Skip to main content

Auths Python SDK - decentralized identity for developers and AI agents

Project description

Auths Python SDK

Decentralized identity for developers and AI agents. Sign, verify, and manage cryptographic identities with Git-native storage.

Install

pip install auths

Quick start

from auths import Auths

auths = Auths()

# Verify an attestation
result = auths.verify(attestation_json=data, issuer_key=public_key_hex)
print(result.valid)  # True

# Sign bytes
signature = auths.sign(b"hello world", private_key=secret_key_hex)

Identity management

from auths import Auths

auths = Auths(repo_path="~/.auths")

# Create a cryptographic identity
identity = auths.identities.create(label="laptop")
print(identity.did)  # did:keri:EBfd...

# Provision an agent (for CI, MCP servers, etc.)
agent = auths.identities.provision_agent(
    identity.did,
    name="deploy-bot",
    capabilities=["sign"],
)

# Sign using the keychain-stored identity key
sig = auths.sign_as(b"hello world", identity=identity.did)

# Link and manage devices
device = auths.devices.link(identity_did=identity.did, capabilities=["sign"])
auths.devices.revoke(device.did, identity_did=identity.did, note="replaced")

Keyless service-to-service verify

Verify an agent's credential presentation offline against a pinned root — one call, a typed Status enum, no exception for a denial:

from auths import verify_presentation, PresentationStatus

report = verify_presentation(bundle_json)  # the Auths-Presentation request bundle
if report.status is not PresentationStatus.VALID:
    raise PermissionError(f"denied: {report.status}")  # WRONG_AUDIENCE, EXPIRED, …

print(report.subject, report.caps)  # granted holder + capabilities

verify_credential(bundle_json) returns a CredentialReport the same way — e.g. report.status is CredentialStatus.CREDENTIAL_REVOKED carries report.revoked_at. Malformed input returns a typed MALFORMED_REQUEST status; it never raises.

Git commit verification

from auths.git import verify_commit_range

result = verify_commit_range("HEAD~5..HEAD")
for commit in result.commits:
    print(f"{commit.commit_sha}: {'valid' if commit.is_valid else commit.error}")

Time-pinned verification

# Verify an attestation's authenticity at a historical point in time
result = auths.verify(attestation_json=data, issuer_key=key, at="2024-06-15T00:00:00Z")

Capability/role authority is no longer checked at verification time. A capability grant comes from a holder-verified ACDC credential, not the attestation.

Agent auth for MCP / AI frameworks

from auths.agent import AgentAuth

auth = AgentAuth(
    bridge_url="https://bridge.example.com",
    attestation_chain_path=".auths/agent-chain.json",
)
token = auth.get_token(capabilities=["read", "write"])

Error handling

from auths import Auths, VerificationError, NetworkError

auths = Auths()
try:
    result = auths.verify(attestation_json=data, issuer_key=key)
except VerificationError as e:
    print(e.code)     # "expired_attestation"
    print(e.message)  # "Attestation expired at 2024-01-15T..."
except NetworkError as e:
    if e.should_retry:
        pass  # safe to retry

All errors inherit from AuthsError and carry .code, .message, and .context.

Configuration

# Auto-discover (uses ~/.auths)
auths = Auths()

# Explicit repo path
auths = Auths(repo_path="/path/to/identity-repo")

# With passphrase (or set AUTHS_PASSPHRASE env var)
auths = Auths(passphrase="my-secret")

# Headless / CI mode
# Set AUTHS_KEYCHAIN_BACKEND=file for environments without a system keychain

API reference

Type stubs are bundled (py.typed + __init__.pyi). Your editor will show full signatures, docstrings, and return types for all methods.

License

Apache-2.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

auths-0.1.1.tar.gz (1.4 MB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

auths-0.1.1-cp38-abi3-win_amd64.whl (7.4 MB view details)

Uploaded CPython 3.8+Windows x86-64

auths-0.1.1-cp38-abi3-musllinux_1_2_x86_64.whl (7.6 MB view details)

Uploaded CPython 3.8+musllinux: musl 1.2+ x86-64

auths-0.1.1-cp38-abi3-musllinux_1_2_aarch64.whl (7.0 MB view details)

Uploaded CPython 3.8+musllinux: musl 1.2+ ARM64

auths-0.1.1-cp38-abi3-manylinux_2_28_x86_64.whl (7.5 MB view details)

Uploaded CPython 3.8+manylinux: glibc 2.28+ x86-64

auths-0.1.1-cp38-abi3-manylinux_2_28_aarch64.whl (7.0 MB view details)

Uploaded CPython 3.8+manylinux: glibc 2.28+ ARM64

auths-0.1.1-cp38-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl (13.5 MB view details)

Uploaded CPython 3.8+macOS 10.12+ universal2 (ARM64, x86-64)macOS 10.12+ x86-64macOS 11.0+ ARM64

File details

Details for the file auths-0.1.1.tar.gz.

