Skip to main content

Handshake Prompt Protocol - session pairing and token auth for AI Agent access

Project description

handshake-prompt (Python Server SDK)

Core network component for the Handshake Prompt Protocol (HPP) — session pairing, token auth, HTTP + WebSocket transport.

Architecture

┌─────────────────────────────────────────┐
│  Application (your service)           │
│  form-fill UI, device pairing, etc.     │
└──────────────────┬──────────────────────┘
                   │ hooks + mode handlers
┌──────────────────▼──────────────────────┐
│  handshake_prompt (this package)        │
│  ProtocolEngine · Session · SessionStore│
│  auth · Flask adapter (HandshakeManager)│
└──────────────────┬──────────────────────┘
                   │
         HTTP / WebSocket + X-Handshake-Token

Core transport (always included):

  • Session creation with 128-bit sid + 192-bit token
  • Token auth on all Agent endpoints
  • Rate limiting, TTL, dynamic extension
  • WebSocket real-time push

Application plugins (optional, in handshake_prompt.modes):

  • form-fill — schema validation, field ownership, missing-field detection
  • default — opaque key/value context for generic Agent interactions

Prompt text generation is not part of the core transport — use handshake_prompt.prompt.build_prompt() if you want a default template.

Install

pip install handshake-prompt

Quick start (Flask)

from flask import Flask
from flask_sock import Sock
from handshake_prompt import HandshakeManager

app  = Flask(__name__)
sock = Sock(app)
hm   = HandshakeManager(app, sock)   # HPP endpoints mounted

if __name__ == '__main__':
    app.run(port=5000)

Endpoints (default prefix /handshake):

Endpoint Method Auth Purpose
/handshake/session POST Browser cookie (your app) Create session
/handshake/context/<sid> GET X-Handshake-Token Agent reads state
/handshake/action/<sid> POST X-Handshake-Token Agent submits actions
/handshake/notify/<sid> POST Browser (optional) User-side edits
/handshake/diff/<sid> GET X-Handshake-Token Incremental changes
/ws/handshake/<sid> WS ?token= Real-time push

Using without Flask

from handshake_prompt import ProtocolEngine, SessionStore

store = SessionStore()
engine = ProtocolEngine(store=store, prefix='/api/pair')

payload, code = engine.create_session({'mode': 'device-pair', 'data': {}})
# Wire payload/code into your own framework adapter

Form-fill mode (optional plugin)

{
  "mode": "form-fill",
  "schema": [
    {"key": "name", "label": "Name", "type": "string", "required": true}
  ],
  "context": {}
}

Custom mode handler

from handshake_prompt.modes import DEFAULT_HANDLERS

class MyHandler:
    def setup_session(self, sess, body): ...
    def context_response(self, sess): ...
    def process_actions(self, sess, actions, stream, interval, cbs, broadcast): ...
    def process_notify(self, sess, key, value): ...
    def process_ws_message(self, sess, msg): ...

hm = HandshakeManager(app, sock, mode_handlers={
    **DEFAULT_HANDLERS,
    'my-mode': MyHandler(),
})

Hooks

@hm.on_create_session
def bind_owner(sess, request):
    sess.owner = flask_session.get('user_id')

@hm.on_action
def audit(sess, action, request):
    return True  # return False to veto

@hm.on_extend
def cap_extension(sess, extra_seconds, request):
    return min(extra_seconds, 1800)

Security defaults

  • Token: 192-bit entropy, timing-safe comparison
  • Session ID: 128-bit entropy
  • TTL: 30 min default, dynamically extendable
  • Rate limit: 60 req/min/session
  • WebSocket: token verified at connect time

See SPEC.md for full protocol details.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

handshake_prompt-0.2.0.tar.gz (13.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

handshake_prompt-0.2.0-py3-none-any.whl (15.0 kB view details)

Uploaded Python 3

File details

Details for the file handshake_prompt-0.2.0.tar.gz.

File metadata

  • Download URL: handshake_prompt-0.2.0.tar.gz
  • Upload date:
  • Size: 13.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for handshake_prompt-0.2.0.tar.gz
Algorithm Hash digest
SHA256 fcd972c5f25f86f035855649494092ab4df6f3767dd4075611a3daa84e269ba2
MD5 0f0e8785593e4bbf3e411a88d7e2732a
BLAKE2b-256 881de7b544af65a151822086d20aa0519c1c9bf21046ab90a97627821175aed0

See more details on using hashes here.

File details

Details for the file handshake_prompt-0.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for handshake_prompt-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 f0abf92c49a46ea50c3b920d24db9ddda9537017ae69b177e15cbdab939d3103
MD5 954c901e82b7a9b70d6ea1339969b508
BLAKE2b-256 24087641d8952463592a05a95eee1af37b32334f8a6b334fa2b7b5266c77c8bc

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page