Python SDK for the Agentic Power of Attorney (APOA) standard

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for juanfiguera from gravatar.com juanfiguera

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Agentic POA
  • Tags authorization , ai-agents , delegation , jwt , security
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

APOA Python SDK

Python SDK for the Agentic Power of Attorney (APOA) standard -- authorization infrastructure for AI agents.

Install

pip install apoa

Quick Start

from apoa import (
    APOADefinition, Agent, BrowserSessionConfig, Principal,
    Rule, ServiceAuthorization, SigningOptions,
    create_client, generate_key_pair,
)

# Generate keys and create a client
private_key, public_key = generate_key_pair()
client = create_client(default_private_key=private_key)

# Create a signed authorization token
token = client.create_token(APOADefinition(
    principal=Principal(id="did:apoa:you"),
    agent=Agent(id="did:apoa:your-agent", name="HomeBot Pro"),
    services=[ServiceAuthorization(
        service="nationwidemortgage.com",
        scopes=["rate_lock:read", "documents:read"],
        constraints={"signing": False},
        access_mode="browser",
        browser_config=BrowserSessionConfig(
            allowed_urls=["https://portal.nationwidemortgage.com/*"],
            credential_vault_ref="1password://vault/mortgage-portal",
        ),
    )],
    rules=[Rule(id="no-signing", description="Never sign anything", enforcement="hard")],
    expires="2026-09-01",
))

# Authorize actions
result = client.authorize(token, "nationwidemortgage.com", "rate_lock:read")
print(result.authorized)  # True

result = client.authorize(token, "nationwidemortgage.com", "documents:sign")
print(result.authorized)  # False

Features

  • Token lifecycle: create, sign (Ed25519/ES256), validate, parse
  • Scope matching: hierarchical pattern matching (appointments:* matches appointments:read)
  • Constraint enforcement: boolean denial at the SDK level, rich constraints at the protocol level
  • Authorization: revocation + scope + constraints + hard/soft rules in one call
  • Delegation chains: parent-to-child with cryptographically enforced attenuation
  • Cascade revocation: revoke parent, kill all children instantly
  • Audit trail: append-only action log per token
  • Cross-SDK compatibility: tokens created by the TypeScript SDK validate in Python and vice versa

Cross-SDK Compatibility

Tokens are JWTs. A token signed by @apoa/core (TypeScript) validates in apoa (Python) and vice versa. The serialization layer handles camelCase (JWT payload) to snake_case (Python) mapping automatically.

API

Two usage styles:

# Style 1: Client instance (recommended)
client = create_client(default_private_key=key)
client.authorize(token, "service.com", "action:read")

# Style 2: Standalone imports
from apoa import authorize, check_scope
check_scope(token, "service.com", "action:read")

See the full spec and TypeScript SDK for more.

License

Apache 2.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for juanfiguera from gravatar.com juanfiguera

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Agentic POA
  • Tags authorization , ai-agents , delegation , jwt , security
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.3.3

0.3.2

This version

0.3.1

0.3.0

0.2.0

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

apoa-0.3.1.tar.gz (33.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

apoa-0.3.1-py3-none-any.whl (26.9 kB view details)

Uploaded Python 3

File details

Details for the file apoa-0.3.1.tar.gz.

File metadata

  • Download URL: apoa-0.3.1.tar.gz
  • Upload date:
  • Size: 33.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for apoa-0.3.1.tar.gz
Algorithm Hash digest
SHA256 04cbe6d592f66925c0d3840758e698f400e3a14799805544c38bd0fea30c3ffb
MD5 a0f2da1249573e21454076119f793fc9
BLAKE2b-256 a8a6ee218a3222b39c13f3e64b6994fe2421f204e31b57b5903a6da24fd3e929

See more details on using hashes here.

Provenance

The following attestation bundles were made for apoa-0.3.1.tar.gz:

Publisher: release.yml on agenticpoa/apoa

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file apoa-0.3.1-py3-none-any.whl.

File metadata

  • Download URL: apoa-0.3.1-py3-none-any.whl
  • Upload date:
  • Size: 26.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for apoa-0.3.1-py3-none-any.whl
Algorithm Hash digest
SHA256 8fef0494e9deb772fb000e99d6e073a92d8aa0277ae306b15b54e359b36b5873
MD5 3a421f9ade813027ba67e8976eff0e7d
BLAKE2b-256 7bc840190e10b0ca5bf2dacd627be8d4a5b024282c5f38bda5b287d5caa46731

See more details on using hashes here.

Provenance

The following attestation bundles were made for apoa-0.3.1-py3-none-any.whl:

Publisher: release.yml on agenticpoa/apoa

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page