Skip to content

PySafeguard 8.0 — Complete Pythonic redesign of the SDK#24

Merged
petrsnd merged 36 commits intomainfrom
feature/petrsnd/major-revision
Apr 28, 2026
Merged

PySafeguard 8.0 — Complete Pythonic redesign of the SDK#24
petrsnd merged 36 commits intomainfrom
feature/petrsnd/major-revision

Conversation

@petrsnd
Copy link
Copy Markdown
Member

@petrsnd petrsnd commented Apr 28, 2026

PySafeguard 8.0 — Complete Pythonic redesign of the SDK

Summary

This is a complete refactor of PySafeguard with a modern, Pythonic API. The version has been bumped to 8.0.0 to reflect the breaking changes. The README has been updated with a guide to upgrade existing code.

What changed

New SDK API

  • SafeguardClient / AsyncSafeguardClient replace PySafeguardConnection / Connection / AsyncConnection
  • Auth strategy objects (PasswordAuth, CertificateAuth, PkceAuth, TokenAuth) replace factory functions (connect_password, connect_certificate, etc.)
  • Typed HTTP verb methods (get, post, put, delete) replace the generic invoke() method
  • A2AContext / AsyncA2AContext replace the a2a_get_credential() class method
  • SafeguardEventListener / PersistentSafeguardEventListener replace register_signalr_*() with a fluent .on() API and context manager support
  • Structured error hierarchy (SafeguardErrorApiErrorAuthenticationError / AuthorizationError / NotFoundError) replaces flat exceptions
  • HiddenString for credential protection throughout
  • Streaming support: stream(), download(), upload()
  • Full type annotations passing mypy --strict

PKCE as recommended auth

  • PkceAuth is now the recommended authentication method — Resource Owner Grant (ROG) is disabled by default on recent Safeguard appliances
  • README updated to lead with PKCE examples and document the ROG change

Updated samples

  • All 10 sample scripts rewritten for the 8.0 API
  • Added new PkceExample.py

Modernized CI/CD pipeline

  • Restructured azure-pipelines.yml to match SafeguardDotNet patterns: template-based with separate PR validation and build/publish jobs
  • Added pipeline-templates/ with shared build steps (install, version, lint, type check, test, build)
  • Added versionnumber.ps1 that reads version from pyproject.toml (single source of truth) and applies .devN suffix for prerelease builds
  • CI now runs ruff check, ruff format --check, mypy, and pytest on every PR and merge
  • PyPI publish remains tag-gated

Tests

  • 257 unit tests covering client lifecycle, request logic, auth strategies, error hierarchy, A2A, events, PKCE, utilities, and public API surface
  • 154 integration tests for live appliance validation (client CRUD, A2A, events, streaming)

Migration

A full migration guide from 7.x to 8.0 is included at the bottom of README.md.

petrsnd added 30 commits April 27, 2026 17:15
@petrsnd
Adding transport/session layer, exception unification
7ddfec9
@petrsnd
Added support for connect lifecycle and reauth plus PKCE
a5000db
@petrsnd
updated async with changes
e9c0a8b
@petrsnd
Fix unit test mocks for changes
a37c410
@petrsnd
Add new tests
da3dcfa
@petrsnd
Add better event support
c5b0960
@petrsnd
upgraded a2a support
94017fb
@petrsnd
Added support for streaming apis
7d1adad
@petrsnd
Major refactor for more Pythonic API
370e582
@petrsnd
Refactor to remove previous implementations and add tests
6359fb8
@petrsnd
Continued refactoring
d4753ec
@petrsnd
a2a integration tests and fixes
b257b2c
@petrsnd
standardize naming for objects created during tests
510abd8
@petrsnd
Better integration tests
fc3f1dd
@petrsnd
better event and streaming integration tests
75764cb
@petrsnd
Handle ROG is off by default
d38712f
@petrsnd
update samples to work with the new sdk
1cd7727
@petrsnd
readme reference to samples
2b758e7
@petrsnd
rework the build pipeline to be more similar to other open source pro…
1d5dba5 
…jects
@petrsnd
update with pkce example
d95be3d
@petrsnd
add the persistent listener example
39ba35a
@petrsnd
resolving an issue where library requires aiohttp when it should be o…
9b8e9d6 
…ptional
@petrsnd
Fix threadsafe event registry and sync download error details
e9dbb88
@petrsnd
Fixed char len in Hidden string and internal access pattern for respo…
910210d 
…nse bodies
@petrsnd
Changed query default from {} to None with a conditional urlencode
5e3b7c9
@petrsnd
fix async issues and pkce
f335289
@petrsnd
deduplicated code for pkce between sync and async
6d8754f
@petrsnd
provider lookup algorithm improvements
15fcd7e
@petrsnd
token handling in listeners
033d764
@petrsnd
Fix async download double read
9ebc18a
petrsnd and others added 6 commits April 28, 2026 15:12
@petrsnd
CA bundle handling in event listeners
debaff3
@petrsnd
commit poetry.lock
7d201be
@petrsnd
Fix CI: accept pipeline variables as strings in versionnumber.ps1
83be716 
Azure Pipelines macro-expands variables as plain strings, so passing
$(isPrerelease) with $$ escaping to produce a PowerShell $True
literal doesn't work reliably (330771$(isPrerelease) becomes $$True).

Fix by:
- Passing variables as-is (no $$ escaping) in build-steps.yml
- Changing versionnumber.ps1 parameters from [bool]/implicit to [string]
- Converting to booleans inside the script with string comparison

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@petrsnd
use poetry run to execute build steps from venv
a30c3c6
@petrsnd
Don't actually need the prerelease flag
dd5c131
@petrsnd
always release to github but release tags to PyPI
dc14777
@petrsnd petrsnd merged commit 582bae4 into main Apr 28, 2026
2 checks passed
@petrsnd petrsnd deleted the feature/petrsnd/major-revision branch April 28, 2026 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@petrsnd