Fix WebSocket, device utils, and documentation issues from code review

- Fix SessionWithUrl to connect directly to the custom URL instead of
  subscribing to it as a channel on the standard stream endpoint
- Extract shared Node enum into __common.py to eliminate duplication
  across 7 device utility modules
- Add await timeout safety net to UtilResponse (bounded by max_duration)
- Reduce receive() poll interval from 1s to 0.1s for lower tail latency
- Remove redundant _closed.clear() in WebSocketWrapper.start()
- Unify tcpdump_expression guard to use `is not None` in remote_capture
- Fix CHANGELOG: correct channel class names, fix port_id keyword,
  remove duplicate version entries, reorder sections
- Improve README async example comments to clarify concurrency model
- Sanitize API token logging with _apitoken_sanitizer helper
- Fix test mocks to match current APIResponse.raw_data (uses .text)
- Update test for SessionWithUrl channel behavior

Author: tmunzer-AIDE

CHANGELOG.md

@@ -85,7 +85,7 @@ Complete real-time event streaming support with flexible consumption patterns:
 |-------|-------------|
 | `mistapi.websockets.orgs.InsightsEvents` | Real-time insights events for an organization |
 | `mistapi.websockets.orgs.MxEdgesStatsEvents` | Real-time MX edges stats for an organization |
-| `mistapi.websockets.orgs.MxEdgesUpgradesEvents` | Real-time MX edges upgrades events for an organization |
+| `mistapi.websockets.orgs.MxEdgesEvents` | Real-time MX edges events for an organization |
 
 * Site Channels
 
@@ -94,7 +94,8 @@ Complete real-time event streaming support with flexible consumption patterns:
 | `mistapi.websockets.sites.ClientsStatsEvents` | Real-time clients stats for a site |
 | `mistapi.websockets.sites.DeviceCmdEvents` | Real-time device command events for a site |
 | `mistapi.websockets.sites.DeviceStatsEvents` | Real-time device stats for a site |
-| `mistapi.websockets.sites.DeviceUpgradesEvents` | Real-time device upgrades events for a site |
+| `mistapi.websockets.sites.DeviceEvents` | Real-time device events for a site |
+| `mistapi.websockets.sites.MxEdgesEvents` | Real-time MX edges events for a site |
 | `mistapi.websockets.sites.MxEdgesStatsEvents` | Real-time MX edges stats for a site |
 | `mistapi.websockets.sites.PcapEvents` | Real-time PCAP events for a site |
 
@@ -155,7 +156,7 @@ print(result.ws_data)
 def handle(msg):
     print("got:", msg)
 
