PyPI - molt-cipher-bridge - Versions diffs - 1.3.0__tar.gz → 1.4.2__tar.gz - Mend

molt-cipher-bridge 1.3.0tar.gz → 1.4.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

molt_cipher_bridge-1.4.2/PKG-INFO ADDED Viewed

@@ -0,0 +1,189 @@
+Metadata-Version: 2.4
+Name: molt-cipher-bridge
+Version: 1.4.2
+Summary: A cryptographic standard for secure Agent-to-Agent (A2A) communication.
+Author-email: Satyaa & Clawdy <clawdy@openclaw.ai>
+License: MIT
+Project-URL: Homepage, https://github.com/CrimsonDevil333333/molt-cipher-bridge
+Project-URL: Bug Tracker, https://github.com/CrimsonDevil333333/molt-cipher-bridge/issues
+Classifier: Programming Language :: Python :: 3
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: cryptography>=42.0.0
+Dynamic: license-file
+# 🦞 Molt-Cipher-Bridge (v1.4.2)
+[![PyPI version](https://img.shields.io/pypi/v/molt-cipher-bridge.svg)](https://pypi.org/project/molt-cipher-bridge/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+**Molt-Cipher-Bridge** is a cryptographic standard designed for secure **Agent-to-Agent (A2A)** communication and "Sealed Intents." It enables task fragments to be encrypted at the source and decrypted only at the execution destination, keeping sensitive logic entirely out of persistent logs.
+---
+## 🛡️ The Zero-Log Protocol (MANDATORY)
+We operate on a **Zero-Trust Policy**. Agents must never handle plaintext secrets in command arguments or shell history.
+### 1. Zero-Trust Sealing (Sender)
+**NEVER use `echo "SECRET" > file` to create secret files.** This leaves the secret permanently in your shell history (`.bash_history`) and system logs.
+**The Secure Workflow:**
+1.  **Request from Human**: If you need a new secret, define a file path and ask your human to manually place the secret data (JSON, .env, or plain text) there.
+2.  **Point to File**: Use the `--file` flag to seal the intent directly from that path.
+3.  **Purge with Caution**:
+    *   **Temp Files**: If you created a one-time temporary file, delete it immediately after sealing.
+    *   **System/Important Configs**: **NEVER** delete system files, user configurations, or important `.env` files that were already present.
+```bash
+# Seal secrets from a file manually placed by the human
+molt-cipher seal --key "$KEY" --sender "Orchestrator" --to "Worker" --file ./secrets.json
+```
+### 2. Zero-Log Execution (Worker)
+**Never print unsealed secrets.** Use the `run` command to inject them directly into RAM via environment variables or templates.
+```bash
+# Standard ENV injection ($VAR)
+molt-cipher run --key "$KEY" --fragment "$FRAG" --cmd "echo \$SECRET_VAL"
+# Direct Argument Injection ({VAR})
+molt-cipher run --key "$KEY" --fragment "$FRAG" --cmd "python3 api.py --key {API_KEY}"
+```
+---
+## ⚡ Quick Start for Agents
+Bootstrap your environment, install the tool, and learn the protocol:
+```bash
+curl -sSL https://raw.githubusercontent.com/CrimsonDevil333333/molt-cipher-bridge/master/bootstrap_agent.sh | bash
+```
+---
+## 🚀 Installation
+### 🛠️ Linux (Recommended)
+Use `pipx` to install as a standalone CLI tool without environment conflicts:
+```bash
+pipx install molt-cipher-bridge
+```
+### 📦 Standard Pip
+```bash
+pip install molt-cipher-bridge
+```
+---
+## 🛠️ Usage Examples
+### 🔑 1. Generating a Shared Key
+Agents must share a key (passed via secure channel or human handoff) to communicate.
+```bash
+# Generate a secure Fernet key
+python3 -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
+```
+### 🧪 2. Generating Samples
+Bots can ask users for secrets by providing a template:
+```bash
+# Generate an .env template
+molt-cipher sample --type env --out secrets.sample
+# Generate a JSON template
+molt-cipher sample --type json --out secrets.sample
+```
+### 🔐 3. Sealing Different File Types
+```bash
+# Seal a .env file (parsed automatically by 'run')
+molt-cipher seal --key "$KEY" --sender "A" --to "B" --file .env
+# Seal a binary file (e.g., an SSH key)
+molt-cipher seal --key "$KEY" --sender "A" --to "B" --file id_rsa --binary
+```
+### ⚡ 4. Selective Running (Least Privilege)
+Only expose specific secrets to a command, even if the fragment contains many:
+```bash
+# Only inject DB_URL and DB_USER
+molt-cipher run --key "$KEY" --fragment "$FRAG" --pick "DB_URL,DB_USER" --cmd "psql {DB_URL}"
+```
+### 🔓 5. Unsealing to File
+Restore the original file content securely:
+```bash
+molt-cipher unseal --key "$KEY" --fragment "$FRAG" --out restored_key.pem
+```
+---
+## 📖 Full CLI Reference
+### `seal`
+Encrypts data into a JSON fragment.
+- `--key`: (Required) 32-byte base64-encoded Fernet key.
+- `--sender`: (Required) ID of the sending agent.
+- `--to`: (Required) ID of the recipient agent.
+- `--file`: Path to file containing secrets (LOG-SAFE).
+- `--data`: Raw JSON/String data (⚠️ LEAKS IN LOGS).
+- `--ttl`: Time-to-Live in seconds (Default: 300).
+- `--binary`: Treat input as raw binary (required for keys/blobs).
+### `unseal`
+Decrypts and retrieves the content of a fragment.
+- `--key`: (Required) The shared Fernet key.
+- `--fragment`: (Required) JSON fragment string or path to fragment file.
+- `--out`: Write output directly to this file path.
+- `--ignore-expiry`: Bypass TTL check (Debug only).
+### `run`
+Executes a command with secrets injected into the ephemeral environment.
+- `--key`: (Required) The shared Fernet key.
+- `--fragment`: (Required) JSON fragment string or path to fragment file.
+- `--cmd`: (Required) The shell command to execute.
+- `--pick`: Comma-separated list of keys to inject.
+- `--ignore-expiry`: Bypass TTL check.
+### `sample`
+Creates boilerplate secret files.
+- `--type`: `env` or `json`.
+- `--out`: Destination file path.
+---
+## 🧪 Real-World Agent Scenarios
+### Scenario: Secure API Deployment (Verified 2026-02-06)
+1.  **Preparation**: Human creates `prod.env` with `API_KEY` and `DB_URL`.
+2.  **Sealing**: Orchestrator runs `molt-cipher seal --file prod.env` and sends the fragment to the Deployer agent.
+3.  **Deployment**: Deployer agent runs `molt-cipher run --cmd "docker-compose up -d"` using the fragment.
+4.  **Result**: Secrets were never logged in the Orchestrator's trace or the host's `.bash_history`.
+### Scenario: Multi-Agent Handoff (Verified 2026-02-06)
+1. **Goal**: Pass a GitHub Token from Orchestrator to Worker.
+2. **Workflow**:
+   - Orchestrator seals the token into a fragment.
+   - Worker bootstraps using `bootstrap_agent.sh`.
+   - Worker executes `molt-cipher run --fragment fragment.json --cmd "echo \$GH_TOKEN"` (or use `{GH_TOKEN}` template).
+3. **Success**: Worker accessed the secret in ephemeral RAM; zero plaintext in chat or system logs.
+---
+## 🧠 Permanent Agent Memory
+1.  **No `echo`**: Plaintext secrets in shell history = Critical Failure.
+2.  **Handoff**: Human File -> Seal `--file` -> Selective Purge (Temp only).
+3.  **Running**: Fragment -> Run -> RAM Injection (`$VAR` or `{VAR}`).
+4.  **Integrity**: Never delete files you didn't create or important system configs.
+---
+## 🔗 Links
+- **PyPI**: [https://pypi.org/project/molt-cipher-bridge/](https://pypi.org/project/molt-cipher-bridge/)
+- **Source**: [https://github.com/CrimsonDevil333333/molt-cipher-bridge](https://github.com/CrimsonDevil333333/molt-cipher-bridge)
+- **Philosophy**: [SOUL.md](./SOUL.md)
+---
+*Developed by Clawdy & Satyaa* 🦞✨

molt_cipher_bridge-1.4.2/README.md ADDED Viewed

@@ -0,0 +1,173 @@
+# 🦞 Molt-Cipher-Bridge (v1.4.2)
+[![PyPI version](https://img.shields.io/pypi/v/molt-cipher-bridge.svg)](https://pypi.org/project/molt-cipher-bridge/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+**Molt-Cipher-Bridge** is a cryptographic standard designed for secure **Agent-to-Agent (A2A)** communication and "Sealed Intents." It enables task fragments to be encrypted at the source and decrypted only at the execution destination, keeping sensitive logic entirely out of persistent logs.
+---
+## 🛡️ The Zero-Log Protocol (MANDATORY)
+We operate on a **Zero-Trust Policy**. Agents must never handle plaintext secrets in command arguments or shell history.
+### 1. Zero-Trust Sealing (Sender)
+**NEVER use `echo "SECRET" > file` to create secret files.** This leaves the secret permanently in your shell history (`.bash_history`) and system logs.
+**The Secure Workflow:**
+1.  **Request from Human**: If you need a new secret, define a file path and ask your human to manually place the secret data (JSON, .env, or plain text) there.
+2.  **Point to File**: Use the `--file` flag to seal the intent directly from that path.
+3.  **Purge with Caution**:
+    *   **Temp Files**: If you created a one-time temporary file, delete it immediately after sealing.
+    *   **System/Important Configs**: **NEVER** delete system files, user configurations, or important `.env` files that were already present.
+```bash
+# Seal secrets from a file manually placed by the human
+molt-cipher seal --key "$KEY" --sender "Orchestrator" --to "Worker" --file ./secrets.json
+```
+### 2. Zero-Log Execution (Worker)
+**Never print unsealed secrets.** Use the `run` command to inject them directly into RAM via environment variables or templates.
+```bash
+# Standard ENV injection ($VAR)
+molt-cipher run --key "$KEY" --fragment "$FRAG" --cmd "echo \$SECRET_VAL"
+# Direct Argument Injection ({VAR})
+molt-cipher run --key "$KEY" --fragment "$FRAG" --cmd "python3 api.py --key {API_KEY}"
+```
+---
+## ⚡ Quick Start for Agents
+Bootstrap your environment, install the tool, and learn the protocol:
+```bash
+curl -sSL https://raw.githubusercontent.com/CrimsonDevil333333/molt-cipher-bridge/master/bootstrap_agent.sh | bash
+```
+---
+## 🚀 Installation
+### 🛠️ Linux (Recommended)
+Use `pipx` to install as a standalone CLI tool without environment conflicts:
+```bash
+pipx install molt-cipher-bridge
+```
+### 📦 Standard Pip
+```bash
+pip install molt-cipher-bridge
+```
+---
+## 🛠️ Usage Examples
+### 🔑 1. Generating a Shared Key
+Agents must share a key (passed via secure channel or human handoff) to communicate.
+```bash
+# Generate a secure Fernet key
+python3 -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
+```
+### 🧪 2. Generating Samples
+Bots can ask users for secrets by providing a template:
+```bash
+# Generate an .env template
+molt-cipher sample --type env --out secrets.sample
+# Generate a JSON template
+molt-cipher sample --type json --out secrets.sample
+```
+### 🔐 3. Sealing Different File Types
+```bash
+# Seal a .env file (parsed automatically by 'run')
+molt-cipher seal --key "$KEY" --sender "A" --to "B" --file .env
+# Seal a binary file (e.g., an SSH key)
+molt-cipher seal --key "$KEY" --sender "A" --to "B" --file id_rsa --binary
+```
+### ⚡ 4. Selective Running (Least Privilege)
+Only expose specific secrets to a command, even if the fragment contains many:
+```bash
+# Only inject DB_URL and DB_USER
+molt-cipher run --key "$KEY" --fragment "$FRAG" --pick "DB_URL,DB_USER" --cmd "psql {DB_URL}"
+```
+### 🔓 5. Unsealing to File
+Restore the original file content securely:
+```bash
+molt-cipher unseal --key "$KEY" --fragment "$FRAG" --out restored_key.pem
+```
+---
+## 📖 Full CLI Reference
+### `seal`
+Encrypts data into a JSON fragment.
+- `--key`: (Required) 32-byte base64-encoded Fernet key.
+- `--sender`: (Required) ID of the sending agent.
+- `--to`: (Required) ID of the recipient agent.
+- `--file`: Path to file containing secrets (LOG-SAFE).
+- `--data`: Raw JSON/String data (⚠️ LEAKS IN LOGS).
+- `--ttl`: Time-to-Live in seconds (Default: 300).
+- `--binary`: Treat input as raw binary (required for keys/blobs).
+### `unseal`
+Decrypts and retrieves the content of a fragment.
+- `--key`: (Required) The shared Fernet key.
+- `--fragment`: (Required) JSON fragment string or path to fragment file.
+- `--out`: Write output directly to this file path.
+- `--ignore-expiry`: Bypass TTL check (Debug only).
+### `run`
+Executes a command with secrets injected into the ephemeral environment.
+- `--key`: (Required) The shared Fernet key.
+- `--fragment`: (Required) JSON fragment string or path to fragment file.
+- `--cmd`: (Required) The shell command to execute.
+- `--pick`: Comma-separated list of keys to inject.
+- `--ignore-expiry`: Bypass TTL check.
+### `sample`
+Creates boilerplate secret files.
+- `--type`: `env` or `json`.
+- `--out`: Destination file path.
+---
+## 🧪 Real-World Agent Scenarios
+### Scenario: Secure API Deployment (Verified 2026-02-06)
+1.  **Preparation**: Human creates `prod.env` with `API_KEY` and `DB_URL`.
+2.  **Sealing**: Orchestrator runs `molt-cipher seal --file prod.env` and sends the fragment to the Deployer agent.
+3.  **Deployment**: Deployer agent runs `molt-cipher run --cmd "docker-compose up -d"` using the fragment.
+4.  **Result**: Secrets were never logged in the Orchestrator's trace or the host's `.bash_history`.
+### Scenario: Multi-Agent Handoff (Verified 2026-02-06)
+1. **Goal**: Pass a GitHub Token from Orchestrator to Worker.
+2. **Workflow**:
+   - Orchestrator seals the token into a fragment.
+   - Worker bootstraps using `bootstrap_agent.sh`.
+   - Worker executes `molt-cipher run --fragment fragment.json --cmd "echo \$GH_TOKEN"` (or use `{GH_TOKEN}` template).
+3. **Success**: Worker accessed the secret in ephemeral RAM; zero plaintext in chat or system logs.
+---
+## 🧠 Permanent Agent Memory
+1.  **No `echo`**: Plaintext secrets in shell history = Critical Failure.
+2.  **Handoff**: Human File -> Seal `--file` -> Selective Purge (Temp only).
+3.  **Running**: Fragment -> Run -> RAM Injection (`$VAR` or `{VAR}`).
+4.  **Integrity**: Never delete files you didn't create or important system configs.
+---
+## 🔗 Links
+- **PyPI**: [https://pypi.org/project/molt-cipher-bridge/](https://pypi.org/project/molt-cipher-bridge/)
+- **Source**: [https://github.com/CrimsonDevil333333/molt-cipher-bridge](https://github.com/CrimsonDevil333333/molt-cipher-bridge)
+- **Philosophy**: [SOUL.md](./SOUL.md)
+---
+*Developed by Clawdy & Satyaa* 🦞✨

{molt_cipher_bridge-1.3.0 → molt_cipher_bridge-1.4.2}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "molt-cipher-bridge"
-version = "1.3.0"
+version = "1.4.2"
 authors = [
   { name="Satyaa & Clawdy", email="clawdy@openclaw.ai" },
 ]

molt_cipher_bridge-1.4.2/src/molt_cipher_bridge.egg-info/PKG-INFO ADDED Viewed

@@ -0,0 +1,189 @@
+Metadata-Version: 2.4
+Name: molt-cipher-bridge
+Version: 1.4.2
+Summary: A cryptographic standard for secure Agent-to-Agent (A2A) communication.
+Author-email: Satyaa & Clawdy <clawdy@openclaw.ai>
+License: MIT
+Project-URL: Homepage, https://github.com/CrimsonDevil333333/molt-cipher-bridge
+Project-URL: Bug Tracker, https://github.com/CrimsonDevil333333/molt-cipher-bridge/issues
+Classifier: Programming Language :: Python :: 3
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: cryptography>=42.0.0
+Dynamic: license-file
+# 🦞 Molt-Cipher-Bridge (v1.4.2)
+[![PyPI version](https://img.shields.io/pypi/v/molt-cipher-bridge.svg)](https://pypi.org/project/molt-cipher-bridge/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+**Molt-Cipher-Bridge** is a cryptographic standard designed for secure **Agent-to-Agent (A2A)** communication and "Sealed Intents." It enables task fragments to be encrypted at the source and decrypted only at the execution destination, keeping sensitive logic entirely out of persistent logs.
+---
+## 🛡️ The Zero-Log Protocol (MANDATORY)
+We operate on a **Zero-Trust Policy**. Agents must never handle plaintext secrets in command arguments or shell history.
+### 1. Zero-Trust Sealing (Sender)
+**NEVER use `echo "SECRET" > file` to create secret files.** This leaves the secret permanently in your shell history (`.bash_history`) and system logs.
+**The Secure Workflow:**
+1.  **Request from Human**: If you need a new secret, define a file path and ask your human to manually place the secret data (JSON, .env, or plain text) there.
+2.  **Point to File**: Use the `--file` flag to seal the intent directly from that path.
+3.  **Purge with Caution**:
+    *   **Temp Files**: If you created a one-time temporary file, delete it immediately after sealing.
+    *   **System/Important Configs**: **NEVER** delete system files, user configurations, or important `.env` files that were already present.
+```bash
+# Seal secrets from a file manually placed by the human
+molt-cipher seal --key "$KEY" --sender "Orchestrator" --to "Worker" --file ./secrets.json
+```
+### 2. Zero-Log Execution (Worker)
+**Never print unsealed secrets.** Use the `run` command to inject them directly into RAM via environment variables or templates.
+```bash
+# Standard ENV injection ($VAR)
+molt-cipher run --key "$KEY" --fragment "$FRAG" --cmd "echo \$SECRET_VAL"
+# Direct Argument Injection ({VAR})
+molt-cipher run --key "$KEY" --fragment "$FRAG" --cmd "python3 api.py --key {API_KEY}"
+```
+---
+## ⚡ Quick Start for Agents
+Bootstrap your environment, install the tool, and learn the protocol:
+```bash
+curl -sSL https://raw.githubusercontent.com/CrimsonDevil333333/molt-cipher-bridge/master/bootstrap_agent.sh | bash
+```
+---
+## 🚀 Installation
+### 🛠️ Linux (Recommended)
+Use `pipx` to install as a standalone CLI tool without environment conflicts:
+```bash
+pipx install molt-cipher-bridge
+```
+### 📦 Standard Pip
+```bash
+pip install molt-cipher-bridge
+```
+---
+## 🛠️ Usage Examples
+### 🔑 1. Generating a Shared Key
+Agents must share a key (passed via secure channel or human handoff) to communicate.
+```bash
+# Generate a secure Fernet key
+python3 -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
+```
+### 🧪 2. Generating Samples
+Bots can ask users for secrets by providing a template:
+```bash
+# Generate an .env template
+molt-cipher sample --type env --out secrets.sample
+# Generate a JSON template
+molt-cipher sample --type json --out secrets.sample
+```
+### 🔐 3. Sealing Different File Types
+```bash
+# Seal a .env file (parsed automatically by 'run')
+molt-cipher seal --key "$KEY" --sender "A" --to "B" --file .env
+# Seal a binary file (e.g., an SSH key)
+molt-cipher seal --key "$KEY" --sender "A" --to "B" --file id_rsa --binary
+```
+### ⚡ 4. Selective Running (Least Privilege)
+Only expose specific secrets to a command, even if the fragment contains many:
+```bash
+# Only inject DB_URL and DB_USER
+molt-cipher run --key "$KEY" --fragment "$FRAG" --pick "DB_URL,DB_USER" --cmd "psql {DB_URL}"
+```
+### 🔓 5. Unsealing to File
+Restore the original file content securely:
+```bash
+molt-cipher unseal --key "$KEY" --fragment "$FRAG" --out restored_key.pem
+```
+---
+## 📖 Full CLI Reference
+### `seal`
+Encrypts data into a JSON fragment.
+- `--key`: (Required) 32-byte base64-encoded Fernet key.
+- `--sender`: (Required) ID of the sending agent.
+- `--to`: (Required) ID of the recipient agent.
+- `--file`: Path to file containing secrets (LOG-SAFE).
+- `--data`: Raw JSON/String data (⚠️ LEAKS IN LOGS).
+- `--ttl`: Time-to-Live in seconds (Default: 300).
+- `--binary`: Treat input as raw binary (required for keys/blobs).
+### `unseal`
+Decrypts and retrieves the content of a fragment.
+- `--key`: (Required) The shared Fernet key.
+- `--fragment`: (Required) JSON fragment string or path to fragment file.
+- `--out`: Write output directly to this file path.
+- `--ignore-expiry`: Bypass TTL check (Debug only).
+### `run`
+Executes a command with secrets injected into the ephemeral environment.
+- `--key`: (Required) The shared Fernet key.
+- `--fragment`: (Required) JSON fragment string or path to fragment file.
+- `--cmd`: (Required) The shell command to execute.
+- `--pick`: Comma-separated list of keys to inject.
+- `--ignore-expiry`: Bypass TTL check.
+### `sample`
+Creates boilerplate secret files.
+- `--type`: `env` or `json`.
+- `--out`: Destination file path.
+---
+## 🧪 Real-World Agent Scenarios
+### Scenario: Secure API Deployment (Verified 2026-02-06)
+1.  **Preparation**: Human creates `prod.env` with `API_KEY` and `DB_URL`.
+2.  **Sealing**: Orchestrator runs `molt-cipher seal --file prod.env` and sends the fragment to the Deployer agent.
+3.  **Deployment**: Deployer agent runs `molt-cipher run --cmd "docker-compose up -d"` using the fragment.
+4.  **Result**: Secrets were never logged in the Orchestrator's trace or the host's `.bash_history`.
+### Scenario: Multi-Agent Handoff (Verified 2026-02-06)
+1. **Goal**: Pass a GitHub Token from Orchestrator to Worker.
+2. **Workflow**:
+   - Orchestrator seals the token into a fragment.
+   - Worker bootstraps using `bootstrap_agent.sh`.
+   - Worker executes `molt-cipher run --fragment fragment.json --cmd "echo \$GH_TOKEN"` (or use `{GH_TOKEN}` template).
+3. **Success**: Worker accessed the secret in ephemeral RAM; zero plaintext in chat or system logs.
+---
+## 🧠 Permanent Agent Memory
+1.  **No `echo`**: Plaintext secrets in shell history = Critical Failure.
+2.  **Handoff**: Human File -> Seal `--file` -> Selective Purge (Temp only).
+3.  **Running**: Fragment -> Run -> RAM Injection (`$VAR` or `{VAR}`).
+4.  **Integrity**: Never delete files you didn't create or important system configs.
+---
+## 🔗 Links
+- **PyPI**: [https://pypi.org/project/molt-cipher-bridge/](https://pypi.org/project/molt-cipher-bridge/)
+- **Source**: [https://github.com/CrimsonDevil333333/molt-cipher-bridge](https://github.com/CrimsonDevil333333/molt-cipher-bridge)
+- **Philosophy**: [SOUL.md](./SOUL.md)
+---
+*Developed by Clawdy & Satyaa* 🦞✨

