ar-io-proof 0.1.0__tar.gz

ar_io_proof-0.1.0/.github/workflows/ci.yml

@@ -0,0 +1,24 @@
+name: ci
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.12", "3.13"]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install
+        run: pip install -e .[dev]
+      - name: Format check
+        run: black --check src tests
+      - name: Conformance + unit tests
+        run: pytest -q

ar_io_proof-0.1.0/.github/workflows/release.yml

@@ -0,0 +1,45 @@
+name: release
+
+# Publishes to PyPI via Trusted Publishing (OIDC) — no token secrets.
+# Trigger: a maintainer pushes a v* tag (e.g. `git tag v0.1.0 && git push origin v0.1.0`).
+# One-time setup on pypi.org: add a "pending publisher" for project ar-io-proof
+# with owner=ar-io, repo=ar-io-proof, workflow=release.yml, environment=pypi.
+
+on:
+  push:
+    tags: ["v*"]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - name: Run the conformance gate before anything ships
+        run: |
+          pip install -e .[dev]
+          black --check src tests
+          pytest -q
+      - name: Build sdist + wheel
+        run: |
+          pip install build
+          python -m build
+      - uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+  publish:
+    needs: build
+    runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+      - uses: pypa/gh-action-pypi-publish@release/v1

ar_io_proof-0.1.0/.gitignore

@@ -0,0 +1,7 @@
+__pycache__/
+*.py[cod]
+*.egg-info/
+.venv/
+dist/
+build/
+.pytest_cache/

ar_io_proof-0.1.0/CLAUDE.md

@@ -0,0 +1,64 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## What this is
+
+`ar-io-proof` (import: `ario_proof`) — the standalone Python verification kernel of the ar.io
+verification stack, extracted from `ar-io-mlflow`'s proof engine. It implements exactly the five
+kernel primitives from `ar-io-agent/docs/stack/architecture.md` §3: RFC 8785 (JCS)
+canonicalization, SHA-256, Ed25519 sign/verify, RFC 9162 binary Merkle (incl. inclusion-proof
+bundles), and the accepted-`spec_version` registry. **No I/O, no networking, no key lifecycle** —
+those belong to producers (`ar-io-agent`, `ar-io-mlflow`), not the kernel.
+
+## Commands
+
+```bash
+python3 -m venv .venv && .venv/bin/pip install -e .[dev]   # one-time setup
+.venv/bin/pytest -q                                        # all tests (conformance is the contract)
+.venv/bin/pytest tests/test_conformance.py -q              # corpus gate only
+.venv/bin/black src tests                                  # format (CI runs black --check)
+```
+
+## The conformance contract
+
+`test-vectors/` is a byte-for-byte vendored copy of `ar-io-agent/test-vectors/` at tag
+**`test-vectors-v1.0`** (provenance: `test-vectors/VENDORING.md`). `tests/test_conformance.py`
+asserts, for every vector: SHA-256 corpus integrity against the CORPUS-v1.md table, JCS-canonical
+payload bytes, `payload_hash`, envelope-for-signature bytes, deterministic Ed25519 signatures, and
+Merkle roots / audit paths. **If the kernel disagrees with a vector, the kernel is wrong — never
+the vector.** Never edit vector files; re-sync only at a published corpus tag per
+`VENDORING.md`.
+
+## Spec pins (do not drift)
+
+- `envelope-spec.md` **v1.1 (ratified v1.0 2026-06-10, amended 2026-06-11 — additive, same
+  corpus tag)** — the family contract. Profiles accepted: `ario.agent/v1` (inline payload) and
+  `ario.mlflow/v1` (external commitment). Fail-closed on unknown majors.
+- Signed scope = the envelope minus **`signature`**, minus the reserved **`co_signatures`**
+  (envelope-spec §7.1), and — **profile-conditional** — minus underscore-prefixed annotation
+  keys for `ario.mlflow/v1` + legacy envelopes ONLY (mlflow convention, e.g. `_tx_id`). The
+  `ario.agent/v1` scope is minus-signature/co_signatures only, matching Go: an injected `_*`
+  key on an agent envelope MUST fail verification. The corpus can catch neither the
+  co_signatures strip nor the profile-conditionality — unit tests in `tests/test_envelope.py`
+  are the only guard; do not remove them because conformance still passes without them.
+- Merkle: RFC 9162 §2.1 domain separation (`0x00` leaf / `0x01` node), empty-tree root =
+  `SHA-256("")`. Never the Bitcoin duplicate-last-leaf variant.
+- Ed25519 is strict RFC 8032 (libsodium via PyNaCl) — matches Go `crypto/ed25519` and the JS
+  sibling's `zip215: false`.
+
+## Working rules
+
+- Verifiers must never raise on adversarial input — malformed envelopes return a failed
+  `VerificationResult`, they don't throw.
+- Each commit lands one primitive, CI-green, with tests in the same commit.
+- Dependencies are pinned to two load-bearing packages: `PyNaCl` and `jcs`. Adding a dependency
+  is a design decision, not a convenience.
+- Source siblings for cross-checks (read-only): Go reference `ar-io-agent/internal/{proof,merkle}`,
+  JS verifier `ar-io-proof-checker/src/{crypto,verifier}.ts`, origin kernel
+  `ar-io-mlflow/ario_mlflow/proof.py`.
+
+## Release
+
+`release.yml` publishes to PyPI via Trusted Publishing (OIDC) on a `v*` tag pushed by a
+maintainer. Version lives in `pyproject.toml` + `src/ario_proof/__init__.py`; bump both together.

ar_io_proof-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 ar.io
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

ar_io_proof-0.1.0/PKG-INFO

@@ -0,0 +1,185 @@
+Metadata-Version: 2.4
+Name: ar-io-proof
+Version: 0.1.0
+Summary: Verification kernel for the ar.io verification stack: RFC 8785 canonicalization, SHA-256, Ed25519 envelope sign/verify, RFC 9162 Merkle inclusion proofs.
+Project-URL: Repository, https://github.com/ar-io/ar-io-proof
+Project-URL: Issues, https://github.com/ar-io/ar-io-proof/issues
+Author: ar.io
+License: MIT License
+        
+        Copyright (c) 2026 ar.io
+        
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+        
+        The above copyright notice and this permission notice shall be included in all
+        copies or substantial portions of the Software.
+        
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+        SOFTWARE.
+License-File: LICENSE
+Keywords: ar.io,arweave,ed25519,jcs,merkle,provenance,rfc8785,rfc9162,verification
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security :: Cryptography
+Requires-Python: >=3.10
+Requires-Dist: jcs>=0.2.1
+Requires-Dist: pynacl>=1.5.0
+Provides-Extra: dev
+Requires-Dist: black>=24.0; extra == 'dev'
+Requires-Dist: pytest>=7.0; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# ar-io-proof
+
+Verification kernel for the [ar.io verification stack](https://github.com/ar-io): RFC 8785
+(JCS) canonicalization, SHA-256 hashing, Ed25519 envelope sign/verify, and RFC 9162 binary
+Merkle inclusion proofs — as a standalone, dependency-light Python package.
+
+```bash
+pip install ar-io-proof
+```
+
+## Quickstart
+
+Verify a signed envelope fetched from any Arweave gateway:
+
+```python
+import json
+import urllib.request
+
+from ario_proof import verify_envelope
+
+raw = urllib.request.urlopen("https://arweave.net/raw/<tx_id>").read()
+result = verify_envelope(json.loads(raw))
+
+assert result.ok            # spec_version + payload binding + Ed25519 signature
+print(result.to_dict())
+```
+
+Bind an artifact you hold to the provenance an envelope commits to (reverse lookup):
+
+```python
+import hashlib
+
+artifact_hash = hashlib.sha256(open("model.pkl", "rb").read()).hexdigest()
+result = verify_envelope(envelope, expected_content_hash=artifact_hash)
+print(result.content_hash_ok, result.content_role)   # True, "asset"
+```
+
+Verify an external-commitment (`ario.mlflow/v1`) envelope against the committed bytes:
+
+```python
+result = verify_envelope(envelope, payload_bytes=canonical_bytes)
+```
+
+Verify an inclusion-proof bundle (`ariod proof` output — proves a leaf was in a signed
+daily checkpoint):
+
+```python
+from ario_proof import verify_proof_bundle
+
+bundle = json.load(open("proof-bundle.json"))
+result = verify_proof_bundle(bundle)
+assert result.ok and result.inclusion_ok
+```
+
+Sign an envelope (producers):
+
+```python
+from ario_proof import sign_envelope, signing_key_from_seed_hex
+
+key = signing_key_from_seed_hex("<32-byte seed hex>")
+envelope = sign_envelope(
+    {
+        "spec_version": "ario.mlflow/v1",
+        "event_id": "...",
+        "event_type": "training_complete",
+        "subject": {"type": "mlflow_run", "run_id": "..."},
+        "payload_hash": "<sha256 of the committed canonical bytes>",
+        "previous_hash": "GENESIS",
+        "signed_at": "2026-06-10T00:00:00.000Z",
+    },
+    key,
+)
+```
+
