ranbval-sdk 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. ranbval_sdk-0.1.0/PKG-INFO +34 -0
  2. ranbval_sdk-0.1.0/README.md +17 -0
  3. ranbval_sdk-0.1.0/build.py +19 -0
  4. ranbval_sdk-0.1.0/pyproject.toml +16 -0
  5. ranbval_sdk-0.1.0/src/ranbval_sdk/__init__.py +3 -0
  6. ranbval_sdk-0.1.0/src/ranbval_sdk/crypto.py +53 -0
  7. ranbval_sdk-0.1.0/src/ranbval_sdk/integrations/__init__.py +1 -0
  8. ranbval_sdk-0.1.0/src/ranbval_sdk/integrations/openai_client.py +33 -0
ranbval_sdk-0.1.0/PKG-INFO ADDED
@@ -0,0 +1,34 @@
1
+ Metadata-Version: 2.4
2
+ Name: ranbval-sdk
3
+ Version: 0.1.0
4
+ Summary: Ranbval Runtime Blind Decryption Python SDK
5
+ Author: Ahsan Tariq
6
+ Requires-Python: >=3.10,<4.0
7
+ Classifier: Programming Language :: Python :: 3
8
+ Classifier: Programming Language :: Python :: 3.10
9
+ Classifier: Programming Language :: Python :: 3.11
10
+ Classifier: Programming Language :: Python :: 3.12
11
+ Classifier: Programming Language :: Python :: 3.13
12
+ Classifier: Programming Language :: Python :: 3.14
13
+ Requires-Dist: cryptography (>=42.0.0,<43.0.0)
14
+ Requires-Dist: openai (>=1.12.0,<2.0.0)
15
+ Description-Content-Type: text/markdown
16
+
17
+ # Ranbval Python SDK
18
+
19
+ A secure, E2E zero-knowledge wrapper for official OpenAI clients.
20
+ This SDK is designed to keep raw developer API keys completely invisible via runtime blind decryption and advanced Cython compilation logic.
21
+
22
+ ## Usage
23
+ Simply drop this package into your existing OpenAI projects without changing your code structure:
24
+
25
+ ```python
26
+ from ranbval_sdk import SecureOpenAI
27
+
28
+ # Automatically decrypts the custom JWT-like ranbval structure
29
+ client = SecureOpenAI()
30
+ ```
31
+
32
+ ## Security Design
33
+ This package employs zero-knowledge PBKDF2 parameters synced natively to your personal vault secrets.
34
+
ranbval_sdk-0.1.0/README.md ADDED
@@ -0,0 +1,17 @@
1
+ # Ranbval Python SDK
2
+
3
+ A secure, E2E zero-knowledge wrapper for official OpenAI clients.
4
+ This SDK is designed to keep raw developer API keys completely invisible via runtime blind decryption and advanced Cython compilation logic.
5
+
6
+ ## Usage
7
+ Simply drop this package into your existing OpenAI projects without changing your code structure:
8
+
9
+ ```python
10
+ from ranbval_sdk import SecureOpenAI
11
+
12
+ # Automatically decrypts the custom JWT-like ranbval structure
13
+ client = SecureOpenAI()
14
+ ```
15
+
16
+ ## Security Design
17
+ This package employs zero-knowledge PBKDF2 parameters synced natively to your personal vault secrets.
ranbval_sdk-0.1.0/build.py ADDED
@@ -0,0 +1,19 @@
1
+ import os
2
+ from setuptools import Extension
3
+ from Cython.Build import cythonize
4
+
5
+ # Define the C-Extension compilation for our secure cryptography module
6
+ extensions = [
7
+ Extension(
8
+ "ranbval_sdk.crypto",
9
+ ["src/ranbval_sdk/crypto.py"],
10
+ )
11
+ ]
12
+
13
+ def build(setup_kwargs):
14
+ """
15
+ Hook for Poetry to compile the Python script into a raw C/C++ Shared Object (.so) Machine Code binary.
16
+ """
17
+ setup_kwargs.update({
18
+ "ext_modules": cythonize(extensions, language_level=3, compiler_directives={'linetrace': False})
19
+ })
ranbval_sdk-0.1.0/pyproject.toml ADDED
@@ -0,0 +1,16 @@
1
+ [tool.poetry]
2
+ name = "ranbval-sdk"
3
+ version = "0.1.0"
4
+ description = "Ranbval Runtime Blind Decryption Python SDK"
5
+ authors = ["Ahsan Tariq", "Hussnain Tariq", "Sundas Tariq"]
6
+ readme = "README.md"
7
+ build = "build.py"
8
+
9
+ [tool.poetry.dependencies]
10
+ python = "^3.10"
11
+ cryptography = "^42.0.0"
12
+ openai = "^1.12.0"
13
+
14
+ [build-system]
15
+ requires = ["poetry-core>=1.0.0", "Cython>=3.0.0", "setuptools"]
16
+ build-backend = "poetry.core.masonry.api"
ranbval_sdk-0.1.0/src/ranbval_sdk/__init__.py ADDED
@@ -0,0 +1,3 @@
1
+ from .integrations.openai_client import SecureOpenAI
2
+
3
+ __all__ = ["SecureOpenAI"]
ranbval_sdk-0.1.0/src/ranbval_sdk/crypto.py ADDED
@@ -0,0 +1,53 @@
1
+ import base64
2
+ import hashlib
3
+ from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
4
+ from cryptography.hazmat.primitives import hashes
5
+ from cryptography.hazmat.primitives.ciphers.aead import AESGCM
6
+
7
+ def derive_key(password: str, salt_hex: str) -> bytes:
8
+ salt = bytes.fromhex(salt_hex)
9
+ kdf = PBKDF2HMAC(
10
+ algorithm=hashes.SHA256(),
11
+ length=32,
12
+ salt=salt,
13
+ iterations=100000,
14
+ )
15
+ return kdf.derive(password.encode())
16
+
17
+ def safe_decrypt(copy_token: str, vault_secret: str) -> str:
18
+ """
19
+ Takes the encapsulated cryptographic identity token and performs zero-knowledge
20
+ in-memory envelope decryption utilizing PBKDF2 and AES-GCM.
21
+ """
22
+ packet_segments = copy_token.split(".")
23
+ if len(packet_segments) != 5:
24
+ raise ValueError("E2E packet fragmentation error")
25
+
26
+ header = packet_segments[0]
27
+ entropy_matrix = packet_segments[1]
28
+ salt_hex = packet_segments[2]
29
+ b64_payload = packet_segments[3]
30
+ tail_sig = packet_segments[4]
31
+
32
+ # Core integrity envelope verification (Irreversible computationally secure hash validation)
33
+ h_header = hashlib.sha256(header.encode()).hexdigest()
34
+ h_tail = hashlib.sha256(tail_sig.encode()).hexdigest()
35
+
36
+ if h_header != "6abbdc55e134f25eedf27cb269d26ddc4f136db89f469af4336d1caaa7d39da8" or h_tail != "3b6abd55988090c857afcd08354fcc4c86ffadb6f0c480b12a9c692637a982e4" or len(entropy_matrix) != 15:
37
+ raise ValueError("Corrupted cryptographic token identifier or signature matrix")
38
+
39
+ # 1. Derive key cryptographically tied to the project salt
40
+ key = derive_key(vault_secret, salt_hex)
41
+
42
+ # 2. Decode payload (IV + Ciphertext)
43
+ packed = base64.b64decode(b64_payload)
44
+ iv = packed[:12]
45
+ ciphertext = packed[12:]
46
+
47
+ # 3. Decrypt payload
48
+ try:
49
+ aesgcm = AESGCM(key)
50
+ decrypted = aesgcm.decrypt(iv, ciphertext, None)
51
+ return decrypted.decode("utf-8")
52
+ except Exception as e:
53
+ raise ValueError("Decryption failed! Did you provide the correct E2E vault secret?") from e
ranbval_sdk-0.1.0/src/ranbval_sdk/integrations/__init__.py ADDED
@@ -0,0 +1 @@
1
+ # Automagical wrapper imports
ranbval_sdk-0.1.0/src/ranbval_sdk/integrations/openai_client.py ADDED
@@ -0,0 +1,33 @@
1
+ import os
2
+ import openai
3
+ from ranbval_sdk.crypto import safe_decrypt
4
+
5
+ class SecureOpenAI(openai.OpenAI):
6
+ """
7
+ A drop-in replacement for `openai.OpenAI` that intercepts
8
+ Ranbval (rbv1.*) encoded API keys from .env or args, decrypts
9
+ them entirely in-memory at runtime, and seamlessly initializes
10
+ the standard OpenAI client.
11
+ """
12
+ def __init__(self, api_key=None, vault_secret=None, **kwargs):
13
+ encoded_key = api_key or os.environ.get("OPENAI_API_KEY")
14
+ secret = vault_secret or os.environ.get("RANBVAL_VAULT_SECRET")
15
+
16
+ if not encoded_key:
17
+ raise ValueError("No OPENAI_API_KEY found or provided.")
18
+
19
+ if encoded_key.startswith("ranbval."):
20
+ if not secret:
21
+ raise ValueError(
22
+ "You supplied an Encrypted Ranbval Token but no RANBVAL_VAULT_SECRET "
23
+ "was found in .env or passed as an argument."
24
+ )
25
+
26
+ # Runtime blind-decryption hook!
27
+ decrypted_key = safe_decrypt(encoded_key, secret)
28
+
29
+ # Call openai.OpenAI constructor with the real raw string entirely in-memory
30
+ super().__init__(api_key=decrypted_key, **kwargs)
31
+ else:
32
+ # Fallback if standard (sk-...) api_key is given natively.
33
+ super().__init__(api_key=encoded_key, **kwargs)