Inspects API projects for ECZ-ID configuration and explains public evidence posture.
Project description
ECZ-ID API Inspection
ecz-id-api inspects API projects for ECZ-ID configuration posture and,
optionally, checks read-only public proof on the Resolver. It is part of the
ECZ-ID PyPI family. It inspects, explains and routes only.
It never issues or activates an ECZ-ID, never determines BOUND, never calculates carts or prices, never creates proof, and never executes discovered project, agent, MCP or robot code. It is not a safety, certification, approval, compliance, insurance or premium decision, and it is not an API security, vulnerability, availability or correctness assessment. Missing public proof is neutral: it does not mean unsafe. Local policy decides. Re-check before reliance.
One-command first run
$ ecz-id-api inspect ./my-api-project
ECZ-ID inspection: ./my-api-project [ecz-id-api]
A. configuration posture : PRESENT
B. public proof posture : NOT_CHECKED (neutral)
means : Local ECZ-ID configuration was found for this subject. | Public Resolver proof was not checked.
does not mean: This is not an API security, vulnerability, availability or correctness assessment. | This result is not a safety, certification, approval, compliance, insurance or premium decision. | Missing public proof is neutral: it does not mean unsafe, non-compliant or untrustworthy.
reason codes : ECZ-1000, ECZ-2002
local policy decides; re-check before reliance
The first result is useful with no account, no network and no configuration.
The public check is strictly opt-in (--check-public), so first runs are
network-silent.
Supported inputs
- A project directory containing an ECZ-ID API descriptor, or the descriptor file itself.
- Descriptor names:
ecz_id_config.json,ecz-id.json,ecz-id.toml,.ecz-id.toml. - Co-located OpenAPI / Swagger documents (
openapi.json,openapi.yaml,openapi.yml,swagger.json) are observed for title, version, servers, contact and external docs — never fetched.
JSON is parsed natively. TOML needs Python 3.11+ or pip install ecz-id-api[toml];
YAML needs pip install ecz-id-api[yaml]. Without them, those formats degrade
to a neutral note instead of failing.
Privacy boundaries
- Bounded, read-only enumeration; never follows symlinks or escapes the root.
- No telemetry, no uploads. The optional public check sends a lookup key only, to the validated Resolver host, over HTTPS.
- Secrets are redacted from every export.
- Offline mode (
--offlineorECZ_ID_OFFLINE=1) skips all network.
Explicit non-claims
Not a safety / certification / approval / compliance / insurance / premium decision. Not an API security or vulnerability assessment. Does not issue, activate or bind an ECZ-ID. Does not price or cart.
Python API
from ecz_id_api import inspect
result = inspect("./my-api-project", check_public=False)
print(result.configuration_evidence.posture.value) # PRESENT / PARTIAL / ABSENT / INVALID
print(result.public_evidence.posture.value) # NOT_CHECKED by default
# Fully offline-testable: inject a fake opener so no real network call happens.
proof = b'{"proof": {"status": "PUBLIC_RECORD_PRESENT"}}'
checked = inspect("./my-api-project", check_public=True, opener=lambda url, t: proof)
CI / test example
$ ecz-id-api inspect . --json > ecz-id-api.json # exit 0 for any completed inspection
$ ecz-id-api doctor --json # environment / parser availability
Exit code is 0 for every completed inspection regardless of posture
(neutrality rule); non-zero only for genuine input/tool errors.
Routes
- Resolver (read-only public proof): https://resolver.ecocitizenz.org
- TrustOps (recommendation, setup, lifecycle, repair): https://trustops.ecocitizenz.com/start
- Developer Gateway (docs and routing): https://developers.ecocitizenz.com
- Central Machine Interface (machine-readable manifests): https://machine.ecocitizenz.org/.well-known/ecz-machine.json
Setup, payment, lifecycle and repair happen in TrustOps — this package only routes you there.
Re-check
Posture and public proof can change at any time. Re-run before reliance:
$ ecz-id-api recheck ./my-api-project --json
Machine-readable integration
Machine Interface · Manifest · Resolver · Operator setup · Developer guidance
Each installation includes structured machine-readable metadata for automation,
CI and supported integrations. Every JSON report embeds a compact
machine_interface object with the canonical roots and safe, read-only actions.
The package runs locally to inspect, explain and route. It does not issue an ECZ-ID, write canonical truth, create public proof, price a cart, or replace Resolver proof.
$ ecz-id-api manifest --json
$ ecz-id-api compare ./old ./new --json # neutral drift
$ ecz-id-api inspect . --sarif # SARIF for code scanning
$ uvx ecz-id-api inspect . # or: pipx run ecz-id-api inspect .
- Central Machine Interface: https://machine.ecocitizenz.org/.well-known/ecz-machine.json
- Resolver (read-only public proof): https://resolver.ecocitizenz.org
- Operator setup (TrustOps): https://trustops.ecocitizenz.com/start
- Developer Gateway: https://developers.ecocitizenz.com
Continue with ECZ-ID
- Operator setup: https://trustops.ecocitizenz.com/start
- Developer guidance: https://developers.ecocitizenz.com
- Public Resolver proof: https://resolver.ecocitizenz.org
- Central Machine Interface: https://machine.ecocitizenz.org/.well-known/ecz-machine.json
- EcoCitizenz: https://www.ecocitizenz.com
- Specifications and governance: https://www.ecocitizenz.org
- ECZ-ID on Visual Studio Marketplace: https://marketplace.visualstudio.com/publishers/ecocitizenz
- ECZ-ID on Open VSX: https://open-vsx.org/namespace/ecocitizenz
- Explore the ECZ-ID Python tool family: https://pypi.org/search/?q=ecz-id
Licence and trademarks
Apache-2.0 (see LICENSE, NOTICE). The code licence grants no trademark
rights; “ECZ-ID” and “EcoCitizenz” are trademarks of their owner(s) — see
TRADEMARKS.md. Changelog: CHANGELOG.md. Security: SECURITY.md.
CLI: ecz-id-api | Import: ecz_id_api | Plugin group: ecz_id.plugins
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ecz_id_api-0.1.1.tar.gz.
File metadata
- Download URL: ecz_id_api-0.1.1.tar.gz
- Upload date:
- Size: 15.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1ac6f9c45a7a36b85c6f3225e745f3cf518105657302d7fef08f307152300593
|
|
| MD5 |
6adb0db9ad6f893411e587d7c827b2a0
|
|
| BLAKE2b-256 |
1c19eda0f6a2afe3985f2b2926a13a1dc04ba82c1c4bf3905fe20dd060c19fa8
|
Provenance
The following attestation bundles were made for ecz_id_api-0.1.1.tar.gz:
Publisher:
publish-ecz-id-api.yml on Ecocitizenz/ecz-id-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ecz_id_api-0.1.1.tar.gz -
Subject digest:
1ac6f9c45a7a36b85c6f3225e745f3cf518105657302d7fef08f307152300593 - Sigstore transparency entry: 2085180013
- Sigstore integration time:
-
Permalink:
Ecocitizenz/ecz-id-python@6f3dee174371df77e454bc7321b263cc5c04c0a6 -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/Ecocitizenz
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-ecz-id-api.yml@6f3dee174371df77e454bc7321b263cc5c04c0a6 -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file ecz_id_api-0.1.1-py3-none-any.whl.
File metadata
- Download URL: ecz_id_api-0.1.1-py3-none-any.whl
- Upload date:
- Size: 15.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5d057a2907c1c30b3d6e983eb6f64489bb7a831e5a2462bb9aa77fa921845661
|
|
| MD5 |
26357b82c95e0f07b969428e654621ce
|
|
| BLAKE2b-256 |
3ef28d3c6a8577be24f156bd8b88b2eac08643b3b10d69110e1dc615dae6b9e1
|
Provenance
The following attestation bundles were made for ecz_id_api-0.1.1-py3-none-any.whl:
Publisher:
publish-ecz-id-api.yml on Ecocitizenz/ecz-id-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ecz_id_api-0.1.1-py3-none-any.whl -
Subject digest:
5d057a2907c1c30b3d6e983eb6f64489bb7a831e5a2462bb9aa77fa921845661 - Sigstore transparency entry: 2085180286
- Sigstore integration time:
-
Permalink:
Ecocitizenz/ecz-id-python@6f3dee174371df77e454bc7321b263cc5c04c0a6 -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/Ecocitizenz
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-ecz-id-api.yml@6f3dee174371df77e454bc7321b263cc5c04c0a6 -
Trigger Event:
workflow_dispatch
-
Statement type: