rio-receipt-protocol 2.2.0__py3-none-any.whl

rio_receipt_protocol/__init__.py

@@ -0,0 +1,26 @@
+"""
+RIO Receipt Protocol — Python Implementation (v2.2)
+
+Cryptographic proof for AI actions. Open standard. Zero required dependencies.
+"""
+
+__version__ = "2.2.0"
+
+from .receipts import (
+    sha256, hash_intent, hash_execution, hash_governance, hash_authorization,
+    generate_receipt, verify_receipt,
+    generate_keypair, sign_receipt,
+)
+from .ledger import GENESIS_HASH, create_ledger
+from .verifier import (
+    verify_receipt_standalone, verify_chain,
+    verify_receipt_against_ledger, verify_receipt_batch,
+)
+
+__all__ = [
+    "sha256", "hash_intent", "hash_execution", "hash_governance", "hash_authorization",
+    "generate_receipt", "verify_receipt",
+    "generate_keypair", "sign_receipt",
+    "GENESIS_HASH", "create_ledger",
+    "verify_receipt_standalone", "verify_chain", "verify_receipt_against_ledger", "verify_receipt_batch",
+]

rio_receipt_protocol/ledger.py

@@ -0,0 +1,106 @@
+"""
+RIO Receipt Protocol — Tamper-Evident Ledger
+
+Zero external dependencies beyond the Python standard library.
+"""
+
+import json
+import os
+import uuid
+from datetime import datetime, timezone
+
+from .receipts import sha256
+
+GENESIS_HASH = "0000000000000000000000000000000000000000000000000000000000000000"
+
+
+def _canonicalize(entry: dict) -> str:
+    return json.dumps(
+        {"entry_id": entry["entry_id"], "prev_hash": entry["prev_hash"],
+         "timestamp": entry["timestamp"], "intent_id": entry["intent_id"],
+         "action": entry["action"], "agent_id": entry["agent_id"],
+         "status": entry["status"], "detail": entry["detail"],
+         "receipt_hash": entry.get("receipt_hash"),
+         "authorization_hash": entry.get("authorization_hash"),
+         "intent_hash": entry.get("intent_hash")},
+        separators=(",", ":"), ensure_ascii=False,
+    )
+
+
+class Ledger:
+    def __init__(self, file_path: str = None):
+        self._entries = []
+        self._current_hash = GENESIS_HASH
+        self._file_path = file_path
+        if file_path and os.path.exists(file_path):
+            try:
+                with open(file_path, "r", encoding="utf-8") as f:
+                    self._entries = json.load(f)
+                if self._entries:
+                    self._current_hash = self._entries[-1]["ledger_hash"]
+            except Exception:
+                self._entries = []
+                self._current_hash = GENESIS_HASH
+
+    def _persist(self):
+        if not self._file_path:
+            return
+        os.makedirs(os.path.dirname(self._file_path) or ".", exist_ok=True)
+        with open(self._file_path, "w", encoding="utf-8") as f:
+            json.dump(self._entries, f, indent=2, ensure_ascii=False)
+
+    def append(self, intent_id: str, action: str, agent_id: str, status: str, detail: str,
+               receipt_hash: str = None, authorization_hash: str = None, intent_hash: str = None) -> dict:
+        prev_hash = self._current_hash
+        now = datetime.now(timezone.utc)
+        timestamp = now.strftime("%Y-%m-%dT%H:%M:%S.") + f"{now.microsecond // 1000:03d}Z"
+        entry = {
+            "entry_id": str(uuid.uuid4()), "prev_hash": prev_hash, "ledger_hash": None,
+            "timestamp": timestamp, "intent_id": intent_id, "action": action,
+            "agent_id": agent_id, "status": status, "detail": detail,
+            "receipt_hash": receipt_hash, "authorization_hash": authorization_hash,
+            "intent_hash": intent_hash,
+        }
+        entry["ledger_hash"] = sha256(_canonicalize(entry))
+        self._current_hash = entry["ledger_hash"]
+        self._entries.append(entry)
+        self._persist()
+        return entry
+
+    def verify_chain(self) -> dict:
+        if not self._entries:
+            return {"valid": True, "entries_checked": 0, "first_invalid": None}
+        prev = GENESIS_HASH
+        for i, e in enumerate(self._entries):
+            if e["prev_hash"] != prev:
+                return {"valid": False, "entries_checked": i + 1, "first_invalid": i,
+                        "reason": f"Entry {i} prev_hash mismatch. Expected: {prev}, Got: {e['prev_hash']}"}
+            computed = sha256(_canonicalize(e))
+            if computed != e["ledger_hash"]:
+                return {"valid": False, "entries_checked": i + 1, "first_invalid": i,
+                        "reason": f"Entry {i} hash mismatch. Computed: {computed}, Stored: {e['ledger_hash']}"}
+            prev = e["ledger_hash"]
+        return {"valid": True, "entries_checked": len(self._entries), "first_invalid": None}
+
+    def get_entries(self, limit: int = 100, offset: int = 0) -> list:
+        return self._entries[offset:offset + limit]
+
+    def get_entries_by_intent(self, intent_id: str) -> list:
+        return [e for e in self._entries if e["intent_id"] == intent_id]
+
+    def get_entry_count(self) -> int:
+        return len(self._entries)
+
+    def get_current_hash(self) -> str:
+        return self._current_hash
+
+    def get_latest_entry(self) -> dict:
+        return self._entries[-1] if self._entries else None
+
+    def export(self) -> list:
+        return json.loads(json.dumps(self._entries))
+
+
+def create_ledger(file_path: str = None) -> Ledger:
+    """Create a new Ledger instance."""
+    return Ledger(file_path=file_path)

rio_receipt_protocol/receipts.py

@@ -0,0 +1,247 @@
+"""
+RIO Receipt Protocol — Receipt Generation and Verification
+
+Zero external dependencies beyond the Python standard library.
+"""
+
+import hashlib
+import json
+import uuid
+from datetime import datetime, timezone
+
+
+def sha256(data: str) -> str:
+    """Compute SHA-256 hash of a string. Returns 64-char lowercase hex."""
+    return hashlib.sha256(data.encode("utf-8")).hexdigest()
+
+
+def hash_intent(intent_id: str, action: str, agent_id: str, parameters: dict, timestamp: str) -> str:
+    """Hash an intent object using canonical field order."""
+    canonical = json.dumps(
+        {"intent_id": intent_id, "action": action, "agent_id": agent_id,
+         "parameters": parameters, "timestamp": timestamp},
+        separators=(",", ":"), ensure_ascii=False,
+    )
+    return sha256(canonical)
+
+
+def hash_execution(intent_id: str, action: str, result: object, connector: str, timestamp: str) -> str:
+    """Hash an execution record using canonical field order."""
+    canonical = json.dumps(
+        {"intent_id": intent_id, "action": action, "result": result,
+         "connector": connector, "timestamp": timestamp},
+        separators=(",", ":"), ensure_ascii=False,
+    )
+    return sha256(canonical)
+
+
+def hash_governance(intent_id: str, status: str, risk_level: str, requires_approval: bool, checks: list) -> str:
+    """Hash a governance decision. Optional — only for governed receipts."""
+    canonical = json.dumps(
+        {"intent_id": intent_id, "status": status, "risk_level": risk_level,
+         "requires_approval": requires_approval, "checks": checks},
+        separators=(",", ":"), ensure_ascii=False,
+    )
+    return sha256(canonical)
+
+
+def hash_authorization(intent_id: str, decision: str, authorized_by: str, timestamp: str, conditions=None) -> str:
+    """Hash an authorization record. Optional — only for governed receipts."""
+    canonical = json.dumps(
+        {"intent_id": intent_id, "decision": decision, "authorized_by": authorized_by,
+         "timestamp": timestamp, "conditions": conditions},
+        separators=(",", ":"), ensure_ascii=False,
+    )
+    return sha256(canonical)
+
+
+def _build_chain_order(data: dict) -> list:
+    order = ["intent_hash"]
+    if data.get("governance_hash"):
+        order.append("governance_hash")
+    if data.get("authorization_hash"):
+        order.append("authorization_hash")
+    order.append("execution_hash")
+    order.append("receipt_hash")
+    return order
+
+
+def generate_receipt(
+    intent_hash: str, execution_hash: str, intent_id: str, action: str, agent_id: str,
+    governance_hash: str = None, authorization_hash: str = None,
+    authorized_by: str = None, receipt_type: str = None,
+    ingestion: dict = None, identity_binding: dict = None,
+) -> dict:
+    """Generate a RIO Receipt (v2.2)."""
+    receipt_id = str(uuid.uuid4())
+    now = datetime.now(timezone.utc)
+    timestamp = now.strftime("%Y-%m-%dT%H:%M:%S.") + f"{now.microsecond // 1000:03d}Z"
+
+    is_governed = bool(governance_hash and authorization_hash)
+    if receipt_type is None:
+        receipt_type = "governed_action" if is_governed else "action"
+
+    data = {"intent_hash": intent_hash, "execution_hash": execution_hash,
+            "governance_hash": governance_hash, "authorization_hash": authorization_hash}
+    chain_order = _build_chain_order(data)
+
+    receipt_content = {"receipt_id": receipt_id}
+    for field in chain_order:
+        if field != "receipt_hash":
+            receipt_content[field] = data[field]
+    receipt_content["timestamp"] = timestamp
+    receipt_hash = sha256(json.dumps(receipt_content, separators=(",", ":"), ensure_ascii=False))
+
+    receipt = {
+        "receipt_id": receipt_id, "receipt_type": receipt_type,
+        "intent_id": intent_id, "action": action, "agent_id": agent_id,
+        "authorized_by": authorized_by, "timestamp": timestamp,
+        "hash_chain": {
+            "intent_hash": intent_hash, "governance_hash": governance_hash,
+            "authorization_hash": authorization_hash, "execution_hash": execution_hash,
+            "receipt_hash": receipt_hash,
+        },
+        "verification": {
+            "algorithm": "SHA-256", "chain_length": len(chain_order), "chain_order": chain_order,
+        },
+    }
+
+    if ingestion:
+        receipt["ingestion"] = {
+            "source": ingestion.get("source"), "channel": ingestion.get("channel"),
+            "source_message_id": ingestion.get("source_message_id"),
+            "timestamp": ingestion.get("timestamp", timestamp),
+        }
+    if identity_binding:
+        receipt["identity_binding"] = {
+            "signer_id": identity_binding.get("signer_id"),
+            "public_key_hex": identity_binding.get("public_key_hex"),
+            "signature_payload_hash": identity_binding.get("signature_payload_hash"),
+            "verification_method": identity_binding.get("verification_method"),
+            "ed25519_signed": identity_binding.get("ed25519_signed", False),
+        }
+
+    return receipt
+
+
+def verify_receipt(receipt: dict) -> dict:
+    """Verify a receipt by recomputing the receipt hash from its components."""
+    chain_order = receipt.get("verification", {}).get("chain_order",
+        ["intent_hash", "execution_hash", "receipt_hash"])
+
+    receipt_content = {"receipt_id": receipt["receipt_id"]}
+    for field in chain_order:
+        if field != "receipt_hash":
+            receipt_content[field] = receipt["hash_chain"][field]
+    receipt_content["timestamp"] = receipt["timestamp"]
+
+    computed_hash = sha256(json.dumps(receipt_content, separators=(",", ":"), ensure_ascii=False))
+    stored_hash = receipt["hash_chain"]["receipt_hash"]
+
+    return {
+        "valid": computed_hash == stored_hash,
+        "computed_hash": computed_hash, "stored_hash": stored_hash,
+        "receipt_id": receipt["receipt_id"],
+        "receipt_type": receipt.get("receipt_type", "action"),
+    }
+
+
+# ─── Ed25519 Signing (optional — requires no external dependencies) ──────────
+
+def generate_keypair() -> dict:
+    """
+    Generate an Ed25519 keypair using Python's standard library (3.12+)
+    or PyNaCl as fallback.
+
+    Returns dict with: private_key_hex, public_key_hex, private_key_obj
+    """
+    try:
+        # Python 3.12+ has Ed25519 in the standard library
+        from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
+        from cryptography.hazmat.primitives.serialization import (
+            Encoding, NoEncryption, PrivateFormat, PublicFormat,
+        )
+        private_key = Ed25519PrivateKey.generate()
+        private_bytes = private_key.private_bytes(
+            Encoding.Raw, PrivateFormat.Raw, NoEncryption(),
+        )
+        public_bytes = private_key.public_key().public_bytes(
+            Encoding.Raw, PublicFormat.Raw,
+        )
+        return {
+            "private_key_hex": private_bytes.hex(),
+            "public_key_hex": public_bytes.hex(),
+            "private_key_obj": private_key,
+        }
+    except ImportError:
+        pass
+
+    try:
+        from nacl.signing import SigningKey
+        from nacl.encoding import HexEncoder
+        signing_key = SigningKey.generate()
+        return {
+            "private_key_hex": signing_key.encode(HexEncoder).decode(),
+            "public_key_hex": signing_key.verify_key.encode(HexEncoder).decode(),
+            "private_key_obj": signing_key,
+        }
+    except ImportError:
+        raise ImportError(
+            "Ed25519 signing requires either 'cryptography' or 'PyNaCl'. "
+            "Install one: pip install cryptography  OR  pip install pynacl"
+        )
+
+
+def sign_receipt(receipt: dict, private_key_obj, public_key_hex: str, signer_id: str) -> dict:
+    """
+    Sign a receipt with Ed25519.
+
+    The signed payload is the UTF-8 encoding of the 64-character hex
+    receipt_hash string (per spec Section 4.2). The signature is stored
+    in identity_binding.signature_hex as a lowercase hex string.
+
+    This function mutates the receipt in place and also returns it.
+
+    Args:
+        receipt: A generated RIO Receipt (must have hash_chain.receipt_hash)
+        private_key_obj: Ed25519 private key object (from generate_keypair)
+        public_key_hex: 64-char hex-encoded public key
+        signer_id: Identifier of the signing authority
+    """
+    receipt_hash = receipt.get("hash_chain", {}).get("receipt_hash", "")
+    if not receipt_hash or len(receipt_hash) != 64:
+        raise ValueError("Cannot sign: receipt has no valid receipt_hash")
+
+    payload = receipt_hash.encode("utf-8")
+
+    # Try cryptography library first, then PyNaCl
+    try:
+        from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
+        if isinstance(private_key_obj, Ed25519PrivateKey):
+            signature_bytes = private_key_obj.sign(payload)
+            signature_hex = signature_bytes.hex()
+        else:
+            raise TypeError("Not a cryptography key")
+    except (ImportError, TypeError):
+        from nacl.signing import SigningKey
+        if isinstance(private_key_obj, SigningKey):
+            signed = private_key_obj.sign(payload)
+            signature_hex = signed.signature.hex()
+        else:
+            raise TypeError(
+                "private_key_obj must be an Ed25519PrivateKey (cryptography) "
+                "or SigningKey (PyNaCl)"
+            )
+
+    from datetime import datetime, timezone
+    receipt["identity_binding"] = {
+        "signer_id": signer_id,
+        "public_key_hex": public_key_hex,
+        "signature_hex": signature_hex,
+        "signature_payload_hash": receipt_hash,
+        "signed_at": datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%S.") +
+                     f"{datetime.now(timezone.utc).microsecond // 1000:03d}Z",
+        "verification_method": "ed25519-nacl",
+        "ed25519_signed": True,
+    }
+    return receipt

rio_receipt_protocol/verifier.py

@@ -0,0 +1,128 @@
+"""
+RIO Receipt Protocol — Standalone Verifier
+
+Zero external dependencies beyond the Python standard library.
+"""
+
+import re
+import json
+
+from .receipts import sha256
+
+GENESIS_HASH = "0000000000000000000000000000000000000000000000000000000000000000"
+_HEX64 = re.compile(r"^[a-f0-9]{64}$")
+
+
+def verify_receipt_standalone(receipt: dict) -> dict:
+    """Verify a single RIO Receipt (proof-layer or governed)."""
+    errors = []
+    if not receipt.get("receipt_id"):
+        errors.append("Missing receipt_id")
+    if not receipt.get("timestamp"):
+        errors.append("Missing timestamp")
+    if not receipt.get("hash_chain"):
+        errors.append("Missing hash_chain")
+    if not receipt.get("hash_chain"):
+        return {"valid": False, "receipt_id": receipt.get("receipt_id", "unknown"), "errors": errors}
+
+    hc = receipt["hash_chain"]
+    for field in ("intent_hash", "execution_hash", "receipt_hash"):
+        if not hc.get(field):
+            errors.append(f"Missing hash_chain.{field}")
+        elif not _HEX64.match(hc[field]):
+            errors.append(f"Invalid hash format for hash_chain.{field}")
+    for field in ("governance_hash", "authorization_hash"):
+        val = hc.get(field)
+        if val is not None and val and not _HEX64.match(val):
+            errors.append(f"Invalid hash format for hash_chain.{field}")
+    if errors:
+        return {"valid": False, "receipt_id": receipt.get("receipt_id", "unknown"), "errors": errors}
+
+    chain_order = receipt.get("verification", {}).get("chain_order",
+        ["intent_hash", "execution_hash", "receipt_hash"])
+    receipt_content = {"receipt_id": receipt["receipt_id"]}
+    for field in chain_order:
+        if field != "receipt_hash":
+            receipt_content[field] = hc[field]
+    receipt_content["timestamp"] = receipt["timestamp"]
+    computed_hash = sha256(json.dumps(receipt_content, separators=(",", ":"), ensure_ascii=False))
+    stored_hash = hc["receipt_hash"]
+
+    verification = receipt.get("verification", {})
+    if verification.get("algorithm") and verification["algorithm"] != "SHA-256":
+        errors.append(f"Unexpected algorithm: {verification['algorithm']}")
+    if verification.get("chain_length") is not None and verification["chain_length"] != len(chain_order):
+        errors.append(f"chain_length {verification['chain_length']} != chain_order length {len(chain_order)}")
+
+    hash_valid = computed_hash == stored_hash
+    if not hash_valid:
+        errors.append(f"Receipt hash mismatch: computed {computed_hash}, stored {stored_hash}")
+
+    return {
+        "valid": hash_valid and len(errors) == 0,
+        "receipt_id": receipt["receipt_id"],
+        "receipt_type": receipt.get("receipt_type", "action"),
+        "computed_hash": computed_hash, "stored_hash": stored_hash,
+        "chain_length": len(chain_order), "errors": errors,
+    }
+
+
+def verify_chain(entries: list) -> dict:
+    """Verify a ledger hash chain."""
+    if not isinstance(entries, list):
+        return {"valid": False, "entries_checked": 0, "first_invalid": None, "reason": "Input is not a list"}
+    if not entries:
+        return {"valid": True, "entries_checked": 0, "first_invalid": None}
+    prev = GENESIS_HASH
+    for i, e in enumerate(entries):
+        if e.get("prev_hash") != prev:
+            return {"valid": False, "entries_checked": i + 1, "first_invalid": i,
+                    "reason": f"Entry {i} ({e.get('entry_id')}) prev_hash mismatch."}
+        canonical = json.dumps(
+            {"entry_id": e["entry_id"], "prev_hash": e["prev_hash"],
+             "timestamp": e["timestamp"], "intent_id": e["intent_id"],
+             "action": e["action"], "agent_id": e["agent_id"],
+             "status": e["status"], "detail": e["detail"],
+             "receipt_hash": e.get("receipt_hash"),
+             "authorization_hash": e.get("authorization_hash"),
+             "intent_hash": e.get("intent_hash")},
+            separators=(",", ":"), ensure_ascii=False,
+        )
+        computed = sha256(canonical)
+        if computed != e.get("ledger_hash"):
+            return {"valid": False, "entries_checked": i + 1, "first_invalid": i,
+                    "reason": f"Entry {i} ({e.get('entry_id')}) hash mismatch."}
+        prev = e["ledger_hash"]
+    return {"valid": True, "entries_checked": len(entries), "first_invalid": None, "chain_tip": prev}
+
+
+def verify_receipt_against_ledger(receipt: dict, ledger_entry: dict) -> dict:
+    """Cross-verify a receipt against its ledger entry."""
+    receipt_result = verify_receipt_standalone(receipt)
+    errors = list(receipt_result["errors"])
+    if ledger_entry.get("receipt_hash") != receipt["hash_chain"]["receipt_hash"]:
+        errors.append("Ledger entry receipt_hash does not match receipt")
+    if ledger_entry.get("intent_id") != receipt.get("intent_id"):
+        errors.append("Intent ID mismatch")
+    if ledger_entry.get("intent_hash") and ledger_entry["intent_hash"] != receipt["hash_chain"]["intent_hash"]:
+        errors.append("Intent hash mismatch")
+    return {
+        "valid": receipt_result["valid"] and len(errors) == len(receipt_result["errors"]),
+        "receipt_id": receipt["receipt_id"],
+        "entry_id": ledger_entry.get("entry_id"),
+        "receipt_valid": receipt_result["valid"],
+        "cross_references_valid": len(errors) == len(receipt_result["errors"]),
+        "errors": errors,
+    }
+
+
+def verify_receipt_batch(receipts: list) -> dict:
+    """Verify multiple receipts in batch."""
+    results = [verify_receipt_standalone(r) for r in receipts]
+    valid_count = sum(1 for r in results if r["valid"])
+    return {
+        "total": len(receipts), "valid": valid_count,
+        "invalid": len(results) - valid_count,
+        "all_valid": all(r["valid"] for r in results),
+        "results": results,
+    }

