feat(network-policy): add network policies

[dines-rl]

This PR adds comprehensive support for network policies in the Runloop SDK, enabling users to control egress network traffic from devboxes.

What's Added

• NetworkPolicy resource classes: Both synchronous (NetworkPolicy) and asynchronous (AsyncNetworkPolicy) wrapper classes for managing network policy resources
• NetworkPolicyOps managers: High-level NetworkPolicyOps and AsyncNetworkPolicyOps classes for creating, listing, updating, and deleting network policies
• SDK integration: Added network_policy attribute to RunloopSDK and AsyncRunloopSDK for easy access
• Type definitions: Added SDK-specific type definitions for network policy operations (SDKNetworkPolicyCreateParams, SDKNetworkPolicyListParams, SDKNetworkPolicyUpdateParams)
• Comprehensive tests: Added test coverage for both sync and async network policy operations

Implementation Details

Network policies allow users to:

• Create allow-lists of hostnames (with wildcard support) for egress traffic
• Enable/disable all egress traffic with allow_all flag
• Control devbox-to-devbox communication via tunnels with allow_devbox_to_devbox flag

The implementation follows existing patterns in the SDK, with resource classes matching the structure of Blueprint and StorageObject classes. The update methods use SDKNetworkPolicyUpdateParams for parameter unpacking, consistent with other SDK resource update methods.

Usage Example

# Synchronous
runloop = RunloopSDK()
policy = runloop.network_policy.create(
    name="my-policy",
    allowed_hostnames=["github.com", "*.npmjs.org"],
)

# Update policy
policy.update(name="updated-policy")

# Asynchronous
runloop = AsyncRunloopSDK()
policy = await runloop.network_policy.create(
    name="my-policy",
    allowed_hostnames=["github.com", "*.npmjs.org"],
)

Changes from Review Feedback

• Used SDKNetworkPolicyUpdateParams for update methods in both sync and async NetworkPolicy classes
• Renamed network policy test IDs from npo_123 to np_123 for consistency with other resource naming conventions

[dines-rl]

PR Title

feat(network-policy): add network policies

Summary of Changes

This PR adds comprehensive support for network policies in the Runloop SDK, enabling users to control egress network traffic from devboxes. The implementation includes:

• Synchronous and asynchronous NetworkPolicy resource wrapper classes
• NetworkPolicyOps manager classes for high-level operations (create, list, update, delete)
• Integration with RunloopSDK and AsyncRunloopSDK via network_policy attribute
• SDK-specific type definitions for network policy parameters
• Comprehensive test coverage for both sync and async operations

Network policies support:

• Hostname allow-lists with wildcard support (e.g., "*.npmjs.org")
• Allow-all egress traffic control via allow_all flag
• Devbox-to-devbox communication via tunnels with allow_devbox_to_devbox flag

The implementation follows existing SDK patterns, with resource classes structured identically to Blueprint and StorageObject classes.

Review Findings

Conventions

Issue Found and Fixed: Formatting inconsistency in list comprehensions

• Location: src/runloop_api_client/sdk/async_benchmark.py:165-169
• Problem: The async_benchmark.py file used a multi-line format for a list comprehension while the equivalent code in benchmark.py was reformatted to a single line in this PR, creating an inconsistency between sync and async implementations
• Fix Applied: Reformatted the list comprehension in async_benchmark.py to single-line format to match benchmark.py, consistent with the project's Ruff line-length limit of 120 characters (the line is 118 characters)

All other code follows repository conventions:

• Proper docstring format with Sphinx-style parameter documentation
• Consistent import ordering and structure
• Proper use of type hints and typing_extensions
• all exports properly maintained in init.py
• Consistent naming conventions (NetworkPolicy, AsyncNetworkPolicy, NetworkPolicyOps, AsyncNetworkPolicyOps)

KISS Principle

No issues found

The implementation is appropriately simple and follows established patterns:

• NetworkPolicy and AsyncNetworkPolicy classes are thin wrappers that delegate to the generated client
• No unnecessary abstractions or over-engineering
• Methods have single, clear purposes
• No premature optimization or unnecessary complexity
• Proper use of TypedDict parameters via Unpack for clean method signatures

Code Duplication

No issues found

While NetworkPolicy and AsyncNetworkPolicy share similar structure, this is intentional and follows the established pattern in the codebase:

• All resource pairs (Blueprint/AsyncBlueprint, StorageObject/AsyncStorageObject, etc.) follow this same pattern
• The duplication is necessary to maintain type safety and provide proper sync/async APIs
• Each file is kept minimal and focused on its specific sync/async implementation
• Tests are appropriately separated between sync and async implementations

