matrixscroll 0.1.0__py3-none-any.whl

matrixscroll/__init__.py

@@ -0,0 +1,62 @@
+"""Matrix Scroll — open protocol for hardware-signed AI-assisted code.
+
+This package is the Python reference implementation of the Matrix Scroll
+protocol. It exposes an Ed25519 root-of-trust abstraction with a software
+emulator (default) and a hardware provider stub for the SSX360 reference
+device (NXP SE050). Private keys never leave the provider.
+
+Quickstart:
+
+    >>> import matrixscroll
+    >>> info = matrixscroll.identity_info()
+    >>> signed = matrixscroll.sign_manifest({"release": "v1.0.0"})
+    >>> matrixscroll.verify_manifest(signed)
+    True
+
+See SPEC.md for the wire format and canonical encoding rules.
+"""
+
+from ._core import (
+    ALGORITHM,
+    DEVICE_FILE,
+    SCHEMA,
+    SIGNATURE_SCHEMA,
+    EmulatedProvider,
+    HardwareProvider,
+    IdentityError,
+    IdentityProvider,
+    device_id,
+    get_provider,
+    identity_info,
+    public_key_b64,
+    sign,
+    sign_manifest,
+    status,
+    store_dir,
+    verify,
+    verify_manifest,
+)
+
+__version__ = "0.1.0"
+
+__all__ = [
+    "ALGORITHM",
+    "DEVICE_FILE",
+    "EmulatedProvider",
+    "HardwareProvider",
+    "IdentityError",
+    "IdentityProvider",
+    "SCHEMA",
+    "SIGNATURE_SCHEMA",
+    "__version__",
+    "device_id",
+    "get_provider",
+    "identity_info",
+    "public_key_b64",
+    "sign",
+    "sign_manifest",
+    "status",
+    "store_dir",
+    "verify",
+    "verify_manifest",
+]

matrixscroll/_core.py

@@ -0,0 +1,360 @@
+"""Matrix Scroll root of trust — Ed25519 device identity and signing.
+
+This is the "software emulation first" layer for the Matrix Scroll hardware key.
+The same API serves the local emulator today and the physical NXP SE050 device
+later, selected via the MATRIXSCROLL_MODE environment variable.
+
+Security contract:
+  - Private keys never leave the provider. Public callers only ever see the
+    public key, the derived device id, and signatures.
+  - In emulated mode the private seed is stored locally under
+    ~/.matrixscroll/device.json. The directory is created 0700 and the file is
+    opened 0600 at creation time (never write-then-chmod), so the seed is never
+    momentarily world-readable. A corrupt store fails loud rather than silently
+    re-minting identity. On real hardware the seed is sealed in the secure
+    element and this file holds only public material.
+"""
+
+from __future__ import annotations
+
+import base64
+import binascii
+import copy
+import hashlib
+import json
+import os
+import time
+from abc import ABC, abstractmethod
+from pathlib import Path
+from typing import Any
+
+from cryptography.exceptions import InvalidSignature
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric.ed25519 import (
+    Ed25519PrivateKey,
+    Ed25519PublicKey,
+)
+
+SCHEMA = "matrixscroll.identity.v1"
+SIGNATURE_SCHEMA = "matrixscroll.signature.v1"
+ALGORITHM = "ed25519"
+DEVICE_FILE = "device.json"
+
+_RAW = serialization.Encoding.Raw
+_PRIV_RAW = serialization.PrivateFormat.Raw
+_PUB_RAW = serialization.PublicFormat.Raw
+_NOENC = serialization.NoEncryption()
+
+SEED_LEN = 32
+DIR_MODE = 0o700
+FILE_MODE = 0o600
+
+
+class IdentityError(Exception):
+    """Raised when the device key store cannot be read or is untrustworthy."""
+
+
+def store_dir() -> Path:
+    """Resolve the device store directory (override via MATRIXSCROLL_HOME)."""
+    env = os.environ.get("MATRIXSCROLL_HOME", "").strip()
+    base = Path(env).expanduser() if env else (Path.home() / ".matrixscroll")
+    return base
+
+
+def _b64(data: bytes) -> str:
+    return base64.b64encode(data).decode("ascii")
+
+
+def _unb64(value: str) -> bytes:
+    return base64.b64decode(value.encode("ascii"), validate=True)
+
+
+def _write_secret(path: Path, text: str) -> None:
+    """Write ``text`` to ``path`` created with owner-only (0o600) permissions.
+
+    The file is opened with O_CREAT|O_EXCL via os.open so the private seed is
+    never momentarily world-readable (which a write-then-chmod sequence allows).
+    On Windows the POSIX mode is advisory, but O_EXCL still prevents clobbering.
+    """
+    flags = os.O_WRONLY | os.O_CREAT | os.O_EXCL
+    fd = os.open(str(path), flags, FILE_MODE)
+    try:
+        os.write(fd, text.encode("utf-8"))
+    finally:
+        os.close(fd)
+    try:
+        os.chmod(path, FILE_MODE)
+    except OSError:
+        pass
+
+
+def device_id(public_key: bytes) -> str:
+    """Derive a stable, human-readable id (MS-XXXX-XXXX) from a public key."""
+    digest = hashlib.sha256(public_key).hexdigest().upper()
+    return f"MS-{digest[:4]}-{digest[4:8]}"
+
+
+class IdentityProvider(ABC):
+    """A root-of-trust provider. Signing happens here; keys never escape."""
+
+    mode: str = "unknown"
+
+    @abstractmethod
+    def public_key_bytes(self) -> bytes:
+        ...
+
+    @abstractmethod
+    def sign(self, data: bytes) -> bytes:
+        ...
+
+    @property
+    def created_at(self) -> str:
+        return ""
+
+    def is_available(self) -> tuple[bool, str | None]:
+        """Whether this provider can actually serve keys/signatures right now.
+
+        Returns ``(True, None)`` when usable; ``(False, reason)`` when the
+        provider is selected but not yet operational (e.g. the hardware stub).
+        Soft status surfaces use this to avoid crashing read-only endpoints
+        when the SE050 path is not yet wired; signing paths still raise loud.
+        """
+        return True, None
+
+
+class EmulatedProvider(IdentityProvider):
+    """Software Matrix Scroll. Holds an Ed25519 key in process memory."""
+
+    mode = "emulated"
+
+    def __init__(self, private_key: Ed25519PrivateKey, created_at: str) -> None:
+        self._key = private_key
+        self._created_at = created_at
+
