The agent-identity checksum algorithm — the shared, byte-for-byte source of truth used by the auth51 authority (at registration) and the auth51 clients (at runtime recompute).
Project description
auth51-checksum
The agent-identity checksum algorithm, extracted as the single, shared source of truth. The same bytes hash the same way on both sides of the trust boundary:
- the authority computes it at registration → the registered checksum;
- the clients (embed/wrap) recompute it at runtime from the live agent and compare.
Because both sides run the identical algorithm, a client can verify "this is the registered, unmodified agent" without the agent self-declaring its identity — and the authority re-verifies at mint. This package is the engine behind that.
⚠️ This is a wire/registration contract. Changing the algorithm is a breaking change to every already-registered agent. Don't refactor in ways that change a single output byte — bump a version suffix instead. The conformance test (
tests/) pins this to golden vectors generated from the authority's owncrypto/agent_checksum.py; a failure there is a release blocker.
Two algorithms (the authority accepts EITHER at mint)
v1 — patchet-compat. SHA-256, bare 64-char hex.
canon = {
"id": agent_id,
"prompt": normalize_prompt_v1(prompt_template), # whitespace-collapse, NO Unicode NFC
"tools": sorted([{name, signature, description, source_code?}], by name), # is_agent dropped
"config": configuration,
}
sha256(json.dumps(canon, sort_keys=True)).hexdigest()
v2 — auth51 native. SHA3-512, self-describing sha3-512:v1:<128 hex>.
canonicalize(model_dump(components)) → json.dumps(sort_keys=True) → sha3-512
where canonicalize recursively sorts dict keys and runs normalize_text on
every string (strip, \r\n→\n, collapse blank lines, strip each line, drop
empty lines, Unicode NFC). The component dict carries every tool field —
name, signature, description, source_code, is_agent — defaults included; that
exact shape is part of the hash.
v3 — auth51 native, IDENTITY-ONLY. SHA3-512, self-describing
sha3-512:id1:<128 hex>.
canonicalize({agent_id, prompt_template, configuration}) → json.dumps(sort_keys=True) → sha3-512
Same canonicalization as v2, but over prompt + config only — no tools. Tools are the grant (authorization), not identity (DESIGN §13.1): adding/swapping a tool re-derives the grant, it doesn't change who the agent is. This is what the modern clients recompute at runtime — purely from the live prompt + config, both observable on the wire to the model, so no tool material is needed. The authority stores all three; mint accepts any.
The behavioural differences: v2 NFC-folds Unicode; v1 does not (composed vs
decomposed é collide under v2, differ under v1). And two agents with the same
{id, prompt, config} but different tools share a v3 but differ in v2 — that's
the whole point of v3.
Use
from auth51_checksum import AgentComponents, Tool, compute_both, matches
comp = AgentComponents(agent_id="ReviewBot", prompt_template="You are…", tools=[], configuration={})
v2, v1 = compute_both(comp) # both checksums
matches(registered_checksum, comp) # True if either matches (the client-side gate)
matches() mirrors the authority's mint-time acceptance: recompute from the live
agent, and the registered checksum is valid if it equals either algorithm.
Regenerating golden vectors
From the authority repo (its venv has pydantic):
from auth51_authority.schemas.intent import AgentComponents
from auth51_authority.crypto.agent_checksum import compute_both
# run compute_both over the fixtures, dump {name, components, v2, v1} → tests/golden.json
Ports
- Python — this package (reference implementation).
- TypeScript — for
@auth51/client(node), to be ported from the spec above and pinned against the samegolden.json. The golden vectors are the cross-language contract: any port must reproduce them exactly.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file auth51_checksum-0.1.0.tar.gz.
File metadata
- Download URL: auth51_checksum-0.1.0.tar.gz
- Upload date:
- Size: 10.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7d21c555eb7140ac2c59c80a5b537669633fe805261854419211ba15a3b42384
|
|
| MD5 |
bdba6feae47bc594d43465e701ca19c8
|
|
| BLAKE2b-256 |
05976c3be402b7327f1f3dadb290f6eaf2741c9f707bc4f6ed91154a3f063f44
|
Provenance
The following attestation bundles were made for auth51_checksum-0.1.0.tar.gz:
Publisher:
publish.yml on unforge-io/auth51-checksum
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
auth51_checksum-0.1.0.tar.gz -
Subject digest:
7d21c555eb7140ac2c59c80a5b537669633fe805261854419211ba15a3b42384 - Sigstore transparency entry: 2076446147
- Sigstore integration time:
-
Permalink:
unforge-io/auth51-checksum@0fbcfcdb8f23c6475088f23db38d9594a6e2b974 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/unforge-io
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@0fbcfcdb8f23c6475088f23db38d9594a6e2b974 -
Trigger Event:
release
-
Statement type:
File details
Details for the file auth51_checksum-0.1.0-py3-none-any.whl.
File metadata
- Download URL: auth51_checksum-0.1.0-py3-none-any.whl
- Upload date:
- Size: 8.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
54240ccd8a9d3c528086965fb25dc7ba3bf1f9217bba6df33098e335eb2ddd93
|
|
| MD5 |
6e4d31da6f0eb33e92598816bfff9c10
|
|
| BLAKE2b-256 |
b1d6a2b7d7efe5f508976e215ab1390c6df80d240f5f381a813d9a3699d4410f
|
Provenance
The following attestation bundles were made for auth51_checksum-0.1.0-py3-none-any.whl:
Publisher:
publish.yml on unforge-io/auth51-checksum
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
auth51_checksum-0.1.0-py3-none-any.whl -
Subject digest:
54240ccd8a9d3c528086965fb25dc7ba3bf1f9217bba6df33098e335eb2ddd93 - Sigstore transparency entry: 2076447023
- Sigstore integration time:
-
Permalink:
unforge-io/auth51-checksum@0fbcfcdb8f23c6475088f23db38d9594a6e2b974 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/unforge-io
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@0fbcfcdb8f23c6475088f23db38d9594a6e2b974 -
Trigger Event:
release
-
Statement type: