proofbundle 0.4.0__tar.gz → 0.4.1__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. {proofbundle-0.4.0/src/proofbundle.egg-info → proofbundle-0.4.1}/PKG-INFO +4 -4
  2. {proofbundle-0.4.0 → proofbundle-0.4.1}/README.md +3 -3
  3. {proofbundle-0.4.0 → proofbundle-0.4.1}/pyproject.toml +1 -1
  4. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle/__init__.py +1 -1
  5. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle/emit.py +2 -29
  6. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle/sdjwt.py +1 -1
  7. {proofbundle-0.4.0 → proofbundle-0.4.1/src/proofbundle.egg-info}/PKG-INFO +4 -4
  8. {proofbundle-0.4.0 → proofbundle-0.4.1}/LICENSE +0 -0
  9. {proofbundle-0.4.0 → proofbundle-0.4.1}/setup.cfg +0 -0
  10. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle/adapters/__init__.py +0 -0
  11. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle/adapters/inspect_ai.py +0 -0
  12. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle/adapters/lm_eval.py +0 -0
  13. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle/bundle.py +0 -0
  14. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle/cli.py +0 -0
  15. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle/errors.py +0 -0
  16. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle/evalclaim.py +0 -0
  17. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle/merkle.py +0 -0
  18. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle/py.typed +0 -0
  19. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle/signature.py +0 -0
  20. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle.egg-info/SOURCES.txt +0 -0
  21. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle.egg-info/dependency_links.txt +0 -0
  22. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle.egg-info/entry_points.txt +0 -0
  23. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle.egg-info/requires.txt +0 -0
  24. {proofbundle-0.4.0 → proofbundle-0.4.1}/src/proofbundle.egg-info/top_level.txt +0 -0
  25. {proofbundle-0.4.0 → proofbundle-0.4.1}/tests/test_adapters.py +0 -0
  26. {proofbundle-0.4.0 → proofbundle-0.4.1}/tests/test_bundle.py +0 -0
  27. {proofbundle-0.4.0 → proofbundle-0.4.1}/tests/test_cli.py +0 -0
  28. {proofbundle-0.4.0 → proofbundle-0.4.1}/tests/test_cli_eval.py +0 -0
  29. {proofbundle-0.4.0 → proofbundle-0.4.1}/tests/test_emit.py +0 -0
  30. {proofbundle-0.4.0 → proofbundle-0.4.1}/tests/test_eval_claim_schema.py +0 -0
  31. {proofbundle-0.4.0 → proofbundle-0.4.1}/tests/test_evalclaim.py +0 -0
  32. {proofbundle-0.4.0 → proofbundle-0.4.1}/tests/test_merkle.py +0 -0
  33. {proofbundle-0.4.0 → proofbundle-0.4.1}/tests/test_merkle_property.py +0 -0
  34. {proofbundle-0.4.0 → proofbundle-0.4.1}/tests/test_rekor_interop.py +0 -0
  35. {proofbundle-0.4.0 → proofbundle-0.4.1}/tests/test_rfc6962_external_vectors.py +0 -0
  36. {proofbundle-0.4.0 → proofbundle-0.4.1}/tests/test_schema.py +0 -0
  37. {proofbundle-0.4.0 → proofbundle-0.4.1}/tests/test_sdjwt_reference.py +0 -0
  38. {proofbundle-0.4.0 → proofbundle-0.4.1}/tests/test_signature.py +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: proofbundle
3
- Version: 0.4.0
3
+ Version: 0.4.1
4
4
  Summary: Emit and verify portable cryptographic evidence bundles, offline: Ed25519 + RFC 6962 Merkle + optional SD-JWT.
5
5
  Author: Konrad Gruszka
6
6
  License: MIT
@@ -61,7 +61,7 @@ selectively disclosable credential. Pure Python, no server, no daemon, one JSON
61
61
 
62
62
  **At a glance:** `proofbundle emit` signs and anchors a payload; `proofbundle
63
63
  verify` checks one self-contained `bundle.json` with three offline cryptographic
64
- checks → `OK` or `FAILED`. No network, no daemon, no own crypto. 25 tests.
64
+ checks → `OK` or `FAILED`. No network, no daemon, no own crypto. 50 tests.
65
65
 
66
66
  ## Contents
67
67
 
@@ -241,12 +241,12 @@ string uses base64url as per the spec.
241
241
 
242
242
  ## Security notes and scope, stated honestly
243
243
 
244
- This is v0.1. It does exactly what it says and no more:
244
+ The scope is deliberately narrow. It does exactly what it says and no more:
245
245
 
246
246
  - Ed25519 signatures only, for both the payload and the optional SD-JWT issuer
247
247
  signature.
248
248
  - SD-JWT: the SD-JWT core is now [RFC 9901](https://datatracker.ietf.org/doc/rfc9901/)
249
- (Dec 2025); this verifies that every presented disclosure is committed in the
249
+ (November 2025); this verifies that every presented disclosure is committed in the
250
250
  issuer-signed payload, and the issuer signature (EdDSA) if a key is supplied. It
251
251
  does **not** verify a Key Binding JWT, an X.509 or trust-list chain, status
252
252
  lists, or `vct` type metadata. **SD-JWT VC** (the credential-type profile) is
@@ -22,7 +22,7 @@ selectively disclosable credential. Pure Python, no server, no daemon, one JSON
22
22
 
23
23
  **At a glance:** `proofbundle emit` signs and anchors a payload; `proofbundle
24
24
  verify` checks one self-contained `bundle.json` with three offline cryptographic
25
- checks → `OK` or `FAILED`. No network, no daemon, no own crypto. 25 tests.
25
+ checks → `OK` or `FAILED`. No network, no daemon, no own crypto. 50 tests.
26
26
 
27
27
  ## Contents
28
28
 
@@ -202,12 +202,12 @@ string uses base64url as per the spec.
202
202
 
203
203
  ## Security notes and scope, stated honestly
204
204
 
205
- This is v0.1. It does exactly what it says and no more:
205
+ The scope is deliberately narrow. It does exactly what it says and no more:
206
206
 
207
207
  - Ed25519 signatures only, for both the payload and the optional SD-JWT issuer
208
208
  signature.
209
209
  - SD-JWT: the SD-JWT core is now [RFC 9901](https://datatracker.ietf.org/doc/rfc9901/)
210
- (Dec 2025); this verifies that every presented disclosure is committed in the
210
+ (November 2025); this verifies that every presented disclosure is committed in the
211
211
  issuer-signed payload, and the issuer signature (EdDSA) if a key is supplied. It
212
212
  does **not** verify a Key Binding JWT, an X.509 or trust-list chain, status
213
213
  lists, or `vct` type metadata. **SD-JWT VC** (the credential-type profile) is
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
4
4
 
5
5
  [project]
6
6
  name = "proofbundle"
7
- version = "0.4.0"
7
+ version = "0.4.1"
8
8
  description = "Emit and verify portable cryptographic evidence bundles, offline: Ed25519 + RFC 6962 Merkle + optional SD-JWT."
9
9
  readme = "README.md"
10
10
  requires-python = ">=3.9"
@@ -13,7 +13,7 @@ from .emit import emit_bundle, generate_signer
13
13
  from .errors import Check, ProofBundleError, VerificationResult
14
14
  from .merkle import verify_consistency, verify_inclusion
15
15
 
16
- __version__ = "0.4.0"
16
+ __version__ = "0.4.1"
17
17
 
18
18
  __all__ = [
19
19
  "__version__",
@@ -5,9 +5,8 @@ Merkle tree, producing a bundle that ``verify_bundle`` accepts. This is the
5
5
  counterpart to the verifier: create the evidence here, check it anywhere with
6
6
  ``proofbundle verify``, fully offline.
7
7
 
8
- The v0.3 eval-receipt emitter (wrap one evaluation run into a signed,
9
- selectively disclosable receipt) is still a roadmap stub at the bottom of this
10
- module.
8
+ The eval-receipt emitter that builds on this (``emit_eval_receipt``) lives in
9
+ :mod:`proofbundle.evalclaim` since v0.4.
11
10
  """
12
11
 
13
12
  from __future__ import annotations
@@ -110,29 +109,3 @@ def emit_bundle(
110
109
  if sd_jwt_vc is not None:
111
110
  bundle["sd_jwt_vc"] = sd_jwt_vc
112
111
  return bundle
113
-
114
-
115
- # --------------------------------------------------------------------------
116
- # Roadmap stub, v0.3
117
- # --------------------------------------------------------------------------
118
-
119
-
120
- class NotYetImplemented(NotImplementedError):
121
- """Raised by roadmap functions that are planned but not implemented yet."""
122
-
123
-
124
- def emit_eval_receipt(*args, **kwargs): # pragma: no cover - roadmap stub
125
- """v0.3, the core differentiator.
126
-
127
- Wrap one evaluation framework run (Inspect AI, lm-evaluation-harness) into a
128
- signed receipt whose payload is a minimal, RFC 8785 canonicalized claim such
129
- as ``{"suite": "...", "threshold": 0.8, "passed": true}``, optionally wrapped
130
- as an SD-JWT VC so a holder can disclose "passed above threshold" without
131
- revealing the model, weights or dataset, carrying a cluster-bootstrap
132
- confidence interval, a multiple-testing correction and a preregistration
133
- hash. Built on top of :func:`emit_bundle`.
134
- """
135
- raise NotYetImplemented(
136
- "emit_eval_receipt lands in v0.3. Use emit_bundle for a generic signed, "
137
- "anchored bundle today."
138
- )
@@ -1,6 +1,6 @@
1
1
  """Minimal SD-JWT selective disclosure verification.
2
2
 
3
- The SD-JWT *core* is now a published standard, RFC 9901 (December 2025). This
3
+ The SD-JWT *core* is now a published standard, RFC 9901 (November 2025). This
4
4
  module verifies the heart of it: that every presented Disclosure hashes to a
5
5
  digest that is actually committed in the issuer-signed JWT payload, and, if an
6
6
  issuer public key is supplied and the algorithm is EdDSA, that the issuer
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: proofbundle
3
- Version: 0.4.0
3
+ Version: 0.4.1
4
4
  Summary: Emit and verify portable cryptographic evidence bundles, offline: Ed25519 + RFC 6962 Merkle + optional SD-JWT.
5
5
  Author: Konrad Gruszka
6
6
  License: MIT
@@ -61,7 +61,7 @@ selectively disclosable credential. Pure Python, no server, no daemon, one JSON
61
61
 
62
62
  **At a glance:** `proofbundle emit` signs and anchors a payload; `proofbundle
63
63
  verify` checks one self-contained `bundle.json` with three offline cryptographic
64
- checks → `OK` or `FAILED`. No network, no daemon, no own crypto. 25 tests.
64
+ checks → `OK` or `FAILED`. No network, no daemon, no own crypto. 50 tests.
65
65
 
66
66
  ## Contents
67
67
 
@@ -241,12 +241,12 @@ string uses base64url as per the spec.
241
241
 
242
242
  ## Security notes and scope, stated honestly
243
243
 
244
- This is v0.1. It does exactly what it says and no more:
244
+ The scope is deliberately narrow. It does exactly what it says and no more:
245
245
 
246
246
  - Ed25519 signatures only, for both the payload and the optional SD-JWT issuer
247
247
  signature.
248
248
  - SD-JWT: the SD-JWT core is now [RFC 9901](https://datatracker.ietf.org/doc/rfc9901/)
249
- (Dec 2025); this verifies that every presented disclosure is committed in the
249
+ (November 2025); this verifies that every presented disclosure is committed in the
250
250
  issuer-signed payload, and the issuer signature (EdDSA) if a key is supplied. It
251
251
  does **not** verify a Key Binding JWT, an X.509 or trust-list chain, status
252
252
  lists, or `vct` type metadata. **SD-JWT VC** (the credential-type profile) is
File without changes
File without changes