capsule-emit 0.1.0__py3-none-any.whl

capsule_emit/__init__.py

@@ -0,0 +1,43 @@
+# SPDX-License-Identifier: Apache-2.0
+"""capsule-emit — one-call emit() for Agent Action Capsules.
+
+The adoption surface for the Agent Action Capsule standard:
+
+    from capsule_emit import emit
+
+    cap = emit(
+        action="write_po",
+        operator="acme-co",
+        developer="po-agent@v1",
+        agent_input={"vendor": "Frobozz Supply", "total": 1240.19},
+        agent_output=result,
+        model={"provider": "anthropic", "model_id": "claude-sonnet-4-6"},
+        verdict="executed",
+        effect={"type": "write_po", "status": "dispatched"},
+    )
+    print(cap.capsule_id, cap.anchored)
+
+Anchor is on by default (async, digest-only). Ledger is written to
+``ledger.jsonl`` by default. Both are configurable.
+"""
+from .core import EmitResult, emit
+from .ledger import append_to_ledger, read_ledger
+from .ledger import view as ledger_view
+from .manifest import ManifestDeclaration, find_manifest, load_manifest
+
+__version__ = "0.1.0"
+
+__all__ = [
+    "__version__",
+    # Core
+    "emit",
+    "EmitResult",
+    # Ledger
+    "append_to_ledger",
+    "read_ledger",
+    "ledger_view",
+    # Manifest
+    "load_manifest",
+    "find_manifest",
+    "ManifestDeclaration",
+]

capsule_emit/adapters/__init__.py

@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: Apache-2.0
+"""capsule-emit framework adapters.
+
+MCP-first: ``capsule_emit.adapters.mcp.MCPCapsuleEmitter``
+Thin shells: ``langchain``, ``crewai``, ``hermes`` (all over _base.CapsuleEmitterBase).
+"""

capsule_emit/adapters/_base.py

@@ -0,0 +1,84 @@
+# SPDX-License-Identifier: Apache-2.0
+"""Shared base for all capsule-emit framework adapters.
+
+All framework adapters (LangChain, CrewAI, Hermes, MCP) extend this base.
+It holds operator/developer/ledger config and exposes a single
+``emit_capsule()`` helper that calls the top-level ``capsule_emit.emit()``.
+"""
+from __future__ import annotations
+
+import os
+from typing import Any
+
+from capsule_emit.core import EmitResult, emit
+
+__all__ = ["CapsuleEmitterBase"]
+
+
+class CapsuleEmitterBase:
+    """Shared config carrier for capsule-emit framework adapters.
+
+    Args:
+        operator: Tenant/org identifier stamped on every capsule.
+        developer: Agent name + version.
+        ledger: Path to the JSONL ledger file (default: ``ledger.jsonl``).
+        anchor: Fire-and-forget anchor on every emit (default: True).
+        anchor_url: Override anchor endpoint (else ``AAC_ANCHOR_URL`` env var).
+    """
+
+    def __init__(
+        self,
+        *,
+        operator: str,
+        developer: str,
+        ledger: str | os.PathLike = "ledger.jsonl",
+        anchor: bool = True,
+        anchor_url: str | None = None,
+    ) -> None:
+        self._operator = operator
+        self._developer = developer
+        self._ledger = ledger
+        self._anchor = anchor
+        self._anchor_url = anchor_url
+        self._last: EmitResult | None = None
+        self._results: list[EmitResult] = []
+
+    @property
+    def last(self) -> EmitResult | None:
+        """The most recent EmitResult, or None."""
+        return self._last
+
+    @property
+    def results(self) -> list[EmitResult]:
+        """All EmitResults emitted this session."""
+        return list(self._results)
+
+    def emit_capsule(
+        self,
+        action: str,
+        tool_input: Any = None,
+        tool_output: Any = None,
+        *,
+        verdict: str = "executed",
+        effect: dict[str, Any] | None = None,
+        prior_capsule_id: str | None = None,
+        model: dict[str, str] | None = None,
+    ) -> EmitResult:
+        """Emit one capsule for a completed tool call."""
+        result = emit(
+            action=action,
+            operator=self._operator,
+            developer=self._developer,
+            agent_input=tool_input,
+            agent_output=tool_output,
+            verdict=verdict,
+            effect=effect,
+            confirms=prior_capsule_id,
+            anchor=self._anchor,
+            ledger=self._ledger,
+            anchor_url=self._anchor_url,
+            model=model,
+        )
+        self._last = result
+        self._results.append(result)
+        return result

capsule_emit/adapters/crewai.py

@@ -0,0 +1,50 @@
+# SPDX-License-Identifier: Apache-2.0
+"""Thin CrewAI shell over CapsuleEmitterBase (~15 lines of adapter logic).
+
+    from capsule_emit.adapters.crewai import CrewAICapsuleEmitter
+
+    emitter = CrewAICapsuleEmitter(operator="acme-co", developer="my-agent@v1")
+    wrapped_tool = emitter.wrap(my_crewai_tool)
+
+Works without installing crewai — ``wrap()`` is framework-free.
+"""
+from __future__ import annotations
+
+import functools
+from typing import Any
+
+from ._base import CapsuleEmitterBase
+
+__all__ = ["CrewAICapsuleEmitter"]
+
+
+class CrewAICapsuleEmitter(CapsuleEmitterBase):
+    """CrewAI adapter — wrap a tool callable; emit a capsule per call."""
+
+    def wrap(self, tool: Any, action: str | None = None) -> Any:
+        """Wrap a CrewAI tool or any callable; emit a capsule on each call."""
+        _action = action or getattr(tool, "name", None) or getattr(tool, "__name__", "tool")
+
+        if callable(tool):
+            @functools.wraps(tool)
+            def _wrapper(*args: Any, **kwargs: Any) -> Any:
+                output = tool(*args, **kwargs)
+                inp = kwargs if kwargs else (args[0] if len(args) == 1 else args)
+                self.emit_capsule(_action, tool_input=inp, tool_output=output)
+                return output
+            return _wrapper
+
+        # CrewAI BaseTool subclass: patch ._run
+        original_run = getattr(tool, "_run", None)
+        if original_run is None:
+            return tool
+
+        @functools.wraps(original_run)
+        def _patched_run(*args: Any, **kwargs: Any) -> Any:
+            output = original_run(*args, **kwargs)
+            inp = kwargs if kwargs else (args[0] if len(args) == 1 else args)
+            self.emit_capsule(_action, tool_input=inp, tool_output=output)
+            return output
+
+        tool._run = _patched_run
+        return tool

capsule_emit/adapters/hermes.py

@@ -0,0 +1,42 @@
+# SPDX-License-Identifier: Apache-2.0
+"""Thin Hermes shell over CapsuleEmitterBase (~15 lines of adapter logic).
+
+    from capsule_emit.adapters.hermes import HermesCapsuleEmitter
+
+    emitter = HermesCapsuleEmitter(operator="acme-co", developer="my-agent@v1")
+
+    # Call around a Hermes tool execution:
+    result = execute_tool(tool_name, inputs)
+    cap = emitter.after_tool(tool_name, inputs, result)
+"""
+from __future__ import annotations
+
+from typing import Any
+
+from capsule_emit.core import EmitResult
+
+from ._base import CapsuleEmitterBase
+
+__all__ = ["HermesCapsuleEmitter"]
+
+
+class HermesCapsuleEmitter(CapsuleEmitterBase):
+    """Hermes adapter — emit capsules around Hermes tool calls."""
+
+    def after_tool(
+        self,
+        tool_name: str,
+        tool_input: Any = None,
+        tool_output: Any = None,
+        *,
+        verdict: str = "executed",
+        effect_status: str = "dispatched",
+    ) -> EmitResult:
+        """Call after a Hermes tool execution to emit a capsule."""
+        return self.emit_capsule(
+            tool_name,
+            tool_input=tool_input,
+            tool_output=tool_output,
+            verdict=verdict,
+            effect={"type": tool_name, "status": effect_status},
+        )

capsule_emit/adapters/langchain.py

@@ -0,0 +1,45 @@
+# SPDX-License-Identifier: Apache-2.0
+"""Thin LangChain shell over CapsuleEmitterBase (~15 lines of adapter logic).
+
+    from capsule_emit.adapters.langchain import LangChainCapsuleEmitter
+
+    emitter = LangChainCapsuleEmitter(operator="acme-co", developer="my-agent@v1")
+    agent.invoke(..., config={"callbacks": [emitter]})
+
+Requires ``pip install langchain-core``.
+"""
+from __future__ import annotations
+
+from typing import Any
+
+from ._base import CapsuleEmitterBase
+
+__all__ = ["LangChainCapsuleEmitter"]
+
+try:
+    from langchain_core.callbacks import BaseCallbackHandler as _Base
+except ImportError as exc:
+    raise ImportError(
+        "LangChainCapsuleEmitter needs langchain-core. "
+        "Install with: pip install langchain-core"
+    ) from exc
+
+
+class LangChainCapsuleEmitter(CapsuleEmitterBase, _Base):
+    """LangChain callback handler — emits one capsule per completed tool call."""
+
+    def __init__(self, **kwargs: Any) -> None:
+        CapsuleEmitterBase.__init__(self, **kwargs)
+        _Base.__init__(self)
+        self._pending: dict[Any, tuple[str, Any]] = {}
+
+    def on_tool_start(self, serialized: dict | None, input_str: str, *, run_id: Any = None, inputs: dict | None = None, **kw: Any) -> None:
+        name = (serialized or {}).get("name") or kw.get("name") or "tool"
+        self._pending[run_id] = (name, inputs if inputs is not None else input_str)
+
+    def on_tool_end(self, output: Any, *, run_id: Any = None, **kw: Any) -> None:
+        name, inp = self._pending.pop(run_id, ("tool", None))
+        self.emit_capsule(name, tool_input=inp, tool_output=output)
+
+    def on_tool_error(self, error: BaseException, *, run_id: Any = None, **kw: Any) -> None:
+        self._pending.pop(run_id, None)

capsule_emit/adapters/mcp.py

@@ -0,0 +1,70 @@
+# SPDX-License-Identifier: Apache-2.0
+"""MCP-first capsule adapter (capsule-emit primary adapter).
+
+Wraps an MCP tool function so every call emits a sealed, anchored capsule.
+No MCP SDK dependency required — the wrapper works with any callable.
+
+    from capsule_emit.adapters.mcp import MCPCapsuleEmitter
+
+    emitter = MCPCapsuleEmitter(operator="acme-co", developer="my-agent@v1")
+
+    # Decorate a tool function — capsule emitted on every call.
+    @emitter.tool("write_po")
+    def write_po(vendor: str, total: float) -> dict:
+        ...
+
+    # Or wrap ad-hoc after a call:
+    result = write_po(vendor="Frobozz", total=1240.19)
+    cap = emitter.emit_capsule("write_po", tool_input={...}, tool_output=result)
+"""
+from __future__ import annotations
+
+import functools
+from typing import Any, Callable
+
+from ._base import CapsuleEmitterBase
+
+__all__ = ["MCPCapsuleEmitter"]
+
+
+class MCPCapsuleEmitter(CapsuleEmitterBase):
+    """MCP-first adapter: wrap tool callables; emit a capsule per call.
+
+    Designed for MCP tool endpoints but works with any Python callable.
+    """
+
+    def tool(
+        self,
+        action: str | None = None,
+        *,
+        effect_type: str | None = None,
+        verdict: str = "executed",
+    ) -> Callable:
+        """Decorator: wraps a tool function and emits a capsule on each call.
+
+        Args:
+            action: Action name for the capsule (defaults to the function name).
+            effect_type: Effect type string (defaults to *action*).
+            verdict: Disposition verdict_class (default ``"executed"``).
+        """
+
+        def decorator(fn: Callable) -> Callable:
+            _action = action or fn.__name__
+            _effect_type = effect_type or _action
+
+            @functools.wraps(fn)
+            def wrapper(*args: Any, **kwargs: Any) -> Any:
+                output = fn(*args, **kwargs)
+                tool_input = kwargs if kwargs else (args[0] if len(args) == 1 else args)
+                self.emit_capsule(
+                    _action,
+                    tool_input=tool_input,
+                    tool_output=output,
+                    verdict=verdict,
+                    effect={"type": _effect_type, "status": "dispatched"},
+                )
+                return output
+
+            return wrapper
+
+        return decorator

capsule_emit/cli.py

@@ -0,0 +1,57 @@
+# SPDX-License-Identifier: Apache-2.0
+"""capsule-emit CLI.
+
+    capsule-emit ledger view <path>          — print the chain table
+    capsule-emit ledger view <path> --json   — raw JSON array
+
+Exit codes: 0 = ok, 1 = error.
+"""
+from __future__ import annotations
+
+import argparse
+import json
+
+
+def _cmd_ledger_view(args: argparse.Namespace) -> int:
+    from .ledger import read_ledger
+    from .ledger import view as _view
+
+    if args.as_json:
+        records = read_ledger(args.path)
+        print(json.dumps(records, indent=2, default=str))
+    else:
+        _view(args.path)
+    return 0
+
+
+def _build_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(
+        prog="capsule-emit",
+        description="capsule-emit — emit + ledger CLI for Agent Action Capsules.",
+    )
+    sub = parser.add_subparsers(dest="command", required=True)
+
+    ledger = sub.add_parser("ledger", help="ledger operations")
+    ledger_sub = ledger.add_subparsers(dest="ledger_cmd", required=True)
+
+    view = ledger_sub.add_parser("view", help="display the ledger as a chain table")
+    view.add_argument("path", help="path to a JSONL ledger file")
+    view.add_argument("--json", dest="as_json", action="store_true", help="raw JSON output")
+
+    return parser
+
+
+def main(argv: list[str] | None = None) -> int:
+    parser = _build_parser()
+    args = parser.parse_args(argv)
+
+    if args.command == "ledger":
+        if args.ledger_cmd == "view":
+            return _cmd_ledger_view(args)
+
+    parser.error(f"unknown command {args.command!r}")
+    return 1
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

capsule_emit/core.py

@@ -0,0 +1,168 @@
+# SPDX-License-Identifier: Apache-2.0
+"""capsule-emit core — the one-call emit() with anchor-on-by-default.
+
+This is the adoption-surface API described in capsule-emit-quickstart.md.
+It wraps ``agent_action_capsule.emit()`` with:
+- A friendlier signature (action, operator, developer, agent_input, agent_output, model, verdict, effect)
+- Digest-only commitment of agent_input / agent_output (content stays local)
+- Async anchor on by default (digest-only; no business content crosses the wire)
+- Automatic JSONL ledger append
+- A typed EmitResult with .capsule_id and .anchored
+
+The ``confirms`` parameter threads a "did → confirmed" chain without a scheduler.
+
+The same emit() calls and ledger files are compatible with gateway layers that
+enforce declared manifests — no code changes required to add enforcement on top.
+"""
+from __future__ import annotations
+
+import hashlib
+import json
+import os
+from dataclasses import dataclass
+from typing import Any
+
+from agent_action_capsule import emit as _base_emit
+from agent_action_capsule.anchor import anchor as _simple_anchor
+from agent_action_capsule.contracts import Disposition, EffectRecord
+
+from .ledger import append_to_ledger
+
+__all__ = ["emit", "EmitResult"]
+
+_DEFAULT_LEDGER = "ledger.jsonl"
+
+
+def _digest(value: Any) -> str:
+    """SHA-256 of the canonical JSON serialization of value."""
+    raw = json.dumps(value, sort_keys=True, separators=(",", ":"), default=str)
+    return hashlib.sha256(raw.encode("utf-8")).hexdigest()
+
+
+@dataclass
+class EmitResult:
+    """The result of a capsule-emit emit() call."""
+
+    capsule_id: str
+    anchored: bool
+    capsule: dict
+
+    def __repr__(self) -> str:
+        return f"EmitResult(capsule_id={self.capsule_id!r}, anchored={self.anchored})"
+
+
+def emit(
+    action: str,
+    operator: str = "",
+    developer: str = "",
+    *,
+    runtime: str | None = None,
+    agent_input: Any = None,
+    agent_output: Any = None,
+    model: dict[str, str] | None = None,
+    verdict: str = "executed",
+    effect: dict[str, Any] | None = None,
+    confirms: str | None = None,
+    anchor: bool = True,
+    ledger: str | os.PathLike = _DEFAULT_LEDGER,
+    anchor_url: str | None = None,
+) -> EmitResult:
+    """Emit a sealed, optionally anchored Agent Action Capsule.
+
+    Args:
+        action: A short, stable action name (e.g. ``"write_po"``).
+        operator: Tenant / org identifier.
+        developer: Agent name + version (e.g. ``"po-agent@v1"``).
+        runtime: Framework hint (e.g. ``"langchain"``); stored in compute_attestation.
+        agent_input: The agent's input (any JSON-serializable value). Digest-committed;
+            the raw value never leaves the process.
+        agent_output: The agent's output. Digest-committed.
+        model: Dict with ``"provider"`` and ``"model_id"`` keys.
+        verdict: Disposition verdict_class (e.g. ``"executed"``, ``"confirmed"``).
+        effect: Effect dict with ``"type"`` and ``"status"`` (and optional ``"autonomy"``).
+        confirms: capsule_id of the prior capsule this one confirms (chains with relation
+            ``"confirms"``).
+        anchor: When True (default), fire-and-forget async digest-only anchor submission.
+        ledger: Path to the JSONL ledger file (default: ``ledger.jsonl``).
+        anchor_url: Override the anchor endpoint (else reads ``AAC_ANCHOR_URL`` env var).
+
+    Returns:
+        :class:`EmitResult` with ``.capsule_id`` and ``.anchored``.
+    """
+    compute_att: dict[str, Any] = {}
+    if agent_input is not None:
+        compute_att["agent_input_digest"] = _digest(agent_input)
+    if agent_output is not None:
+        compute_att["agent_output_digest"] = _digest(agent_output)
+    if runtime is not None:
+        compute_att["runtime"] = runtime
+
+    model_id: str | None = None
+    provider: str | None = None
+    if model:
+        model_id = model.get("model_id")
+        provider = model.get("provider")
+        extra_chip = {k: v for k, v in model.items() if k not in ("model_id", "provider")}
+        if extra_chip:
+            compute_att.update(extra_chip)
+
+    effect_record: EffectRecord | None = None
+    if effect is not None:
+        eff_status = effect.get("status", "dispatched")
+        response_digest: str | None = None
+        if eff_status == "confirmed":
+            # §5.2 confirmed-effect invariant: must supply response_digest.
+            # Auto-derive from agent_output when available; else from the
+            # confirms capsule_id (the "observed response" in a confirm chain).
+            if agent_output is not None:
+                response_digest = _digest(agent_output)
+            elif confirms is not None:
+                response_digest = _digest({"confirmed_capsule_id": confirms})
+        effect_record = EffectRecord(
+            type=effect.get("type", action),
+            status=eff_status,
+            response_digest=response_digest,
+        )
+
+    disposition = Disposition(
+        decision="accept",
+        approver="policy",
+        human_disposed=False,
+        verdict_class=verdict,
+    )
+
+    chain_relation: str | None = None
+    if confirms is not None:
+        chain_relation = "confirms"
+
+    capsule = _base_emit(
+        action_id=None,
+        action_type="decide" if verdict in ("executed", "confirmed", "denied", "blocked") else "fyi",
+        operator=operator,
+        developer=developer,
+        model_id=model_id,
+        provider=provider,
+        compute_attestation=compute_att if compute_att else None,
+        effect=effect_record,
+        prior_capsule_id=confirms,
+        chain_relation=chain_relation,
+        disposition=disposition,
+        tool_name=action,
+    )
+
+    append_to_ledger(capsule, ledger)
+
+    anchored = False
+    if anchor:
+        endpoint = anchor_url or os.environ.get("AAC_ANCHOR_URL", None)
+        _simple_anchor(
+            capsule["capsule_id"],
+            **({"endpoint": endpoint} if endpoint else {}),
+        )
+        anchored = True
+
+    return EmitResult(
+        capsule_id=capsule["capsule_id"],
+        anchored=anchored,
+        capsule=capsule,
+    )

capsule_emit/ledger.py

@@ -0,0 +1,105 @@
+# SPDX-License-Identifier: Apache-2.0
+"""Ledger read/write utilities and the ledger view renderer.
+
+The ledger is a newline-delimited JSON (JSONL) file — one capsule dict per line.
+``view()`` renders it as a human-readable chain table.
+"""
+from __future__ import annotations
+
+import json
+import os
+from pathlib import Path
+from typing import Any
+
+__all__ = ["append_to_ledger", "read_ledger", "view"]
+
+
+def append_to_ledger(capsule: dict, path: str | os.PathLike = "ledger.jsonl") -> None:
+    """Append a sealed capsule dict as a single JSON line."""
+    with open(path, "a", encoding="utf-8") as fh:
+        fh.write(json.dumps(capsule, separators=(",", ":")) + "\n")
+
+
+def read_ledger(path: str | os.PathLike) -> list[dict]:
+    """Read all capsule records from a JSONL ledger file."""
+    p = Path(path)
+    if not p.exists():
+        return []
+    records = []
+    with open(p, encoding="utf-8") as fh:
+        for line in fh:
+            line = line.strip()
+            if line:
+                records.append(json.loads(line))
+    return records
+
+
+def view(path: str | os.PathLike, *, out: Any = None) -> None:
+    """Print a human-readable chain table for the ledger at *path*.
+
+    Args:
+        path: Path to the JSONL ledger file.
+        out: File-like object for output (defaults to stdout).
+    """
+    import sys
+
+    if out is None:
+        out = sys.stdout
+
+    records = read_ledger(path)
+    if not records:
+        print(f"ledger: {path} — empty or not found", file=out)
+        return
+
+    col_id = 14
+    col_action = 22
+    col_op = 14
+    col_effect = 22
+    col_verdict = 12
+
+    header = (
+        f"{'capsule_id':<{col_id}}  "
+        f"{'action':<{col_action}}  "
+        f"{'operator':<{col_op}}  "
+        f"{'effect/status':<{col_effect}}  "
+        f"{'verdict':<{col_verdict}}  "
+        f"{'chain'}"
+    )
+    print(f"\ncapsule-emit ledger: {path}  ({len(records)} record(s))\n", file=out)
+    print(header, file=out)
+    print("-" * len(header), file=out)
+
+    for cap in records:
+        cid = cap.get("capsule_id", "?")[:col_id]
+        action_id = cap.get("action_id", "?")
+        # action_id is "tool-name/<uuid>" — show just the tool part
+        action = action_id.split("/")[0] if "/" in action_id else action_id
+        action = action[:col_action]
+        operator = cap.get("operator", "")[:col_op]
+
+        eff = cap.get("effect", {}) or {}
+        eff_str = ""
+        if eff:
+            eff_str = f"{eff.get('type', '')}:{eff.get('status', '')}"
+        eff_str = eff_str[:col_effect]
+
+        disp = cap.get("disposition", {}) or {}
+        verdict = disp.get("verdict_class", "")[:col_verdict]
+
+        chain = cap.get("chain", {}) or {}
+        chain_str = ""
+        if chain:
+            parent = chain.get("parent_capsule_id", "")
+            rel = chain.get("relation", "")
+            chain_str = f"{rel}→{parent[:8]}…" if parent else ""
+
+        print(
+            f"{cid:<{col_id}}  "
+            f"{action:<{col_action}}  "
+            f"{operator:<{col_op}}  "
+            f"{eff_str:<{col_effect}}  "
+            f"{verdict:<{col_verdict}}  "
+            f"{chain_str}",
+            file=out,
+        )
+    print(file=out)

capsule_emit/manifest.py

@@ -0,0 +1,167 @@
+# SPDX-License-Identifier: Apache-2.0
+"""Manifest parser — declare-only, engine-free.
+
+Reads a ``flows/<wicket>/manifest.md`` file and returns a :class:`ManifestDeclaration`
+with the declared wicket_id, autonomy (default ``"narrate"``), effect type, and
+constraint names.
+
+``capsule-emit`` reads manifests to *declare* — no enforcement, no engine, no gate.
+A compatible gateway layer reads the same manifest file and *enforces* the declared
+constraints. This is the same-file upgrade path: no changes to manifests or emit()
+calls are required to add an enforcement layer on top.
+
+Safe-autonomy default: if ``autonomy`` is not declared, it defaults to ``"narrate"``
+(the safest; the agent describes what it would do but does not execute).
+"""
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import Any
+
+__all__ = ["ManifestDeclaration", "load_manifest", "find_manifest"]
+
+_AUTONOMY_RE = re.compile(
+    r"autonomy\s+[`'\"]?(\w+)[`'\"]?",
+    re.IGNORECASE,
+)
+_EFFECT_RE = re.compile(
+    r"^`(\w+)`\s*—\s*autonomy\s+[`'\"]?(\w+)[`'\"]?",
+    re.IGNORECASE | re.MULTILINE,
+)
+_CONSTRAINT_ID_RE = re.compile(r"`([\w_]+)`")
+
+
+@dataclass
+class ManifestDeclaration:
+    """The declared metadata from a manifest.md file (no enforcement)."""
+
+    wicket_id: str
+    title: str = ""
+    autonomy: str = "narrate"
+    effect_type: str = ""
+    constraint_names: list[str] = field(default_factory=list)
+    raw_frontmatter: dict[str, Any] = field(default_factory=dict)
+
+
+def _parse_yaml_frontmatter(text: str) -> tuple[dict[str, Any], str]:
+    """Extract simple YAML front matter (--- ... ---). No PyYAML dependency."""
+    if not text.startswith("---"):
+        return {}, text
+    end = text.find("\n---", 3)
+    if end == -1:
+        return {}, text
+    fm_block = text[3:end].strip()
+    body = text[end + 4:].lstrip("\n")
+    fm: dict[str, Any] = {}
+    for line in fm_block.splitlines():
+        if ":" in line:
+            key, _, val = line.partition(":")
+            key = key.strip()
+            val = val.strip()
+            # Strip inline comments
+            if "#" in val:
+                val = val[: val.index("#")].strip()
+            # Unquote
+            if (val.startswith('"') and val.endswith('"')) or (
+                val.startswith("'") and val.endswith("'")
+            ):
+                val = val[1:-1]
+            # Coerce obvious types
+            if val.lower() == "true":
+                fm[key] = True
+            elif val.lower() == "false":
+                fm[key] = False
+            elif val.isdigit():
+                fm[key] = int(val)
+            else:
+                fm[key] = val
+    return fm, body
+
+
+def _extract_effect(body: str) -> tuple[str, str]:
+    """Return (effect_type, autonomy) from the ## Effect section."""
+    effect_section = re.search(r"##\s+Effect\s*\n(.*?)(?:\n##|\Z)", body, re.DOTALL)
+    if not effect_section:
+        return "", "narrate"
+    section_text = effect_section.group(1)
+    m = _EFFECT_RE.search(section_text)
+    if m:
+        return m.group(1), m.group(2).lower()
+    # Fallback: look for backtick-quoted identifier on the first non-empty line
+    for line in section_text.splitlines():
+        line = line.strip()
+        if not line:
+            continue
+        ids = _CONSTRAINT_ID_RE.findall(line)
+        if ids:
+            autonomy_m = _AUTONOMY_RE.search(line)
+            return ids[0], autonomy_m.group(1).lower() if autonomy_m else "narrate"
+        break
+    return "", "narrate"
+
+
+def _extract_constraints(body: str) -> list[str]:
+    """Extract constraint id strings from the ## Constraints table."""
+    constraints_section = re.search(
+        r"##\s+Constraints.*?\n(.*?)(?:\n##|\Z)", body, re.DOTALL | re.IGNORECASE
+    )
+    if not constraints_section:
+        return []
+    names: list[str] = []
+    for line in constraints_section.group(1).splitlines():
+        if "|" not in line:
+            continue
+        # Table rows: | `id` | description | ... |
+        cells = [c.strip() for c in line.split("|") if c.strip()]
+        if not cells:
+            continue
+        ids = _CONSTRAINT_ID_RE.findall(cells[0])
+        if ids and not ids[0].startswith("-"):
+            names.append(ids[0])
+    return names
+
+
+def load_manifest(path: str | Path) -> ManifestDeclaration:
+    """Parse a manifest.md file and return a :class:`ManifestDeclaration`.
+
+    Never raises on missing or malformed files — returns a safe default with
+    ``autonomy="narrate"``.
+    """
+    p = Path(path)
+    if not p.exists():
+        wicket_id = p.parent.name if p.parent.name != "." else "unknown"
+        return ManifestDeclaration(wicket_id=wicket_id)
+
+    text = p.read_text(encoding="utf-8")
+    fm, body = _parse_yaml_frontmatter(text)
+
+    wicket_id = str(fm.get("wicket_id", p.parent.name))
+    title = str(fm.get("title", ""))
+
+    # Front matter can declare autonomy; Effect section takes precedence.
+    fm_autonomy = str(fm.get("autonomy", "narrate")).lower()
+    effect_type, body_autonomy = _extract_effect(body)
+    autonomy = body_autonomy if body_autonomy != "narrate" else fm_autonomy
+    constraint_names = _extract_constraints(body)
+
+    return ManifestDeclaration(
+        wicket_id=wicket_id,
+        title=title,
+        autonomy=autonomy,
+        effect_type=effect_type,
+        constraint_names=constraint_names,
+        raw_frontmatter=fm,
+    )
+
+
+def find_manifest(flows_dir: str | Path, wicket_id: str) -> ManifestDeclaration | None:
+    """Locate and load ``flows/<wicket_id>/manifest.md`` under *flows_dir*.
+
+    Returns ``None`` if no such file exists (safe — caller can proceed without it).
+    """
+    p = Path(flows_dir) / wicket_id / "manifest.md"
+    if not p.exists():
+        return None
+    return load_manifest(p)

capsule_emit-0.1.0.dist-info/METADATA

@@ -0,0 +1,249 @@
+Metadata-Version: 2.4
+Name: capsule-emit
+Version: 0.1.0
+Summary: One-call emit() for Agent Action Capsules — anchor on by default, ledger view CLI, thin framework adapters.
+Author: Action State Group
+License: Apache-2.0
+Project-URL: Homepage, https://github.com/action-state-group/capsule-emit
+Project-URL: Source, https://github.com/action-state-group/capsule-emit
+Project-URL: Tracker, https://github.com/action-state-group/capsule-emit/issues
+Project-URL: Specification, https://github.com/action-state-group/agent-action-capsule
+Project-URL: Organization, https://github.com/action-state-group
+Keywords: scitt,agent,capsule,verification,transparency,audit
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Security :: Cryptography
+Classifier: Development Status :: 3 - Alpha
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+License-File: NOTICE
+Requires-Dist: agent-action-capsule>=0.0.2
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == "dev"
+Requires-Dist: ruff>=0.4; extra == "dev"
+Provides-Extra: langchain
+Requires-Dist: langchain-core>=0.1; extra == "langchain"
+Provides-Extra: crewai
+Requires-Dist: crewai>=0.40; extra == "crewai"
+Provides-Extra: mcp
+Provides-Extra: hermes
+Dynamic: license-file
+
+# capsule-emit
+
+**One call to seal a tamper-evident, independently-verifiable record of what your AI agent actually did.**
+
+```python
+from capsule_emit import emit
+
+cap = emit(action="write_po", operator="acme-co", developer="po-agent@v1",
+           agent_input={"vendor": "Frobozz Supply", "total": 1240.19},
+           agent_output=result, verdict="executed",
+           effect={"type": "write_po", "status": "dispatched"})
+
+print(cap.capsule_id)   # sealed, anchored, verifiable by anyone
+```
+
+`capsule-emit` is the producer layer for the **Agent Action Capsule** — a [SCITT](https://datatracker.ietf.org/doc/draft-mih-scitt-agent-action-capsule/) statement profile. You add one line at the moment your agent does something consequential; you get back a signed, digest-committed capsule that a third party who trusts neither you nor your agent can independently verify.
+
+---
+
+## Why you need this
+
+Agents now move money, change records, and act across organizational boundaries. When something goes wrong — or someone asks "did your agent really do that, and was it authorized?" — what's your proof?
+
+Your **logs** are your own word. They're mutable, they live in your database, and they mean nothing to an auditor, a counterparty, or a regulator who has no reason to trust your systems. There's no way for an outside party to confirm a log wasn't edited after the fact.
+
+A **capsule** is different: it's signed at the moment of the action, its content is committed to a hash, and it's recorded in a public append-only log. Anyone can verify it offline, from the bytes alone — *without trusting you*.
+
+## Why your existing stack can't do this
+
+These layers answer **different questions** — a capsule fills the gap none of them cover:
+
+| Layer | Examples | Answers | Doesn't answer |
+|---|---|---|---|
+| **Identity** | DIDs, SPIFFE, Agent Cards | *Who* is the agent? | What it did |
+| **Authorization** | OPA, policy, permits | What is it *allowed* to do? | What it actually did, or the outcome |
+| **Observability** | Datadog, audit logs, your DB | What *you say* happened | Nothing to a party who doesn't trust you — mutable, self-attested |
+| **Agent Action Capsule** | `capsule-emit` | **What it *did*, provably** | (composes with the above by reference) |
+
+A capsule records the action **and its outcome**, with a *confirmed-effect binding* so a **dispatched attempt can't be passed off as a completed effect** (the may/did distinction: approved ≠ executed ≠ confirmed). It records on **every verdict, including refusals** — a `blocked` capsule is auditor-grade evidence that a gate worked.
+
+## Concepts
+
+A small vocabulary — each concept maps to a field you can see or a command you can run:
+
+- **Capsule** — the unit: one consequential action *and its outcome*, sealed, signed, and digest-committed. It's plain JSON — inspect it with `cap.capsule` (see *What's in a capsule* below).
+- **may / did** — the honesty model: *approved ≠ executed ≠ confirmed*. A capsule carries the verdict (`disposition.verdict_class`) **and** a confirmed-effect binding (`effect.status` + request/response digests), so a *dispatched attempt* can never be presented as a *completed effect*.
+- **Chain** — actions link by digest: a confirm / supersede / escalate capsule points at its parent (`chain.parent_capsule_id`), turning *approved → executed → confirmed* (or *deferred → escalated → resolved*) into one verifiable trail. → `emit(..., confirms=parent_id)`
+- **Break** — tamper-evidence: change a single byte and the recomputed `capsule_id` stops matching, so `verify` returns **INVALID**. The break *is* the proof — it's what makes the record trustworthy to someone who didn't write it.
+- **Anchor** — the public proof: the capsule's digest is written to an append-only transparency log; the receipt proves it existed at time T, checkable by anyone *without trusting you* (see *Anchoring* below).
+- **Ledger** — your local append-only trail of capsules (the chain of chains). → `capsule-emit ledger view ./ledger.jsonl`
+- **Verify** — anyone, offline, from the bytes alone — no keys, no network, no clock. Class-1 (structure + IDs), Class-2 (manifest-aware). Independent of the producer on purpose (see *Verify* below).
+- **Declare → Enforce** — a `manifest.md` *declares* autonomy + constraints; a compatible gateway *enforces* the same file later, with **no change** to your `emit()` calls (see *Declare now, enforce later* below).
+
+The sections below are the depth behind each concept.
+
+## How easy it is
+
+```bash
+pip install capsule-emit          # emit + anchor client + ledger CLI
+```
+
+```python
+from capsule_emit import emit
+
+cap = emit(
+    action="write_po",
+    operator="acme-co",                 # the accountable tenant
+    developer="po-agent@v1",            # the agent identity + version
+    agent_input={"vendor": "Frobozz Supply", "total": 1240.19},
+    agent_output=result,
+    model={"provider": "anthropic", "model_id": "claude-sonnet-4-6"},
+    verdict="executed",                 # executed | blocked | denied | errored | timed_out
+    effect={"type": "write_po", "status": "dispatched"},
+)
+print(cap.capsule_id, cap.anchored)
+```
+
+That's it. The capsule is sealed and anchored. One call per consequential action.
+
+## What's inside a capsule
+
+`emit()` returns `cap.capsule` — a JSON object you can inspect, store, or hand to anyone:
+
+```jsonc
+{
+  "spec_version":   "draft-mih-scitt-agent-action-capsule-01",
+  "format_version": "2",
+  "capsule_id":     "9fddfcec…32eb26",      // SHA-256 of the canonical payload (its content address)
+  "action_id":      "write_po/39530d9c…",   // the action name + a unique id (chain linkage)
+  "action_type":    "decide",               // the capsule class (a decision that produced an effect)
+  "operator":       "acme-co",              // accountable tenant
+  "developer":      "po-agent@v1",          // agent identity + version
+  "timestamp":      "2026-06-20T04:45:11Z",
+  "model_attestation": {                    // which model + the evidence it produced
+    "provider": "anthropic",
+    "model_id": "claude-sonnet-4-6",
+    "compute_attestation": {
+      "agent_input_digest":  "3c2c9123…",   // the prompt/input, sealed by hash
+      "agent_output_digest": "c574d16d…"    // the inference/output, sealed by hash
+    }
+  },
+  "effect": {                               // what was committed
+    "type":   "write_po",
+    "status": "dispatched",                 // dispatched (attempted) vs confirmed (observed)
+    "effect_attestation": "runtime_claimed"
+  },
+  "disposition": {                          // the may/did verdict
+    "decision":       "accept",
+    "verdict_class":  "executed",           // executed | blocked | denied | errored | confirmed
+    "approver":       "policy",
+    "human_disposed": false                 // honest in-the-loop flag
+  },
+  "assurance": {                            // how far to trust each part
+    "attestation_mode": "self_attested",
+    "effect_mode":      "dispatched_unconfirmed",
+    "ledger_mode":      "standalone"        // standalone | chained
+  }
+  // When a capsule confirms/supersedes another, a "chain" block appears and
+  // the effect gains a "response_digest" (the confirmed-effect binding):
+  //   "chain":  { "parent_capsule_id": "1008e6fc…", "relation": "confirms" }
+}
+```
+
+Confirming or superseding an action is itself a capsule that **chains** to the first — that's how "approved → executed → confirmed" becomes a verifiable trail. Full field reference: the [spec](https://datatracker.ietf.org/doc/draft-mih-scitt-agent-action-capsule/) §5.
+
+## Anchoring — where the proof lives
+
+**Anchor is on by default.** When you `emit()`, the capsule's **digest only** is submitted to a SCITT transparency log, and you get back an [RFC 9162](https://www.rfc-editor.org/rfc/rfc9162) inclusion-proof **receipt** — durable, tamper-evident evidence that this exact capsule existed at that time.
+
+- **Where:** the free hosted log at `https://anchor.agentactioncapsule.org/v1/digest` (no signup, no key).
+- **What's logged:** a **SHA-256 digest** (the `capsule_id`) — nothing else. Your vendors, amounts, operator, and payloads **never leave your machine**.
+- **What you get:** the receipt (an inclusion proof) — keep it with the capsule; anyone can later check the capsule against the log offline.
+- **Self-host or repoint:** the log service ([`capsule-anchor`](https://github.com/action-state-group/capsule-anchor)) is open-source. Point anywhere with `AAC_ANCHOR_URL=https://your-log/...` or `emit(..., anchor_url=...)`.
+- **Offline:** `emit(..., anchor=False)` seals locally and skips the network.
+- **Why bother:** a self-hosted log you control isn't proof to an outsider; a shared, append-only transparency log is. That's what makes the capsule checkable by someone who trusts neither party.
+
+## Verify
+
+The verifier ships in the spec package — install it and check any capsule (or a whole ledger) from the bytes alone, no keys/network/clock:
+
+```bash
+pip install agent-action-capsule
+agent-action-capsule verify ./ledger.jsonl
+```
+
+Tamper with one byte and verification fails. The verifier is independent of `capsule-emit` on purpose — *any* tool can produce a capsule; *any* party can verify one.
+
+## Ledger view
+
+Every `emit()` appends to a local JSONL ledger:
+
+```bash
+capsule-emit ledger view ./ledger.jsonl
+```
+
+## Framework adapters
+
+One `emit()` per tool call, regardless of framework — thin adapters over one shared base:
+
+```python
+from capsule_emit.adapters.mcp import MCPCapsuleEmitter          # primary (MCP)
+emitter = MCPCapsuleEmitter(operator="acme-co", developer="my-agent@v1")
+
+@emitter.tool("write_po")
+def write_po(vendor: str, total: float) -> dict: ...
+```
+
+LangChain (`LangChainCapsuleEmitter`, a callback handler), CrewAI (`CrewAICapsuleEmitter`, `.wrap(tool)`), and Hermes (`HermesCapsuleEmitter`, `.after_tool(...)`) work the same way. **Per-adapter guides — where to put the call, the one-line add, and a ready-made prompt for your coding agent — are in [`docs/adapters/`](docs/adapters/).**
+
+## Declare now, enforce later — same file
+
+Drop a `flows/<action>/manifest.md` next to your code to declare autonomy + constraints:
+
+```markdown
+---
+wicket_id: write-po
+autonomy: narrate
+---
+## Constraints
+| id | what it checks | method | severity |
+|----|----------------|--------|----------|
+| po_arithmetic | Line items re-add to total. | arithmetic_balance | block |
+```
+
+`capsule-emit` reads the manifest to **declare** (no enforcement). A compatible gateway reads the **same file** and **enforces** — adding enforcement requires **no changes** to your `emit()` calls or manifests.
+
+## How it fits
+
+```
+capsule-emit  →  agent-action-capsule (spec + reference verifier)
+                        ↓
+                 scitt-cose (COSE_Sign1 + SCITT receipt verification)
+```
+
+`capsule-emit` produces; [`agent-action-capsule`](https://github.com/action-state-group/agent-action-capsule) is the specification + verifier; [`scitt-cose`](https://github.com/action-state-group/scitt-cose) verifies the transparency-log substrate. Separate on purpose.
+
+## Documentation
+
+New here? These are written to be read top-to-bottom, no standards background needed:
+
+- **[Tutorials](docs/tutorials/)** — five-minute, copy-paste sessions: your first capsule → confirming & chaining → reading your ledger → declaring rules.
+- **[Concepts in plain words](docs/concepts.md)** — the seven words (capsule, seal, may/did, chain, break, anchor, ledger), each tied to a field or command.
+- **[Anatomy of a capsule](docs/anatomy.md)** — exactly what gets sealed, the two-tier structure, and how each layer is captured.
+- **[Adapters](docs/adapters/)** — let MCP / LangChain / CrewAI / Hermes emit capsules for you (with a paste-to-your-coding-agent prompt on each page).
+- **[Going deeper — and popping out](docs/going-deeper.md)** — *down* into the spec + `scitt-cose` substrate if you want to verify it yourself; *up* to a compatible enforcement gateway (e.g. `gopher-ai`, OSS) when you want capsules to **block**, not just record.
+
+## Status
+
+Alpha — API stable, not yet 1.0. The underlying specification is an **individual IETF Internet-Draft**, not an RFC; no RFC number is claimed.
+
+## Provenance, neutrality & governance
+
+Developed by **Action State Group, Inc.** and published as **open-source software (Apache-2.0)**, with a clean transfer path to a **neutral home** (foundation donation or community project) as the ecosystem matures. The content is product-free — the emission layer, adapters, ledger utilities, and a manifest parser; nothing tenant- or product-specific. No primacy is claimed; the value is an interoperable, independently-verifiable record format. Discussion venue: the IETF **SCITT** Working Group (`scitt@ietf.org`).
+
+## License
+
+Apache-2.0 — see [LICENSE](LICENSE).

capsule_emit-0.1.0.dist-info/RECORD

@@ -0,0 +1,18 @@
+capsule_emit/__init__.py,sha256=MgDTrbnXndjUcJkb3vC3_x4WCOuLteAkKSAe1LHwUfI,1186
+capsule_emit/cli.py,sha256=z4KeX5tITw8qSZkBW4aUBkG-GaQfzB8GWCFBVdg1pnk,1622
+capsule_emit/core.py,sha256=kXXrQDmeUIuTBrgdUAKN-OO9vuTQQehKoWsblXW3nLA,6069
+capsule_emit/ledger.py,sha256=Zzbz0leKyiPoCW4yNtOOO2YawIRvtyl4uWu6b1W69m0,3196
+capsule_emit/manifest.py,sha256=Wtgwybq8yCL6bdaQ3wAPf5Se60EY6pWuq-hlsLKdjr4,5809
+capsule_emit/adapters/__init__.py,sha256=i6-qgSSXpmX3xvELixnnniAinZU4_wWFGkn6JfsRaeE,226
+capsule_emit/adapters/_base.py,sha256=2kMO-uujYsgjvojW6u1QzkotMb12dzYvrcY2iUZ_RJI,2578
+capsule_emit/adapters/crewai.py,sha256=ZbEdzxeTbeng7mjJCZwZJlAPsYQiOHS5yZXBrOCC-A8,1825
+capsule_emit/adapters/hermes.py,sha256=UzchiEOGgSigfD8I_IOyncshwcpW-HqQ5KPpReYL1jE,1240
+capsule_emit/adapters/langchain.py,sha256=3qQnfc6CEdlsWoC4koUxszCeaUvWmWoHqIGQ9bQcB8E,1734
+capsule_emit/adapters/mcp.py,sha256=HbmLMTqvgNPZ3MKQv-s9ZaAIGP64lWPSMjS5BXddeDo,2310
+capsule_emit-0.1.0.dist-info/licenses/LICENSE,sha256=fm743ElXZMxoFnlTFYMJuMOE70vxHAyliT47VC-fUms,10635
+capsule_emit-0.1.0.dist-info/licenses/NOTICE,sha256=nuINAerH2aboFWGwCIg4XB2AM4_gARfWJhqwnnAKqMc,540
+capsule_emit-0.1.0.dist-info/METADATA,sha256=KNFf71_lSr6PmhpPnp_wlf3wc2x-FtmUawyLhUw28mg,14272
+capsule_emit-0.1.0.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+capsule_emit-0.1.0.dist-info/entry_points.txt,sha256=bfgS0aT_E6df1HixtCVRvPGM5QX1Pvp_IMGt7_G9YsY,55
+capsule_emit-0.1.0.dist-info/top_level.txt,sha256=z65yhwMjlAlb_nCa0Tu3jD59UsPUNLcv6o6d6q5ykDY,13
+capsule_emit-0.1.0.dist-info/RECORD,,

capsule_emit-0.1.0.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (82.0.1)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

capsule_emit-0.1.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+capsule-emit = capsule_emit.cli:main

capsule_emit-0.1.0.dist-info/licenses/LICENSE

@@ -0,0 +1,191 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship made available under
+      the License, as indicated by a copyright notice that is included in
+      or attached to the work (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other transformations
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and its Derivative Works thereof.
+
+      "Contribution" shall mean, as submitted to the Licensor for inclusion
+      in the Work by the copyright owner or by an individual or Legal Entity
+      authorized to submit on behalf of the copyright owner. For the purposes
+      of this definition, "submitted" means any form of electronic, verbal,
+      or written communication sent to the Licensor or its representatives,
+      including but not limited to communication on electronic mailing lists,
+      source code control systems, and issue tracking systems that are managed
+      by, or on behalf of, the Licensor for the purpose of discussing and
+      improving the Work, but excluding communication that is conspicuously
+      marked or otherwise designated in writing by the copyright owner as
+      "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any Legal Entity on behalf of
+      whom a Contribution has been received by the Licensor and included
+      within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contributions with
+      the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative
+          Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, You must include a readable copy of the
+          attribution notices contained within such NOTICE file, in
+          at least one of the following places: within a NOTICE text
+          file distributed as part of the Derivative Works; within
+          the Source form or documentation, if provided along with the
+          Derivative Works; or, within a display generated by the
+          Derivative Works, if and wherever such third-party notices
+          normally appear. The contents of the NOTICE file are for
+          informational purposes only and do not modify the License.
+          You may add Your own attribution notices within Derivative
+          Works that You distribute, alongside or in addition to the
+          NOTICE text from the Work, provided that such additional
+          attribution notices cannot be construed as modifying the License.
+
+      You may add Your own license statement for Your modifications and
+      may provide additional grant of rights to use, copy, modify, merge,
+      publish, distribute, sublicense, and/or sell copies of the
+      Contribution, either as is or with modifications, and to grant
+      third parties a sublicense to use, copy, modify, merge, publish,
+      distribute, sublicense, and/or sell copies of the Contribution.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or reproducing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or exemplary damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (even if such Contributor has been advised of the possibility
+      of such damages).
+
+   9. Accepting Warranty or Liability. While redistributing the Work or
+      Derivative Works thereof, You may choose to offer, and charge a fee
+      for, acceptance of support, warranty, indemnity, or other liability
+      obligations and/or rights consistent with this License. However, in
+      accepting such obligations, You may offer such conditions only on
+      Your own behalf and on Your sole responsibility, not on behalf of
+      any other Contributor, and only if You agree to indemnify, defend,
+      and hold each Contributor harmless for any liability incurred by,
+      or claims asserted against, such Contributor by reason of your
+      accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format in question.
+
+   Copyright 2024-2026 Action State Group, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied. See the License for the specific language governing
+   permissions and limitations under the License.

capsule_emit-0.1.0.dist-info/licenses/NOTICE

@@ -0,0 +1,13 @@
+capsule-emit
+Copyright 2024-2026 Action State Group, Inc.
+
+This product is developed by Action State Group, Inc. and is published
+as open-source software under the Apache License, Version 2.0.
+
+The Agent Action Capsule specification (draft-mih-scitt-agent-action-capsule)
+is developed and maintained at:
+  https://github.com/action-state-group/agent-action-capsule
+
+This library is a producer/emission layer for that specification.
+It depends on the agent-action-capsule reference library for capsule
+construction and Class-1 verification.

capsule_emit-0.1.0.dist-info/top_level.txt

@@ -0,0 +1 @@
+capsule_emit