Changes Made

1. Fixed formatting inconsistency: Reformatted list comprehension in src/runloop_api_client/sdk/async_benchmark.py to match the single-line format used in benchmark.py, ensuring consistency between sync and async implementations

The changes were committed and pushed with message:

fix: address PR review feedback (conventions, KISS, duplication)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

---

Review performed in Runloop Devbox

[dines-rl]

🤖 PR Review Agent

✅ Set up devbox environment
✅ Clone repository and checkout PR
✅ Check CI/CD status

All checks passing
✅ Install review tools
✅ Review code for conventions
✅ Check KISS principle
✅ Check for code duplication
✅ Fix CI/build errors (if any)
✅ Verify build/lint/test pass
✅ Apply fixes and commit
✅ Generate summary

---

View Devbox

[sid-rl]

add SDKNetworkPolicyUpdateParams and fix network policy ids in tests

[dines-rl]

PR Review Report

PR Title

feat(network-policy): add network policies

Summary of Changes

This PR adds comprehensive support for network policies in the Runloop SDK, enabling users to control egress network traffic from devboxes. The implementation includes both synchronous and asynchronous NetworkPolicy resource classes, high-level NetworkPolicyOps managers, SDK integration, type definitions, and comprehensive test coverage. The feature allows users to create allow-lists of hostnames with wildcard support, enable/disable egress traffic, and control devbox-to-devbox communication via tunnels.

Review Findings

Conventions

No issues found.

The implementation follows existing patterns in the SDK perfectly:

• Resource classes (NetworkPolicy and AsyncNetworkPolicy) match the structure of Blueprint and StorageObject classes
• Ops managers (NetworkPolicyOps and AsyncNetworkPolicyOps) follow the same patterns as BenchmarkOps and BlueprintOps
• Type definitions use the same SDK-specific TypedDict pattern with LongRequestOptions and BaseRequestOptions
• Documentation style matches existing code with proper docstrings
• Export structure in init.py follows existing conventions
• Test structure and fixtures match existing test patterns

KISS Principle

No issues found.

The implementation is appropriately simple:

• No over-engineering or unnecessary abstractions
• Direct delegation to the underlying API client
• Simple wrapper classes that provide convenient access without added complexity
• No premature optimization or complex configuration options
• Methods are straightforward with clear responsibilities

Code Duplication

No issues found.

While the sync and async implementations are similar (which is by design and consistent with the rest of the SDK), there is no inappropriate duplication:

• The pattern of having parallel sync/async implementations matches existing code (Blueprint/AsyncBlueprint, StorageObject/AsyncStorageObject)
• Each class serves a distinct purpose (sync vs async operations)
• No copy-paste errors or inconsistencies between the two implementations
• Test fixtures properly reuse mock objects

Verification Results

Build

N/A - Python project does not have a separate build step

Lint

Result: PASSED (with one fix applied)

• Pyright: 0 errors, 0 warnings, 0 informations ✓
• Mypy: 2 pre-existing errors in base library code (not introduced by this PR) ✓
• Ruff check: All checks passed ✓
• Ruff format: Fixed one formatting issue in async_benchmark.py (list comprehension line length)
• Import check: Module imports successfully ✓

Tests

Result: PASSED

All tests passed successfully:

• 3,346 tests passed
• 25 tests skipped (expected)
• All new network policy tests passed (22 new tests)
  • TestNetworkPolicy (sync): 5 tests passed
  • TestAsyncNetworkPolicy (async): 5 tests passed
  • TestNetworkPolicyOps (sync): 5 tests passed
  • TestAsyncNetworkPolicyOps (async): 5 tests passed
  • SDK initialization tests: 2 tests passed

Test coverage includes:

• Resource initialization and representation
• get_info, update, and delete operations
• Ops manager create, from_id, and list methods
• SDK integration verification
• Both sync and async variants

Changes Made

1. Fixed formatting issue in async_benchmark.py (commit: 90e389d)
   • Applied ruff formatting to fix list comprehension line length
   • This was an unrelated formatting issue that needed to be corrected to pass CI checks
   • The change reformats a list comprehension to comply with the 120-character line limit

Summary

This PR is ready to merge. The implementation:

• Follows all existing conventions in the codebase
• Maintains simplicity without over-engineering
• Contains no code duplication issues
• Passes all linter checks (after formatting fix)
• Passes all tests (3,346 tests including 22 new network policy tests)
• Has comprehensive test coverage for the new functionality
• Integrates seamlessly with the existing SDK structure

The only change required was a minor formatting fix to async_benchmark.py, which has been committed and pushed.

