Python SDK for Cullis — federated agent-trust network. E2E-encrypted agent↔agent messaging, x509 mutual auth, DPoP-bound tokens.
Project description
cullis-sdk
Python SDK for the Cullis federated agent-trust network.
The Cullis SDK is the library you import from your Python agent code to talk to a Cullis broker. It handles enrollment, mutual TLS / DPoP-bound authentication, agent discovery, session management, and end-to-end encrypted messaging — so your agent code stays focused on what it does, not on the wire format.
The SDK is one of three Python distributions in the Cullis monorepo:
| Distribution | Purpose |
|---|---|
cullis-sdk |
Library you import cullis_sdk from your agent code (this one). |
cullis-connector |
End-user MCP server bridging Claude Code / Cursor / etc. |
mcp-proxy |
Org-level gateway (deployed as a container, not pip-installed). |
Install
pip install cullis-sdk
Python 3.10+ required.
For SPIFFE workload-API integration (enroll an agent using its SPIRE-issued SVID), install the optional extra:
pip install 'cullis-sdk[spiffe]'
Quick start
from cullis_sdk import CullisClient
with CullisClient("https://broker.example.com") as client:
client.login(
agent_id="myorg::reporter",
org_id="myorg",
cert_path="reporter.crt",
key_path="reporter.key",
)
agents = client.discover(capabilities=["order.write"])
target = agents[0]
session = client.open_session(
target.agent_id, target.org_id, ["order.write"],
)
client.send(
session_id=session,
from_agent="myorg::reporter",
payload={"text": "Place order #42"},
to_agent=target.agent_id,
)
The SDK does the heavy lifting: x509 mutual TLS to the broker, DPoP-bound bearer tokens for replay protection, ECDH key agreement for end-to-end encryption to the recipient agent, and (on receive) hash-chain verification of the per-org audit log.
Architecture
┌──────────┐ mTLS + DPoP ┌──────────┐ mTLS + DPoP ┌──────────┐
│ Agent A │───────────────▶│ Broker │◀──────────────│ Agent B │
│ (cullis- │ │ (Cullis │ │ (cullis- │
│ sdk) │ │ Site) │ │ sdk) │
└──────────┘ └──────────┘ └──────────┘
│ ▲
└─── E2E-encrypted payload (ECDH, broker can't read) ───┘
The broker authenticates both endpoints, routes messages, and appends a tamper-evident hash-chain entry per send. It never sees the cleartext payload.
Documentation
- Repository: https://github.com/cullis-security/cullis
- Site: https://cullis.io
- Issues: https://github.com/cullis-security/cullis/issues
- Quickstart: https://cullis.io/docs/quickstart/getting-started/
License
Functional Source License 1.1 with Apache-2.0 future grant
(LICENSE).
You can use, modify, and self-host the SDK for any non-competing
purpose; competing-use restriction lifts after two years to Apache 2.0.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cullis_sdk-0.1.2.tar.gz.
File metadata
- Download URL: cullis_sdk-0.1.2.tar.gz
- Upload date:
- Size: 53.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
60bda898901990a1209c38b433e7e5f8da792256887ed53706eb564c56ef1f05
|
|
| MD5 |
78e89960864e4c8bd752fd2954aaaa04
|
|
| BLAKE2b-256 |
252ad44204cd76efe34fe95676d23536de58fc297ff00e4e89265414c37151f9
|
File details
Details for the file cullis_sdk-0.1.2-py3-none-any.whl.
File metadata
- Download URL: cullis_sdk-0.1.2-py3-none-any.whl
- Upload date:
- Size: 60.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ca08198e5ad323da59265e9964f61a2c7434a2fd0c761a06139c2e5484a184d3
|
|
| MD5 |
91beff4925565eab1339c4c05cfffb82
|
|
| BLAKE2b-256 |
61e754f5457d26b57757fdac40763fb32eb985d13ec244c5dafbefdeebfe8e0f
|