molt_cipher_bridge-1.4.2/src/molt_cipher_bridge.py ADDED Viewed

@@ -0,0 +1,251 @@
+import json
+import time
+import os
+import hashlib
+import subprocess
+import base64
+from cryptography.fernet import Fernet
+from datetime import datetime, timedelta
+class MoltCipherBridge:
+    """
+    🦞 MOLT-CIPHER-BRIDGE | v1.4.0 (Enhanced)
+    -------------------------------------------
+    Agent-to-Agent (A2A) cryptographic protocol for passing 'Sealed Intents'.
+    Ensures zero-log context by encrypting sensitive task data at source.
+    """
+    def __init__(self, shared_key=None):
+        if isinstance(shared_key, str):
+            shared_key = shared_key.encode()
+        self.key = shared_key or Fernet.generate_key()
+        self.cipher = Fernet(self.key)
+    def seal_intent(self, sender_id, recipient_id, intent_data, ttl_seconds=300, multipart=None, binary=False):
+        """
+        Seal data. If binary is True, intent_data should be bytes or base64 string.
+        """
+        is_raw_bytes = False
+        if binary:
+            if isinstance(intent_data, bytes):
+                intent_data = base64.b64encode(intent_data).decode()
+                is_raw_bytes = True
+            elif isinstance(intent_data, str):
+                # Assume already b64 or just treat as string
+                pass
+        payload = {
+            "s": sender_id,
+            "r": recipient_id,
+            "d": intent_data,
+            "exp": (datetime.now() + timedelta(seconds=ttl_seconds)).timestamp(),
+            "sig": hashlib.sha256(f"{sender_id}:{recipient_id}".encode()).hexdigest()[:16],
+            "bin": binary,
+            "raw": is_raw_bytes
+        }
+        if multipart: payload["part"] = multipart
+        sealed = self.cipher.encrypt(json.dumps(payload).encode())
+        return {
+            "v": "1.4.0",
+            "fid": f"frag_{os.urandom(4).hex()}",
+            "payload": sealed.decode(),
+            "hint": self.key.decode()[:8],
+            "signed": True
+        }
+    def unseal_intent(self, fragment, ignore_expiry=False):
+        try:
+            decrypted = self.cipher.decrypt(fragment["payload"].encode())
+            data = json.loads(decrypted)
+            if not ignore_expiry and datetime.now().timestamp() > data["exp"]:
+                return {"success": False, "error": "FRAGMENT_EXPIRED"}
+            intent = data["d"]
+            if data.get("bin") and data.get("raw"):
+                intent = base64.b64decode(intent)
+            return {
+                "success": True,
+                "sender": data["s"],
+                "recipient": data["r"],
+                "intent": intent,
+                "multipart": data.get("part", None),
+                "is_binary": data.get("bin", False)
+            }
+        except Exception as e:
+            return {"success": False, "error": str(e)}
+    def execute_sealed_command(self, fragment, command_template, ignore_expiry=False, pick=None):
+        result = self.unseal_intent(fragment, ignore_expiry=ignore_expiry)
+        if not result["success"]:
+            return result
+        intent = result["intent"]
+        env = os.environ.copy()
+        extracted_secrets = {}
+        # If it's a dict, extract secrets
+        if isinstance(intent, dict):
+            extracted_secrets = intent.get("secrets", intent)
+        # If it's a string and looks like env file, parse it
+        elif isinstance(intent, str):
+            for line in intent.splitlines():
+                if "=" in line and not line.strip().startswith("#"):
+                    k, v = line.split("=", 1)
+                    extracted_secrets[k.strip()] = v.strip().strip("'\"")
+        # Filtering logic
+        pick_list = [p.strip() for p in pick.split(",")] if pick else None
+        for k, v in extracted_secrets.items():
+            if pick_list is None or k in pick_list:
+                env[str(k)] = str(v)
+        try:
+            # Command template replacement logic
+            final_command = command_template
+            for k, v in env.items():
+                placeholder = f"{{{k}}}"
+                if placeholder in final_command:
+                    final_command = final_command.replace(placeholder, str(v))
+            process = subprocess.run(
+                final_command,
+                shell=True,
+                env=env,
+                capture_output=True,
+                text=True
+            )
+            return {
+                "success": True,
+                "stdout": process.stdout,
+                "stderr": process.stderr,
+                "exit_code": process.returncode
+            }
+        except Exception as e:
+            return {"success": False, "error": f"Execution failed: {str(e)}"}
+    @staticmethod
+    def generate_shared_key():
+        return Fernet.generate_key().decode()
+def cli():
+    import argparse
+    parser = argparse.ArgumentParser(description="🦞 Molt-Cipher-Bridge CLI (v1.4.0)")
+    subparsers = parser.add_subparsers(dest="command")
+    # Seal
+    seal_p = subparsers.add_parser("seal")
+    seal_p.add_argument("--key", required=True)
+    seal_p.add_argument("--sender", required=True)
+    seal_p.add_argument("--to", required=True)
+    seal_p.add_argument("--data", help="Plain text or JSON string")
+    seal_p.add_argument("--file", help="Path to any file (JSON, .env, binary, etc.)")
+    seal_p.add_argument("--ttl", type=int, default=300)
+    seal_p.add_argument("--binary", action="store_true", help="Treat file as binary data")
+    # Unseal
+    unseal_p = subparsers.add_parser("unseal")
+    unseal_p.add_argument("--key", required=True)
+    unseal_p.add_argument("--fragment", required=True)
+    unseal_p.add_argument("--ignore-expiry", action="store_true")
+    unseal_p.add_argument("--out", help="Write unsealed intent to this file")
+    # Run
+    run_p = subparsers.add_parser("run")
+    run_p.add_argument("--key", required=True)
+    run_p.add_argument("--fragment", required=True)
+    run_p.add_argument("--cmd", required=True)
+    run_p.add_argument("--ignore-expiry", action="store_true")
+    run_p.add_argument("--pick", help="Comma-separated list of keys to inject (default: all)")
+    # Sample
+    sample_p = subparsers.add_parser("sample")
+    sample_p.add_argument("--type", choices=["json", "env"], default="json")
+    sample_p.add_argument("--out", default="secrets.sample")
+    args = parser.parse_args()
+    if args.command == "seal":
+        bridge = MoltCipherBridge(shared_key=args.key)
+        intent_data = None
+        is_binary = args.binary
+        if args.file:
+            if not os.path.exists(args.file):
+                print(json.dumps({"success": False, "error": f"File not found: {args.file}"}))
+                return
+            mode = 'rb' if is_binary else 'r'
+            with open(args.file, mode) as f:
+                if is_binary:
+                    intent_data = f.read()
+                else:
+                    content = f.read()
+                    try:
+                        intent_data = json.loads(content)
+                    except:
+                        intent_data = content
+        elif args.data:
+            try: intent_data = json.loads(args.data)
+            except: intent_data = args.data
+        else:
+            print(json.dumps({"success": False, "error": "Must provide --data or --file"}))
+            return
+        print(json.dumps(bridge.seal_intent(args.sender, args.to, intent_data, ttl_seconds=args.ttl, binary=is_binary)))
+    elif args.command == "unseal":
+        bridge = MoltCipherBridge(shared_key=args.key)
+        try:
+            frag = json.loads(args.fragment)
+        except:
+            if os.path.exists(args.fragment):
+                with open(args.fragment, 'r') as f:
+                    frag = json.load(f)
+            else:
+                raise
+        result = bridge.unseal_intent(frag, ignore_expiry=args.ignore_expiry)
+        if args.out and result["success"]:
+            mode = 'wb' if isinstance(result["intent"], bytes) else 'w'
+            with open(args.out, mode) as f:
+                if isinstance(result["intent"], (dict, list)):
+                    f.write(json.dumps(result["intent"], indent=2))
+                else:
+                    f.write(result["intent"])
+            result["saved_to"] = args.out
+        # For JSON output, if intent is bytes, b64 encode it
+        if result["success"] and isinstance(result["intent"], bytes):
+            result["intent"] = base64.b64encode(result["intent"]).decode()
+        print(json.dumps(result))
+    elif args.command == "run":
+        bridge = MoltCipherBridge(shared_key=args.key)
+        try:
+            frag = json.loads(args.fragment)
+        except:
+            if os.path.exists(args.fragment):
+                with open(args.fragment, 'r') as f:
+                    frag = json.load(f)
+            else:
+                raise
+        print(json.dumps(bridge.execute_sealed_command(frag, args.cmd, ignore_expiry=args.ignore_expiry, pick=args.pick)))
+    elif args.command == "sample":
+        if args.type == "json":
+            content = json.dumps({"API_KEY": "your_key_here", "DB_PASSWORD": "secret_password"}, indent=2)
+        else:
+            content = "API_KEY=your_key_here\nDB_PASSWORD=secret_password\n"
+        with open(args.out, 'w') as f:
+            f.write(content)
+        print(json.dumps({"success": True, "file": args.out, "type": args.type}))
+if __name__ == "__main__":
+    cli()

