Skip to main content

Auths Python SDK - decentralized identity for developers and AI agents

Project description

Auths Python SDK

Decentralized identity for developers and AI agents. Sign, verify, and manage cryptographic identities with Git-native storage.

Install

pip install auths

Quick start

from auths import Auths

auths = Auths()

# Verify an attestation
result = auths.verify(attestation_json=data, issuer_key=public_key_hex)
print(result.valid)  # True

# Sign bytes
signature = auths.sign(b"hello world", private_key=secret_key_hex)

Identity management

from auths import Auths

auths = Auths(repo_path="~/.auths")

# Create a cryptographic identity
identity = auths.identities.create(label="laptop")
print(identity.did)  # did:keri:EBfd...

# Provision an agent (for CI, MCP servers, etc.)
agent = auths.identities.provision_agent(
    identity.did,
    name="deploy-bot",
    capabilities=["sign"],
)

# Sign using the keychain-stored identity key
sig = auths.sign_as(b"hello world", identity=identity.did)

# Link and manage devices
device = auths.devices.link(identity_did=identity.did, capabilities=["sign"])
auths.devices.revoke(device.did, identity_did=identity.did, note="replaced")

Keyless service-to-service verify

Verify an agent's credential presentation offline against a pinned root — one call, a typed Status enum, no exception for a denial:

from auths import verify_presentation, PresentationStatus

report = verify_presentation(bundle_json)  # the Auths-Presentation request bundle
if report.status is not PresentationStatus.VALID:
    raise PermissionError(f"denied: {report.status}")  # WRONG_AUDIENCE, EXPIRED, …

print(report.subject, report.caps)  # granted holder + capabilities

verify_credential(bundle_json) returns a CredentialReport the same way — e.g. report.status is CredentialStatus.CREDENTIAL_REVOKED carries report.revoked_at. Malformed input returns a typed MALFORMED_REQUEST status; it never raises.

Git commit verification

from auths.git import verify_commit_range

result = verify_commit_range("HEAD~5..HEAD")
for commit in result.commits:
    print(f"{commit.commit_sha}: {'valid' if commit.is_valid else commit.error}")

Time-pinned verification

# Verify an attestation's authenticity at a historical point in time
result = auths.verify(attestation_json=data, issuer_key=key, at="2024-06-15T00:00:00Z")

Capability/role authority is no longer checked at verification time. A capability grant comes from a holder-verified ACDC credential, not the attestation.

Agent auth for MCP / AI frameworks

from auths.agent import AgentAuth

auth = AgentAuth(
    bridge_url="https://bridge.example.com",
    attestation_chain_path=".auths/agent-chain.json",
)
token = auth.get_token(capabilities=["read", "write"])

Error handling

from auths import Auths, VerificationError, NetworkError

auths = Auths()
try:
    result = auths.verify(attestation_json=data, issuer_key=key)
except VerificationError as e:
    print(e.code)     # "expired_attestation"
    print(e.message)  # "Attestation expired at 2024-01-15T..."
except NetworkError as e:
    if e.should_retry:
        pass  # safe to retry

All errors inherit from AuthsError and carry .code, .message, and .context.

Configuration

# Auto-discover (uses ~/.auths)
auths = Auths()

# Explicit repo path
auths = Auths(repo_path="/path/to/identity-repo")

# With passphrase (or set AUTHS_PASSPHRASE env var)
auths = Auths(passphrase="my-secret")

# Headless / CI mode
# Set AUTHS_KEYCHAIN_BACKEND=file for environments without a system keychain

API reference

Type stubs are bundled (py.typed + __init__.pyi). Your editor will show full signatures, docstrings, and return types for all methods.

License

Apache-2.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

auths-0.1.2.tar.gz (1.4 MB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

auths-0.1.2-cp38-abi3-win_amd64.whl (7.4 MB view details)

Uploaded CPython 3.8+Windows x86-64

auths-0.1.2-cp38-abi3-musllinux_1_2_x86_64.whl (7.6 MB view details)

Uploaded CPython 3.8+musllinux: musl 1.2+ x86-64

auths-0.1.2-cp38-abi3-musllinux_1_2_aarch64.whl (7.0 MB view details)

Uploaded CPython 3.8+musllinux: musl 1.2+ ARM64

auths-0.1.2-cp38-abi3-manylinux_2_28_x86_64.whl (7.5 MB view details)

Uploaded CPython 3.8+manylinux: glibc 2.28+ x86-64

auths-0.1.2-cp38-abi3-manylinux_2_28_aarch64.whl (7.0 MB view details)

Uploaded CPython 3.8+manylinux: glibc 2.28+ ARM64

auths-0.1.2-cp38-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl (13.5 MB view details)

Uploaded CPython 3.8+macOS 10.12+ universal2 (ARM64, x86-64)macOS 10.12+ x86-64macOS 11.0+ ARM64

File details

Details for the file auths-0.1.2.tar.gz.