+    @classmethod
+    def load_or_create(cls, directory: Path | None = None) -> "EmulatedProvider":
+        directory = directory or store_dir()
+        path = directory / DEVICE_FILE
+        if path.is_file():
+            return cls._load(path)
+
+        key = Ed25519PrivateKey.generate()
+        created = time.strftime("%Y-%m-%dT%H:%M:%SZ", time.gmtime())
+        pub = key.public_key().public_bytes(_RAW, _PUB_RAW)
+        doc = {
+            "schema": SCHEMA,
+            "mode": cls.mode,
+            "created_at": created,
+            "device_id": device_id(pub),
+            "public_key": _b64(pub),
+            "private_key": _b64(key.private_bytes(_RAW, _PRIV_RAW, _NOENC)),
+        }
+        directory.mkdir(parents=True, exist_ok=True)
+        try:
+            os.chmod(directory, DIR_MODE)
+        except OSError:
+            pass
+        _write_secret(path, json.dumps(doc, indent=2) + "\n")
+        return cls(key, created)
+
+    @classmethod
+    def _load(cls, path: Path) -> "EmulatedProvider":
+        """Load an existing key store, failing loud (never re-minting) if it is
+        corrupt so a tampered or truncated file cannot silently rotate identity."""
+        try:
+            doc = json.loads(path.read_text(encoding="utf-8"))
+            seed = _unb64(doc["private_key"])
+        except (OSError, ValueError, KeyError, AttributeError, binascii.Error) as exc:
+            raise IdentityError(f"device key store at {path} is unreadable: {exc}")
+        if len(seed) != SEED_LEN:
+            raise IdentityError(
+                f"device key store at {path} has an invalid {len(seed)}-byte seed"
+            )
+        try:
+            key = Ed25519PrivateKey.from_private_bytes(seed)
+        except ValueError as exc:
+            raise IdentityError(f"device key store at {path} is corrupt: {exc}")
+        return cls(key, doc.get("created_at", ""))
+
+    def public_key_bytes(self) -> bytes:
+        return self._key.public_key().public_bytes(_RAW, _PUB_RAW)
+
+    def sign(self, data: bytes) -> bytes:
+        return self._key.sign(data)
+
+    @property
+    def created_at(self) -> str:
+        return self._created_at
+
+
+class HardwareProvider(IdentityProvider):
+    """Stub for the physical NXP SE050 device (not yet wired)."""
+
+    mode = "hardware"
+    UNAVAILABLE_REASON = (
+        "Matrix Scroll hardware provider is not available yet. "
+        "Use MATRIXSCROLL_MODE=emulated (default) for the software key."
+    )
+
+    def is_available(self) -> tuple[bool, str | None]:
+        return False, self.UNAVAILABLE_REASON
+
+    def public_key_bytes(self) -> bytes:  # pragma: no cover - hardware path
+        raise NotImplementedError(self.UNAVAILABLE_REASON)
+
+    def sign(self, data: bytes) -> bytes:  # pragma: no cover - hardware path
+        raise NotImplementedError(self.UNAVAILABLE_REASON)
+
+
+_PROVIDER: IdentityProvider | None = None
+
+
+def get_provider(*, refresh: bool = False) -> IdentityProvider:
+    """Return the active root-of-trust provider (cached).
+
+    Mode is chosen by MATRIXSCROLL_MODE (default "emulated"). The hardware path
+    is reserved for the physical device.
+    """
+    global _PROVIDER
+    if _PROVIDER is not None and not refresh:
+        return _PROVIDER
+    mode = os.environ.get("MATRIXSCROLL_MODE", "emulated").strip().lower()
+    if mode == "hardware":
+        _PROVIDER = HardwareProvider()
+    else:
+        _PROVIDER = EmulatedProvider.load_or_create()
+    return _PROVIDER
+
+
+def public_key_b64(provider: IdentityProvider | None = None) -> str:
+    provider = provider or get_provider()
+    return _b64(provider.public_key_bytes())
+
+
+def identity_info(provider: IdentityProvider | None = None) -> dict[str, Any]:
+    """Public-only identity material. Never includes the private key."""
+    provider = provider or get_provider()
+    pub = provider.public_key_bytes()
+    return {
+        "schema": SCHEMA,
+        "device_id": device_id(pub),
+        "public_key": _b64(pub),
+        "algorithm": ALGORITHM,
+        "mode": provider.mode,
+        "created_at": provider.created_at,
+    }
+
+
+def status(provider: IdentityProvider | None = None) -> dict[str, Any]:
+    """Soft identity status for read-only surfaces (e.g. an HTTP API).
+
+    Mirrors :func:`identity_info` when the provider is available and adds an
+    ``available`` flag. When the provider is selected but not yet operational
+    (the hardware stub today), returns ``available=False`` with a ``reason``
+    and no key material instead of raising — so dashboards stay green when the
+    SSX360 device path is configured before the SE050 transport is wired.
+    """
+    provider = provider or get_provider()
+    available, reason = provider.is_available()
+    base: dict[str, Any] = {
+        "schema": SCHEMA,
+        "available": available,
+        "algorithm": ALGORITHM,
+        "mode": provider.mode,
+        "created_at": provider.created_at,
+    }
+    if not available:
+        base["reason"] = reason
+        return base
+    pub = provider.public_key_bytes()
+    base["device_id"] = device_id(pub)
+    base["public_key"] = _b64(pub)
+    return base
+
+
+def sign(data: bytes, provider: IdentityProvider | None = None) -> bytes:
+    provider = provider or get_provider()
+    return provider.sign(data)
+
+
+def verify(public_key: str | bytes, data: bytes, signature: str | bytes) -> bool:
+    """Verify a signature against a public key. Returns False on any mismatch."""
+    try:
+        pub = public_key if isinstance(public_key, bytes) else _unb64(public_key)
+        sig = signature if isinstance(signature, bytes) else _unb64(signature)
+        Ed25519PublicKey.from_public_bytes(pub).verify(sig, data)
+        return True
+    except (InvalidSignature, ValueError, TypeError, AttributeError, binascii.Error):
+        return False
+
+
+def _canonical(payload: dict[str, Any]) -> bytes:
+    """Deterministic bytes for signing, identical across platforms and runs.
+
+    Contract: the top-level ``signature`` block is excluded; keys are sorted
+    recursively; whitespace is stripped; non-ASCII is escaped (``ensure_ascii``)
+    so byte output never depends on locale or terminal encoding; and NaN/Infinity
+    are rejected (``allow_nan=False``) because they have no portable JSON form and
+    would otherwise produce signatures other verifiers cannot reproduce.
+    """
+    body = {k: v for k, v in payload.items() if k != "signature"}
+    return json.dumps(
+        body,
+        sort_keys=True,
+        ensure_ascii=True,
+        allow_nan=False,
+        separators=(",", ":"),
+    ).encode("utf-8")
+
+
+def sign_manifest(
+    manifest: dict[str, Any], provider: IdentityProvider | None = None
+) -> dict[str, Any]:
+    """Return a copy of ``manifest`` with a Matrix Scroll signature block attached."""
+    provider = provider or get_provider()
+    info = identity_info(provider)
+    signed = copy.deepcopy(manifest)
+    signed.pop("signature", None)
+    signature_value = _b64(provider.sign(_canonical(signed)))
+    signed["signature"] = {
+        "schema": SIGNATURE_SCHEMA,
+        "algorithm": ALGORITHM,
+        "device_id": info["device_id"],
+        "public_key": info["public_key"],
+        "mode": info["mode"],
+        "signed_at": time.strftime("%Y-%m-%dT%H:%M:%SZ", time.gmtime()),
+        "value": signature_value,
+    }
+    return signed
+
+
+def verify_manifest(manifest: dict[str, Any]) -> bool:
+    """Verify a manifest produced by :func:`sign_manifest`.
+
+    Malformed signature blocks return ``False`` instead of raising. Version and
+    algorithm checks intentionally happen before the cryptographic verify so a
+    future schema cannot be accidentally accepted under v1 rules.
+    """
+    if not isinstance(manifest, dict):
+        return False
+    block = manifest.get("signature")
+    if not isinstance(block, dict):
+        return False
+    if block.get("schema") != SIGNATURE_SCHEMA or block.get("algorithm") != ALGORITHM:
+        return False
+    public_key = block.get("public_key")
+    signature = block.get("value")
+    if not isinstance(public_key, str) or not isinstance(signature, str):
+        return False
+    try:
+        public_key_bytes = _unb64(public_key)
+    except (ValueError, binascii.Error):
+        return False
+    if block.get("device_id") != device_id(public_key_bytes):
+        return False
+    try:
+        signing_input = _canonical(manifest)
+    except (TypeError, ValueError):
+        return False
+    return verify(public_key_bytes, signing_input, signature)
+

