Skip to main content

Handshake Prompt Protocol - grant AI Agents access to web services via a single copy-paste prompt

Project description

handshake-prompt (Python Server SDK)

Server-side SDK for the Handshake Prompt Protocol (HPP) — a lightweight way to grant any AI Agent access to your web service via a single copy-paste prompt. No API keys, no MCP servers, no env vars for end users.

Install

pip install handshake-prompt

Quick start (Flask)

from flask import Flask
from flask_sock import Sock
from handshake_prompt import HandshakeManager

app  = Flask(__name__)
sock = Sock(app)
hm   = HandshakeManager(app, sock)   # done! HPP endpoints are now mounted.

if __name__ == '__main__':
    app.run(port=5000)

That's it. Your service now exposes:

Endpoint Method Purpose
/handshake/session POST Browser creates a handshake session
/handshake/context/<sid> GET Agent reads current state (token-auth)
/handshake/action/<sid> POST Agent submits actions (token-auth)
/handshake/notify/<sid> POST Browser reports user edits
/handshake/diff/<sid> GET Agent fetches incremental changes
/ws/handshake/<sid> WS Real-time push channel (token-auth)

Build a handshake prompt

prompt_text = hm.build_prompt(session, base_url='https://your-service.com')
# Display this text in the UI, let user copy-paste it to their Agent.

Configure schema

Schemas describe what fields the Agent should fill. Sent by the browser when creating a session:

{
  "mode": "form-fill",
  "schema": [
    {"key": "name",  "label": "Name",  "type": "string", "required": true, "example": "Alice"},
    {"key": "age",   "label": "Age",   "type": "int",    "example": 30},
    {"key": "vip",   "label": "VIP",   "type": "bool"}
  ],
  "context": {}    // current state, used by browser to pre-populate
}

Supported types: string / int / float / bool / datetime / array<string> / enum. Custom validators can be plugged in via HandshakeManager(validator=...).

Hooks

Attach custom logic at key lifecycle points:

@hm.on_create_session
def bind_owner(sess, request):
    """Bind a session to the current logged-in user"""
    from flask import session as flask_session
    sess.owner = flask_session.get('user_id')

@hm.on_action
def audit(sess, action, request):
    """Audit every action; return False to veto"""
    print(f'[AUDIT] sid={sess.sid} user={sess.owner} action={action}')

@hm.on_done
def notify_done(sess, applied, rejected, errors):
    """Called after each batch of actions"""
    pass

Browser auth for /notify

By default /notify/<sid> accepts any request (it's only used by browsers within the same origin). For stricter setups, supply a callable:

def my_auth(request, sess):
    return flask_session.get('user_id') == sess.owner

hm = HandshakeManager(app, sock, require_browser_auth=my_auth)

Security defaults

  • Token entropy: 192 bits (secrets.token_urlsafe(24))
  • Session ID entropy: 128 bits (secrets.token_hex(16))
  • Timing-safe comparison: secrets.compare_digest
  • TTL: 30 minutes default
  • Rate limit: 60 requests / minute / session
  • User-data protection: AI cannot overwrite fields marked by=user or by=user_edit
  • WebSocket auth: connection-time token verification

See SPEC.md of the main repository for full protocol details.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

handshake_prompt-0.1.0.tar.gz (11.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

handshake_prompt-0.1.0-py3-none-any.whl (11.6 kB view details)

Uploaded Python 3

File details

Details for the file handshake_prompt-0.1.0.tar.gz.

File metadata

  • Download URL: handshake_prompt-0.1.0.tar.gz
  • Upload date:
  • Size: 11.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for handshake_prompt-0.1.0.tar.gz
Algorithm Hash digest
SHA256 0bb360f0138ccb8d4facf0f3588871b6646eb0eec06eb3b96775a9cc9832f900
MD5 bed0282a73576d9e7ca9e7a31ff89600
BLAKE2b-256 21f3c7012b2cef9e56229d8333c1479c8617699be12b3729f37632432fb613f6

See more details on using hashes here.

File details

Details for the file handshake_prompt-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for handshake_prompt-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 8265d8310ab716227dad6dafba60d88ed7756bfb7f1f6dc7850ec977c1dfcfaa
MD5 cb3ac2c333061e7814ed20455f703e45
BLAKE2b-256 7552e418883e1502574cfe46de07e9f73a9ff468268e605cc72daa374bddb10c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page