openwright-core 0.6.0__tar.gz

openwright_core-0.6.0/LICENSE

@@ -0,0 +1,52 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have
+      made, use, offer to sell, sell, import, and otherwise transfer the
+      Work.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied.
+
+   See http://www.apache.org/licenses/LICENSE-2.0 for the complete license text.
+
+   Copyright 2026 allthingsN — OpenWright maintainers.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

openwright_core-0.6.0/PKG-INFO

@@ -0,0 +1,174 @@
+Metadata-Version: 2.4
+Name: openwright-core
+Version: 0.6.0
+Summary: Agent Evidence Layer — turns AI-agent runtime behavior into signed, tamper-evident, control-mapped audit evidence.
+License: Apache-2.0
+License-File: LICENSE
+Keywords: ai-agents,compliance,evidence,audit,eu-ai-act,opentelemetry,a2a,merkle,transparency-log,attestation
+Author: OpenWright maintainers
+Requires-Python: >=3.10,<3.15
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Security
+Provides-Extra: hsm
+Provides-Extra: langgraph
+Provides-Extra: postgres
+Provides-Extra: s3
+Requires-Dist: boto3 (>=1.34) ; extra == "s3"
+Requires-Dist: cryptography (>=42)
+Requires-Dist: grpcio (>=1.60)
+Requires-Dist: jsonschema (>=4.20)
+Requires-Dist: langgraph (>=0.2) ; extra == "langgraph"
+Requires-Dist: opentelemetry-api (>=1.27)
+Requires-Dist: opentelemetry-exporter-otlp-proto-http (>=1.27)
+Requires-Dist: opentelemetry-proto (>=1.27)
+Requires-Dist: opentelemetry-sdk (>=1.27)
+Requires-Dist: protobuf (>=4.25)
+Requires-Dist: psycopg[binary] (>=3.1) ; extra == "postgres"
+Requires-Dist: pydantic (>=2.7,<3)
+Requires-Dist: python-pkcs11 (>=0.7) ; extra == "hsm"
+Requires-Dist: pyyaml (>=6)
+Requires-Dist: reportlab (>=4.1)
+Requires-Dist: typer (>=0.12)
+Description-Content-Type: text/markdown
+
+# OpenWright — the Agent Evidence Layer
+
+**Turn the runtime behavior of AI agents into signed, tamper-evident,
+control-mapped audit evidence — verifiable by anyone, offline.**
+
+OpenWright sits on top of your existing OpenTelemetry instrumentation, forks a
+copy of your agent's runtime behavior, and turns it into signed, append-only,
+tamper-evident records mapped to specific regulatory controls. The evidence is
+verifiable by a third party **without** access to your data or infrastructure,
+and the ledger holds only hashes — never prompts or PII.
+
+It ships five built-in, primary-source-cited framework crosswalks — plus a
+narrowed EU AI Act **v1** review subset (`eu-ai-act-v1`) and deployer-profile
+variants of Art. 14 (in-the-loop / on-the-loop) and Art. 27 (FRIA-gated). You can
+also write your own:
+
+| Crosswalk | Covers | Controls |
+|---|---|---|
+| EU AI Act (Reg. 2024/1689) | Art. 12, 13, 14, 26, 27, 73 (high-risk subset) | 6 |
+| NIST AI RMF 1.0 | Govern / Map / Measure / Manage subset | 7 |
+| ISO/IEC 42001:2023 | Annex A AI-management-system subset | 6 |
+| GDPR (Reg. 2016/679) | Art. 5, 22, 25, 30, 33, 35 (accountability + automated decisions) | 8 |
+| SOC 2 | Trust Services Criteria — Common Criteria + Processing Integrity | 7 |
+
+These crosswalks are **maintainer-authored and cited, but not yet legally
+reviewed** — they produce *evidence*, not a compliance determination.
+
+> **OpenWright produces _evidence that controls were exercised_. It does NOT
+> assert legal compliance, certification, or an audit opinion** — those are for
+> qualified auditors and counsel. Every artifact carries this boundary.
+
+## Install
+
+```bash
+pip install openwright-core
+```
+
+The distribution is `openwright-core`; it imports as `openwright`. Requires Python 3.10+.
+
+## Try it (one command)
+
+```bash
+openwright demo
+```
+
+Runs a complete, self-hosted, no-network demo: it instruments a sample high-risk
+agent, forks the telemetry into an evidence ledger, records human approvals and
+risk classifications, produces a **signed report** (JSON + PDF + OSCAL + SARIF)
+against the EU AI Act crosswalk, verifies it offline, and shows that tampering
