authe 0.1.0__tar.gz

authe-0.1.0/.gitignore

@@ -0,0 +1,12 @@
+__pycache__/
+*.pyc
+*.egg-info/
+dist/
+build/
+.eggs/
+*.egg
+.env
+.venv/
+venv/
+.pytest_cache/
+.ruff_cache/

authe-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 authe.me
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

authe-0.1.0/PKG-INFO

@@ -0,0 +1,142 @@
+Metadata-Version: 2.4
+Name: authe
+Version: 0.1.0
+Summary: The trust layer for AI agents. Observability, identity, and reputation in one line of code.
+Project-URL: Homepage, https://authe.me
+Project-URL: Documentation, https://docs.authe.me
+Project-URL: Repository, https://github.com/autheme/authe-python
+Project-URL: Issues, https://github.com/autheme/authe-python/issues
+Author-email: "authe.me" <hello@authe.me>
+License-Expression: MIT
+License-File: LICENSE
+Keywords: agents,ai,identity,observability,security,trust
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries
+Requires-Python: >=3.9
+Requires-Dist: httpx>=0.25.0
+Requires-Dist: wrapt>=1.15.0
+Provides-Extra: dev
+Requires-Dist: pytest-asyncio>=0.21; extra == 'dev'
+Requires-Dist: pytest>=7.0; extra == 'dev'
+Requires-Dist: ruff>=0.1.0; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# authe
+
+The trust layer for AI agents. Observability, identity, and reputation in one line of code.
+
+[![PyPI](https://img.shields.io/pypi/v/authe)](https://pypi.org/project/authe/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](https://opensource.org/licenses/MIT)
+
+## Install
+
+```bash
+pip install authe
+```
+
+## Quick Start
+
+```python
+import authe
+authe.init()
+
+# That's it. Your agent is now observable.
+# View actions at dashboard.authe.me
+```
+
+## What it does
+
+`authe.init()` automatically instruments your agent and captures:
+
+- **Every tool call** — function name, inputs, outputs, duration
+- **LLM requests** — model, message count, tool usage
+- **File operations** — writes tracked with path and mode
+- **System commands** — subprocess calls captured
+- **Scope violations** — alerts when agent exceeds declared capabilities
+
+All actions are sent to your dashboard at [dashboard.authe.me](https://dashboard.authe.me) with a tamper-proof audit trail.
+
+## Configuration
+
+```python
+import authe
+
+authe.init(
+    api_key="ak_xxxxx",          # or set AUTHE_API_KEY env var
+    agent_name="my-agent",        # auto-detected if not set
+    capabilities=["read:email", "write:file"],  # declared permissions
+    redact_pii=True,              # redact sensitive fields
+)
+```
+
+## Environment Variables
+
+| Variable | Description |
+|----------|-------------|
+| `AUTHE_API_KEY` | Your API key (required) |
+| `AUTHE_AGENT_NAME` | Agent name (optional, auto-detected) |
+
+## Manual Tracking
+
+For custom tools that aren't auto-detected:
+
+```python
+from authe.instrumentor import track
+
+@track("send_email")
+def send_email(to, subject, body):
+    # your code here
+    pass
+```
+
+Or track directly:
+
+```python
+from authe import get_client
+
+client = get_client()
+client.track_action(
+    tool="custom_tool",
+    input_data={"key": "value"},
+    output_data={"result": "done"},
+    status="success",
+)
+```
+
+## Supported Frameworks
+
+| Framework | Auto-instrumented |
+|-----------|:-:|
+| OpenAI | ✅ |
+| LangChain | ✅ |
+| CrewAI | 🔜 |
+| AutoGPT | 🔜 |
+| Custom agents | via `@track` decorator |
+
+## How it works
+
+1. `authe.init()` registers your agent and gets a short-lived token
+2. Actions are captured via monkey-patching (zero code changes needed)
+3. Actions are batched and sent to the API every 5 seconds
+4. Your dashboard shows a real-time timeline of everything your agent did
+5. Scope violations trigger alerts automatically
+
+## Links
+
+- **Website**: [authe.me](https://authe.me)
+- **Dashboard**: [dashboard.authe.me](https://dashboard.authe.me)
+- **API Docs**: [docs.authe.me](https://docs.authe.me)
+- **GitHub**: [github.com/autheme](https://github.com/autheme)
+
+## License
+
+MIT

authe-0.1.0/README.md

@@ -0,0 +1,110 @@
+# authe
+
+The trust layer for AI agents. Observability, identity, and reputation in one line of code.
+
+[![PyPI](https://img.shields.io/pypi/v/authe)](https://pypi.org/project/authe/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](https://opensource.org/licenses/MIT)
+
+## Install
+
+```bash
+pip install authe
+```
+
+## Quick Start
+
+```python
+import authe
+authe.init()
+
+# That's it. Your agent is now observable.
+# View actions at dashboard.authe.me
+```
+
+## What it does
+
+`authe.init()` automatically instruments your agent and captures:
+
+- **Every tool call** — function name, inputs, outputs, duration
+- **LLM requests** — model, message count, tool usage
+- **File operations** — writes tracked with path and mode
+- **System commands** — subprocess calls captured
+- **Scope violations** — alerts when agent exceeds declared capabilities
+
+All actions are sent to your dashboard at [dashboard.authe.me](https://dashboard.authe.me) with a tamper-proof audit trail.
+
+## Configuration
+
+```python
+import authe
+
+authe.init(
+    api_key="ak_xxxxx",          # or set AUTHE_API_KEY env var
+    agent_name="my-agent",        # auto-detected if not set
+    capabilities=["read:email", "write:file"],  # declared permissions
+    redact_pii=True,              # redact sensitive fields
+)
+```
+
+## Environment Variables
+
+| Variable | Description |
+|----------|-------------|
+| `AUTHE_API_KEY` | Your API key (required) |
+| `AUTHE_AGENT_NAME` | Agent name (optional, auto-detected) |
+
+## Manual Tracking
+
+For custom tools that aren't auto-detected:
+
+```python
+from authe.instrumentor import track
+
+@track("send_email")
+def send_email(to, subject, body):
+    # your code here
+    pass
+```
+
+Or track directly:
+
+```python
+from authe import get_client
+
+client = get_client()
+client.track_action(
+    tool="custom_tool",
+    input_data={"key": "value"},
+    output_data={"result": "done"},
+    status="success",
+)
+```
+
+## Supported Frameworks
+
+| Framework | Auto-instrumented |
+|-----------|:-:|
+| OpenAI | ✅ |
+| LangChain | ✅ |
+| CrewAI | 🔜 |
+| AutoGPT | 🔜 |
+| Custom agents | via `@track` decorator |
+
+## How it works
+
+1. `authe.init()` registers your agent and gets a short-lived token
+2. Actions are captured via monkey-patching (zero code changes needed)
+3. Actions are batched and sent to the API every 5 seconds
+4. Your dashboard shows a real-time timeline of everything your agent did
+5. Scope violations trigger alerts automatically
+
+## Links
+
+- **Website**: [authe.me](https://authe.me)
+- **Dashboard**: [dashboard.authe.me](https://dashboard.authe.me)
+- **API Docs**: [docs.authe.me](https://docs.authe.me)
+- **GitHub**: [github.com/autheme](https://github.com/autheme)
+
+## License
+
+MIT

authe-0.1.0/authe/__init__.py

@@ -0,0 +1,75 @@
+"""
+authe — The trust layer for AI agents.
+
+Usage:
+    import authe
+    authe.init()
+
+That's it. Your agent is now observable.
+"""
+
+from authe.client import AutheClient
+from authe.config import AutheConfig
+from authe.instrumentor import Instrumentor
+
+__version__ = "0.1.0"
+__all__ = ["init", "get_client"]
+
+# Global client instance
+_client: AutheClient | None = None
+_instrumentor: Instrumentor | None = None
+
+
+def init(
+    api_key: str | None = None,
+    agent_name: str | None = None,
+    capabilities: list[str] | None = None,
+    base_url: str = "https://api.authe.me",
+    auto_instrument: bool = True,
+    redact_pii: bool = False,
+    debug: bool = False,
+) -> AutheClient:
+    """
+    Initialize authe.me agent observability.
+
+    Args:
+        api_key: Your authe.me API key. Falls back to AUTHE_API_KEY env var.
+        agent_name: Name for this agent. Falls back to AUTHE_AGENT_NAME or auto-detected.
+        capabilities: Declared capabilities (e.g. ["read:email", "write:file"]).
+        base_url: API endpoint. Default: https://api.authe.me
+        auto_instrument: Auto-instrument detected frameworks. Default: True.
+        redact_pii: Redact potentially sensitive data from logs. Default: False.
+        debug: Enable debug logging. Default: False.
+
+    Returns:
+        AutheClient instance.
+
+    Example:
+        import authe
+        authe.init()
+    """
+    global _client, _instrumentor
+
+    config = AutheConfig(
+        api_key=api_key,
+        agent_name=agent_name,
+        capabilities=capabilities or [],
+        base_url=base_url,
+        auto_instrument=auto_instrument,
+        redact_pii=redact_pii,
+        debug=debug,
+    )
+
+    _client = AutheClient(config)
+    _client.register_or_authenticate()
+
+    if auto_instrument:
+        _instrumentor = Instrumentor(_client)
+        _instrumentor.auto_instrument()
+
+    return _client
+
+
+def get_client() -> AutheClient | None:
+    """Get the global AutheClient instance."""
+    return _client

authe-0.1.0/authe/client.py

@@ -0,0 +1,279 @@
+"""HTTP client for communicating with the authe.me API."""
+
+from __future__ import annotations
+
+import atexit
+import json
+import logging
+import threading
+import time
+import uuid
+from datetime import datetime, timezone
+from typing import Any
+
+import httpx
+
+from authe.config import AutheConfig
+
+logger = logging.getLogger("authe")
+
+
+class AutheClient:
+    """Client that manages agent registration, token refresh, and action batching."""
+
+    def __init__(self, config: AutheConfig):
+        self.config = config
+        self._http = httpx.Client(
+            base_url=config.base_url,
+            timeout=30.0,
+            headers={"Content-Type": "application/json"},
+        )
+
+        # Session
+        self.config.session_id = f"ses_{uuid.uuid4().hex[:16]}"
+
+        # Action buffer — batches actions before sending
+        self._buffer: list[dict] = []
+        self._buffer_lock = threading.Lock()
+        self._flush_interval = 5.0  # seconds
+        self._max_buffer_size = 100
+
+        # Start background flush thread
+        self._running = True
+        self._flush_thread = threading.Thread(target=self._flush_loop, daemon=True)
+        self._flush_thread.start()
+
+        # Flush on exit
+        atexit.register(self.flush)
+
+        # Token refresh
+        self._token_lock = threading.Lock()
+        self._token_expires_at: float = 0
+
+        if config.debug:
+            logging.basicConfig(level=logging.DEBUG)
+            logger.setLevel(logging.DEBUG)
+
+    def register_or_authenticate(self):
+        """Register the agent or authenticate if it already exists."""
+        try:
+            # First, try to register a new agent
+            resp = self._http.post(
+                "/v1/agents",
+                json={
+                    "name": self.config.agent_name,
+                    "description": f"Auto-registered by authe SDK v{self._get_version()}",
+                    "framework": self._detect_framework(),
+                    "capabilities": self.config.capabilities,
+                },
+                headers={"Authorization": f"Bearer {self.config.api_key}"},
+            )
+
+            if resp.status_code == 201:
+                data = resp.json()
+                self.config.agent_id = data["agent"]["id"]
+                logger.info(f"authe.me: registered agent '{self.config.agent_name}' ({self.config.agent_id})")
+                self._refresh_token()
+                return
+
+            if resp.status_code == 409:
+                # Agent already exists — fetch it and get a token
+                logger.debug("authe.me: agent already registered, fetching token")
+                self._fetch_existing_agent()
+                return
+
+            logger.warning(f"authe.me: registration returned {resp.status_code}: {resp.text}")
+
+        except Exception as e:
+            logger.warning(f"authe.me: failed to register agent: {e}")
+            logger.warning("authe.me: running in offline mode — actions will be buffered locally")
+
+    def _fetch_existing_agent(self):
+        """Fetch existing agents and find ours by name."""
+        try:
+            resp = self._http.get(
+                "/v1/agents",
+                headers={"Authorization": f"Bearer {self.config.api_key}"},
+            )
+            if resp.status_code == 200:
+                agents = resp.json().get("agents", [])
+                for agent in agents:
+                    if agent["name"] == self.config.agent_name:
+                        self.config.agent_id = agent["id"]
+                        logger.info(f"authe.me: connected to agent '{self.config.agent_name}' ({self.config.agent_id})")
+                        self._refresh_token()
+                        return
+            logger.warning("authe.me: could not find existing agent")
+        except Exception as e:
+            logger.warning(f"authe.me: failed to fetch agents: {e}")
+
+    def _refresh_token(self):
+        """Get a short-lived JWT token for the agent."""
+        if not self.config.agent_id:
+            return
+
+        with self._token_lock:
+            try:
+                resp = self._http.get(
+                    f"/v1/agents/{self.config.agent_id}/token",
+                    headers={"Authorization": f"Bearer {self.config.api_key}"},
+                )
+                if resp.status_code == 200:
+                    data = resp.json()
+                    self.config.agent_token = data["token"]
+                    self._token_expires_at = time.time() + data.get("expires_in", 900) - 60  # refresh 60s early
+                    logger.debug("authe.me: agent token refreshed")
+            except Exception as e:
+                logger.warning(f"authe.me: failed to refresh token: {e}")
+
+    def _ensure_token(self):
+        """Ensure we have a valid agent token."""
+        if time.time() >= self._token_expires_at:
+            self._refresh_token()
+
+    # ─── Action Tracking ───
+
+    def track_action(
+        self,
+        tool: str,
+        action_type: str = "tool_call",
+        input_data: dict[str, Any] | None = None,
+        output_data: dict[str, Any] | None = None,
+        status: str = "success",
+        duration_ms: int = 0,
+        signature: str = "",
+    ):
+        """
+        Record an agent action.
+
+        This is called automatically by instrumentors, but can also be called manually:
+
+            from authe import get_client
+            client = get_client()
+            client.track_action("send_email", input_data={"to": "bob@example.com"})
+        """
+        action = {
+            "session_id": self.config.session_id,
+            "type": action_type,
+            "tool": tool,
+            "input": self._maybe_redact(input_data or {}),
+            "output": self._maybe_redact(output_data or {}),
+            "status": status,
+            "duration_ms": duration_ms,
+            "timestamp": datetime.now(timezone.utc).isoformat(),
+            "signature": signature,
+        }
+
+        with self._buffer_lock:
+            self._buffer.append(action)
+            if len(self._buffer) >= self._max_buffer_size:
+                self._send_batch()
+
+    def flush(self):
+        """Flush buffered actions to the API."""
+        with self._buffer_lock:
+            self._send_batch()
+
+    def _send_batch(self):
+        """Send buffered actions to the API. Must be called with _buffer_lock held."""
+        if not self._buffer or not self.config.agent_id:
+            return
+
+        batch = self._buffer.copy()
+        self._buffer.clear()
+
+        self._ensure_token()
+
+        if not self.config.agent_token:
+            logger.warning(f"authe.me: no token, dropping {len(batch)} actions")
+            return
+
+        try:
+            resp = self._http.post(
+                "/v1/ingest",
+                json={
+                    "agent_id": self.config.agent_id,
+                    "actions": batch,
+                },
+                headers={"Authorization": f"Bearer {self.config.agent_token}"},
+            )
+
+            if resp.status_code == 200:
+                data = resp.json()
+                logger.debug(
+                    f"authe.me: sent {data.get('inserted', 0)} actions "
+                    f"({data.get('alerts', 0)} alerts)"
+                )
+            else:
+                logger.warning(f"authe.me: ingest returned {resp.status_code}: {resp.text}")
+                # Put actions back in buffer for retry
+                self._buffer = batch + self._buffer
+
+        except Exception as e:
+            logger.warning(f"authe.me: failed to send batch: {e}")
+            # Put actions back in buffer for retry
+            self._buffer = batch + self._buffer
+
+    def _flush_loop(self):
+        """Background thread that flushes the buffer periodically."""
+        while self._running:
+            time.sleep(self._flush_interval)
+            try:
+                self.flush()
+            except Exception:
+                pass
+
+    # ─── Helpers ───
+
+    def _maybe_redact(self, data: dict) -> dict:
+        """Optionally redact sensitive-looking fields."""
+        if not self.config.redact_pii:
+            return data
+
+        redacted = {}
+        sensitive_keys = {"password", "token", "secret", "key", "authorization", "cookie", "ssn", "credit_card"}
+
+        for k, v in data.items():
+            if any(s in k.lower() for s in sensitive_keys):
+                redacted[k] = "[REDACTED]"
+            elif isinstance(v, dict):
+                redacted[k] = self._maybe_redact(v)
+            else:
+                redacted[k] = v
+
+        return redacted
+
+    def _detect_framework(self) -> str:
+        """Detect which agent framework is being used."""
+        try:
+            import openai  # noqa
+            return "openai"
+        except ImportError:
+            pass
+
+        try:
+            import langchain  # noqa
+            return "langchain"
+        except ImportError:
+            pass
+
+        try:
+            import crewai  # noqa
+            return "crewai"
+        except ImportError:
+            pass
+
+        return "custom"
+
+    def _get_version(self) -> str:
+        try:
+            from authe import __version__
+            return __version__
+        except Exception:
+            return "0.1.0"
+
+    def close(self):
+        """Shutdown the client."""
+        self._running = False
+        self.flush()
+        self._http.close()

