Trust graph, capabilities, audit, encryption, and watermarking
Reason this release was yanked:
Not ready for use
Project description
our-privacy
Trust graphs, capability-based access control, audit trails, watermarking, and GDPR-compliant data export for the ourochronos ecosystem.
Overview
our-privacy is a comprehensive privacy and trust management system. It implements multi-dimensional trust relationships, OCAP-style authorization with short-lived bearer tokens, tamper-evident audit logging, graduated sharing levels (private to public), invisible watermarking for leak detection, and self-service GDPR data export. It provides the privacy guarantees that make federated knowledge sharing safe.
Install
pip install our-privacy
Requires our-db>=0.1.0, cryptography>=41.0, and PyJWT>=2.8.
Usage
Trust Management
from our_privacy import TrustEdge4D, TrustService
# 4-dimensional trust: competence, integrity, confidentiality, judgment
edge = TrustEdge4D(
source_did="did:key:alice",
target_did="did:key:bob",
competence=0.9,
integrity=0.8,
confidentiality=0.7,
judgment=0.6,
)
Capabilities
from our_privacy import issue_capability, verify_capability, CapabilityAction
# Issue a short-lived bearer token
cap = issue_capability(
issuer_did="did:valence:issuer",
holder_did="did:valence:user",
resource="valence://beliefs/tech",
actions=[CapabilityAction.READ, CapabilityAction.SHARE],
ttl_seconds=900, # 15 minutes
)
# Verify before granting access
verify_capability(cap, holder_did, resource, CapabilityAction.READ)
Sharing Policies
from our_privacy import SharePolicy
# Graduated sharing levels
policy = SharePolicy.private() # Only owner
policy = SharePolicy.direct(recipients=["did:key:bob"]) # Specific recipients
policy = SharePolicy.bounded(max_hops=2) # Limited propagation
policy = SharePolicy.public() # Open access
Audit Logging
from our_privacy import get_audit_logger, verify_chain
logger = get_audit_logger()
logger.log_event(event_type, actor, action, resource)
# Tamper-evident: SHA-256 hash chain
events = logger.get_events()
verify_chain(events) # Raises ChainVerificationError if tampered
Watermarking
from our_privacy import embed_watermark, extract_watermark, WatermarkTechnique
# Invisible watermark for leak tracing
watermarked = embed_watermark(
content="Sensitive report content",
recipient_id="user123",
technique=WatermarkTechnique.WHITESPACE,
)
# If content leaks, identify the source
watermark = extract_watermark(watermarked)
Data Export (GDPR)
from our_privacy import generate_data_report, ReportScope
scope = ReportScope(
include_beliefs=True,
include_shares_sent=True,
include_audit_events=True,
)
report = await generate_data_report(user_did, scope, format="json")
API
Trust
TrustEdge, TrustEdge4D, TrustService, TrustGraphStore, DecayModel
Capabilities
Capability, CapabilityAction (READ, WRITE, DELETE, SHARE, DELEGATE, ADMIN, QUERY, EMBED, FEDERATE), CapabilityService, issue_capability(), verify_capability(), revoke_capability(), requires_capability (decorator)
Sharing
SharePolicy, ShareLevel (PRIVATE, DIRECT, BOUNDED, CASCADING, PUBLIC), SharingService, PropagationRules
Audit
AuditLogger, AuditEvent, AuditEventType, AuditBackend, InMemoryAuditBackend, FileAuditBackend, verify_chain()
Watermarking & Canaries
embed_watermark(), extract_watermark(), WatermarkTechnique (WHITESPACE, HOMOGLYPH, COMBINED), CanaryToken, embed_canary(), detect_canaries()
Domains & Elevation
Domain, DomainService, DomainRole, ElevationProposal, ElevationService
Reports
generate_data_report(), DataReport, ReportScope, ExportFormat (JSON, CSV)
Additional
CorroborationDetector, AnomalyDetector, EncryptionEnvelope, ProvenanceChain
Key Properties
- 4D trust model: Competence, integrity, confidentiality, judgment — with time-based decay
- Hash-chain audit: Tamper-evident SHA-256 chain with PII sanitization
- OCAP authorization: Unforgeable, short-lived (15min default), revocable tokens
- Graduated sharing: Five levels from private to public with policy or cryptographic enforcement
- Leak tracing: Invisible watermarks and canary tokens for detecting unauthorized sharing
- 1,135 tests covering trust, capabilities, audit, sharing, watermarking, and GDPR compliance
Development
# Install with dev dependencies
make dev
# Run linters
make lint
# Run tests
make test
# Run tests with coverage
make test-cov
# Auto-format
make format
State Ownership
Owns trust edges, capabilities, audit events, sharing policies, watermark records, and domain memberships. Storage is pluggable via backend interfaces.
Part of Valence
This brick is part of the Valence knowledge substrate. See our-infra for ourochronos conventions.
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file our_privacy-0.1.1.tar.gz.
File metadata
- Download URL: our_privacy-0.1.1.tar.gz
- Upload date:
- Size: 216.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5e6dd4d962a277dc3a5e6c31f29c9f38d968197eb2b0cffc92200f1256bc3df2
|
|
| MD5 |
b395e1466c7b13ce34de41f3137797a8
|
|
| BLAKE2b-256 |
aaa3aebee6319223b60d39e9a354304913791db636400cf925d48a2789b51c71
|
File details
Details for the file our_privacy-0.1.1-py3-none-any.whl.
File metadata
- Download URL: our_privacy-0.1.1-py3-none-any.whl
- Upload date:
- Size: 123.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
db86a9e580457540105f2992d66ad26f529f15ceb46d28405f5577b80b93d976
|
|
| MD5 |
13ebed6ccb096c90dca247fdc0ea9a28
|
|
| BLAKE2b-256 |
a13b6d3b4fb1e6193083f4e890fa51383b658fc6a54ad54b17473b561397de76
|
