Python SDK for the Agentic Power of Attorney (APOA) standard

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for juanfiguera from gravatar.com juanfiguera

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Agentic POA
  • Tags authorization , ai-agents , delegation , jwt , security
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

APOA Python SDK

Python SDK for the Agentic Power of Attorney (APOA) standard -- authorization infrastructure for AI agents.

Install

pip install apoa

Quick Start

from apoa import (
    APOADefinition, Agent, BrowserSessionConfig, Principal,
    Rule, ServiceAuthorization, SigningOptions,
    create_client, generate_key_pair,
)

# Generate keys and create a client
private_key, public_key = generate_key_pair()
client = create_client(default_private_key=private_key)

# Create a signed authorization token
token = client.create_token(APOADefinition(
    principal=Principal(id="did:apoa:you"),
    agent=Agent(id="did:apoa:your-agent", name="HomeBot Pro"),
    services=[ServiceAuthorization(
        service="nationwidemortgage.com",
        scopes=["rate_lock:read", "documents:read"],
        constraints={"signing": False},
        access_mode="browser",
        browser_config=BrowserSessionConfig(
            allowed_urls=["https://portal.nationwidemortgage.com/*"],
            credential_vault_ref="1password://vault/mortgage-portal",
        ),
    )],
    rules=[Rule(id="no-signing", description="Never sign anything", enforcement="hard")],
    expires="2026-09-01",
))

# Authorize actions
result = client.authorize(token, "nationwidemortgage.com", "rate_lock:read")
print(result.authorized)  # True

result = client.authorize(token, "nationwidemortgage.com", "documents:sign")
print(result.authorized)  # False

Features

  • Token lifecycle: create, sign (Ed25519/ES256), validate, parse
  • Scope matching: hierarchical pattern matching (appointments:* matches appointments:read)
  • Constraint enforcement: boolean denial at the SDK level, rich constraints at the protocol level
  • Authorization: revocation + scope + constraints + hard/soft rules in one call
  • Delegation chains: parent-to-child with cryptographically enforced attenuation
  • Cascade revocation: revoke parent, kill all children instantly
  • Audit trail: append-only action log per token
  • Cross-SDK compatibility: tokens created by the TypeScript SDK validate in Python and vice versa

Cross-SDK Compatibility

Tokens are JWTs. A token signed by @apoa/core (TypeScript) validates in apoa (Python) and vice versa. The serialization layer handles camelCase (JWT payload) to snake_case (Python) mapping automatically.

API

Two usage styles:

# Style 1: Client instance (recommended)
client = create_client(default_private_key=key)
client.authorize(token, "service.com", "action:read")

# Style 2: Standalone imports
from apoa import authorize, check_scope
check_scope(token, "service.com", "action:read")

See the full spec and TypeScript SDK for more.

License

Apache 2.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for juanfiguera from gravatar.com juanfiguera

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Agentic POA
  • Tags authorization , ai-agents , delegation , jwt , security
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.3.3

0.3.2

0.3.1

This version

0.3.0

0.2.0

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

apoa-0.3.0.tar.gz (32.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

apoa-0.3.0-py3-none-any.whl (26.2 kB view details)

Uploaded Python 3

File details

Details for the file apoa-0.3.0.tar.gz.

File metadata

  • Download URL: apoa-0.3.0.tar.gz
  • Upload date:
  • Size: 32.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for apoa-0.3.0.tar.gz
Algorithm Hash digest
SHA256 8c7b83f4ea80a4bd5a8080e880cabeb85d0e4336a3b3ed489e0095313cdb1c25
MD5 de3e4700c911db4edb649cddbca76fb6
BLAKE2b-256 bbf208c057c8ca41b67a0c89ea495354ffe34a26866c887e8c4e008d15795031

See more details on using hashes here.

Provenance

The following attestation bundles were made for apoa-0.3.0.tar.gz:

Publisher: release.yml on agenticpoa/apoa

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file apoa-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: apoa-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 26.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for apoa-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 0d13d9ff80f1f10f50c03e722f84871ba2d8b9020877caa41e22ee5ef00f8dd8
MD5 2b80aa99e048d19bb0ccc098a62c01b2
BLAKE2b-256 da34b0ee02540099912ac35bfe00a069d7012a2f220ef5698e35d03aa5d50b6d

See more details on using hashes here.

Provenance

The following attestation bundles were made for apoa-0.3.0-py3-none-any.whl:

Publisher: release.yml on agenticpoa/apoa

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page