molt_cipher_bridge-1.3.0/PKG-INFO DELETED Viewed

@@ -1,121 +0,0 @@
-Metadata-Version: 2.4
-Name: molt-cipher-bridge
-Version: 1.3.0
-Summary: A cryptographic standard for secure Agent-to-Agent (A2A) communication.
-Author-email: Satyaa & Clawdy <clawdy@openclaw.ai>
-License: MIT
-Project-URL: Homepage, https://github.com/CrimsonDevil333333/molt-cipher-bridge
-Project-URL: Bug Tracker, https://github.com/CrimsonDevil333333/molt-cipher-bridge/issues
-Classifier: Programming Language :: Python :: 3
-Classifier: Operating System :: OS Independent
-Requires-Python: >=3.8
-Description-Content-Type: text/markdown
-License-File: LICENSE
-Requires-Dist: cryptography>=42.0.0
-Dynamic: license-file
-# 🦞 Molt-Cipher-Bridge | v1.2.0
-[![PyPI version](https://img.shields.io/pypi/v/molt-cipher-bridge.svg)](https://pypi.org/project/molt-cipher-bridge/)
-[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
-**Molt-Cipher-Bridge** is a cryptographic standard designed for secure **Agent-to-Agent (A2A)** communication. It enables "Sealed Intents"—task fragments that are encrypted at the source and decrypted only at the execution destination, keeping sensitive logic out of persistent orchestrator logs.
----
-## 🛡️ The Problem: The Observer Paradox
-In multi-agent systems, the central orchestrator typically logs all instructions. This creates a security liability when sub-agents require sensitive context (credentials, private IPs, or restricted logic).
-**Molt-Cipher-Bridge** solves this by providing an "Opaque Handshake":
-1. **Agents** share a temporary key (Whisper).
-2. **Intents** are sealed into fragments.
-3. **Logs** only show cryptographic noise.
-4. **Worker Agents** execute tasks in isolated memory without plaintext leaks.
----
-## 🚀 Installation
-### Global (Recommended)
-Install the CLI and library globally via PyPI:
-```bash
-pip install molt-cipher-bridge
-```
----
-## ⚙️ How It Works (Deep Dive)
-### 1. The Whisper (Key Exchange)
-Before agents can bridge intents, they must share a symmetric key. This is typically done via a one-time "Whisper" message or retrieved from a secure secret store.
-```python
-from molt_cipher_bridge import MoltCipherBridge
-key = MoltCipherBridge.generate_shared_key()
-# "j6Jc8MPldurpErwl6VYatp-dTunR3Xrioo1NWiNk4w8="
-```
-### 2. The Sealing (Encryption)
-The Sender Agent encrypts the payload using the shared key. The payload includes:
-- **s**: Sender ID
-- **r**: Recipient ID
-- **d**: Data (The Intent)
-- **exp**: Expiry timestamp (TTL)
-- **sig**: SHA-256 signature hint
-### 3. The Unsealing (Zero-Log Execution)
-The Recipient Agent receives the fragment. Instead of unsealing to a string (which might get logged), it uses the `run` capability to inject secrets directly into a subprocess environment. This ensures that the plaintext secret **exists only in RAM** and never touches the disk or the chat logs.
----
-## 🛠️ CLI Command Reference
-### 🔐 Seal an Intent
-Package sensitive data into an encrypted JSON fragment.
-```bash
-molt-cipher seal \
-  --key "YOUR_KEY" \
-  --sender "Main" \
-  --to "Worker" \
-  --data '{"secrets": {"DB_PASSWORD": "my-ultra-secret"}}'
-```
-### 🔓 Unseal (Decrypt)
-Decodes the fragment and validates integrity/expiry.
-```bash
-molt-cipher unseal --key "YOUR_KEY" --fragment '{"v": "1.2.0", ...}'
-```
-### ⚡ Run (Secure Execution)
-Directly executes a command by injecting sealed secrets into the environment.
-```bash
-# Use $ to escape variable names so they are resolved INSIDE the bridge
-molt-cipher run \
-  --key "YOUR_KEY" \
-  --fragment 'FRAGMENT_JSON' \
-  --cmd "curl -H 'Auth: $DB_PASSWORD' https://api.internal"
-```
----
-## ✨ Features
-- **Zero-Log Execution**: Pass secrets via ENV variables to child processes.
-- **Fernet (AES-128-CBC + HMAC)**: Standard, authenticated encryption.
-- **TTL Security**: Automatic fragment expiration (default 5 mins).
-- **Key Hinting**: Quickly verify keys with the 8-char `hint` field.
-- **Multipart Support**: Split a single intent across multiple agents.
----
-## 🧪 Verified Test Scenarios
-Live-tested between a Main Agent and a Sub-Agent on **2026-02-06**.
-- **Case**: Passing DB credentials via "Sealed Intent" and executing a migration.
-- **Result**: Sub-agent successfully unsealed and executed the task; orchestrator logs only showed the encrypted blob.
----
-## 🔗 Links
-- **PyPI**: [https://pypi.org/project/molt-cipher-bridge/](https://pypi.org/project/molt-cipher-bridge/)
-- **Source**: [https://github.com/CrimsonDevil333333/molt-cipher-bridge](https://github.com/CrimsonDevil333333/molt-cipher-bridge)
----
-*Developed by Clawdy & Satyaa*

molt_cipher_bridge-1.3.0/README.md DELETED Viewed

@@ -1,105 +0,0 @@
-# 🦞 Molt-Cipher-Bridge | v1.2.0
-[![PyPI version](https://img.shields.io/pypi/v/molt-cipher-bridge.svg)](https://pypi.org/project/molt-cipher-bridge/)
-[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
-**Molt-Cipher-Bridge** is a cryptographic standard designed for secure **Agent-to-Agent (A2A)** communication. It enables "Sealed Intents"—task fragments that are encrypted at the source and decrypted only at the execution destination, keeping sensitive logic out of persistent orchestrator logs.
----
-## 🛡️ The Problem: The Observer Paradox
-In multi-agent systems, the central orchestrator typically logs all instructions. This creates a security liability when sub-agents require sensitive context (credentials, private IPs, or restricted logic).
-**Molt-Cipher-Bridge** solves this by providing an "Opaque Handshake":
-1. **Agents** share a temporary key (Whisper).
-2. **Intents** are sealed into fragments.
-3. **Logs** only show cryptographic noise.
-4. **Worker Agents** execute tasks in isolated memory without plaintext leaks.
----
-## 🚀 Installation
-### Global (Recommended)
-Install the CLI and library globally via PyPI:
-```bash
-pip install molt-cipher-bridge
-```
----
-## ⚙️ How It Works (Deep Dive)
-### 1. The Whisper (Key Exchange)
-Before agents can bridge intents, they must share a symmetric key. This is typically done via a one-time "Whisper" message or retrieved from a secure secret store.
-```python
-from molt_cipher_bridge import MoltCipherBridge
-key = MoltCipherBridge.generate_shared_key()
-# "j6Jc8MPldurpErwl6VYatp-dTunR3Xrioo1NWiNk4w8="
-```
-### 2. The Sealing (Encryption)
-The Sender Agent encrypts the payload using the shared key. The payload includes:
-- **s**: Sender ID
-- **r**: Recipient ID
-- **d**: Data (The Intent)
-- **exp**: Expiry timestamp (TTL)
-- **sig**: SHA-256 signature hint
-### 3. The Unsealing (Zero-Log Execution)
-The Recipient Agent receives the fragment. Instead of unsealing to a string (which might get logged), it uses the `run` capability to inject secrets directly into a subprocess environment. This ensures that the plaintext secret **exists only in RAM** and never touches the disk or the chat logs.
----
-## 🛠️ CLI Command Reference
-### 🔐 Seal an Intent
-Package sensitive data into an encrypted JSON fragment.
-```bash
-molt-cipher seal \
-  --key "YOUR_KEY" \
-  --sender "Main" \
-  --to "Worker" \
-  --data '{"secrets": {"DB_PASSWORD": "my-ultra-secret"}}'
-```
-### 🔓 Unseal (Decrypt)
-Decodes the fragment and validates integrity/expiry.
-```bash
-molt-cipher unseal --key "YOUR_KEY" --fragment '{"v": "1.2.0", ...}'
-```
-### ⚡ Run (Secure Execution)
-Directly executes a command by injecting sealed secrets into the environment.
-```bash
-# Use $ to escape variable names so they are resolved INSIDE the bridge
-molt-cipher run \
-  --key "YOUR_KEY" \
-  --fragment 'FRAGMENT_JSON' \
-  --cmd "curl -H 'Auth: $DB_PASSWORD' https://api.internal"
-```
----
-## ✨ Features
-- **Zero-Log Execution**: Pass secrets via ENV variables to child processes.
-- **Fernet (AES-128-CBC + HMAC)**: Standard, authenticated encryption.
-- **TTL Security**: Automatic fragment expiration (default 5 mins).
-- **Key Hinting**: Quickly verify keys with the 8-char `hint` field.
-- **Multipart Support**: Split a single intent across multiple agents.
----
-## 🧪 Verified Test Scenarios
-Live-tested between a Main Agent and a Sub-Agent on **2026-02-06**.
-- **Case**: Passing DB credentials via "Sealed Intent" and executing a migration.
-- **Result**: Sub-agent successfully unsealed and executed the task; orchestrator logs only showed the encrypted blob.
----
-## 🔗 Links
-- **PyPI**: [https://pypi.org/project/molt-cipher-bridge/](https://pypi.org/project/molt-cipher-bridge/)
-- **Source**: [https://github.com/CrimsonDevil333333/molt-cipher-bridge](https://github.com/CrimsonDevil333333/molt-cipher-bridge)
----
-*Developed by Clawdy & Satyaa*

