Skip to main content

Provenant client SDK — authorize, simulate, and complete agent actions through the control plane.

Project description

provenant-sdk (Python SDK)

First-party Python client for the Provenant control-plane API — the few lines an autonomous agent adds to become governable.

  • Zero dependencies. Standard library only (urllib, json, dataclasses, typing). Offline-friendly and trivial to vendor.
  • Mirrors the TypeScript SDK (@identiqube/provenant-sdk) surface, paths, headers, and accepted status codes — using Python snake_case method names.

Install

pip install provenant-sdk

Or vendor the provenant_sdk/ package directly — it has no third-party deps.

Quickstart — authorize → act → complete

import os
from provenant_sdk import ProvenantClient

provenant = ProvenantClient(
    "https://provenant.identiqube.com",
    api_key=os.environ["PROVENANT_KEY"],
)

decision = provenant.authorize({
    "type": "payment.send",
    "resource": "vendor:acme",
    "valueCents": 25_00,
})

if decision["status"] == "authorized":
    ref = pay_vendor(...)  # your real-world side effect
    provenant.complete(decision["id"], {
        "success": True,
        "externalRef": ref,
        "warrant": decision["authorizationToken"],  # proves possession
    })
else:
    # A `deny` decision is returned (not raised) — branch on it.
    print("blocked:", decision["decision"]["reason"])

A deny decision is returned, not raised, so you can branch on decision["status"]. Auth/validation failures raise ProvenantError.

Binding enforcement — invoke

Act on a resource through Provenant. The control plane evaluates policy and only performs the downstream call (using the connector's server-held credential) when allowed — your agent never holds the credential and cannot bypass the decision.

res = provenant.invoke({
    "type": "payment.send",
    "resource": "vendor:acme",
    "valueCents": 25_00,
    "request": {
        "method": "POST",
        "path": "/v1/charges",
        "body": '{"amount": 2500, "currency": "usd"}',
    },
})

if res["status"] == "executed":
    print(res["output"])   # { "status", "headers", "body" } from the connector
else:
    print("blocked/held:", res["action"]["status"])

Convenience — guard

Authorize, run your work if allowed, then report completion automatically. If your callback raises, the action is completed with success=False and the error re-raised.

def execute(decision):
    ref = pay_vendor(...)
    return {"result": ref, "externalRef": ref}

outcome = provenant.guard(
    {"type": "payment.send", "resource": "vendor:acme", "valueCents": 25_00},
    execute,
)

if outcome["authorized"]:
    print("done:", outcome["result"])
else:
    print("blocked:", outcome["decision"]["decision"]["reason"])

Methods

Method HTTP
authorize(input) POST /v1/actions/authorize (ok: 200, 202, 403)
get_action(action_id) GET /v1/agent/actions/{id}
simulate(input) POST /v1/actions/simulate (ok: 200)
complete(action_id, result) POST /v1/actions/{id}/complete (ok: 200)
invoke(input) POST /v1/gateway/invoke (ok: 200, 202, 403, 502)
mint_credential(input) POST /v1/gateway/credential (ok: 200, 202, 403)
connectors() GET /v1/connectors/availableconnectors list
spawn(input) POST /v1/agents/delegate (ok: 201)
guard(input, execute) convenience: authorize → execute → complete

Auth header: x-provenant-key: <api_key>. Request bodies are JSON (content-type: application/json).

Errors

On a non-ok status, methods raise ProvenantError(code, message, status), parsed from the JSON {"error": {"code", "message"}} envelope (falling back to request_failed / HTTP {status}).

from provenant_sdk import ProvenantError

try:
    provenant.authorize({"type": "payment.send", "resource": "vendor:acme"})
except ProvenantError as e:
    print(e.code, e.status, e.message)

Testing

ProvenantClient accepts an injectable opener so you can test offline without a network. See tests/test_client.py.

client = ProvenantClient("https://api.test", "key", opener=my_stub_opener)

License

Apache-2.0 (see the LICENSE file in this package). This SDK is open source; the Provenant server product it talks to is separately licensed (proprietary).

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

provenant_sdk-0.8.3.tar.gz (13.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

provenant_sdk-0.8.3-py3-none-any.whl (12.5 kB view details)

Uploaded Python 3

File details

Details for the file provenant_sdk-0.8.3.tar.gz.

File metadata

  • Download URL: provenant_sdk-0.8.3.tar.gz
  • Upload date:
  • Size: 13.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for provenant_sdk-0.8.3.tar.gz
Algorithm Hash digest
SHA256 952b0f191b905b9c02bb63e8f0e8e6987569aea30a9008970d673602feaa812c
MD5 7dba087707bdcccc48795548910146d9
BLAKE2b-256 080a6bce7843245acc803dbca511d9f4864d2d99091f9a94f5b116301ff7dde3

See more details on using hashes here.

Provenance

The following attestation bundles were made for provenant_sdk-0.8.3.tar.gz:

Publisher: release.yml on IdentiQube/Provenant

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file provenant_sdk-0.8.3-py3-none-any.whl.

File metadata

  • Download URL: provenant_sdk-0.8.3-py3-none-any.whl
  • Upload date:
  • Size: 12.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for provenant_sdk-0.8.3-py3-none-any.whl
Algorithm Hash digest
SHA256 af41b3a106086a7dc72bee40209ea2c2bf28c3a9c689e8d8c6f822cf0894d1d8
MD5 54c8d90834f123e7b0cdc8f39e9d8bfd
BLAKE2b-256 c1aba2296e3af79a9951a92272cbca9ed8142f6138665050808ef96ae045fe92

See more details on using hashes here.

Provenance

The following attestation bundles were made for provenant_sdk-0.8.3-py3-none-any.whl:

Publisher: release.yml on IdentiQube/Provenant

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page