---

Review performed in Runloop Devbox

[dines-rl]

🤖 PR Review Agent

✅ Set up devbox environment
✅ Clone repository and checkout PR
✅ Check CI/CD status

All checks passing
✅ Scan reviewer comments
9 comment(s) found
✅ Install review tools
✅ Review code for conventions
✅ Check KISS principle
✅ Check for code duplication
✅ Address reviewer feedback
✅ Fix CI/build errors (if any)
✅ Verify build/lint/test pass
✅ Apply fixes and commit
✅ Generate summary

---

View Devbox

[dines-rl]

PR Review Report

PR Title

feat(network-policy): add network policies

Summary of Changes

This PR adds comprehensive support for network policies in the Runloop SDK, enabling users to control egress network traffic from devboxes. The implementation includes both synchronous and asynchronous NetworkPolicy resource classes, high-level NetworkPolicyOps managers, SDK integration, type definitions, and comprehensive test coverage. Network policies allow users to create allow-lists of hostnames with wildcard support, enable/disable egress traffic, and control devbox-to-devbox communication via tunnels.

Review Findings

Conventions

No issues found.

The implementation follows existing patterns in the SDK perfectly. All code follows proper Python conventions, uses appropriate type hints, and maintains consistency with other resource classes in the codebase.

KISS Principle

No issues found.

The implementation is appropriately simple and follows established patterns without over-engineering. Methods have single, clear purposes, and there's no unnecessary complexity or premature optimization.

Code Duplication

No issues found.

While sync and async implementations share similar structure, this is intentional and consistent with the existing pattern in the codebase (Blueprint/AsyncBlueprint, StorageObject/AsyncStorageObject, etc.). Each implementation serves a distinct purpose and maintains proper separation of concerns.

Reviewer Feedback Addressed

All reviewer feedback has been successfully addressed:

1. Create and use SDKNetworkPolicyUpdateParams (Comments by @sid-rl on async_network_policy.py:67 and network_policy.py:68)

   • Status: ✅ Completed
   • Action: The SDKNetworkPolicyUpdateParams type was already defined in _types.py. Updated both NetworkPolicy.update() and AsyncNetworkPolicy.update() methods to use **params: Unpack[SDKNetworkPolicyUpdateParams] instead of explicitly listing all parameters.
   • Files Modified:
     • src/runloop_api_client/sdk/network_policy.py
     • src/runloop_api_client/sdk/async_network_policy.py
   • Benefit: This follows the established pattern used by other SDK resources (e.g., Scorer.update()), provides better type safety, and makes the API cleaner by using the TypedDict pattern.

2. Rename all npo_123 to np_123 in test files (Comments by @sid-rl on test files)

   • Status: ✅ Completed
   • Action: Renamed all occurrences of network policy test ID from "npo_123" to "np_123" across all test files for consistency with other resource naming conventions.
   • Files Modified:
     • tests/sdk/conftest.py
     • tests/sdk/test_network_policy.py
     • tests/sdk/test_async_network_policy.py
     • tests/sdk/test_ops.py
     • tests/sdk/test_async_ops.py
   • Benefit: Provides consistent naming convention across test resources. The "np_" prefix aligns with the abbreviated resource name pattern.

3. Update test expectations for parameter unpacking

   • Status: ✅ Completed
   • Action: Updated test_update_partial in test_network_policy.py to expect only the parameters that are actually passed (name="renamed-policy") rather than all parameters with None values, which matches the behavior of using Unpack with TypedDict.
   • Benefit: Tests now correctly validate the new parameter unpacking behavior.

Verification Results

Build

N/A - Python project does not have a separate build step.

Lint

Result: ✅ PASSED

All linting tools passed successfully:

• Ruff check: All checks passed on modified files
• Ruff format: Files already properly formatted
• Pyright: 0 errors, 0 warnings, 0 informations

Tests

Result: ✅ PASSED

All tests passed successfully:

• Network Policy tests: 12/12 tests passed
  • tests/sdk/test_network_policy.py: 6 tests passed
  • tests/sdk/test_async_network_policy.py: 6 tests passed
• Network Policy Ops tests: 10/10 tests passed
  • tests/sdk/test_ops.py::TestNetworkPolicyOps: 5 tests passed
  • tests/sdk/test_async_ops.py::TestAsyncNetworkPolicyOps: 5 tests passed

All tests verify proper functionality including:

• Resource initialization and representation
• get_info, update, and delete operations
• Ops manager create, from_id, and list methods
• SDK integration verification
• Both sync and async variants

Changes Made

1. Used SDKNetworkPolicyUpdateParams in update methods (Commit: e618e48)

   • Updated src/runloop_api_client/sdk/network_policy.py to use **params: Unpack[SDKNetworkPolicyUpdateParams] in the update method
   • Updated src/runloop_api_client/sdk/async_network_policy.py to use **params: Unpack[SDKNetworkPolicyUpdateParams] in the update method
   • Removed unused imports (Optional, SequenceNotStr) from both files
   • Updated method signatures to follow the established SDK pattern

2. Renamed network policy test IDs (Commit: e618e48)

   • Changed all occurrences of "npo_123" to "np_123" in test files:
     • tests/sdk/conftest.py
     • tests/sdk/test_network_policy.py
     • tests/sdk/test_async_network_policy.py
     • tests/sdk/test_ops.py
     • tests/sdk/test_async_ops.py

3. Updated test expectations (Commit: e618e48)

   • Updated test_update_partial in tests/sdk/test_network_policy.py to expect only the passed parameters

Summary

This PR is ready to merge. All reviewer feedback has been addressed:

• ✅ SDKNetworkPolicyUpdateParams is now properly used in both sync and async update methods
• ✅ All network policy test IDs have been renamed from npo_123 to np_123
• ✅ Test expectations updated to match new parameter unpacking behavior
• ✅ All linter checks pass
• ✅ All tests pass (22/22 network policy tests)
• ✅ Code follows existing conventions and patterns
• ✅ No complexity or duplication issues

The implementation is clean, well-tested, and follows all established SDK patterns.

---

Review performed in Runloop Devbox

[sid-rl]

LGTM!

[dines-rl]

🤖 PR Review Agent

❌ Set up devbox environment
❌ Clone repository and checkout PR
❌ Check CI/CD status
❌ Scan reviewer comments
❌ Install review tools
❌ Review code for conventions
❌ Check KISS principle
❌ Check for code duplication
❌ Address reviewer feedback
❌ Fix CI/build errors (if any)
❌ Verify build/lint/test pass
❌ Apply fixes and commit
❌ Generate summary

---

View Devbox

[dines-rl]

🤖 PR Review Agent

✅ Set up devbox environment
✅ Clone repository and checkout PR
✅ Check CI/CD status

All checks passing
✅ Scan reviewer comments
11 comment(s) found
✅ Install review tools
❌ Review code for conventions
❌ Check KISS principle
❌ Check for code duplication
❌ Address reviewer feedback
❌ Fix CI/build errors (if any)
❌ Verify build/lint/test pass
❌ Apply fixes and commit
❌ Generate summary

Reviewer Comments to Address

• @dines-rl: ## PR Title...
• @sid-rl: Should probably create and use SDKNetworkPolicyUpdateParams
• @sid-rl: again, good place to unpack SDKNetworkPolicyUpdateParams
• @sid-rl: rename all npo_123 to np_123
• @sid-rl: rename all npo_123 to np_123
• ...and 6 more comments

---

View Devbox

[dines-rl]

🤖 PR Review Agent

✅ Set up devbox environment
✅ Clone repository and checkout PR
✅ Check CI/CD status

All checks passing
✅ Scan reviewer comments
11 comment(s) found
✅ Install review tools
❌ Review code for conventions
❌ Check KISS principle
❌ Check for code duplication
❌ Address reviewer feedback
❌ Fix CI/build errors (if any)
❌ Verify build/lint/test pass
❌ Apply fixes and commit
❌ Generate summary

Reviewer Comments to Address

• @dines-rl: ## PR Title...
• @sid-rl: Should probably create and use SDKNetworkPolicyUpdateParams
• @sid-rl: again, good place to unpack SDKNetworkPolicyUpdateParams
• @sid-rl: rename all npo_123 to np_123
• @sid-rl: rename all npo_123 to np_123
• ...and 6 more comments

---

View Devbox

[dines-rl]

🤖 PR Review Agent

✅ Set up devbox environment
✅ Clone repository and checkout PR
✅ Check CI/CD status

All checks passing
✅ Scan reviewer comments
11 comment(s) found
✅ Install review tools
❌ Review code for conventions
❌ Check KISS principle
❌ Check for code duplication
❌ Address reviewer feedback
❌ Fix CI/build errors (if any)
❌ Verify build/lint/test pass
❌ Apply fixes and commit
❌ Generate summary

Reviewer Comments to Address

• @dines-rl: ## PR Title...
• @sid-rl: Should probably create and use SDKNetworkPolicyUpdateParams
• @sid-rl: again, good place to unpack SDKNetworkPolicyUpdateParams
• @sid-rl: rename all npo_123 to np_123
• @sid-rl: rename all npo_123 to np_123
• ...and 6 more comments

---

View Devbox