Python SDK for the Agentic Power of Attorney (APOA) standard

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for juanfiguera from gravatar.com juanfiguera

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Agentic POA
  • Tags authorization , ai-agents , delegation , jwt , security
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

APOA Python SDK

Python SDK for the Agentic Power of Attorney (APOA) standard -- authorization infrastructure for AI agents.

Install

pip install apoa

Quick Start

from apoa import (
    APOA,
    BrowserSessionConfig,
    generate_key_pair,
)

private_key, public_key = generate_key_pair()
apoa = APOA(private_key=private_key)

token = apoa.tokens.create_grant(
    principal="did:apoa:you",
    agent="did:apoa:your-agent",
    service="nationwidemortgage.com",
    scopes=["rate_lock:read", "documents:read"],
    constraints={"signing": False},
    access_mode="browser",
    browser_config=BrowserSessionConfig(
        allowed_urls=["https://portal.nationwidemortgage.com/*"],
        credential_vault_ref="1password://vault/mortgage-portal",
    ),
    expires_in="30d",
)

valid = apoa.tokens.validate(token.raw, public_key=public_key)
print(valid.valid)  # True

result = apoa.authorizations.check(token, "nationwidemortgage.com", "rate_lock:read")
print(result.authorized)  # True

result = apoa.authorizations.check(token, "nationwidemortgage.com", "documents:sign")
print(result.authorized)  # False

Features

  • Token lifecycle: create, sign (Ed25519/ES256), validate, parse
  • Scope matching: hierarchical pattern matching (appointments:* matches appointments:read)
  • Constraint enforcement: boolean denial at the SDK level, rich constraints at the protocol level
  • Authorization: revocation + scope + constraints + hard/soft rules in one call
  • Delegation chains: parent-to-child with cryptographically enforced attenuation
  • Cascade revocation: revoke parent, kill all children instantly
  • Audit trail: append-only action log per token
  • Cross-SDK compatibility: tokens created by the TypeScript SDK validate in Python and vice versa

Cross-SDK Compatibility

Tokens are JWTs. A token signed by @apoa/core (TypeScript) validates in apoa (Python) and vice versa. The serialization layer handles camelCase (JWT payload) to snake_case (Python) mapping automatically.

API

Three usage styles:

# Style 1: Application facade (recommended for apps)
apoa = APOA(private_key=key)
token = apoa.tokens.create_grant(
    principal="did:apoa:you",
    agent="did:apoa:agent",
    service="service.com",
    scopes=["action:read"],
    expires_in="30d",
)
apoa.authorizations.check(token, "service.com", "action:read")

# Style 2: Protocol client
client = create_client(default_private_key=key)
client.authorize(token, "service.com", "action:read")

# Style 3: Standalone imports
from apoa import authorize, check_scope
check_scope(token, "service.com", "action:read")

See the full spec and TypeScript SDK for more.

License

Apache 2.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for juanfiguera from gravatar.com juanfiguera

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Agentic POA
  • Tags authorization , ai-agents , delegation , jwt , security
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.3.3

This version

0.3.2

0.3.1

0.3.0

0.2.0

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

apoa-0.3.2.tar.gz (36.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

apoa-0.3.2-py3-none-any.whl (29.3 kB view details)

Uploaded Python 3

File details

Details for the file apoa-0.3.2.tar.gz.

File metadata

  • Download URL: apoa-0.3.2.tar.gz
  • Upload date:
  • Size: 36.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for apoa-0.3.2.tar.gz
Algorithm Hash digest
SHA256 a1ff7af444e8a0519ab05aaeb88f6f8a0b1c181389ae8c658974ea83cb28e83f
MD5 a685e2a6689ab4925b22fdae49ca5d99
BLAKE2b-256 f1225b847596062d6dabfc90034b5d849a37426349f81e5d8a34ed24ca988632

See more details on using hashes here.

Provenance

The following attestation bundles were made for apoa-0.3.2.tar.gz:

Publisher: release.yml on agenticpoa/apoa

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file apoa-0.3.2-py3-none-any.whl.

File metadata

  • Download URL: apoa-0.3.2-py3-none-any.whl
  • Upload date:
  • Size: 29.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for apoa-0.3.2-py3-none-any.whl
Algorithm Hash digest
SHA256 9709fae22f8cf5afea59e50503b425ce96b052f2ae8e6be253637adf6038a025
MD5 ce93e308a95c99f2c20163eaa23e0470
BLAKE2b-256 868a7f3f75842433ada3c71fa623d75b064afd67960a25f8795697eaa237c70d

See more details on using hashes here.

Provenance

The following attestation bundles were made for apoa-0.3.2-py3-none-any.whl:

Publisher: release.yml on agenticpoa/apoa

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page