+fails verification. It then **opens an interactive page in your browser** that
+walks through what happened and lets you **verify the real signed report
+yourself — offline, in-browser (WebAssembly)** — including a "Tamper" button to
+watch verification fail and a "Restore" button to watch it pass again. (Use
+`openwright demo --no-browser` for headless/CI.)
+
+It also prints where the artifacts landed and a command to verify them yourself:
+
+```bash
+openwright verify <report.json> --pubkey <public_key.pem> --deep
+```
+
+## Use it in your code
+
+```python
+from datetime import timedelta
+from openwright.ledger import FileLedgerBackend, Ledger
+from openwright.sdk import EvidenceClient
+from openwright.signing import InMemoryKeySource      # use FileKeySource in production
+from openwright.crosswalk import evaluate
+from openwright.crosswalk_loader import load_builtin
+from openwright.report import build_report
+from openwright.verify import verify_report
+
+key = InMemoryKeySource()
+ledger = Ledger(FileLedgerBackend("./ledger"), retention=timedelta(days=200))
+client = EvidenceClient(ledger, agent_id="my-agent")
+
+# Record the evidence telemetry can't infer — linked by task id.
+with client.task("task-42", context_id="session-7"):
+    approval = client.record_human_approval(reviewer="me@example.com", rationale="looks good")
+    client.record_risk_classification("high", rationale="high-impact decision", fria="FRIA-1")
+    client.record_decision(
+        output="APPROVED",
+        risk_classification="high",
+        rationale="meets policy",
+        approval_ref=approval.event_id,                # links the decision to the approval
+        control="art-14-human-oversight",
+    )
+
+# Evaluate a crosswalk, build a signed report, verify it offline.
+result = evaluate(load_builtin("eu-ai-act"), list(ledger.events()))
+report = build_report(ledger, result, key, scope_description="my agent")
+verdict = verify_report(report, trusted_public_key_raw=key.public_key_raw())
+
+print({c["control_id"]: c["status"] for c in report["controls"]})
+print("verified offline:", verdict.valid)
+```
+
+## Collect from a live agent
+
+Point your app's OTLP exporter at the collector; your existing backend keeps
+receiving telemetry unchanged while a copy is forked into the evidence ledger:
+
+```bash
+openwright collector --downstream http://your-existing-otlp-backend:4318
+```
+
+## CLI
+
+```
+openwright demo                       Run the full end-to-end demo.
+openwright collector --downstream URL Run the OTLP collector (gRPC+HTTP); fan out + fork to ledger.
+openwright report  LEDGER --key K     Build a signed report (JSON/PDF/OSCAL/SARIF) from a ledger.
+openwright verify  REPORT --pubkey K  Verify a signed report offline (--deep re-checks verdicts).
+openwright gate    REPORT -r CONTROL  CI/CD gate: non-zero exit if a required control is unsatisfied.
+openwright crosswalks                 List built-in crosswalks.
+openwright connectors list            List installed connectors (sources/forwarders/exporters/storage).
+openwright export  REPORT --to NAME   Export a report to a sink (GRC/CI) via an installed exporter.
+openwright keygen  --out key.pem      Generate an Ed25519 signing key you control.
+openwright version
+```
+
+## Connectors
+
+OpenWright exposes a small, versioned **connector contract** (`openwright.connectors`,
+v1.0): framework-capture sources, downstream forwarders, report exporters, and
+pluggable ledger/checkpoint storage backends. Connectors are independently
+installable `openwright-<name>` packages discovered via entry points — **core never
+depends on a connector**, so adding one needs zero core change. Resolve storage by
+URI (`openwright collector --ledger-backend postgres://… --checkpoint-store s3://…`)
+and see what's installed with `openwright connectors list`.
+
+Run `openwright --help` for the full list.
+
+## License
+
+Apache-2.0.
+

