opentrust-sdk 1.0.0__py3-none-any.whl

opentrust/__init__.py

@@ -0,0 +1,85 @@
+"""opentrust — Python SDK for the OpenTrust tool trust registry."""
+from __future__ import annotations
+
+import asyncio
+
+from ._client import _Client
+from ._recommend import TRUST_LEVELS, recommend, risk_level
+from ._types import ToolsPage, VerifyResult
+
+__version__ = "0.1.0"
+__all__ = [
+    "verify", "get", "search", "list",
+    "verify_sync", "get_sync",
+    "VerifyResult", "ToolsPage",
+]
+
+
+def _build_result(passport: dict) -> VerifyResult:
+    status = passport.get("trust_status", "auto_generated_draft")
+    level = TRUST_LEVELS.get(status, 1)
+    perms = passport.get("permission_manifest") or {}
+    return VerifyResult(
+        slug=passport["slug"],
+        trust_status=status,
+        trust_level=level,
+        is_disputed=(status == "disputed"),
+        recommendation=recommend(status, perms),
+        risk=risk_level(status, perms),
+        passport=passport,
+        permissions=perms,
+    )
+
+
+async def verify(slug: str, *, api_url: str | None = None) -> VerifyResult:
+    """Fetch a passport and return a VerifyResult with recommendation and risk level."""
+    passport = await get(slug, api_url=api_url)
+    return _build_result(passport)
+
+
+async def get(slug: str, *, api_url: str | None = None) -> dict:
+    """Fetch the raw passport dict for a slug."""
+    client = _Client(base_url=api_url)
+    return await client.get(f"/tools/{slug}")
+
+
+async def search(
+    query: str,
+    *,
+    trust_status: str | None = None,
+    api_url: str | None = None,
+) -> list[dict]:
+    """Search tools by query. Returns list of raw passport dicts."""
+    client = _Client(base_url=api_url)
+    page = await client.get("/tools", q=query, trust_status=trust_status)
+    return page.get("items", [])
+
+
+async def list(  # noqa: A001
+    *,
+    page: int = 1,
+    limit: int = 20,
+    trust_status: str | None = None,
+    api_url: str | None = None,
+) -> ToolsPage:
+    """List tools with optional filters. Returns a ToolsPage."""
+    client = _Client(base_url=api_url)
+    data = await client.get(
+        "/tools", page=page, limit=limit, trust_status=trust_status
+    )
+    return ToolsPage(
+        items=data.get("items", []),
+        total=data.get("total", 0),
+        page=data.get("page", page),
+        limit=data.get("limit", limit),
+    )
+
+
+def verify_sync(slug: str, *, api_url: str | None = None) -> VerifyResult:
+    """Synchronous wrapper for verify(). Do not call from an async context."""
+    return asyncio.run(verify(slug, api_url=api_url))
+
+
+def get_sync(slug: str, *, api_url: str | None = None) -> dict:
+    """Synchronous wrapper for get(). Do not call from an async context."""
+    return asyncio.run(get(slug, api_url=api_url))

opentrust/_client.py

@@ -0,0 +1,31 @@
+"""Internal async HTTP client wrapping httpx."""
+from __future__ import annotations
+
+import os
+from typing import Any
+
+import httpx
+
+_DEFAULT_URL = "https://api-kappa-pied-59.vercel.app"
+
+
+class _Client:
+    def __init__(
+        self,
+        base_url: str | None = None,
+        transport: httpx.AsyncBaseTransport | None = None,
+    ) -> None:
+        self._base = (
+            base_url or os.getenv("OPENTRUST_API_URL") or _DEFAULT_URL
+        ).rstrip("/")
+        self._transport = transport
+
+    async def get(self, path: str, **params: Any) -> Any:
+        """GET /api/v1{path} with optional query params (None values are dropped)."""
+        filtered = {k: v for k, v in params.items() if v is not None}
+        async with httpx.AsyncClient(
+            base_url=self._base, transport=self._transport
+        ) as client:
+            resp = await client.get(f"/api/v1{path}", params=filtered)
+            resp.raise_for_status()
+            return resp.json()