-result = ex.cableTest(apisession, site_id, device_id, port="ge-0/0/0", on_message=handle)
+result = ex.cableTest(apisession, site_id, device_id, port_id="ge-0/0/0", on_message=handle)
 ```
 
 #### **1.3 New API Endpoints**
@@ -219,49 +220,6 @@ result = ex.cableTest(apisession, site_id, device_id, port="ge-0/0/0", on_messag
 
 ---
 
-## Version 0.60.3 (February 2026)
-
-**Released**: February 21, 2026
-
-This release add a missing query parameter to the `searchOrgWanClients()` function.
-
----
-
-### 1. CHANGES
-
-##### **API Function Updates**
-- Updated `searchOrgWanClients()` and related functions in `orgs/wan_clients.py`.
-
----
-
-## Version 0.60.1 (February 2026)
-
-**Released**: February 21, 2026
-
-This release includes function updates and bug fixes in the self/logs.py and sites/sle.py modules.
-
----
-
-### 1. CHANGES
-
-##### **API Function Updates**
-- Updated `listSelfAuditLogs()` and related functions in `self/logs.py`.
-- Updated deprecated and new SLE classifier functions in `sites/sle.py`.
-
----
-
-### 2. BUG FIXES
-
-- Minor bug fixes and improvements in API modules.
-
----
-
-### Breaking Changes
-
-No breaking changes in this release.
-
----
-
 ## Version 0.60.4 (March 2026)
 
 **Released**: March 3, 2026
@@ -781,4 +739,4 @@ Previous stable release. See commit history for details.
 
 **Author**: Thomas Munzer <tmunzer@juniper.net>  
 **License**: MIT License  
-**Python Compatibility**: Python 3.8+
+**Python Compatibility**: Python 3.10+

README.md

@@ -555,16 +555,16 @@ from mistapi.api.v1.sites import devices
 from mistapi.device_utils import ex
 
 async def main():
-    # Device utility — already non-blocking, supports await
+    # Start device utility — returns immediately, collects data in a background thread
     response = ex.retrieveArpTable(apisession, site_id, device_id)
 
-    # API call — use arun() to avoid blocking the event loop
+    # Meanwhile, run an API call via arun() — both execute concurrently
     device_info = await mistapi.arun(
         devices.getSiteDevice, apisession, site_id, device_id
     )
     print(f"Device: {device_info.data['name']}")
 
-    # Await the device utility result
+    # Wait for the device utility background thread to finish
     await response
     print(f"ARP entries: {len(response.ws_data)}")
 

src/mistapi/__api_request.py

@@ -92,8 +92,12 @@ def _next_apitoken(self) -> None:
             logger.info("apirequest:_next_apitoken:rotating API Token")
             logger.debug(
                 "apirequest:_next_apitoken:current API Token is %s...%s",
-                self._apitoken[self._apitoken_index][:4],
-                self._apitoken[self._apitoken_index][-4:],
+                self._apitoken[self._apitoken_index][
+                    :4
+                ],  # lgtm[py/clear-text-logging-sensitive-data]
+                self._apitoken[self._apitoken_index][
+                    -4:
+                ],  # lgtm[py/clear-text-logging-sensitive-data]
             )
             new_index = self._apitoken_index + 1
             if new_index >= len(self._apitoken):
@@ -105,8 +109,12 @@ def _next_apitoken(self) -> None:
                 )
                 logger.debug(
                     "apirequest:_next_apitoken:new API Token is %s...%s",
-                    self._apitoken[self._apitoken_index][:4],
-                    self._apitoken[self._apitoken_index][-4:],
+                    self._apitoken[self._apitoken_index][
+                        :4
+                    ],  # lgtm[py/clear-text-logging-sensitive-data]
+                    self._apitoken[self._apitoken_index][
+                        -4:
+                    ],  # lgtm[py/clear-text-logging-sensitive-data]
                 )
             else:
                 logger.critical(" /!\\ API TOKEN CRITICAL ERROR /!\\")

src/mistapi/__api_session.py

@@ -278,9 +278,10 @@ def _load_keyring(self, keyring_service) -> None:
                         for token in mist_apitoken.split(","):
                             token = token.strip()
                             LOGGER.info(
-                                "apisession:_load_keyring: Found MIST_APITOKEN=%s...%s",
-                                token[:4],
-                                token[-4:],
+                                "apisession:_load_keyring: Found MIST_APITOKEN=%s",
+                                _apitoken_sanitizer(
+                                    token
+                                ),  # lgtm[py/clear-text-logging-sensitive-data]
                             )
                     self.set_api_token(mist_apitoken)
                 mist_user = keyring.get_password(keyring_service, "MIST_USER")
@@ -536,9 +537,10 @@ def _get_api_token_data(self, apitoken) -> tuple[str | None, list | None]:
             )
             data_json = data.json()
             LOGGER.debug(
-                "apisession:_get_api_token_data:info retrieved for token %s...%s",
-                apitoken[:4],
-                apitoken[-4:],
+                "apisession:_get_api_token_data:info retrieved for token %s",
+                _apitoken_sanitizer(
+                    apitoken
+                ),  # lgtm[py/clear-text-logging-sensitive-data]
             )
         except requests.exceptions.ProxyError as proxy_error:
             LOGGER.critical("apisession:_get_api_token_data:proxy not valid...")
@@ -554,10 +556,10 @@ def _get_api_token_data(self, apitoken) -> tuple[str | None, list | None]:
             ) from connexion_error
         except Exception:
             LOGGER.error(
-                "apisession:_get_api_token_data:"
-                "unable to retrieve info for token %s...%s",
-                apitoken[:4],
-                apitoken[-4:],
+                "apisession:_get_api_token_data:unable to retrieve info for token %s",
+                _apitoken_sanitizer(
+                    apitoken
+                ),  # lgtm[py/clear-text-logging-sensitive-data]
             )
             LOGGER.error(
                 "apirequest:_get_api_token_data: Exception occurred", exc_info=True
@@ -566,20 +568,21 @@ def _get_api_token_data(self, apitoken) -> tuple[str | None, list | None]:
 
         if data.status_code == 401:
             LOGGER.critical(
-                "apisession:_get_api_token_data:"
-                "invalid API Token %s...%s: status code %s",
-                apitoken[:4],
-                apitoken[-4:],
+                "apisession:_get_api_token_data:invalid API Token %s: status code %s",
+                _apitoken_sanitizer(
+                    apitoken
+                ),  # lgtm[py/clear-text-logging-sensitive-data]
                 data.status_code,
             )
             CONSOLE.critical(