openwright_core-0.6.0/README.pypi.md

@@ -0,0 +1,137 @@
+# OpenWright — the Agent Evidence Layer
+
+**Turn the runtime behavior of AI agents into signed, tamper-evident,
+control-mapped audit evidence — verifiable by anyone, offline.**
+
+OpenWright sits on top of your existing OpenTelemetry instrumentation, forks a
+copy of your agent's runtime behavior, and turns it into signed, append-only,
+tamper-evident records mapped to specific regulatory controls. The evidence is
+verifiable by a third party **without** access to your data or infrastructure,
+and the ledger holds only hashes — never prompts or PII.
+
+It ships five built-in, primary-source-cited framework crosswalks — plus a
+narrowed EU AI Act **v1** review subset (`eu-ai-act-v1`) and deployer-profile
+variants of Art. 14 (in-the-loop / on-the-loop) and Art. 27 (FRIA-gated). You can
+also write your own:
+
+| Crosswalk | Covers | Controls |
+|---|---|---|
+| EU AI Act (Reg. 2024/1689) | Art. 12, 13, 14, 26, 27, 73 (high-risk subset) | 6 |
+| NIST AI RMF 1.0 | Govern / Map / Measure / Manage subset | 7 |
+| ISO/IEC 42001:2023 | Annex A AI-management-system subset | 6 |
+| GDPR (Reg. 2016/679) | Art. 5, 22, 25, 30, 33, 35 (accountability + automated decisions) | 8 |
+| SOC 2 | Trust Services Criteria — Common Criteria + Processing Integrity | 7 |
+
+These crosswalks are **maintainer-authored and cited, but not yet legally
+reviewed** — they produce *evidence*, not a compliance determination.
+
+> **OpenWright produces _evidence that controls were exercised_. It does NOT
+> assert legal compliance, certification, or an audit opinion** — those are for
+> qualified auditors and counsel. Every artifact carries this boundary.
+
+## Install
+
+```bash
+pip install openwright-core
+```
+
+The distribution is `openwright-core`; it imports as `openwright`. Requires Python 3.10+.
+
+## Try it (one command)
+
+```bash
+openwright demo
+```
+
+Runs a complete, self-hosted, no-network demo: it instruments a sample high-risk
+agent, forks the telemetry into an evidence ledger, records human approvals and
+risk classifications, produces a **signed report** (JSON + PDF + OSCAL + SARIF)
+against the EU AI Act crosswalk, verifies it offline, and shows that tampering
+fails verification. It then **opens an interactive page in your browser** that
+walks through what happened and lets you **verify the real signed report
+yourself — offline, in-browser (WebAssembly)** — including a "Tamper" button to
+watch verification fail and a "Restore" button to watch it pass again. (Use
+`openwright demo --no-browser` for headless/CI.)
+
+It also prints where the artifacts landed and a command to verify them yourself:
+
+```bash
+openwright verify <report.json> --pubkey <public_key.pem> --deep
+```
+
+## Use it in your code
+
+```python
+from datetime import timedelta
+from openwright.ledger import FileLedgerBackend, Ledger
+from openwright.sdk import EvidenceClient
+from openwright.signing import InMemoryKeySource      # use FileKeySource in production
+from openwright.crosswalk import evaluate
+from openwright.crosswalk_loader import load_builtin
+from openwright.report import build_report
+from openwright.verify import verify_report
+
+key = InMemoryKeySource()
+ledger = Ledger(FileLedgerBackend("./ledger"), retention=timedelta(days=200))
+client = EvidenceClient(ledger, agent_id="my-agent")
+
+# Record the evidence telemetry can't infer — linked by task id.
+with client.task("task-42", context_id="session-7"):
+    approval = client.record_human_approval(reviewer="me@example.com", rationale="looks good")
+    client.record_risk_classification("high", rationale="high-impact decision", fria="FRIA-1")
+    client.record_decision(
+        output="APPROVED",
+        risk_classification="high",
+        rationale="meets policy",
+        approval_ref=approval.event_id,                # links the decision to the approval
+        control="art-14-human-oversight",
+    )
+
+# Evaluate a crosswalk, build a signed report, verify it offline.
+result = evaluate(load_builtin("eu-ai-act"), list(ledger.events()))
+report = build_report(ledger, result, key, scope_description="my agent")
+verdict = verify_report(report, trusted_public_key_raw=key.public_key_raw())
+
+print({c["control_id"]: c["status"] for c in report["controls"]})
+print("verified offline:", verdict.valid)
+```
+
+## Collect from a live agent
+
+Point your app's OTLP exporter at the collector; your existing backend keeps
+receiving telemetry unchanged while a copy is forked into the evidence ledger:
+
+```bash
+openwright collector --downstream http://your-existing-otlp-backend:4318
+```
+
+## CLI
+
+```
+openwright demo                       Run the full end-to-end demo.
+openwright collector --downstream URL Run the OTLP collector (gRPC+HTTP); fan out + fork to ledger.
+openwright report  LEDGER --key K     Build a signed report (JSON/PDF/OSCAL/SARIF) from a ledger.
+openwright verify  REPORT --pubkey K  Verify a signed report offline (--deep re-checks verdicts).
+openwright gate    REPORT -r CONTROL  CI/CD gate: non-zero exit if a required control is unsatisfied.
+openwright crosswalks                 List built-in crosswalks.
+openwright connectors list            List installed connectors (sources/forwarders/exporters/storage).
+openwright export  REPORT --to NAME   Export a report to a sink (GRC/CI) via an installed exporter.
+openwright keygen  --out key.pem      Generate an Ed25519 signing key you control.
+openwright version
+```
+
+## Connectors
+
+OpenWright exposes a small, versioned **connector contract** (`openwright.connectors`,
+v1.0): framework-capture sources, downstream forwarders, report exporters, and
+pluggable ledger/checkpoint storage backends. Connectors are independently
+installable `openwright-<name>` packages discovered via entry points — **core never
+depends on a connector**, so adding one needs zero core change. Resolve storage by
+URI (`openwright collector --ledger-backend postgres://… --checkpoint-store s3://…`)
+and see what's installed with `openwright connectors list`.
+
+Run `openwright --help` for the full list.
+
+## License
+
+Apache-2.0.

