Python SDK for Iron Book by Identity Machines
Project description
Iron Book Python SDK
A Python SDK for interacting with Iron Book by Identity Machines. This SDK provides seamless integration with Iron Book's agent registration, authentication, and policy decision APIs.
Features
- Agent Registration: Register new agents and obtain Verifiable Credentials
- Authentication: Get authentication tokens for agent operations
- Policy Decisions: Evaluate policy decisions for agent actions
- Policy Upload: Upload a new access control policy to enforce actions against
- Async Support: Full async/await support for high-performance applications
- Type Safety: Comprehensive type hints and dataclass definitions
- Modern HTTP Client: Built on httpx for reliable HTTP operations
Installation
pip install ironbook-sdk
Quick Start
import asyncio
from ironbook_sdk import IronBookClient, RegisterAgentOptions, GetAuthTokenOptions, PolicyInput
async def main():
# Initialize the client (with optional timeout)
client = IronBookClient(api_key="your-api-key", base_url="https://api.ironbook.identitymachines.com", timeout=15.0)
# Register a new agent
register_options = RegisterAgentOptions(
agent_name="my-agent",
capabilities=["query", "read"],
developer_did="did:web:example.com" # Optional
)
registered = await client.register_agent(register_options)
print(f"Agent registered: {registered}")
# Get authentication token
auth_options = GetAuthTokenOptions(
agent_did=registered["agentDid"],
vc=registered["vc"],
audience="https://api.ironbook.identitymachines.com",
developer_did=registered["developerDid"] # Optional
)
token_data = await client.get_auth_token(auth_options)
print(f"Auth token: {token_data}")
# Make a policy decision
policy_input = PolicyInput(
agent_did=registered["agentDid"],
policy_id="policy-123",
token=token_data["access_token"],
action="query",
resource="db://finance/tx"
)
decision = await client.policy_decision(policy_input)
print(f"Policy decision: {decision.allow}")
# Run the async function
asyncio.run(main())
API Reference
IronBookClient
The main client class for interacting with Iron Book APIs.
Constructor
IronBookClient(api_key: str, base_url: str = "https://api.ironbook.identitymachines.com", timeout: float = 10.0)
Parameters:
api_key(str): Your Iron Book API keybase_url(str, optional): Base URL for the API. Defaults to hosted IronBook API.timeout(float, optional): Total request timeout in seconds (default: 10.0)
Methods
register_agent(opts: RegisterAgentOptions) -> Dict[str, Any]
Registers a new agent and returns { vc, agentDid, developerDid }.
result = await client.register_agent(RegisterAgentOptions(
agent_name="my-agent",
capabilities=["query", "read"],
developer_did="did:web:example.com" # Optional
))
print(result["agentDid"], result["developerDid"]) # use for subsequent calls
get_auth_token(opts: GetAuthTokenOptions) -> Dict[str, Any]
Gets an authentication token for an agent.
token_data = await client.get_auth_token(GetAuthTokenOptions(
agent_did="did:web:agent.example.com",
vc=vc,
audience="https://api.identitymachines.com",
developer_did="did:web:example.com" # Optional
))
policy_decision(opts: PolicyInput) -> PolicyDecision
Gets a policy decision for an agent action.
decision = await client.policy_decision(PolicyInput(
agent_did="did:web:agent.example.com",
policy_id="policy-123",
token="jwt-token",
action="query",
resource="db://finance/tx",
context={"amount": 1000, "ticker": "AAPL"}
))
update_agent(agent_did: str, opts: UpdateAgentOptions) -> UpdateAgentResponse
Updates an agent's description and/or status.
result = await client.update_agent(
agent_did="did:web:agents.identitymachines.com:myagent",
opts=UpdateAgentOptions(
description="Updated agent description",
status="inactive" # 'active' or 'inactive'
)
)
print(f"Updated fields: {result.updated}")
Data Types
RegisterAgentOptions
Options for registering a new agent.
@dataclass
class RegisterAgentOptions:
agent_name: str # Name of the agent
capabilities: List[str] # List of agent capabilities
developer_did: Optional[str] # Developer's DID (optional)
GetAuthTokenOptions
Options for getting an authentication token.
@dataclass
class GetAuthTokenOptions:
agent_did: str # Agent's DID
vc: str # Verifiable Credential
audience: str # Token audience (e.g., API endpoint)
developer_did: Optional[str] # Developer's DID (optional)
PolicyInput
Input parameters for policy decision.
@dataclass
class PolicyInput:
did: str # Agent DID (subject)
token: str # Short-lived access token (JWT)
action: str # Action (e.g., "query")
resource: str # Resource (e.g., "db://finance/tx")
context: Optional[Dict[str, Any]] # Optional context (amount, ticker, etc.)
PolicyDecision
Result of a policy decision evaluation.
