proof-engine-registry 1.33.0__tar.gz

proof_engine_registry-1.33.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Yaniv Golan
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

proof_engine_registry-1.33.0/PKG-INFO

@@ -0,0 +1,136 @@
+Metadata-Version: 2.4
+Name: proof-engine-registry
+Version: 1.33.0
+Summary: Proof Registry protocol: client, reference server, and static-JSON emitter.
+Author-email: Yaniv Golan <yaniv@lool.vc>
+License: MIT License
+        
+        Copyright (c) 2026 Yaniv Golan
+        
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+        
+        The above copyright notice and this permission notice shall be included in all
+        copies or substantial portions of the Software.
+        
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+        SOFTWARE.
+        
+Project-URL: Homepage, https://proofengine.info
+Project-URL: Repository, https://github.com/yaniv-golan/proof-engine
+Project-URL: Documentation, https://github.com/yaniv-golan/proof-engine/blob/main/docs/registry-protocol.md
+Project-URL: Issues, https://github.com/yaniv-golan/proof-engine/issues
+Project-URL: Changelog, https://github.com/yaniv-golan/proof-engine/blob/main/CHANGELOG.md
+Project-URL: Source, https://github.com/yaniv-golan/proof-engine/tree/main/packages/proof-engine-registry
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3.11
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: requests>=2.31
+Requires-Dist: tomli>=2.0; python_version < "3.11"
+Provides-Extra: test
+Requires-Dist: pytest; extra == "test"
+Requires-Dist: jsonschema>=4.0; extra == "test"
+Dynamic: license-file
+
+# proof-engine-registry
+
+Protocol, client, and reference server for the Proof Registry — the
+JSON-over-HTTPS layer that lets LLM wikis (and other tools) ask
+"is this claim already proven?" and either use the existing proof or
+commission a new one.
+
+Spec: [`docs/registry-protocol.md`](../../docs/registry-protocol.md).
+
+## Install
+
+    pip install proof-engine-registry
+
+## Config
+
+    ~/.config/proof-engine/registries.toml
+
+```toml
+[[registry]]
+name = "public"
+url = "https://proofengine.info"
+
+[[registry]]
+name = "acme-internal"
+url = "https://proofs.acme.com"
+token_env = "ACME_PROOFS_TOKEN"
+publish = true
+```
+
+## Client
+
+```python
+from proof_engine_registry import RegistryClient, load_registries
+client = RegistryClient(load_registries())
+hit = client.lookup("The sky is blue.")
+if hit:
+    print(hit.proof_url)
+```
+
+## Self-host
+
+    proof-registry serve ./my-proofs --port 8080 --token-env MY_TOKEN
+
+Useful flags:
+
+| Flag                  | Default                              | Purpose                                                                                              |
+|-----------------------|--------------------------------------|------------------------------------------------------------------------------------------------------|
+| `--token-env`         | (none)                               | Env var holding the bearer token required for `POST /proofs`. Omit to disable publishing.            |
+| `--cors-origin`       | `*`                                  | Value for `Access-Control-Allow-Origin` on read responses. Use a specific origin to restrict access. |
+| `--log-json`          | off                                  | Emit one JSON access record per request to stderr. Authorization headers are never logged.           |
+| `--problem-type-base` | `https://proofengine.info/errors`    | Base URI for `type` fields in RFC 7807 error bodies. Override to point at your own docs.             |
+
+### Production deployment
+
+The reference server uses plain stdlib HTTP and binds to `127.0.0.1` by
+default. Suitable for development and local team use. **For public
+exposure over the open internet**, front the server with a TLS-terminating
+reverse proxy (nginx, Caddy, Cloudflare, AWS ALB) and route only
+encrypted traffic from the proxy to the server. Bearer tokens MUST NOT
+travel the network in cleartext.
+
+## Errors
+
+JSON error responses follow [RFC 7807 Problem Details](https://datatracker.ietf.org/doc/html/rfc7807):
+
+```http
+HTTP/1.1 404 Not Found
+Content-Type: application/problem+json
+
+{
+  "type": "https://proofengine.info/errors/not-found",
+  "status": 404,
+  "title": "Resource not found",
+  "detail": "no proof with that claim_hash",
+  "code": "not_found"
+}
+```
+
+The `code` field preserves the legacy short machine key for
+log-aggregation tooling. Full canonical-error table in the
+[protocol spec](../../docs/registry-protocol.md).
+
+## Conformance
+
+A protocol-version-aware conformance suite ships with the package:
+
+    cd packages/proof-engine-registry && python -m pytest tests/test_conformance.py -v
+
+It runs against both the static-JSON emit and the reference server.
+Any third-party server claiming to speak the protocol can run the same
+suite.

proof_engine_registry-1.33.0/README.md

@@ -0,0 +1,91 @@
+# proof-engine-registry
+
+Protocol, client, and reference server for the Proof Registry — the
+JSON-over-HTTPS layer that lets LLM wikis (and other tools) ask
+"is this claim already proven?" and either use the existing proof or
+commission a new one.
+
+Spec: [`docs/registry-protocol.md`](../../docs/registry-protocol.md).
+
+## Install
+
+    pip install proof-engine-registry
+
+## Config
+
+    ~/.config/proof-engine/registries.toml
+
+```toml
+[[registry]]
+name = "public"
+url = "https://proofengine.info"
+
+[[registry]]
+name = "acme-internal"
+url = "https://proofs.acme.com"
+token_env = "ACME_PROOFS_TOKEN"
+publish = true
+```
+
+## Client
+
+```python
+from proof_engine_registry import RegistryClient, load_registries
+client = RegistryClient(load_registries())
+hit = client.lookup("The sky is blue.")
+if hit:
+    print(hit.proof_url)
+```
+
+## Self-host
+
+    proof-registry serve ./my-proofs --port 8080 --token-env MY_TOKEN
+
+Useful flags:
+
+| Flag                  | Default                              | Purpose                                                                                              |
+|-----------------------|--------------------------------------|------------------------------------------------------------------------------------------------------|
+| `--token-env`         | (none)                               | Env var holding the bearer token required for `POST /proofs`. Omit to disable publishing.            |
+| `--cors-origin`       | `*`                                  | Value for `Access-Control-Allow-Origin` on read responses. Use a specific origin to restrict access. |
+| `--log-json`          | off                                  | Emit one JSON access record per request to stderr. Authorization headers are never logged.           |
+| `--problem-type-base` | `https://proofengine.info/errors`    | Base URI for `type` fields in RFC 7807 error bodies. Override to point at your own docs.             |
+
+### Production deployment
+
+The reference server uses plain stdlib HTTP and binds to `127.0.0.1` by
+default. Suitable for development and local team use. **For public
+exposure over the open internet**, front the server with a TLS-terminating
+reverse proxy (nginx, Caddy, Cloudflare, AWS ALB) and route only
+encrypted traffic from the proxy to the server. Bearer tokens MUST NOT
+travel the network in cleartext.
+
+## Errors
+
+JSON error responses follow [RFC 7807 Problem Details](https://datatracker.ietf.org/doc/html/rfc7807):
+
+```http
+HTTP/1.1 404 Not Found
+Content-Type: application/problem+json
+
+{
+  "type": "https://proofengine.info/errors/not-found",
+  "status": 404,
+  "title": "Resource not found",
+  "detail": "no proof with that claim_hash",
+  "code": "not_found"
+}
+```
+
+The `code` field preserves the legacy short machine key for
+log-aggregation tooling. Full canonical-error table in the
+[protocol spec](../../docs/registry-protocol.md).
+
+## Conformance
+
+A protocol-version-aware conformance suite ships with the package:
+
+    cd packages/proof-engine-registry && python -m pytest tests/test_conformance.py -v
+
+It runs against both the static-JSON emit and the reference server.
+Any third-party server claiming to speak the protocol can run the same
+suite.

proof_engine_registry-1.33.0/pyproject.toml

@@ -0,0 +1,40 @@
+[build-system]
+requires = ["setuptools>=68", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "proof-engine-registry"
+version = "1.33.0"
+description = "Proof Registry protocol: client, reference server, and static-JSON emitter."
+readme = "README.md"
+license = { file = "LICENSE" }
+authors = [{ name = "Yaniv Golan", email = "yaniv@lool.vc" }]
+requires-python = ">=3.11"
+dependencies = [
+  "requests>=2.31",
+  "tomli>=2.0; python_version<'3.11'",
+]
+classifiers = [
+  "License :: OSI Approved :: MIT License",
+  "Programming Language :: Python :: 3.11",
+]
+
+[project.optional-dependencies]
+test = ["pytest", "jsonschema>=4.0"]
+
+[project.scripts]
+proof-registry = "proof_engine_registry.cli:main"
+
+[project.urls]
+Homepage = "https://proofengine.info"
+Repository = "https://github.com/yaniv-golan/proof-engine"
+Documentation = "https://github.com/yaniv-golan/proof-engine/blob/main/docs/registry-protocol.md"
+Issues = "https://github.com/yaniv-golan/proof-engine/issues"
+Changelog = "https://github.com/yaniv-golan/proof-engine/blob/main/CHANGELOG.md"
+Source = "https://github.com/yaniv-golan/proof-engine/tree/main/packages/proof-engine-registry"
+
+[tool.setuptools.packages.find]
+where = ["src"]
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]