molt_cipher_bridge-1.3.0/src/molt_cipher_bridge.egg-info/PKG-INFO DELETED Viewed

@@ -1,121 +0,0 @@
-Metadata-Version: 2.4
-Name: molt-cipher-bridge
-Version: 1.3.0
-Summary: A cryptographic standard for secure Agent-to-Agent (A2A) communication.
-Author-email: Satyaa & Clawdy <clawdy@openclaw.ai>
-License: MIT
-Project-URL: Homepage, https://github.com/CrimsonDevil333333/molt-cipher-bridge
-Project-URL: Bug Tracker, https://github.com/CrimsonDevil333333/molt-cipher-bridge/issues
-Classifier: Programming Language :: Python :: 3
-Classifier: Operating System :: OS Independent
-Requires-Python: >=3.8
-Description-Content-Type: text/markdown
-License-File: LICENSE
-Requires-Dist: cryptography>=42.0.0
-Dynamic: license-file
-# 🦞 Molt-Cipher-Bridge | v1.2.0
-[![PyPI version](https://img.shields.io/pypi/v/molt-cipher-bridge.svg)](https://pypi.org/project/molt-cipher-bridge/)
-[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
-**Molt-Cipher-Bridge** is a cryptographic standard designed for secure **Agent-to-Agent (A2A)** communication. It enables "Sealed Intents"—task fragments that are encrypted at the source and decrypted only at the execution destination, keeping sensitive logic out of persistent orchestrator logs.
----
-## 🛡️ The Problem: The Observer Paradox
-In multi-agent systems, the central orchestrator typically logs all instructions. This creates a security liability when sub-agents require sensitive context (credentials, private IPs, or restricted logic).
-**Molt-Cipher-Bridge** solves this by providing an "Opaque Handshake":
-1. **Agents** share a temporary key (Whisper).
-2. **Intents** are sealed into fragments.
-3. **Logs** only show cryptographic noise.
-4. **Worker Agents** execute tasks in isolated memory without plaintext leaks.
----
-## 🚀 Installation
-### Global (Recommended)
-Install the CLI and library globally via PyPI:
-```bash
-pip install molt-cipher-bridge
-```
----
-## ⚙️ How It Works (Deep Dive)
-### 1. The Whisper (Key Exchange)
-Before agents can bridge intents, they must share a symmetric key. This is typically done via a one-time "Whisper" message or retrieved from a secure secret store.
-```python
-from molt_cipher_bridge import MoltCipherBridge
-key = MoltCipherBridge.generate_shared_key()
-# "j6Jc8MPldurpErwl6VYatp-dTunR3Xrioo1NWiNk4w8="
-```
-### 2. The Sealing (Encryption)
-The Sender Agent encrypts the payload using the shared key. The payload includes:
-- **s**: Sender ID
-- **r**: Recipient ID
-- **d**: Data (The Intent)
-- **exp**: Expiry timestamp (TTL)
-- **sig**: SHA-256 signature hint
-### 3. The Unsealing (Zero-Log Execution)
-The Recipient Agent receives the fragment. Instead of unsealing to a string (which might get logged), it uses the `run` capability to inject secrets directly into a subprocess environment. This ensures that the plaintext secret **exists only in RAM** and never touches the disk or the chat logs.
----
-## 🛠️ CLI Command Reference
-### 🔐 Seal an Intent
-Package sensitive data into an encrypted JSON fragment.
-```bash
-molt-cipher seal \
-  --key "YOUR_KEY" \
-  --sender "Main" \
-  --to "Worker" \
-  --data '{"secrets": {"DB_PASSWORD": "my-ultra-secret"}}'
-```
-### 🔓 Unseal (Decrypt)
-Decodes the fragment and validates integrity/expiry.
-```bash
-molt-cipher unseal --key "YOUR_KEY" --fragment '{"v": "1.2.0", ...}'
-```
-### ⚡ Run (Secure Execution)
-Directly executes a command by injecting sealed secrets into the environment.
-```bash
-# Use $ to escape variable names so they are resolved INSIDE the bridge
-molt-cipher run \
-  --key "YOUR_KEY" \
-  --fragment 'FRAGMENT_JSON' \
-  --cmd "curl -H 'Auth: $DB_PASSWORD' https://api.internal"
-```
----
-## ✨ Features
-- **Zero-Log Execution**: Pass secrets via ENV variables to child processes.
-- **Fernet (AES-128-CBC + HMAC)**: Standard, authenticated encryption.
-- **TTL Security**: Automatic fragment expiration (default 5 mins).
-- **Key Hinting**: Quickly verify keys with the 8-char `hint` field.
-- **Multipart Support**: Split a single intent across multiple agents.
----
-## 🧪 Verified Test Scenarios
-Live-tested between a Main Agent and a Sub-Agent on **2026-02-06**.
-- **Case**: Passing DB credentials via "Sealed Intent" and executing a migration.
-- **Result**: Sub-agent successfully unsealed and executed the task; orchestrator logs only showed the encrypted blob.
----
-## 🔗 Links
-- **PyPI**: [https://pypi.org/project/molt-cipher-bridge/](https://pypi.org/project/molt-cipher-bridge/)
-- **Source**: [https://github.com/CrimsonDevil333333/molt-cipher-bridge](https://github.com/CrimsonDevil333333/molt-cipher-bridge)
----
-*Developed by Clawdy & Satyaa*

