sockridge 0.1.0__tar.gz

sockridge-0.1.0/.gitignore

@@ -0,0 +1,55 @@
+# ── Go ────────────────────────────────────────────────────────────────────────
+bin/
+*.exe
+*.test
+*.out
+vendor/
+go.sum
+
+# generated proto code — regenerate with buf generate
+gen/
+
+# ── Python SDK ────────────────────────────────────────────────────────────────
+sdk/python/__pycache__/
+sdk/python/*.egg-info/
+sdk/python/dist/
+sdk/python/build/
+sdk/python/.venv/
+sdk/python/sockridge/__pycache__/
+**/__pycache__/
+**/*.pyc
+**/*.pyo
+
+# ── TypeScript SDK ────────────────────────────────────────────────────────────
+sdk/typescript/node_modules/
+sdk/typescript/dist/
+sdk/typescript/*.js
+sdk/typescript/*.d.ts
+sdk/typescript/*.js.map
+
+# ── Docker ────────────────────────────────────────────────────────────────────
+.env
+.env.local
+.env.production
+
+# ── Credentials — NEVER commit these ─────────────────────────────────────────
+.sockridge/
+*.key
+credentials.json
+**/ed25519.key
+**/credentials.json
+
+# ── Test files ────────────────────────────────────────────────────────────────
+test_agents/
+/tmp/
+*.log
+
+# ── OS ────────────────────────────────────────────────────────────────────────
+.DS_Store
+Thumbs.db
+
+# ── IDE ───────────────────────────────────────────────────────────────────────
+.vscode/
+.idea/
+*.swp
+*.swo

