Skip to main content

Auths Python SDK - decentralized identity for developers and AI agents

Project description

Auths Python SDK

Decentralized identity for developers and AI agents. Sign, verify, and manage cryptographic identities with Git-native storage.

Install

pip install auths

Quick start

from auths import Auths

auths = Auths()

# Verify an attestation
result = auths.verify(attestation_json=data, issuer_key=public_key_hex)
print(result.valid)  # True

# Sign bytes
signature = auths.sign(b"hello world", private_key=secret_key_hex)

Identity management

from auths import Auths

auths = Auths(repo_path="~/.auths")

# Create a cryptographic identity
identity = auths.identities.create(label="laptop")
print(identity.did)  # did:keri:EBfd...

# Provision an agent (for CI, MCP servers, etc.)
agent = auths.identities.provision_agent(
    identity.did,
    name="deploy-bot",
    capabilities=["sign"],
)

# Sign using the keychain-stored identity key
sig = auths.sign_as(b"hello world", identity=identity.did)

# Link and manage devices
device = auths.devices.link(identity_did=identity.did, capabilities=["sign"])
auths.devices.revoke(device.did, identity_did=identity.did, note="replaced")

Keyless service-to-service verify

Verify an agent's credential presentation offline against a pinned root — one call, a typed Status enum, no exception for a denial:

from auths import verify_presentation, PresentationStatus

report = verify_presentation(bundle_json)  # the Auths-Presentation request bundle
if report.status is not PresentationStatus.VALID:
    raise PermissionError(f"denied: {report.status}")  # WRONG_AUDIENCE, EXPIRED, …

print(report.subject, report.caps)  # granted holder + capabilities

verify_credential(bundle_json) returns a CredentialReport the same way — e.g. report.status is CredentialStatus.CREDENTIAL_REVOKED carries report.revoked_at. Malformed input returns a typed MALFORMED_REQUEST status; it never raises.

Git commit verification

from auths.git import verify_commit_range

result = verify_commit_range("HEAD~5..HEAD")
for commit in result.commits:
    print(f"{commit.commit_sha}: {'valid' if commit.is_valid else commit.error}")

Time-pinned verification

# Verify an attestation's authenticity at a historical point in time
result = auths.verify(attestation_json=data, issuer_key=key, at="2024-06-15T00:00:00Z")

Capability/role authority is no longer checked at verification time. A capability grant comes from a holder-verified ACDC credential, not the attestation.

Agent auth for MCP / AI frameworks

from auths.agent import AgentAuth

auth = AgentAuth(
    bridge_url="https://bridge.example.com",
    attestation_chain_path=".auths/agent-chain.json",
)
token = auth.get_token(capabilities=["read", "write"])

Error handling

from auths import Auths, VerificationError, NetworkError

auths = Auths()
try:
    result = auths.verify(attestation_json=data, issuer_key=key)
except VerificationError as e:
    print(e.code)     # "expired_attestation"
    print(e.message)  # "Attestation expired at 2024-01-15T..."
except NetworkError as e:
    if e.should_retry:
        pass  # safe to retry

All errors inherit from AuthsError and carry .code, .message, and .context.

Configuration

# Auto-discover (uses ~/.auths)
auths = Auths()

# Explicit repo path
auths = Auths(repo_path="/path/to/identity-repo")

# With passphrase (or set AUTHS_PASSPHRASE env var)
auths = Auths(passphrase="my-secret")

# Headless / CI mode
# Set AUTHS_KEYCHAIN_BACKEND=file for environments without a system keychain

API reference

Type stubs are bundled (py.typed + __init__.pyi). Your editor will show full signatures, docstrings, and return types for all methods.

License

Apache-2.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

auths-0.1.3.tar.gz (1.5 MB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

auths-0.1.3-cp38-abi3-win_amd64.whl (7.4 MB view details)

Uploaded CPython 3.8+Windows x86-64

auths-0.1.3-cp38-abi3-musllinux_1_2_x86_64.whl (7.6 MB view details)

Uploaded CPython 3.8+musllinux: musl 1.2+ x86-64

auths-0.1.3-cp38-abi3-musllinux_1_2_aarch64.whl (7.0 MB view details)

Uploaded CPython 3.8+musllinux: musl 1.2+ ARM64

auths-0.1.3-cp38-abi3-manylinux_2_28_x86_64.whl (7.5 MB view details)

Uploaded CPython 3.8+manylinux: glibc 2.28+ x86-64

auths-0.1.3-cp38-abi3-manylinux_2_28_aarch64.whl (7.0 MB view details)

Uploaded CPython 3.8+manylinux: glibc 2.28+ ARM64

auths-0.1.3-cp38-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl (13.5 MB view details)

Uploaded CPython 3.8+macOS 10.12+ universal2 (ARM64, x86-64)macOS 10.12+ x86-64macOS 11.0+ ARM64

File details

Details for the file auths-0.1.3.tar.gz.

