agentguard-python-sdk 0.2.0__py3-none-any.whl → 0.2.2__py3-none-any.whl

agentguard/__init__.py

@@ -1,4 +1,57 @@
-from .client import AgentGuardClient
-from .config import AgentGuardConfig
-
-__all__ = ["AgentGuardClient", "AgentGuardConfig"]
+from .client import AgentGuardClient
+from .config import AgentGuardConfig
+from .errors import (
+    AgentGuardError,
+    ValidationError,
+    TransportError,
+    AuthenticationError,
+    InvalidSignatureError,
+    ExpiredSignatureError,
+    PaymentError,
+    ReplayAttackError,
+    DuplicatePaymentError,
+    BudgetExceededError,
+    VerificationError,
+    SecurityError,
+    UnknownExecutionStateError,
+    AuthorizationRequiredError
+)
+from .types import (
+    AgentGuardReceipt,
+    AuditProof,
+    AuthorizationConstraints,
+    NonceContext,
+    AuthorizationMetadata,
+    DelegatedAuthorization,
+    AuthorizationReceipt,
+    RevocationReceipt
+)
+
+__version__ = "0.2.2"
+
+__all__ = [
+    "AgentGuardClient",
+    "AgentGuardConfig",
+    "AgentGuardError",
+    "ValidationError",
+    "TransportError",
+    "AuthenticationError",
+    "InvalidSignatureError",
+    "ExpiredSignatureError",
+    "PaymentError",
+    "ReplayAttackError",
+    "DuplicatePaymentError",
+    "BudgetExceededError",
+    "VerificationError",
+    "SecurityError",
+    "UnknownExecutionStateError",
+    "AuthorizationRequiredError",
+    "AgentGuardReceipt",
+    "AuditProof",
+    "AuthorizationConstraints",
+    "NonceContext",
+    "AuthorizationMetadata",
+    "DelegatedAuthorization",
+    "AuthorizationReceipt",
+    "RevocationReceipt",
+]

agentguard/auth.py

@@ -1,54 +1,20 @@
-import json
-import unicodedata
-import hashlib
-import base64
-import time
-from typing import Dict, Any
-import nacl.signing
-import nacl.encoding
-
-def canonicalize_payload(payload: Dict[str, Any]) -> bytes:
-    """
-    Deterministic canonicalization (Priority 5).
-    1. NFC Normalize all strings recursively.
-    2. Sort keys.
-    3. No whitespace (separators=(',', ':')).
-    4. UTF-8 encoding.
-    """
-    def normalize_rec(obj):
-        if isinstance(obj, str):
-            return unicodedata.normalize("NFC", obj)
-        if isinstance(obj, dict):
-            return {normalize_rec(k): normalize_rec(v) for k, v in obj.items()}
-        if isinstance(obj, list):
-            return [normalize_rec(i) for i in obj]
-        return obj
-
-    norm_payload = normalize_rec(payload)
-    canonical_str = json.dumps(
-        norm_payload,
-        sort_keys=True,
-        separators=(",", ":"),
-        ensure_ascii=False
-    )
-    return canonical_str.encode("utf-8")
-
-def sign_request(payload: Dict[str, Any], private_key_b64: str) -> str:
-    """
-    Signs a canonical payload using ED25519.
-    Expects private_key_b64 (32-byte seed or 64-byte expanded key in b64).
-    """
-    # Decoding private key
-    # Most Algorand private keys are the 32-byte seed. 
-    # NaCl signing keys are initialized from the 32-byte seed.
-    seed = base64.b64decode(private_key_b64)
-    if len(seed) > 32:
-        seed = seed[:32] # Algorand SK is often seed + pubkey
-        
-    signing_key = nacl.signing.SigningKey(seed)
-    
-    canonical_bytes = canonicalize_payload(payload)
-    signature = signing_key.sign(canonical_bytes)
-    
-    # Return detached signature in base64
-    return base64.b64encode(signature.signature).decode("utf-8")
+import json
+import unicodedata
+import hashlib
+import base64
+import time
+from typing import Dict, Any
+import nacl.signing
+import nacl.encoding
+
+from agentguard_crypto.signing import sign_payload
+
+def sign_request(payload: Any, private_key_b64: str) -> str:
+    """
+    Signs a request using the shared cryptographic source of truth.
+    Payload MUST be a strictly typed canonical model.
+    """
+    if isinstance(payload, dict):
+        raise TypeError("Dictionary payloads are strictly prohibited. You must use a Canonical Payload model.")
+            
+    return sign_payload(payload, private_key_b64)