sockridge-0.1.0/PKG-INFO

@@ -0,0 +1,246 @@
+Metadata-Version: 2.4
+Name: sockridge
+Version: 0.1.0
+Summary: Python SDK for the SockRidge agent registry
+Project-URL: Homepage, https://github.com/Sockridge/sockridge
+License: MIT
+Requires-Python: >=3.11
+Requires-Dist: cryptography>=42.0.0
+Requires-Dist: httpx[http2]>=0.27.0
+Provides-Extra: dev
+Requires-Dist: pytest; extra == 'dev'
+Requires-Dist: pytest-asyncio; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# sockridge — Python SDK
+
+Python SDK for the [Sockridge](https://sockridge.com) agent registry.
+
+## Install
+
+```bash
+pip install git+https://github.com/Sockridge/sockridge.git#subdirectory=sdk/python
+```
+
+Or for local development:
+
+```bash
+git clone https://github.com/Sockridge/sockridge.git
+pip install -e sockridge/sdk/python
+```
+
+## Prerequisites
+
+You need a publisher account before using the SDK. Set one up with the CLI:
+
+```bash
+# install CLI
+go install github.com/Sockridge/sockridge/cli@latest
+
+# register
+sockridge auth keygen
+sockridge auth register --handle yourhandle --server https://sockridge.com:9000
+sockridge auth login --server https://sockridge.com:9000
+```
+
+This creates `~/.sockridge/credentials.json` and `~/.sockridge/ed25519.key` which the SDK reads automatically.
+
+---
+
+## Usage
+
+### Connect
+
+```python
+from sockridge import Registry
+
+registry = Registry("https://sockridge.com:9000")
+registry.login()  # reads ~/.sockridge/credentials.json
+```
+
+Custom credentials path:
+
+```python
+registry.login(
+    credentials_path="/custom/path/credentials.json",
+    key_path="/custom/path/ed25519.key",
+)
+```
+
+---
+
+### Publish an agent
+
+```python
+from sockridge import Registry, AgentCard, Skill, Capabilities
+
+registry = Registry("https://sockridge.com:9000")
+registry.login()
+
+card = AgentCard(
+    name="My FHIR Agent",
+    description="Analyzes lab trends from FHIR data using ML models",
+    url="https://my-agent.example.com",
+    version="1.0.0",
+    skills=[
+        Skill(
+            id="fhir.lab.analyze",
+            name="Lab Analyzer",
+            description="Detects anomalies in lab result trends",
+            tags=["fhir", "labs", "analysis"],
+        )
+    ],
+    capabilities=Capabilities(streaming=True, tool_use=True),
+)
+
+published = registry.publish(card)
+print(f"id: {published.id}")
+print(f"status: {published.status}")  # PENDING → ACTIVE after gatekeeper
+```
+
+The agent goes through automatic validation after publish:
+
+- Fields are checked (name, description, skills required)
+- URL is pinged to verify the agent is running
+- AI scores the card quality (0.0 - 1.0)
+- Score >= 0.4 → `AGENT_STATUS_ACTIVE`
+
+---
+
+### Self-register on startup
+
+For agents that register themselves when they start:
+
+```python
+registry = Registry("https://sockridge.com:9000")
+published = registry.register_and_publish(card)
+print(f"registered: {published.id}")
+```
+
+---
+
+### Search for agents
+
+```python
+# by tag
+agents = registry.search(tags=["fhir", "labs"])
+for agent in agents:
+    print(f"{agent.name} — {agent.id}")
+
+# by natural language
+results = registry.semantic_search("find me a lab result analyzer")
+for r in results:
+    print(f"{r['score']:.2f}  {r['agent'].name}")
+
+# by ID
+agent = registry.get_agent("agent-uuid-here")
+print(agent.name, agent.skills)
+```
+
+---
+
+### Access agreements
+
+Agents can only get each other's endpoint URLs after a mutual access agreement is approved by both publishers.
+
+```python
+# request access from another publisher
+agreement = registry.request_access(
+    receiver_id="other-publisher-uuid",
+    message="want to connect our agents for a healthcare pipeline",
+)
+print(f"agreement id: {agreement['id']}")
+print(f"status: {agreement['status']}")  # AGREEMENT_STATUS_PENDING
+
+# once they approve, get the shared key
+# (they share it with you out of band, or you retrieve via get_agreement)
+
+# resolve an agent's endpoint URL
+result = registry.resolve_endpoint(
+    agent_id="agent-uuid",
+    shared_key="sk_abc123...",
+)
+print(f"url: {result['url']}")
+print(f"transport: {result['transport']}")
+print(f"skills: {[s.name for s in result['agent'].skills]}")
+```
+
+---
+
+### Full agreement flow
+
+```python
+# publisher A requests access to publisher B
+agreement = registry_a.request_access(
+    receiver_id=publisher_b_id,
+    message="building a medical pipeline",
+)
+
+# publisher B approves (on their side)
+shared_key = registry_b.approve_access(agreement["id"])
+# shared_key = "sk_abc123..."
+
+# both sides can now resolve each other's agents
+endpoint_a = registry_b.resolve_endpoint(agent_a_id, shared_key)
+endpoint_b = registry_a.resolve_endpoint(agent_b_id, shared_key)
+
+# either side can revoke
+registry_a.revoke_access(agreement["id"])
+# key is instantly invalid
+```
+
+---
+
+## API reference
+
+### `Registry(server_url)`
+
+| Method                                       | Description                                                |
+| -------------------------------------------- | ---------------------------------------------------------- |
+| `login(credentials_path?, key_path?)`        | Authenticate with Ed25519 challenge-response               |
+| `publish(card)`                              | Publish an AgentCard, returns card with server-assigned id |
+| `register_and_publish(card, ...)`            | Login + publish in one call                                |
+| `search(tags?, limit?)`                      | List agents by tag. URL not included                       |
+| `semantic_search(query, top_k?, min_score?)` | Natural language search                                    |
+| `get_agent(agent_id)`                        | Get a single agent by ID                                   |
+| `request_access(receiver_id, message?)`      | Send mutual access request                                 |
+| `approve_access(agreement_id)`               | Approve a pending request, returns shared key              |
+| `resolve_endpoint(agent_id, shared_key)`     | Resolve agent URL using shared key                         |
+
+### `AgentCard`
+
+| Field              | Type         | Required            |
+| ------------------ | ------------ | ------------------- |
+| `name`             | str          | ✓                   |
+| `description`      | str          | ✓                   |
+| `url`              | str          | ✓                   |
+| `version`          | str          | defaults to `0.1.0` |
+| `protocol_version` | str          | defaults to `0.3.0` |
+| `skills`           | list[Skill]  | ✓ at least one      |
+| `capabilities`     | Capabilities | optional            |
+
+### `Skill`
+
+| Field         | Type      | Required                    |
+| ------------- | --------- | --------------------------- |
+| `id`          | str       | ✓ (e.g. `fhir.lab.analyze`) |
+| `name`        | str       | ✓                           |
+| `description` | str       | ✓                           |
+| `tags`        | list[str] | optional                    |
+
+### `Capabilities`
+
+| Field                | Type | Default |
+| -------------------- | ---- | ------- |
+| `streaming`          | bool | False   |
+| `push_notifications` | bool | False   |
+| `multi_turn`         | bool | False   |
+| `tool_use`           | bool | False   |
+
+---
+
+## Requirements
+
+- Python 3.11+
+- `httpx[http2]` — HTTP/2 client (required, server speaks h2c)
+- `cryptography` — Ed25519 signing

sockridge-0.1.0/README.md

@@ -0,0 +1,232 @@
+# sockridge — Python SDK
+
+Python SDK for the [Sockridge](https://sockridge.com) agent registry.
+
+## Install
+
+```bash
+pip install git+https://github.com/Sockridge/sockridge.git#subdirectory=sdk/python
+```
+
+Or for local development:
+
+```bash
+git clone https://github.com/Sockridge/sockridge.git
+pip install -e sockridge/sdk/python
+```
+
+## Prerequisites
+
+You need a publisher account before using the SDK. Set one up with the CLI:
+
+```bash
+# install CLI
+go install github.com/Sockridge/sockridge/cli@latest
+
+# register
+sockridge auth keygen
+sockridge auth register --handle yourhandle --server https://sockridge.com:9000
+sockridge auth login --server https://sockridge.com:9000
+```
+
+This creates `~/.sockridge/credentials.json` and `~/.sockridge/ed25519.key` which the SDK reads automatically.
+
+---
+
+## Usage
+
+### Connect
+
+```python
+from sockridge import Registry
+
+registry = Registry("https://sockridge.com:9000")
+registry.login()  # reads ~/.sockridge/credentials.json
+```
+
+Custom credentials path:
+
+```python
+registry.login(
+    credentials_path="/custom/path/credentials.json",
+    key_path="/custom/path/ed25519.key",
+)
+```
+
+---
+
+### Publish an agent
+
+```python
+from sockridge import Registry, AgentCard, Skill, Capabilities
+
+registry = Registry("https://sockridge.com:9000")
+registry.login()
+
+card = AgentCard(
+    name="My FHIR Agent",
+    description="Analyzes lab trends from FHIR data using ML models",
+    url="https://my-agent.example.com",
+    version="1.0.0",
+    skills=[
+        Skill(
+            id="fhir.lab.analyze",
+            name="Lab Analyzer",
+            description="Detects anomalies in lab result trends",
+            tags=["fhir", "labs", "analysis"],
+        )
+    ],
+    capabilities=Capabilities(streaming=True, tool_use=True),
+)
+
+published = registry.publish(card)
+print(f"id: {published.id}")
+print(f"status: {published.status}")  # PENDING → ACTIVE after gatekeeper
+```
+
+The agent goes through automatic validation after publish:
+
+- Fields are checked (name, description, skills required)
+- URL is pinged to verify the agent is running
+- AI scores the card quality (0.0 - 1.0)
+- Score >= 0.4 → `AGENT_STATUS_ACTIVE`
+
+---
+
+### Self-register on startup
+
+For agents that register themselves when they start:
+
+```python
+registry = Registry("https://sockridge.com:9000")
+published = registry.register_and_publish(card)
+print(f"registered: {published.id}")
+```
+
+---
+
+### Search for agents
+
+```python
+# by tag
+agents = registry.search(tags=["fhir", "labs"])
+for agent in agents:
+    print(f"{agent.name} — {agent.id}")
+
+# by natural language
+results = registry.semantic_search("find me a lab result analyzer")
+for r in results:
+    print(f"{r['score']:.2f}  {r['agent'].name}")
+
+# by ID
+agent = registry.get_agent("agent-uuid-here")
+print(agent.name, agent.skills)
+```
+
+---
+
+### Access agreements
+
+Agents can only get each other's endpoint URLs after a mutual access agreement is approved by both publishers.
+
+```python
+# request access from another publisher
+agreement = registry.request_access(
+    receiver_id="other-publisher-uuid",
+    message="want to connect our agents for a healthcare pipeline",
+)
+print(f"agreement id: {agreement['id']}")
+print(f"status: {agreement['status']}")  # AGREEMENT_STATUS_PENDING
+
+# once they approve, get the shared key
+# (they share it with you out of band, or you retrieve via get_agreement)
+
+# resolve an agent's endpoint URL
+result = registry.resolve_endpoint(
+    agent_id="agent-uuid",
+    shared_key="sk_abc123...",
+)
+print(f"url: {result['url']}")
+print(f"transport: {result['transport']}")
+print(f"skills: {[s.name for s in result['agent'].skills]}")
+```
+
+---
+
+### Full agreement flow
+
+```python
+# publisher A requests access to publisher B
+agreement = registry_a.request_access(
+    receiver_id=publisher_b_id,
+    message="building a medical pipeline",
+)
+
+# publisher B approves (on their side)
+shared_key = registry_b.approve_access(agreement["id"])
+# shared_key = "sk_abc123..."
+
+# both sides can now resolve each other's agents
+endpoint_a = registry_b.resolve_endpoint(agent_a_id, shared_key)
+endpoint_b = registry_a.resolve_endpoint(agent_b_id, shared_key)
+
+# either side can revoke
+registry_a.revoke_access(agreement["id"])
+# key is instantly invalid
+```
+
+---
+
+## API reference
+
+### `Registry(server_url)`
+
+| Method                                       | Description                                                |
+| -------------------------------------------- | ---------------------------------------------------------- |
+| `login(credentials_path?, key_path?)`        | Authenticate with Ed25519 challenge-response               |
+| `publish(card)`                              | Publish an AgentCard, returns card with server-assigned id |
+| `register_and_publish(card, ...)`            | Login + publish in one call                                |
+| `search(tags?, limit?)`                      | List agents by tag. URL not included                       |
+| `semantic_search(query, top_k?, min_score?)` | Natural language search                                    |
+| `get_agent(agent_id)`                        | Get a single agent by ID                                   |
+| `request_access(receiver_id, message?)`      | Send mutual access request                                 |
+| `approve_access(agreement_id)`               | Approve a pending request, returns shared key              |
+| `resolve_endpoint(agent_id, shared_key)`     | Resolve agent URL using shared key                         |
+
+### `AgentCard`
+
+| Field              | Type         | Required            |
+| ------------------ | ------------ | ------------------- |
+| `name`             | str          | ✓                   |
+| `description`      | str          | ✓                   |
+| `url`              | str          | ✓                   |
+| `version`          | str          | defaults to `0.1.0` |
+| `protocol_version` | str          | defaults to `0.3.0` |
+| `skills`           | list[Skill]  | ✓ at least one      |
+| `capabilities`     | Capabilities | optional            |
+
+### `Skill`
+
+| Field         | Type      | Required                    |
+| ------------- | --------- | --------------------------- |
+| `id`          | str       | ✓ (e.g. `fhir.lab.analyze`) |
+| `name`        | str       | ✓                           |
+| `description` | str       | ✓                           |
+| `tags`        | list[str] | optional                    |
+
+### `Capabilities`
+
+| Field                | Type | Default |
+| -------------------- | ---- | ------- |
+| `streaming`          | bool | False   |
+| `push_notifications` | bool | False   |
+| `multi_turn`         | bool | False   |
+| `tool_use`           | bool | False   |
+
+---
+
+## Requirements
+
+- Python 3.11+
+- `httpx[http2]` — HTTP/2 client (required, server speaks h2c)
+- `cryptography` — Ed25519 signing

sockridge-0.1.0/auth.py

@@ -0,0 +1,90 @@
+import base64
+import json
+import os
+from pathlib import Path
+from cryptography.hazmat.primitives.asymmetric.ed25519 import (
+    Ed25519PrivateKey,
+    Ed25519PublicKey,
+)
+from cryptography.hazmat.primitives.serialization import (
+    Encoding,
+    PublicFormat,
+    PrivateFormat,
+    NoEncryption,
+)
+
+
+class KeyPair:
+    def __init__(self, private_key: Ed25519PrivateKey):
+        self._private_key = private_key
+        self._public_key  = private_key.public_key()
+
+    @classmethod
+    def generate(cls) -> "KeyPair":
+        """Generate a new Ed25519 keypair."""
+        return cls(Ed25519PrivateKey.generate())
+
+    @classmethod
+    def load(cls, path: str) -> "KeyPair":
+        """Load a private key from a base64-encoded file."""
+        raw = Path(path).read_text().strip()
+        priv_bytes = base64.b64decode(raw)
+        private_key = Ed25519PrivateKey.from_private_bytes(priv_bytes[:32])
+        return cls(private_key)
+
+    def save(self, path: str) -> None:
+        """Save the private key to a file (chmod 600)."""
+        priv_bytes = self._private_key.private_bytes(
+            Encoding.Raw, PrivateFormat.Raw, NoEncryption()
+        )
+        Path(path).write_text(base64.b64encode(priv_bytes).decode())
+        os.chmod(path, 0o600)
+
+    @property
+    def public_key_b64(self) -> str:
+        """Base64-encoded public key for registration."""
+        pub_bytes = self._public_key.public_bytes(Encoding.Raw, PublicFormat.Raw)
+        return base64.b64encode(pub_bytes).decode()
+
+    def sign(self, message: bytes) -> bytes:
+        """Sign a message with the private key."""
+        return self._private_key.sign(message)
+
+
+class Credentials:
+    DEFAULT_PATH = Path.home() / ".sockridge" / "credentials.json"
+    DEFAULT_KEY  = Path.home() / ".sockridge" / "ed25519.key"
+
+    def __init__(
+        self,
+        publisher_id: str,
+        handle: str,
+        server_url: str,
+        session_token: str = "",
+    ):
+        self.publisher_id  = publisher_id
+        self.handle        = handle
+        self.server_url    = server_url
+        self.session_token = session_token
+
+    @classmethod
+    def load(cls, path: str | None = None) -> "Credentials":
+        p = Path(path) if path else cls.DEFAULT_PATH
+        data = json.loads(p.read_text())
+        return cls(
+            publisher_id  = data["publisher_id"],
+            handle        = data["handle"],
+            server_url    = data.get("server_url", "https://sockridge.com:9000"),
+            session_token = data.get("session_token", ""),
+        )
+
+    def save(self, path: str | None = None) -> None:
+        p = Path(path) if path else cls.DEFAULT_PATH
+        p.parent.mkdir(parents=True, exist_ok=True)
+        p.write_text(json.dumps({
+            "publisher_id":  self.publisher_id,
+            "handle":        self.handle,
+            "server_url":    self.server_url,
+            "session_token": self.session_token,
+        }, indent=2))
+        os.chmod(p, 0o600)

sockridge-0.1.0/pyproject.toml

@@ -0,0 +1,21 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "sockridge"
+version = "0.1.0"
+description = "Python SDK for the SockRidge agent registry"
+readme = "README.md"
+requires-python = ">=3.11"
+license = { text = "MIT" }
+dependencies = [
+    "httpx[http2]>=0.27.0",
+    "cryptography>=42.0.0",
+]
+
+[project.optional-dependencies]
+dev = ["pytest", "pytest-asyncio"]
+
+[project.urls]
+Homepage = "https://github.com/Sockridge/sockridge"

sockridge-0.1.0/sockridge/__init__.py

@@ -0,0 +1,6 @@
+from .registry import Registry
+from .models import AgentCard, Skill, Capabilities
+from .auth import KeyPair
+
+__all__ = ["Registry", "AgentCard", "Skill", "Capabilities", "KeyPair"]
+__version__ = "0.1.0"

sockridge-0.1.0/sockridge/auth.py

@@ -0,0 +1,90 @@
+import base64
+import json
+import os
+from pathlib import Path
+from cryptography.hazmat.primitives.asymmetric.ed25519 import (
+    Ed25519PrivateKey,
+    Ed25519PublicKey,
+)
+from cryptography.hazmat.primitives.serialization import (
+    Encoding,
+    PublicFormat,
+    PrivateFormat,
+    NoEncryption,
+)
+
+
+class KeyPair:
+    def __init__(self, private_key: Ed25519PrivateKey):
+        self._private_key = private_key
+        self._public_key  = private_key.public_key()
+
+    @classmethod
+    def generate(cls) -> "KeyPair":
+        """Generate a new Ed25519 keypair."""
+        return cls(Ed25519PrivateKey.generate())
+
+    @classmethod
+    def load(cls, path: str) -> "KeyPair":
+        """Load a private key from a base64-encoded file."""
+        raw = Path(path).read_text().strip()
+        priv_bytes = base64.b64decode(raw)
+        private_key = Ed25519PrivateKey.from_private_bytes(priv_bytes[:32])
+        return cls(private_key)
+
+    def save(self, path: str) -> None:
+        """Save the private key to a file (chmod 600)."""
+        priv_bytes = self._private_key.private_bytes(
+            Encoding.Raw, PrivateFormat.Raw, NoEncryption()
+        )
+        Path(path).write_text(base64.b64encode(priv_bytes).decode())
+        os.chmod(path, 0o600)
+
+    @property
+    def public_key_b64(self) -> str:
+        """Base64-encoded public key for registration."""
+        pub_bytes = self._public_key.public_bytes(Encoding.Raw, PublicFormat.Raw)
+        return base64.b64encode(pub_bytes).decode()
+
+    def sign(self, message: bytes) -> bytes:
+        """Sign a message with the private key."""
+        return self._private_key.sign(message)
+
+
+class Credentials:
+    DEFAULT_PATH = Path.home() / ".sockridge" / "credentials.json"
+    DEFAULT_KEY  = Path.home() / ".sockridge" / "ed25519.key"
+
+    def __init__(
+        self,
+        publisher_id: str,
+        handle: str,
+        server_url: str,
+        session_token: str = "",
+    ):
+        self.publisher_id  = publisher_id
+        self.handle        = handle
+        self.server_url    = server_url
+        self.session_token = session_token
+
+    @classmethod
+    def load(cls, path: str | None = None) -> "Credentials":
+        p = Path(path) if path else cls.DEFAULT_PATH
+        data = json.loads(p.read_text())
+        return cls(
+            publisher_id  = data["publisher_id"],
+            handle        = data["handle"],
+            server_url    = data.get("server_url", "https://sockridge.com:9000"),
+            session_token = data.get("session_token", ""),
+        )
+
+    def save(self, path: str | None = None) -> None:
+        p = Path(path) if path else cls.DEFAULT_PATH
+        p.parent.mkdir(parents=True, exist_ok=True)
+        p.write_text(json.dumps({
+            "publisher_id":  self.publisher_id,
+            "handle":        self.handle,
+            "server_url":    self.server_url,
+            "session_token": self.session_token,
+        }, indent=2))
+        os.chmod(p, 0o600)

