LangChain tools for Bolyra mutual ZKP authentication and SD-JWT delegation
Project description
Bolyra LangChain Integration
LangChain tools for Bolyra mutual ZKP authentication and SD-JWT delegation.
Status: Alpha / Developer preview. Three tools as proper BaseTool subclasses.
Install
pip install bolyra-langchain
For ZKP-based auth (BolyraAuthTool, BolyraDelegateTool), also install:
npm install @bolyra/sdk && npx bolyra setup # circuit artifacts
SD-JWT auth (BolyraSDJWTTool) requires no Node.js.
Quick Start
SD-JWT Delegation (No ZKP, No Node.js)
from bolyra_langchain import BolyraSDJWTTool
from langchain.agents import create_react_agent, AgentExecutor
# Dev mode -- auto-generates test credentials
sd_jwt_tool = BolyraSDJWTTool()
# Use in a LangChain agent
tools = [sd_jwt_tool]
agent = create_react_agent(llm, tools, prompt)
executor = AgentExecutor(agent=agent, tools=tools)
result = executor.invoke({"input": "Authorize a $50 purchase at shop.example.com"})
ZKP Mutual Authentication
from bolyra_langchain import BolyraAuthTool
# Dev mode (fixed-seed dev identities -- never for production)
auth_tool = BolyraAuthTool()
# Production mode
auth_tool = BolyraAuthTool(
agent_model_hash="gpt-4o",
operator_key="0xdeadbeef...",
permissions=["read_data", "write_data"],
human_secret=12345,
)
result = auth_tool.invoke({
"scope": "my-app",
"required_permissions": ["read_data"],
})
ZKP Delegation
from bolyra_langchain import BolyraDelegateTool
delegate = BolyraDelegateTool(
agent_permissions=["read_data", "write_data", "financial_small"],
)
result = delegate.invoke({
"delegatee_id": "0xabc123...",
"permissions": ["read_data"],
"session_nonce": "nonce-from-handshake",
"scope_commitment": "commitment-from-handshake",
})
Session-Managed Chain
from bolyra_langchain import BolyraAuthTool, BolyraDelegateTool, BolyraSession
auth = BolyraAuthTool(permissions=["read_data", "write_data"])
delegate = BolyraDelegateTool(agent_permissions=["read_data", "write_data"])
session = BolyraSession(auth_tool=auth, delegate_tool=delegate)
# Authenticate first
auth_result = session.authenticate(scope="my-app")
# Delegate -- session_nonce and scope_commitment auto-injected
del_result = session.delegate(
delegatee_id="0xabc...",
permissions=["read_data"],
)
Tools
| Tool | Path | Requires Node.js | Description |
|---|---|---|---|
BolyraAuthTool |
ZKP | Yes | Mutual ZKP handshake authentication |
BolyraDelegateTool |
ZKP | Yes | Scoped ZKP permission delegation |
BolyraSDJWTTool |
SD-JWT | No | Lightweight SD-JWT delegation |
All tools subclass langchain_core.tools.BaseTool and work with create_react_agent, AgentExecutor, LCEL chains, and LangGraph.
Dev Mode
When no keys are provided, tools auto-generate test credentials:
BolyraAuthTool: uses fixed-seed dev identities (deterministic)BolyraSDJWTTool: generates fresh Ed25519 keypairs per instance
Dev mode is never for production. In production, provide explicit operator keys, human secrets, or issuer keys.
Non-Monorepo Setup
If using bolyra from PyPI (not the monorepo), set the Node.js SDK path:
export BOLYRA_NODE_SDK_PATH=/path/to/node_modules/@bolyra/sdk
Or via config:
from bolyra.types import BolyraConfig
config = BolyraConfig(node_sdk_path="/path/to/node_modules/@bolyra/sdk")
Architecture
integrations/langchain/
pyproject.toml # bolyra-langchain package
README.md
bolyra_langchain/
__init__.py # Public API
auth_tool.py # BolyraAuthTool(BaseTool)
delegate_tool.py # BolyraDelegateTool(BaseTool)
sd_jwt_tool.py # BolyraSDJWTTool(BaseTool)
session.py # BolyraSession
types.py # AuthResult, DelegationResult, SDJWTResult
_compat.py # LangChain version shims
tests/
test_auth_tool.py
test_delegate_tool.py
test_sd_jwt_tool.py
test_session.py
The SD-JWT module lives in the core bolyra SDK at sdk-python/bolyra/sd_jwt.py and is re-used by both the LangChain and CrewAI integrations.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bolyra_langchain-0.1.0.tar.gz.
File metadata
- Download URL: bolyra_langchain-0.1.0.tar.gz
- Upload date:
- Size: 19.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
67dad7a17387ca2caf8c84a3e083a34b9cca4396dda5f9f0c9d8323edd69eb34
|
|
| MD5 |
cce5cc14d24689daabe84d7bd293e22f
|
|
| BLAKE2b-256 |
0a5f7e3aab4fe6162f4fe2fff173369bf8f292e565bf802e3d13babfe00cec18
|
Provenance
The following attestation bundles were made for bolyra_langchain-0.1.0.tar.gz:
Publisher:
release.yml on bolyra/bolyra
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
bolyra_langchain-0.1.0.tar.gz -
Subject digest:
67dad7a17387ca2caf8c84a3e083a34b9cca4396dda5f9f0c9d8323edd69eb34 - Sigstore transparency entry: 1874401310
- Sigstore integration time:
-
Permalink:
bolyra/bolyra@7b588ccd75d08c268327010a642ade543e811d36 -
Branch / Tag:
refs/tags/bolyra-langchain@0.1.0 - Owner: https://github.com/bolyra
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@7b588ccd75d08c268327010a642ade543e811d36 -
Trigger Event:
push
-
Statement type:
File details
Details for the file bolyra_langchain-0.1.0-py3-none-any.whl.
File metadata
- Download URL: bolyra_langchain-0.1.0-py3-none-any.whl
- Upload date:
- Size: 14.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9596f5efe024e06a4cba94d02105d29f7b7c23d5b1364c0b9ad2cc92636a17b5
|
|
| MD5 |
4c1b72f738f52b7ad93e161b09ae4e20
|
|
| BLAKE2b-256 |
fbc5043d1e3acec965a09937a181bba8ac3c4b485abc5059f9a900e89ec0a0ea
|
Provenance
The following attestation bundles were made for bolyra_langchain-0.1.0-py3-none-any.whl:
Publisher:
release.yml on bolyra/bolyra
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
bolyra_langchain-0.1.0-py3-none-any.whl -
Subject digest:
9596f5efe024e06a4cba94d02105d29f7b7c23d5b1364c0b9ad2cc92636a17b5 - Sigstore transparency entry: 1874401345
- Sigstore integration time:
-
Permalink:
bolyra/bolyra@7b588ccd75d08c268327010a642ade543e811d36 -
Branch / Tag:
refs/tags/bolyra-langchain@0.1.0 - Owner: https://github.com/bolyra
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@7b588ccd75d08c268327010a642ade543e811d36 -
Trigger Event:
push
-
Statement type: