recto-core 1.0.0__tar.gz

recto_core-1.0.0/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

recto_core-1.0.0/PKG-INFO

@@ -0,0 +1,134 @@
+Metadata-Version: 2.4
+Name: recto-core
+Version: 1.0.0
+Summary: Phone-enclave-rooted capability authorization substrate for autonomous agents. Cross-platform service supervision, vault-backed secrets, capability JWS verification.
+Author: Erik Cheatham
+License-Expression: Apache-2.0
+Project-URL: Homepage, https://github.com/erikcheatham/Recto
+Project-URL: Repository, https://github.com/erikcheatham/Recto
+Project-URL: Issues, https://github.com/erikcheatham/Recto/issues
+Project-URL: Documentation, https://github.com/erikcheatham/Recto/blob/main/README.md
+Project-URL: Changelog, https://github.com/erikcheatham/Recto/blob/main/CHANGELOG.md
+Keywords: capability-authorization,service-manager,credentials,devops,ai-agents,biometric-signing
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: System Administrators
+Classifier: Intended Audience :: Developers
+Classifier: Operating System :: Microsoft :: Windows
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Operating System :: MacOS
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: System :: Systems Administration
+Classifier: Topic :: Security :: Cryptography
+Requires-Python: >=3.12
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: PyYAML>=6.0
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0; extra == "dev"
+Requires-Dist: pytest-cov>=4.1; extra == "dev"
+Requires-Dist: mypy>=1.8; extra == "dev"
+Requires-Dist: ruff>=0.3; extra == "dev"
+Requires-Dist: types-PyYAML>=6.0; extra == "dev"
+Provides-Extra: aws
+Requires-Dist: boto3>=1.34; extra == "aws"
+Provides-Extra: vault
+Requires-Dist: hvac>=2.0; extra == "vault"
+Provides-Extra: keychain
+Provides-Extra: secret-service
+Requires-Dist: secretstorage>=3.3; extra == "secret-service"
+Provides-Extra: otel
+Requires-Dist: opentelemetry-api>=1.20; extra == "otel"
+Requires-Dist: opentelemetry-sdk>=1.20; extra == "otel"
+Requires-Dist: opentelemetry-exporter-otlp-proto-http>=1.20; extra == "otel"
+Provides-Extra: v0-4
+Requires-Dist: cryptography>=42; extra == "v0-4"
+Requires-Dist: pyjwt[crypto]>=2.8; extra == "v0-4"
+Provides-Extra: ethereum
+Provides-Extra: bitcoin
+Provides-Extra: ed25519
+Provides-Extra: tron
+Dynamic: license-file
+
+# Recto
+
+Modern Windows-service wrapper. Spiritual successor to NSSM with a 2026 feature set.
+
+## Why Recto
+
+NSSM has been the canonical "wrap an executable as a Windows service" tool since 2003 and remains rock-solid at that primitive. But the world it was built for didn't have OpenTelemetry, didn't have GitOps, didn't have hardware-enclave secret stores, and didn't have the threat model where production secrets sitting in plaintext registry keys is a real attack surface. Recto picks up where NSSM stops:
+
+- **Vault-backed secrets.** Service env vars never sit in plaintext on disk. Pulled from Windows Credential Manager (DPAPI-encrypted) at process start, or from any pluggable backend.
+- **HTTP liveness probes** with configurable thresholds and exponential-backoff restart.
+- **Restart-event webhooks** post structured JSON to any URL when the supervised process crashes, restarts, or fails health checks.
+- **Declarative YAML config** that lives in the consuming repo, reviewable in PRs. Replaces imperative `nssm set ...` PowerShell.
+- **Win32 Job Object resource limits** for memory, CPU, process count.
+- **OpenTelemetry traces** for every lifecycle event.
+- **Pluggable secret-source backends** — Credential Manager (Windows), Keychain (macOS), Secret Service (Linux), AWS Secrets Manager, HashiCorp Vault — and the architectural seam for hardware-enclave backends with biometric release.
+
+Recto wraps NSSM today; v0.2+ may absorb the service-registration responsibility natively.
+
+## Status
+
+**v1.0 released.** First public OSS release; not yet on PyPI. See [CHANGELOG.md](CHANGELOG.md) for the per-feature history and [ROADMAP.md](ROADMAP.md) for what's next.
+
+## Quick start
+
+Recto runs on Python 3.10+. The canonical first-time setup uses a project-local virtual environment so the editable install doesn't touch your system Python:
+
+```powershell
+# Windows (PowerShell):
+git clone https://github.com/erikcheatham/Recto.git
+cd Recto
+python -m venv .venv
+.\.venv\Scripts\Activate.ps1
+pip install -e ".[v0_4]"
+```
+
+```bash
+# macOS / Linux:
+git clone https://github.com/erikcheatham/Recto.git
+cd Recto
+python3 -m venv .venv
+source .venv/bin/activate
+pip install -e ".[v0_4]"
+```
+
+The `[v0_4]` extra pulls in the `cryptography` + `pyjwt` dependencies the v0.4 protocol needs. Without it, the bootloader's verifier paths raise on import.
+
+After install, smoke-check:
+
+```bash
+python -c "import recto; print(recto.__version__)"
+```
+
+For the bootloader-side launcher (the bridge between your application and a paired phone), see [INTEGRATION.md](INTEGRATION.md) and the example launcher at `examples/run_bootloader_consumer.py` (env-var-parameterized; ships unmodified to every consumer).
+
+> **Re-cloning?** A fresh `git clone` does NOT include any prior `.venv`. After every clone, repeat the `python -m venv .venv` + `pip install -e ".[v0_4]"` step. The editable install only stores a path pointer; rebuilding the venv is fast (~30s).
+
+## Distribution model
+
+Recto distributes as **three packages targeting three audiences via three channels**:
+
+- **`recto-core`** (PyPI) — the Substrate. Bootloader server + launcher (NSSM-replacement) + dpapi-machine vault + vault CLI + NSSM-migration tooling + server-side verifier libraries. Install on the host you administer.
+- **`recto-client-{py,ts,cs}`** (PyPI / npm / NuGet) — the Agent SDKs. Wire-protocol clients for programs that consume capability authority. Add as a library dependency to your app.
+- **Recto Phone** (App Store / Play Store) — the Consumer. One canonical multi-tenant MAUI app supporting pairing with N orchestrators simultaneously (Authy model, not bank-app-per-bank model). Install from the OS store.
+
+Three audiences (DevOps + application developers + humans) get different distribution channels matching how they actually consume the substrate. See [PACKAGING.md](PACKAGING.md) for the full architectural decision, pre-v1.0 → post-v1.0 migration plan, dependency graph, and versioning policy.
+
+## License
+
+Apache 2.0. See [LICENSE](LICENSE).
+
+## Architecture
+
+See [ARCHITECTURE.md](ARCHITECTURE.md) for the design doc — pluggable backends, YAML schema, NSSM relationship, threat model.
+
+## Integrating with Recto
+
+See [INTEGRATION.md](INTEGRATION.md) for the practical "how do I plug my app into Recto" guide — agent registration, capability-request wire shapes, claim schema, reference implementations in Python + C#, and production hardening checklist.
+
+## Lineage
+
+NSSM (the Non-Sucking Service Manager) by Iain Patterson, 2003-2017, public domain. Recto stands on its shoulders for the service-registration primitive and aims to keep the give-it-away spirit alive under a license that adds explicit patent grants for the modern era.

recto_core-1.0.0/README.md

@@ -0,0 +1,81 @@
+# Recto
+
+Modern Windows-service wrapper. Spiritual successor to NSSM with a 2026 feature set.
+
+## Why Recto
+
+NSSM has been the canonical "wrap an executable as a Windows service" tool since 2003 and remains rock-solid at that primitive. But the world it was built for didn't have OpenTelemetry, didn't have GitOps, didn't have hardware-enclave secret stores, and didn't have the threat model where production secrets sitting in plaintext registry keys is a real attack surface. Recto picks up where NSSM stops:
+
+- **Vault-backed secrets.** Service env vars never sit in plaintext on disk. Pulled from Windows Credential Manager (DPAPI-encrypted) at process start, or from any pluggable backend.
+- **HTTP liveness probes** with configurable thresholds and exponential-backoff restart.
+- **Restart-event webhooks** post structured JSON to any URL when the supervised process crashes, restarts, or fails health checks.
+- **Declarative YAML config** that lives in the consuming repo, reviewable in PRs. Replaces imperative `nssm set ...` PowerShell.
+- **Win32 Job Object resource limits** for memory, CPU, process count.
+- **OpenTelemetry traces** for every lifecycle event.
+- **Pluggable secret-source backends** — Credential Manager (Windows), Keychain (macOS), Secret Service (Linux), AWS Secrets Manager, HashiCorp Vault — and the architectural seam for hardware-enclave backends with biometric release.
+
+Recto wraps NSSM today; v0.2+ may absorb the service-registration responsibility natively.
+
+## Status
+
+**v1.0 released.** First public OSS release; not yet on PyPI. See [CHANGELOG.md](CHANGELOG.md) for the per-feature history and [ROADMAP.md](ROADMAP.md) for what's next.
+
+## Quick start
+
+Recto runs on Python 3.10+. The canonical first-time setup uses a project-local virtual environment so the editable install doesn't touch your system Python:
+
+```powershell
+# Windows (PowerShell):
+git clone https://github.com/erikcheatham/Recto.git
+cd Recto
+python -m venv .venv
+.\.venv\Scripts\Activate.ps1
+pip install -e ".[v0_4]"
+```
+
+```bash
+# macOS / Linux:
+git clone https://github.com/erikcheatham/Recto.git
+cd Recto
+python3 -m venv .venv
+source .venv/bin/activate
+pip install -e ".[v0_4]"
+```
+
+The `[v0_4]` extra pulls in the `cryptography` + `pyjwt` dependencies the v0.4 protocol needs. Without it, the bootloader's verifier paths raise on import.
+
+After install, smoke-check:
+
+```bash
+python -c "import recto; print(recto.__version__)"
+```
+
+For the bootloader-side launcher (the bridge between your application and a paired phone), see [INTEGRATION.md](INTEGRATION.md) and the example launcher at `examples/run_bootloader_consumer.py` (env-var-parameterized; ships unmodified to every consumer).
+
+> **Re-cloning?** A fresh `git clone` does NOT include any prior `.venv`. After every clone, repeat the `python -m venv .venv` + `pip install -e ".[v0_4]"` step. The editable install only stores a path pointer; rebuilding the venv is fast (~30s).
+
+## Distribution model
+
+Recto distributes as **three packages targeting three audiences via three channels**:
+
+- **`recto-core`** (PyPI) — the Substrate. Bootloader server + launcher (NSSM-replacement) + dpapi-machine vault + vault CLI + NSSM-migration tooling + server-side verifier libraries. Install on the host you administer.
+- **`recto-client-{py,ts,cs}`** (PyPI / npm / NuGet) — the Agent SDKs. Wire-protocol clients for programs that consume capability authority. Add as a library dependency to your app.
+- **Recto Phone** (App Store / Play Store) — the Consumer. One canonical multi-tenant MAUI app supporting pairing with N orchestrators simultaneously (Authy model, not bank-app-per-bank model). Install from the OS store.
+
+Three audiences (DevOps + application developers + humans) get different distribution channels matching how they actually consume the substrate. See [PACKAGING.md](PACKAGING.md) for the full architectural decision, pre-v1.0 → post-v1.0 migration plan, dependency graph, and versioning policy.
+
+## License
+
+Apache 2.0. See [LICENSE](LICENSE).
+
+## Architecture
+
+See [ARCHITECTURE.md](ARCHITECTURE.md) for the design doc — pluggable backends, YAML schema, NSSM relationship, threat model.
+
+## Integrating with Recto
+
+See [INTEGRATION.md](INTEGRATION.md) for the practical "how do I plug my app into Recto" guide — agent registration, capability-request wire shapes, claim schema, reference implementations in Python + C#, and production hardening checklist.
+
+## Lineage
+
+NSSM (the Non-Sucking Service Manager) by Iain Patterson, 2003-2017, public domain. Recto stands on its shoulders for the service-registration primitive and aims to keep the give-it-away spirit alive under a license that adds explicit patent grants for the modern era.

recto_core-1.0.0/pyproject.toml

@@ -0,0 +1,172 @@
+[build-system]
+requires = ["setuptools>=77", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "recto-core"
+# PACKAGING.md → "PyPI package name: recto-core". The historical name
+# "recto" in this file's prior versions was a placeholder; canonical
+# distribution name at v1.0 is recto-core (the Substrate tier).
+# The Python import name remains `recto` (per repo layout); PyPI users
+# install via `pip install recto-core` and import as `import recto`.
+version = "1.0.0"
+description = "Phone-enclave-rooted capability authorization substrate for autonomous agents. Cross-platform service supervision, vault-backed secrets, capability JWS verification."
+readme = "README.md"
+requires-python = ">=3.12"
+license = "Apache-2.0"
+authors = [{name = "Erik Cheatham"}]
+keywords = ["capability-authorization", "service-manager", "credentials", "devops", "ai-agents", "biometric-signing"]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: System Administrators",
+    "Intended Audience :: Developers",
+    "Operating System :: Microsoft :: Windows",
+    "Operating System :: POSIX :: Linux",
+    "Operating System :: MacOS",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: System :: Systems Administration",
+    "Topic :: Security :: Cryptography",
+]
+dependencies = [
+    "PyYAML>=6.0",
+]
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=8.0",
+    "pytest-cov>=4.1",
+    "mypy>=1.8",
+    "ruff>=0.3",
+    "types-PyYAML>=6.0",
+]
+aws = ["boto3>=1.34"]
+vault = ["hvac>=2.0"]
+keychain = []  # macOS uses /usr/bin/security CLI (stdlib only)
+secret-service = ["secretstorage>=3.3"]
+otel = [
+    "opentelemetry-api>=1.20",
+    "opentelemetry-sdk>=1.20",
+    "opentelemetry-exporter-otlp-proto-http>=1.20",
+]  # `pip install recto[otel]` to enable spec.telemetry tracing
+v0_4 = [
+    "cryptography>=42",     # Ed25519 sign/verify via the cryptography backend
+    "pyjwt[crypto]>=2.8",   # JWT EdDSA encode/verify (pulls cryptography too)
+]  # `pip install recto[v0_4]` to enable phone-resident vault (enclave_stub
+   # backend, recto.bootloader, recto v0.4 register/revoke CLI). The phone
+   # app itself is a separate MAUI Blazor project under /phone; this extra
+   # only covers the Recto-side dependencies for the bootloader and the
+   # in-process stub used for testing without phone hardware.
+ethereum = []
+   # `pip install recto[ethereum]` enables the eth_sign credential kind
+   # (recto.ethereum module: Keccak-256, EIP-191 / EIP-712 hashing,
+   # secp256k1 ECDSA verify + public-key recovery, EIP-55 checksum
+   # addresses). The implementation is pure Python stdlib — int /
+   # hashlib / no native dependencies — so this extra adds NO new
+   # packages to the dep tree. The empty list is intentional: the
+   # extra exists purely to gate the import path so consumers without
+   # ETH-credential needs can ignore the module. Sign-side primitives
+   # (BIP39 mnemonic, BIP32/BIP44 derivation, secp256k1 sign with
+   # v-recovery) live phone-side in the MAUI Blazor project, NOT in
+   # this Python module — private keys never touch the launcher tier.
+bitcoin = []
+   # `pip install recto[bitcoin]` enables the btc_sign credential kind
+   # (recto.bitcoin module: RIPEMD-160 + HASH160, double-SHA-256,
+   # bech32 / bech32m encoding per BIP-173 / BIP-350, BIP-137 signed-
+   # message hashing, P2WPKH / P2PKH / P2SH-P2WPKH address derivation,
+   # BIP-137 compact signature parse + recover). Same posture as the
+   # ethereum extra: pure Python stdlib + a delegation to recto.ethereum
+   # for the secp256k1 verify primitive (same curve). No new packages.
+   # Empty list is intentional. Sign-side primitives live phone-side in
+   # MAUI Blazor under the SAME BIP-39 mnemonic the eth_sign service
+   # uses — one mnemonic, two BIP-44 trees (m/44'/60' for ETH,
+   # m/84'/0' for BTC native SegWit).
+ed25519 = []
+   # `pip install recto[ed25519]` enables the ed_sign credential kind
+   # (recto.solana / recto.stellar / recto.ripple modules: base58 + base32
+   # StrKey + Ripple-flavored base58 address encodings, CRC16-XMODEM,
+   # XRP HASH160 with 0xED ed25519 prefix, per-chain message hashing).
+   # Address encoding and message hashing are pure Python stdlib (the
+   # XRP module borrows recto.bitcoin.ripemd160 for HASH160, also
+   # pure-stdlib). Empty list is intentional — no new packages added.
+   # Signature verification (the optional verify_signature path on each
+   # chain module) requires `cryptography>=42` to be installed; this is
+   # pulled in transitively via `recto[v0_4]` when the bootloader is
+   # active. Stand-alone verifier callers should `pip install recto[v0_4]`
+   # to get cryptography. Sign-side primitives (BIP-39 → SLIP-0010
+   # ed25519 derivation, ed25519 sign with the chain-specific message
+   # hash) live phone-side in the MAUI Blazor project — same BIP-39
+   # mnemonic as eth_sign and btc_sign, three new SLIP-10 trees:
+   # m/44'/501'/N'/0' (SOL), m/44'/148'/N' (XLM), m/44'/144'/0'/0'/N'
+   # (XRP-ed25519, all hardened). One mnemonic, five chain-coin trees.
+tron = []
+   # `pip install recto[tron]` enables the tron_sign credential kind
+   # (recto.tron module: TIP-191 message hashing, base58check address
+   # encoding with version byte 0x41, secp256k1 ECDSA recovery).
+   # Empty list is intentional -- no new packages added beyond the
+   # ethereum extra: pure Python stdlib + delegation to
+   # recto.ethereum for keccak256 + secp256k1 recovery. The phone-side
+   # service reuses the same BIP-39 mnemonic as eth_sign / btc_sign at
+   # SLIP-0044 coin-type 195: m/44'/195'/0'/0/N (standard secp256k1
+   # BIP-32 path; SLIP-0010 ed25519 doesn't apply here -- TRON is
+   # secp256k1, not ed25519). One mnemonic, six chain-coin trees.
+
+[project.urls]
+Homepage = "https://github.com/erikcheatham/Recto"
+Repository = "https://github.com/erikcheatham/Recto"
+Issues = "https://github.com/erikcheatham/Recto/issues"
+Documentation = "https://github.com/erikcheatham/Recto/blob/main/README.md"
+Changelog = "https://github.com/erikcheatham/Recto/blob/main/CHANGELOG.md"
+
+[project.scripts]
+recto = "recto.cli:main"
+
+[tool.setuptools.packages.find]
+include = ["recto*"]
+exclude = ["tests*", "examples*", "scripts*", "phone*"]
+
+[tool.setuptools.package-data]
+# Non-Python files that ship as part of the wheel. The capability
+# action manifest is loaded at runtime by the bootloader's verifier
+# (recto.capability.manifest) and MUST be present in the installed
+# package — otherwise `recto-core[v0_4]` consumers get a FileNotFoundError
+# at first capability verification.
+"recto.capability" = ["manifest_v1.json"]
+
+[tool.ruff]
+line-length = 100
+target-version = "py312"
+
+[tool.ruff.lint]
+select = ["E", "F", "W", "I", "N", "UP", "B", "C4", "SIM", "RET"]
+
+[tool.mypy]
+python_version = "3.12"
+strict = true
+warn_return_any = true
+warn_unused_ignores = true
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+python_files = ["test_*.py"]
+addopts = "-ra --strict-markers"
+
+[tool.coverage.run]
+source = ["recto"]
+# `_launcher_part2.py` was a transitional stub from v0.1; exclude in
+# case it ever resurfaces in a stale checkout.
+omit = ["recto/_launcher_part2.py"]
+
+[tool.coverage.report]
+# The Win32 ctypes blocks in joblimit.py + secrets/credman.py and the
+# OTel-SDK-installed path in telemetry.py are marked `# pragma: no
+# cover` inline -- they only execute on Windows (or with the [otel]
+# extra installed). The cross-platform Linux suite covers everything
+# else; Darwin's smoke run exercises the platform-specific paths.
+exclude_lines = [
+    "pragma: no cover",
+    "raise NotImplementedError",
+    "if __name__ == .__main__.:",
+    "if TYPE_CHECKING:",
+]

recto_core-1.0.0/recto/__init__.py

@@ -0,0 +1,20 @@
+"""Recto — modern Windows-service wrapper.
+
+Public API surface:
+    recto.config.load_config        — parse + validate a service.yaml
+    recto.config.ServiceConfig      — top-level dataclass
+    recto.secrets.SecretSource      — ABC for pluggable secret backends
+    recto.secrets.SecretMaterial    — sealed type returned by SecretSource.fetch
+    recto.secrets.DirectSecret      — variant: secret materialized as a string
+    recto.secrets.SigningCapability — variant: secret never leaves enclave
+    recto.secrets.EnvSource         — passthrough backend reading os.environ
+    recto.secrets.CredManSource     — Windows Credential Manager backend
+    recto.secrets.register_source   — third-party backend registration
+    recto.launcher.launch           — read config, fetch secrets, spawn child
+
+Higher-level entry points (CLI, healthz probe loop, restart policy, comms
+webhook dispatch) are wired in alongside the launcher in v0.1.
+"""
+
+__version__ = "0.1.0.dev0"
+__all__ = ["__version__"]

recto_core-1.0.0/recto/__main__.py

@@ -0,0 +1,16 @@
+"""`python -m recto` entry point.
+
+Forwards to recto.cli:main(). The console-script entry registered
+in pyproject.toml (`recto = "recto.cli:main"`) hits the same target,
+so `recto launch ...` and `python -m recto launch ...` are identical.
+"""
+
+from __future__ import annotations
+
+import sys
+
+from recto.cli import main
+
+
+if __name__ == "__main__":  # pragma: no cover
+    sys.exit(main())