+## What this package implements
+
+- The **Verifiable Event Envelope** family contract, `envelope-spec.md` **v1.1 (ratified
+  v1.0 2026-06-10, amended 2026-06-11 — additive, same conformance corpus)**, for two
+  profiles:
+  - **`ario.agent/v1`** — inline-payload envelopes minted by
+    [`ar-io-agent`](https://github.com/ar-io/ar-io-agent) (byte-level format:
+    `docs/artifact.md`).
+  - **`ario.mlflow/v1`** — external-commitment envelopes minted by
+    [`ar-io-mlflow`](https://github.com/ar-io/ar-io-mlflow).
+- The **RFC 9162** binary Merkle tree (leaf/node domain separation, audit paths, pinned
+  empty-tree root) and the **`ario.agent.proof/v1`** inclusion-proof bundle behind agent
+  verification checkpoints.
+- The **accepted-version registry**: `{ario.agent/v1, ario.mlflow/v1}`, fail-closed on
+  anything else. Envelopes that predate `spec_version` verify only with an explicit
+  `allow_legacy=True`.
+- The signed scope per the ratified contract: the envelope minus `signature`, minus the
+  reserved `co_signatures` field (envelope-spec §7.1), and — for `ario.mlflow/v1` and
+  legacy envelopes only — minus underscore-prefixed annotation keys. The `ario.agent/v1`
+  signed scope is minus `signature`/`co_signatures` only, matching the Go reference
+  byte-for-byte.
+
+The kernel is exactly the five primitives in the stack architecture's kernel scope — **no
+I/O, no networking, no key lifecycle**. Gateway fetching, attestation polling, and key
+storage belong to the products that import this.
+
+## Conformance
+
+This package is conformance-gated against the `ario.agent/v1` corpus at tag
+**`test-vectors-v1.0`**, vendored under [`test-vectors/`](test-vectors/) byte-for-byte (see
+[`test-vectors/VENDORING.md`](test-vectors/VENDORING.md) for provenance). CI asserts, for
+every vector: JCS-canonical bytes, payload hashes, envelope-for-signature bytes,
+deterministic signatures, Merkle roots, and audit paths — exact to the byte. If this
+package disagrees with a vector, the package is wrong — never the vector.
+
+mlflow-profile-specific behaviors (external commitment, underscore stripping, legacy
+acceptance) are covered by unit tests; the bidirectional cross-product gate against
+`ar-io-mlflow`'s production verifier lands when mlflow migrates to import this package.
+
+## Trust model
+
+`result.ok` proves: *the holder of the private key matching the envelope's `public_key`
+signed exactly these bytes, and the payload binding holds.* It does **not** prove whose key
+that is, or that the envelope is on Arweave — trust in the key comes from out of band (e.g.
+the agent's registration chain), and on-chain presence comes from fetching the TX yourself
+and re-verifying, which is exactly what the quickstart does. `signed_at` is the signer's
+claim, not a trusted timestamp; witnessed time comes from the Arweave block.
+
+## Development
+
+```bash
+python3 -m venv .venv && .venv/bin/pip install -e .[dev]
+.venv/bin/pytest -q          # the conformance gate is the contract
+.venv/bin/black src tests
+```
+
+Dependencies are deliberately two: [`PyNaCl`](https://pypi.org/project/PyNaCl/) (Ed25519,
+strict RFC 8032 — matches Go `crypto/ed25519` and the JS sibling verifier) and
+[`jcs`](https://pypi.org/project/jcs/) (reference RFC 8785).
+
+## License
+
+MIT — verifier-relevant code is deliberately MIT-licensed so third-party auditors can verify
+independently of ar.io.

