ratify-protocol 1.0.0a5__tar.gz

ratify_protocol-1.0.0a5/PKG-INFO

@@ -0,0 +1,228 @@
+Metadata-Version: 2.4
+Name: ratify-protocol
+Version: 1.0.0a5
+Summary: Cryptographic trust protocol for human-agent and agent-agent interactions — Python reference SDK.
+Author: Identities AI
+License: Apache-2.0
+Project-URL: Homepage, https://github.com/identities-ai/ratify-protocol
+Project-URL: Repository, https://github.com/identities-ai/ratify-protocol
+Project-URL: Issues, https://github.com/identities-ai/ratify-protocol/issues
+Keywords: ratify,delegation,agent,ed25519,ml-dsa,post-quantum,identity,ai-agents
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security :: Cryptography
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Requires-Dist: cryptography>=44.0
+Requires-Dist: pqcrypto>=0.3.4
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0; extra == "dev"
+Requires-Dist: pytest-cov>=5.0; extra == "dev"
+
+# ratify-protocol
+
+**Python reference SDK for the Ratify Protocol v1 — a cryptographic trust protocol for human-agent and agent-agent interactions as agents start to transact.**
+
+Quantum-safe by design: every signature is hybrid Ed25519 + ML-DSA-65 (NIST FIPS 204). Both must verify.
+
+Byte-identical interoperability with the Go, TypeScript, and Rust reference implementations. Validated against the **59 canonical test vectors** on every CI run.
+
+## Install
+
+```bash
+pip install ratify-protocol
+```
+
+This pulls in two binary dependencies: `cryptography` (Ed25519 via OpenSSL) and `pqcrypto>=0.3.4` (ML-DSA-65). Both ship wheels for Linux / macOS / Windows on CPython 3.10+.
+
+### Running the conformance suite from a clean checkout
+
+If you cloned the repo and want to run `python -m pytest` against the committed fixtures, the package is not on your path until you install it. Do this:
+
+```bash
+cd sdks/python
+python -m venv .venv && source .venv/bin/activate
+pip install -e '.[dev]'              # installs ratify-protocol + cryptography + pqcrypto + pytest
+python -m pytest tests/              # runs 59/59 conformance fixtures
+```
+
+If `pqcrypto` fails to install (typical on older pip), upgrade pip first:
+
+```bash
+pip install --upgrade pip
+pip install -e '.[dev]'
+```
+
+`pqcrypto` requires a C compiler toolchain for source builds; prebuilt wheels exist for most platform / Python combinations.
+
+## Quickstart
+
+```python
+from ratify_protocol import (
+    generate_human_root, generate_agent,
+    DelegationCert, ProofBundle, VerifyOptions,
+    PROTOCOL_VERSION, SCOPE_MEETING_ATTEND,
+    issue_delegation, sign_challenge, generate_challenge,
+    derive_id, verify_bundle, HybridSignature,
+)
+import time
+
+# 1. DELEGATE — Alice creates her root and authorizes an agent.
+root, root_priv = generate_human_root()
+agent, agent_priv = generate_agent("Alice's Assistant", "voice_agent")
+
+now = int(time.time())
+cert = DelegationCert(
+    cert_id="cert-1", version=PROTOCOL_VERSION,
+    issuer_id=root.id, issuer_pub_key=root.public_key,
+    subject_id=agent.id, subject_pub_key=agent.public_key,
+    scope=[SCOPE_MEETING_ATTEND],
+    issued_at=now, expires_at=now + 7 * 24 * 3600,
+    signature=HybridSignature(ed25519=b"", ml_dsa_65=b""),  # filled by issue_delegation
+)
+issue_delegation(cert, root_priv)
+
+# 2. PRESENT — agent builds a proof bundle on demand.
+challenge = generate_challenge()
+challenge_at = int(time.time())
+bundle = ProofBundle(
+    agent_id=agent.id,
+    agent_pub_key=agent.public_key,
+    delegations=[cert],
+    challenge=challenge,
+    challenge_at=challenge_at,
+    challenge_sig=sign_challenge(challenge, challenge_at, agent_priv),
+)
+
+# 3. VERIFY — any third party checks the bundle.
+result = verify_bundle(bundle, VerifyOptions(required_scope=SCOPE_MEETING_ATTEND))
+if result.valid:
+    print(f"✅ Authorized agent {result.agent_id} for {result.human_id}, scope={result.granted_scope}")
+else:
+    print(f"❌ {result.identity_status}: {result.error_reason}")
+```
+
+## Key custody
+
+The protocol supports three key-custody modes with different trust tradeoffs. See `SPEC.md` §15.2 for the full model.
+
+### Self-custody (strongest)
+
+The user generates and holds their own keypair. No third party can sign on their behalf.
+
+```python
+from ratify_protocol import generate_human_root, issue_delegation
+
+# User generates keypair on their own device — private key never leaves
+root, private_key = generate_human_root()
+
+# User signs delegations locally
+issue_delegation(cert, private_key)
+
+# Only root.id and root.public_key are shared with registries
+```
+
+### Custodial
+
+A registry operator generates and stores the keypair server-side (envelope-encrypted with KMS). The user never touches keys directly. The operator calls the same SDK functions on the user's behalf.
+
+### Self-custody upgrade
+
+A user who started in custodial mode can migrate to self-custody at any time using `KeyRotationStatement`:
+
+```python
+from ratify_protocol import (
+    generate_human_root,
+    issue_key_rotation_statement,
+    KeyRotationStatement,
+)
+
+# User generates a NEW keypair on their device
+new_root, new_private_key = generate_human_root()
+
+# Rotation statement signed by BOTH old (custodial) and new (device) keys
+stmt = KeyRotationStatement(
+    version=1,
+    old_id=old_root.id,
+    old_pub_key=old_root.public_key,
+    new_id=new_root.id,
+    new_pub_key=new_root.public_key,
+    rotated_at=int(time.time()),
+    reason="routine",
+)
+issue_key_rotation_statement(stmt, old_custodial_private_key, new_private_key)
+
+# From now on, only the user's device key can sign delegations.
+# Auditors verify continuity via the rotation statement.
+```
+
+## Canonical serialization
+
+```python
+from ratify_protocol import canonical_json, delegation_sign_bytes, challenge_sign_bytes
+```
+
+These produce byte-identical output to the Go / TS / Rust references. If your application needs to sign Ratify artifacts with custom code, always pass through `canonical_json` for the JSON pieces.
+
+## Scope vocabulary
+
+```python
+from ratify_protocol import (
+    SCOPE_MEETING_ATTEND,     # "meeting:attend"
+    SCOPE_FILES_WRITE,         # sensitive — never rides a wildcard
+    expand_scopes,
+    intersect_scopes,
+    is_sensitive,
+    validate_scopes,
+)
+
+expand_scopes(["meeting:*"])
+# ['meeting:attend', 'meeting:chat', 'meeting:share_screen', 'meeting:speak', 'meeting:video']
+
+intersect_scopes(["meeting:*"], ["meeting:attend", "meeting:speak"])
+# ['meeting:attend', 'meeting:speak']
+```
+
+### Full scope vocabulary at a glance
+
+Ratify v1 ships 52 canonical scopes across fourteen domains, plus a `custom:` extension pattern for application-specific scopes. See [`SPEC.md`](../../SPEC.md) §9 for the full table including sensitivity flags and wildcard expansions.
+
+For app-specific needs not covered by the canonical vocabulary, use the `custom:` prefix:
+
+```python
+from ratify_protocol import CUSTOM_SCOPE_PREFIX, validate_scopes
+
+validate_scopes(["custom:acme:inventory:read"])  # → None (valid)
+```
+
+Custom scopes pass through `expand_scopes` unchanged and are non-sensitive by default.
+
+## Running the conformance tests
+
+From this SDK directory:
+
+```bash
+python -m venv .venv && source .venv/bin/activate
+pip install -e .
+pip install pytest
+pytest -v
+```
+
+The suite loads every fixture at `../../testvectors/v1/*.json` and runs it through the Python implementation. All 59 must pass; any failure means this SDK has drifted from the Go reference.