matrixscroll/cli.py

@@ -0,0 +1,94 @@
+"""Command-line interface for Matrix Scroll.
+
+Exposed as the ``matrixscroll`` console script. Kept dependency-free
+(argparse + json) so it works without spinning up a host application —
+useful for support sessions and release-evidence verification.
+
+Subcommands:
+  status                 Print the active provider status as JSON.
+  verify <manifest.json> Verify a signed manifest; exits 0 on pass, 2 on fail.
+  sign <manifest.json>   Sign a manifest from disk; prints the signed JSON.
+"""
+
+from __future__ import annotations
+
+import argparse
+import json
+import sys
+from pathlib import Path
+
+from ._core import sign_manifest, status, verify_manifest
+
+
+def _cmd_status(_args: argparse.Namespace) -> int:
+    print(json.dumps(status(), indent=2, sort_keys=True))
+    return 0
+
+
+def _cmd_verify(args: argparse.Namespace) -> int:
+    path = Path(args.manifest)
+    try:
+        manifest = json.loads(path.read_text(encoding="utf-8-sig"))
+    except (OSError, ValueError) as exc:
+        print(json.dumps({"ok": False, "error": f"cannot read manifest: {exc}"}))
+        return 2
+    ok = verify_manifest(manifest)
+    block = manifest.get("signature") or {}
+    print(json.dumps({
+        "ok": ok,
+        "device_id": block.get("device_id"),
+        "mode": block.get("mode"),
+        "signed_at": block.get("signed_at"),
+    }, sort_keys=True))
+    return 0 if ok else 2
+
+
+def _cmd_sign(args: argparse.Namespace) -> int:
+    path = Path(args.manifest)
+    try:
+        manifest = json.loads(path.read_text(encoding="utf-8-sig"))
+    except (OSError, ValueError) as exc:
+        print(json.dumps({"ok": False, "error": f"cannot read manifest: {exc}"}))
+        return 2
+    signed = sign_manifest(manifest)
+    print(json.dumps(signed, indent=2, sort_keys=True))
+    return 0
+
+
+def build_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(
+        prog="matrixscroll",
+        description="Matrix Scroll / SSX360 root-of-trust CLI",
+    )
+    sub = parser.add_subparsers(dest="command")
+
+    sub.add_parser("status", help="Print active provider status as JSON")
+
+    verify_p = sub.add_parser("verify", help="Verify a signed manifest JSON file")
+    verify_p.add_argument("manifest", help="Path to a signed manifest produced by sign_manifest")
+
+    sign_p = sub.add_parser("sign", help="Sign a manifest JSON file with the active provider")
+    sign_p.add_argument("manifest", help="Path to a manifest JSON file to sign")
+
+    return parser
+
+
+def main(argv: list[str] | None = None) -> int:
+    parser = build_parser()
+    args = parser.parse_args(argv)
+
+    handlers = {
+        None: _cmd_status,
+        "status": _cmd_status,
+        "verify": _cmd_verify,
+        "sign": _cmd_sign,
+    }
+    handler = handlers.get(args.command)
+    if handler is None:
+        parser.print_help()
+        return 1
+    return handler(args)
+
+
+if __name__ == "__main__":
+    sys.exit(main())