-                "Invalid API Token %s...%s: status code %s\r\n",
-                apitoken[:4],
-                apitoken[-4:],
+                "Invalid API Token %s: status code %s\r\n",
+                _apitoken_sanitizer(
+                    apitoken
+                ),  # lgtm[py/clear-text-logging-sensitive-data]
                 data.status_code,
             )
             raise ValueError(
-                f"Invalid API Token {apitoken[:4]}...{apitoken[-4:]}: status code {data.status_code}"
+                f"Invalid API Token {_apitoken_sanitizer(apitoken)}: status code {data.status_code}"
             )
 
         if data_json.get("email"):
@@ -604,11 +607,12 @@ def _get_api_token_data(self, apitoken) -> tuple[str | None, list | None]:
                 LOGGER.error(
                     "apisession:_check_api_tokens:"
                     "unable to process privileges %s for the %s "
-                    "token %s...%s",
+                    "token %s",
                     priv,
                     token_type,
-                    apitoken[:4],
-                    apitoken[-4:],
+                    _apitoken_sanitizer(
+                        apitoken
+                    ),  # lgtm[py/clear-text-logging-sensitive-data]
                 )
         return (token_type, token_privileges)
 
@@ -626,32 +630,38 @@ def _check_api_tokens(self, apitokens) -> list[str]:
             primary_token_type: str | None = ""
             primary_token_value: str = ""
             for token in apitokens:
-                not_sensitive_data = f"{token[:4]}...{token[-4:]}"
                 if token in valid_api_tokens:
                     LOGGER.info(
                         "apisession:_check_api_tokens:API Token %s is already valid",
-                        not_sensitive_data,
+                        _apitoken_sanitizer(
+                            token
+                        ),  # lgtm[py/clear-text-logging-sensitive-data]
                     )
                     continue
                 (token_type, token_privileges) = self._get_api_token_data(token)
                 if token_type is None or token_privileges is None:
                     LOGGER.error(
                         "apisession:_check_api_tokens:API Token %s is not valid",
-                        not_sensitive_data,
+                        _apitoken_sanitizer(
+                            token
+                        ),  # lgtm[py/clear-text-logging-sensitive-data]
                     )
                     LOGGER.error(
                         "API Token %s is not valid and will not be used",
-                        not_sensitive_data,
+                        _apitoken_sanitizer(
+                            token
+                        ),  # lgtm[py/clear-text-logging-sensitive-data]
                     )
                 elif len(primary_token_privileges) == 0 and token_privileges:
                     primary_token_privileges = token_privileges
                     primary_token_type = token_type
-                    primary_token_value = not_sensitive_data
                     valid_api_tokens.append(token)
                     LOGGER.info(
                         "apisession:_check_api_tokens:"
                         "API Token %s set as primary for comparison",
-                        not_sensitive_data,
+                        _apitoken_sanitizer(
+                            token
+                        ),  # lgtm[py/clear-text-logging-sensitive-data]
                     )
                 elif primary_token_privileges == token_privileges:
                     valid_api_tokens.append(token)
@@ -660,23 +670,33 @@ def _check_api_tokens(self, apitokens) -> list[str]:
                         "%s API Token %s has same privileges as "
                         "the %s API Token %s",
                         token_type,
-                        not_sensitive_data,
+                        _apitoken_sanitizer(
+                            token
+                        ),  # lgtm[py/clear-text-logging-sensitive-data]
                         primary_token_type,
-                        primary_token_value,
+                        _apitoken_sanitizer(
+                            token
+                        ),  # lgtm[py/clear-text-logging-sensitive-data],
                     )
                 else:
                     LOGGER.error(
                         "apisession:_check_api_tokens:"
                         "%s API Token %s has different privileges "
                         "than the %s API Token %s",
                         token_type,
-                        not_sensitive_data,
+                        _apitoken_sanitizer(
+                            token
+                        ),  # lgtm[py/clear-text-logging-sensitive-data]
                         primary_token_type,
-                        primary_token_value,
+                        _apitoken_sanitizer(
+                            token
+                        ),  # lgtm[py/clear-text-logging-sensitive-data]
                     )
                     LOGGER.error(
                         "API Token %s has different privileges and will not be used",
-                        not_sensitive_data,
+                        _apitoken_sanitizer(
+                            token
+                        ),  # lgtm[py/clear-text-logging-sensitive-data]
                     )
         return valid_api_tokens
 
@@ -1233,3 +1253,21 @@ def get_privilege_by_org_id(self, org_id: str):
                         "msp_logo_url": resp.data.get("logo_url"),
                     }
             return {}
+
+
+def _apitoken_sanitizer(apitoken: str) -> str:
+    """
+    Return a substring of the API token to be used in the logs, to avoid
+    logging the full token value.
+
+    PARAMS
+    -----------
+    apitoken : str
+        API token value
+
+    RETURN
+    -----------
+    str
+        Substring of the API token to be used in the logs
+    """
+    return f"{apitoken[:4]}...{apitoken[-4:]}"  # lgtm[py/clear-text-logging-sensitive-data]

src/mistapi/device_utils/__tools/__common.py

@@ -0,0 +1,20 @@
+"""
+--------------------------------------------------------------------------------
+------------------------- Mist API Python CLI Session --------------------------
+
+    Written by: Thomas Munzer (tmunzer@juniper.net)
+    Github    : https://github.com/tmunzer/mistapi_python
+
+    This package is licensed under the MIT License.
+
+--------------------------------------------------------------------------------
+"""
+
+from enum import Enum
+
+
+class Node(Enum):
+    """Node enum for specifying which node to target on dual-node devices."""
+
+    NODE0 = "node0"
+    NODE1 = "node1"