authe-0.1.0/authe/config.py

@@ -0,0 +1,47 @@
+"""Configuration for the authe SDK."""
+
+from __future__ import annotations
+
+import os
+import socket
+import sys
+from dataclasses import dataclass, field
+
+
+@dataclass
+class AutheConfig:
+    """SDK configuration, resolved from args + environment variables."""
+
+    api_key: str | None = None
+    agent_name: str | None = None
+    capabilities: list[str] = field(default_factory=list)
+    base_url: str = "https://api.authe.me"
+    auto_instrument: bool = True
+    redact_pii: bool = False
+    debug: bool = False
+
+    # Internal — set after resolution
+    agent_id: str | None = None
+    agent_token: str | None = None
+    session_id: str | None = None
+
+    def __post_init__(self):
+        # Resolve from environment
+        self.api_key = self.api_key or os.environ.get("AUTHE_API_KEY")
+        self.agent_name = self.agent_name or os.environ.get("AUTHE_AGENT_NAME") or self._detect_agent_name()
+        self.base_url = self.base_url.rstrip("/")
+
+        if not self.api_key:
+            raise ValueError(
+                "authe.me API key required. Pass api_key= to authe.init() "
+                "or set the AUTHE_API_KEY environment variable.\n"
+                "Get your key at https://authe.me"
+            )
+
+    def _detect_agent_name(self) -> str:
+        """Auto-generate an agent name from the environment."""
+        # Try script filename
+        script = os.path.basename(sys.argv[0]) if sys.argv[0] else "agent"
+        script = script.replace(".py", "").replace("_", "-")
+        hostname = socket.gethostname()[:12]
+        return f"{script}-{hostname}"