File metadata

  • Download URL: auths-0.1.1.tar.gz
  • Upload date:
  • Size: 1.4 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for auths-0.1.1.tar.gz
Algorithm Hash digest
SHA256 ffcc309539f0a77c592f0ca6a8e809d94e4ee660415ce25f638c3138c846345c
MD5 e49669963aa80d5a8efe1dc61c822fe1
BLAKE2b-256 54aa5ffbad7d8404a995cf671207c0f159e50259a2d2bdc963f6f4918dd8ea2f

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.1.tar.gz:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.1-cp38-abi3-win_amd64.whl.

File metadata

  • Download URL: auths-0.1.1-cp38-abi3-win_amd64.whl
  • Upload date:
  • Size: 7.4 MB
  • Tags: CPython 3.8+, Windows x86-64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for auths-0.1.1-cp38-abi3-win_amd64.whl
Algorithm Hash digest
SHA256 3aa440c2718ece38c41de3e1260ca08f12cb4dd82fbe51619917148001c5e472
MD5 3a2de28279cf2c3be95fea3d4a42e806
BLAKE2b-256 d628392812d4977944ec36c3a80d1ecfba95e4352b157dad562382369728aca7

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.1-cp38-abi3-win_amd64.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.1-cp38-abi3-musllinux_1_2_x86_64.whl.

File metadata

File hashes

Hashes for auths-0.1.1-cp38-abi3-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 fb8e4d186184fecbfcc5bef40a0e8e3b1ca132341e2e8b50097becc80f2832dd
MD5 50e0a075a6d95ca6b89e6e6e52d6e577
BLAKE2b-256 2fda95e01579e86988995524b358037a73ec9c1e53ef4c80194398c71cd50ce9

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.1-cp38-abi3-musllinux_1_2_x86_64.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.1-cp38-abi3-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for auths-0.1.1-cp38-abi3-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 a5778d2e978370ec2ec6dbfa5e727ce394257237604358eaa1b5630c9312361c
MD5 9323b892fe681d3a73342157eab56445
BLAKE2b-256 39946b00d1ebcd3199a3395da97460de28f14e9ee88b8d0410639eee4135a565

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.1-cp38-abi3-musllinux_1_2_aarch64.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.1-cp38-abi3-manylinux_2_28_x86_64.whl.

File metadata

File hashes

Hashes for auths-0.1.1-cp38-abi3-manylinux_2_28_x86_64.whl
Algorithm Hash digest
SHA256 4cb2648f1eb199cea87b99cb6b86a62cff0db04a79f3e6ebacdce46f8dcf209c
MD5 3be1fba0694e0ad75bd54f5b3480548e
BLAKE2b-256 62b391bfbd8c9c3fbceb9cced6f26c4b04af3ace86e47416f4df791a29bf4876

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.1-cp38-abi3-manylinux_2_28_x86_64.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.1-cp38-abi3-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for auths-0.1.1-cp38-abi3-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 e609b3fc62b544dae24833a903c5beb540bb370444c322465eef6c14e2f8f23f
MD5 5e5cbcd2ffeeceb576d083fdae4584f5
BLAKE2b-256 dca95f7e7668259ff80a44acd493020fde2d7709a5e4d051ed170432de416011

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.1-cp38-abi3-manylinux_2_28_aarch64.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.1-cp38-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl.

File metadata

File hashes

Hashes for auths-0.1.1-cp38-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl
Algorithm Hash digest
SHA256 1628e08ec399395017666a8755109607514b7b10a54b09a5f15c7eff08f275d2
MD5 e2ceecf4b231f9e25bebdb777ed8dd25
BLAKE2b-256 480578be2a840082ddd420d08e201566e774c78784206a87a49ea3d6cf8169cd

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.1-cp38-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page