openwright_core-0.6.0/pyproject.toml

@@ -0,0 +1,81 @@
+[project]
+name = "openwright-core"
+version = "0.6.0"
+description = "Agent Evidence Layer — turns AI-agent runtime behavior into signed, tamper-evident, control-mapped audit evidence."
+# Public PyPI long-description: a self-contained subset of README.md with the
+# internal-repo "Documentation" + "Project layout" sections removed (the source
+# repo is private). The full README.md stays the in-repo doc for org members.
+readme = "README.pypi.md"
+requires-python = ">=3.10,<3.15"
+license = { text = "Apache-2.0" }
+authors = [{ name = "OpenWright maintainers" }]
+keywords = [
+    "ai-agents", "compliance", "evidence", "audit", "eu-ai-act",
+    "opentelemetry", "a2a", "merkle", "transparency-log", "attestation",
+]
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: Apache Software License",
+    "Programming Language :: Python :: 3",
+    "Topic :: Security",
+]
+
+# Core dependencies. The standalone verifier (openwright.verify) deliberately
+# imports ONLY `cryptography` + the standard library so it can be audited and
+# run in isolation (FR-VER-03). Everything else below supports producing
+# evidence; the verifier does not need it.
+dependencies = [
+    "pydantic>=2.7,<3",
+    "cryptography>=42",
+    "pyyaml>=6",
+    "jsonschema>=4.20",
+    "typer>=0.12",
+    "reportlab>=4.1",
+    # OTLP ingest + example agent (FR-ING-01/02/03, AC-01).
+    "opentelemetry-api>=1.27",
+    "opentelemetry-sdk>=1.27",
+    "opentelemetry-exporter-otlp-proto-http>=1.27",
+    "opentelemetry-proto>=1.27",
+    "protobuf>=4.25",
+    # gRPC ingest transport (FR-ING-01). Lazily imported so the rest of the
+    # system works even if the wheel is unavailable on a given platform.
+    "grpcio>=1.60",
+]
+
+[project.optional-dependencies]
+langgraph = ["langgraph>=0.2"]
+# Production storage/crypto backends. Each is lazily imported so the default
+# install — and especially the shallow verifier (INV-2) — never pulls them in.
+postgres = ["psycopg[binary]>=3.1"]
+s3 = ["boto3>=1.34"]
+hsm = ["python-pkcs11>=0.7"]
+
+[project.scripts]
+openwright = "openwright.cli:main"
+
+# [project.urls] intentionally omitted: the source repo is private, so public
+# Homepage/Documentation links would 404 on PyPI. Restore when a public site exists.
+
+[tool.poetry]
+packages = [
+    { include = "openwright", from = "src" },
+]
+
+[tool.poetry.group.dev.dependencies]
+pytest = "^8.2"
+pytest-timeout = "^2.3"
+# Backend tests (V2/V3/V4) run against real/emulated services when present and
+# skip cleanly otherwise, so the default suite needs no infrastructure.
+psycopg = { version = "^3.1", extras = ["binary"] }
+boto3 = "^1.34"
+moto = { version = "^5.0", extras = ["s3", "kms"] }
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+addopts = "-q"
+timeout = 120
+
+[build-system]
+requires = ["poetry-core>=2.0"]
+build-backend = "poetry.core.masonry.api"

openwright_core-0.6.0/src/openwright/__init__.py

@@ -0,0 +1,20 @@
+"""OpenWright — the Agent Evidence Layer.
+
+OpenWright turns the runtime behavior of AI agents into signed, tamper-evident,
+control-mapped audit evidence: telemetry/SDK signals → a canonical
+``ComplianceEvent`` → declarative regulatory crosswalks → an append-only Merkle
+log → signed reports → independent verification.
+
+Boundary (non-negotiable, see FR-RPT-07 / NFR-COMP-01): OpenWright produces
+*evidence that controls were exercised*. It does NOT assert or imply legal
+compliance, certification, or fitness. Those are judgments reserved for
+qualified auditors and counsel.
+"""
+
+__version__ = "0.6.0"
+
+# Schema version for the canonical event model. Bumped independently of the
+# package version; readers MUST tolerate unknown future fields (DR-04).
+COMPLIANCE_EVENT_SCHEMA_VERSION = "1.0.0"
+
+__all__ = ["__version__", "COMPLIANCE_EVENT_SCHEMA_VERSION"]

