated notes. There is no prerelease channel in this phase.

tripwire_server-0.1.0/pyproject.toml

@@ -0,0 +1,26 @@
+[build-system]
+requires = ["hatchling>=1.27.0"]
+build-backend = "hatchling.build"
+
+[project]
+name = "tripwire-server"
+version = "0.1.0"
+description = "Official Tripwire Python server SDK"
+readme = "README.md"
+license = { text = "MIT" }
+requires-python = ">=3.10"
+authors = [
+  { name = "ABXY Labs" }
+]
+dependencies = [
+  "cryptography>=42,<47",
+  "httpx>=0.27,<1"
+]
+
+[project.urls]
+Homepage = "https://github.com/abxy-labs/tripwire-server-python"
+Repository = "https://github.com/abxy-labs/tripwire-server-python"
+Issues = "https://github.com/abxy-labs/tripwire-server-python/issues"
+
+[tool.hatch.build.targets.wheel]
+packages = ["tripwire_server"]

tripwire_server-0.1.0/scripts/check-spec-sync.sh

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+SPEC_DIR="${ROOT_DIR}/spec"
+SPEC_REPO="abxy-labs/tripwire-server-sdk-spec"
+
+if [[ ! -d "${SPEC_DIR}" ]]; then
+  echo "Local spec/ directory is missing."
+  exit 1
+fi
+
+if [[ -n "${TRIPWIRE_SDK_SPEC_DIR:-}" ]]; then
+  SOURCE_DIR="${TRIPWIRE_SDK_SPEC_DIR%/}"
+  if [[ ! -d "${SOURCE_DIR}" ]]; then
+    echo "TRIPWIRE_SDK_SPEC_DIR does not exist: ${SOURCE_DIR}"
+    exit 1
+  fi
+
+  diff -ru "${SOURCE_DIR}" "${SPEC_DIR}"
+  echo "Local spec/ matches ${SOURCE_DIR}."
+  exit 0
+fi
+
+if [[ -n "${TRIPWIRE_MAIN_REPO_DIR:-}" ]]; then
+  SOURCE_DIR="${TRIPWIRE_MAIN_REPO_DIR%/}/sdk-spec/server"
+  if [[ ! -d "${SOURCE_DIR}" ]]; then
+    echo "TRIPWIRE_MAIN_REPO_DIR does not contain sdk-spec/server: ${SOURCE_DIR}"
+    exit 1
+  fi
+
+  diff -ru "${SOURCE_DIR}" "${SPEC_DIR}"
+  echo "Local spec/ matches ${SOURCE_DIR}."
+  exit 0
+fi
+
+TMP_DIR="$(mktemp -d)"
+trap 'rm -rf "${TMP_DIR}"' EXIT
+
+ARCHIVE_PATH="${TMP_DIR}/tripwire-server-sdk-spec.tar.gz"
+curl -fsSL \
+  -H "Accept: application/vnd.github+json" \
+  "https://api.github.com/repos/${SPEC_REPO}/tarball/main" \
+  -o "${ARCHIVE_PATH}"
+
+tar -xzf "${ARCHIVE_PATH}" -C "${TMP_DIR}"
+
+SOURCE_DIR="$(find "${TMP_DIR}" -mindepth 1 -maxdepth 1 -type d | head -n 1)"
+if [[ -z "${SOURCE_DIR}" ]]; then
+  echo "Could not locate the extracted ${SPEC_REPO} archive."
+  exit 1
+fi
+
+diff -ru "${SOURCE_DIR}" "${SPEC_DIR}"
+echo "Local spec/ matches the public server SDK spec source of truth."

tripwire_server-0.1.0/spec/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 ABXY Labs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.