@dataclass
class PolicyDecision:
allow: bool # Whether the action is allowed
evaluation: Optional[List[Any]] # Policy evaluation details
reason: Optional[str] # Reason for the decision
PolicyDecisionResult
Enumeration for policy decision results.
class PolicyDecisionResult(str, Enum):
ALLOW = "allow"
DENY = "deny"
UploadPolicyOptions
Options for uploading a policy.
@dataclass
class UploadPolicyOptions:
agent_did: str # Agent's DID
config_type: str # Configuration type
policy_content: str # Policy content
metadata: Any # Policy metadata
developer_did: Optional[str] # Developer's DID (optional)
UpdateAgentOptions
Options for updating an agent.
@dataclass
class UpdateAgentOptions:
description: Optional[str] # New description for the agent
status: Optional[str] # New status ('active' or 'inactive')
UpdateAgentResponse
Response from updating an agent.
@dataclass
class UpdateAgentResponse:
agent_did: str # Agent's DID
developer_did: str # Developer's DID
updated: List[str] # List of updated field names
Advanced Usage
Error Handling
import asyncio
from ironbook_sdk import IronBookClient
async def safe_agent_operation():
client = IronBookClient(api_key="your-api-key")
try:
result = await client.register_agent(...)
return result
except Exception as e:
# For IronBookError, you can introspect e.status, e.code, e.request_id, e.details
print(f"Error: {e}")
return None
asyncio.run(safe_agent_operation())
Custom Base URL
# Use hosted environment
client = IronBookClient(api_key="your-api-key", base_url="https://api.ironbook.identitymachines.com")
Policy Decision with Context
# Make a policy decision with rich context
decision = await client.policy_decision(PolicyInput(
did="did:web:agent.example.com",
token="jwt-token",
action="transfer",
resource="bank://account/123",
context={
"amount": 5000,
"currency": "USD",
"recipient": "alice@example.com",
"timestamp": "2024-01-15T10:30:00Z"
}
))
if decision.allow:
print("Transfer approved")
if decision.reason:
print(f"Reason: {decision.reason}")
else:
print("Transfer denied")
if decision.reason:
print(f"Reason: {decision.reason}")
Upload Policy
# Upload a new access control policy
upload_options = UploadPolicyOptions(
agent_did="did:web:agent.example.com",
config_type="opa",
policy_content="package policy\nallow { input.action == \"read\" }",
metadata={"version": "1.0", "description": "Read-only policy"},
developer_did="did:web:example.com" # Optional
)
result = await client.upload_policy(upload_options)
print(f"Policy uploaded: {result}")
Update Agent
# Update an agent's description and status
update_options = UpdateAgentOptions(
description="Updated agent description for production use",
status="active"
)
result = await client.update_agent(
agent_did="did:web:agents.identitymachines.com:myagent",
opts=update_options
)
print(f"Agent updated successfully")
print(f"Updated fields: {result.updated}")
print(f"Agent DID: {result.agent_did}")
print(f"Developer DID: {result.developer_did}")
# Update only the description
description_only = UpdateAgentOptions(description="New description only")
result = await client.update_agent("did:web:agents.identitymachines.com:myagent", description_only)
# Update only the status
status_only = UpdateAgentOptions(status="inactive")
result = await client.update_agent("did:web:agents.identitymachines.com:myagent", status_only)
Support
- Documentation: https://docs.identitymachines.com
- Issues: GitHub Issues
- Email: devops@identitymachines.com
Changelog
0.2.0
- Added agent update functionality for editing description and status
- Comprehensive error handling and responses
0.1.0
- Initial release
- Agent registration functionality
- Authentication token generation
- Policy decision evaluation
- Policy upload functionality
- Async/await support
- Comprehensive type hints
- Context manager support for client lifecycle management
- Convenience functions for simplified usage
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ironbook_sdk-0.2.0.tar.gz
(16.1 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ironbook_sdk-0.2.0.tar.gz.
File metadata
- Download URL: ironbook_sdk-0.2.0.tar.gz
- Upload date:
- Size: 16.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
beec055c738e7eeb9da05261a22b4720eaab731ab58ea4e1ae8a719eba48134a
|
|
| MD5 |
3d7c0af785e4006fce5d199b498dfa1d
|
|
| BLAKE2b-256 |
c12c43d062440f66221235a4764d556267bb69fe5a4ec376ca139bda93358692
|
File details
Details for the file ironbook_sdk-0.2.0-py3-none-any.whl.
File metadata
- Download URL: ironbook_sdk-0.2.0-py3-none-any.whl
- Upload date:
- Size: 12.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3d1534f5f32d9d98e244967b62a08b8d8d7bbe9fda7f959c9e0139c6a7b93872
|
|
| MD5 |
bc3bbd7c69034417720075ed8809f84e
|
|
| BLAKE2b-256 |
8497ff2fff630056fbf76ab7771c93e39a6bfb88567f9ac1900b65ae6406e2d4
|
