Background services TUI dashboard for SyftBox
Project description
syft-bg
Background services for SyftBox: email notifications and auto-approval for peers and jobs.
Installation
pip install syft-bg
Python API docs — for python api docs, go here instead.
Quick Start
syft-bg init # Interactive setup wizard
syft-bg start # Start background services
syft-bg status # Check what's running
Headless Mode
# Fully automated (tokens must already exist)
syft-bg init --email user@example.com --quiet
# With custom settings
syft-bg init \
--email user@example.com \
--syftbox-root ~/SyftBox \
--notify-jobs \
--approve-jobs \
--skip-oauth
Python API
For notebooks and scripts, see the Python API docs.
Commands
syft-bg # TUI dashboard
syft-bg init # Setup wizard (interactive or headless)
syft-bg setup # Check environment (credentials, tokens, config)
syft-bg status # Show service status
syft-bg start [service] # Start all or specific service
syft-bg stop [service] # Stop all or specific service
syft-bg restart [service] # Restart all or specific service
syft-bg logs <service> # View logs (notify or approve)
syft-bg hash <file> # Generate script hash for a file
syft-bg set-script # Set approved scripts for peers
syft-bg remove-script # Remove approved scripts from peers
syft-bg remove-peer # Remove a peer from config
syft-bg list-scripts # List approved scripts per peer
syft-bg install # Install systemd service (auto-start on boot)
syft-bg uninstall # Remove systemd service
Per-Peer Script Approval
Data owners can restrict job auto-approval on a per-peer basis.
Each peer gets a list of approved scripts (name + SHA256 hash).
Only jobs that match every submitted .py file against the approved list are auto-approved.
Setting up approved scripts
# Approve a single script for one or more peers
syft-bg set-script main.py -p alice@uni.edu -p bob@co.com
# Approve multiple scripts
syft-bg set-script main.py utils.py -p charlie@org.com
# Approve all .py files in a directory
syft-bg set-script ./src/ -p alice@uni.edu
# Replace all existing scripts (instead of adding)
syft-bg set-script main.py -p alice@uni.edu --replace
Managing scripts and peers
# List all peers and their approved scripts
syft-bg list-scripts
# List scripts for a specific peer
syft-bg list-scripts -p alice@uni.edu
# Remove a script from a peer
syft-bg remove-script utils.py -p alice@uni.edu
# Remove a peer entirely
syft-bg remove-peer alice@uni.edu
How validation works
When a job is submitted, the approval service checks:
- The submitting peer must be in the
peersconfig - Every
.pyfile in the job must match an approved script name - The SHA256 hash of each file must match the approved hash
Rejection reasons are specific: "unknown peer", "unapproved file", "hash mismatch".
CLI Flags for syft-bg init
| Flag | Description |
|---|---|
--email, -e |
Data Owner email address |
--syftbox-root |
SyftBox directory path |
--yes, -y |
Auto-confirm config overwrite |
--quiet, -q |
No prompts, use defaults (implies --skip-oauth) |
--skip-oauth |
Skip OAuth setup (tokens must exist) |
--notify-jobs/--no-notify-jobs |
Job email notifications |
--notify-peers/--no-notify-peers |
Peer email notifications |
--notify-interval |
Notification check interval (seconds) |
--approve-jobs/--no-approve-jobs |
Auto-approve jobs |
--approve-peers/--no-approve-peers |
Auto-approve peers |
--approved-domains |
Approved domains for peer approval (comma-separated) |
--approve-interval |
Approval check interval (seconds) |
--credentials-path |
Path to credentials.json |
--gmail-token |
Path to existing Gmail token |
--drive-token |
Path to existing Drive token |
Environment Check
$ syft-bg setup
SYFT-BG ENVIRONMENT CHECK
==================================================
Checking credentials...
✓ credentials.json found at ~/.syft-creds/credentials.json
Checking authentication tokens...