matrixscroll/py.typed

@@ -0,0 +1 @@
+

matrixscroll-0.1.0.dist-info/METADATA

@@ -0,0 +1,165 @@
+Metadata-Version: 2.4
+Name: matrixscroll
+Version: 0.1.0
+Summary: Open protocol for hardware-signed AI-assisted code (Ed25519 root of trust, software emulator + SSX360 reference device).
+Project-URL: Homepage, https://matrixscroll.com
+Project-URL: Documentation, https://matrixscroll.com/docs
+Project-URL: Source, https://github.com/SSX360/matrixscroll
+Project-URL: Issues, https://github.com/SSX360/matrixscroll/issues
+Project-URL: Specification, https://github.com/SSX360/matrixscroll/blob/main/SPEC.md
+Project-URL: Reference Device, https://matrixscroll.com/device
+Author-email: SSX360 <security@matrixscroll.com>
+License-Expression: Apache-2.0
+License-File: LICENSE
+Keywords: ai,ed25519,matrixscroll,provenance,root-of-trust,secure-element,signing,ssx360,supply-chain
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Typing :: Typed
+Requires-Python: >=3.10
+Requires-Dist: cryptography>=41.0
+Provides-Extra: dev
+Requires-Dist: build>=1.0; extra == 'dev'
+Requires-Dist: pytest>=7.4; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# Matrix Scroll
+
+**Open protocol for hardware-signed AI-assisted code.**
+
+Every AI-generated change in your IDE gets cryptographically signed by an
+Ed25519 key sealed in a hardware root of trust. Anyone can verify the result
+offline with a public key and one command.
+
+- 📜 **Spec:** [`SPEC.md`](SPEC.md) — wire format, canonical encoding, schemas.
+- 🛡 **Agentic AI controls:** [`docs/AGENTIC_AI_SECURITY.md`](docs/AGENTIC_AI_SECURITY.md)
+  maps Matrix Scroll to the joint *Careful Adoption of Agentic AI Services* guidance.
+- 🔐 **Algorithm:** Ed25519 (RFC 8032). Keys never leave the provider.
+- 🧪 **Conformance vectors:** [`vectors/`](vectors/) — for non-Python implementations.
+- 🌐 **Site:** <https://matrixscroll.com>
+- 🔧 **Reference device:** [SSX360](https://matrixscroll.com/device) (NXP SE050).
+
+```bash
+pip install matrixscroll
+```
+
+## Quickstart
+
+```python
+import matrixscroll
+
+# What identity is active on this machine?
+print(matrixscroll.status())
+# {'schema': 'matrixscroll.identity.v1', 'available': True,
+#  'mode': 'emulated', 'device_id': 'MS-A3F2-9C81', ...}
+
+# Sign anything (a release manifest, a commit envelope, a SBOM, an evidence pack)
+signed = matrixscroll.sign_manifest({"release": "v1.0.0", "artifacts": [...]})
+
+# Verify, anywhere, offline
+assert matrixscroll.verify_manifest(signed)
+```
+
+## CLI
+
+```bash
+$ matrixscroll status
+{
+  "available": true,
+  "device_id": "MS-A3F2-9C81",
+  "mode": "emulated",
+  "public_key": "...",
+  "schema": "matrixscroll.identity.v1"
+}
+
+$ matrixscroll sign release.json > release.signed.json
+$ matrixscroll verify release.signed.json
+{"device_id": "MS-A3F2-9C81", "mode": "emulated", "ok": true, "signed_at": "..."}
+```
+
+`matrixscroll verify` exits **0** on a valid signature, **2** on any failure
+(tampered manifest, missing signature block, wrong schema/algorithm, mismatched
+device id, malformed public key, unreadable file). Pipe it from CI without
+parsing the output.
+
+## How it works
+
+```
+   your IDE / agent / CI
+            │
+            │  manifest (release, commit, evidence pack, SBOM, anything)
+            ▼
+   matrixscroll.sign_manifest(...)
+            │
+            │  canonical JSON  (sorted keys, ASCII-escaped, no NaN,
+            │                   signature block excluded from input)
+            ▼
+   IdentityProvider          ──►  Ed25519 signature
+   (Emulated today,
+    SSX360 / SE050 tomorrow)
+            │
+            ▼
+   signed manifest  ──►  matrixscroll.verify_manifest(...)
+                         (anyone, anywhere, offline)
+```
+
+The same Python API serves the local software emulator and the physical
+SSX360 device. Switch with the `MATRIXSCROLL_MODE` environment variable.
+
+## Compliance levels
+
+| Level | Provider | Backed by | Status |
+| ----- | -------- | --------- | ------ |
+| **L1** Emulated | `EmulatedProvider` | Software key, file-backed (0600) | ✅ Shipping |
+| **L2** Hardware | `HardwareProvider` | NXP SE050 secure element (SSX360) | 🛠 Stage-0 prototype |
+| **L3** Attested | future | L2 + remote attestation | 🗺 Roadmap |
+
+`status()` exposes the active level via the `mode` and `available` fields so
+read-only dashboards can render before the hardware path is wired.
+
+## Storage and trust boundaries
+
+- Emulated key store: `~/.matrixscroll/device.json`
+  (override with `MATRIXSCROLL_HOME`).
+- The directory is created `0700`; the seed file is opened `0600` with
+  `O_CREAT|O_EXCL` so the private seed is never momentarily world-readable and
+  a race cannot silently clobber an existing key store.
+- A corrupt or truncated store **fails loud** (`IdentityError`) rather than
+  silently minting a fresh identity. Identity rotation is an explicit operation.
+- The hardware path holds nothing private on disk — the seed is sealed in the
+  secure element.
+
+## Reference implementation, not the only one
+
+Matrix Scroll is a protocol. This Python package is the reference. We welcome
+implementations in Rust, Go, TypeScript, and embedded C — run them against
+[`vectors/`](vectors/) to self-certify. See `CONTRIBUTING.md`.
+
+## Agentic AI guidance proof
+
+The repo includes a machine-readable control matrix at
+[`controls/agentic_ai_controls.json`](controls/agentic_ai_controls.json), an
+example bounded-agent evidence manifest at
+[`examples/agentic_ai_evidence_manifest.json`](examples/agentic_ai_evidence_manifest.json),
+and executable checks in `tests/test_agentic_guidance.py`. These prove each
+claim maps to repo evidence and that signed agent scope changes fail verify.
+
+## License
+
+- Code: **Apache-2.0** (`LICENSE`).
+- Specification text (`SPEC.md`, `vectors/`): **CC0 1.0** — public domain.
+
+## Security
+
+See [`SECURITY.md`](SECURITY.md). Report vulnerabilities privately to
+**security@matrixscroll.com** or via a GitHub Security Advisory.