+
+## Notes on the ML-DSA-65 library
+
+This SDK uses `pqcrypto` which wraps PQClean's ML-DSA-65 implementation. Two things to be aware of:
+
+**Randomized signing.** `pqcrypto`'s default signing mode is randomized (two signings of the same message produce different bytes). This does NOT affect interop: signatures produced here verify correctly in Go, TS, and Rust implementations, and vice versa. The canonical signable bytes (what gets fed into the signature function) are what must match across languages — those do match byte-for-byte.
+
+**Non-deterministic keygen from seeds.** `pqcrypto` does not expose seed-based ML-DSA-65 key generation through its public API — `crypto_sign_keypair` reads from the OS RNG internally. This means `hybrid_keypair_from_seeds()` is NOT truly deterministic on the ML-DSA side in Python. The practical consequence: **Python cannot regenerate the canonical test fixtures** (the Go reference does that). Python's conformance contract is verification-only — it verifies Go-generated fixtures byte-for-byte but does not regenerate them. This is a known limitation of the `pqcrypto` library, not a protocol limitation.
+
+## License
+
+Apache-2.0. See the project-level LICENSE.

ratify_protocol-1.0.0a5/README.md

@@ -0,0 +1,202 @@
+# ratify-protocol
+
+**Python reference SDK for the Ratify Protocol v1 — a cryptographic trust protocol for human-agent and agent-agent interactions as agents start to transact.**
+
+Quantum-safe by design: every signature is hybrid Ed25519 + ML-DSA-65 (NIST FIPS 204). Both must verify.
+
+Byte-identical interoperability with the Go, TypeScript, and Rust reference implementations. Validated against the **59 canonical test vectors** on every CI run.
+
+## Install
+
+```bash
+pip install ratify-protocol
+```
+
+This pulls in two binary dependencies: `cryptography` (Ed25519 via OpenSSL) and `pqcrypto>=0.3.4` (ML-DSA-65). Both ship wheels for Linux / macOS / Windows on CPython 3.10+.
+
+### Running the conformance suite from a clean checkout
+
+If you cloned the repo and want to run `python -m pytest` against the committed fixtures, the package is not on your path until you install it. Do this:
+
+```bash
+cd sdks/python
+python -m venv .venv && source .venv/bin/activate
+pip install -e '.[dev]'              # installs ratify-protocol + cryptography + pqcrypto + pytest
+python -m pytest tests/              # runs 59/59 conformance fixtures
+```
+
+If `pqcrypto` fails to install (typical on older pip), upgrade pip first:
+
+```bash
+pip install --upgrade pip
+pip install -e '.[dev]'
+```
+
+`pqcrypto` requires a C compiler toolchain for source builds; prebuilt wheels exist for most platform / Python combinations.
+
+## Quickstart
+
+```python
+from ratify_protocol import (
+    generate_human_root, generate_agent,
+    DelegationCert, ProofBundle, VerifyOptions,
+    PROTOCOL_VERSION, SCOPE_MEETING_ATTEND,
+    issue_delegation, sign_challenge, generate_challenge,
+    derive_id, verify_bundle, HybridSignature,
+)
+import time
+
+# 1. DELEGATE — Alice creates her root and authorizes an agent.
+root, root_priv = generate_human_root()
+agent, agent_priv = generate_agent("Alice's Assistant", "voice_agent")
+
+now = int(time.time())
+cert = DelegationCert(
+    cert_id="cert-1", version=PROTOCOL_VERSION,
+    issuer_id=root.id, issuer_pub_key=root.public_key,
+    subject_id=agent.id, subject_pub_key=agent.public_key,
+    scope=[SCOPE_MEETING_ATTEND],
+    issued_at=now, expires_at=now + 7 * 24 * 3600,
+    signature=HybridSignature(ed25519=b"", ml_dsa_65=b""),  # filled by issue_delegation
+)
+issue_delegation(cert, root_priv)
+
+# 2. PRESENT — agent builds a proof bundle on demand.
+challenge = generate_challenge()
+challenge_at = int(time.time())
+bundle = ProofBundle(
+    agent_id=agent.id,
+    agent_pub_key=agent.public_key,
+    delegations=[cert],
+    challenge=challenge,
+    challenge_at=challenge_at,
+    challenge_sig=sign_challenge(challenge, challenge_at, agent_priv),
+)
+
+# 3. VERIFY — any third party checks the bundle.
+result = verify_bundle(bundle, VerifyOptions(required_scope=SCOPE_MEETING_ATTEND))
+if result.valid:
+    print(f"✅ Authorized agent {result.agent_id} for {result.human_id}, scope={result.granted_scope}")
+else:
+    print(f"❌ {result.identity_status}: {result.error_reason}")
+```
+
+## Key custody
+
+The protocol supports three key-custody modes with different trust tradeoffs. See `SPEC.md` §15.2 for the full model.
+
+### Self-custody (strongest)
+
+The user generates and holds their own keypair. No third party can sign on their behalf.
+
+```python
+from ratify_protocol import generate_human_root, issue_delegation
+
+# User generates keypair on their own device — private key never leaves
+root, private_key = generate_human_root()
+
+# User signs delegations locally
+issue_delegation(cert, private_key)
+
+# Only root.id and root.public_key are shared with registries
+```
+
+### Custodial
+
+A registry operator generates and stores the keypair server-side (envelope-encrypted with KMS). The user never touches keys directly. The operator calls the same SDK functions on the user's behalf.
+
+### Self-custody upgrade
+
+A user who started in custodial mode can migrate to self-custody at any time using `KeyRotationStatement`:
+
+```python
+from ratify_protocol import (
+    generate_human_root,
+    issue_key_rotation_statement,
+    KeyRotationStatement,
+)
+
+# User generates a NEW keypair on their device
+new_root, new_private_key = generate_human_root()
+
+# Rotation statement signed by BOTH old (custodial) and new (device) keys
+stmt = KeyRotationStatement(
+    version=1,
+    old_id=old_root.id,
+    old_pub_key=old_root.public_key,
+    new_id=new_root.id,
+    new_pub_key=new_root.public_key,
+    rotated_at=int(time.time()),
+    reason="routine",
+)
+issue_key_rotation_statement(stmt, old_custodial_private_key, new_private_key)
+
+# From now on, only the user's device key can sign delegations.
+# Auditors verify continuity via the rotation statement.
+```
+
+## Canonical serialization
+
+```python
+from ratify_protocol import canonical_json, delegation_sign_bytes, challenge_sign_bytes
+```
+
+These produce byte-identical output to the Go / TS / Rust references. If your application needs to sign Ratify artifacts with custom code, always pass through `canonical_json` for the JSON pieces.
+
+## Scope vocabulary
+
+```python
+from ratify_protocol import (
+    SCOPE_MEETING_ATTEND,     # "meeting:attend"
+    SCOPE_FILES_WRITE,         # sensitive — never rides a wildcard
+    expand_scopes,
+    intersect_scopes,
+    is_sensitive,
+    validate_scopes,
+)
+
+expand_scopes(["meeting:*"])
+# ['meeting:attend', 'meeting:chat', 'meeting:share_screen', 'meeting:speak', 'meeting:video']
+
+intersect_scopes(["meeting:*"], ["meeting:attend", "meeting:speak"])
+# ['meeting:attend', 'meeting:speak']
+```
+
+### Full scope vocabulary at a glance
+
+Ratify v1 ships 52 canonical scopes across fourteen domains, plus a `custom:` extension pattern for application-specific scopes. See [`SPEC.md`](../../SPEC.md) §9 for the full table including sensitivity flags and wildcard expansions.
+
+For app-specific needs not covered by the canonical vocabulary, use the `custom:` prefix:
+
+```python
+from ratify_protocol import CUSTOM_SCOPE_PREFIX, validate_scopes
+
+validate_scopes(["custom:acme:inventory:read"])  # → None (valid)
+```
+
+Custom scopes pass through `expand_scopes` unchanged and are non-sensitive by default.
+
+## Running the conformance tests
+
+From this SDK directory:
+
+```bash
+python -m venv .venv && source .venv/bin/activate
+pip install -e .
+pip install pytest
+pytest -v
+```
+
+The suite loads every fixture at `../../testvectors/v1/*.json` and runs it through the Python implementation. All 59 must pass; any failure means this SDK has drifted from the Go reference.
+
+## Notes on the ML-DSA-65 library
+
+This SDK uses `pqcrypto` which wraps PQClean's ML-DSA-65 implementation. Two things to be aware of:
+
+**Randomized signing.** `pqcrypto`'s default signing mode is randomized (two signings of the same message produce different bytes). This does NOT affect interop: signatures produced here verify correctly in Go, TS, and Rust implementations, and vice versa. The canonical signable bytes (what gets fed into the signature function) are what must match across languages — those do match byte-for-byte.
+
+**Non-deterministic keygen from seeds.** `pqcrypto` does not expose seed-based ML-DSA-65 key generation through its public API — `crypto_sign_keypair` reads from the OS RNG internally. This means `hybrid_keypair_from_seeds()` is NOT truly deterministic on the ML-DSA side in Python. The practical consequence: **Python cannot regenerate the canonical test fixtures** (the Go reference does that). Python's conformance contract is verification-only — it verifies Go-generated fixtures byte-for-byte but does not regenerate them. This is a known limitation of the `pqcrypto` library, not a protocol limitation.
+
+## License
+
+Apache-2.0. See the project-level LICENSE.

ratify_protocol-1.0.0a5/pyproject.toml

@@ -0,0 +1,45 @@
+[build-system]
+requires = ["setuptools>=68.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "ratify-protocol"
+version = "1.0.0a5"
+description = "Cryptographic trust protocol for human-agent and agent-agent interactions — Python reference SDK."
+readme = "README.md"
+authors = [{name = "Identities AI"}]
+license = {text = "Apache-2.0"}
+requires-python = ">=3.10"
+keywords = ["ratify", "delegation", "agent", "ed25519", "ml-dsa", "post-quantum", "identity", "ai-agents"]
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: Apache Software License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Security :: Cryptography",
+]
+dependencies = [
+    "cryptography>=44.0",
+    "pqcrypto>=0.3.4",
+]
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=8.0",
+    "pytest-cov>=5.0",
+]
+
+[project.urls]
+Homepage = "https://github.com/identities-ai/ratify-protocol"
+Repository = "https://github.com/identities-ai/ratify-protocol"
+Issues = "https://github.com/identities-ai/ratify-protocol/issues"
+
+[tool.setuptools.packages.find]
+where = ["src"]
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+pythonpath = ["src"]

ratify_protocol-1.0.0a5/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

ratify_protocol-1.0.0a5/src/ratify_protocol/__init__.py

@@ -0,0 +1,209 @@
+"""Ratify Protocol v1 — Python reference SDK.
+
+A cryptographic trust protocol for human-agent and agent-agent interactions
+as agents start to transact. Every signature is hybrid Ed25519 + ML-DSA-65
+(FIPS 204): quantum-safe by design.
+
+Quickstart:
+
+    import asyncio
+    from ratify_protocol import (
+        generate_human_root, generate_agent,
+        DelegationCert, ProofBundle, VerifyOptions,
+        PROTOCOL_VERSION, SCOPE_MEETING_ATTEND,
+        issue_delegation, sign_challenge, generate_challenge,
+        derive_id, verify_bundle,
+    )
+
+    root, root_priv = generate_human_root()
+    agent, agent_priv = generate_agent("Alice's Assistant", "voice_agent")
+
+    cert = DelegationCert(
+        cert_id="cert-1", version=PROTOCOL_VERSION,
+        issuer_id=root.id, issuer_pub_key=root.public_key,
+        subject_id=agent.id, subject_pub_key=agent.public_key,
+        scope=[SCOPE_MEETING_ATTEND],
+        issued_at=0, expires_at=2000000000,
+        signature=None,  # filled by issue_delegation
+    )
+    issue_delegation(cert, root_priv)
+    # ... then agent builds a ProofBundle, verifier runs verify_bundle(bundle)
+
+See docs/EXPLAINED.md and docs/AGENT_TO_AGENT.md for full semantics.
