NewCo Suite Python SDK — AuthPort + Clerk/Authentik/OIDC adapters + FastAPI dependencies
Project description
newco-sdk
Python SDK for the NewCo Suite. v0.1.0 ships the newco_sdk.auth surface only — AuthPort + Clerk / Authentik / OIDC adapter stubs + FastAPI Depends() helpers. Pydantic v2 models that mirror @newco-ai-platform/types/auth (TypeScript) field-for-field.
Agent, BaseTool, BaseLLMProvider re-exports are deferred to v0.2.0 (Phase 4 of the bootstrap plan) — NEURON vendors them directly in Phase 3, and the SDK extracts them once PRISM also needs them (lazy abstraction).
Why this exists
Every NewCo backend (PRISM, NEURON, VAULT, CATALYST, MERIDIAN, platform) needs to authenticate users without coupling to a specific identity provider. Business logic depends only on the AuthPort protocol; Clerk / Authentik / customer-OIDC slot in as adapters at runtime via the AUTH_PROVIDER env var.
This is the difference between a Clerk-locked app and one that ships sovereign deployments through Authentik on day one without touching application code.
Install
uv add newco-sdk # via uv (recommended)
pip install newco-sdk # via pip
Quick start (FastAPI)
from typing import Annotated
from fastapi import FastAPI, Depends
from newco_sdk.auth import User
from newco_sdk.auth.fastapi import get_current_user, require_permission
app = FastAPI()
@app.get("/me")
async def me(user: Annotated[User, Depends(get_current_user)]) -> dict:
return {"id": str(user.id), "email": user.email}
@app.post("/workflows/{slug}/run")
async def run_workflow(
slug: str,
user: Annotated[User, Depends(require_permission("workflow:run"))],
) -> dict:
return {"started_by": str(user.id), "workflow": slug}
Set AUTH_PROVIDER=clerk (or authentik, oidc) in the environment — no code change to swap providers.
What's in newco_sdk.auth
| Symbol | Purpose |
|---|---|
AuthPort |
@runtime_checkable Protocol with verify, current_user, has_permission, list_orgs, sign_out. Business logic depends on this; never on a provider SDK directly. |
User, Org, Role, Permission, Session, IdentityProvider |
Pydantic v2 domain primitives. Field-for-field parity with @newco-ai-platform/types/auth. model_config = ConfigDict(extra="forbid") = the zod .strict() equivalent. |
CURRENT_SCHEMA_VERSION |
Constant = 1. Mirrors the TS export; must match across language boundaries. |
get_auth_port() |
Resolves the active adapter from AUTH_PROVIDER env var (defaults to clerk). Returns an AuthPort instance. |
register_adapter(name, factory) |
Register additional adapters (e.g. test fixtures, customer-specific OIDC variants). |
What's deliberately NOT in v0.1.0
- Wired adapter implementations.
ClerkAuthAdapter/AuthentikAuthAdapter/OIDCAuthAdapterare scaffolds — they satisfy theAuthPortprotocol but every method raisesNotImplementedError. Real wire-up to provider SDKs lands in a follow-up before NEURON Phase 3 needs to authenticate end-to-end. newco_sdk.agent/newco_sdk.tool/newco_sdk.llm. Deferred to v0.2.0 once PRISM also needs them — lazy abstraction.newco_sdk.hash_chain. Python implementation of the canonical-JSON + SHA-256 audit-chain spec from@newco-ai-platform/types/hash-chain. Will ship in v0.2.0 alongside Phase 2 step 10 (suite_contracts.md), with the cross-language conformance fixture7909a7…fe36as a binding test.
Schema version contract
Every cross-language envelope carries schema_version: int. The Python SDK exposes the same CURRENT_SCHEMA_VERSION = 1 constant. Consumers:
- Match version → parse strictly. Pydantic models reject unknown keys (
extra="forbid") and requireschema_versionto equal the literal value. A new field requires aschema_versionbump in both TS and Python — out-of-sync bumps are caught by the parity tests. - Future version → log + drop. Consumer expecting v1 that receives v2 logs the rejection and drops the envelope. Never throws into the request pipeline.
Development
cd packages/sdk-py
uv sync # creates .venv, installs runtime + dev deps
uv run pytest # run tests
uv run mypy newco_sdk # type-check
uv run ruff check # lint
uv run ruff format # auto-format
License
UNLICENSED — internal to NewCo Suite. Contact hardeeparora@gmail.com for licensing.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file newco_sdk-0.1.1.tar.gz.
File metadata
- Download URL: newco_sdk-0.1.1.tar.gz
- Upload date:
- Size: 45.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.6.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
93f270a340fb2aa7515d8d217eff7e7cbf769e7bc468baa8361977f9a9eed24c
|
|
| MD5 |
e79c19be6f28e40b46a73df844de3c33
|
|
| BLAKE2b-256 |
d14b3c71b313b365ec967ddb7bdead776585bb3bb985d9a6d93858a4adcad1f8
|
File details
Details for the file newco_sdk-0.1.1-py3-none-any.whl.
File metadata
- Download URL: newco_sdk-0.1.1-py3-none-any.whl
- Upload date:
- Size: 15.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.6.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c8481eececb429ddaaca7d8adb87a55446a31690619a16a61097596db2963cee
|
|
| MD5 |
8f8490331ad9006a198746151e124c47
|
|
| BLAKE2b-256 |
596f7249a8b6a35d774b375806891c105e5f7a2150d754d72202d378ba34e6e3
|
