Sourcify explorer and source-verification plugin for Ape
Project description
Ape Sourcify
ape-sourcify is an Ape explorer plugin backed by
Sourcify. It uses Sourcify API v2 for verified contract lookup,
source manifests, and asynchronous source-code verification.
Features
- Load a verified contract's name and ABI through Ape's normal
Contract(address)flow. - Reconstruct an EthPM manifest containing verified sources, compiler settings, and bytecode.
- Verify locally compiled Solidity and Vyper contracts with compiler-native standard JSON input.
- Treat existing exact matches as idempotent publication success.
- Follow asynchronous verification jobs and surface Sourcify's error code, message, and error ID.
- Discover Sourcify's live supported-chain catalog for custom and adhoc Ape networks.
- Use verified contracts as Ape project dependencies.
- Configure a self-hosted or staging Sourcify server.
The plugin is v2-only. Sourcify's deprecated v1 API is not used.
Installation
Install the package directly:
ape plugins install sourcify
or with uv/pip:
uv pip install ape-sourcify
Contract lookup
Once the plugin is installed, Ape can obtain verified contract types from Sourcify:
from ape import Contract
deposit_contract = Contract("0x00000000219ab540356cBB839Cbe05303d7705Fa")
print(deposit_contract.contract_type.name)
Canonical address links use the Sourcify repository UI:
https://repo.sourcify.dev/{chain_id}/{address}
Sourcify is not a transaction indexer. For Ape's required transaction-link interface, the plugin
uses the first EIP-3091 explorer in Ape's bundled chain metadata. It raises
APINotImplementedError when no transaction explorer is known.
Source verification
Use Ape's normal publish=True deployment option:
contract = account.deploy(project.MyContract, publish=True)
or publish an existing locally known deployment:
networks.active_provider.network.publish_contract(contract.address)
The plugin reads the local contract type, compiler record, source graph, compiler settings, and creation transaction from Ape. It submits:
POST /v2/verify/{chain_id}/{address}
GET /v2/verify/{verification_id}
The creation transaction hash is included when Ape has it cached. Sourcify can verify without the hash, but providing it makes creation-bytecode recovery more reliable.
Publishing sends the complete materialized source graph to Sourcify for permanent public display. By submitting it, you accept Sourcify's non-exclusive, worldwide, irrevocable, royalty-free source publication terms described in the Sourcify API documentation. Do not publish source files that you are not authorized to disclose.
Publishing requires the full Solidity compiler version (for example,
0.8.30+commit.73712a01) in Ape's build manifest. Recompile the project if the manifest only
contains a short Solidity version.
Sourcify dependencies
Verified source bundles can be declared directly in ape-config.yaml:
dependencies:
- name: deposit-contract
sourcify: "0x00000000219ab540356cBB839Cbe05303d7705Fa"
ecosystem: ethereum
network: mainnet
Then install or use the dependency through Ape's normal package manager:
ape pm install
Source paths from the remote bundle are validated before its files and artifact-preserving build manifest are written to the dependency cache.
The dependency cache preserves Sourcify's ABI, bytecode, sources, and full compiler record without
recompiling the verified target. Simple Solidity directory remappings such as
@openzeppelin/=lib/openzeppelin-contracts/ are exposed as local Ape dependencies, including
chained remappings. With Ape 0.8, a remapping alias must be a simple name and must not collide with
the dependency's declared name; context-qualified and project-root remappings remain available in
the preserved manifest but cannot be used as nested source imports. Remapped bundles are designed
to use their preserved target artifact or to be imported by another project; forcing Ape to
recompile the dependency by itself is an Ape 0.8 limitation and is not supported.