matrixscroll-0.1.0.dist-info/RECORD

@@ -0,0 +1,9 @@
+matrixscroll/__init__.py,sha256=xdcP2oVLj8Gjp4vJsNFn6_XkvaYqWI5FWyX1DGqryok,1368
+matrixscroll/_core.py,sha256=UpBpNn36ntJDdRsEGXk8OMGY2On8PaeD3nHJoW0VSR8,12635
+matrixscroll/cli.py,sha256=V9lZqfAFo7xuUA-PIb9E8bX3GV3uhhtt-QGAbXVAleI,2899
+matrixscroll/py.typed,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
+matrixscroll-0.1.0.dist-info/METADATA,sha256=9-ZAjP6Vou5BTx3EJ0Y0X3jgOXRsZA0pQ8xNce5J-3s,6498
+matrixscroll-0.1.0.dist-info/WHEEL,sha256=mffPy8wBnZQn2VnJUU5jE99KsxaSfiyMHV9Yt0aLVxs,87
+matrixscroll-0.1.0.dist-info/entry_points.txt,sha256=QNuWZkuBxauvxVoTNjmTCpeTErw974lJ8WyyrzFa7JI,55
+matrixscroll-0.1.0.dist-info/licenses/LICENSE,sha256=tEVbK2foaOz1nfkv3jaom6_ojcEDJIKoSzfRfAZDELQ,11342
+matrixscroll-0.1.0.dist-info/RECORD,,

matrixscroll-0.1.0.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.30.1
+Root-Is-Purelib: true
+Tag: py3-none-any

matrixscroll-0.1.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+matrixscroll = matrixscroll.cli:main

matrixscroll-0.1.0.dist-info/licenses/LICENSE

@@ -0,0 +1,202 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, notice, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for describing the origin of the Work and
+      reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2026 SSX360 / Matrix Scroll contributors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.