sockridge-0.1.0/sockridge/models.py

@@ -0,0 +1,82 @@
+from dataclasses import dataclass, field
+from typing import Optional
+from enum import Enum
+
+
+class AgentStatus(str, Enum):
+    PENDING    = "AGENT_STATUS_PENDING"
+    ACTIVE     = "AGENT_STATUS_ACTIVE"
+    REJECTED   = "AGENT_STATUS_REJECTED"
+    INACTIVE   = "AGENT_STATUS_INACTIVE"
+    DEPRECATED = "AGENT_STATUS_DEPRECATED"
+
+
+@dataclass
+class Skill:
+    id: str
+    name: str
+    description: str
+    tags: list[str] = field(default_factory=list)
+
+    def to_dict(self) -> dict:
+        return {
+            "id": self.id,
+            "name": self.name,
+            "description": self.description,
+            "tags": self.tags,
+        }
+
+
+@dataclass
+class Capabilities:
+    streaming: bool          = False
+    push_notifications: bool = False
+    multi_turn: bool         = False
+    tool_use: bool           = False
+
+    def to_dict(self) -> dict:
+        return {
+            "streaming":          self.streaming,
+            "pushNotifications":  self.push_notifications,
+            "multiTurn":          self.multi_turn,
+            "toolUse":            self.tool_use,
+        }
+
+
+@dataclass
+class GatekeeperResult:
+    approved: bool
+    confidence_score: float
+    reason: str
+    reachable: bool
+    ping_latency_ms: int
+
+
+@dataclass
+class AgentCard:
+    name: str
+    description: str
+    url: str
+    version: str                        = "0.1.0"
+    protocol_version: str               = "0.3.0"
+    skills: list[Skill]                 = field(default_factory=list)
+    capabilities: Optional[Capabilities] = None
+
+    # set by registry after publish — do not set manually
+    id: Optional[str]                          = None
+    publisher_id: Optional[str]                = None
+    status: Optional[AgentStatus]              = None
+    gatekeeper_result: Optional[GatekeeperResult] = None
+
+    def to_dict(self) -> dict:
+        d = {
+            "name":            self.name,
+            "description":     self.description,
+            "url":             self.url,
+            "version":         self.version,
+            "protocolVersion": self.protocol_version,
+            "skills":          [s.to_dict() for s in self.skills],
+        }
+        if self.capabilities:
+            d["capabilities"] = self.capabilities.to_dict()
+        return d

