matrixscroll 0.1.0__tar.gz → 0.1.1__tar.gz

{matrixscroll-0.1.0 → matrixscroll-0.1.1}/CHANGELOG.md

@@ -4,6 +4,19 @@ All notable changes to the Matrix Scroll Python SDK are documented here. The
 format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and
 this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.1.1] - 2026-06-19
+
+Copy and citation hardening patch. No protocol or API changes.
+
+### Changed
+- Clarified public README and package metadata: v0.1.x ships a software root of
+  trust; SSX360/NXP SE050 hardware signing is the compatible reference-device
+  path in progress.
+- Replaced a direct PDF citation that may return `403` from some environments
+  with resolvable official agency pages for the joint agentic-AI guidance.
+- Added regression checks so PyPI-facing metadata avoids over-strong hardware
+  availability claims.
+
 ## [0.1.0] - 2026-06-19
 
 Initial public release. Extracted from the SSX360 reference implementation.
@@ -31,4 +44,5 @@ Initial public release. Extracted from the SSX360 reference implementation.
 - Device id format: `MS-XXXX-XXXX` (SHA-256 of the raw public key, first 8 hex
   chars, uppercase).
 
+[0.1.1]: https://github.com/SSX360/matrixscroll/releases/tag/v0.1.1
 [0.1.0]: https://github.com/SSX360/matrixscroll/releases/tag/v0.1.0

{matrixscroll-0.1.0 → matrixscroll-0.1.1}/CONTRIBUTING.md

@@ -15,8 +15,8 @@ well-tested, spec-aware."
 - **No new runtime dependencies** without discussion in an issue first. The
   surface area of a cryptographic SDK should stay tight.
 - **Signed commits preferred.** Use `git config commit.gpgsign true` or an SSH
-  signing key. Once the SSX360 device ships, hardware-signed commits are the
-  preferred default.
+  signing key. Once the SSX360 device ships, hardware-backed commit signing is
+  the preferred default.
 
 ## Development setup
 

{matrixscroll-0.1.0 → matrixscroll-0.1.1}/PKG-INFO

@@ -1,7 +1,7 @@
 Metadata-Version: 2.4
 Name: matrixscroll
-Version: 0.1.0
-Summary: Open protocol for hardware-signed AI-assisted code (Ed25519 root of trust, software emulator + SSX360 reference device).
+Version: 0.1.1
+Summary: Open protocol for signing AI-assisted code provenance with Ed25519; shipping software root of trust with SSX360 hardware support in progress.
 Project-URL: Homepage, https://matrixscroll.com
 Project-URL: Documentation, https://matrixscroll.com/docs
 Project-URL: Source, https://github.com/SSX360/matrixscroll
@@ -35,19 +35,21 @@ Description-Content-Type: text/markdown
 
 # Matrix Scroll
 
-**Open protocol for hardware-signed AI-assisted code.**
+**Open protocol for signed AI-assisted code provenance.**
 
-Every AI-generated change in your IDE gets cryptographically signed by an
-Ed25519 key sealed in a hardware root of trust. Anyone can verify the result
-offline with a public key and one command.
+Every AI-generated change in your IDE can be cryptographically signed by an
+Ed25519 identity and verified offline with a public key and one command. The
+v0.1.x reference implementation ships a well-tested software root of trust;
+SSX360/NXP SE050 hardware signing is the compatible reference-device path in
+progress.
 
 - 📜 **Spec:** [`SPEC.md`](SPEC.md) — wire format, canonical encoding, schemas.
 - 🛡 **Agentic AI controls:** [`docs/AGENTIC_AI_SECURITY.md`](docs/AGENTIC_AI_SECURITY.md)
   maps Matrix Scroll to the joint *Careful Adoption of Agentic AI Services* guidance.
-- 🔐 **Algorithm:** Ed25519 (RFC 8032). Keys never leave the provider.
+- 🔐 **Algorithm:** Ed25519 (RFC 8032). Private keys are never exposed by the SDK API.
 - 🧪 **Conformance vectors:** [`vectors/`](vectors/) — for non-Python implementations.
 - 🌐 **Site:** <https://matrixscroll.com>
-- 🔧 **Reference device:** [SSX360](https://matrixscroll.com/device) (NXP SE050).
+- 🔧 **Reference device:** [SSX360](https://matrixscroll.com/device) (NXP SE050 hardware path in progress).
 
 ```bash
 pip install matrixscroll
@@ -113,8 +115,10 @@ parsing the output.
                          (anyone, anywhere, offline)
 ```
 
