Python SDK for agent identity publishing, signed messaging, and registry-based verification
Project description
Agent Auth SDK
verifiable-agent-auth-sdk 为 Agent 提供可验证身份、Registry 公钥发现、HTTP/消息签名验签、nonce 防重放和 Vault Transit 私钥托管。verifiable-agent-auth-registry 是配套的单节点身份注册服务。
当前版本:0.2.0b1(Beta)。Python 3.11–3.13。
它解决什么问题
当 Agent A 调用 Agent B 时,B 通常只能相信网络位置或应用传入的字符串。本项目把调用绑定到可验证的 Agent 身份:
Registry 管理员 ──分配 namespace──> Developer
Developer ──发布公钥 metadata──> HTTPS Registry
Agent A ──Vault 私钥签名请求──> Agent B
Agent B ──从 Registry 解析 A 的公钥并验签──> 认证上下文
应用授权策略 ──基于认证上下文决定是否允许调用──> 业务处理
认证成功证明发送方持有 Registry 中登记密钥且内容未被篡改;它不自动授予业务权限。
安装
pip install verifiable-agent-auth-sdk
# 按需安装
pip install "verifiable-agent-auth-sdk[vault]"
pip install "verifiable-agent-auth-sdk[redis]"
pip install "verifiable-agent-auth-sdk[openai]"
pip install "verifiable-agent-auth-sdk[openai-fastapi]"
# 部署中心 Registry
pip install verifiable-agent-auth-registry
| Extra | 用途 |
|---|---|
vault |
HashiCorp Vault Transit signer |
redis |
多进程/多实例原子 nonce store |
openai |
OpenAI Agents SDK 显式调用边界 |
openai-fastapi |
OpenAI Agents + 声明式 FastAPI 远程 Agent endpoint |
从哪里开始
- 有 HTTPS Registry 和 Vault:按 Quick Start 发布两个 Agent 并完成真实验签。
- 想先在本机理解签名流程:运行 本地消息示例。
- 使用 OpenAI Agents:阅读 OpenAI Agents 集成。
- 部署 Registry:阅读 Registry 部署与运维。
最常用的应用入口是:
from agent_auth_sdk import AgentVerifier, MetadataResolverConfig
async with AgentVerifier(
resolver_config=MetadataResolverConfig(
registry_url="https://registry.example.com",
),
) as verifier:
result = await verifier.verify_message(
message=incoming_message,
expected_recipient="agent://agents.example.com/team/receiver",
)
if not result.ok:
raise PermissionError(f"{result.code}: {result.reason}")
核心能力
AgentInstance:聚合 Agent identity、metadata 和 signer,提供发布、签名和密钥生命周期操作。RegistryClient:使用 developer credential 发布身份和更新密钥。AgentVerifier:集中管理 metadata 发现、缓存、nonce 和验签配置。RemoteAgentClient/AgentAuthASGIMiddleware:保护真实 HTTP Agent 边界。AuthorizationPolicy:在认证之后显式执行应用授权。AuthenticatedOpenAIAgents:包装 OpenAIRunner.run或生成可用于function_tool的 authenticated callable。OpenAIAgentAuth:面向已有 OpenAI Agents 项目的单身份入口,可原样保护FunctionTool、Agent.as_tool()、handoff 和远程 Tool。AgentAuthRouter:声明式 FastAPI 接收端,自动验签请求、注入上下文并签名响应。
安全边界
- Registry 管理员是 developer namespace 的信任根;v1 不执行 DNS challenge。
- strict profile 要求 HTTPS 和公共 DNS identity,并在 Registry 故障时失败关闭。
- 私钥保留在 Vault Transit;SDK 读取固定 key version 的公钥并请求签名。
InMemoryNonceStore仅适合单进程;多实例接收端应使用RedisNonceStore。- OpenAI
call_local_agent()不提供进程隔离;跨进程使用签名 HTTP 边界。 - Registry v1 只支持单节点、单 worker SQLite,不支持 HA。
- 自定义协议 v1 不是 RFC 9421 或 JWS。
文档
- Quick Start
- SDK 使用指南
- 公开 API Reference
- Examples
- OpenAI Agents 集成
- Registry 部署与运维
- 安全模型
- 协议 v1
- CHANGELOG
- 维护者版本与代码修改清单
开发验证
python -m pip install -e ".[all,dev]"
python -m pip install -e "packages/agent-auth-registry[dev]"
python -m pytest -q
python -m ruff check agent_auth_sdk packages/agent-auth-registry/src pytests examples
python -m mypy agent_auth_sdk
安全问题请按 SECURITY.md 私密报告。
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file verifiable_agent_auth_sdk-0.2.0b1.tar.gz.
File metadata
- Download URL: verifiable_agent_auth_sdk-0.2.0b1.tar.gz
- Upload date:
- Size: 89.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6e3a8105c5ec3c1c5771269a28c706f55b96c37f86d509f5eb2e47c64be9decd
|
|
| MD5 |
d9eb2d7380ffa23a70d13da2b2bb9488
|
|
| BLAKE2b-256 |
c1850f606ad068f698dfca3294109da61730ebb8ce7b33b5a1de8f6fef65e2f4
|
Provenance
The following attestation bundles were made for verifiable_agent_auth_sdk-0.2.0b1.tar.gz:
Publisher:
publish.yml on YiheHuang/agent_auth_sdk
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
verifiable_agent_auth_sdk-0.2.0b1.tar.gz -
Subject digest:
6e3a8105c5ec3c1c5771269a28c706f55b96c37f86d509f5eb2e47c64be9decd - Sigstore transparency entry: 2144334418
- Sigstore integration time:
-
Permalink:
YiheHuang/agent_auth_sdk@f1349c1e5d89d44cad6cc29cfb80b306982e715e -
Branch / Tag:
refs/tags/v0.2.0b1 - Owner: https://github.com/YiheHuang
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@f1349c1e5d89d44cad6cc29cfb80b306982e715e -
Trigger Event:
release
-
Statement type:
File details
Details for the file verifiable_agent_auth_sdk-0.2.0b1-py3-none-any.whl.
File metadata
- Download URL: verifiable_agent_auth_sdk-0.2.0b1-py3-none-any.whl
- Upload date:
- Size: 67.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
20679b3b3619b1e0799b1a012bdf7c0abed6c4ed37729a234b1b9a6575a1c427
|
|
| MD5 |
51002d427324c76ce3dbd2e4d91ae419
|
|
| BLAKE2b-256 |
79ca505f8cd1b0b98f3974c7c114645792113cfd5982b75329aba7f84955c10e
|
Provenance
The following attestation bundles were made for verifiable_agent_auth_sdk-0.2.0b1-py3-none-any.whl:
Publisher:
publish.yml on YiheHuang/agent_auth_sdk
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
verifiable_agent_auth_sdk-0.2.0b1-py3-none-any.whl -
Subject digest:
20679b3b3619b1e0799b1a012bdf7c0abed6c4ed37729a234b1b9a6575a1c427 - Sigstore transparency entry: 2144334531
- Sigstore integration time:
-
Permalink:
YiheHuang/agent_auth_sdk@f1349c1e5d89d44cad6cc29cfb80b306982e715e -
Branch / Tag:
refs/tags/v0.2.0b1 - Owner: https://github.com/YiheHuang
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@f1349c1e5d89d44cad6cc29cfb80b306982e715e -
Trigger Event:
release
-
Statement type: