Python SDK for the Agentic Power of Attorney (APOA) standard

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for juanfiguera from gravatar.com juanfiguera

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Agentic POA
  • Tags authorization , ai-agents , delegation , jwt , security
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

APOA Python SDK

Python SDK for the Agentic Power of Attorney (APOA) standard -- authorization infrastructure for AI agents.

Install

pip install apoa

Quick Start

from apoa import (
    APOA,
    generate_key_pair,
)

private_key, public_key = generate_key_pair()
apoa = APOA(private_key=private_key)

token = apoa.tokens.create_grant(
    principal="did:apoa:alex",
    agent="did:apoa:docs-assistant",
    service="knowledge-base",
    scopes=["articles:search", "articles:summarize"],
    constraints={"external_sharing": False},
    expires_in="24h",
)

valid = apoa.tokens.validate(token.raw, public_key=public_key)
print(valid.valid)  # True

result = apoa.authorizations.check(token, "knowledge-base", "articles:summarize")
print(result.authorized)  # True

result = apoa.authorizations.check(token, "knowledge-base", "articles:delete")
print(result.authorized)  # False

Features

  • Token lifecycle: create, sign (Ed25519/ES256), validate, parse
  • Scope matching: hierarchical pattern matching (articles:* matches articles:read)
  • Constraint enforcement: boolean denial at the SDK level, rich constraints at the protocol level
  • Authorization: revocation + scope + constraints + hard/soft rules in one call
  • Delegation chains: parent-to-child with cryptographically enforced attenuation
  • Cascade revocation: revoke parent, kill all children instantly
  • Audit trail: append-only action log per token
  • Cross-SDK compatibility: tokens created by the TypeScript SDK validate in Python and vice versa

Cross-SDK Compatibility

Tokens are JWTs. A token signed by @apoa/core (TypeScript) validates in apoa (Python) and vice versa. The serialization layer handles camelCase (JWT payload) to snake_case (Python) mapping automatically.

API

Three usage styles:

Application facade

Recommended for apps. Configure keys once, then use namespaced resources.

from apoa import APOA

apoa = APOA(private_key=key)
token = apoa.tokens.create_grant(
    principal="did:apoa:alex",
    agent="did:apoa:docs-assistant",
    service="knowledge-base",
    scopes=["articles:search"],
    expires_in="24h",
)
apoa.authorizations.check(token, "knowledge-base", "articles:search")

Protocol client

Use this when you want direct access to stores, resolvers, and protocol-level options.

from apoa import create_client

client = create_client(default_private_key=key)
client.authorize(token, "knowledge-base", "articles:search")

Standalone imports

Useful for scripts, tests, adapters, and focused protocol operations.

from apoa import authorize, check_scope

check_scope(token, "knowledge-base", "articles:search")

See the full spec and TypeScript SDK for more.

License

Apache 2.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for juanfiguera from gravatar.com juanfiguera

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Agentic POA
  • Tags authorization , ai-agents , delegation , jwt , security
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

0.3.3

0.3.2

0.3.1

0.3.0

0.2.0

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

apoa-0.3.3.tar.gz (36.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

apoa-0.3.3-py3-none-any.whl (29.3 kB view details)

Uploaded Python 3

File details

Details for the file apoa-0.3.3.tar.gz.

File metadata

  • Download URL: apoa-0.3.3.tar.gz
  • Upload date:
  • Size: 36.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for apoa-0.3.3.tar.gz
Algorithm Hash digest
SHA256 79084971c3d43c3a3c22a3ad2f30181b6c923287f008a15635a20f37f65bdbfe
MD5 124d1d9cd55425aee621a3030635d84f
BLAKE2b-256 087ba2e49a6de63c204b3dbb3aadd50aac00ad887ad87cf411b85f111730c0b7

See more details on using hashes here.

Provenance

The following attestation bundles were made for apoa-0.3.3.tar.gz:

Publisher: release.yml on agenticpoa/apoa

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file apoa-0.3.3-py3-none-any.whl.

File metadata

  • Download URL: apoa-0.3.3-py3-none-any.whl
  • Upload date:
  • Size: 29.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for apoa-0.3.3-py3-none-any.whl
Algorithm Hash digest
SHA256 85afdf26452fd45489de2562c93f568a1c5d39a586651618deb4bdfd936d8ddc
MD5 28e3da91137c947c744d9162fcf6b5d0
BLAKE2b-256 5582fa2c076089018626ae47b2399a085ef5c1ac0de8b8194d705aa6bf31c2a0

See more details on using hashes here.

Provenance

The following attestation bundles were made for apoa-0.3.3-py3-none-any.whl:

Publisher: release.yml on agenticpoa/apoa

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page