molt_cipher_bridge-1.3.0/src/molt_cipher_bridge.py DELETED Viewed

@@ -1,151 +0,0 @@
-import json
-import time
-import os
-import hashlib
-import subprocess
-from cryptography.fernet import Fernet
-from datetime import datetime, timedelta
-class MoltCipherBridge:
-    """
-    🦞 MOLT-CIPHER-BRIDGE | v1.3.0 (Production)
-    -------------------------------------------
-    Agent-to-Agent (A2A) cryptographic protocol for passing 'Sealed Intents'.
-    Ensures zero-log context by encrypting sensitive task data at source.
-    """
-    def __init__(self, shared_key=None):
-        if isinstance(shared_key, str):
-            shared_key = shared_key.encode()
-        self.key = shared_key or Fernet.generate_key()
-        self.cipher = Fernet(self.key)
-    def seal_intent(self, sender_id, recipient_id, intent_data, ttl_seconds=300, multipart=None):
-        payload = {
-            "s": sender_id,
-            "r": recipient_id,
-            "d": intent_data,
-            "exp": (datetime.now() + timedelta(seconds=ttl_seconds)).timestamp(),
-            "sig": hashlib.sha256(f"{sender_id}:{recipient_id}".encode()).hexdigest()[:16]
-        }
-        if multipart: payload["part"] = multipart
-        sealed = self.cipher.encrypt(json.dumps(payload).encode())
-        return {
-            "v": "1.3.0",
-            "fid": f"frag_{os.urandom(4).hex()}",
-            "payload": sealed.decode(),
-            "hint": self.key.decode()[:8],
-            "signed": True
-        }
-    def unseal_intent(self, fragment, ignore_expiry=False):
-        try:
-            decrypted = self.cipher.decrypt(fragment["payload"].encode())
-            data = json.loads(decrypted)
-            if not ignore_expiry and datetime.now().timestamp() > data["exp"]:
-                return {"success": False, "error": "FRAGMENT_EXPIRED"}
-            return {
-                "success": True,
-                "sender": data["s"],
-                "recipient": data["r"],
-                "intent": data["d"],
-                "multipart": data.get("part", None)
-            }
-        except Exception as e:
-            return {"success": False, "error": str(e)}
-    def execute_sealed_command(self, fragment, command_template, ignore_expiry=False):
-        result = self.unseal_intent(fragment, ignore_expiry=ignore_expiry)
-        if not result["success"]:
-            return result
-        intent = result["intent"]
-        secrets = intent.get("secrets", {})
-        env = os.environ.copy()
-        for k, v in secrets.items():
-            env[k] = str(v)
-        try:
-            process = subprocess.run(
-                command_template,
-                shell=True,
-                env=env,
-                capture_output=True,
-                text=True
-            )
-            return {
-                "success": True,
-                "stdout": process.stdout,
-                "stderr": process.stderr,
-                "exit_code": process.returncode
-            }
-        except Exception as e:
-            return {"success": False, "error": f"Execution failed: {str(e)}"}
-    @staticmethod
-    def generate_shared_key():
-        return Fernet.generate_key().decode()
-def cli():
-    import argparse
-    parser = argparse.ArgumentParser(description="🦞 Molt-Cipher-Bridge CLI")
-    subparsers = parser.add_subparsers(dest="command")
-    # Seal
-    seal_p = subparsers.add_parser("seal")
-    seal_p.add_argument("--key", required=True)
-    seal_p.add_argument("--sender", required=True)
-    seal_p.add_argument("--to", required=True)
-    seal_p.add_argument("--data", help="JSON string data (LEAKS IN LOGS)")
-    seal_p.add_argument("--file", help="Path to a JSON file containing secrets (LOG-SAFE)")
-    seal_p.add_argument("--ttl", type=int, default=300)
-    # Unseal
-    unseal_p = subparsers.add_parser("unseal")
-    unseal_p.add_argument("--key", required=True)
-    unseal_p.add_argument("--fragment", required=True)
-    unseal_p.add_argument("--ignore-expiry", action="store_true")
-    # Run
-    run_p = subparsers.add_parser("run")
-    run_p.add_argument("--key", required=True)
-    run_p.add_argument("--fragment", required=True)
-    run_p.add_argument("--cmd", required=True)
-    run_p.add_argument("--ignore-expiry", action="store_true")
-    args = parser.parse_args()
-    if args.command == "seal":
-        bridge = MoltCipherBridge(shared_key=args.key)
-        intent_data = None
-        if args.file:
-            if not os.path.exists(args.file):
-                print(json.dumps({"success": False, "error": f"File not found: {args.file}"}))
-                return
-            with open(args.file, 'r') as f:
-                try:
-                    intent_data = json.load(f)
-                except:
-                    f.seek(0)
-                    intent_data = f.read().strip()
-        elif args.data:
-            try: intent_data = json.loads(args.data)
-            except: intent_data = args.data
-        else:
-            print(json.dumps({"success": False, "error": "Must provide --data or --file"}))
-            return
-        print(json.dumps(bridge.seal_intent(args.sender, args.to, intent_data, ttl_seconds=args.ttl)))
-    elif args.command == "unseal":
-        bridge = MoltCipherBridge(shared_key=args.key)
-        print(json.dumps(bridge.unseal_intent(json.loads(args.fragment), ignore_expiry=args.ignore_expiry)))
-    elif args.command == "run":
-        bridge = MoltCipherBridge(shared_key=args.key)
-        print(json.dumps(bridge.execute_sealed_command(json.loads(args.fragment), args.cmd, ignore_expiry=args.ignore_expiry)))
-if __name__ == "__main__":
-    cli()

{molt_cipher_bridge-1.3.0 → molt_cipher_bridge-1.4.2}/LICENSE RENAMED Viewed

File without changes

{molt_cipher_bridge-1.3.0 → molt_cipher_bridge-1.4.2}/setup.cfg RENAMED Viewed

File without changes

{molt_cipher_bridge-1.3.0 → molt_cipher_bridge-1.4.2}/src/molt_cipher_bridge.egg-info/SOURCES.txt RENAMED Viewed

File without changes

{molt_cipher_bridge-1.3.0 → molt_cipher_bridge-1.4.2}/src/molt_cipher_bridge.egg-info/dependency_links.txt RENAMED Viewed

File without changes

{molt_cipher_bridge-1.3.0 → molt_cipher_bridge-1.4.2}/src/molt_cipher_bridge.egg-info/entry_points.txt RENAMED Viewed

File without changes

{molt_cipher_bridge-1.3.0 → molt_cipher_bridge-1.4.2}/src/molt_cipher_bridge.egg-info/requires.txt RENAMED Viewed

File without changes

{molt_cipher_bridge-1.3.0 → molt_cipher_bridge-1.4.2}/src/molt_cipher_bridge.egg-info/top_level.txt RENAMED Viewed

File without changes

molt-cipher-bridge 1.3.0__tar.gz → 1.4.2__tar.gz

molt-cipher-bridge 1.3.0tar.gz → 1.4.2tar.gz