Skip to main content

Clay Seal layer 1 — attested agent identity and Biscuit capability tokens

Project description

Clay Seal Identity

Clay Seal logo

Clay Seal Identity is layer 1 of Clay Seal: cryptographically attested identity for autonomous agents. The package is published as clayseal-identity and imports from clayseal.identity.

Use this repo when you need to answer:

  • Which agent is acting?
  • Which human or service principal delegated that action?
  • Is the credential short-lived, signed, and bound to the holder key?
  • Can downstream systems verify the identity offline?

Current State

Implemented today:

  • JWT-SVID-style agent credentials signed with RS256 for broad federation compatibility.
  • Ed25519 workload keys for sender-constraining (cnf.jkt) and offline proof-of-possession.
  • SPIFFE-shaped agent identifiers and trust domains.
  • Proof-of-possession confirmation claims for replay resistance.
  • Biscuit primitives for native Clay Seal capability facts.
  • A Python SDK centered on ClaySeal.
  • An optional FastAPI identity service for centralized issuance and validation.
  • SQLite-by-default development storage and Postgres-ready production storage.
  • Alembic migrations, API-key hardening, and optional KMS envelope encryption.

Attestation model — please read. The node/workload attestation in this repo is a prototype stand-in for SPIRE: the backend trusts an RSA anchor an operator registers out-of-band and does not yet verify live Kubernetes/AWS/GCP node evidence. Treat it as bring-your-own-attestation and front issuance with a real SPIRE agent in production. Details: docs/THREAT_MODEL.md.

Layer 1 deliberately does not issue action-scoped commit tokens or write execution receipts. Those live in the sibling layers:

Layer Repository Purpose
L1 this repo Agent identity and credential issuance
L2 Clay Seal Capabilities (private preview) Commit tokens, mandates, leases, budgets
L3 Clay Seal Receipts (private preview) Verifiable execution receipts and audit

This package stands alone: it has no dependency on the other layers, and every runtime dependency resolves from public PyPI.

Install

The client SDK (clayseal.identity) is intentionally lightweight:

pip install clayseal-identity

To also run the bundled FastAPI identity service, add the server extra (pulls in FastAPI, SQLAlchemy, the Postgres driver, and Alembic); kms adds the AWS KMS provider:

pip install "clayseal-identity[server]"
pip install "clayseal-identity[server,kms]"

From source (development)

git clone https://github.com/clayseal/clayseal-identity.git
cd clayseal-identity
python -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"                 # client + server + test/lint/type tooling
pytest backend/tests sdk/python/tests -q
python examples/01_quickstart.py

Or run scripts/bootstrap.sh, which performs the steps above.

Quickstart

The fastest path is the zero-config embedded demo. It starts a throwaway local identity service, creates a tenant, identifies an agent, validates the token, and revokes it:

python examples/01_quickstart.py
python examples/02_capabilities.py

Inspect and lint agent tokens from the terminal:

clayseal-identity explain token.jwt
clayseal-identity lint token.jwt
clayseal-identity whoami token.jwt
clayseal-identity diff-token before.jwt after.jwt
clayseal-identity doctor --token token.jwt --jwks jwks.json --issuer clayseal.io --audience acme
clayseal-identity preflight http://localhost:8000/tool
clayseal-identity scan-mcp mcp-config.json
clayseal-identity generate fastapi
clayseal-identity replay-lab

The current SDK flow is service-backed: create or point at a tenant, then call identify. dev_attestation=True is only for localhost demos/tests; production callers pass a platform-issued attestation document.

from clayseal.identity import ClaySeal

tenant = ClaySeal.create_tenant("Acme AI", base_url="http://localhost:8000")
auth = ClaySeal(
    api_key=tenant["api_key"],
    base_url="http://localhost:8000",
    dev_attestation=True,  # localhost demos/tests only
)

session = auth.identify(
    agent_type="researcher",
    owner="alice@example.org",
    capabilities=[{"resource": "repo", "action": "read"}],
)

claims = session.validate().claims
assert claims["sub"].startswith("spiffe://")

Hosted Service

Run the local FastAPI service:

uvicorn clayseal.backend.main:app --reload

Production deployments should run behind TLS, pin issuer and audience, use Postgres, run Alembic migrations before deploy, and store signing material in a KMS or equivalent key-management system.

Privacy and Data Handling

Layer 1 stores and processes identity metadata: agent IDs, trust domains, principals, credential timestamps, public keys, and operational audit metadata. Private keys, persisted agent certificates, admin API keys, and database credentials are secrets.

Read docs/PRIVACY.md before integrating with production user or employee data.

Documentation

Compatibility Note

The public brand is Clay Seal. The package names and import paths intentionally remain clayseal-* / clayseal.* for now so existing integrations keep working.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

clayseal_identity-0.5.0.tar.gz (884.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

clayseal_identity-0.5.0-py3-none-any.whl (112.9 kB view details)

Uploaded Python 3

File details

Details for the file clayseal_identity-0.5.0.tar.gz.

File metadata

  • Download URL: clayseal_identity-0.5.0.tar.gz
  • Upload date:
  • Size: 884.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for clayseal_identity-0.5.0.tar.gz
Algorithm Hash digest
SHA256 e8a8ca931543fdec96f1c76839d65063e23fc99cf93d0e7c3ac1895db71b9d56
MD5 92dddac52c99581e4f1e919de56044b7
BLAKE2b-256 4239aba2b089f00f642dccea381dfc038e64f8fab2cb6a6456ba7857c55d8b81

See more details on using hashes here.

Provenance

The following attestation bundles were made for clayseal_identity-0.5.0.tar.gz:

Publisher: release.yml on clayseal/clayseal-identity

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file clayseal_identity-0.5.0-py3-none-any.whl.

File metadata

File hashes

Hashes for clayseal_identity-0.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d449ae5cb6f06210378cb32fd8ffcf190b1a603264a8d725934b0d4827a4b879
MD5 46f45478549140a523f80dedebd3cca3
BLAKE2b-256 c68ac7ad5ad5af40e170e7aac9dba871a5c75af8f40721668b7cb046c0833617

See more details on using hashes here.

Provenance

The following attestation bundles were made for clayseal_identity-0.5.0-py3-none-any.whl:

Publisher: release.yml on clayseal/clayseal-identity

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page