proof_engine_registry-1.33.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

proof_engine_registry-1.33.0/src/proof_engine_registry/__init__.py

@@ -0,0 +1,4 @@
+"""proof-engine-registry — Proof Registry protocol implementation."""
+
+__version__ = "1.33.0"
+__protocol_version__ = "0.1"

proof_engine_registry-1.33.0/src/proof_engine_registry/badge.py

@@ -0,0 +1,141 @@
+"""Proof badge: compact certificate for claim verification.
+
+Two artifacts per proof:
+  - badge.json — machine-readable payload
+  - badge.svg  — shields-style inline SVG for direct <img> embedding
+
+The SVG uses a fixed sans-serif stack and estimated text widths. It won't be
+pixel-perfect at all zoom levels, but it renders without external fonts and
+is byte-identical across builds (important so git diffs stay clean).
+"""
+
+from __future__ import annotations
+
+from typing import Optional
+
+from proof_engine_registry.emit import (
+    claim_text, verdict_string, confidence_from_proof,
+)
+from proof_engine_registry.hashing import hash_claim
+
+
+# Locked color map — see test_build_badge_pinned_colors.
+VERDICT_COLORS: dict[str, str] = {
+    "PROVED": "#2d8f5f",
+    "SUPPORTED": "#5eb88a",
+    "PARTIALLY VERIFIED": "#d4a017",
+    "UNDETERMINED": "#888888",
+    "DISPROVED": "#c75450",
+}
+
+BADGE_SCHEMA_VERSION = "1.0"
+
+
+def _color_for(verdict: str) -> str:
+    """Pick a color by the leading verdict family (ignoring any qualifier)."""
+    for family, color in VERDICT_COLORS.items():
+        if verdict.startswith(family):
+            return color
+    return VERDICT_COLORS["UNDETERMINED"]
+
+
+def build_badge(proof: dict, slug: str, doi: Optional[str],
+                base_url: str) -> dict:
+    """Build the badge payload from a v3 proof.json dict.
+
+    `slug` and `doi` are passed explicitly because they live outside
+    proof.json (slug is the dir name; DOI is in a sibling doi.json).
+    """
+    base = base_url.rstrip("/")
+    claim = claim_text(proof)
+    verdict = verdict_string(proof)
+    gen = proof.get("generator") or {}
+    return {
+        "schema_version": BADGE_SCHEMA_VERSION,
+        "slug": slug,
+        "claim": claim,
+        "claim_hash": hash_claim(claim),
+        "verdict": verdict,
+        "confidence": confidence_from_proof(proof),
+        "doi": doi,
+        "proof_url": f"{base}/proofs/{slug}/",
+        "badge_svg_url": f"{base}/proofs/{slug}/badge.svg",
+        "generated_at": gen.get("generated_at", ""),
+        "colors": {
+            "verdict_bg": _color_for(verdict),
+            "verdict_fg": "#ffffff",
+        },
+    }
+
+
+# SVG layout constants — keep in one place for easy theming.
+_FONT_STACK = (
+    "-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica,Arial,sans-serif"
+)
+_LABEL_BG = "#555555"
+_LABEL_FG = "#ffffff"
+_CHAR_WIDTH = 6.5  # px, estimated for 11px sans-serif
+_PADDING = 10
+_HEIGHT = 20
+
+
+def _text_width(text: str) -> int:
+    return int(len(text) * _CHAR_WIDTH) + 2 * _PADDING
+
+
+def render_badge_svg(badge: dict) -> str:
+    label = "proof"
+    value = badge["verdict"]
+    label_w = _text_width(label)
+    value_w = _text_width(value)
+    total_w = label_w + value_w
+    value_bg = badge["colors"]["verdict_bg"]
+    # Defense-in-depth: verdict is a controlled enum today, but escape on
+    # the way into XML attributes and text nodes so a future qualifier
+    # string with `<` / `&` / `"` cannot break the SVG.
+    value_esc = _escape_html(value)
+    label_esc = _escape_html(label)
+
+    svg = (
+        f'<svg xmlns="http://www.w3.org/2000/svg" '
+        f'width="{total_w}" height="{_HEIGHT}" role="img" '
+        f'aria-label="proof: {value_esc}">'
+        f'<title>proof: {value_esc}</title>'
+        f'<linearGradient id="s" x2="0" y2="100%">'
+        f'<stop offset="0" stop-color="#bbb" stop-opacity=".1"/>'
+        f'<stop offset="1" stop-opacity=".1"/>'
+        f'</linearGradient>'
+        f'<rect width="{total_w}" height="{_HEIGHT}" rx="3" fill="{_LABEL_BG}"/>'
+        f'<rect x="{label_w}" width="{value_w}" height="{_HEIGHT}" rx="3" fill="{value_bg}"/>'
+        f'<rect width="{total_w}" height="{_HEIGHT}" rx="3" fill="url(#s)"/>'
+        f'<g fill="{_LABEL_FG}" text-anchor="middle" '
+        f'font-family="{_FONT_STACK}" font-size="11">'
+        f'<text x="{label_w // 2}" y="14">{label_esc}</text>'
+        f'<text x="{label_w + value_w // 2}" y="14">{value_esc}</text>'
+        f'</g></svg>'
+    )
+    return svg
+
+
+def render_embed_snippets(badge: dict) -> dict[str, str]:
+    """Return the three copy-paste-ready embeds."""
+    proof_url = badge["proof_url"]
+    svg_url = badge["badge_svg_url"]
+    claim = badge["claim"]
+    return {
+        "html": (
+            f'<a href="{proof_url}" title="{_escape_html(claim)}">'
+            f'<img src="{svg_url}" alt="proof: {badge["verdict"]}"/></a>'
+        ),
+        "markdown": f'[![proof]({svg_url})]({proof_url})',
+        "url": svg_url,
+    }
+
+
+def _escape_html(s: str) -> str:
+    return (
+        s.replace("&", "&amp;")
+         .replace("<", "&lt;")
+         .replace(">", "&gt;")
+         .replace('"', "&quot;")
+    )