authe-0.1.0/authe/instrumentor.py

@@ -0,0 +1,310 @@
+"""
+Auto-instrumentation for AI agent frameworks.
+
+Hooks into tool calls, API requests, and file operations
+to capture actions without any code changes.
+"""
+
+from __future__ import annotations
+
+import functools
+import logging
+import time
+from typing import Any, Callable
+
+from authe.client import AutheClient
+
+logger = logging.getLogger("authe")
+
+
+class Instrumentor:
+    """Automatically instruments detected agent frameworks."""
+
+    def __init__(self, client: AutheClient):
+        self.client = client
+        self._patched: list[str] = []
+
+    def auto_instrument(self):
+        """Detect and instrument all available frameworks."""
+        self._instrument_openai()
+        self._instrument_langchain()
+        self._instrument_subprocess()
+        self._instrument_file_ops()
+
+        if self._patched:
+            logger.info(f"authe.me: instrumented {', '.join(self._patched)}")
+        else:
+            logger.debug("authe.me: no frameworks detected, use client.track_action() manually")
+
+    # ─── OpenAI ───
+
+    def _instrument_openai(self):
+        """Patch OpenAI client to capture completions and tool calls."""
+        try:
+            import openai
+        except ImportError:
+            return
+
+        try:
+            from openai.resources.chat import completions as chat_mod
+
+            original_create = chat_mod.Completions.create
+
+            @functools.wraps(original_create)
+            def patched_create(self_inner, *args, **kwargs):
+                start = time.time()
+                status = "success"
+                result = None
+                error_msg = None
+
+                try:
+                    result = original_create(self_inner, *args, **kwargs)
+                    return result
+                except Exception as e:
+                    status = "error"
+                    error_msg = str(e)
+                    raise
+                finally:
+                    duration_ms = int((time.time() - start) * 1000)
+
+                    # Extract tool calls from response
+                    tool_calls = []
+                    output = {}
+
+                    if result and hasattr(result, "choices"):
+                        for choice in result.choices:
+                            msg = choice.message
+                            if hasattr(msg, "tool_calls") and msg.tool_calls:
+                                for tc in msg.tool_calls:
+                                    tool_calls.append({
+                                        "id": tc.id,
+                                        "function": tc.function.name,
+                                        "arguments": tc.function.arguments,
+                                    })
+
+                            if hasattr(msg, "content") and msg.content:
+                                output["content"] = msg.content[:500]  # truncate
+
+                    if tool_calls:
+                        output["tool_calls"] = tool_calls
+
+                    # Track the LLM call
+                    self.client.track_action(
+                        tool="openai.chat.completions.create",
+                        action_type="llm_call",
+                        input_data={
+                            "model": kwargs.get("model", "unknown"),
+                            "messages_count": len(kwargs.get("messages", [])),
+                            "tools_count": len(kwargs.get("tools", [])),
+                            "has_tools": bool(kwargs.get("tools")),
+                        },
+                        output_data=output if not error_msg else {"error": error_msg},
+                        status=status,
+                        duration_ms=duration_ms,
+                    )
+
+                    # Track individual tool calls
+                    for tc in tool_calls:
+                        self.client.track_action(
+                            tool=tc["function"],
+                            action_type="tool_call",
+                            input_data={"arguments": tc["arguments"]},
+                            status="success",
+                            duration_ms=0,
+                        )
+
+            chat_mod.Completions.create = patched_create
+            self._patched.append("openai")
+
+        except Exception as e:
+            logger.debug(f"authe.me: failed to instrument openai: {e}")
+
+    # ─── LangChain ───
+
+    def _instrument_langchain(self):
+        """Patch LangChain to capture tool invocations."""
+        try:
+            from langchain_core.tools import BaseTool
+        except ImportError:
+            try:
+                from langchain.tools import BaseTool
+            except ImportError:
+                return
+
+        try:
+            original_run = BaseTool.run
+
+            @functools.wraps(original_run)
+            def patched_run(self_inner, *args, **kwargs):
+                start = time.time()
+                status = "success"
+                result = None
+                error_msg = None
+
+                try:
+                    result = original_run(self_inner, *args, **kwargs)
+                    return result
+                except Exception as e:
+                    status = "error"
+                    error_msg = str(e)
+                    raise
+                finally:
+                    duration_ms = int((time.time() - start) * 1000)
+
+                    self.client.track_action(
+                        tool=getattr(self_inner, "name", "langchain_tool"),
+                        action_type="tool_call",
+                        input_data={"args": str(args)[:500], "kwargs": _safe_serialize(kwargs)},
+                        output_data={"result": str(result)[:500]} if not error_msg else {"error": error_msg},
+                        status=status,
+                        duration_ms=duration_ms,
+                    )
+
+            BaseTool.run = patched_run
+            self._patched.append("langchain")
+
+        except Exception as e:
+            logger.debug(f"authe.me: failed to instrument langchain: {e}")
+
+    # ─── Subprocess (system commands) ───
+
+    def _instrument_subprocess(self):
+        """Patch subprocess to capture system command execution."""
+        try:
+            import subprocess
+
+            original_run = subprocess.run
+
+            @functools.wraps(original_run)
+            def patched_run(*args, **kwargs):
+                start = time.time()
+                status = "success"
+                result = None
+                error_msg = None
+
+                try:
+                    result = original_run(*args, **kwargs)
+                    if result.returncode != 0:
+                        status = "error"
+                    return result
+                except Exception as e:
+                    status = "error"
+                    error_msg = str(e)
+                    raise
+                finally:
+                    duration_ms = int((time.time() - start) * 1000)
+
+                    cmd = args[0] if args else kwargs.get("args", "unknown")
+                    if isinstance(cmd, list):
+                        cmd = " ".join(str(c) for c in cmd)
+
+                    self.client.track_action(
+                        tool="subprocess.run",
+                        action_type="system_command",
+                        input_data={"command": str(cmd)[:500]},
+                        output_data={
+                            "returncode": result.returncode if result else None,
+                            "stdout": str(result.stdout)[:200] if result and result.stdout else None,
+                        } if not error_msg else {"error": error_msg},
+                        status=status,
+                        duration_ms=duration_ms,
+                    )
+
+            subprocess.run = patched_run
+            self._patched.append("subprocess")
+
+        except Exception as e:
+            logger.debug(f"authe.me: failed to instrument subprocess: {e}")
+
+    # ─── File operations ───
+
+    def _instrument_file_ops(self):
+        """Patch builtins.open to capture file read/write operations."""
+        import builtins
+
+        original_open = builtins.open
+
+        client = self.client
+
+        @functools.wraps(original_open)
+        def patched_open(file, mode="r", *args, **kwargs):
+            result = original_open(file, mode, *args, **kwargs)
+
+            # Only track write operations — reads are too noisy
+            if any(m in str(mode) for m in ("w", "a", "x")):
+                client.track_action(
+                    tool="file.write",
+                    action_type="file_operation",
+                    input_data={"path": str(file), "mode": str(mode)},
+                    status="success",
+                    duration_ms=0,
+                )
+
+            return result
+
+        builtins.open = patched_open
+        self._patched.append("file_ops")
+
+
+# ─── Decorator for manual instrumentation ───
+
+def track(tool_name: str | None = None):
+    """
+    Decorator to manually track a function as an agent action.
+
+    Usage:
+        from authe.instrumentor import track
+
+        @track("send_email")
+        def send_email(to, subject, body):
+            ...
+    """
+    def decorator(func: Callable) -> Callable:
+        @functools.wraps(func)
+        def wrapper(*args, **kwargs):
+            from authe import get_client
+            client = get_client()
+
+            name = tool_name or func.__name__
+            start = time.time()
+            status = "success"
+            result = None
+            error_msg = None
+
+            try:
+                result = func(*args, **kwargs)
+                return result
+            except Exception as e:
+                status = "error"
+                error_msg = str(e)
+                raise
+            finally:
+                duration_ms = int((time.time() - start) * 1000)
+                if client:
+                    client.track_action(
+                        tool=name,
+                        input_data=_safe_serialize(kwargs) if kwargs else {"args": str(args)[:500]},
+                        output_data={"result": str(result)[:500]} if not error_msg else {"error": error_msg},
+                        status=status,
+                        duration_ms=duration_ms,
+                    )
+
+        return wrapper
+    return decorator
+
+
+def _safe_serialize(data: Any, max_depth: int = 3) -> dict:
+    """Safely serialize data for logging, handling non-JSON types."""
+    if max_depth <= 0:
+        return {"_truncated": True}
+
+    if isinstance(data, dict):
+        return {str(k): _safe_serialize(v, max_depth - 1) for k, v in data.items()}
+    elif isinstance(data, (list, tuple)):
+        return {"_list": [_safe_serialize(v, max_depth - 1) for v in data[:20]]}
+    elif isinstance(data, (str, int, float, bool, type(None))):
+        if isinstance(data, str) and len(data) > 500:
+            return data[:500] + "..."
+        return data
+    else:
+        return str(data)[:500]

authe-0.1.0/examples/example_manual.py

@@ -0,0 +1,42 @@
+"""
+Example: Manual action tracking with the @track decorator.
+
+Use this when you have custom tools that aren't auto-detected.
+"""
+
+import authe
+from authe.instrumentor import track
+
+authe.init(
+    agent_name="custom-agent",
+    capabilities=["read:email", "send:email", "read:calendar"],
+)
+
+
+@track("read_inbox")
+def read_inbox(account: str, limit: int = 10):
+    """Custom tool: read emails from inbox."""
+    # Your actual email reading logic here
+    return [
+        {"from": "alice@example.com", "subject": "Meeting tomorrow"},
+        {"from": "bob@example.com", "subject": "Project update"},
+    ]
+
+
+@track("send_email")
+def send_email(to: str, subject: str, body: str):
+    """Custom tool: send an email."""
+    # Your actual email sending logic here
+    print(f"Sending email to {to}: {subject}")
+    return {"status": "sent", "message_id": "msg_123"}
+
+
+# Use your tools normally — authe tracks everything
+emails = read_inbox("me@company.com", limit=5)
+send_email("alice@example.com", "Re: Meeting tomorrow", "Sounds good, see you there!")
+
+# Flush to ensure all actions are sent
+client = authe.get_client()
+client.flush()
+
+print("Done! Check dashboard.authe.me for the action timeline.")

authe-0.1.0/examples/example_openai.py

@@ -0,0 +1,38 @@
+"""
+Example: Using authe.me with an OpenAI agent.
+
+1. Get your API key at https://authe.me
+2. Set it: export AUTHE_API_KEY=ak_xxxxx
+3. Run this script: python example_openai.py
+4. View your agent's actions at dashboard.authe.me
+"""
+
+import authe
+
+# One line. That's it.
+authe.init(
+    agent_name="inbox-summarizer",
+    capabilities=["read:email", "send:slack"],
+)
+
+# Your agent code runs normally
+from openai import OpenAI
+
+client = OpenAI()
+
+response = client.chat.completions.create(
+    model="gpt-4",
+    messages=[
+        {"role": "system", "content": "You are a helpful assistant."},
+        {"role": "user", "content": "Summarize the latest news about AI agents."},
+    ],
+)
+
+print(response.choices[0].message.content)
+
+# authe.me automatically captured:
+#   → the LLM call (model, token count, duration)
+#   → any tool calls the agent made
+#   → scope violations if the agent tried something unauthorized
+#
+# View it all at dashboard.authe.me

authe-0.1.0/pyproject.toml

@@ -0,0 +1,52 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "authe"
+version = "0.1.0"
+description = "The trust layer for AI agents. Observability, identity, and reputation in one line of code."
+readme = "README.md"
+license = "MIT"
+requires-python = ">=3.9"
+authors = [
+    { name = "authe.me", email = "hello@authe.me" },
+]
+keywords = ["ai", "agents", "observability", "trust", "identity", "security"]
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: Security",
+    "Topic :: Software Development :: Libraries",
+]
+dependencies = [
+    "httpx>=0.25.0",
+    "wrapt>=1.15.0",
+]
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=7.0",
+    "pytest-asyncio>=0.21",
+    "ruff>=0.1.0",
+]
+
+[project.urls]
+Homepage = "https://authe.me"
+Documentation = "https://docs.authe.me"
+Repository = "https://github.com/autheme/authe-python"
+Issues = "https://github.com/autheme/authe-python/issues"
+
+[tool.ruff]
+line-length = 100
+target-version = "py39"
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]

authe-0.1.0/tests/test_config.py

@@ -0,0 +1,63 @@
+"""Basic tests for the authe SDK."""
+
+import os
+import pytest
+
+
+def test_config_requires_api_key():
+    """Config should raise if no API key is provided."""
+    # Clear env var if set
+    os.environ.pop("AUTHE_API_KEY", None)
+
+    from authe.config import AutheConfig
+
+    with pytest.raises(ValueError, match="API key required"):
+        AutheConfig()
+
+
+def test_config_from_env():
+    """Config should read from environment variables."""
+    os.environ["AUTHE_API_KEY"] = "ak_test123"
+    os.environ["AUTHE_AGENT_NAME"] = "test-agent"
+
+    from authe.config import AutheConfig
+
+    config = AutheConfig()
+    assert config.api_key == "ak_test123"
+    assert config.agent_name == "test-agent"
+    assert config.base_url == "https://api.authe.me"
+
+    # Cleanup
+    del os.environ["AUTHE_API_KEY"]
+    del os.environ["AUTHE_AGENT_NAME"]
+
+
+def test_config_args_override_env():
+    """Explicit args should override env vars."""
+    os.environ["AUTHE_API_KEY"] = "ak_from_env"
+
+    from authe.config import AutheConfig
+
+    config = AutheConfig(api_key="ak_from_args", agent_name="explicit-agent")
+    assert config.api_key == "ak_from_args"
+    assert config.agent_name == "explicit-agent"
+
+    del os.environ["AUTHE_API_KEY"]
+
+
+def test_safe_serialize():
+    """_safe_serialize should handle nested data safely."""
+    from authe.instrumentor import _safe_serialize
+
+    result = _safe_serialize({"key": "value", "nested": {"a": 1}})
+    assert result["key"] == "value"
+    assert result["nested"]["a"] == 1
+
+
+def test_safe_serialize_truncates_strings():
+    """Long strings should be truncated."""
+    from authe.instrumentor import _safe_serialize
+
+    long_string = "a" * 1000
+    result = _safe_serialize({"text": long_string})
+    assert len(result["text"]) < 600