File metadata

  • Download URL: auths-0.1.3.tar.gz
  • Upload date:
  • Size: 1.5 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for auths-0.1.3.tar.gz
Algorithm Hash digest
SHA256 380c7623e74900128b162d6006ab33d2fbd1fea9f96deae153dffdf1b9602b16
MD5 0b4fb2d85fb8cc58b23f2084e95099aa
BLAKE2b-256 56f83220723239047e77e2c03a147299bbcb98d94e4d0423a92e06193491f32f

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.3.tar.gz:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.3-cp38-abi3-win_amd64.whl.

File metadata

  • Download URL: auths-0.1.3-cp38-abi3-win_amd64.whl
  • Upload date:
  • Size: 7.4 MB
  • Tags: CPython 3.8+, Windows x86-64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for auths-0.1.3-cp38-abi3-win_amd64.whl
Algorithm Hash digest
SHA256 325aa8d75358176364c9c02015581d9fb646ece37ba402ceafa739a89cf3b8e4
MD5 9e7535701543bea7d8b7e8d65999381c
BLAKE2b-256 d9ba05b39fbafbc3843939b147e7d19be0c177e6568ae36b745dcaa440a1de56

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.3-cp38-abi3-win_amd64.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.3-cp38-abi3-musllinux_1_2_x86_64.whl.

File metadata

  • Download URL: auths-0.1.3-cp38-abi3-musllinux_1_2_x86_64.whl
  • Upload date:
  • Size: 7.6 MB
  • Tags: CPython 3.8+, musllinux: musl 1.2+ x86-64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for auths-0.1.3-cp38-abi3-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 a33286bdfc13cbf840292333550c431bed3fe0bc873ea15fc0a8d90bdb0831c9
MD5 4668639ef40343ee0f0e012d808ca37a
BLAKE2b-256 37af65c85faa691adcbcaf3a942b5c15e5092c890be8f0f8983598acbe932240

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.3-cp38-abi3-musllinux_1_2_x86_64.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.3-cp38-abi3-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for auths-0.1.3-cp38-abi3-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 1850e32e822a31e6dbec42af9a2487a3fbd69876b34151fb680979c2ae166f6b
MD5 bf4a9e6700b7a4c2880cee280141b685
BLAKE2b-256 b9e78d250ffc2faad7daaab106971cb38345f5096f0912775e2bb050dd92507f

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.3-cp38-abi3-musllinux_1_2_aarch64.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.3-cp38-abi3-manylinux_2_28_x86_64.whl.

File metadata

File hashes

Hashes for auths-0.1.3-cp38-abi3-manylinux_2_28_x86_64.whl
Algorithm Hash digest
SHA256 cf3aa21feb24ea72a0c6380a7bcb6fc85e8303437952ff73ec415163625eee62
MD5 decfba198d4db2c4763dd50a89723810
BLAKE2b-256 01d24625ef2ff71bbc3c3b67c9d95d24f406e5c742daa0bd1e136b9c6d3605c6

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.3-cp38-abi3-manylinux_2_28_x86_64.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.3-cp38-abi3-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for auths-0.1.3-cp38-abi3-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 55d909ba1c41a41bc3516f93a54a4af7efbefa141f54327944c242a8b4944ee7
MD5 9844df0aff5b93787d9a8a1607d2e99d
BLAKE2b-256 af56658395ca4d099e2927ff23303e099cb2fced8a590641b4e5b940f071e202

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.3-cp38-abi3-manylinux_2_28_aarch64.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file auths-0.1.3-cp38-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl.

File metadata

File hashes

Hashes for auths-0.1.3-cp38-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl
Algorithm Hash digest
SHA256 a4df144be0b5a992f27f5c5b106627b08a6ef334adb2ed0c16396f9e95d8376e
MD5 5e2af530a291f9fac37ad1790a9b8c22
BLAKE2b-256 fc1a58bb84126caaca982ae9b5b8ee0bb69ae2597bbb4bf88b39e234da810a11

See more details on using hashes here.

Provenance

The following attestation bundles were made for auths-0.1.3-cp38-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl:

Publisher: publish-python.yml on auths-dev/auths

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page