-The same Python API serves the local software emulator and the physical
-SSX360 device. Switch with the `MATRIXSCROLL_MODE` environment variable.
+The same Python API is designed to serve the local software emulator and the
+physical SSX360 device path. Switch with the `MATRIXSCROLL_MODE` environment
+variable; in v0.1.x, `hardware` mode reports unavailable until the SE050
+transport ships.
 
 ## Compliance levels
 
@@ -136,8 +140,8 @@ read-only dashboards can render before the hardware path is wired.
   a race cannot silently clobber an existing key store.
 - A corrupt or truncated store **fails loud** (`IdentityError`) rather than
   silently minting a fresh identity. Identity rotation is an explicit operation.
-- The hardware path holds nothing private on disk — the seed is sealed in the
-  secure element.
+- The planned hardware path holds nothing private on disk — the seed is sealed
+  in the secure element. In v0.1.x, this path is a typed availability stub.
 
 ## Reference implementation, not the only one
 

{matrixscroll-0.1.0 → matrixscroll-0.1.1}/README.md

@@ -1,18 +1,20 @@
 # Matrix Scroll
 
-**Open protocol for hardware-signed AI-assisted code.**
+**Open protocol for signed AI-assisted code provenance.**
 
-Every AI-generated change in your IDE gets cryptographically signed by an
-Ed25519 key sealed in a hardware root of trust. Anyone can verify the result
-offline with a public key and one command.
+Every AI-generated change in your IDE can be cryptographically signed by an
+Ed25519 identity and verified offline with a public key and one command. The
+v0.1.x reference implementation ships a well-tested software root of trust;
+SSX360/NXP SE050 hardware signing is the compatible reference-device path in
+progress.
 
 - 📜 **Spec:** [`SPEC.md`](SPEC.md) — wire format, canonical encoding, schemas.
 - 🛡 **Agentic AI controls:** [`docs/AGENTIC_AI_SECURITY.md`](docs/AGENTIC_AI_SECURITY.md)
   maps Matrix Scroll to the joint *Careful Adoption of Agentic AI Services* guidance.
-- 🔐 **Algorithm:** Ed25519 (RFC 8032). Keys never leave the provider.
+- 🔐 **Algorithm:** Ed25519 (RFC 8032). Private keys are never exposed by the SDK API.
 - 🧪 **Conformance vectors:** [`vectors/`](vectors/) — for non-Python implementations.
 - 🌐 **Site:** <https://matrixscroll.com>
-- 🔧 **Reference device:** [SSX360](https://matrixscroll.com/device) (NXP SE050).
+- 🔧 **Reference device:** [SSX360](https://matrixscroll.com/device) (NXP SE050 hardware path in progress).
 
 ```bash
 pip install matrixscroll
@@ -78,8 +80,10 @@ parsing the output.
                          (anyone, anywhere, offline)
 ```
 
-The same Python API serves the local software emulator and the physical
-SSX360 device. Switch with the `MATRIXSCROLL_MODE` environment variable.
+The same Python API is designed to serve the local software emulator and the
+physical SSX360 device path. Switch with the `MATRIXSCROLL_MODE` environment
+variable; in v0.1.x, `hardware` mode reports unavailable until the SE050
+transport ships.
 
 ## Compliance levels
 
@@ -101,8 +105,8 @@ read-only dashboards can render before the hardware path is wired.
   a race cannot silently clobber an existing key store.
 - A corrupt or truncated store **fails loud** (`IdentityError`) rather than
   silently minting a fresh identity. Identity rotation is an explicit operation.
-- The hardware path holds nothing private on disk — the seed is sealed in the
-  secure element.
+- The planned hardware path holds nothing private on disk — the seed is sealed
+  in the secure element. In v0.1.x, this path is a typed availability stub.
 