opentrust/_recommend.py

@@ -0,0 +1,60 @@
+"""Recommendation table and risk logic for OpenTrust trust statuses."""
+
+TRUST_LEVELS: dict[str, int] = {
+    "auto_generated_draft": 1,
+    "creator_claimed": 2,
+    "seller_confirmed": 3,
+    "community_reviewed": 4,
+    "reviewer_signed": 5,
+    "security_checked": 6,
+    "continuously_monitored": 7,
+    "disputed": 0,
+}
+
+_RECOMMENDATIONS: dict[int, str] = {
+    0: "⛔ Under active dispute. Do not use until resolved.",
+    1: "Auto-generated draft. Do not use in any agent workflow.",
+    2: "Creator claimed. Verify source independently before use.",
+    3: "Seller confirmed. Suitable for sandboxed/test environments only.",
+    4: "Community reviewed. Safe for low-risk tasks. Require level 6+ for production.",
+    5: "Reviewer signed. Suitable for most production tasks without sensitive permissions.",
+    6: "Security checked. Safe for production including sensitive permissions.",
+    7: "Continuously monitored. Highest trust level available.",
+}
+
+
+def _perm_active(val: object) -> bool:
+    """Return True if a permission value represents an active/granted permission."""
+    if val is True:
+        return True
+    if val and isinstance(val, dict):
+        return any(
+            v is True or (isinstance(v, list) and len(v) > 0)
+            for v in val.values()
+        )
+    return False
+
+
+def recommend(trust_status: str, permission_manifest: dict) -> str:
+    """Return a plain-English recommendation for a trust status + permission manifest."""
+    level = TRUST_LEVELS.get(trust_status, 1)
+    text = _RECOMMENDATIONS.get(level, _RECOMMENDATIONS[1])
+    if _perm_active(permission_manifest.get("wallet")):
+        text += " ⚠ Wallet access active — verify payment amounts before use."
+    if _perm_active(permission_manifest.get("terminal")):
+        text += " ⚠ Terminal access active — review allowed commands carefully."
+    return text
+
+
+def risk_level(trust_status: str, permission_manifest: dict) -> str:
+    """Return 'low', 'medium', or 'high' risk for a trust status + permission manifest."""
+    if trust_status == "disputed":
+        return "high"
+    level = TRUST_LEVELS.get(trust_status, 1)
+    dangerous = {"wallet", "terminal", "private_data", "browser"}
+    n = sum(1 for k in dangerous if _perm_active(permission_manifest.get(k)))
+    if level <= 2 or n >= 2:
+        return "high"
+    if n == 1 or level <= 4:
+        return "medium"
+    return "low"

opentrust/_types.py

@@ -0,0 +1,21 @@
+from dataclasses import dataclass
+
+
+@dataclass
+class VerifyResult:
+    slug: str
+    trust_status: str       # e.g. "community_reviewed"
+    trust_level: int        # 1–7; 0 if trust_status == "disputed"
+    is_disputed: bool       # True when trust_status == "disputed"
+    recommendation: str     # plain-English guidance
+    risk: str               # "low" | "medium" | "high"
+    passport: dict          # full raw passport
+    permissions: dict       # permission_manifest
+
+
+@dataclass
+class ToolsPage:
+    items: list[dict]
+    total: int
+    page: int
+    limit: int

opentrust/mcp.py

@@ -0,0 +1,69 @@
+"""OpenTrust MCP server — exposes trust registry as MCP tools via stdio."""
+from __future__ import annotations
+
+try:
+    from mcp.server.fastmcp import FastMCP
+except ImportError as exc:
+    raise ImportError(
+        "MCP server requires the mcp extra: pip install opentrust-sdk[mcp]"
+    ) from exc
+
+import opentrust
+
+mcp_server = FastMCP(
+    "OpenTrust",
+    instructions=(
+        "Query the OpenTrust tool trust registry. "
+        "Use verify_tool before calling any external tool to check its "
+        "trust status and permissions."
+    ),
+)
+
+
+@mcp_server.tool()
+async def verify_tool(slug: str) -> dict:
+    """Look up a tool's trust passport and get a plain-English safety recommendation."""
+    result = await opentrust.verify(slug)
+    return {
+        "passport": result.passport,
+        "trust_status": result.trust_status,
+        "trust_level": result.trust_level,
+        "is_disputed": result.is_disputed,
+        "recommendation": result.recommendation,
+        "risk": result.risk,
+        "permissions": result.permissions,
+    }
+
+
+@mcp_server.tool()
+async def search_tools(query: str, trust_status: str = "") -> list:
+    """Search the OpenTrust registry for tools matching a query."""
+    tools = await opentrust.search(query, trust_status=trust_status or None)
+    return [
+        {
+            "slug": t.get("slug"),
+            "name": t.get("name"),
+            "trust_status": t.get("trust_status"),
+            "description": t.get("description", ""),
+        }
+        for t in tools
+    ]
+
+
+@mcp_server.tool()
+async def list_tools(
+    page: int = 1, limit: int = 20, trust_status: str = ""
+) -> dict:
+    """List registered tools, optionally filtered by trust level."""
+    page_result = await opentrust.list(
+        page=page, limit=limit, trust_status=trust_status or None
+    )
+    return {"items": page_result.items, "total": page_result.total}
+
+
+def main() -> None:
+    mcp_server.run()
+
+
+if __name__ == "__main__":
+    main()

