Skip to main content

Inspects API projects for ECZ-ID configuration and explains public evidence posture.

Project description

ECZ-ID API Inspection

ecz-id-api inspects API projects for ECZ-ID configuration posture and, optionally, checks read-only public proof on the Resolver. It is part of the ECZ-ID PyPI family. It inspects, explains and routes only.

It never issues or activates an ECZ-ID, never determines BOUND, never calculates carts or prices, never creates proof, and never executes discovered project, agent, MCP or robot code. It is not a safety, certification, approval, compliance, insurance or premium decision, and it is not an API security, vulnerability, availability or correctness assessment. Missing public proof is neutral: it does not mean unsafe. Local policy decides. Re-check before reliance.

One-command first run

$ ecz-id-api inspect ./my-api-project
ECZ-ID inspection: ./my-api-project [ecz-id-api]
A. configuration posture : PRESENT
B. public proof posture  : NOT_CHECKED  (neutral)
means        : Local ECZ-ID configuration was found for this subject. | Public Resolver proof was not checked.
does not mean: This is not an API security, vulnerability, availability or correctness assessment. | This result is not a safety, certification, approval, compliance, insurance or premium decision. | Missing public proof is neutral: it does not mean unsafe, non-compliant or untrustworthy.
reason codes : ECZ-1000, ECZ-2002
local policy decides; re-check before reliance

The first result is useful with no account, no network and no configuration. The public check is strictly opt-in (--check-public), so first runs are network-silent.

Supported inputs

  • A project directory containing an ECZ-ID API descriptor, or the descriptor file itself.
  • Descriptor names: ecz_id_config.json, ecz-id.json, ecz-id.toml, .ecz-id.toml.
  • Co-located OpenAPI / Swagger documents (openapi.json, openapi.yaml, openapi.yml, swagger.json) are observed for title, version, servers, contact and external docs — never fetched.

JSON is parsed natively. TOML needs Python 3.11+ or pip install ecz-id-api[toml]; YAML needs pip install ecz-id-api[yaml]. Without them, those formats degrade to a neutral note instead of failing.

Privacy boundaries

  • Bounded, read-only enumeration; never follows symlinks or escapes the root.
  • No telemetry, no uploads. The optional public check sends a lookup key only, to the validated Resolver host, over HTTPS.
  • Secrets are redacted from every export.
  • Offline mode (--offline or ECZ_ID_OFFLINE=1) skips all network.

Explicit non-claims

Not a safety / certification / approval / compliance / insurance / premium decision. Not an API security or vulnerability assessment. Does not issue, activate or bind an ECZ-ID. Does not price or cart.

Python API

from ecz_id_api import inspect

result = inspect("./my-api-project", check_public=False)
print(result.configuration_evidence.posture.value)   # PRESENT / PARTIAL / ABSENT / INVALID
print(result.public_evidence.posture.value)           # NOT_CHECKED by default

# Fully offline-testable: inject a fake opener so no real network call happens.
proof = b'{"proof": {"status": "PUBLIC_RECORD_PRESENT"}}'
checked = inspect("./my-api-project", check_public=True, opener=lambda url, t: proof)

CI / test example

$ ecz-id-api inspect . --json > ecz-id-api.json   # exit 0 for any completed inspection
$ ecz-id-api doctor --json                          # environment / parser availability

Exit code is 0 for every completed inspection regardless of posture (neutrality rule); non-zero only for genuine input/tool errors.

Routes

Setup, payment, lifecycle and repair happen in TrustOps — this package only routes you there.

Re-check

Posture and public proof can change at any time. Re-run before reliance:

$ ecz-id-api recheck ./my-api-project --json

Machine-readable integration

Machine Interface · Manifest · Resolver · Operator setup · Developer guidance

Each installation includes structured machine-readable metadata for automation, CI and supported integrations. Every JSON report embeds a compact machine_interface object with the canonical roots and safe, read-only actions.

The package runs locally to inspect, explain and route. It does not issue an ECZ-ID, write canonical truth, create public proof, price a cart, or replace Resolver proof.

$ ecz-id-api manifest --json
$ ecz-id-api compare ./old ./new --json    # neutral drift
$ ecz-id-api inspect . --sarif             # SARIF for code scanning
$ uvx ecz-id-api inspect .                 # or: pipx run ecz-id-api inspect .

Continue with ECZ-ID

Licence and trademarks

Apache-2.0 (see LICENSE, NOTICE). The code licence grants no trademark rights; “ECZ-ID” and “EcoCitizenz” are trademarks of their owner(s) — see TRADEMARKS.md. Changelog: CHANGELOG.md. Security: SECURITY.md.

CLI: ecz-id-api  |  Import: ecz_id_api  |  Plugin group: ecz_id.plugins

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ecz_id_api-0.1.1.tar.gz (15.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ecz_id_api-0.1.1-py3-none-any.whl (15.3 kB view details)

Uploaded Python 3

File details

Details for the file ecz_id_api-0.1.1.tar.gz.

File metadata

  • Download URL: ecz_id_api-0.1.1.tar.gz
  • Upload date:
  • Size: 15.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for ecz_id_api-0.1.1.tar.gz
Algorithm Hash digest
SHA256 1ac6f9c45a7a36b85c6f3225e745f3cf518105657302d7fef08f307152300593
MD5 6adb0db9ad6f893411e587d7c827b2a0
BLAKE2b-256 1c19eda0f6a2afe3985f2b2926a13a1dc04ba82c1c4bf3905fe20dd060c19fa8

See more details on using hashes here.

Provenance

The following attestation bundles were made for ecz_id_api-0.1.1.tar.gz:

Publisher: publish-ecz-id-api.yml on Ecocitizenz/ecz-id-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ecz_id_api-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: ecz_id_api-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 15.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for ecz_id_api-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 5d057a2907c1c30b3d6e983eb6f64489bb7a831e5a2462bb9aa77fa921845661
MD5 26357b82c95e0f07b969428e654621ce
BLAKE2b-256 3ef28d3c6a8577be24f156bd8b88b2eac08643b3b10d69110e1dc615dae6b9e1

See more details on using hashes here.

Provenance

The following attestation bundles were made for ecz_id_api-0.1.1-py3-none-any.whl:

Publisher: publish-ecz-id-api.yml on Ecocitizenz/ecz-id-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page