 ## Reference implementation, not the only one
 

{matrixscroll-0.1.0 → matrixscroll-0.1.1}/controls/agentic_ai_controls.json

@@ -1,8 +1,10 @@
 {
   "schema": "matrixscroll.agentic_ai_controls.v1",
   "sources": [
-    "https://media.defense.gov/2026/Apr/30/2003922823/-1/-1/0/CAREFUL%20ADOPTION%20OF%20AGENTIC%20AI%20SERVICES_FINAL.PDF",
+    "https://www.cyber.gov.au/business-government/secure-design/artificial-intelligence/careful-adoption-of-agentic-ai-services",
     "https://www.cisa.gov/resources-tools/resources/careful-adoption-agentic-ai-services",
+    "https://www.nsa.gov/aisc/",
+    "https://www.cyber.gc.ca/en/news-events/joint-guidance-careful-adoption-agentic-artificial-intelligence-services",
     "https://www.ncsc.govt.nz/protect-your-organisation/careful-adoption-of-agentic-ai-services/",
     "https://www.ncsc.gov.uk/blogs/thinking-carefully-before-adopting-agentic-ai"
   ],
@@ -13,7 +15,7 @@
       "guidance": "Adopt agentic AI incrementally; prefer tightly scoped pilots before connecting agents to real systems or sensitive data.",
       "matrixscroll_control": "Matrix Scroll signs bounded manifests rather than granting agents authority. The SDK records scope, task, reviewer, and policy fields as verifiable evidence.",
       "evidence_paths": ["examples/agentic_ai_evidence_manifest.json", "README.md"],
-      "goes_beyond": "Hardware-rooted signatures make the boundary review portable and independently auditable."
+      "goes_beyond": "Signed boundary reviews are portable and independently auditable; the planned hardware path can bind them to a physical signer."
     },
     {
       "id": "AAI-02",
@@ -29,7 +31,7 @@
       "guidance": "Use temporary credentials where possible and revoke elevated access when work completes.",
       "matrixscroll_control": "Manifests can require short-lived credential metadata and explicitly avoid embedding secrets. Tests enforce redaction-sensitive fields stay unsigned as labels only.",
       "evidence_paths": ["SECURITY.md", "examples/agentic_ai_evidence_manifest.json"],
-      "goes_beyond": "The signing key itself never appears as an application credential; hardware mode seals it in SSX360/SE050."
+      "goes_beyond": "The signing key itself never appears as an application credential; the planned hardware mode seals it in SSX360/SE050."
     },
     {
       "id": "AAI-04",
@@ -37,7 +39,7 @@
       "guidance": "Define who owns the agent, approves access, monitors behaviour, reviews incidents, and can stop it.",
       "matrixscroll_control": "Signed manifests carry owner, approver, reviewer, and break-glass contact fields as tamper-evident accountability evidence.",
       "evidence_paths": ["examples/agentic_ai_evidence_manifest.json", "docs/AGENTIC_AI_SECURITY.md"],
-      "goes_beyond": "Approvals can be bound to a physical root of trust instead of a mutable log entry."
+      "goes_beyond": "Approvals can be bound to a signature instead of a mutable log entry; the planned hardware path can bind that signature to a physical root of trust."
     },
     {
       "id": "AAI-05",
@@ -83,7 +85,7 @@
       "id": "AAI-10",
       "title": "Strong authentication and non-repudiation",
       "guidance": "Use strong authentication and avoid relying on weak internal safeguards for agent authority.",
-      "matrixscroll_control": "Ed25519 signatures bind agent evidence to a public key; hardware mode moves the private key into SSX360/SE050.",
+      "matrixscroll_control": "Ed25519 signatures bind agent evidence to a public key; the planned hardware mode moves the private key into SSX360/SE050.",
       "evidence_paths": ["SPEC.md", "matrixscroll/_core.py", "SECURITY.md"],
       "goes_beyond": "The private signing key is separated from agent runtime credentials and can be physically held or removed."
     },

{matrixscroll-0.1.0 → matrixscroll-0.1.1}/docs/AGENTIC_AI_SECURITY.md

@@ -4,13 +4,12 @@ This document maps Matrix Scroll to the joint guidance **Careful Adoption of
 Agentic AI Services** published by ASD's ACSC, CISA, NSA, the Canadian Centre
 for Cyber Security, NCSC-NZ, and NCSC-UK.
 
