Double-signed receipts for AI-agent tool invocations — DSSE + JCS + Ed25519, verifiable offline (Python port of @p-vbordei/agent-toolprint)
Project description
agent-toolprint (Python)
Python port of @p-vbordei/agent-toolprint.
Byte-deterministic-compatible: passes the same conformance vectors.
agent-toolprint is a double-signed receipt format for AI-agent tool
invocations. The agent signs. The tool counter-signs. Anyone with the public
keys can verify offline — no host, no service, no chain.
pip install agent-toolprint
30-second example
import asyncio, base64, os, uuid
from datetime import datetime, timezone
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from agent_toolprint import (
Plaintext, VerifyOptions,
countersign_tool, did_key_from_ed25519_pubkey, did_key_resolver,
sha256_hash, sign_agent, verify,
)
def gen():
sk = Ed25519PrivateKey.generate()
return (
sk.private_bytes(serialization.Encoding.Raw, serialization.PrivateFormat.Raw, serialization.NoEncryption()),
sk.public_key().public_bytes(serialization.Encoding.Raw, serialization.PublicFormat.Raw),
)
async def main():
agent_sk, agent_pk = gen()
tool_sk, tool_pk = gen()
args, response = {"query": "bun docs"}, {"results": ["https://bun.sh/docs"]}
receipt = {
"v": "tp/0.1",
"id": str(uuid.uuid4()),
"ts": datetime.now(timezone.utc).isoformat().replace("+00:00", "Z"),
"agent": {"did": did_key_from_ed25519_pubkey(agent_pk), "key_id": "agent"},
"tool": {"did": did_key_from_ed25519_pubkey(tool_pk), "key_id": "tool"},
"call": {"name": "search", "args_hash": sha256_hash(args)},
"result": {"status": "ok", "response_hash": sha256_hash(response)},
"nonce": base64.b64encode(os.urandom(32)).decode("ascii"),
}
env = countersign_tool(sign_agent(receipt, agent_sk), tool_sk)
res = await verify(env, VerifyOptions(
resolver=did_key_resolver,
plaintext=Plaintext(args=args, args_provided=True, response=response, response_provided=True),
))
print(res.ok) # True
asyncio.run(main())
Why this exists
The TypeScript reference defines a small, stable receipt protocol (DSSE + JCS +
Ed25519, did:key identities). This package is the Python implementation of the
same wire format — produced bytes are byte-identical, signatures verify across
languages, and the same conformance vectors pass.
Conformance
uv run pytest -v
All 15 TS vectors across SPEC §6 clauses C1–C4 pass here.
License
Apache 2.0 — see LICENSE.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agent_toolprint-0.1.0.tar.gz.
File metadata
- Download URL: agent_toolprint-0.1.0.tar.gz
- Upload date:
- Size: 17.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.8.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2e482df411cea34f34af5386ec5256dfcf1e9c570c0791f18171116b2cdfdc5a
|
|
| MD5 |
4414807a5b302c042dbb401bbfd674d0
|
|
| BLAKE2b-256 |
adffa063baf1b1ab521cf767ce2ba31ef8cd2beed8bb8c53f813e9d0bd8792a7
|
File details
Details for the file agent_toolprint-0.1.0-py3-none-any.whl.
File metadata
- Download URL: agent_toolprint-0.1.0-py3-none-any.whl
- Upload date:
- Size: 14.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.8.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
31196109793dd370e519c0963c9dca9cfa17e8082da96257e1d466e1abe1c14b
|
|
| MD5 |
c79c216607ea5173e07d1f97ce9505c6
|
|
| BLAKE2b-256 |
f4c002092c6b5f4ad27e2b9c011a4aa00867fcc6d1ff2ea0e5b99cc192fb161e
|
