zeno-cli 0.3.6__tar.gz → 0.3.8__tar.gz

{zeno_cli-0.3.6 → zeno_cli-0.3.8}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: zeno-cli
-Version: 0.3.6
+Version: 0.3.8
 Summary: Zeno CLI - measure the supervision cost of AI-assisted work
 Project-URL: Homepage, https://zeno.center
 Project-URL: Repository, https://github.com/Marwan01/zeno

{zeno_cli-0.3.6 → zeno_cli-0.3.8}/_vendor_build/zeno_sdk/_generated/client.py

@@ -574,6 +574,20 @@ class ZenoApiClient:
             headers=headers,
         )
 
+    def capture_recent(self, *, limit: str | None = None) -> dict[str, Any]:
+        """GET /v1/capture/recent"""
+        query: dict[str, str] | None = None
+        headers: dict[str, str] | None = None
+        query = {}
+        if limit is not None:
+            query["limit"] = str(limit)
+        return self._request(
+            "GET",
+            "/v1/capture/recent",
+            query=query,
+            headers=headers,
+        )
+
     def capture_stream(self) -> dict[str, Any]:
         """GET /v1/capture/stream"""
         query: dict[str, str] | None = None

{zeno_cli-0.3.6 → zeno_cli-0.3.8}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "zeno-cli"
-version = "0.3.6"
+version = "0.3.8"
 description = "Zeno CLI - measure the supervision cost of AI-assisted work"
 readme = "README.md"
 requires-python = ">=3.12"

{zeno_cli-0.3.6 → zeno_cli-0.3.8}/src/zeno_cli/_hooks/cc_bridge.py

@@ -197,8 +197,8 @@ def _api_base_url() -> str:
 def _api_token() -> str | None:
     """Bearer token for the capture push, when one is available.
 
-    Checks the explicit env var first (matches the SDK client's ZENO_API_TOKEN
-    precedence), then the keyring slot `zeno login` writes (service "zeno-sdk",
+    Checks the explicit env var first (same precedence as the CLI's
+    resolve_api_token), then the keyring slot `zeno login` writes (service "zeno-sdk",
     key "clerk_jwt"). The keyring lookup is best-effort: keyring is an optional
     dependency and may be absent under the system python the hook runs on.
     Returns None on the tailnet Mini, where identity comes from a header the
@@ -279,9 +279,22 @@ def _idempotency_key(body: dict) -> str:
     return f"{body['device_id']}:{body['session_id']}:{entity}"
 
 
-def _post_ingest(body: dict, timeout_s: float) -> bool:
+# Sentinel for "token not supplied -> resolve it here", distinct from a resolved
+# None ("no token, tailnet path"). Lets _maybe_push pass the once-resolved value
+# (str OR None) down so neither the public nor the Mini path re-reads the keyring
+# per drained line.
+_UNSET = object()
+
+
+def _post_ingest(body: dict, timeout_s: float, token=_UNSET) -> bool:
     """POST one ingest body. Returns True on a 2xx, False on any failure. Never
-    raises (all exceptions -> False). urllib + an explicit socket timeout only."""
+    raises (all exceptions -> False). urllib + an explicit socket timeout only.
+
+    ``token`` is the pre-resolved bearer (see _maybe_push); pass it so a drain of
+    many spooled lines does not re-read the OS keyring per line. When omitted
+    (_UNSET; direct callers/tests) it is resolved once here. An explicit None means
+    "no token" (tailnet path) and is used as-is without re-resolving.
+    """
     url = _api_base_url() + SYNC_PATH
     data = json.dumps(body).encode("utf-8")
     headers = {
@@ -291,9 +304,9 @@ def _post_ingest(body: dict, timeout_s: float) -> bool:
     # Attach the Clerk bearer token when one is available so the push authenticates
     # against a public API (Cloud Run). Absent it (tailnet Mini), the push relies on
     # the identity header the `tailscale serve` proxy injects - unchanged behavior.
-    token = _api_token()
-    if token:
-        headers["Authorization"] = "Bearer " + token
+    resolved = _api_token() if token is _UNSET else token
+    if resolved:
+        headers["Authorization"] = "Bearer " + resolved
     req = urllib.request.Request(
         url,
         data=data,
@@ -342,10 +355,11 @@ def _trim_outbox(path: Path) -> None:
         _debug(f"trim_outbox failed: {exc}")
 