rio_receipt_protocol-2.2.0.dist-info/METADATA

@@ -0,0 +1,121 @@
+Metadata-Version: 2.4
+Name: rio-receipt-protocol
+Version: 2.2.0
+Summary: Cryptographic proof for AI actions. Generate tamper-evident receipts, maintain hash-chained ledgers, and verify AI action audit trails. Zero dependencies.
+Author: RIO Protocol Contributors
+License: MIT OR Apache-2.0
+Project-URL: Homepage, https://rioprotocol-q9cry3ny.manus.space
+Project-URL: Repository, https://github.com/bkr1297-RIO/rio-receipt-protocol
+Project-URL: Issues, https://github.com/bkr1297-RIO/rio-receipt-protocol/issues
+Project-URL: Changelog, https://github.com/bkr1297-RIO/rio-receipt-protocol/blob/main/CHANGELOG.md
+Keywords: ai-governance,ai-receipts,cryptographic-proof,tamper-evident,hash-chain,ledger,ai-audit,ai-safety,sha256,ed25519,openai,anthropic,langchain,ai-agent,compliance,audit-trail
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Typing :: Typed
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Provides-Extra: signing
+Requires-Dist: pynacl>=1.5.0; extra == "signing"
+
+# rio-receipt-protocol
+
+Cryptographic proof for AI actions. Open standard. **Zero required dependencies.**
+
+Generate tamper-evident receipts, maintain hash-chained ledgers, and verify AI action audit trails — all with nothing more than the Python standard library.
+
+## Installation
+
+```bash
+pip install rio-receipt-protocol
+```
+
+For Ed25519 signature support (optional):
+
+```bash
+pip install rio-receipt-protocol[signing]
+```
+
+## Quick Start
+
+```python
+from rio_receipt_protocol import (
+    hash_intent, hash_execution, generate_receipt, verify_receipt, create_ledger
+)
+
+# 1. Hash the intent
+intent_hash = hash_intent(
+    intent_id="i-001",
+    action="send_email",
+    agent_id="agent-1",
+    parameters={"to": "user@example.com", "subject": "Hello"},
+    timestamp="2026-04-01T00:00:00.000Z",
+)
+
+# 2. Hash the execution
+execution_hash = hash_execution(
+    intent_id="i-001",
+    action="send_email",
+    result="sent",
+    connector="smtp",
+    timestamp="2026-04-01T00:00:01.000Z",
+)
+
+# 3. Generate a receipt
+receipt = generate_receipt(
+    intent_hash=intent_hash,
+    execution_hash=execution_hash,
+    intent_id="i-001",
+    action="send_email",
+    agent_id="agent-1",
+)
+
+# 4. Verify it
+result = verify_receipt(receipt)
+assert result["valid"] is True
+
+# 5. Append to a tamper-evident ledger
+ledger = create_ledger()
+entry = ledger.append(
+    intent_id="i-001",
+    action="send_email",
+    agent_id="agent-1",
+    status="executed",
+    detail="Email sent",
+    receipt_hash=receipt["hash_chain"]["receipt_hash"],
+)
+
+# 6. Verify the chain
+chain = ledger.verify_chain()
+assert chain["valid"] is True
+```
+
+## API Reference
+
+The Python package mirrors the Node.js API exactly:
+
+| Function | Description |
+|---|---|
+| `sha256(data)` | SHA-256 hash of a string |
+| `hash_intent(...)` | Hash an intent object |
+| `hash_execution(...)` | Hash an execution record |
+| `hash_governance(...)` | Hash a governance decision (optional) |
+| `hash_authorization(...)` | Hash an authorization record (optional) |
+| `generate_receipt(...)` | Generate a v2.2 receipt |
+| `verify_receipt(receipt)` | Verify a receipt's hash chain |
+| `create_ledger(file_path=None)` | Create a tamper-evident ledger |
+| `verify_receipt_standalone(receipt)` | Independent receipt verification |
+| `verify_chain(entries)` | Verify a ledger hash chain |
+| `verify_receipt_batch(receipts)` | Batch-verify multiple receipts |
+
+## License
+
+Dual-licensed under MIT and Apache 2.0.

rio_receipt_protocol-2.2.0.dist-info/RECORD

@@ -0,0 +1,8 @@
+rio_receipt_protocol/__init__.py,sha256=3ijXVqqOODxgaaAaCcI9Mdnme44TGAeVjtV2poSTS0g,848
+rio_receipt_protocol/ledger.py,sha256=o7H5F7cjoy7HRWGV-LllcPy3_CjBipVnD5Dy3Z9eBHI,4280
+rio_receipt_protocol/receipts.py,sha256=MXwU7NlHsUeH06K8dd7qRwfbI7fwYgGz_EafFQAGZw4,9813
+rio_receipt_protocol/verifier.py,sha256=3OIiT73ANAWFryQqb3kiRlGJcpIsXMCthGMTHzmY9ng,5787
+rio_receipt_protocol-2.2.0.dist-info/METADATA,sha256=UzjV_RR1CDtCtoOEBxIdp4MLcJirOnjcosJgxpr8xWY,3978
+rio_receipt_protocol-2.2.0.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+rio_receipt_protocol-2.2.0.dist-info/top_level.txt,sha256=jvkcB089rvMq2daAYPMiisS2Eva7VA4w9hfNeaBTWjE,21
+rio_receipt_protocol-2.2.0.dist-info/RECORD,,

rio_receipt_protocol-2.2.0.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (82.0.1)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

rio_receipt_protocol-2.2.0.dist-info/top_level.txt

@@ -0,0 +1 @@
+rio_receipt_protocol