51ad567fd0
* feat(security): add plugin content integrity verification (SHA256) SDK-side follow-up to molecule-core PR #1019 (pinned-ref supply-chain fix). Changes: - verify_plugin_sha256(plugin_dir, expected_sha) — content-addressed manifest hash over sorted (relpath, SHA256(content)) pairs; plugin.yaml excluded from its own hash to avoid circular dependency - _walk_files(root) / _sha256_file(path) — internal helpers - install_plugin() calls verify_sha256 after atomic rename; on mismatch deletes plugin dir and raises ValueError before setup.sh runs - PLUGIN_YAML_SCHEMA gains optional sha256 field (64-char lowercase hex) - validate_manifest() validates sha256 format when present Tests (12 new): - sha256_file correctness, walk_files ordering, verify_* (match/mismatch/invalid) - install_plugin sha256 verified: setup.sh runs - install_plugin sha256 mismatch: raises ValueError, setup.sh NOT run - install_plugin no sha256: backward-compat, skips verification - validate_manifest sha256: valid/invalid/non-hex/absent Pre-existing: 4 async tests in test_sdk.py fail without pytest-asyncio (not related to this change). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(tests): add pytest-asyncio markers to async adaptor tests The 4 tests using async def were failing because pytest-asyncio was not installed and pytest.ini set asyncio_mode=auto (which requires it). Add @pytest.mark.asyncio to each async test and add pytest-asyncio as a test optional dependency so CI gets the right extras when installing. Fixes: 4 FAILED tests in test_sdk.py --------- Co-authored-by: Molecule AI SDK-Dev <sdk-dev@agents.moleculesai.app> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
39 lines
1.2 KiB
TOML
39 lines
1.2 KiB
TOML
[build-system]
|
|
requires = ["setuptools>=68"]
|
|
build-backend = "setuptools.build_meta"
|
|
|
|
[project]
|
|
name = "molecule-ai-sdk"
|
|
version = "0.2.0"
|
|
description = "Molecule AI SDK — build plugins (molecule_plugin) AND remote agents that join a Molecule AI org from another machine (molecule_agent)."
|
|
readme = "README.md"
|
|
requires-python = ">=3.11"
|
|
license = { text = "MIT" }
|
|
authors = [{ name = "Molecule AI" }]
|
|
keywords = ["agents", "ai", "multi-agent", "a2a", "plugins", "saas", "remote-agent"]
|
|
classifiers = [
|
|
"Development Status :: 4 - Beta",
|
|
"Intended Audience :: Developers",
|
|
"License :: OSI Approved :: MIT License",
|
|
"Programming Language :: Python :: 3",
|
|
"Programming Language :: Python :: 3.11",
|
|
"Programming Language :: Python :: 3.12",
|
|
"Programming Language :: Python :: 3.13",
|
|
]
|
|
dependencies = [
|
|
"pyyaml>=6.0",
|
|
"requests>=2.31",
|
|
]
|
|
|
|
[project.optional-dependencies]
|
|
test = ["pytest-asyncio>=0.24"]
|
|
|
|
[project.urls]
|
|
Homepage = "https://github.com/hongmingw/molecule-monorepo"
|
|
Repository = "https://github.com/hongmingw/molecule-monorepo"
|
|
Documentation = "https://github.com/hongmingw/molecule-monorepo/tree/main/sdk/python"
|
|
|
|
[tool.setuptools.packages.find]
|
|
include = ["molecule_plugin*", "molecule_agent*"]
|
|
exclude = ["template*", "tests*"]
|