From 229190cfe4c29e153c40894b81cee49478d3a245 Mon Sep 17 00:00:00 2001 From: Gk Date: Sat, 4 Apr 2026 13:15:18 -0700 Subject: [PATCH 1/5] chore: pipeline validation test --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b9eec10..e6ef832 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,4 @@ + > **For AI agents:** This is the official Python SDK for CueAPI. Run `pip install cueapi-sdk`. Your API key is in `CUEAPI_API_KEY`. Create a client: `client = CueAPI(os.environ["CUEAPI_API_KEY"])`. Schedule a task: `client.cues.create(name="task-name", cron="0 9 * * *", callback="https://your-handler.com", payload={})`. For agents without a public URL: set `transport="worker"` and run `pip install cueapi-worker`, then define a handler with `@worker.handler("task-name")` returning `{"success": true}` or `{"success": false, "error": "reason"}`. List executions: `client.executions.list()`. Get one: `client.executions.get("exec_id")`. Do not retry on `AuthenticationError` or `CueLimitExceededError`. Wait `e.retry_after` seconds on `RateLimitError`. # cueapi-sdk From bc5b84c9547c07e5157cf45ec35e388e556ae71a Mon Sep 17 00:00:00 2001 From: Govind Kavaturi Date: Sun, 12 Apr 2026 12:59:06 -0700 Subject: [PATCH 2/5] security: add PEP 740 attestations to PyPI publish (#17) * security: add PEP 740 attestations to PyPI publish workflow - Pin pypa/gh-action-pypi-publish to SHA (v1.14.0) - Enable attestations: true for PEP 740 provenance - Add test job before publish (tests must pass before release) - Add explicit permissions: { contents: read } at workflow level - Bump version to 0.1.1 - Document attestation in README Co-Authored-By: Claude Opus 4.6 * fix: remove test job from publish workflow SDK tests are integration tests requiring staging API + service containers. They run on PRs via feature-to-main.yml. The publish workflow trusts that tests passed during the PR process. Co-Authored-By: Claude Opus 4.6 --------- Co-authored-by: Gk Co-authored-by: Claude Opus 4.6 --- .github/workflows/publish.yml | 14 ++++++++++---- README.md | 6 ++++++ pyproject.toml | 2 +- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2d867fd..d3ed6f4 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -5,16 +5,20 @@ on: tags: - "v*" +permissions: + contents: read + jobs: publish: + name: Publish to PyPI runs-on: ubuntu-latest permissions: id-token: write + contents: read steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.7 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - name: Set up Python - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.3.0 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: "3.12" @@ -25,4 +29,6 @@ jobs: run: python -m build - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.12.3 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 + with: + attestations: true diff --git a/README.md b/README.md index e6ef832..97ea027 100644 --- a/README.md +++ b/README.md @@ -268,6 +268,12 @@ See [`/examples`](examples/) for working code: --- +## Releases + +Releases are published to PyPI with PEP 740 attestations via GitHub Actions Trusted Publishing. + +--- + ## License MIT. See [LICENSE](LICENSE). diff --git a/pyproject.toml b/pyproject.toml index 1a598ac..1412570 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "hatchling.build" [project] name = "cueapi-sdk" -version = "0.1.0" +version = "0.1.1" description = "The official Python SDK for CueAPI — scheduling infrastructure for agents" readme = "README.md" license = { text = "MIT" } From 63a4a59c170b8ad52ba1ea2df9d160a504c27974 Mon Sep 17 00:00:00 2001 From: Govind Kavaturi Date: Sun, 12 Apr 2026 13:21:55 -0700 Subject: [PATCH 3/5] fix: add Bug Tracker URL to PyPI metadata (#18) The cueapi-sdk package on PyPI was missing the Bug Tracker project URL, meaning users had no link to report issues. Adds the correct URL pointing to https://github.com/cueapi/cueapi-python/issues. Also bumps version to 0.1.2 (metadata-only patch) and syncs __version__ in __init__.py. Co-authored-by: Gk Co-authored-by: Claude Opus 4.6 --- cueapi/__init__.py | 2 +- pyproject.toml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/cueapi/__init__.py b/cueapi/__init__.py index fc882f3..3dc5817 100644 --- a/cueapi/__init__.py +++ b/cueapi/__init__.py @@ -14,7 +14,7 @@ from cueapi.resources.executions import ExecutionsResource from cueapi.webhook import verify_webhook -__version__ = "0.1.0" +__version__ = "0.1.2" __all__ = [ "CueAPI", diff --git a/pyproject.toml b/pyproject.toml index 1412570..89f258c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "hatchling.build" [project] name = "cueapi-sdk" -version = "0.1.1" +version = "0.1.2" description = "The official Python SDK for CueAPI — scheduling infrastructure for agents" readme = "README.md" license = { text = "MIT" } @@ -32,6 +32,7 @@ dependencies = [ Homepage = "https://cueapi.ai" Documentation = "https://docs.cueapi.ai" Repository = "https://github.com/cueapi/cueapi-python" +"Bug