sockridge-0.1.0/sockridge/registry.py

@@ -0,0 +1,260 @@
+import base64
+import json
+import time
+import httpx
+import struct
+from typing import Optional
+
+from .models import AgentCard, AgentStatus, GatekeeperResult, Skill, Capabilities
+from .auth import KeyPair, Credentials
+
+
+class RegistryError(Exception):
+    pass
+
+
+class Registry:
+    """
+    SockRidge registry client.
+
+    Usage:
+        from sockridge import Registry, AgentCard, Skill, Capabilities
+
+        registry = Registry("https://sockridge.com:9000")
+        registry.login(credentials_path="~/.sockridge/credentials.json")
+
+        card = AgentCard(
+            name="My Agent",
+            description="Does something useful",
+            url="https://my-agent.example.com",
+            skills=[Skill(id="do.thing", name="Do Thing", description="Does the thing", tags=["thing"])],
+            capabilities=Capabilities(streaming=True),
+        )
+
+        published = registry.publish(card)
+        print(published.id)
+    """
+
+    def __init__(self, server_url: str = "https://sockridge.com:9000"):
+        self.server_url  = server_url.rstrip("/")
+        self._token      = ""
+        self._keypair: Optional[KeyPair] = None
+        self._publisher_id = ""
+        self._client = httpx.Client(http2=True, timeout=15.0)
+
+    # ── Auth ──────────────────────────────────────────────────────────────────
+
+    def login(
+        self,
+        credentials_path: str | None = None,
+        key_path: str | None = None,
+    ) -> None:
+        """Load credentials and perform challenge-response auth."""
+        creds = Credentials.load(credentials_path)
+        kp    = KeyPair.load(key_path or str(Credentials.DEFAULT_KEY))
+
+        self._keypair      = kp
+        self._publisher_id = creds.publisher_id
+
+        # challenge → sign → token
+        challenge = self._post("/agentregistry.v1.RegistryService/AuthChallenge", {
+            "publisherId": creds.publisher_id,
+        })
+        nonce = challenge["nonce"]
+        sig   = kp.sign(nonce.encode())
+
+        verify = self._post("/agentregistry.v1.RegistryService/AuthVerify", {
+            "publisherId": creds.publisher_id,
+            "nonce":       nonce,
+            "signature":   base64.b64encode(sig).decode(),
+        })
+
+        self._token = verify["sessionToken"]
+
+    # ── Publish ───────────────────────────────────────────────────────────────
+
+    def publish(self, card: AgentCard) -> AgentCard:
+        """
+        Publish an agent to the registry.
+        Signs the payload with Ed25519 before sending.
+        Returns the AgentCard with server-assigned id and status.
+        """
+        if not self._keypair:
+            raise RegistryError("not authenticated — call registry.login() first")
+
+        # use compact JSON with sorted keys for deterministic signing
+        payload_json = json.dumps(card.to_dict(), separators=(",", ":"), sort_keys=True).encode()
+        signature    = self._keypair.sign(payload_json)
+
+        resp = self._post_auth("/agentregistry.v1.RegistryService/PublishAgent", {
+            "payload": {
+                "payload":   base64.b64encode(payload_json).decode(),
+                "signature": base64.b64encode(signature).decode(),
+                "keyId":     self._publisher_id,
+            }
+        })
+
+        return self._parse_agent_card(resp.get("agent", {}))
+
+    # ── Discovery ─────────────────────────────────────────────────────────────
+
+    def search(self, tags: list[str] = [], limit: int = 20) -> list[AgentCard]:
+        """List agents by tags. URL is not included (use resolve for that)."""
+        resp = self._post("/agentregistry.v1.DiscoveryService/ListAgents", {
+            "tags":  tags,
+            "limit": limit,
+        })
+        return [self._parse_agent_card(a) for a in resp if a]
+
+    def semantic_search(self, query: str, top_k: int = 10, min_score: float = 0.1) -> list[dict]:
+        """Find agents by natural language description."""
+        resp = self._post("/agentregistry.v1.DiscoveryService/SemanticSearch", {
+            "query":    query,
+            "topK":     top_k,
+            "minScore": min_score,
+        })
+        return [{"agent": self._parse_agent_card(r.get("agent", {})), "score": r.get("score", 0)} for r in resp]
+
+    def get_agent(self, agent_id: str) -> AgentCard:
+        """Get a single agent by ID."""
+        resp = self._post("/agentregistry.v1.DiscoveryService/GetAgent", {
+            "agentId": agent_id,
+        })
+        return self._parse_agent_card(resp.get("agent", {}))
+
+    # ── Access Agreements ─────────────────────────────────────────────────────
+
+    def request_access(self, receiver_id: str, message: str = "") -> dict:
+        """Request mutual access with another publisher."""
+        resp = self._post_auth("/agentregistry.v1.AccessAgreementService/RequestAccess", {
