ciris-verify 0.1.0__tar.gz

ciris_verify-0.1.0/PKG-INFO

@@ -0,0 +1,152 @@
+Metadata-Version: 2.4
+Name: ciris-verify
+Version: 0.1.0
+Summary: Python bindings for CIRISVerify hardware-rooted license verification
+Author-email: CIRIS Engineering <engineering@ciris.ai>
+License-Expression: AGPL-3.0-or-later
+Project-URL: Homepage, https://github.com/CIRISAI/CIRISVerify
+Project-URL: Repository, https://github.com/CIRISAI/CIRISVerify
+Project-URL: Documentation, https://github.com/CIRISAI/CIRISVerify/tree/main/bindings/python
+Project-URL: Issues, https://github.com/CIRISAI/CIRISVerify/issues
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Operating System :: MacOS
+Classifier: Operating System :: Microsoft :: Windows
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Rust
+Classifier: Topic :: Security :: Cryptography
+Classifier: Typing :: Typed
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Requires-Dist: pydantic>=2.0.0
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.21.0; extra == "dev"
+Requires-Dist: mypy>=1.0.0; extra == "dev"
+
+# CIRISVerify Python Bindings
+
+Python bindings for CIRISVerify, the hardware-rooted license verification module for the CIRIS ecosystem.
+
+## Installation
+
+```bash
+pip install ciris-verify
+```
+
+**Note:** The CIRISVerify binary must be installed separately. See the [CIRISVerify documentation](https://github.com/CIRISAI/CIRISVerify) for installation instructions.
+
+## Quick Start
+
+```python
+import os
+from ciris_verify import CIRISVerify, LicenseStatus
+
+# Initialize the verifier
+verifier = CIRISVerify()
+
+# Get license status with a fresh nonce
+status = await verifier.get_license_status(
+    challenge_nonce=os.urandom(32)
+)
+
+# Check if professional capabilities are available
+if status.allows_licensed_operation():
+    print("Professional license verified!")
+    print(f"Tier: {status.license.tier}")
+    print(f"Capabilities: {status.license.capabilities}")
+else:
+    print("Running in community mode")
+
+# IMPORTANT: Always display the mandatory disclosure
+print(status.mandatory_disclosure.text)
+```
+
+## Mandatory Disclosure
+
+Per the CIRIS ecosystem rules, agents **MUST** display the `mandatory_disclosure.text` to users. This ensures transparency about the agent's capabilities and licensing status.
+
+```python
+# The disclosure MUST be shown to users
+disclosure = status.mandatory_disclosure
+print(f"[{disclosure.severity.upper()}] {disclosure.text}")
+```
+
+## Capability Checking
+
+For frequent capability checks, use the fast path:
+
+```python
+result = await verifier.check_capability("medical:diagnosis")
+if result.allowed:
+    # Capability is available
+    pass
+else:
+    print(f"Capability denied: {result.reason}")
+```
+
+## Testing
+
+For testing without the actual binary, use `MockCIRISVerify`:
+
+```python
+from ciris_verify import MockCIRISVerify, LicenseStatus
+
+# Create a mock that returns community mode
+verifier = MockCIRISVerify(
+    mock_status=LicenseStatus.UNLICENSED_COMMUNITY
+)
+
+# Use exactly like the real client
+status = await verifier.get_license_status(os.urandom(32))
+assert status.status == LicenseStatus.UNLICENSED_COMMUNITY
+```
+
+## Error Handling
+
+```python
+from ciris_verify import (
+    CIRISVerifyError,
+    BinaryNotFoundError,
+    BinaryTamperedError,
+    VerificationFailedError,
+)
+
+try:
+    verifier = CIRISVerify()
+    status = await verifier.get_license_status(os.urandom(32))
+except BinaryNotFoundError as e:
+    # Binary not installed
+    print(f"CIRISVerify not found: {e.path}")
+except BinaryTamperedError:
+    # CRITICAL: Binary has been modified
+    # Halt all operations immediately
+    raise SystemExit("SECURITY ALERT: Binary integrity compromised")
+except VerificationFailedError as e:
+    # Verification failed - operate in restricted mode
+    print(f"Verification failed: {e}")
+```
+
+## License Status Codes
+
+| Status | Code | Description |
+|--------|------|-------------|
+| `LICENSED_PROFESSIONAL` | 100 | Full professional license active |
+| `LICENSED_PROFESSIONAL_GRACE` | 101 | License valid, in offline grace period |
+| `UNLICENSED_COMMUNITY` | 200 | Community mode, no professional capabilities |
+| `RESTRICTED_*` | 300-399 | Restricted mode due to verification issues |
+| `ERROR_*` | 400-499 | Error states (revoked, expired, etc.) |
+| `LOCKDOWN_*` | 500+ | Critical security failure, halt operations |
+
+## Thread Safety
+
+The client is thread-safe and can be used from multiple threads or async tasks concurrently.
+
+## License
+
+AGPL-3.0-or-later - See LICENSE file in the CIRISVerify repository.

ciris_verify-0.1.0/README.md

@@ -0,0 +1,121 @@
+# CIRISVerify Python Bindings
+
+Python bindings for CIRISVerify, the hardware-rooted license verification module for the CIRIS ecosystem.
+
+## Installation
+
+```bash
+pip install ciris-verify
+```
+
+**Note:** The CIRISVerify binary must be installed separately. See the [CIRISVerify documentation](https://github.com/CIRISAI/CIRISVerify) for installation instructions.
+
+## Quick Start
+
+```python
+import os
+from ciris_verify import CIRISVerify, LicenseStatus
+
+# Initialize the verifier
+verifier = CIRISVerify()
+
+# Get license status with a fresh nonce
+status = await verifier.get_license_status(
+    challenge_nonce=os.urandom(32)
+)
+
+# Check if professional capabilities are available
+if status.allows_licensed_operation():
+    print("Professional license verified!")
+    print(f"Tier: {status.license.tier}")
+    print(f"Capabilities: {status.license.capabilities}")
+else:
+    print("Running in community mode")
+
+# IMPORTANT: Always display the mandatory disclosure
+print(status.mandatory_disclosure.text)
+```
+
+## Mandatory Disclosure
+
+Per the CIRIS ecosystem rules, agents **MUST** display the `mandatory_disclosure.text` to users. This ensures transparency about the agent's capabilities and licensing status.
+
+```python
+# The disclosure MUST be shown to users
+disclosure = status.mandatory_disclosure
+print(f"[{disclosure.severity.upper()}] {disclosure.text}")
+```
+
+## Capability Checking
+
+For frequent capability checks, use the fast path:
+
+```python
+result = await verifier.check_capability("medical:diagnosis")
+if result.allowed:
+    # Capability is available
+    pass
+else:
+    print(f"Capability denied: {result.reason}")
+```
+
+## Testing
+
+For testing without the actual binary, use `MockCIRISVerify`:
+
+```python
+from ciris_verify import MockCIRISVerify, LicenseStatus
+
+# Create a mock that returns community mode
+verifier = MockCIRISVerify(
+    mock_status=LicenseStatus.UNLICENSED_COMMUNITY
+)
+
+# Use exactly like the real client
+status = await verifier.get_license_status(os.urandom(32))
+assert status.status == LicenseStatus.UNLICENSED_COMMUNITY
+```
+
+## Error Handling
+
+```python
+from ciris_verify import (
+    CIRISVerifyError,
+    BinaryNotFoundError,
+    BinaryTamperedError,
+    VerificationFailedError,
+)
+
+try:
+    verifier = CIRISVerify()
+    status = await verifier.get_license_status(os.urandom(32))
+except BinaryNotFoundError as e:
+    # Binary not installed
+    print(f"CIRISVerify not found: {e.path}")
+except BinaryTamperedError:
+    # CRITICAL: Binary has been modified
+    # Halt all operations immediately
+    raise SystemExit("SECURITY ALERT: Binary integrity compromised")
+except VerificationFailedError as e:
+    # Verification failed - operate in restricted mode
+    print(f"Verification failed: {e}")
+```
+
+## License Status Codes
+
+| Status | Code | Description |
+|--------|------|-------------|
+| `LICENSED_PROFESSIONAL` | 100 | Full professional license active |
+| `LICENSED_PROFESSIONAL_GRACE` | 101 | License valid, in offline grace period |
+| `UNLICENSED_COMMUNITY` | 200 | Community mode, no professional capabilities |
+| `RESTRICTED_*` | 300-399 | Restricted mode due to verification issues |
+| `ERROR_*` | 400-499 | Error states (revoked, expired, etc.) |
+| `LOCKDOWN_*` | 500+ | Critical security failure, halt operations |
+
+## Thread Safety
+
+The client is thread-safe and can be used from multiple threads or async tasks concurrently.
+
+## License
+
+AGPL-3.0-or-later - See LICENSE file in the CIRISVerify repository.

ciris_verify-0.1.0/ciris_verify/__init__.py

@@ -0,0 +1,63 @@
+"""CIRISVerify Python bindings.
+
+Hardware-rooted license verification for the CIRIS ecosystem.
+Provides cryptographic proof of license status to prevent capability spoofing.
+
+Usage:
+    from ciris_verify import CIRISVerify, LicenseStatus
+
+    verifier = CIRISVerify()
+    status = verifier.get_license_status(challenge_nonce=os.urandom(32))
+
+    if status.allows_licensed_operation():
+        # Professional capabilities available
+        pass
+    else:
+        # Community mode only
+        disclosure = status.mandatory_disclosure
+        print(disclosure.text)
+"""
+
+from .client import CIRISVerify, MockCIRISVerify
+from .types import (
+    LicenseStatus,
+    LicenseTier,
+    LicenseDetails,
+    MandatoryDisclosure,
+    DisclosureSeverity,
+    LicenseStatusResponse,
+    CapabilityCheckResult,
+    FileIntegrityResult,
+    HardwareType,
+    ValidationStatus,
+)
+from .exceptions import (
+    CIRISVerifyError,
+    BinaryNotFoundError,
+    BinaryTamperedError,
+    VerificationFailedError,
+    TimeoutError,
+    CommunicationError,
+)
+
+__version__ = "0.1.0"
+__all__ = [
+    "CIRISVerify",
+    "MockCIRISVerify",
+    "LicenseStatus",
+    "LicenseTier",
+    "LicenseDetails",
+    "MandatoryDisclosure",
+    "DisclosureSeverity",
+    "LicenseStatusResponse",
+    "CapabilityCheckResult",
+    "FileIntegrityResult",
+    "HardwareType",
+    "ValidationStatus",
+    "CIRISVerifyError",
+    "BinaryNotFoundError",
+    "BinaryTamperedError",
+    "VerificationFailedError",
+    "TimeoutError",
+    "CommunicationError",
+]