Configuration
The production defaults require no API key. Override them in ape-config.yaml for staging or a
self-hosted Sourcify instance:
sourcify:
api_url: https://staging.sourcify.dev/server
repository_url: https://repo.sourcify.dev
request_timeout: 30
retries: 3
retry_backoff: 0.5
verification_timeout: 300
poll_interval: 2
chain_cache_ttl: 3600
| Setting | Meaning | Default |
|---|---|---|
api_url |
Sourcify server base URL | https://sourcify.dev/server |
repository_url |
Contract repository UI base URL | https://repo.sourcify.dev |
request_timeout |
Per-request timeout in seconds | 30 |
retries |
Retries for timeouts, connection errors, 429s, and transient 5xx responses | 3 |
retry_backoff |
Initial exponential retry delay | 0.5 |
verification_timeout |
End-to-end job deadline in seconds | 300 |
poll_interval |
Verification job polling interval | 2 |
chain_cache_ttl |
Supported-chain cache lifetime | 3600 |
Networks and explorer selection
The plugin registers currently supported networks from these Ape ecosystems, including fork variants:
- Arbitrum
- Avalanche
- Base
- Blast
- BNB Smart Chain
- Ethereum
- Fantom
- Gnosis
- Hyperliquid
- Optimism
- Polygon and Polygon zkEVM
- Sonic
For a connected custom or adhoc network, supports_chain() consults Sourcify's live /chains
catalog. Chain support is dynamic and can change as Sourcify updates that catalog.
Ape currently chooses the first matching installed explorer; it has no per-command explorer
selector. If multiple explorer plugins claim the same network, selection depends on plugin loading
order. Inspect networks.active_provider.network.explorer when several explorer plugins are
installed.
Development
uv sync --all-groups
uv run --locked pytest
uv run --locked ruff check .
uv run --locked ruff format --check .
uv run --locked mypy ape_sourcify
uv build
uv run --locked --group release twine check dist/*
Live production checks are opt-in:
uv run --locked pytest -m live -o addopts=""
License
Apache-2.0
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ape_sourcify-0.8.0.tar.gz.
File metadata
- Download URL: ape_sourcify-0.8.0.tar.gz
- Upload date:
- Size: 288.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c8965d58aca4de3c49d2575b82f0a596ea238a406780a5ad475c3b8bf88d05db
|
|
| MD5 |
4d915f0744334e047152c8f96503b36f
|
|
| BLAKE2b-256 |
cc2b4085d67b348a5155ab441aeffdef0df65f4c248c7638a1e3554d0014eb4b
|
Provenance
The following attestation bundles were made for ape_sourcify-0.8.0.tar.gz:
Publisher:
publish.yaml on ApeWorX/ape-sourcify
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ape_sourcify-0.8.0.tar.gz -
Subject digest:
c8965d58aca4de3c49d2575b82f0a596ea238a406780a5ad475c3b8bf88d05db - Sigstore transparency entry: 2151673690
- Sigstore integration time:
-
Permalink:
ApeWorX/ape-sourcify@69b46c51de824425acc7992557349a5e82b7a32a -
Branch / Tag:
refs/tags/v0.8.0 - Owner: https://github.com/ApeWorX
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yaml@69b46c51de824425acc7992557349a5e82b7a32a -
Trigger Event:
release
-
Statement type:
File details
Details for the file ape_sourcify-0.8.0-py3-none-any.whl.
File metadata
- Download URL: ape_sourcify-0.8.0-py3-none-any.whl
- Upload date:
- Size: 26.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c5a99f53d75aaaec9d0573c63a83b50a825e11ef454e01742553b465ae6e1e01
|
|
| MD5 |
289d23f8bfb4049f9eb23bb7e7fe9427
|
|
| BLAKE2b-256 |
fe0a3536dcccabce58dd7b34cb9ad2b665b558b56cf0eec2ce064b4037de9fda
|
Provenance
The following attestation bundles were made for ape_sourcify-0.8.0-py3-none-any.whl:
Publisher:
publish.yaml on ApeWorX/ape-sourcify
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ape_sourcify-0.8.0-py3-none-any.whl -
Subject digest:
c5a99f53d75aaaec9d0573c63a83b50a825e11ef454e01742553b465ae6e1e01 - Sigstore transparency entry: 2151673741
- Sigstore integration time:
-
Permalink:
ApeWorX/ape-sourcify@69b46c51de824425acc7992557349a5e82b7a32a -
Branch / Tag:
refs/tags/v0.8.0 - Owner: https://github.com/ApeWorX
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yaml@69b46c51de824425acc7992557349a5e82b7a32a -
Trigger Event:
release
-
Statement type: