interop-verifier 1.0.0__tar.gz

interop_verifier-1.0.0/.dockerignore

@@ -0,0 +1,10 @@
+.git
+.github
+.idea
+.pytest_cache
+__pycache__
+*.py[cod]
+build
+dist
+*.egg-info
+.venv

interop_verifier-1.0.0/.github/workflows/ci.yml

@@ -0,0 +1,39 @@
+name: CI
+
+on:
+  push:
+    branches: ["master"]
+    tags: ["*"]
+  pull_request:
+    branches: ["master"]
+
+jobs:
+  test:
+    name: Python ${{ matrix.python-version }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.12"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+        with:
+          version: "0.8.5"
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: uv sync --dev --frozen
+
+      - name: Run checks
+        run: make check
+
+      - name: Build package
+        run: make build

interop_verifier-1.0.0/.github/workflows/docker.yml

@@ -0,0 +1,25 @@
+name: Docker
+
+on:
+  push:
+    branches: ["master"]
+    tags: ["*"]
+  pull_request:
+    branches: ["master"]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: false
+          tags: interop-verifier:ci

interop_verifier-1.0.0/.gitignore

@@ -0,0 +1,8 @@
+__pycache__/
+.pytest_cache/
+.idea/
+.venv/
+dist/
+build/
+*.egg-info/
+*.py[cod]

interop_verifier-1.0.0/Dockerfile

@@ -0,0 +1,26 @@
+FROM python:3.12-slim AS runtime
+
+COPY --from=ghcr.io/astral-sh/uv:0.8.5 /uv /uvx /bin/
+
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    UV_COMPILE_BYTECODE=1 \
+    UV_LINK_MODE=copy \
+    PATH="/app/.venv/bin:$PATH"
+
+WORKDIR /app
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends ca-certificates libsodium23 \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY pyproject.toml uv.lock README.md ./
+COPY src ./src
+COPY scripts ./scripts
+
+RUN uv sync --frozen --no-dev
+
+EXPOSE 9723
+
+ENTRYPOINT ["interop-verifier"]
+CMD ["--help"]

interop_verifier-1.0.0/Makefile

@@ -0,0 +1,34 @@
+IMAGE ?= kentbull/interop-verifier
+VERSION ?= 1.0.0
+
+.PHONY: sync check test build clean docker-build docker-run docker-push publish-pypi
+
+sync:
+	uv sync --dev
+
+check:
+	uv run python -m compileall src tests
+	uv run pytest -q
+
+test:
+	uv run pytest -q
+
+build: clean
+	uv build
+	uv run twine check dist/*
+
+clean:
+	rm -rf build dist *.egg-info
+
+docker-build:
+	docker build -t $(IMAGE):$(VERSION) -t $(IMAGE):latest .
+
+docker-run:
+	docker run --rm $(IMAGE):$(VERSION) version
+
+docker-push:
+	docker push $(IMAGE):$(VERSION)
+	docker push $(IMAGE):latest
+
+publish-pypi: build
+	uv run twine upload dist/*

interop_verifier-1.0.0/PKG-INFO

@@ -0,0 +1,79 @@
+Metadata-Version: 2.4
+Name: interop-verifier
+Version: 1.0.0
+Summary: Generalized Sally-style KERIpy verifier for ACDC interop tests
+Project-URL: Homepage, https://github.com/kentbull/interop-verifier
+Project-URL: Repository, https://github.com/kentbull/interop-verifier
+Project-URL: Issues, https://github.com/kentbull/interop-verifier/issues
+Author-email: Kent Bull <kent@kentbull.com>
+Keywords: acdc,cesr,ipex,keri,verifier
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security :: Cryptography
+Requires-Python: >=3.12.6
+Requires-Dist: falcon==4.0.2
+Requires-Dist: hio<0.7.0,>=0.6.14
+Requires-Dist: http-sfv==0.9.9
+Requires-Dist: keri<1.3.0,>=1.2.12
+Description-Content-Type: text/markdown
+
+# interop-verifier
+
+`interop-verifier` is a generalized Sally-style KERIpy verifier used by the
+`keri-ts` ACDC interop tests. It receives normal CESR/IPEX credential
+presentations, verifies them with KERIpy VDR state, and posts generic webhook
+payloads without hardcoding the vLEI credential chain.
+
+## Install
+
+```sh
+uv tool install interop-verifier
+```
+
+## Run from PyPI
+
+```sh
+interop-verifier start \
+  --name verifier \
+  --base "" \
+  --alias verifier \
+  --http 9723 \
+  --web-hook http://127.0.0.1:9923/
+```
+
+The verifier uses a bundled no-witness inception config by default. Pass
+`--incept-file` to use a custom KERIpy-style inception JSON file.
+
+## Run with Docker
+
+```sh
+docker run --rm -p 9723:9723 kentbull/interop-verifier:1.0.0 start \
+  --name verifier \
+  --head-dir /data \
+  --alias verifier \
+  --http 9723 \
+  --web-hook http://host.docker.internal:9923/
+```
+
+Mount `/data` to persist verifier key state.
+
+## Interfaces
+
+The verifier serves:
+
+- `GET /health` for liveness and queue counts.
+- `GET /oobi/{aid}/controller` for KERI controller OOBI resolution.
+- `PUT /` and `POST /` for CESR/KERI ingress.
+- Sally-style signed webhook callbacks for verified credentials.
+
+## Development
+
+```sh
+make sync
+make check
+make build
+make docker-build
+```

interop_verifier-1.0.0/README.md

@@ -0,0 +1,57 @@
+# interop-verifier
+
+`interop-verifier` is a generalized Sally-style KERIpy verifier used by the
+`keri-ts` ACDC interop tests. It receives normal CESR/IPEX credential
+presentations, verifies them with KERIpy VDR state, and posts generic webhook
+payloads without hardcoding the vLEI credential chain.
+
+## Install
+
+```sh
+uv tool install interop-verifier
+```
+
+## Run from PyPI
+
+```sh
+interop-verifier start \
+  --name verifier \
+  --base "" \
+  --alias verifier \
+  --http 9723 \
+  --web-hook http://127.0.0.1:9923/
+```
+
+The verifier uses a bundled no-witness inception config by default. Pass
+`--incept-file` to use a custom KERIpy-style inception JSON file.
+
+## Run with Docker
+
+```sh
+docker run --rm -p 9723:9723 kentbull/interop-verifier:1.0.0 start \
+  --name verifier \
+  --head-dir /data \
+  --alias verifier \
+  --http 9723 \
+  --web-hook http://host.docker.internal:9923/
+```
+
+Mount `/data` to persist verifier key state.
+
+## Interfaces
+
+The verifier serves:
+
+- `GET /health` for liveness and queue counts.
+- `GET /oobi/{aid}/controller` for KERI controller OOBI resolution.
+- `PUT /` and `POST /` for CESR/KERI ingress.
+- Sally-style signed webhook callbacks for verified credentials.
+
+## Development
+
+```sh
+make sync
+make check
+make build
+make docker-build
+```

interop_verifier-1.0.0/pyproject.toml

@@ -0,0 +1,45 @@
+[project]
+name = "interop-verifier"
+version = "1.0.0"
+description = "Generalized Sally-style KERIpy verifier for ACDC interop tests"
+readme = "README.md"
+requires-python = ">=3.12.6"
+authors = [
+    { name = "Kent Bull", email = "kent@kentbull.com" },
+]
+keywords = ["keri", "acdc", "cesr", "ipex", "verifier"]
+classifiers = [
+    "Development Status :: 5 - Production/Stable",
+    "Environment :: Console",
+    "Intended Audience :: Developers",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Security :: Cryptography",
+]
+dependencies = [
+    "keri>=1.2.12,<1.3.0",
+    "hio>=0.6.14,<0.7.0",
+    "falcon==4.0.2",
+    "http-sfv==0.9.9",
+]
+
+[project.scripts]
+interop-verifier = "interop_verifier.app.cli:main"
+
+[project.urls]
+Homepage = "https://github.com/kentbull/interop-verifier"
+Repository = "https://github.com/kentbull/interop-verifier"
+Issues = "https://github.com/kentbull/interop-verifier/issues"
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.hatchling.build.targets.wheel]
+packages = ["src/interop_verifier"]
+
+[dependency-groups]
+dev = [
+    "pytest>=8.3.5",
+    "twine>=6.2.0",
+]

interop_verifier-1.0.0/scripts/interop-verifier-incept-no-wits.json

@@ -0,0 +1,9 @@
+{
+  "transferable": true,
+  "wits": [],
+  "toad": 0,
+  "icount": 1,
+  "ncount": 1,
+  "isith": "1",
+  "nsith": "1"
+}

interop_verifier-1.0.0/src/interop_verifier/__init__.py

@@ -0,0 +1,3 @@
+"""Generalized Sally-style verifier for KERI interop tests."""
+
+__version__ = "1.0.0"

interop_verifier-1.0.0/src/interop_verifier/app/__init__.py

@@ -0,0 +1 @@
+"""CLI package for interop-verifier."""

interop_verifier-1.0.0/src/interop_verifier/app/cli.py

@@ -0,0 +1,107 @@
+"""Command line entrypoint."""
+
+import argparse
+import json
+
+from keri.app import configing, habbing, keeping
+
+import interop_verifier
+from interop_verifier.core import serving
+from interop_verifier.core.policy import VerificationPolicy
+
+
+def main():
+    parser = argparse.ArgumentParser(prog="interop-verifier")
+    sub = parser.add_subparsers(dest="command", required=True)
+    start = sub.add_parser("start", help="Start the interop verifier service")
+    start.add_argument("-p", "--http", default=9723, type=int)
+    start.add_argument("-n", "--name", default="interop-verifier")
+    start.add_argument("-b", "--base", default="")
+    start.add_argument("--head-dir", dest="headDirPath", default=None)
+    start.add_argument("-a", "--alias", required=True)
+    start.add_argument("-s", "--salt")
+    start.add_argument("--passcode", dest="bran", default=None)
+    start.add_argument("-i", "--incept-file", dest="inceptFile", default=None)
+    start.add_argument("-c", "--config-dir", dest="configDir", default=None)
+    start.add_argument("-f", "--config-file", dest="configFile", default=None)
+    start.add_argument("-w", "--web-hook", dest="webHook", required=True)
+    start.add_argument("--policy", dest="policyFile", default=None)
+    start.add_argument("--schema", dest="schemas", action="append", default=[])
+    start.add_argument("-r", "--retry-delay", default=3, type=int)
+    start.add_argument("-e", "--escrow-timeout", default=10, type=int)
+    start.add_argument("--no-clear-escrows", action="store_true", default=False)
+    start.set_defaults(handler=start_command)
+
+    version = sub.add_parser("version", help="Print version")
+    version.set_defaults(handler=lambda args: print(interop_verifier.__version__))
+
+    args = parser.parse_args()
+    args.handler(args)
+
+
+def start_command(args):
+    hby = init_habery(
+        name=args.name,
+        base=args.base,
+        bran=args.bran,
+        config_file=args.configFile,
+        config_dir=args.configDir,
+        salt=args.salt,
+        head_dir_path=args.headDirPath,
+    )
+    incept_args = {
+        "name": args.name,
+        "base": args.base,
+        "alias": args.alias,
+        "bran": args.bran,
+        "incept_file": args.inceptFile,
+        "config_dir": args.configDir,
+    }
+    hab = serving.incept_if_new(hby, args.alias, incept_args)
+    serving.load_schemas(hby, args.schemas)
+    policy = VerificationPolicy(load_policy(args.policyFile))
+    doers = serving.setupDoers(
+        hby,
+        hab,
+        alias=args.alias,
+        http_port=args.http,
+        hook=args.webHook,
+        policy=policy,
+        timeout=args.escrow_timeout,
+        retry=args.retry_delay,
+        clear_escrows=not args.no_clear_escrows,
+        head_dir_path=args.headDirPath,
+    )
+    print(f"Interop verifier {hab.pre} listening on http://127.0.0.1:{args.http}", flush=True)
+    serving.run_doers(doers)
+
+
+def init_habery(name, base, bran, config_file, config_dir, salt, head_dir_path=None):
+    ks = keeping.Keeper(name=name, base=base, temp=False, reopen=True, headDirPath=head_dir_path)
+    aeid = ks.gbls.get("aeid")
+    if aeid is None:
+        cf = None
+        if config_file is not None:
+            cf = configing.Configer(name=config_file, base=base, headDirPath=config_dir, temp=False, reopen=True, clear=False)
+        return habbing.Habery(
+            name=name,
+            base=base,
+            bran=bran,
+            cf=cf,
+            ks=ks,
+            salt=salt if salt else None,
+            headDirPath=head_dir_path,
+        )
+
+    return habbing.Habery(name=name, base=base, bran=bran, ks=ks, headDirPath=head_dir_path)
+
+
+def load_policy(path):
+    if not path:
+        return {}
+    with open(path, "r", encoding="utf-8") as fp:
+        return json.load(fp)
+
+
+if __name__ == "__main__":
+    main()

interop_verifier-1.0.0/src/interop_verifier/core/__init__.py

@@ -0,0 +1 @@
+"""Core verifier components."""

interop_verifier-1.0.0/src/interop_verifier/core/basing.py

@@ -0,0 +1,54 @@
+"""Sally-style cue database for verifier communication state."""
+
+from keri.core import coring, serdering
+from keri.db import dbing, subing
+
+
+class CueBaser(dbing.LMDBer):
+    """Stores verifier presentation, revocation, delivery, and ack queues."""
+
+    TailDirPath = "interop-verifier/db"
+    AltTailDirPath = ".interop-verifier/db"
+    TempPrefix = "interop_verifier_db_"
+
+    def __init__(self, name="cb", headDirPath=None, reopen=True, **kwa):
+        self.snd = None
+        self.iss = None
+        self.rev = None
+        self.recv = None
+        self.revk = None
+        self.ack = None
+        super().__init__(name=name, headDirPath=headDirPath, reopen=reopen, **kwa)
+
+    def reopen(self, **kwa):
+        super().reopen(**kwa)
+        self.snd = subing.CesrSuber(db=self, subkey="snd.", klas=coring.Prefixer)
+        self.iss = subing.CesrSuber(db=self, subkey="iss.", klas=coring.Dater)
+        self.rev = subing.CesrSuber(db=self, subkey="rev.", klas=coring.Dater)
+        self.recv = subing.SerderSuber(db=self, subkey="recv", klas=serdering.SerderACDC)
+        self.revk = subing.SerderSuber(db=self, subkey="revk", klas=serdering.SerderACDC)
+        self.ack = subing.SerderSuber(db=self, subkey="ack", klas=serdering.SerderACDC)
+        return self.env
+
+    def clearEscrows(self):
+        self.iss.trim()
+        self.rev.trim()
+        self.recv.trim()
+        self.revk.trim()
+        self.ack.trim()
+
+    @staticmethod
+    def items(suber, keys=""):
+        if hasattr(suber, "getItemIter"):
+            return suber.getItemIter(keys=keys)
+        return suber.getTopItemIter(keys=keys)
+
+    def getCounts(self):
+        return {
+            "senders": self.snd.cntAll(),
+            "iss": self.iss.cntAll(),
+            "rev": self.rev.cntAll(),
+            "recv": self.recv.cntAll(),
+            "revk": self.revk.cntAll(),
+            "ack": self.ack.cntAll(),
+        }

interop_verifier-1.0.0/src/interop_verifier/core/credentials.py

@@ -0,0 +1,32 @@
+"""TEL revocation cue bridge."""
+
+from hio.base import doing
+from hio.help import decking
+from keri.core import coring
+
+
+class TeveryCuery(doing.Doer):
+    """Moves KERIpy TEL revocation cues into the verifier cue database."""
+
+    def __init__(self, cdb, reger, cues=None, **kwa):
+        self.cdb = cdb
+        self.reger = reger
+        self.cues = cues if cues is not None else decking.Deck()
+        super().__init__(**kwa)
+
+    def do(self, tymth, *, tock=0.0, **opts):
+        self.wind(tymth)
+        self.tock = tock
+        yield self.tock
+        while True:
+            while self.cues:
+                cue = self.cues.popleft()
+                if cue.get("kin") == "revoked":
+                    serder = cue["serder"]
+                    said = serder.ked["i"]
+                    creder = self.reger.creds.get(said)
+                    if creder is not None:
+                        self.cdb.snd.pin(keys=(said,), val=coring.Prefixer(qb64=creder.issuer))
+                        self.cdb.rev.pin(keys=(said,), val=coring.Dater())
+                yield self.tock
+            yield self.tock