ar_io_proof-0.1.0/README.md

@@ -0,0 +1,138 @@
+# ar-io-proof
+
+Verification kernel for the [ar.io verification stack](https://github.com/ar-io): RFC 8785
+(JCS) canonicalization, SHA-256 hashing, Ed25519 envelope sign/verify, and RFC 9162 binary
+Merkle inclusion proofs — as a standalone, dependency-light Python package.
+
+```bash
+pip install ar-io-proof
+```
+
+## Quickstart
+
+Verify a signed envelope fetched from any Arweave gateway:
+
+```python
+import json
+import urllib.request
+
+from ario_proof import verify_envelope
+
+raw = urllib.request.urlopen("https://arweave.net/raw/<tx_id>").read()
+result = verify_envelope(json.loads(raw))
+
+assert result.ok            # spec_version + payload binding + Ed25519 signature
+print(result.to_dict())
+```
+
+Bind an artifact you hold to the provenance an envelope commits to (reverse lookup):
+
+```python
+import hashlib
+
+artifact_hash = hashlib.sha256(open("model.pkl", "rb").read()).hexdigest()
+result = verify_envelope(envelope, expected_content_hash=artifact_hash)
+print(result.content_hash_ok, result.content_role)   # True, "asset"
+```
+
+Verify an external-commitment (`ario.mlflow/v1`) envelope against the committed bytes:
+
+```python
+result = verify_envelope(envelope, payload_bytes=canonical_bytes)
+```
+
+Verify an inclusion-proof bundle (`ariod proof` output — proves a leaf was in a signed
+daily checkpoint):
+
+```python
+from ario_proof import verify_proof_bundle
+
+bundle = json.load(open("proof-bundle.json"))
+result = verify_proof_bundle(bundle)
+assert result.ok and result.inclusion_ok
+```
+
+Sign an envelope (producers):
+
+```python
+from ario_proof import sign_envelope, signing_key_from_seed_hex
+
+key = signing_key_from_seed_hex("<32-byte seed hex>")
+envelope = sign_envelope(
+    {
+        "spec_version": "ario.mlflow/v1",
+        "event_id": "...",
+        "event_type": "training_complete",
+        "subject": {"type": "mlflow_run", "run_id": "..."},
+        "payload_hash": "<sha256 of the committed canonical bytes>",
+        "previous_hash": "GENESIS",
+        "signed_at": "2026-06-10T00:00:00.000Z",
+    },
+    key,
+)
+```
+
+## What this package implements
+
+- The **Verifiable Event Envelope** family contract, `envelope-spec.md` **v1.1 (ratified
+  v1.0 2026-06-10, amended 2026-06-11 — additive, same conformance corpus)**, for two
+  profiles:
+  - **`ario.agent/v1`** — inline-payload envelopes minted by
+    [`ar-io-agent`](https://github.com/ar-io/ar-io-agent) (byte-level format:
+    `docs/artifact.md`).
+  - **`ario.mlflow/v1`** — external-commitment envelopes minted by
+    [`ar-io-mlflow`](https://github.com/ar-io/ar-io-mlflow).
+- The **RFC 9162** binary Merkle tree (leaf/node domain separation, audit paths, pinned
+  empty-tree root) and the **`ario.agent.proof/v1`** inclusion-proof bundle behind agent
+  verification checkpoints.
+- The **accepted-version registry**: `{ario.agent/v1, ario.mlflow/v1}`, fail-closed on
+  anything else. Envelopes that predate `spec_version` verify only with an explicit
+  `allow_legacy=True`.
+- The signed scope per the ratified contract: the envelope minus `signature`, minus the
+  reserved `co_signatures` field (envelope-spec §7.1), and — for `ario.mlflow/v1` and
+  legacy envelopes only — minus underscore-prefixed annotation keys. The `ario.agent/v1`
+  signed scope is minus `signature`/`co_signatures` only, matching the Go reference
+  byte-for-byte.
+
+The kernel is exactly the five primitives in the stack architecture's kernel scope — **no
+I/O, no networking, no key lifecycle**. Gateway fetching, attestation polling, and key
+storage belong to the products that import this.
+
+## Conformance
+
+This package is conformance-gated against the `ario.agent/v1` corpus at tag
+**`test-vectors-v1.0`**, vendored under [`test-vectors/`](test-vectors/) byte-for-byte (see
+[`test-vectors/VENDORING.md`](test-vectors/VENDORING.md) for provenance). CI asserts, for
+every vector: JCS-canonical bytes, payload hashes, envelope-for-signature bytes,
+deterministic signatures, Merkle roots, and audit paths — exact to the byte. If this
+package disagrees with a vector, the package is wrong — never the vector.
+
+mlflow-profile-specific behaviors (external commitment, underscore stripping, legacy
+acceptance) are covered by unit tests; the bidirectional cross-product gate against
+`ar-io-mlflow`'s production verifier lands when mlflow migrates to import this package.
+
+## Trust model
+
+`result.ok` proves: *the holder of the private key matching the envelope's `public_key`
+signed exactly these bytes, and the payload binding holds.* It does **not** prove whose key
+that is, or that the envelope is on Arweave — trust in the key comes from out of band (e.g.
+the agent's registration chain), and on-chain presence comes from fetching the TX yourself
+and re-verifying, which is exactly what the quickstart does. `signed_at` is the signer's
+claim, not a trusted timestamp; witnessed time comes from the Arweave block.
+
+## Development
+
+```bash
+python3 -m venv .venv && .venv/bin/pip install -e .[dev]
+.venv/bin/pytest -q          # the conformance gate is the contract
+.venv/bin/black src tests
+```
+
+Dependencies are deliberately two: [`PyNaCl`](https://pypi.org/project/PyNaCl/) (Ed25519,
+strict RFC 8032 — matches Go `crypto/ed25519` and the JS sibling verifier) and
+[`jcs`](https://pypi.org/project/jcs/) (reference RFC 8785).
+
+## License
+
+MIT — verifier-relevant code is deliberately MIT-licensed so third-party auditors can verify
+independently of ar.io.

ar_io_proof-0.1.0/pyproject.toml

@@ -0,0 +1,47 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "ar-io-proof"
+version = "0.1.0"
+description = "Verification kernel for the ar.io verification stack: RFC 8785 canonicalization, SHA-256, Ed25519 envelope sign/verify, RFC 9162 Merkle inclusion proofs."
+readme = "README.md"
+license = { file = "LICENSE" }
+requires-python = ">=3.10"
+authors = [{ name = "ar.io" }]
+keywords = ["arweave", "ar.io", "verification", "ed25519", "jcs", "rfc8785", "rfc9162", "merkle", "provenance"]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: Security :: Cryptography",
+]
+dependencies = [
+    "PyNaCl>=1.5.0",
+    "jcs>=0.2.1",
+]
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=7.0",
+    "black>=24.0",
+]
+
+[project.urls]
+Repository = "https://github.com/ar-io/ar-io-proof"
+Issues = "https://github.com/ar-io/ar-io-proof/issues"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/ario_proof"]
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+
+[tool.black]
+target-version = ["py310", "py311", "py312", "py313"]

ar_io_proof-0.1.0/src/ario_proof/__init__.py

@@ -0,0 +1,60 @@
+"""ar-io-proof: verification kernel for the ar.io verification stack.
+
+Implements the Verifiable Event Envelope family contract (envelope-spec.md
+v1.1 — ratified v1.0 2026-06-10, amended 2026-06-11) for the
+``ario.agent/v1`` and ``ario.mlflow/v1`` profiles, plus the RFC 9162 binary
+Merkle tree behind agent verification checkpoints. Conformance-gated against
+the ``test-vectors-v1.0`` corpus.
+"""
+
+from .bundle import BUNDLE_SPEC_VERSION, BundleVerificationResult, verify_proof_bundle
+from .canonicalize import canonical_json, normalize_floats
+from .envelope import (
+    ACCEPTED_SPEC_VERSIONS,
+    VerificationResult,
+    content_hashes,
+    envelope_for_signature,
+    sign_envelope,
+    spec_version_supported,
+    verify_envelope,
+)
+from .hash import sha256_hex
+from .merkle import (
+    EMPTY_TREE_ROOT_HEX,
+    audit_path,
+    leaf_hash,
+    merkle_root,
+    node_hash,
+    verify_inclusion,
+)
+from .sign import public_key_hex, sign, signing_key_from_seed_hex
+from .verify import verify_signature
+
+__version__ = "0.1.0"
+
+__all__ = [
+    "__version__",
+    "ACCEPTED_SPEC_VERSIONS",
+    "BUNDLE_SPEC_VERSION",
+    "BundleVerificationResult",
+    "EMPTY_TREE_ROOT_HEX",
+    "VerificationResult",
+    "audit_path",
+    "leaf_hash",
+    "merkle_root",
+    "node_hash",
+    "verify_inclusion",
+    "verify_proof_bundle",
+    "canonical_json",
+    "content_hashes",
+    "envelope_for_signature",
+    "normalize_floats",
+    "public_key_hex",
+    "sha256_hex",
+    "sign",
+    "sign_envelope",
+    "signing_key_from_seed_hex",
+    "spec_version_supported",
+    "verify_envelope",
+    "verify_signature",
+]