-Primary source:
-
-- <https://media.defense.gov/2026/Apr/30/2003922823/-1/-1/0/CAREFUL%20ADOPTION%20OF%20AGENTIC%20AI%20SERVICES_FINAL.PDF>
-
-Additional public mirrors/summaries used for traceability:
+Official public sources verified for traceability:
 
+- <https://www.cyber.gov.au/business-government/secure-design/artificial-intelligence/careful-adoption-of-agentic-ai-services>
 - <https://www.cisa.gov/resources-tools/resources/careful-adoption-agentic-ai-services>
+- <https://www.nsa.gov/aisc/>
+- <https://www.cyber.gc.ca/en/news-events/joint-guidance-careful-adoption-agentic-artificial-intelligence-services>
 - <https://www.ncsc.govt.nz/protect-your-organisation/careful-adoption-of-agentic-ai-services/>
 - <https://www.ncsc.gov.uk/blogs/thinking-carefully-before-adopting-agentic-ai>
 
@@ -40,7 +39,7 @@ The machine-readable control matrix lives at
 | AAI-07 | Monitoring and auditability | Signed manifests are portable audit records verifiable offline. |
 | AAI-08 | Incident response / kill switch | CI/CLI verification exits non-zero; manifests include escalation and shutdown metadata. |
 | AAI-09 | Supply-chain management | Minimal deps, Dependabot, CI build verification, and conformance vectors. |
-| AAI-10 | Strong authentication / non-repudiation | Ed25519 identity; SSX360 hardware mode keeps private keys out of agent runtimes. |
+| AAI-10 | Strong authentication / non-repudiation | Ed25519 identity; the planned SSX360 hardware mode keeps private keys out of agent runtimes. |
 | AAI-11 | Governance and change control | CODEOWNERS + CI protect spec/core/vectors/security files. |
 | AAI-12 | Deception / prompt-injection resilience | Trust is verified after agent action; model text cannot forge signatures. |
 
@@ -51,8 +50,9 @@ Matrix Scroll adds a stronger evidence layer on top:
 
 1. **Offline verification** — auditors can verify a manifest without trusting
    Matrix Scroll servers, the original CI system, or the agent runtime.
-2. **Hardware-rooted provenance** — SSX360 L2 mode moves the signing key into a
-   secure element so the agent cannot exfiltrate it as a normal credential.
+2. **Hardware-rooted provenance path** — the SSX360 L2 design moves the signing
+   key into a secure element so the agent cannot exfiltrate it as a normal
+   credential. In v0.1.x, this is a typed provider path awaiting SE050 transport.
 3. **Fail-closed policy gates** — the CLI returns exit `2` for tampered,
    unsigned, malformed, wrong-schema, wrong-algorithm, or wrong-device-id input.
 4. **Executable conformance** — `vectors/` lets third-party implementations

{matrixscroll-0.1.0 → matrixscroll-0.1.1}/matrixscroll/__init__.py

@@ -1,9 +1,10 @@
-"""Matrix Scroll — open protocol for hardware-signed AI-assisted code.
+"""Matrix Scroll — open protocol for signed AI-assisted code provenance.
 
 This package is the Python reference implementation of the Matrix Scroll
 protocol. It exposes an Ed25519 root-of-trust abstraction with a software
-emulator (default) and a hardware provider stub for the SSX360 reference
-device (NXP SE050). Private keys never leave the provider.
+emulator (default) and a typed hardware-provider path for the SSX360 reference
+device (NXP SE050). In v0.1.x, hardware mode reports unavailable until the
+SE050 transport ships. Private keys are never exposed by the SDK API.
 
