agentsid 0.1.0__tar.gz

agentsid-0.1.0/.gitignore

@@ -0,0 +1,39 @@
+# Python
+__pycache__/
+*.pyc
+*.pyo
+.venv/
+*.egg-info/
+dist/
+build/
+.ruff_cache/
+.pytest_cache/
+
+# Node
+node_modules/
+
+# Environment / Secrets — NEVER commit these
+.env
+.env.local
+.env.production
+!.env.example
+*.pem
+*.key
+*.p12
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Local config (may contain API keys)
+.agentsid/
+
+# Logs
+*.log

agentsid-0.1.0/PKG-INFO

@@ -0,0 +1,42 @@
+Metadata-Version: 2.4
+Name: agentsid
+Version: 0.1.0
+Summary: Identity and auth for AI agents — drop-in MCP middleware
+License: MIT
+Keywords: agents,ai,auth,identity,mcp,security
+Requires-Python: >=3.10
+Requires-Dist: httpx>=0.25.0
+Description-Content-Type: text/markdown
+
+# agentsid
+
+Identity and auth for AI agents. Official Python SDK for [agentsid.dev](https://agentsid.dev).
+
+## Install
+
+```bash
+pip install agentsid
+```
+
+## Quick Start
+
+```python
+from agentsid import AgentsID, create_mcp_middleware
+
+aid = AgentsID(project_key="aid_proj_...")
+
+result = await aid.register_agent(
+    name="research-bot",
+    on_behalf_of="user_123",
+    permissions=["search_*", "save_memory"],
+)
+
+middleware = create_mcp_middleware(project_key="aid_proj_...")
+allowed = await middleware.is_allowed(token, "save_memory")  # True
+```
+
+## Links
+
+- [Documentation](https://agentsid.dev/docs)
+- [Dashboard](https://agentsid.dev/dashboard)
+- [GitHub](https://github.com/stevenkozeniesky02/agentsid)

agentsid-0.1.0/README.md

@@ -0,0 +1,32 @@
+# agentsid
+
+Identity and auth for AI agents. Official Python SDK for [agentsid.dev](https://agentsid.dev).
+
+## Install
+
+```bash
+pip install agentsid
+```
+
+## Quick Start
+
+```python
+from agentsid import AgentsID, create_mcp_middleware
+
+aid = AgentsID(project_key="aid_proj_...")
+
+result = await aid.register_agent(
+    name="research-bot",
+    on_behalf_of="user_123",
+    permissions=["search_*", "save_memory"],
+)
+
+middleware = create_mcp_middleware(project_key="aid_proj_...")
+allowed = await middleware.is_allowed(token, "save_memory")  # True
+```
+
+## Links
+
+- [Documentation](https://agentsid.dev/docs)
+- [Dashboard](https://agentsid.dev/dashboard)
+- [GitHub](https://github.com/stevenkozeniesky02/agentsid)

agentsid-0.1.0/agentsid/__init__.py

@@ -0,0 +1,39 @@
+"""AgentsID — Identity and auth for AI agents.
+
+Quick start:
+
+    from agentsid import AgentsID
+
+    aid = AgentsID(project_key="aid_proj_...")
+
+    # Register an agent
+    result = await aid.register_agent(
+        name="research-bot",
+        on_behalf_of="user_123",
+        permissions=["search_memories", "save_memory"],
+    )
+
+    # Validate token + check permission
+    check = await aid.validate_token(result["token"], tool="search_memories")
+"""
+
+from agentsid.client import AgentsID
+from agentsid.errors import (
+    AgentsIDError,
+    AuthenticationError,
+    PermissionDeniedError,
+    TokenExpiredError,
+    TokenRevokedError,
+)
+from agentsid.middleware import create_mcp_middleware, validate_tool_call
+
+__all__ = [
+    "AgentsID",
+    "AgentsIDError",
+    "AuthenticationError",
+    "PermissionDeniedError",
+    "TokenExpiredError",
+    "TokenRevokedError",
+    "create_mcp_middleware",
+    "validate_tool_call",
+]

agentsid-0.1.0/agentsid/client.py

@@ -0,0 +1,164 @@
+"""AgentsID Python SDK — main client."""
+
+from __future__ import annotations
+
+import httpx
+
+from agentsid.errors import AgentsIDError, AuthenticationError
+
+DEFAULT_BASE_URL = "https://agentsid.dev"
+DEFAULT_TIMEOUT = 10.0
+
+
+class AgentsID:
+    """AgentsID client — register agents, validate tokens, manage permissions."""
+
+    def __init__(
+        self,
+        project_key: str,
+        base_url: str = DEFAULT_BASE_URL,
+        timeout: float = DEFAULT_TIMEOUT,
+    ) -> None:
+        if not project_key:
+            raise AgentsIDError("project_key is required", "CONFIG_ERROR")
+        self._project_key = project_key
+        self._base_url = base_url.rstrip("/")
+        self._timeout = timeout
+
+    # ═══════════════════════════════════════════
+    # AGENTS
+    # ═══════════════════════════════════════════
+
+    async def register_agent(
+        self,
+        name: str,
+        on_behalf_of: str,
+        permissions: list[str] | None = None,
+        ttl_hours: int | None = None,
+        metadata: dict | None = None,
+    ) -> dict:
+        """Register a new agent identity and issue a token."""
+        return await self._request("POST", "/agents/", {
+            "name": name,
+            "on_behalf_of": on_behalf_of,
+            "permissions": permissions,
+            "ttl_hours": ttl_hours,
+            "metadata": metadata,
+        })
+
+    async def get_agent(self, agent_id: str) -> dict:
+        return await self._request("GET", f"/agents/{agent_id}")
+
+    async def list_agents(self, status: str | None = None, limit: int = 50) -> list[dict]:
+        params = {}
+        if status:
+            params["status"] = status
+        if limit != 50:
+            params["limit"] = str(limit)
+        qs = "&".join(f"{k}={v}" for k, v in params.items())
+        return await self._request("GET", f"/agents/?{qs}" if qs else "/agents/")
+
+    async def revoke_agent(self, agent_id: str) -> None:
+        await self._request("DELETE", f"/agents/{agent_id}")
+
+    # ═══════════════════════════════════════════
+    # PERMISSIONS
+    # ═══════════════════════════════════════════
+
+    async def set_permissions(self, agent_id: str, rules: list[dict]) -> dict:
+        """Set permission rules. Each rule: {"tool_pattern": "...", "action": "allow"|"deny"}"""
+        body = [
+            {
+                "tool_pattern": r.get("tool_pattern", r.get("toolPattern", "")),
+                "action": r.get("action", "allow"),
+                "conditions": r.get("conditions"),
+                "priority": r.get("priority", 0),
+            }
+            for r in rules
+        ]
+        return await self._request("PUT", f"/agents/{agent_id}/permissions", body)
+
+    async def get_permissions(self, agent_id: str) -> list[dict]:
+        data = await self._request("GET", f"/agents/{agent_id}/permissions")
+        return data.get("rules", [])
+
+    async def check_permission(
+        self, agent_id: str, tool: str, params: dict | None = None
+    ) -> dict:
+        return await self._request("POST", "/check", {
+            "agent_id": agent_id,
+            "tool": tool,
+            "params": params,
+        })
+
+    # ═══════════════════════════════════════════
+    # TOKEN VALIDATION
+    # ═══════════════════════════════════════════
+
+    async def validate_token(
+        self, token: str, tool: str | None = None, params: dict | None = None
+    ) -> dict:
+        return await self._request("POST", "/validate", {
+            "token": token,
+            "tool": tool,
+            "params": params,
+        })
+
+    # ═══════════════════════════════════════════
+    # AUDIT
+    # ═══════════════════════════════════════════
+
+    async def get_audit_log(
+        self,
+        agent_id: str | None = None,
+        tool: str | None = None,
+        action: str | None = None,
+        since: str | None = None,
+        limit: int = 100,
+    ) -> dict:
+        params = {}
+        if agent_id:
+            params["agent_id"] = agent_id
+        if tool:
+            params["tool"] = tool
+        if action:
+            params["action"] = action
+        if since:
+            params["since"] = since
+        params["limit"] = str(limit)
+        qs = "&".join(f"{k}={v}" for k, v in params.items())
+        return await self._request("GET", f"/audit/?{qs}")
+
+    # ═══════════════════════════════════════════
+    # HTTP CLIENT
+    # ═══════════════════════════════════════════
+
+    async def _request(self, method: str, path: str, body: object | None = None) -> dict:
+        url = f"{self._base_url}/api/v1{path}"
+        headers = {
+            "Authorization": f"Bearer {self._project_key}",
+            "Content-Type": "application/json",
+        }
+
+        async with httpx.AsyncClient(timeout=self._timeout) as client:
+            response = await client.request(
+                method, url, headers=headers,
+                json=body if body is not None else None,
+            )
+
+        if response.status_code == 401:
+            raise AuthenticationError()
+
+        if response.status_code == 204:
+            return {}
+
+        data = response.json()
+
+        if not response.is_success:
+            raise AgentsIDError(
+                data.get("detail", f"Request failed: {response.status_code}"),
+                "API_ERROR",
+                response.status_code,
+            )
+
+        return data

agentsid-0.1.0/agentsid/errors.py

@@ -0,0 +1,30 @@
+"""AgentsID error classes."""
+
+
+class AgentsIDError(Exception):
+    def __init__(self, message: str, code: str = "UNKNOWN", status_code: int | None = None):
+        super().__init__(message)
+        self.code = code
+        self.status_code = status_code
+
+
+class AuthenticationError(AgentsIDError):
+    def __init__(self, message: str = "Invalid or missing API key"):
+        super().__init__(message, "AUTH_ERROR", 401)
+
+
+class PermissionDeniedError(AgentsIDError):
+    def __init__(self, tool: str, reason: str):
+        super().__init__(f'Permission denied for tool "{tool}": {reason}', "PERMISSION_DENIED", 403)
+        self.tool = tool
+        self.reason = reason
+
+
+class TokenExpiredError(AgentsIDError):
+    def __init__(self):
+        super().__init__("Agent token has expired", "TOKEN_EXPIRED", 401)
+
+
+class TokenRevokedError(AgentsIDError):
+    def __init__(self):
+        super().__init__("Agent token has been revoked", "TOKEN_REVOKED", 401)

agentsid-0.1.0/agentsid/middleware.py

@@ -0,0 +1,124 @@
+"""AgentsID MCP middleware for Python.
+
+Drop-in middleware for Python MCP servers. Validates agent tokens,
+checks per-tool permissions, and blocks unauthorized calls.
+
+Usage:
+    from agentsid import create_mcp_middleware
+
+    middleware = create_mcp_middleware(project_key="aid_proj_...")
+
+    # In your MCP tool handler:
+    async def my_tool(params, context):
+        auth = await middleware.validate(bearer_token, "my_tool", params)
+        # auth.permission.allowed is True/False
+"""
+
+from __future__ import annotations
+
+import httpx
+
+from agentsid.errors import (
+    AgentsIDError,
+    PermissionDeniedError,
+    TokenExpiredError,
+    TokenRevokedError,
+)
+
+DEFAULT_BASE_URL = "https://agentsid.dev"
+
+
+async def validate_tool_call(
+    project_key: str,
+    token: str,
+    tool: str,
+    params: dict | None = None,
+    base_url: str = DEFAULT_BASE_URL,
+) -> dict:
+    """Validate a tool call against AgentsID. Returns validation result."""
+    url = f"{base_url.rstrip('/')}/api/v1/validate"
+
+    async with httpx.AsyncClient(timeout=10.0) as client:
+        response = await client.post(
+            url,
+            json={"token": token, "tool": tool, "params": params},
+            headers={"Content-Type": "application/json"},
+        )
+
+    if not response.is_success:
+        return {"valid": False, "reason": f"Validation failed: {response.status_code}"}
+
+    return response.json()
+
+
+class MCPMiddleware:
+    """MCP middleware instance — validates tool calls against AgentsID."""
+
+    def __init__(
+        self,
+        project_key: str,
+        base_url: str = DEFAULT_BASE_URL,
+        skip_tools: list[str] | None = None,
+        on_denied: object | None = None,
+    ) -> None:
+        self._project_key = project_key
+        self._base_url = base_url.rstrip("/")
+        self._skip_tools = set(skip_tools or [])
+        self._on_denied = on_denied
+
+    async def validate(
+        self, token: str, tool: str, params: dict | None = None
+    ) -> dict:
+        """Validate a tool call. Raises on denial unless on_denied is set."""
+        if tool in self._skip_tools:
+            return {"valid": True, "reason": "Tool in skip list"}
+
+        result = await validate_tool_call(
+            self._project_key, token, tool, params, self._base_url
+        )
+
+        if not result.get("valid"):
+            reason = result.get("reason", "Unknown")
+            if "expired" in reason:
+                raise TokenExpiredError()
+            if "revoked" in reason:
+                raise TokenRevokedError()
+
+        permission = result.get("permission", {})
+        if permission and not permission.get("allowed"):
+            reason = permission.get("reason", "Denied")
+            if self._on_denied:
+                self._on_denied(tool, reason)
+            else:
+                raise PermissionDeniedError(tool, reason)
+
+        return result
+
+    async def is_allowed(self, token: str, tool: str) -> bool:
+        """Quick check — returns True/False without raising."""
+        try:
+            result = await validate_tool_call(
+                self._project_key, token, tool, base_url=self._base_url
+            )
+            return result.get("valid", False) and result.get("permission", {}).get("allowed", False)
+        except Exception:
+            return False
+
+
+def create_mcp_middleware(
+    project_key: str,
+    base_url: str = DEFAULT_BASE_URL,
+    skip_tools: list[str] | None = None,
+) -> MCPMiddleware:
+    """Create an MCP middleware instance.
+
+    Args:
+        project_key: Your AgentsID project key (aid_proj_...)
+        base_url: AgentsID server URL
+        skip_tools: Tool names to skip validation for
+    """
+    return MCPMiddleware(
+        project_key=project_key,
+        base_url=base_url,
+        skip_tools=skip_tools,
+    )

agentsid-0.1.0/pyproject.toml

@@ -0,0 +1,16 @@
+[project]
+name = "agentsid"
+version = "0.1.0"
+description = "Identity and auth for AI agents — drop-in MCP middleware"
+readme = "README.md"
+requires-python = ">=3.10"
+dependencies = ["httpx>=0.25.0"]
+license = {text = "MIT"}
+keywords = ["ai", "agents", "auth", "identity", "mcp", "security"]
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.hatch.build.targets.wheel]
+packages = ["agentsid"]