✓ Gmail token: ~/.syft-creds/gmail_token.json
✓ Drive token: ~/.syft-creds/token_do.json
Checking configuration...
✓ Config file: ~/.syft-creds/config.yaml
--------------------------------------------------
✅ Environment ready! Run 'syft-bg start' to begin.
OAuth Setup
Two OAuth flows are required (same credentials.json, separate tokens):
- Gmail →
gmail_token.json(send email permission) - Drive →
token_do.json(read/write files permission)
Interactive mode: Prints OAuth URL, you paste the authorization code back.
Headless mode (--quiet): Skips OAuth, requires tokens to already exist.
To get credentials.json:
- Go to Google Cloud Console → APIs & Services → Credentials
- Create OAuth 2.0 Client ID (Desktop app)
- Download as credentials.json
- Place at
~/.syft-creds/credentials.json
Services
notify
Sends email notifications via Gmail when:
- A peer requests to connect with you
- Your peer request is approved by someone
- A data scientist submits a job to you
- A job you submitted is approved
- A job completes (results ready)
- A job is rejected (with reason sent to the data scientist)
DO notifications are threaded per job (new → approved/rejected → completed in one Gmail conversation).
approve
Auto-approves peers and jobs based on your config:
- Peers: Auto-accept connection requests from approved domains
- Jobs: Auto-approve if every submitted script matches an approved name + hash for that peer
Configuration
Config stored at ~/.syft-creds/config.yaml (Colab: /content/drive/MyDrive/syft-creds/config.yaml).
do_email: you@example.com
syftbox_root: ~/SyftBox
notify:
interval: 30
monitor_jobs: true
monitor_peers: true
approve:
interval: 5
jobs:
enabled: true
peers:
alice@uni.edu:
mode: strict
scripts:
- name: main.py
hash: 'sha256:a1b2c3d4...'
- name: utils.py
hash: 'sha256:e5f6a7b8...'
bob@co.com:
mode: strict
scripts:
- name: main.py
hash: 'sha256:c9d0e1f2...'
peers:
enabled: false
approved_domains:
- openmined.org
After editing, restart services:
syft-bg restart
Systemd Integration
Auto-start syft-bg on boot (Linux):
syft-bg install # Creates ~/.config/systemd/user/syft-bg.service
systemctl --user enable syft-bg
systemctl --user start syft-bg
# Check status
systemctl --user status syft-bg
# Remove
syft-bg uninstall
Logs
syft-bg logs notify # Notification service logs
syft-bg logs approve # Approval service logs
syft-bg logs notify -f # Follow logs in real-time
Log files stored at ~/.syft-creds/logs/.
Colab / Jupyter
See the Python API docs for programmatic usage. Drive credentials are handled natively in Colab.
Development
Run services in foreground for debugging:
syft-bg run --service notify # Run notify in foreground
syft-bg run --service approve # Run approve in foreground
syft-bg run --once # Single check cycle, then exit
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file syft_bg-0.3.3.tar.gz.
File metadata
- Download URL: syft_bg-0.3.3.tar.gz
- Upload date:
- Size: 51.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
586e47bb24475f30609de5697d3fbf9ec61503809f5c0a3f44618e1779002632
|
|
| MD5 |
7a48c0f263a7d8f35d39a4e7f39f9779
|
|
| BLAKE2b-256 |
9652733f4ed8ec4c33408a9785b0020a918aeaf5973517f46abb5d5d5e2e26f0
|
File details
Details for the file syft_bg-0.3.3-py3-none-any.whl.
File metadata
- Download URL: syft_bg-0.3.3-py3-none-any.whl
- Upload date:
- Size: 78.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
694181aa25af293ccc257cad76d36c3fb256ca4e70d0e38b56d1fd5088c2a247
|
|
| MD5 |
1c3d2833f95bae63aebe570362c23da9
|
|
| BLAKE2b-256 |
919efb4cb964406a2f4676354a7a486a4b4b611b4978ed1e39b9e74776bb2f94
|