 Quickstart:
 
@@ -37,7 +38,7 @@ from ._core import (
     verify_manifest,
 )
 
-__version__ = "0.1.0"
+__version__ = "0.1.1"
 
 __all__ = [
     "ALGORITHM",

{matrixscroll-0.1.0 → matrixscroll-0.1.1}/matrixscroll/_core.py

@@ -5,14 +5,14 @@ The same API serves the local emulator today and the physical NXP SE050 device
 later, selected via the MATRIXSCROLL_MODE environment variable.
 
 Security contract:
-  - Private keys never leave the provider. Public callers only ever see the
-    public key, the derived device id, and signatures.
+  - Private keys are never exposed by the SDK API. Public callers only ever see
+    the public key, the derived device id, and signatures.
   - In emulated mode the private seed is stored locally under
     ~/.matrixscroll/device.json. The directory is created 0700 and the file is
     opened 0600 at creation time (never write-then-chmod), so the seed is never
     momentarily world-readable. A corrupt store fails loud rather than silently
-    re-minting identity. On real hardware the seed is sealed in the secure
-    element and this file holds only public material.
+    re-minting identity. In the planned hardware path the seed is sealed in the
+    secure element and this file holds only public material.
 """
 
 from __future__ import annotations

{matrixscroll-0.1.0 → matrixscroll-0.1.1}/pyproject.toml

@@ -4,8 +4,8 @@ build-backend = "hatchling.build"
 
 [project]
 name = "matrixscroll"
-version = "0.1.0"
-description = "Open protocol for hardware-signed AI-assisted code (Ed25519 root of trust, software emulator + SSX360 reference device)."
+version = "0.1.1"
+description = "Open protocol for signing AI-assisted code provenance with Ed25519; shipping software root of trust with SSX360 hardware support in progress."
 readme = "README.md"
 requires-python = ">=3.10"
 license = "Apache-2.0"

{matrixscroll-0.1.0 → matrixscroll-0.1.1}/tests/test_agentic_guidance.py

@@ -29,8 +29,10 @@ class AgenticGuidanceControlMatrixTests(unittest.TestCase):
     def test_control_matrix_has_expected_schema_and_sources(self):
         self.assertEqual(self.matrix["schema"], "matrixscroll.agentic_ai_controls.v1")
         self.assertGreaterEqual(len(self.matrix["sources"]), 4)
-        self.assertTrue(any("media.defense.gov" in src for src in self.matrix["sources"]))
+        self.assertTrue(any("cyber.gov.au" in src for src in self.matrix["sources"]))
         self.assertTrue(any("cisa.gov" in src for src in self.matrix["sources"]))
+        self.assertTrue(any("nsa.gov" in src for src in self.matrix["sources"]))
+        self.assertTrue(any("cyber.gc.ca" in src for src in self.matrix["sources"]))
         self.assertTrue(any("ncsc.gov" in src for src in self.matrix["sources"]))
 
     def test_every_control_has_required_fields_and_repo_evidence(self):

{matrixscroll-0.1.0 → matrixscroll-0.1.1}/tests/test_release_metadata.py

@@ -18,4 +18,23 @@ def test_sdk_public_docs_do_not_link_vercel_preview_urls():
     checked = [ROOT / "README.md", ROOT / "pyproject.toml", ROOT / "SPEC.md"]
     for path in checked:
         text = path.read_text(encoding="utf-8")
-        assert "vercel.app" not in text, path.name
+        assert "vercel.app" not in text, path.name
+
+
+def test_pypi_metadata_does_not_overclaim_hardware_availability():
+    checked = [
+        ROOT / "README.md",
+        ROOT / "CONTRIBUTING.md",
+        ROOT / "pyproject.toml",
+        ROOT / "matrixscroll" / "__init__.py",
+        ROOT / "matrixscroll" / "_core.py",
+    ]
+    forbidden = [
+        "hardware-signed",
+        "sealed in a hardware root",
+        "keys never leave the provider",
+    ]
+    for path in checked:
+        text = path.read_text(encoding="utf-8").lower()
+        for phrase in forbidden:
+            assert phrase not in text, f"{phrase!r} found in {path.name}"