Post-quantum cryptographic identity for AI agents
Project description
cordprotocol
Post-quantum cryptographic identity for AI agents — Python SDK
Cord Protocol gives every AI agent a cryptographically signed identity credential so that tools, services, and other agents can verify who is calling before acting. The Python SDK is a first-class implementation designed for developers building LangChain, AutoGen, and CrewAI agents.
TypeScript developer?
The JavaScript/TypeScript SDK is@cordprotocol/sdkon npm.
Both SDKs share the same credential schema, so credentials are mutually inspectable across languages.
Installation
pip install cordprotocol
Requires Python 3.9+ and depends only on cryptography and pydantic.
Quick start
from cordprotocol import generate_keypair, issue_credential, verify_credential, SCOPES
# Generate an issuer keypair (generate once, store securely)
kp = generate_keypair()
# Issue a signed credential for an agent
cred = issue_credential(
agent_id="my-agent-001",
issued_to="acme-corp",
permissions=[SCOPES.READ, SCOPES.EXECUTE],
expires_in="24h",
private_key=kp.private_key,
)
# Verify it
result = verify_credential(cred)
assert result.valid
print(result.credential.agent_id) # "my-agent-001"
API reference
generate_keypair(backend=None) -> KeyPair
Generate a new cryptographic keypair.
from cordprotocol import generate_keypair
kp = generate_keypair()
print(kp.algorithm) # "Ed25519"
print(kp.public_key) # base64-encoded public key
print(kp.private_key) # base64-encoded private key (keep secret)
| Field | Type | Description |
|---|---|---|
private_key |
str |
Base64-encoded private key |
public_key |
str |
Base64-encoded public key |
algorithm |
str |
Algorithm identifier, e.g. "Ed25519" |
issue_credential(...) -> AgentCredential
Issue a signed identity credential for an AI agent.
from cordprotocol import issue_credential, SCOPES
cred = issue_credential(
agent_id="langchain-prod-001", # unique agent identifier
issued_to="acme-corp", # recipient (user, org, etc.)
permissions=[SCOPES.READ, SCOPES.WRITE],
expires_in="7d", # "30m" | "24h" | "7d" | "30d" …
private_key=kp.private_key,
attestation_hash=None, # optional SHA-256 of audit doc
)
| Parameter | Type | Description |
|---|---|---|
agent_id |
str |
Unique identifier for the agent |
issued_to |
str |
Entity receiving the credential |
permissions |
List[str] |
Permission scopes (see SCOPES) |
expires_in |
str |
Duration: m minutes, h hours, d days |
private_key |
str |
Base64-encoded issuer private key |
attestation_hash |
Optional[str] |
SHA-256 hash of an attestation document |
verify_credential(credential, backend=None) -> VerificationResult
Verify a credential's signature and expiry.
from cordprotocol import verify_credential
result = verify_credential(cred)
if result.valid:
print(f"Agent {result.credential.agent_id} verified")
else:
print(f"Rejected: {result.error}")
| Field | Type | Description |
|---|---|---|
valid |
bool |
True if signature and expiry are OK |
error |
Optional[str] |
Reason for failure when valid=False |
credential |
Optional[AgentCredential] |
The credential on success |
is_expired(credential) -> bool
from cordprotocol import is_expired
print(is_expired(cred)) # False (for a freshly issued credential)
has_permission(credential, scope) -> bool
from cordprotocol import has_permission, SCOPES
print(has_permission(cred, SCOPES.WRITE)) # True | False
SCOPES
Standard permission scopes, compatible with the TypeScript SDK:
| Constant | Value | Purpose |
|---|---|---|
SCOPES.READ |
"read:data" |
Read access to data sources |
SCOPES.WRITE |
"write:data" |
Write / mutate data |
SCOPES.EXECUTE |
"execute:actions" |
Trigger external actions |
SCOPES.COMMUNICATE |
"communicate:agents" |
Talk to other agents |
SCOPES.SPEND |
"spend:budget" |
Authorise spending operations |
AgentCredential
Pydantic model — schema identical to the TypeScript AgentCredential.
| Field | Type | Description |
|---|---|---|
id |
str |
UUID v4 |
agent_id |
str |
Agent identifier |
issued_to |
str |
Recipient |
issued_at |
datetime |
UTC issue time |
expires_at |
datetime |
UTC expiry time |
permissions |
List[str] |
Granted scopes |
attestation_hash |
Optional[str] |
Optional audit hash |
issuer_public_key |
str |
Base64 public key |
signature |
str |
Base64 signature |
Serialisation helpers: .to_dict(), .from_dict(), .to_json(), .from_json().
Integration examples
LangChain
from cordprotocol import generate_keypair, issue_credential, verify_credential, SCOPES
ISSUER_KP = generate_keypair() # generate once, store in your KMS
def make_agent_credential(agent_id: str):
return issue_credential(
agent_id=agent_id,
issued_to="langchain-runtime",
permissions=[SCOPES.READ, SCOPES.EXECUTE],
expires_in="1h",
private_key=ISSUER_KP.private_key,
)
class CordProtectedTool(BaseTool): # from langchain.tools
name = "my_tool"
description = "..."
def __init__(self, credential):
super().__init__()
self.credential = credential
def _run(self, query: str) -> str:
result = verify_credential(self.credential)
if not result.valid:
raise PermissionError(f"Identity check failed: {result.error}")
if not has_permission(self.credential, SCOPES.READ):
raise PermissionError("Missing read:data permission")
# ... your tool logic here
See examples/langchain_example.py for the full runnable demo.
CrewAI
from cordprotocol import generate_keypair, issue_credential, SCOPES
registry_kp = generate_keypair()
def register_crew_agent(agent_id: str, permissions: list):
return issue_credential(
agent_id=agent_id,
issued_to="crewai-runtime",
permissions=permissions,
expires_in="2h",
private_key=registry_kp.private_key,
)
See examples/crewai_example.py for the full trust-registry pattern.
CLI
# Generate a keypair
cord keygen
# Issue a credential
cord issue \
--agent-id my-agent \
--issued-to acme \
--permissions read:data,write:data \
--expires-in 24h \
--private-key <base64-private-key>
# Verify a saved credential
cord verify credential.json
Post-quantum roadmap
The SDK is designed for a seamless upgrade to CRYSTALS-Dilithium (NIST PQC standard). Every location that needs to change is marked with [PQ SWAP POINT] in the source. The swap requires changing one line:
# cordprotocol/crypto/signatures.py
default_backend: CryptoBackend = DilithiumBackend() # was Ed25519Backend()
No changes are needed in application code.
Links
- Website: cordprotocol.dev
- npm package:
@cordprotocol/sdk - Issues: GitHub Issues
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cordprotocol-0.1.0.tar.gz.
File metadata
- Download URL: cordprotocol-0.1.0.tar.gz
- Upload date:
- Size: 20.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ec961c0157e10697157627bc0e9af6a9ef31bcd25cde1aadf987c4bea7a7f93b
|
|
| MD5 |
284ee9ea09a62a4ee145af8a1a1b72c1
|
|
| BLAKE2b-256 |
7dc9157a51ba44f93e6cf3e5964df2b9ca2cd4f69ef1e735d7ae8c95f463e939
|
File details
Details for the file cordprotocol-0.1.0-py3-none-any.whl.
File metadata
- Download URL: cordprotocol-0.1.0-py3-none-any.whl
- Upload date:
- Size: 13.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f610025bd94a33f8c042c36099ee8139b218232da3b703f4630fad2fa15c289d
|
|
| MD5 |
956ed05d4152cf992cb7eaab028f546e
|
|
| BLAKE2b-256 |
952b1a4a5b62affe5889df27d9054a7905411df0a52a725ae7029f8430d11518
|
