Skip to main content

Python SDK for the Shadownet protocol.

Project description

Shadownet — Python SDK

PyPI Python CI License: MIT Typed

Python SDK for the Shadownet protocol. Implements the v0.1 RFCs in idiomatic, async, fully-typed Python.

Note (0.2.0 — repository move). This SDK previously lived at shadownet-protocol/shadownet-py. Starting with 0.2.0 it ships from the shadownet-protocol/shadownet monorepo at python-sdk/. The PyPI package name (shadownet) is unchanged — pip install shadownet and existing imports continue to work. See MIGRATION.md for details.

What this is

A reusable library — not a server, not a canonical core. It exposes the protocol primitives needed to build a Shadow:

  • DID resolutiondid:key (local) and did:web (async, cached, 16 KiB cap per RFC-0002).
  • Verifiable Credentials — VC-JWT issuance + verification, freshness proofs, BitstringStatusList revocation (fail-closed >L1 per RFC-0003).
  • SCA client — proof-session, issuance, freshness, callback-HMAC verification (RFC-0004).
  • SNS client — async resolver with TTL + negative cache, signed-record verification (RFC-0005).
  • A2A profile — session-token + Verifiable Presentation handshake; framework-agnostic verifier; optional FastAPI dependency (RFC-0006).
  • MCP — Pydantic models + a Sidecar Protocol + a one-call helper that wires every RFC-0007 tool onto a FastMCP server.

It is consumed by shadownet-local — the Sidecar reference implementation — and by downstream Sidecar deployments that compose the SDK with their own infrastructure.

Interop with the Go SDK (in this same repo) and a planned TypeScript SDK is verified at the wire level by the conformance/ suite.

Install

pip install shadownet
# or
uv add shadownet

Python 3.12+ required. For the optional FastAPI helpers:

pip install 'shadownet[fastapi]'

Quick examples

Issue and verify a credential

from shadownet.crypto.ed25519 import Ed25519KeyPair
from shadownet.did.key import derive_did_key
from shadownet.did.resolver import Resolver
from shadownet.vc.credential import issue_credential, new_credential, verify_credential

issuer_kp = Ed25519KeyPair.generate()
issuer_did = derive_did_key(issuer_kp.public_bytes)

subject_kp = Ed25519KeyPair.generate()
subject_did = derive_did_key(subject_kp.public_bytes)

cred = new_credential(
    issuer=issuer_did,
    subject=subject_did,
    level="urn:shadownet:level:L2",
    subject_type="person",
)
token = issue_credential(issuer_key=issuer_kp, issuer_kid=issuer_did, credential=cred)

verified = await verify_credential(token, resolver=Resolver())
assert verified.level == "urn:shadownet:level:L2"

Mint and verify a presentation

from shadownet.vc.presentation import mint_presentation, verify_presentation
from shadownet.trust import TrustStore

verifier_did = "did:key:z6MkVerifier..."
vp_jwt = mint_presentation(
    holder_key=subject_kp,
    holder_did=subject_did,
    audience_did=verifier_did,
    credentials=[token],
)

trust = TrustStore.from_pairs([(issuer_did, ["urn:shadownet:level:L2"])])
result = await verify_presentation(
    vp_jwt,
    resolver=Resolver(),
    expected_audience=verifier_did,
    trust_store=trust,
)
assert len(result.credentials) == 1

Run the inbound A2A handshake

from shadownet.a2a.server import verify_handshake
from shadownet.sca.predicate import LevelLeaf

ctx = await verify_handshake(
    request_headers,                 # any Mapping[str, str]
    expected_audience=my_did,
    resolver=Resolver(),
    trust_store=trust,
    required_predicate=LevelLeaf(level="urn:shadownet:level:L2"),
)
# ctx.caller_did is the verified peer DID
# ctx.presentation.credentials are the credentials that survived every check

Register the RFC-0007 MCP tools

from mcp.server.fastmcp import FastMCP
from shadownet.mcp.register import register_shadownet_tools

server = FastMCP(name="my-sidecar")
register_shadownet_tools(server, my_sidecar_implementation)
# all required RFC-0007 tools are now exposed; opt into the optional ones with
# include_optional={"present", "audit"}

The full set of public APIs is curated under shadownet.{crypto, did, vc, sca, sns, trust, a2a, mcp}. See the tests/integration/test_birthday_flow.py for an end-to-end Sarah → Lukas walkthrough.

Conformance

tests/conformance/ validates every Pydantic wire model against the JSON Schemas in shadownet-specs/schemas/. CI fails on any drift.

Develop

uv sync --all-extras           # runtime + dev + extras
uv run pytest                  # full suite (incl. conformance), with coverage
uv run pytest -m network       # opt-in network tests
uv run ruff check .            # lint
uv run ruff format .           # format
uv run mypy src/shadownet      # strict typing

See CONTRIBUTING.md at the repo root for the full contributor guide.

Specifications

Versioning

Releases track the protocol version they implement (0.x.y while the spec is at v0.1). Pre-releases use the PEP 440 form (0.2.0rc1) and the matching git tag (python-sdk/v0.2.0-rc.1). The monorepo tag scheme prefixes each subtree's tags with its directory: python-sdk/vX.Y.Z for the Python SDK, core/vX.Y.Z for the Go SDK, core/pgstore/vX.Y.Z for the Postgres backend. Per-release changes are recorded in CHANGELOG.md.

License

MIT.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

shadownet-0.4.1.tar.gz (54.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

shadownet-0.4.1-py3-none-any.whl (76.7 kB view details)

Uploaded Python 3

File details

Details for the file shadownet-0.4.1.tar.gz.

File metadata

  • Download URL: shadownet-0.4.1.tar.gz
  • Upload date:
  • Size: 54.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for shadownet-0.4.1.tar.gz
Algorithm Hash digest
SHA256 63380e38551dd23991a87ee1de5becbdcf296806d81d09c5a1f24fbf2f562b7f
MD5 51c1edd985b4110e1ede1d40f0883ed0
BLAKE2b-256 2f1fab9346e1d3ad13dfea337f105cd247f77be80f0845f57ee5fde5d3662ddc

See more details on using hashes here.

Provenance

The following attestation bundles were made for shadownet-0.4.1.tar.gz:

Publisher: release-python-sdk.yml on shadownet-protocol/shadownet

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file shadownet-0.4.1-py3-none-any.whl.

File metadata

  • Download URL: shadownet-0.4.1-py3-none-any.whl
  • Upload date:
  • Size: 76.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for shadownet-0.4.1-py3-none-any.whl
Algorithm Hash digest
SHA256 d3ea1fc4c5241945ca66fea58eb23039ba00e6bcde6dc76cf762db297f52c79d
MD5 bd7763ea15353ade37557c8f2688f918
BLAKE2b-256 c3a496e615d4a5a56af2139196183d468bbfe29f5fa59cf921ac96b0d567d396

See more details on using hashes here.

Provenance

The following attestation bundles were made for shadownet-0.4.1-py3-none-any.whl:

Publisher: release-python-sdk.yml on shadownet-protocol/shadownet

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page