File metadata

  • Download URL: auths-0.1.2.tar.gz
  • Upload date:
  • Size: 1.4 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for auths-0.1.2.tar.gz
Algorithm Hash digest
SHA256 779576c85c7ac29360dcff4dd1ea86f8d64c2446969cb7c44d5a7c1bbfa95357
MD5 a76f6be3f932043071d5810aa855eaa1
BLAKE2b-256 8154853976bf852e197bb658f5700ee67a6511c64fc560dea44b8f356f0556e3

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.2.tar.gz:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.2-cp38-abi3-win_amd64.whl.

File metadata

  • Download URL: auths-0.1.2-cp38-abi3-win_amd64.whl
  • Upload date:
  • Size: 7.4 MB
  • Tags: CPython 3.8+, Windows x86-64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for auths-0.1.2-cp38-abi3-win_amd64.whl
Algorithm Hash digest
SHA256 64b8ec228e46a82f12a4c4dd14773e7b8bb0426b9b98ae04acec514c14158b89
MD5 5982d1f6d8c6d9394528d7a0e6ac051f
BLAKE2b-256 238dee94ee3fdab1c12463f88021d6a3d78be40bd0f0646729699456d8acec86

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.2-cp38-abi3-win_amd64.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.2-cp38-abi3-musllinux_1_2_x86_64.whl.

File metadata

  • Download URL: auths-0.1.2-cp38-abi3-musllinux_1_2_x86_64.whl
  • Upload date:
  • Size: 7.6 MB
  • Tags: CPython 3.8+, musllinux: musl 1.2+ x86-64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for auths-0.1.2-cp38-abi3-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 de206f073f9135c11cf2960813d0f9ec4b0763321e793a017b4510c386126774
MD5 31e3b98ca6007597084d86c58f3dc0b3
BLAKE2b-256 1ab1233dc6f30b5841e7b5db9fcfe65f227751b8c0f441ddaebe151f6aa7d85e

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.2-cp38-abi3-musllinux_1_2_x86_64.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.2-cp38-abi3-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for auths-0.1.2-cp38-abi3-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 65b4ea94bc0e3951eeabdec388a18b570b3b800a14a3eed9a2461e5fe7b7fc03
MD5 f721ebf29a9088f7bb173fea523ff0ae
BLAKE2b-256 2e943c6dd6b47e848ee339970ac510fef14dacc45a147366adcab4d7056dd2bd

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.2-cp38-abi3-musllinux_1_2_aarch64.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.2-cp38-abi3-manylinux_2_28_x86_64.whl.

File metadata

File hashes

Hashes for auths-0.1.2-cp38-abi3-manylinux_2_28_x86_64.whl
Algorithm Hash digest
SHA256 1190990bcc44d2d5e96bd908f6339d32b9e592620fe25fb22e7c24301d05048e
MD5 299214f7c8dce961299ba2e1a152a431
BLAKE2b-256 b804da5f58a9810c645239baf9eaea58118e2fa03101dc67bb28e49bff3b8b1c

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.2-cp38-abi3-manylinux_2_28_x86_64.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.2-cp38-abi3-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for auths-0.1.2-cp38-abi3-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 511168ed6ae80b179232e361faea3151526760b776e66bfdeac2a37cfec0c995
MD5 58fd803b894909e530f1176a517e7f69
BLAKE2b-256 1387f3288b2c848c5ed82ae692d885008c0e5ef7ff857b8ec3a69068886cc466

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.2-cp38-abi3-manylinux_2_28_aarch64.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.2-cp38-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl.

File metadata

File hashes

Hashes for auths-0.1.2-cp38-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl
Algorithm Hash digest
SHA256 31b86e8df39884de2ac83d079fc8ae7deebe00267a57a7318312b6ada1d6b0cc
MD5 d06a3ff329022c4ef1285fa09412ae52
BLAKE2b-256 b82cf1a806e21e6b50bba6727510a08b5b1952c88f6b6a6df44d36bdb156a48b

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.2-cp38-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page