openwright_core-0.6.0/src/openwright/_ed25519_pure.py

@@ -0,0 +1,98 @@
+"""Pure-Python Ed25519 signature *verification* (RFC 8032).
+
+Used as a fallback by the verifier when the ``cryptography`` package is not
+available — e.g. when running the verifier inside a stock WASM Python (Pyodide)
+in the browser (FR-VER-04 [P2]). With this fallback the verifier needs **zero
+third-party dependencies**, only the standard library.
+
+This implements verification only (never signing); it follows the cofactorless
+group-equation check ``[S]B == R + [k]A`` from RFC 8032 §5.1.7, which accepts all
+signatures produced by a compliant signer (e.g. ``cryptography``). It is not
+constant-time, which is fine — verification uses only public data.
+"""
+
+from __future__ import annotations
+
+import hashlib
+
+_P = 2**255 - 19
+_L = 2**252 + 27742317777372353535851937790883648493
+
+
+def _inv(x: int) -> int:
+    return pow(x, _P - 2, _P)
+
+
+_D = (-121665 * _inv(121666)) % _P
+_I = pow(2, (_P - 1) // 4, _P)
+
+
+def _xrecover(y: int) -> int:
+    xx = (y * y - 1) * _inv(_D * y * y + 1)
+    x = pow(xx, (_P + 3) // 8, _P)
+    if (x * x - xx) % _P != 0:
+        x = (x * _I) % _P
+    if x % 2 != 0:
+        x = _P - x
+    return x
+
+
+_BY = (4 * _inv(5)) % _P
+_BX = _xrecover(_BY) % _P
+_B = (_BX, _BY)
+
+
+def _edwards_add(p1, p2):
+    x1, y1 = p1
+    x2, y2 = p2
+    denom = _inv(1 + _D * x1 * x2 * y1 * y2)
+    x3 = (x1 * y2 + x2 * y1) * denom % _P
+    denom2 = _inv(1 - _D * x1 * x2 * y1 * y2)
+    y3 = (y1 * y2 + x1 * x2) * denom2 % _P
+    return (x3, y3)
+
+
+def _scalarmult(point, e: int):
+    result = (0, 1)  # neutral element
+    addend = point
+    while e > 0:
+        if e & 1:
+            result = _edwards_add(result, addend)
+        addend = _edwards_add(addend, addend)
+        e >>= 1
+    return result
+
+
+def _is_on_curve(point) -> bool:
+    x, y = point
+    return (-x * x + y * y - 1 - _D * x * x * y * y) % _P == 0
+
+
+def _decodepoint(s: bytes):
+    val = int.from_bytes(s, "little")
+    y = val & ((1 << 255) - 1)
+    x = _xrecover(y)
+    if (x & 1) != ((val >> 255) & 1):
+        x = _P - x
+    point = (x, y)
+    if not _is_on_curve(point):
+        raise ValueError("point not on curve")
+    return point
+
+
+def verify(public_key: bytes, signature: bytes, message: bytes) -> bool:
+    """Return True iff ``signature`` is a valid Ed25519 signature of ``message``."""
+    if len(signature) != 64 or len(public_key) != 32:
+        return False
+    try:
+        r_point = _decodepoint(signature[:32])
+        a_point = _decodepoint(public_key)
+    except (ValueError, Exception):  # noqa: BLE001
+        return False
+    s = int.from_bytes(signature[32:], "little")
+    if s >= _L:
+        return False
+    h = int.from_bytes(hashlib.sha512(signature[:32] + public_key + message).digest(), "little") % _L
+    sb = _scalarmult(_B, s)
+    ha = _scalarmult(a_point, h)
+    return sb == _edwards_add(r_point, ha)