+"""
+from .canonical import (
+    base64_standard_decode,
+    base64_standard_encode,
+    canonical_json,
+    hex_decode,
+    hex_encode,
+)
+from .crypto import (
+    chain_hash,
+    challenge_sign_bytes,
+    delegation_sign_bytes,
+    derive_id,
+    generate_agent,
+    generate_challenge,
+    generate_human_root,
+    generate_hybrid_keypair,
+    hybrid_keypair_from_seeds,
+    issue_delegation,
+    issue_key_rotation_statement,
+    issue_revocation_list,
+    issue_revocation_push,
+    issue_session_token,
+    issue_witness_entry,
+    key_rotation_sign_bytes,
+    revocation_push_sign_bytes,
+    revocation_sign_bytes,
+    session_token_sign_bytes,
+    sign_both,
+    sign_challenge,
+    sign_transaction_receipt_party,
+    transaction_receipt_sign_bytes,
+    verify_both,
+    verify_challenge_signature,
+    verify_delegation_signature,
+    verify_delegation_signature_e,
+    verify_key_rotation_statement,
+    verify_key_rotation_statement_e,
+    verify_revocation_list,
+    verify_revocation_push,
+    verify_session_token,
+    verify_session_token_e,
+    verify_witness_entry,
+    witness_entry_sign_bytes,
+)
+from .scope import (
+    CUSTOM_SCOPE_PREFIX,
+    SCOPE_COMMS_CALENDAR_READ,
+    SCOPE_COMMS_CALENDAR_WRITE,
+    SCOPE_COMMS_EMAIL_DELETE,
+    SCOPE_COMMS_EMAIL_READ,
+    SCOPE_COMMS_EMAIL_SEND,
+    SCOPE_COMMS_MESSAGE_DELETE,
+    SCOPE_COMMS_MESSAGE_READ,
+    SCOPE_COMMS_MESSAGE_SEND,
+    SCOPE_CONTRACT_READ,
+    SCOPE_CONTRACT_SIGN,
+    SCOPE_DATA_DELETE,
+    SCOPE_DATA_EXPORT,
+    SCOPE_DATA_READ,
+    SCOPE_DATA_SHARE,
+    SCOPE_DATA_WRITE,
+    SCOPE_EXECUTE_CODE,
+    SCOPE_EXECUTE_TOOL,
+    SCOPE_FILES_READ,
+    SCOPE_FILES_WRITE,
+    SCOPE_GENERATE_CONTENT,
+    SCOPE_GENERATE_DEEPFAKE,
+    SCOPE_IDENTITY_DELEGATE,
+    SCOPE_IDENTITY_PROVE,
+    SCOPE_MEETING_ATTEND,
+    SCOPE_MEETING_CHAT,
+    SCOPE_MEETING_RECORD,
+    SCOPE_MEETING_SHARE_SCREEN,
+    SCOPE_MEETING_SPEAK,
+    SCOPE_MEETING_VIDEO,
+    SCOPE_PAYMENTS_AUTHORIZE,
+    SCOPE_PAYMENTS_RECEIVE,
+    SCOPE_PAYMENTS_SEND,
+    SCOPE_TRANSACT_PURCHASE,
+    SCOPE_TRANSACT_SELL,
+    expand_scopes,
+    has_scope,
+    intersect_scopes,
+    is_sensitive,
+    validate_scopes,
+)
+from .types import (
+    CHALLENGE_WINDOW_SECONDS,
+    ED25519_PUBLIC_KEY_SIZE,
+    ED25519_SIGNATURE_SIZE,
+    MAX_DELEGATION_CHAIN_DEPTH,
+    MLDSA65_PUBLIC_KEY_SIZE,
+    MLDSA65_SIGNATURE_SIZE,
+    PROTOCOL_VERSION,
+    AgentIdentity,
+    Anchor,
+    Constraint,
+    DelegationCert,
+    HumanRoot,
+    HybridPrivateKey,
+    HybridPublicKey,
+    HybridSignature,
+    IdentityStatus,
+    KeyRotationReason,
+    KeyRotationStatement,
+    ProofBundle,
+    ReceiptParty,
+    ReceiptPartySignature,
+    RevocationList,
+    RevocationPush,
+    SessionToken,
+    StreamContext,
+    TransactionReceipt,
+    TransactionReceiptResult,
+    VerifierContext,
+    VerifyOptions,
+    VerifyResult,
+    WitnessEntry,
+)
+from .verify import verify_bundle, verify_streamed_turn, verify_transaction_receipt
+
+__version__ = "1.0.0a5"
+
+__all__ = [
+    # types
+    "PROTOCOL_VERSION", "MAX_DELEGATION_CHAIN_DEPTH", "CHALLENGE_WINDOW_SECONDS",
+    "ED25519_PUBLIC_KEY_SIZE", "ED25519_SIGNATURE_SIZE",
+    "MLDSA65_PUBLIC_KEY_SIZE", "MLDSA65_SIGNATURE_SIZE",
+    "HybridPublicKey", "HybridSignature", "HybridPrivateKey",
+    "Anchor", "HumanRoot", "AgentIdentity",
+    "DelegationCert", "ProofBundle", "KeyRotationStatement", "KeyRotationReason",
+    "VerifyResult", "VerifyOptions", "StreamContext", "SessionToken",
+    "RevocationList", "RevocationPush", "WitnessEntry", "IdentityStatus",
+    "TransactionReceipt", "ReceiptParty", "ReceiptPartySignature",
+    "TransactionReceiptResult",
+    # crypto
+    "derive_id", "generate_hybrid_keypair", "hybrid_keypair_from_seeds",
+    "generate_human_root", "generate_agent",
+    "delegation_sign_bytes", "challenge_sign_bytes", "revocation_sign_bytes",
+    "key_rotation_sign_bytes", "revocation_push_sign_bytes", "witness_entry_sign_bytes",
+    "session_token_sign_bytes", "chain_hash",
+    "transaction_receipt_sign_bytes", "sign_transaction_receipt_party",
+    "sign_both", "verify_both",
+    "issue_delegation", "verify_delegation_signature", "verify_delegation_signature_e",
+    "issue_key_rotation_statement", "verify_key_rotation_statement",
+    "verify_key_rotation_statement_e",
+    "issue_session_token", "verify_session_token", "verify_session_token_e",
+    "sign_challenge", "verify_challenge_signature",
+    "issue_revocation_list", "verify_revocation_list",
+    "issue_revocation_push", "verify_revocation_push",
+    "issue_witness_entry", "verify_witness_entry",
+    "generate_challenge",
+    # scope
+    "expand_scopes", "intersect_scopes", "has_scope", "is_sensitive", "validate_scopes",
+    # verify
+    "verify_bundle", "verify_streamed_turn", "verify_transaction_receipt",
+    # canonical / utils
+    "canonical_json", "base64_standard_encode", "base64_standard_decode",
+    "hex_encode", "hex_decode",
+    # all scope constants
+    "SCOPE_MEETING_ATTEND", "SCOPE_MEETING_SPEAK", "SCOPE_MEETING_VIDEO",
+    "SCOPE_MEETING_CHAT", "SCOPE_MEETING_SHARE_SCREEN", "SCOPE_MEETING_RECORD",
+    "SCOPE_COMMS_MESSAGE_READ", "SCOPE_COMMS_MESSAGE_SEND", "SCOPE_COMMS_MESSAGE_DELETE",
+    "SCOPE_COMMS_EMAIL_READ", "SCOPE_COMMS_EMAIL_SEND", "SCOPE_COMMS_EMAIL_DELETE",
+    "SCOPE_COMMS_CALENDAR_READ", "SCOPE_COMMS_CALENDAR_WRITE",
+    "SCOPE_FILES_READ", "SCOPE_FILES_WRITE",
+    "SCOPE_IDENTITY_PROVE", "SCOPE_IDENTITY_DELEGATE",
+    "SCOPE_TRANSACT_PURCHASE", "SCOPE_TRANSACT_SELL",
+    "SCOPE_PAYMENTS_SEND", "SCOPE_PAYMENTS_RECEIVE", "SCOPE_PAYMENTS_AUTHORIZE",
+    "SCOPE_CONTRACT_READ", "SCOPE_CONTRACT_SIGN",
+    "SCOPE_DATA_READ", "SCOPE_DATA_WRITE", "SCOPE_DATA_DELETE",
+    "SCOPE_DATA_EXPORT", "SCOPE_DATA_SHARE",
+    "SCOPE_EXECUTE_TOOL", "SCOPE_EXECUTE_CODE",
+    "SCOPE_GENERATE_CONTENT", "SCOPE_GENERATE_DEEPFAKE",
+    "CUSTOM_SCOPE_PREFIX",
+]