
    4Rj                       U d dl mZ d dlZd dlZd dlmZmZ d dlmZ d dl	Z	ddl
mZ ddlmZ dd	lmZ d
gZ ej"                  e      Zded<    ej*                         Z e       Zded<   ddZddZddZ G d d
e	j8                        Zy)    )annotationsN)	GeneratorAsyncGenerator)override   )
TokenCache   )asyncify)OAUTH_API_BETA_HEADERAccessTokenAuthzlogging.Loggerlogzset[str]_warn_once_seenc                    t         5  | t        v r
	 ddd       yt        j                  |        ddd       t        j                  |g|  y# 1 sw Y    xY w)z8Emit a log warning at most once per ``key`` per process.N)_warn_once_lockr   addr   warning)keymessageargss      g/var/www/html/meridian/meridian-ai/venv/lib/python3.12/site-packages/anthropic/lib/credentials/_auth.py
_warn_oncer      sR    	 !/!! ! 	C ! KK$	! !s   
AAAc                $    t        d|  d|        y)ag  Warn that an explicit ``api_key=`` / ``auth_token=`` argument shadows
    an explicit ``credentials=`` provider passed to the same constructor or
    ``copy()`` call. The static credential wins at the request-header level
    (``AccessTokenAuth.sync_auth_flow`` short-circuits on the pre-set header),
    which silently disables the credentials provider.
    zexplicit-shadow:z`%s=` was passed alongside `credentials=`; the static credential takes precedence and the credentials provider is silently disabled. Pass only one.Nr   )params    r   (warn_explicit_static_shadows_credentialsr      s      
5'"	 	    c                &    t        d|  d| |        y)a  Warn that an ``ANTHROPIC_API_KEY`` / ``ANTHROPIC_AUTH_TOKEN`` from the
    environment is shadowing the SDK's profile / federation auto-discovery.

    Per the credential-precedence spec, a static-credential env var silently
    disables the auto-discovered federation and profile paths. Surface a
    one-shot warning so migrating users can see why their ``ANTHROPIC_PROFILE``
    or WIF env vars are being ignored.
    zenv-shadow:z%s is set and takes precedence over the SDK's profile / federation auto-discovery; unset %s to use the auto-discovered credential.Nr   )env_vars    r   &warn_env_static_shadows_auto_discoveryr   /   s"     
gY	Jr   c                  Z    e Zd ZdZdZd	dZed
d       ZddZe	dd       Z
e	dd       Zy)r   u  Adapts a :class:`TokenCache` to httpx's :class:`~httpx.Auth` protocol.

    Used by :meth:`anthropic.Anthropic.custom_auth` to inject ``Authorization: Bearer``
    plus the OAuth beta header on every request, with proactive refresh handled by
    :class:`TokenCache`.

    Static credentials shadow federation: if the outgoing request already carries
    an ``X-Api-Key`` or ``Authorization`` header (set by the client's api_key /
    auth_token path), this auth flow is a no-op. That matches the Go SDK's
    ``authMiddleware`` and the documented precedence in the WIF user guide —
    a static ``ANTHROPIC_API_KEY`` shadows any credentials provider.
    Fc                    || _         y N)_token_cache)selftoken_caches     r   __init__zAccessTokenAuth.__init__Q   s
    'r   c                    t        | j                  j                  d      xs | j                  j                  d            S )Nz	X-Api-KeyAuthorization)boolheadersget)requests    r   _has_static_credentialz&AccessTokenAuth._has_static_credentialT   s0    GOO''4\8K8KO8\]]r   c                \   d| |j                   d<   |j                   j                  dd      }|j                  d      D cg c]#  }|j                         s|j                         % }}t        |vr4|j                  t               dj                  |      |j                   d<   y y c c}w )NzBearer r(   zanthropic-beta ,z, )r*   r+   splitstripr   appendjoin)r$   r,   tokenexisting_betaflagexisting_flagss         r   _applyzAccessTokenAuth._applyX   s    -4UG+<(++,<bA 4A3F3Fs3K\4tzz|$**,\\ 6!!"7804		.0IGOO,- 7 ]s   B)B)c              #     K   | j                  |      r| y | j                  j                         }| j                  ||       | y wr"   )r-   r#   	get_tokenr9   r$   r,   r5   s      r   sync_auth_flowzAccessTokenAuth.sync_auth_flowh   sC     &&w/M!!++-GU#s   AA
c                  K   | j                  |      r| y  t        | j                  j                                d {   }| j	                  ||       | y 7 wr"   )r-   r
   r#   r;   r9   r<   s      r   async_auth_flowzAccessTokenAuth.async_auth_flowq   sT     &&w/M <ht00::;==GU# >s   ?A AA N)r%   r   returnNone)r,   httpx.Requestr@   r)   )r,   rB   r5   strr@   rA   )r,   rB   r@   z.Generator[httpx.Request, httpx.Response, None])r,   rB   r@   z-AsyncGenerator[httpx.Request, httpx.Response])__name__
__module____qualname____doc__requires_response_bodyr&   staticmethodr-   r9   r   r=   r?    r   r   r   r   A   sX     #( ^ ^J    	 	r   )r   rC   r   rC   r   objectr@   rA   )r   rC   r@   rA   )r   rC   r@   rA   )
__future__r   logging	threadingtypingr   r   typing_extensionsr   httpx_cacher   _utilsr
   
_constantsr   __all__	getLoggerrD   r   __annotations__Lockr   setr   r   r   r   Authr   rJ   r   r   <module>r[      sx    "   , &    -
'g''1^ 1 ).."E !  $:ejj :r   