SAFE Authorization Protocol for MCP tool calls — SAP/1.0 reference implementation

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rudi193 from gravatar.com rudi193

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Sean Campbell
  • Tags authorization , gpg , mcp , openclaw , sap , security
  • Requires: Python >=3.11
Classifiers
Report project as malware

Project description

openclaw-sap-gate

Python reference implementation of SAP/1.0 — SAFE Authorization Protocol for MCP tool calls.

pip install openclaw-sap-gate

Usage

from openclaw_sap_gate import authorized, require_authorized

# Check (returns bool)
if not authorized("my-app"):
    return "denied"

# Assert (raises PermissionError on failure)
require_authorized("my-app")

CLI

# Verify an app_id passes the full auth chain
sap-gate verify my-app

# Scaffold a new SAFE folder + manifest template
sap-gate init my-app

Configuration

Env var Default Description
SAP_SAFE_ROOT ~/.sap/Applications Root directory for SAFE folders
SAP_PGP_FINGERPRINT (empty — any valid sig passes) Pinned primary key fingerprint
SAP_LOG_DIR ~/.sap/log Directory for gaps.jsonl and grants.jsonl

How It Works

Authorization requires all four steps:

  1. SAP_SAFE_ROOT/<app_id>/ exists
  2. safe-app-manifest.json present and readable
  3. safe-app-manifest.json.sig present
  4. gpg --verify passes, signer fingerprint matches SAP_PGP_FINGERPRINT

Revoke by deleting the folder or .sig file.

OpenClaw Enforcement Skill

rudi193-cmd/openclaw-skill-sap

Protocol Spec

SAP/1.0 RFC

License

MIT — Sean Campbell 2026

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rudi193 from gravatar.com rudi193

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Sean Campbell
  • Tags authorization , gpg , mcp , openclaw , sap , security
  • Requires: Python >=3.11
Classifiers

Release history Release notifications | RSS feed

This version

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

openclaw_sap_gate-1.0.0.tar.gz (5.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

openclaw_sap_gate-1.0.0-py3-none-any.whl (6.7 kB view details)

Uploaded Python 3

File details

Details for the file openclaw_sap_gate-1.0.0.tar.gz.

File metadata

  • Download URL: openclaw_sap_gate-1.0.0.tar.gz
  • Upload date:
  • Size: 5.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.7

File hashes

Hashes for openclaw_sap_gate-1.0.0.tar.gz
Algorithm Hash digest
SHA256 229f77e9188de527e63e617535056b9074e1f07a66901c037e1957b56c5b0174
MD5 393da4e2d5ca4521d4d4830b497eec52
BLAKE2b-256 2079e0f7b6bbf5b4e35562dadb9071101beeee70972ce8a9c88a68a0858b21ae

See more details on using hashes here.

File details

Details for the file openclaw_sap_gate-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for openclaw_sap_gate-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 6c98b50fcb9af9290fd0173efb06a868e109df9f227c731755b780f5b3751acc
MD5 097855727757176be09a8c33cdfbb8bc
BLAKE2b-256 349650fa3a242958b6564f0384506ecaa615a43b16f699329e1b349c9303ead6

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page