auth51 client (embed mode) — in-process egress interception that gives every agent action a scoped, verifiable, DPoP-bound intent token, minted at the source and verified at the resource.
Project description
auth51 — Python client (embed mode)
The in-process enforcement point: it intercepts your agent's egress and gives every governed call a scoped, verifiable intent token — minted at the source, verified at the resource. This is the generalized, MCP-era successor to the original A-JWT client shim, with contextvar-based agent attribution (no call- stack introspection) per DESIGN §7b.
It's the durable, unbypassable path: it sees all egress in-process (native tool calls and MCP calls), and depends only on the HTTP library — not on any agent host's conventions.
Use
import auth51
auth51.configure(
authority_url="https://authority.auth51.com",
client_id="...", client_secret="...",
audiences=["api.internal"], # hosts to govern; everything else passes through
)
with auth51.agent("ReviewBot", checksum=agent_checksum, scope="read:repo"):
httpx.get("https://api.internal/repos/...") # ← stamped with an intent token
Config can also come from env: AUTH51_AUTHORITY_URL, AUTH51_CLIENT_ID,
AUTH51_CLIENT_SECRET, AUTH51_AUDIENCES (comma-sep), AUTH51_FAIL_OPEN.
How it works
- One import installs it (idempotent; a no-op until configured + inside an
agent()context). - A framework adapter (LangChain/CrewAI — next) or the app sets the current agent via a contextvar at the tool-call boundary; the interceptor reads it.
- On governed egress: mint a scoped intent token (Hop A) → attach as a Bearer header → forward. Minting uses stdlib urllib so it never re-enters the patched HTTP client.
- fail-open by default (mint failure → forward unstamped, don't wedge the agent); set
fail_open=Falseto fail closed.
Retained from the original A-JWT client shim
- Startup-sync (
load_agents) — preload registered agents from the authority, index by checksum, detect collisions, and fail-fast on drift when the app declares expected checksums. Boot-time validation: a mis-deployed agent is caught before it runs. - Workflow seams —
with auth51.workflow(id): ...+record_step(...)track an execution; the chain + completed-steps +prev_jtiride into each intent token'sdelegation_context(§4.3 tamper-evident trace). - contextvar attribution + smart caching — kept; call-stack introspection dropped.
Status
- ✅ contextvar agent attribution · httpx sync + async + requests interception · mint + attach · fail-open/closed
- ✅
load_agents()startup-sync (cache + collision + drift validation) · workflow seams (delegation_context +prev_jtichain) - ✅ LangChain adapter (
auth51.adapters.langchain.Auth51CallbackHandler) — sets agent context + records steps at tool boundaries - ⏭️ next: PoP signing (the
cnfbinding) · MCP_metainjection ·aiohttp· local checksum recompute (shared lib) · live e2e against the deployed authority
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file auth51-0.1.0.tar.gz.
File metadata
- Download URL: auth51-0.1.0.tar.gz
- Upload date:
- Size: 25.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
449c9e0acd29767072ce0d7092ac2a1785c129cb0b2e3156bbb22a29df4c47ee
|
|
| MD5 |
eda76ac29de1f4156e2321613e236c41
|
|
| BLAKE2b-256 |
dce96328957c00a67d6e5ae16715205dfc4dd11a856c19378296e426c79cb157
|
Provenance
The following attestation bundles were made for auth51-0.1.0.tar.gz:
Publisher:
publish.yml on unforge-io/auth51-client-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
auth51-0.1.0.tar.gz -
Subject digest:
449c9e0acd29767072ce0d7092ac2a1785c129cb0b2e3156bbb22a29df4c47ee - Sigstore transparency entry: 2076726030
- Sigstore integration time:
-
Permalink:
unforge-io/auth51-client-python@ad97579a629f0c507ecb8e20a97e31baf6f51253 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/unforge-io
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@ad97579a629f0c507ecb8e20a97e31baf6f51253 -
Trigger Event:
release
-
Statement type:
File details
Details for the file auth51-0.1.0-py3-none-any.whl.
File metadata
- Download URL: auth51-0.1.0-py3-none-any.whl
- Upload date:
- Size: 31.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6112633f5a9016f02534c076b98077f6c540e0389daa4b4f65762e8fd6dbe51b
|
|
| MD5 |
a45fa3484722569811037a624a001cfe
|
|
| BLAKE2b-256 |
15e4344f3491e9643346e2f33993f00eea9d12260c2f5eb3c38b2b9a89e8caf2
|
Provenance
The following attestation bundles were made for auth51-0.1.0-py3-none-any.whl:
Publisher:
publish.yml on unforge-io/auth51-client-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
auth51-0.1.0-py3-none-any.whl -
Subject digest:
6112633f5a9016f02534c076b98077f6c540e0389daa4b4f65762e8fd6dbe51b - Sigstore transparency entry: 2076726385
- Sigstore integration time:
-
Permalink:
unforge-io/auth51-client-python@ad97579a629f0c507ecb8e20a97e31baf6f51253 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/unforge-io
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@ad97579a629f0c507ecb8e20a97e31baf6f51253 -
Trigger Event:
release
-
Statement type: