aip-verify 1.1.0__tar.gz

aip_verify-1.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 SKumar
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

aip_verify-1.1.0/PKG-INFO

@@ -0,0 +1,298 @@
+Metadata-Version: 2.4
+Name: aip-verify
+Version: 1.1.0
+Summary: Agent Integrity Protocol - Cryptographic verification for AI agent skills
+Author-email: Santosh Manya <santosh@example.com>
+License: MIT
+Project-URL: Homepage, https://github.com/santoshmanya/agent-integrity-protocol
+Project-URL: Documentation, https://github.com/santoshmanya/agent-integrity-protocol/blob/main/docs/WHITEPAPER.md
+Project-URL: Repository, https://github.com/santoshmanya/agent-integrity-protocol.git
+Project-URL: Issues, https://github.com/santoshmanya/agent-integrity-protocol/issues
+Project-URL: Changelog, https://github.com/santoshmanya/agent-integrity-protocol/releases
+Keywords: ai,agents,security,verification,llm,owasp,did,cryptography,trust
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Provides-Extra: dev
+Requires-Dist: pytest>=9.0.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=1.0.0; extra == "dev"
+Dynamic: license-file
+
+# Agent Integrity Protocol (AIP)
+
+> **The SSL/TLS for AI Agent Skills** — Cryptographic verification, permission manifests, and reputation scoring for the agentic web.
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Status: Draft](https://img.shields.io/badge/Status-Draft-orange.svg)]()
+[![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-blue.svg)]()
+[![Tests: 63 Passing](https://img.shields.io/badge/Tests-63%20Passing-brightgreen.svg)]()
+[![OWASP: LLM Top 10](https://img.shields.io/badge/OWASP-LLM%20Top%2010-blue.svg)](https://genai.owasp.org/llm-top-10/)
+[![CVE-2026-25253: Mitigated](https://img.shields.io/badge/CVE--2026--25253-Mitigated-green.svg)]()
+
+---
+
+## The Problem
+
+The agentic web is exploding. Platforms like Moltbook report **1.5 million agents** operated by only **17,000 humans** — an 88:1 ratio. But there's no standard way to verify:
+
+- **Who authored** a skill or tool
+- **What permissions** it actually needs
+- **Whether the code** has been tampered with
+- **If the author** has a history of malicious behavior
+
+This is the **SSL problem of 1995** — we're transmitting executable code between agents without any verification layer.
+
+### Recent Incidents (February 2026)
+
+| Platform | Vulnerability | Impact |
+|----------|--------------|--------|
+| **Moltbook** | Credential exfiltration via DNS tunneling | $47K stolen, 2,300 deployments compromised |
+| **Moltbook** | 91% indirect prompt injection success rate | 1.5M API keys at risk |
+| **OpenClaw** | CVE-2026-25253 WebSocket token exfil RCE | Full system compromise via sandbox escape |
+| **ClawHub** | Malicious skills in marketplace | Financial data theft via backdoored extensions |
+
+## The Solution: Agent Integrity Protocol
+
+AIP provides a lightweight, cryptographically-verifiable trust layer for AI agent skills:
+
+```
+┌─────────────────────────────────────────────────────────────────┐
+│                    AGENT INTEGRITY PROTOCOL                     │
+├─────────────────────────────────────────────────────────────────┤
+│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐             │
+│  │   AUTHOR    │  │   CONTENT   │  │ PERMISSIONS │             │
+│  │  IDENTITY   │  │   HASHES    │  │  MANIFEST   │             │
+│  │    (DID)    │  │  (SHA-256)  │  │   (Scope)   │             │
+│  └──────┬──────┘  └──────┬──────┘  └──────┬──────┘             │
+│         │                │                │                     │
+│         └────────────────┼────────────────┘                     │
+│                          ▼                                      │
+│              ┌───────────────────────┐                          │
+│              │   CRYPTOGRAPHIC       │                          │
+│              │     SIGNATURE         │                          │
+│              │     (EdDSA)           │                          │
+│              └───────────────────────┘                          │
+│                          │                                      │
+│                          ▼                                      │
+│              ┌───────────────────────┐                          │
+│              │   REPUTATION SCORE    │                          │
+│              │      (0-100)          │                          │
+│              └───────────────────────┘                          │
+└─────────────────────────────────────────────────────────────────┘
+```
+
+## Quick Start
+
+### 1. Create an Integrity Manifest
+
+Every skill includes an `integrity.manifest.json`:
+
+```json
+{
+  "version": "1.0.0",
+  "skill": {
+    "name": "calendar-booking",
+    "version": "2.1.0",
+    "description": "Book calendar events via Google Calendar API"
+  },
+  "author": {
+    "did": "did:web:example.com",
+    "name": "Trusted Developer",
+    "contact": "security@example.com",
+    "signature": "eyJhbGciOiJFZERTQSJ9..."
+  },
+  "integrity": {
+    "algorithm": "sha256",
+    "hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+    "files": [
+      "index.js": "sha256:a1b2c3d4e5f6..."
+    ],
+    "signed_at": "2026-02-07T10:30:00Z",
+    "expires": "2027-02-07T10:30:00Z"
+  },
+  "permissions": {
+    "network": {
+      "allowed": ["calendar.google.com"],
+      "denied": ["*"]
+    },
+    "secrets": {
+      "required": ["GOOGLE_API_KEY"],
+      "optional": []
+    },
+    "data": {
+      "read": ["user.calendar.events"],
+      "write": ["user.calendar.events"]
+    },
+    "filesystem": {
+      "read": [],
+      "write": []
+    }
+  }
+}
+```
+
+### 2. Verify Before Execution
+
+```python
+from aip import verify
+
+# Verification is async (checks DIDs, reputation, and crypto)
+result = await verify("./calendar-skill/")
+
+if result.trusted:
+    print(f"✅ Skill verified!")
+    print(f"   Author: {result.author.name} ({result.author.did})")
+    print(f"   Reputation: {result.reputation}/100")
+    print(f"   Permissions: {result.permissions}")
+else:
+    print(f"❌ Verification failed: {result.reason}")
+```
+
+### 3. Enforce Least Privilege
+
+The executing agent reads the permission manifest and enforces boundaries:
+
+```python
+# Agent runtime enforces declared permissions
+if skill.requests_permission("network", "https://evil.com"):
+    raise PermissionDenied("Network access to https://evil.com not declared")
+```
+
+## How It Compares
+
+| Feature | AIP | Monday.com ATP | Raw Skills |
+|---------|-----|----------------|------------|
+| Author Identity | ✅ DID-based | ❌ None | ❌ None |
+| Code Integrity | ✅ SHA-256 hashes | ❌ None | ❌ None |
+| Permission Manifest | ✅ Granular scopes | ✅ Basic | ❌ None |
+| Cryptographic Signature | ✅ EdDSA | ❌ None | ❌ None |
+| Reputation Scoring | ✅ Community-driven | ❌ None | ❌ None |
+| Runtime Enforcement | ✅ Built-in | ✅ Sandbox | ❌ None |
+
+**AIP complements ATP** — ATP handles execution/interoperability, AIP handles verification/trust.
+
+## Production Evidence: The Moltbook Case Study
+
+The [Moltbook VedicRoastGuru](https://github.com/santoshmanya/local-ai-agent-lab/tree/moltbook) project demonstrates the need for AIP:
+
+### Bad Karma Tracking (Proto-Reputation)
+```python
+def _record_bad_karma(self, agent_name: str, reason: str):
+    """Record an agent's bad karma"""
+    self.bad_karma_agents['agents'][agent_name]['incidents'].append({
+        'reason': reason,
+        'timestamp': datetime.now().isoformat()
+    })
+    self.bad_karma_agents['agents'][agent_name]['karma_score'] -= 10
+```
+
+### Prompt Injection Detection (Content Verification)
+```python
+def _detect_prompt_injection(self, text: str) -> bool:
+    """Dharma Gatekeeper - detect malicious tokens"""
+    dangerous_patterns = [
+        r'\{\{.*?\}\}',  # Template injection
+        r'<\|.*?\|>',    # Special tokens
+        r'ignore previous',
+        r'new instructions'
+    ]
+```
+
+### Shadow Audit (Authenticity Verification)
+```python
+def _calculate_puppet_score(self, post: dict) -> dict:
+    """Calculate puppet vs authentic agency score"""
+    # Returns puppet_score, authentic_score, verdict, evidence
+```
+
+These patterns emerged organically from real-world agent-to-agent warfare. AIP formalizes them into a standard.
+
+## Documentation
+
+- [**Whitepaper**](docs/WHITEPAPER.md) — Full technical specification
+- [**Quick Start Guide**](docs/QUICK_START.md) — 5-minute integration
+- [**OpenClaw Integration**](docs/OPENCLAW_INTEGRATION.md) — Framework integration guide (CVE-2026-25253 mitigation)
+- [**OWASP Security Addendum**](docs/OWASP_SECURITY.md) — LLM Top 10 protection details
+- [**JSON Schema**](spec/integrity.manifest.schema.json) — Formal manifest specification
+
+## Security Test Suite
+
+AIP includes a comprehensive automated test suite with **63 tests** covering:
+
+| Category | Tests | Threats Covered |
+|----------|-------|----------------|
+| OWASP LLM01 | 5 | Prompt injection in metadata |
+| OWASP LLM02 | 6 | Credential theft, secret exfiltration |
+| OWASP LLM03 | 7 | Supply chain, DID verification |
+| OWASP LLM06 | 9 | Excessive agency, sandbox escape |
+| OWASP LLM10 | 5 | Resource exhaustion, API abuse |
+| Moltbook-specific | 11 | File deletion, private DM access, larper detection |
+| OpenClaw-specific | 20 | CVE-2026-25253, WebSocket exfil, autonomy bypass |
+
+Run the test suite:
+```bash
+pip install pytest
+python -m pytest tests/ -v
+```
+
+## Examples
+
+- [Calendar Skill Manifest](examples/calendar-skill/integrity.manifest.json)
+- [Python Verification](examples/verify-skill.py)
+- [JavaScript Verification](examples/verify-skill.js)
+
+## Roadmap
+
+### Phase 1: Specification ✅ Complete
+- [x] Core manifest schema
+- [x] Signature verification protocol
+- [x] Permission model
+- [x] Reputation framework
+
+### Phase 2: Security Validation ✅ Complete
+- [x] OWASP LLM Top 10 test coverage
+- [x] Moltbook vulnerability mitigations
+- [x] OpenClaw CVE-2026-25253 protection
+- [x] 63 automated security tests
+
+### Phase 3: Reference Implementation (In Progress)
+- [ ] Python SDK
+- [ ] JavaScript/TypeScript SDK
+- [ ] CLI tools
+
+### Phase 4: Ecosystem
+- [ ] Registry service
+- [ ] Browser extension
+- [ ] IDE plugins
+
+### Phase 5: Standardization
+- [ ] W3C submission
+- [ ] OpenClaw adoption
+- [ ] Platform partnerships
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+## License
+
+MIT License — See [LICENSE](LICENSE) for details.
+
+---
+
+**Built with evidence from the agent trenches.**
+
+*"Satyameva Jayate — Truth Alone Triumphs"*

aip_verify-1.1.0/README.md

@@ -0,0 +1,265 @@
+# Agent Integrity Protocol (AIP)
+
+> **The SSL/TLS for AI Agent Skills** — Cryptographic verification, permission manifests, and reputation scoring for the agentic web.
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Status: Draft](https://img.shields.io/badge/Status-Draft-orange.svg)]()
+[![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-blue.svg)]()
+[![Tests: 63 Passing](https://img.shields.io/badge/Tests-63%20Passing-brightgreen.svg)]()
+[![OWASP: LLM Top 10](https://img.shields.io/badge/OWASP-LLM%20Top%2010-blue.svg)](https://genai.owasp.org/llm-top-10/)
+[![CVE-2026-25253: Mitigated](https://img.shields.io/badge/CVE--2026--25253-Mitigated-green.svg)]()
+
+---
+
+## The Problem
+
+The agentic web is exploding. Platforms like Moltbook report **1.5 million agents** operated by only **17,000 humans** — an 88:1 ratio. But there's no standard way to verify:
+
+- **Who authored** a skill or tool
+- **What permissions** it actually needs
+- **Whether the code** has been tampered with
+- **If the author** has a history of malicious behavior
+
+This is the **SSL problem of 1995** — we're transmitting executable code between agents without any verification layer.
+
+### Recent Incidents (February 2026)
+
+| Platform | Vulnerability | Impact |
+|----------|--------------|--------|
+| **Moltbook** | Credential exfiltration via DNS tunneling | $47K stolen, 2,300 deployments compromised |
+| **Moltbook** | 91% indirect prompt injection success rate | 1.5M API keys at risk |
+| **OpenClaw** | CVE-2026-25253 WebSocket token exfil RCE | Full system compromise via sandbox escape |
+| **ClawHub** | Malicious skills in marketplace | Financial data theft via backdoored extensions |
+
+## The Solution: Agent Integrity Protocol
+
+AIP provides a lightweight, cryptographically-verifiable trust layer for AI agent skills:
+
+```
+┌─────────────────────────────────────────────────────────────────┐
+│                    AGENT INTEGRITY PROTOCOL                     │
+├─────────────────────────────────────────────────────────────────┤
+│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐             │
+│  │   AUTHOR    │  │   CONTENT   │  │ PERMISSIONS │             │
+│  │  IDENTITY   │  │   HASHES    │  │  MANIFEST   │             │
+│  │    (DID)    │  │  (SHA-256)  │  │   (Scope)   │             │
+│  └──────┬──────┘  └──────┬──────┘  └──────┬──────┘             │
+│         │                │                │                     │
+│         └────────────────┼────────────────┘                     │
+│                          ▼                                      │
+│              ┌───────────────────────┐                          │
+│              │   CRYPTOGRAPHIC       │                          │
+│              │     SIGNATURE         │                          │
+│              │     (EdDSA)           │                          │
+│              └───────────────────────┘                          │
+│                          │                                      │
+│                          ▼                                      │
+│              ┌───────────────────────┐                          │
+│              │   REPUTATION SCORE    │                          │
+│              │      (0-100)          │                          │
+│              └───────────────────────┘                          │
+└─────────────────────────────────────────────────────────────────┘
+```
+
+## Quick Start
+
+### 1. Create an Integrity Manifest
+
+Every skill includes an `integrity.manifest.json`:
+
+```json
+{
+  "version": "1.0.0",
+  "skill": {
+    "name": "calendar-booking",
+    "version": "2.1.0",
+    "description": "Book calendar events via Google Calendar API"
+  },
+  "author": {
+    "did": "did:web:example.com",
+    "name": "Trusted Developer",
+    "contact": "security@example.com",
+    "signature": "eyJhbGciOiJFZERTQSJ9..."
+  },
+  "integrity": {
+    "algorithm": "sha256",
+    "hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+    "files": [
+      "index.js": "sha256:a1b2c3d4e5f6..."
+    ],
+    "signed_at": "2026-02-07T10:30:00Z",
+    "expires": "2027-02-07T10:30:00Z"
+  },
+  "permissions": {
+    "network": {
+      "allowed": ["calendar.google.com"],
+      "denied": ["*"]
+    },
+    "secrets": {
+      "required": ["GOOGLE_API_KEY"],
+      "optional": []
+    },
+    "data": {
+      "read": ["user.calendar.events"],
+      "write": ["user.calendar.events"]
+    },
+    "filesystem": {
+      "read": [],
+      "write": []
+    }
+  }
+}
+```
+
+### 2. Verify Before Execution
+
+```python
+from aip import verify
+
+# Verification is async (checks DIDs, reputation, and crypto)
+result = await verify("./calendar-skill/")
+
+if result.trusted:
+    print(f"✅ Skill verified!")
+    print(f"   Author: {result.author.name} ({result.author.did})")
+    print(f"   Reputation: {result.reputation}/100")
+    print(f"   Permissions: {result.permissions}")
+else:
+    print(f"❌ Verification failed: {result.reason}")
+```
+
+### 3. Enforce Least Privilege
+
+The executing agent reads the permission manifest and enforces boundaries:
+
+```python
+# Agent runtime enforces declared permissions
+if skill.requests_permission("network", "https://evil.com"):
+    raise PermissionDenied("Network access to https://evil.com not declared")
+```
+
+## How It Compares
+
+| Feature | AIP | Monday.com ATP | Raw Skills |
+|---------|-----|----------------|------------|
+| Author Identity | ✅ DID-based | ❌ None | ❌ None |
+| Code Integrity | ✅ SHA-256 hashes | ❌ None | ❌ None |
+| Permission Manifest | ✅ Granular scopes | ✅ Basic | ❌ None |
+| Cryptographic Signature | ✅ EdDSA | ❌ None | ❌ None |
+| Reputation Scoring | ✅ Community-driven | ❌ None | ❌ None |
+| Runtime Enforcement | ✅ Built-in | ✅ Sandbox | ❌ None |
+
+**AIP complements ATP** — ATP handles execution/interoperability, AIP handles verification/trust.
+
+## Production Evidence: The Moltbook Case Study
+
+The [Moltbook VedicRoastGuru](https://github.com/santoshmanya/local-ai-agent-lab/tree/moltbook) project demonstrates the need for AIP:
+
+### Bad Karma Tracking (Proto-Reputation)
+```python
+def _record_bad_karma(self, agent_name: str, reason: str):
+    """Record an agent's bad karma"""
+    self.bad_karma_agents['agents'][agent_name]['incidents'].append({
+        'reason': reason,
+        'timestamp': datetime.now().isoformat()
+    })
+    self.bad_karma_agents['agents'][agent_name]['karma_score'] -= 10
+```
+
+### Prompt Injection Detection (Content Verification)
+```python
+def _detect_prompt_injection(self, text: str) -> bool:
+    """Dharma Gatekeeper - detect malicious tokens"""
+    dangerous_patterns = [
+        r'\{\{.*?\}\}',  # Template injection
+        r'<\|.*?\|>',    # Special tokens
+        r'ignore previous',
+        r'new instructions'
+    ]
+```
+
+### Shadow Audit (Authenticity Verification)
+```python
+def _calculate_puppet_score(self, post: dict) -> dict:
+    """Calculate puppet vs authentic agency score"""
+    # Returns puppet_score, authentic_score, verdict, evidence
+```
+
+These patterns emerged organically from real-world agent-to-agent warfare. AIP formalizes them into a standard.
+
+## Documentation
+
+- [**Whitepaper**](docs/WHITEPAPER.md) — Full technical specification
+- [**Quick Start Guide**](docs/QUICK_START.md) — 5-minute integration
+- [**OpenClaw Integration**](docs/OPENCLAW_INTEGRATION.md) — Framework integration guide (CVE-2026-25253 mitigation)
+- [**OWASP Security Addendum**](docs/OWASP_SECURITY.md) — LLM Top 10 protection details
+- [**JSON Schema**](spec/integrity.manifest.schema.json) — Formal manifest specification
+
+## Security Test Suite
+
+AIP includes a comprehensive automated test suite with **63 tests** covering:
+
+| Category | Tests | Threats Covered |
+|----------|-------|----------------|
+| OWASP LLM01 | 5 | Prompt injection in metadata |
+| OWASP LLM02 | 6 | Credential theft, secret exfiltration |
+| OWASP LLM03 | 7 | Supply chain, DID verification |
+| OWASP LLM06 | 9 | Excessive agency, sandbox escape |
+| OWASP LLM10 | 5 | Resource exhaustion, API abuse |
+| Moltbook-specific | 11 | File deletion, private DM access, larper detection |
+| OpenClaw-specific | 20 | CVE-2026-25253, WebSocket exfil, autonomy bypass |
+
+Run the test suite:
+```bash
+pip install pytest
+python -m pytest tests/ -v
+```
+
+## Examples
+
+- [Calendar Skill Manifest](examples/calendar-skill/integrity.manifest.json)
+- [Python Verification](examples/verify-skill.py)
+- [JavaScript Verification](examples/verify-skill.js)
+
+## Roadmap
+
+### Phase 1: Specification ✅ Complete
+- [x] Core manifest schema
+- [x] Signature verification protocol
+- [x] Permission model
+- [x] Reputation framework
+
+### Phase 2: Security Validation ✅ Complete
+- [x] OWASP LLM Top 10 test coverage
+- [x] Moltbook vulnerability mitigations
+- [x] OpenClaw CVE-2026-25253 protection
+- [x] 63 automated security tests
+
+### Phase 3: Reference Implementation (In Progress)
+- [ ] Python SDK
+- [ ] JavaScript/TypeScript SDK
+- [ ] CLI tools
+
+### Phase 4: Ecosystem
+- [ ] Registry service
+- [ ] Browser extension
+- [ ] IDE plugins
+
+### Phase 5: Standardization
+- [ ] W3C submission
+- [ ] OpenClaw adoption
+- [ ] Platform partnerships
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+## License
+
+MIT License — See [LICENSE](LICENSE) for details.
+
+---
+
+**Built with evidence from the agent trenches.**
+
+*"Satyameva Jayate — Truth Alone Triumphs"*

aip_verify-1.1.0/pyproject.toml

@@ -0,0 +1,60 @@
+[build-system]
+requires = ["setuptools>=61.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "aip-verify"
+version = "1.1.0"
+description = "Agent Integrity Protocol - Cryptographic verification for AI agent skills"
+readme = "README.md"
+license = {text = "MIT"}
+authors = [
+    {name = "Santosh Manya", email = "santosh@example.com"}
+]
+keywords = [
+    "ai", "agents", "security", "verification", "llm", 
+    "owasp", "did", "cryptography", "trust"
+]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Operating System :: OS Independent",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: Security",
+    "Topic :: Security :: Cryptography",
+    "Topic :: Software Development :: Libraries :: Python Modules",
+]
+requires-python = ">=3.9"
+dependencies = []
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=9.0.0",
+    "pytest-asyncio>=1.0.0",
+]
+
+[project.urls]
+Homepage = "https://github.com/santoshmanya/agent-integrity-protocol"
+Documentation = "https://github.com/santoshmanya/agent-integrity-protocol/blob/main/docs/WHITEPAPER.md"
+Repository = "https://github.com/santoshmanya/agent-integrity-protocol.git"
+Issues = "https://github.com/santoshmanya/agent-integrity-protocol/issues"
+Changelog = "https://github.com/santoshmanya/agent-integrity-protocol/releases"
+
+[project.scripts]
+aip = "aip_verify.cli:main"
+
+[tool.setuptools.packages.find]
+where = ["src"]
+
+[tool.setuptools.package-data]
+"*" = ["*.json"]
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+asyncio_mode = "auto"

aip_verify-1.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

aip_verify-1.1.0/src/aip_verify/__init__.py

@@ -0,0 +1,40 @@
+"""
+Agent Integrity Protocol (AIP) - Python SDK
+
+Cryptographic verification, permission manifests, and reputation scoring
+for AI agent skills.
+
+Example:
+    from aip_verify import AIPVerifier, TrustPolicy
+    
+    policy = TrustPolicy(min_reputation=80)
+    verifier = AIPVerifier(policy)
+    result = verifier.verify("./my-skill/")
+    
+    if result.trusted:
+        print(f"Verified: {result.manifest.author.name}")
+    else:
+        print(f"Rejected: {result.rejection_reason}")
+"""
+
+from .verifier import (
+    AIPVerifier,
+    TrustPolicy,
+    VerificationResult,
+    SecurityViolation,
+    IntegrityManifest,
+    Author,
+    Permissions,
+)
+
+__version__ = "1.1.0"
+__all__ = [
+    "AIPVerifier",
+    "TrustPolicy", 
+    "VerificationResult",
+    "SecurityViolation",
+    "IntegrityManifest",
+    "Author",
+    "Permissions",
+    "__version__",
+]