Cryptographic identity and signed outputs for AI agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for YsableWolf from gravatar.com YsableWolf

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Other/Proprietary License (Proprietary - See LICENSE)
  • Author: IAMPASS Inc.
  • Tags agents , ai , cryptography , identity , post-quantum , signing
  • Requires: Python >=3.9
  • Provides-Extra: dev , enterprise
Classifiers
Report project as malware

Project description

MOSS

Unsigned agent output is broken output.

MOSS (Message-Origin Signing System) provides cryptographic signing for AI agents. Every output is signed with ML-DSA-44 (post-quantum), creating non-repudiable execution records with audit-grade provenance.

CI PyPI License: MIT

Install

pip install moss-sdk

Quick Start

from moss import sign, verify

# Sign any agent output
result = sign(
    output={"action": "transfer", "amount": 500},
    agent_id="agent-finance-01",
    context={"user_id": "u123"}
)

# result.envelope: MOSS Envelope with signature
# result.signature: ML-DSA-44 post-quantum signature
# result.allowed: True (or False if enterprise policy blocks)

# Verify offline - no MOSS servers required
verify_result = verify(result.envelope)
if verify_result.valid:
    print(f"Signed by: {verify_result.subject}")

Enterprise Mode

Set MOSS_API_KEY to enable enterprise features:

import os
os.environ["MOSS_API_KEY"] = "your-api-key"

from moss import sign, enterprise_enabled

# Check if enterprise mode is active
print(f"Enterprise: {enterprise_enabled()}")  # True

# Sign with automatic policy evaluation
result = sign(
    output={"action": "high_risk_transfer", "amount": 1000000},
    agent_id="finance-bot",
    action="transfer",
    context={"user_id": "u123", "department": "finance"}
)

if result.blocked:
    print(f"Action blocked: {result.policy.reason}")
else:
    print(f"Action allowed, evidence_id: {result.evidence_id}")

Execution Record Format

Every signed action produces a verifiable execution record:

agent_id:      moss:agent:agent-finance-01
action:        transfer
timestamp:     2026-01-18T12:34:56Z
sequence:      42
payload_hash:  SHA-256:abc123...
signature:     ML-DSA-44:xyz789...
status:        VERIFIED

Using Subject (Advanced)

from moss import Subject

agent = Subject.create("moss:dev:my-agent")
envelope = agent.sign({"action": "approved", "amount": 500})

result = Subject.verify(envelope)
assert result.valid

TypeScript SDK

npm install @moss/sdk

import { sign, verify } from '@moss/sdk';

const envelope = await sign({
  output: agentResponse,
  agentId: "agent-finance-01"
});

const result = await envelope.verify();

Framework Integrations

Package Framework Install
moss-langchain LangChain pip install moss-langchain
moss-langgraph LangGraph pip install moss-langgraph
moss-crewai CrewAI pip install moss-crewai
moss-autogen AutoGen pip install moss-autogen
moss-openai OpenAI SDK pip install moss-openai
moss-anthropic Anthropic SDK pip install moss-anthropic
moss-google Google GenAI pip install moss-google

CLI

moss subject create moss:dev:my-agent
echo '{"action": "test"}' | moss sign moss:dev:my-agent - > envelope.json
moss verify payload.json envelope.json

What MOSS Provides

Capability Description
Mandatory Signing Every agent action is signed
Offline Verification Verify without network access
Post-Quantum Security ML-DSA-44 (FIPS 204)
Provenance Non-repudiable execution history

What MOSS Does NOT Provide (Free Tier)

Limitation Solution
Long-term retention Upgrade to Evidence tier
Audit exports Upgrade to Evidence tier
Evidence continuity Upgrade to Defensible tier

Production environments require retained, verifiable execution records.
Free tier provides runtime enforcement. See mosscomputing.com for evidence continuity options.

Protocol

MOSS implements moss-0001. See SPEC.md.

Envelope

{
  "spec": "moss-0001",
  "version": 1,
  "alg": "ML-DSA-44",
  "subject": "moss:acme:order-bot",
  "key_version": 1,
  "seq": 42,
  "issued_at": 1733200000,
  "payload_hash": "<base64url(SHA-256(canonical(payload)))>",
  "signature": "<base64url(ML-DSA-44 signature)>"
}

Verification

  1. Check spec == "moss-0001"
  2. Compute hash = base64url(SHA-256(canonical(payload)))
  3. Assert hash == envelope.payload_hash
  4. Resolve (subject, key_version) → public_key
  5. Verify ML-DSA-44.verify(public_key, canonical(signed_bytes), signature)

Cryptography
Signatures ML-DSA-44 (FIPS 204)
Hash SHA-256
Encoding base64url, no padding
Canonicalization RFC 8785
Key storage AES-256-GCM + Scrypt

Keys stored at ~/.moss/keys/. Set MOSS_KEY_PASSPHRASE to encrypt at rest.

Links

Contributing

See CONTRIBUTING.md.

Security

Report vulnerabilities to moss@iampass.com. See SECURITY.md.

License

Proprietary - See LICENSE for terms.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for YsableWolf from gravatar.com YsableWolf

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Other/Proprietary License (Proprietary - See LICENSE)
  • Author: IAMPASS Inc.
  • Tags agents , ai , cryptography , identity , post-quantum , signing
  • Requires: Python >=3.9
  • Provides-Extra: dev , enterprise
Classifiers

Release history Release notifications | RSS feed

This version

0.3.0

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

moss_sdk-0.3.0.tar.gz (30.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

moss_sdk-0.3.0-py3-none-any.whl (18.5 kB view details)

Uploaded Python 3

File details

Details for the file moss_sdk-0.3.0.tar.gz.

File metadata

  • Download URL: moss_sdk-0.3.0.tar.gz
  • Upload date:
  • Size: 30.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for moss_sdk-0.3.0.tar.gz
Algorithm Hash digest
SHA256 8a356d3a20546ae8417cfa88b03c8945ac3aa2c12b20cf79cd9567082f2118b0
MD5 bb14fd2deae3b135ad6fc2f4ccf6eca0
BLAKE2b-256 3f818b4b93d4043bfb86073f98f67763ab8718ecc9ba0112638ec712023e5733

See more details on using hashes here.

Provenance

The following attestation bundles were made for moss_sdk-0.3.0.tar.gz:

Publisher: release.yml on mosscomputing/moss

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file moss_sdk-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: moss_sdk-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 18.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for moss_sdk-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 e533f2ff75cfd708f79df0de22dbd4367867ab7d79af8f3dcc6e73fb932c7a85
MD5 577859e77384b03393f1995feb40079b
BLAKE2b-256 c29440acf39cae1d2841c961a9770aec1f55f04e4aec33d281a4cce5cc333d2c

See more details on using hashes here.

Provenance

The following attestation bundles were made for moss_sdk-0.3.0-py3-none-any.whl:

Publisher: release.yml on mosscomputing/moss

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page