 
-def _drain_outbox(timeout_s: float) -> None:
+def _drain_outbox(timeout_s: float, token=_UNSET) -> None:
     """After a live push, best-effort + time-boxed drain of a few spooled lines.
     Pushes oldest-first; stops at the budget, the line cap, or the first failure
-    (so an offline window doesn't re-spin). Rewrites the outbox with the remainder."""
+    (so an offline window doesn't re-spin). Rewrites the outbox with the remainder.
+    ``token`` is threaded to _post_ingest so the keyring is read once per drain."""
     path = _outbox_path()
     try:
         if not path.exists():
@@ -367,7 +381,7 @@ def _drain_outbox(timeout_s: float) -> None:
         except Exception:
             consumed += 1  # unparseable - drop it, keep draining
             continue
-        if not _post_ingest(body, timeout_s):
+        if not _post_ingest(body, timeout_s, token):
             break  # stop on first failure; leave this line + the rest spooled
         consumed += 1
     if consumed == 0:
@@ -403,8 +417,12 @@ def _maybe_push(event: str, payload: dict) -> None:
         if body is None:
             return
         timeout_s = _sync_timeout_s()
-        if _post_ingest(body, timeout_s):
-            _drain_outbox(timeout_s)
+        # Resolve the bearer ONCE per hook invocation (an OS keyring read is not
+        # bounded by the socket timeout); thread it through the drain so a
+        # multi-line drain never re-reads the keyring on the hot Stop path.
+        token = _api_token()
+        if _post_ingest(body, timeout_s, token):
+            _drain_outbox(timeout_s, token)
         else:
             _spool(body)
     except Exception as exc:  # network/build path must never break the hook

{zeno_cli-0.3.6 → zeno_cli-0.3.8}/src/zeno_cli/login.py

@@ -18,17 +18,17 @@ apps/api/src/zeno_api/auth.py).
 
 The security control on the callback today is the CSRF `state` token (browser +
 loopback, state-CSRF) - NOT PKCE. The bridge returns the token directly in the
-redirect; there is no authorization-code-for-token exchange, so a PKCE verifier
-would be unused theater. TODO: when the dashboard `/cli/authorize` bridge ships,
-implement a real OAuth code-for-token exchange (PKCE S256: send a code_challenge,
-receive a short-lived auth code on the callback, then POST code + code_verifier
-to the bridge to redeem the JWT) instead of receiving the token in the URL.
-
-OUT OF SCOPE / FOLLOW-UP: the dashboard `/cli/authorize` bridge page and the
-Clerk `zeno-api` JWT template do NOT exist yet. They are the only missing
-pieces for an end-to-end login. This module is fully unit-testable without them
-because `authorize_url` is injectable (env `ZENO_LOGIN_AUTHORIZE_URL`, flag
-`--authorize-url`) and the loopback leg is driven by a fake "browser" in tests.
+redirect to the localhost loopback; there is no authorization-code-for-token
+exchange, so a PKCE verifier would be unused theater. FOLLOW-UP (hardening): a
+real OAuth code-for-token exchange (PKCE S256: send a code_challenge, receive a
+short-lived auth code on the callback, then POST code + code_verifier to the
+bridge to redeem the JWT) instead of receiving the token in the URL.
+
+LIVE: the dashboard `/cli/authorize` bridge page (apps/cognition-dashboard) and
+the Clerk `zeno-api` JWT template both exist; `DEFAULT_AUTHORIZE_URL` points at
+the deployed bridge. The module stays fully unit-testable because `authorize_url`
+is injectable (env `ZENO_LOGIN_AUTHORIZE_URL`, flag `--authorize-url`) and the
+loopback leg is driven by a fake "browser" in tests.
 """
 
 from __future__ import annotations