opentrust_sdk-1.0.0.dist-info/METADATA

@@ -0,0 +1,60 @@
+Metadata-Version: 2.4
+Name: opentrust-sdk
+Version: 1.0.0
+Summary: Python SDK and MCP bridge for the OpenTrust tool trust registry
+Author-email: Novel Hut Studios <founder@novelhut.net>
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/Costder/opentrust
+Project-URL: Repository, https://github.com/Costder/opentrust
+Project-URL: Issues, https://github.com/Costder/opentrust/issues
+Keywords: opentrust,ai-agents,mcp,trust-registry,tool-passports
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+Requires-Dist: httpx>=0.28
+Provides-Extra: mcp
+Requires-Dist: mcp>=1.0; extra == "mcp"
+
+# opentrust-sdk
+
+Python SDK for OpenTrust, the trust registry and passport layer for AI-agent tools.
+
+Use it to verify tools, fetch passports, search the registry, and expose an MCP bridge for agent runtimes.
+
+## Install
+
+```bash
+pip install opentrust-sdk
+```
+
+For MCP support:
+
+```bash
+pip install 'opentrust-sdk[mcp]'
+```
+
+## Basic usage
+
+```python
+import asyncio
+from opentrust import verify
+
+async def main():
+    result = await verify('github/file-search-mcp')
+    print(result)
+
+asyncio.run(main())
+```
+
+## MCP bridge
+
+```bash
+opentrust-mcp
+```
+
+## Repository
+
+https://github.com/Costder/opentrust
+
+## License
+
+MIT

opentrust_sdk-1.0.0.dist-info/RECORD

@@ -0,0 +1,10 @@
+opentrust/__init__.py,sha256=NfZEnxdjDqseH04JseV3adewUnWuUYxx50-ZWNCNn30,2661
+opentrust/_client.py,sha256=rM51k36O_klQBTgrJU6SxMtoFjSK3Ur9yb1T0C-KVg8,970
+opentrust/_recommend.py,sha256=_sjJ-UP1Fac1MhdyCN3SFuEzgk_AotmibfGxtUC7KHc,2405
+opentrust/_types.py,sha256=M-lEUpJ4ed5CJ7jkuwq5M44VPRxUXUDmDF97tCXiEMo,576
+opentrust/mcp.py,sha256=8s8DflH3Quz-tNd_k4II-SXj-Zk7BGeBwe_wxrDhXoM,1971
+opentrust_sdk-1.0.0.dist-info/METADATA,sha256=aaBdr7w9BjbOk71rUDdEW_IUDIdmllfFM4SyQa7PS_Y,1233
+opentrust_sdk-1.0.0.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+opentrust_sdk-1.0.0.dist-info/entry_points.txt,sha256=H0B1EE2BUp80fn0hPcIr5ii1EroYDOXF1NFhyHAaYVI,53
+opentrust_sdk-1.0.0.dist-info/top_level.txt,sha256=IlL-VqxAmJkfN4-8bTA7IFP5WSWCUcrqLq1yK7mHOrE,10
+opentrust_sdk-1.0.0.dist-info/RECORD,,

opentrust_sdk-1.0.0.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (82.0.1)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

opentrust_sdk-1.0.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+opentrust-mcp = opentrust.mcp:main

opentrust_sdk-1.0.0.dist-info/top_level.txt

@@ -0,0 +1 @@
+opentrust