proof_engine_registry-1.33.0/src/proof_engine_registry/cli.py

@@ -0,0 +1,163 @@
+"""proof-registry CLI: serve | lookup | publish | emit."""
+
+from __future__ import annotations
+
+import argparse
+import json
+import os
+import sys
+from dataclasses import asdict
+from pathlib import Path
+
+from proof_engine_registry import __version__
+from proof_engine_registry.client import RegistryClient
+from proof_engine_registry.config import load_registries, Registry
+from proof_engine_registry.emit import emit_registry_files
+from proof_engine_registry.server import RegistryServer
+
+
+def _cmd_serve(args) -> int:
+    token = os.environ.get(args.token_env) if args.token_env else None
+    srv = RegistryServer(
+        proofs_dir=Path(args.proofs_dir),
+        name=args.name,
+        base_url=args.base_url or f"http://{args.bind}:{args.port}",
+        bind=args.bind, port=args.port,
+        auth_token=token,
+        cors_origin=args.cors_origin,
+        log_json=args.log_json,
+    )
+    if args.print_port_to:
+        Path(args.print_port_to).write_text(str(srv.port))
+    print(f"proof-registry serving {args.proofs_dir} on http://{args.bind}:{srv.port}",
+          file=sys.stderr)
+    try:
+        srv.serve_forever()
+    except KeyboardInterrupt:
+        srv.shutdown()
+    return 0
+
+
+def _cmd_emit(args) -> int:
+    emit_registry_files(
+        proofs_dir=Path(args.proofs_dir),
+        output_dir=Path(args.output_dir),
+        base_url=args.base_url,
+        registry_name=args.name,
+        publishes_supported=False,
+    )
+    print(f"emitted registry to {args.output_dir}", file=sys.stderr)
+    return 0
+
+
+def _cmd_lookup(args) -> int:
+    registries = load_registries()
+    if not registries:
+        print("error: no registries configured (expected ~/.config/proof-engine/registries.toml)",
+              file=sys.stderr)
+        return 2
+    client = RegistryClient(registries)
+    hit = client.lookup(args.claim)
+    if hit is None:
+        if args.json:
+            sys.stdout.write(json.dumps({"hit": False}) + "\n")
+        else:
+            sys.stdout.write("no hit\n")
+        return 1
+    payload = asdict(hit.entry) | {"registry_name": hit.registry_name}
+    if args.json:
+        sys.stdout.write(json.dumps(payload, indent=2 if args.pretty else None) + "\n")
+    else:
+        sys.stdout.write(f"{hit.registry_name}: {hit.slug} → {hit.proof_url}\n")
+    return 0
+
+
+def _cmd_publish(args) -> int:
+    # Find the one publish target.
+    registries = [r for r in load_registries() if r.publish]
+    if not registries:
+        print("error: no registry has publish = true", file=sys.stderr)
+        return 2
+    if len(registries) > 1:
+        print("error: more than one registry has publish = true (blocked by config loader)",
+              file=sys.stderr)
+        return 2
+    target = registries[0]
+    body = json.loads(Path(args.proof_json).read_text())
+    import requests
+    r = requests.post(
+        f"{target.url}/proofs",
+        json={"slug": body["slug"], "claim": body["claim"], "proof_json": body},
+        headers={"Authorization": f"Bearer {target.token}"} if target.token else {},
+        timeout=30,
+    )
+    if r.status_code == 201:
+        print(f"published {body['slug']} to {target.name}", file=sys.stderr)
+        return 0
+    print(f"publish failed: HTTP {r.status_code} {r.text}", file=sys.stderr)
+    return 1
+
+
+def build_parser() -> argparse.ArgumentParser:
+    p = argparse.ArgumentParser(prog="proof-registry")
+    p.add_argument("--version", action="version", version=__version__)
+    sub = p.add_subparsers(dest="cmd", required=True)
+
+    s = sub.add_parser(
+        "serve",
+        help="Run a self-hosted registry server.",
+        description=(
+            "Stdlib HTTP server. Suitable for development and local team "
+            "deployments. For public deployment over the open internet, "
+            "front this with a TLS-terminating reverse proxy (nginx, Caddy, "
+            "Cloudflare, etc.) — bearer tokens travel in the Authorization "
+            "header and MUST NOT cross the network in cleartext."
+        ),
+    )
+    s.add_argument("proofs_dir")
+    s.add_argument("--name", default="Self-Hosted Proof Registry")
+    s.add_argument("--base-url", default=None)
+    s.add_argument("--bind", default="127.0.0.1")
+    s.add_argument("--port", type=int, default=8080)
+    s.add_argument("--token-env", default=None,
+                   help="Env var holding the bearer token required for publishing.")
+    s.add_argument("--cors-origin", default="*",
+                   help=("Value for Access-Control-Allow-Origin on read responses. "
+                         "Default '*' for public registries; pass a specific origin "
+                         "to restrict cross-origin browser access."))
+    s.add_argument("--log-json", action="store_true",
+                   help=("Emit one structured JSON access log line per request to "
+                         "stderr. Off by default; useful for compliance/audit. "
+                         "Authorization headers are NEVER logged."))
+    s.add_argument("--print-port-to", default=None,
+                   help="Write the bound port to this file (for test orchestration).")
+    s.set_defaults(func=_cmd_serve)
+
+    e = sub.add_parser("emit", help="Emit static registry JSON from a proofs dir.")
+    e.add_argument("proofs_dir")
+    e.add_argument("output_dir")
+    e.add_argument("--base-url", required=True)
+    e.add_argument("--name", default="Proof Registry")
+    e.set_defaults(func=_cmd_emit)
+
+    l = sub.add_parser("lookup", help="Look up a claim across configured registries.")
+    l.add_argument("claim")
+    l.add_argument("--json", action="store_true")
+    l.add_argument("--pretty", action="store_true")
+    l.set_defaults(func=_cmd_lookup)
+
+    pub = sub.add_parser("publish", help="Publish a proof.json to the publish-target registry.")
+    pub.add_argument("proof_json")
+    pub.set_defaults(func=_cmd_publish)
+
+    return p
+
+
+def main(argv=None) -> int:
+    parser = build_parser()
+    args = parser.parse_args(argv)
+    return args.func(args)
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())