+            "requesterId": self._publisher_id,
+            "receiverId":  receiver_id,
+            "message":     message,
+        })
+        return resp.get("agreement", {})
+
+    def approve_access(self, agreement_id: str) -> str:
+        """Approve a pending access request. Returns the shared key."""
+        resp = self._post_auth("/agentregistry.v1.AccessAgreementService/ApproveAccess", {
+            "publisherId": self._publisher_id,
+            "agreementId": agreement_id,
+        })
+        return resp.get("sharedKey", "")
+
+    def resolve_endpoint(self, agent_id: str, shared_key: str) -> dict:
+        """
+        Resolve an agent's endpoint URL using a shared key.
+        Returns { url, transport, agent: AgentCard }
+        """
+        resp = self._post("/agentregistry.v1.AccessAgreementService/ResolveEndpoint", {
+            "agentId":   agent_id,
+            "sharedKey": shared_key,
+        })
+        return {
+            "url":       resp.get("url", ""),
+            "transport": resp.get("transport", "http"),
+            "agent":     self._parse_agent_card(resp.get("agent", {})),
+        }
+
+    # ── Self-register helper ──────────────────────────────────────────────────
+
+    def register_and_publish(
+        self,
+        card: AgentCard,
+        credentials_path: str | None = None,
+        key_path: str | None = None,
+    ) -> AgentCard:
+        """
+        Convenience method: login then publish in one call.
+        Ideal for agent startup scripts.
+
+        Example:
+            registry = Registry("https://sockridge.com:9000")
+            published = registry.register_and_publish(my_card)
+        """
+        self.login(credentials_path, key_path)
+        return self.publish(card)
+
+    # ── HTTP helpers ──────────────────────────────────────────────────────────
+
+    def _post(self, path: str, body: dict) -> dict | list:
+        url  = self.server_url + path
+        resp = self._client.post(
+            url,
+            json=body,
+            headers={"Content-Type": "application/json"},
+        )
+        self._raise_for_status(resp)
+        data = resp.json()
+        # connect-rpc returns arrays for server-streaming endpoints
+        if isinstance(data, list):
+            return data
+        return data
+
+    def _post_auth(self, path: str, body: dict) -> dict:
+        if not self._token:
+            raise RegistryError("not authenticated — call registry.login() first")
+        url  = self.server_url + path
+        resp = self._client.post(
+            url,
+            json=body,
+            headers={
+                "Content-Type":  "application/json",
+                "Authorization": f"Bearer {self._token}",
+            },
+        )
+        self._raise_for_status(resp)
+        return resp.json()
+
+    def _raise_for_status(self, resp: httpx.Response) -> None:
+        if resp.status_code >= 400:
+            try:
+                detail = resp.json().get("message", resp.text)
+            except Exception:
+                detail = resp.text
+            raise RegistryError(f"registry error {resp.status_code}: {detail}")
+
+    def _parse_agent_card(self, data: dict) -> AgentCard:
+        if not data:
+            return AgentCard(name="", description="", url="")
+
+        skills = [
+            Skill(
+                id=s.get("id", ""),
+                name=s.get("name", ""),
+                description=s.get("description", ""),
+                tags=s.get("tags", []),
+            )
+            for s in data.get("skills", [])
+        ]
+
+        caps_data = data.get("capabilities", {})
+        caps = Capabilities(
+            streaming=caps_data.get("streaming", False),
+            push_notifications=caps_data.get("pushNotifications", False),
+            multi_turn=caps_data.get("multiTurn", False),
+            tool_use=caps_data.get("toolUse", False),
+        ) if caps_data else None
+
+        gk_data = data.get("gatekeeperResult")
+        gk = GatekeeperResult(
+            approved=gk_data.get("approved", False),
+            confidence_score=gk_data.get("confidenceScore", 0),
+            reason=gk_data.get("reason", ""),
+            reachable=gk_data.get("reachable", False),
+            ping_latency_ms=gk_data.get("pingLatencyMs", 0),
+        ) if gk_data else None
+
+        return AgentCard(
+            id=data.get("id"),
+            name=data.get("name", ""),
+            description=data.get("description", ""),
+            url=data.get("url", ""),
+            version=data.get("version", "0.1.0"),
+            protocol_version=data.get("protocolVersion", "0.3.0"),
+            skills=skills,
+            capabilities=caps,
+            publisher_id=data.get("publisherId"),
+            status=AgentStatus(data["status"]) if data.get("status") else None,
+            gatekeeper_result=gk,
+        )