openwright_core-0.6.0/src/openwright/adapters/__init__.py

@@ -0,0 +1,37 @@
+"""Source-format adapters (FR-NRM-03).
+
+Each adapter isolates one upstream convention so that a change there (e.g. the
+OTel GenAI conventions leaving experimental status — C-01) requires editing only
+that adapter, never the core or the canonical event schema. Adapters are
+deliberately proto-agnostic: they consume plain Python dicts, so the ingest
+layer owns OTLP/protobuf decoding.
+"""
+
+from .base import SpanData
+from .otel_genai import span_to_event
+from .a2a import reconstruct_provenance
+from .langfuse import apply_langfuse_precedence, has_langfuse_attributes
+from .sarif_in import sarif_to_events
+from .policy import policy_decisions_to_events
+from .receipt import (
+    SignedActionReceiptSource,
+    ReceiptSource,
+    ReceiptVerificationError,
+    receipt_to_event,
+    sign_receipt,
+)
+
+__all__ = [
+    "SpanData",
+    "span_to_event",
+    "reconstruct_provenance",
+    "apply_langfuse_precedence",
+    "has_langfuse_attributes",
+    "sarif_to_events",
+    "policy_decisions_to_events",
+    "SignedActionReceiptSource",
+    "ReceiptSource",
+    "ReceiptVerificationError",
+    "receipt_to_event",
+    "sign_receipt",
+]

openwright_core-0.6.0/src/openwright/adapters/a2a.py

@@ -0,0 +1,71 @@
+"""A2A task-provenance reconstruction (FR-ING-05).
+
+Verified against the A2A spec (v0.3.0): a ``Task`` has ``id`` and ``contextId``
+but NO parent-task field; cross-task lineage is expressed softly via
+``Message.referenceTaskIds`` and grouping via ``contextId``. OpenWright therefore
+*reconstructs* a parent/root chain from those signals — the ``parent_task_id``
+and ``root_task_id`` on a :class:`Provenance` are OpenWright-derived, not native
+A2A fields. Absent A2A, provenance degrades to single-event records (A-02).
+
+All A2A-origin data is treated as untrusted input (FR-ING-10): IDs are used only
+as opaque correlation keys, never interpreted or executed.
+"""
+
+from __future__ import annotations
+
+from typing import Dict, List, Optional
+
+from ..events import Provenance
+
+
+def reconstruct_provenance(
+    task_id: Optional[str],
+    context_id: Optional[str] = None,
+    reference_task_ids: Optional[List[str]] = None,
+    known: Optional[Dict[str, Provenance]] = None,
+) -> Provenance:
+    """Reconstruct parent/root for ``task_id`` from A2A signals.
+
+    ``known`` maps already-seen task IDs to their reconstructed provenance, used
+    to walk the root chain. ``reference_task_ids`` (from the triggering Message)
+    yields the parent; the root is the parent's root, or this task if it has none.
+    """
+    known = known or {}
+    parent_task_id = reference_task_ids[0] if reference_task_ids else None
+
+    if parent_task_id and parent_task_id in known and known[parent_task_id].root_task_id:
+        root_task_id = known[parent_task_id].root_task_id
+    elif parent_task_id:
+        root_task_id = parent_task_id  # parent unseen; best-effort root = parent
+    else:
+        root_task_id = task_id  # no parent → this task is its own root
+
+    return Provenance(
+        task_id=task_id,
+        context_id=context_id,
+        parent_task_id=parent_task_id,
+        root_task_id=root_task_id,
+    )
+
+
+# Attribute keys some instrumentations use to carry A2A identifiers on spans.
+A2A_TASK_ID = "a2a.task.id"
+A2A_CONTEXT_ID = "a2a.context.id"
+A2A_REFERENCE_TASK_IDS = "a2a.reference_task_ids"
+
+
+def provenance_from_attributes(
+    attrs: Dict[str, object], known: Optional[Dict[str, Provenance]] = None
+) -> Optional[Provenance]:
+    """Reconstruct provenance from A2A identifiers carried as span attributes."""
+    task_id = attrs.get(A2A_TASK_ID)
+    if not task_id:
+        return None
+    refs = attrs.get(A2A_REFERENCE_TASK_IDS)
+    ref_list = list(refs) if isinstance(refs, (list, tuple)) else ([refs] if refs else None)
+    return reconstruct_provenance(
+        str(task_id),
+        context_id=str(attrs[A2A_CONTEXT_ID]) if attrs.get(A2A_CONTEXT_ID) else None,
+        reference_task_ids=[str(r) for r in ref_list] if ref_list else None,
+        known=known,
+    )