Signet Protocol - Python Verification SDK
Project description
Signet Protocol - Python Verification SDK
Verify Signet Protocol receipts and chains in 5 lines of code.
Quick Start
Installation
pip install signet-verify
Verify a Receipt (One-liner)
from signet_verify import verify_receipt
# Verify any receipt in one line
valid, reason = verify_receipt(receipt_data)
print(f"Valid: {valid}, Reason: {reason}")
Verify a Receipt Chain
from signet_verify import verify_chain
# Verify complete audit trail
receipts = [receipt1, receipt2, receipt3] # Chronological order
valid, reason = verify_chain(receipts)
print(f"Chain valid: {valid}, Reason: {reason}")
Verify Export Bundle with Signatures
from signet_verify import verify_export_bundle
# Verify cryptographically signed bundle
valid, reason = verify_export_bundle(
bundle,
jwks_url="https://your-server/.well-known/jwks.json"
)
print(f"Bundle valid: {valid}, Reason: {reason}")
Advanced Usage
Using the Verifier Class
from signet_verify import SignetVerifier
# Create verifier with custom settings
verifier = SignetVerifier(jwks_cache_ttl=7200) # 2 hour cache
# Verify individual receipt
valid, reason = verifier.verify_receipt(receipt)
# Verify with previous receipt for chain validation
valid, reason = verifier.verify_receipt(receipt, previous_receipt)
# Verify complete chain
valid, reason = verifier.verify_chain(receipts)
# Verify signed export bundle
valid, reason = verifier.verify_export_bundle(bundle, jwks_url)
API Reference
Functions
verify_receipt(receipt, previous_receipt=None)
Verify a single Signet receipt.
Parameters:
receipt(dict): The receipt to verifyprevious_receipt(dict, optional): Previous receipt in chain for linkage verification
Returns:
(bool, str): (is_valid, reason)
verify_chain(receipts)
Verify a complete receipt chain.
Parameters:
receipts(list): List of receipts in chronological order
Returns:
(bool, str): (is_valid, reason)
verify_export_bundle(bundle, jwks_url=None)
Verify a signed export bundle.
Parameters:
bundle(dict): The export bundle to verifyjwks_url(str, optional): URL to fetch JWKS for signature verification
Returns:
(bool, str): (is_valid, reason)
SignetVerifier Class
__init__(jwks_cache_ttl=3600)
Create a new verifier instance.
Parameters:
jwks_cache_ttl(int): JWKS cache TTL in seconds (default: 1 hour)
Methods
verify_receipt(receipt, previous_receipt=None)- Verify single receiptverify_chain(receipts)- Verify receipt chainverify_export_bundle(bundle, jwks_url=None)- Verify signed bundle
Receipt Format
Signet receipts follow the SR-1 specification:
{
"trace_id": "unique-trace-identifier",
"hop": 1,
"ts": "2025-01-27T12:00:00Z",
"cid": "sha256:content-hash",
"canon": "{\"normalized\":\"data\"}",
"algo": "sha256",
"prev_receipt_hash": null,
"policy": {
"engine": "HEL",
"allowed": true,
"reason": "ok"
},
"tenant": "your-tenant",
"receipt_hash": "sha256:receipt-hash"
}
Validation Rules
The SDK validates:
- Receipt Hash Integrity - Verifies receipt_hash matches computed hash
- Chain Linkage - Ensures prev_receipt_hash links correctly
- Hop Sequence - Validates hop numbers increment correctly
- Content Integrity - Verifies CID matches canonicalized content
- Timestamp Format - Ensures ISO 8601 timestamp format
- Signature Verification - Validates Ed25519 signatures (if JWKS provided)
Error Handling
from signet_verify import verify_receipt
try:
valid, reason = verify_receipt(receipt)
if not valid:
print(f"Verification failed: {reason}")
except Exception as e:
print(f"Verification error: {e}")
Test Vectors
The SDK is verified against comprehensive test vectors:
import json
from signet_verify import verify_receipt
# Load test vector
with open('test-vectors/receipts/basic-receipt.json') as f:
test_receipt = json.load(f)
# Should pass
valid, reason = verify_receipt(test_receipt)
assert valid, f"Test vector failed: {reason}"
Requirements
- Python 3.7+
cryptography>=3.0.0(for signature verification)requests>=2.25.0(for JWKS fetching)
License
Apache License 2.0 - see LICENSE for details.
Links
Verify receipts in 5 lines. Build trust in 1 line. 🔗
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
signet_verify-1.0.0.tar.gz
(6.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file signet_verify-1.0.0.tar.gz.
File metadata
- Download URL: signet_verify-1.0.0.tar.gz
- Upload date:
- Size: 6.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8f8bd09c2d754f2ae98d4ae904fd22ac308ecdf5d6728bf744576eb627e81371
|
|
| MD5 |
57418a7f407efa5cc55d0873497163d0
|
|
| BLAKE2b-256 |
8807d661201d3ab97ccfd37b59742fd1917ef6c3cd0e9f4c8c03ff7fa99ca749
|
File details
Details for the file signet_verify-1.0.0-py3-none-any.whl.
File metadata
- Download URL: signet_verify-1.0.0-py3-none-any.whl
- Upload date:
- Size: 6.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8015400699aef6cf68ee215f9d9977ff12248e4735753d4951a9f4945c1bebf5
|
|
| MD5 |
009644b53fc2a3f41b59b768dcc07302
|
|
| BLAKE2b-256 |
ee5cefd659ce505d2016a815739f7830daece1bee35302179690c03a5b3d93b6
|