Tracker" = "https://github.com/cueapi/cueapi-python/issues" [tool.pytest.ini_options] testpaths = ["tests"] From 156ed371a02cc7b61e4d92469b73e48da5181c09 Mon Sep 17 00:00:00 2001 From: Gk Date: Tue, 14 Apr 2026 22:48:53 -0700 Subject: [PATCH 4/5] chore(meta): fix license mismatch (Apache-2.0), expand PyPI metadata, bump to 0.1.3 Reconciles pyproject.toml license with LICENSE file content and repo description (Apache-2.0, not MIT). Adds Trove classifiers, expanded keyword list, maintainers block, and Changelog/Source Code/Status Page URLs. No code changes. --- pyproject.toml | 42 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 36 insertions(+), 6 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 89f258c..c5cce87 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,24 +4,51 @@ build-backend = "hatchling.build" [project] name = "cueapi-sdk" -version = "0.1.2" -description = "The official Python SDK for CueAPI — scheduling infrastructure for agents" +version = "0.1.3" +description = "Official Python SDK for CueAPI — open-source execution accountability primitive for AI agents. Schedule agent work, require evidence-backed outcomes, and gate execution with write-once verification." readme = "README.md" -license = { text = "MIT" } +license = { text = "Apache-2.0" } requires-python = ">=3.9" -authors = [{ name = "CueAPI", email = "support@cueapi.ai" }] -keywords = ["cueapi", "scheduling", "ai-agents", "cron", "webhooks", "sdk"] +authors = [{ name = "Vector Apps", email = "support@cueapi.ai" }] +maintainers = [{ name = "Vector Apps", email = "support@cueapi.ai" }] +keywords = [ + "cueapi", + "ai-agents", + "agent-infrastructure", + "scheduling", + "cron", + "webhooks", + "sdk", + "llm", + "llm-observability", + "accountability", + "verification", + "outcome-reporting", + "claude", + "gpt", + "gemini", +] classifiers = [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", - "License :: OSI Approved :: MIT License", + "Intended Audience :: System Administrators", + "Intended Audience :: Information Technology", + "License :: OSI Approved :: Apache Software License", + "Operating System :: OS Independent", + "Programming Language :: Python", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", "Programming Language :: Python :: 3.13", + "Programming Language :: Python :: 3 :: Only", "Topic :: Software Development :: Libraries", + "Topic :: Software Development :: Libraries :: Python Modules", + "Topic :: System :: Monitoring", + "Topic :: System :: Distributed Computing", + "Topic :: Internet :: WWW/HTTP", + "Typing :: Typed", ] dependencies = [ "httpx>=0.24.0", @@ -33,6 +60,9 @@ Homepage = "https://cueapi.ai" Documentation = "https://docs.cueapi.ai" Repository = "https://github.com/cueapi/cueapi-python" "Bug Tracker" = "https://github.com/cueapi/cueapi-python/issues" +Changelog = "https://github.com/cueapi/cueapi-python/blob/main/CHANGELOG.md" +"Source Code" = "https://github.com/cueapi/cueapi-python" +"Status Page" = "https://status.cueapi.ai" [tool.pytest.ini_options] testpaths = ["tests"] From ac957e269c3747635e22c83802f62602fb42e39a Mon Sep 17 00:00:00 2001 From: Govind Kavaturi Date: Sun, 19 Apr 2026 16:28:30 -0700 Subject: [PATCH 5/5] feat(executions): add result_ref kwarg to report_outcome (#20) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The server's /v1/executions/{id}/outcome endpoint already accepts a `result_ref` evidence field (see OutcomeRequest in cueapi/cueapi app/schemas/outcome.py). The SDK's report_outcome was missing it, forcing callers who want to attach a reference ID to fall back to either raw HTTP or using an unrelated field like external_id. Single-line addition in executions.py: new kwarg, forwarded to the POST body when provided, same shape as every other evidence field. Companion change in cueapi-worker 0.3.0 (monorepo PR in cueapi/cueapi) exposes the same field on its WorkerAPIClient so worker-transport handlers can surface result_ref via the new CUEAPI_OUTCOME_FILE pattern. No behavioral change for existing callers — kwarg is optional and defaults to None. Co-authored-by: Gk --- cueapi/resources/executions.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cueapi/resources/executions.py b/cueapi/resources/executions.py index 4a4d017..713a28d 100644 --- a/cueapi/resources/executions.py +++ b/cueapi/resources/executions.py @@ -58,6 +58,7 @@ def report_outcome( metadata: Optional[dict] = None, external_id: Optional[str] = None, result_url: Optional[str] = None, + result_ref: Optional[str] = None, result_type: Optional[str] = None, summary: Optional[str] = None, artifacts: Optional[list] = None, @@ -74,6 +75,8 @@ def report_outcome( body["external_id"] = external_id if result_url is not None: body["result_url"] = result_url + if result_ref is not None: + body["result_ref"] = result_ref if result_type is not None: body["result_type"] = result_type if summary is not None: