Skip to main content

Inspects API projects for ECZ-ID configuration and explains public evidence posture.

Project description

ECZ-ID API Inspection

ecz-id-api inspects API projects for ECZ-ID configuration posture and, optionally, checks read-only public proof on the Resolver. It is part of the ECZ-ID PyPI family. It inspects, explains and routes only.

It never issues or activates an ECZ-ID, never determines BOUND, never calculates carts or prices, never creates proof, and never executes discovered project, agent, MCP or robot code. It is not a safety, certification, approval, compliance, insurance or premium decision, and it is not an API security, vulnerability, availability or correctness assessment. Missing public proof is neutral: it does not mean unsafe. Local policy decides. Re-check before reliance.

One-command first run

$ ecz-id-api inspect ./my-api-project
ECZ-ID inspection: ./my-api-project [ecz-id-api]
A. configuration posture : PRESENT
B. public proof posture  : NOT_CHECKED  (neutral)
means        : Local ECZ-ID configuration was found for this subject. | Public Resolver proof was not checked.
does not mean: This is not an API security, vulnerability, availability or correctness assessment. | This result is not a safety, certification, approval, compliance, insurance or premium decision. | Missing public proof is neutral: it does not mean unsafe, non-compliant or untrustworthy.
reason codes : ECZ-1000, ECZ-2002
local policy decides; re-check before reliance

The first result is useful with no account, no network and no configuration. The public check is strictly opt-in (--check-public), so first runs are network-silent.

Supported inputs

  • A project directory containing an ECZ-ID API descriptor, or the descriptor file itself.
  • Descriptor names: ecz_id_config.json, ecz-id.json, ecz-id.toml, .ecz-id.toml.
  • Co-located OpenAPI / Swagger documents (openapi.json, openapi.yaml, openapi.yml, swagger.json) are observed for title, version, servers, contact and external docs — never fetched.

JSON is parsed natively. TOML needs Python 3.11+ or pip install ecz-id-api[toml]; YAML needs pip install ecz-id-api[yaml]. Without them, those formats degrade to a neutral note instead of failing.

Privacy boundaries

  • Bounded, read-only enumeration; never follows symlinks or escapes the root.
  • No telemetry, no uploads. The optional public check sends a lookup key only, to the validated Resolver host, over HTTPS.
  • Secrets are redacted from every export.
  • Offline mode (--offline or ECZ_ID_OFFLINE=1) skips all network.

Explicit non-claims

Not a safety / certification / approval / compliance / insurance / premium decision. Not an API security or vulnerability assessment. Does not issue, activate or bind an ECZ-ID. Does not price or cart.

Python API

from ecz_id_api import inspect

result = inspect("./my-api-project", check_public=False)
print(result.configuration_evidence.posture.value)   # PRESENT / PARTIAL / ABSENT / INVALID
print(result.public_evidence.posture.value)           # NOT_CHECKED by default

# Fully offline-testable: inject a fake opener so no real network call happens.
proof = b'{"proof": {"status": "PUBLIC_RECORD_PRESENT"}}'
checked = inspect("./my-api-project", check_public=True, opener=lambda url, t: proof)

CI / test example

$ ecz-id-api inspect . --json > ecz-id-api.json   # exit 0 for any completed inspection
$ ecz-id-api doctor --json                          # environment / parser availability

Exit code is 0 for every completed inspection regardless of posture (neutrality rule); non-zero only for genuine input/tool errors.

Routes

Setup, payment, lifecycle and repair happen in TrustOps — this package only routes you there.

Re-check

Posture and public proof can change at any time. Re-run before reliance:

$ ecz-id-api recheck ./my-api-project --json

Machine Interface & Quiet manifest

Machine Interface · Manifest · Resolve · Operator Setup · Developer Guidance

Every install ships a public-safe ecz_quiet_machine_interface.json, and every JSON report embeds a compact machine_interface object with the canonical roots and safe actions (it exposes the interface and protects the playbook).

$ ecz-id-api manifest --json
$ ecz-id-api compare ./old ./new --json    # neutral drift
$ ecz-id-api inspect . --sarif             # SARIF for code scanning
$ uvx ecz-id-api inspect .                 # or: pipx run ecz-id-api inspect .

Licence and trademarks

Apache-2.0 (see LICENSE, NOTICE). The code licence grants no trademark rights; “ECZ-ID” and “EcoCitizenz” are trademarks of their owner(s) — see TRADEMARKS.md. Changelog: CHANGELOG.md. Security: SECURITY.md.

CLI: ecz-id-api  |  Import: ecz_id_api  |  Plugin group: ecz_id.plugins

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ecz_id_api-0.1.0.tar.gz (15.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ecz_id_api-0.1.0-py3-none-any.whl (15.0 kB view details)

Uploaded Python 3

File details

Details for the file ecz_id_api-0.1.0.tar.gz.

File metadata

  • Download URL: ecz_id_api-0.1.0.tar.gz
  • Upload date:
  • Size: 15.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for ecz_id_api-0.1.0.tar.gz
Algorithm Hash digest
SHA256 c681841ec1fabdedcfd90fea65e3c11031255a6a903dd3c3131da986665d1187
MD5 f72a434b78b126d9beda01028b5719e8
BLAKE2b-256 02a40c7a7ac7342775ff90761584c9e97f01cd6abf27dc1152e7e95afdcf2033

See more details on using hashes here.

Provenance

The following attestation bundles were made for ecz_id_api-0.1.0.tar.gz:

Publisher: publish-ecz-id-api.yml on Ecocitizenz/ecz-id-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ecz_id_api-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: ecz_id_api-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 15.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for ecz_id_api-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 682cdb70f292e85c0bc40d9c987d045e8a4b2229531bf7c6c564a5fd893f7a80
MD5 519c3b87274acc71f30493f45bed68fb
BLAKE2b-256 ac280a6eddc0695d452aa4550bafd08cecd617b2c0c72e7f62bb357f3665fb4f

See more details on using hashes here.

Provenance

The following attestation bundles were made for ecz_id_api-0.1.0-py3-none-any.whl:

Publisher: publish-ecz-id-api.yml on Ecocitizenz/ecz-id-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page