swiftapi-python 1.0.3__tar.gz → 1.1.1__tar.gz

{swiftapi_python-1.0.3 → swiftapi_python-1.1.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: swiftapi-python
-Version: 1.0.3
+Version: 1.1.1
 Summary: SwiftAPI Python SDK - AI Action Verification Gateway
 Author-email: Rayan Pal <rayan@swiftapi.ai>
 License-Expression: MIT

{swiftapi_python-1.0.3 → swiftapi_python-1.1.1}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "swiftapi-python"
-version = "1.0.3"
+version = "1.1.1"
 description = "SwiftAPI Python SDK - AI Action Verification Gateway"
 readme = "README.md"
 license = "MIT"

{swiftapi_python-1.0.3 → swiftapi_python-1.1.1}/swiftapi/__init__.py

@@ -29,13 +29,14 @@ Usage:
         db.update(user_id, data)
 """
 
-__version__ = "1.0.0"
+__version__ = "1.1.1"
 __author__ = "Rayan Pal"
 
 # Core exports
 from .client import SwiftAPI
 from .enforcement import Enforcement, enforce
 from .verifier import verify_signature, is_valid, get_public_key
+from .openai import OpenAI
 
 # Exceptions
 from .exceptions import (
@@ -67,6 +68,8 @@ __all__ = [
     "SwiftAPI",
     "Enforcement",
     "enforce",
+    # Drop-in OpenAI replacement
+    "OpenAI",
     # Verification
     "verify_signature",
     "is_valid",

{swiftapi_python-1.0.3 → swiftapi_python-1.1.1}/swiftapi/client.py

@@ -213,6 +213,30 @@ class SwiftAPI:
             # If endpoint fails, assume not revoked (fail-open for availability)
             return False
 
+    def attest(
+        self,
+        action_type: str,
+        action_data: Dict[str, Any],
+    ) -> Dict[str, Any]:
+        """
+        Request an execution attestation from the authority.
+
+        Calls /attest to get a signed attestation for the given action.
+        The attestation can then be passed to gated endpoints like /chat/vibe.
+
+        Args:
+            action_type: Type of action (e.g., "chat_completion")
+            action_data: Action payload to be attested
+
+        Returns:
+            Signed attestation dict with jti, signature, action_fingerprint, etc.
+        """
+        payload = {
+            "action_type": action_type,
+            "action_data": action_data,
+        }
+        return self._request("POST", "/attest", json=payload)
+
     # =========================================================================
     # Info Endpoints
     # =========================================================================

swiftapi_python-1.1.1/swiftapi/openai.py

@@ -0,0 +1,200 @@
+"""
+SwiftAPI Attested OpenAI - Drop-in replacement.
+
+    # Before (vibe coding):
+    from openai import OpenAI
+    client = OpenAI()
+
+    # After (attested):
+    from swiftapi import OpenAI
+    client = OpenAI(swiftapi_key="swiftapi_live_...")
+
+Same interface. Same return type. Every completion is cryptographically attested.
+No attestation, no output.
+"""
+
+import json
+import requests
+from typing import List, Dict, Union, Optional, Any
+
+from .exceptions import SwiftAPIError, AuthenticationError, NetworkError
+
+
+class Message:
+    """OpenAI-compatible message object."""
+
+    def __init__(self, role: str, content: str):
+        self.role = role
+        self.content = content
+
+    def __repr__(self):
+        truncated = self.content[:80] if self.content else ""
+        return f"Message(role='{self.role}', content='{truncated}')"
+
+
+class Choice:
+    """OpenAI-compatible choice object."""
+
+    def __init__(self, index: int, message: Message, finish_reason: str):
+        self.index = index
+        self.message = message
+        self.finish_reason = finish_reason
+
+
+class ChatCompletion:
+    """OpenAI-compatible chat completion response."""
+
+    def __init__(self, content: str, model: str, attested: bool = False, jti: str = None):
+        self.choices = [
+            Choice(
+                index=0,
+                message=Message(role="assistant", content=content),
+                finish_reason="stop" if content else "void",
+            )
+        ]
+        self.model = model
+        self.attested = attested
+        self.jti = jti
+
+    @property
+    def content(self):
+        """Convenience: response.content instead of response.choices[0].message.content"""
+        return self.choices[0].message.content
+
+
+class Completions:
+    """Handles chat.completions.create() calls."""
+
+    def __init__(self, key: str, base_url: str, timeout: int):
+        self._key = key
+        self._base_url = base_url.rstrip("/")
+        self._timeout = timeout
+        self._session = requests.Session()
+        self._session.headers.update({
+            "X-SwiftAPI-Authority": key,
+            "Content-Type": "application/json",
+            "User-Agent": "swiftapi-python/1.1.0",
+        })
+
+    def create(
+        self,
+        model: str,
+        messages: List[Dict[str, Any]],
+        temperature: float = 0.7,
+        max_completion_tokens: int = 300,
+        max_tokens: Optional[int] = None,
+        **kwargs,
+    ) -> ChatCompletion:
+        """
+        Create an attested chat completion.
+
+        Same interface as openai.chat.completions.create().
+        Attestation is handled transparently. If any gate fails, content is empty string.
+
+        Args:
+            model: Model name (e.g. "gpt-4o-mini")
+            messages: List of message dicts with role and content
+            temperature: Sampling temperature
+            max_completion_tokens: Max tokens in response
+            max_tokens: Alias for max_completion_tokens (OpenAI compat)
+
+        Returns:
+            ChatCompletion with .choices[0].message.content
+        """
+        payload = {
+            "model": model,
+            "messages": messages,
+            "temperature": temperature,
+            "max_completion_tokens": max_tokens or max_completion_tokens,
+        }
+
+        # Step 1: Attest
+        try:
+            attest_resp = self._session.post(
+                f"{self._base_url}/attest",
+                json={"action_type": "chat_completion", "action_data": payload},
+                timeout=self._timeout,
+            )
+        except requests.exceptions.RequestException as e:
+            raise NetworkError(f"Attestation request failed: {e}")
+
+        if attest_resp.status_code == 403:
+            raise AuthenticationError("Invalid SwiftAPI authority key")
+        if attest_resp.status_code == 429:
+            raise SwiftAPIError("Rate limit exceeded")
+        if attest_resp.status_code != 200:
+            raise SwiftAPIError(f"Attestation failed: {attest_resp.text[:200]}")
+
+        attestation = attest_resp.json()
+
+        if not attestation.get("approved"):
+            return ChatCompletion(content="", model=model)
+
+        # Step 2: Forward to /chat/vibe with attestation
+        try:
+            vibe_resp = self._session.post(
+                f"{self._base_url}/chat/vibe",
+                json=payload,
+                headers={"X-SwiftAPI-Attestation": json.dumps(attestation)},
+                timeout=self._timeout,
+            )
+        except requests.exceptions.RequestException as e:
+            raise NetworkError(f"Chat request failed: {e}")
+
+        if vibe_resp.status_code == 403:
+            raise AuthenticationError("Invalid SwiftAPI authority key")
+        if vibe_resp.status_code != 200:
+            raise SwiftAPIError(f"Chat failed: {vibe_resp.text[:200]}")
+
+        content = vibe_resp.json()
+        if content is None:
+            content = ""
+
+        return ChatCompletion(
+            content=content,
+            model=model,
+            attested=True,
+            jti=attestation.get("jti"),
+        )
+
+
+class _ChatNamespace:
+    """Namespace for client.chat.completions"""
+
+    def __init__(self, key: str, base_url: str, timeout: int):
+        self.completions = Completions(key, base_url, timeout)
+
+
+class OpenAI:
+    """
+    Drop-in replacement for openai.OpenAI.
+
+    Every completion is cryptographically attested via SwiftAPI.
+    No attestation, no output.
+
+    Usage:
+        from swiftapi import OpenAI
+
+        client = OpenAI(swiftapi_key="swiftapi_live_...")
+        r = client.chat.completions.create(
+            model="gpt-4o-mini",
+            messages=[{"role": "user", "content": "Hello"}]
+        )
+        print(r.choices[0].message.content)
+    """
+
+    def __init__(
+        self,
+        swiftapi_key: str = None,
+        api_key: str = None,
+        base_url: str = "https://swiftapi.ai",
+        timeout: int = 60,
+        **kwargs,
+    ):
+        key = swiftapi_key or api_key
+        if not key:
+            raise AuthenticationError("swiftapi_key is required")
+        if not key.startswith("swiftapi_live_"):
+            raise AuthenticationError("Invalid key format: must start with 'swiftapi_live_'")
+
+        self.chat = _ChatNamespace(key, base_url, timeout)

{swiftapi_python-1.0.3 → swiftapi_python-1.1.1}/swiftapi/verifier.py

@@ -27,22 +27,27 @@ SWIFTAPI_PUBLIC_KEY = base64.b64decode(SWIFTAPI_PUBLIC_KEY_B64)
 VERIFY_KEY = VerifyKey(SWIFTAPI_PUBLIC_KEY)
 
 
-def verify_signature(attestation: Dict[str, Any]) -> bool:
+def verify_signature(attestation: Dict[str, Any], ignore_expiry: bool = False) -> bool:
     """
     Verify the Ed25519 signature of an execution attestation.
 
     This is OFFLINE verification - no network required.
     The signature proves the attestation was issued by SwiftAPI.
 
+    Signature authenticity is permanent. Expiry is about the execution window,
+    not whether the attestation is genuine. Use ignore_expiry=True for audit
+    and post-hoc verification.
+
     Args:
         attestation: The execution_attestation dict from /verify response
+        ignore_expiry: If True, verify signature without checking expiry
 
     Returns:
         True if signature is valid
 
     Raises:
         SignatureVerificationError: If signature is invalid or missing
-        AttestationExpiredError: If attestation has expired
+        AttestationExpiredError: If attestation has expired (and ignore_expiry is False)
     """
     # Extract required fields
     signature_b64 = attestation.get("signature")
@@ -56,35 +61,34 @@ def verify_signature(attestation: Dict[str, Any]) -> bool:
     if not all([jti, action_fingerprint, expires_at]):
         raise SignatureVerificationError("Incomplete attestation: missing required fields")
 
-    # Check expiration FIRST
-    try:
-        expiry = datetime.fromisoformat(expires_at.replace("Z", "+00:00"))
-        now = datetime.now(timezone.utc)
-        if now > expiry:
-            raise AttestationExpiredError(f"Attestation expired at {expires_at}")
-    except ValueError as e:
-        raise SignatureVerificationError(f"Invalid expiration format: {e}")
-
-    # Reconstruct the signed payload (deterministic serialization)
-    # This MUST match the server's signing logic exactly
+    # Verify signature FIRST — authenticity is permanent
     signed_payload = _reconstruct_signed_payload(attestation)
 
-    # Decode signature
     try:
         signature = base64.b64decode(signature_b64)
     except Exception as e:
         raise SignatureVerificationError(f"Invalid signature encoding: {e}")
 
-    # Verify signature
     try:
         VERIFY_KEY.verify(signed_payload, signature)
-        return True
     except BadSignatureError:
         raise SignatureVerificationError(
             "INVALID SIGNATURE: Attestation was not signed by SwiftAPI. "
             "This could indicate a forged or tampered attestation."
         )
 
+    # Check expiration AFTER signature (execution window, not authenticity)
+    if not ignore_expiry:
+        try:
+            expiry = datetime.fromisoformat(expires_at.replace("Z", "+00:00"))
+            now = datetime.now(timezone.utc)
+            if now > expiry:
+                raise AttestationExpiredError(f"Attestation expired at {expires_at}")
+        except ValueError as e:
+            raise SignatureVerificationError(f"Invalid expiration format: {e}")
+
+    return True
+
 
 def _reconstruct_signed_payload(attestation: Dict[str, Any]) -> bytes:
     """
@@ -93,8 +97,11 @@ def _reconstruct_signed_payload(attestation: Dict[str, Any]) -> bytes:
     The server signs the attestation BEFORE adding signature/signing_mode fields.
     We must reconstruct that exact payload.
     """
-    # Copy attestation and remove signature fields (they weren't in the signed payload)
-    signed_fields = {k: v for k, v in attestation.items() if k not in ("signature", "signing_mode")}
+    # Copy attestation and remove fields that weren't in the signed payload.
+    # signature/signing_mode are added after signing.
+    # action_data/denial_reason are added by /attest after signing.
+    _unsigned = ("signature", "signing_mode", "action_data", "denial_reason")
+    signed_fields = {k: v for k, v in attestation.items() if k not in _unsigned}
 
     # Deterministic JSON serialization (must match server exactly)
     payload_str = json.dumps(signed_fields, sort_keys=True, separators=(",", ":"))
@@ -106,17 +113,18 @@ def get_public_key() -> str:
     return SWIFTAPI_PUBLIC_KEY_B64
 
 
-def is_valid(attestation: Dict[str, Any]) -> bool:
+def is_valid(attestation: Dict[str, Any], ignore_expiry: bool = False) -> bool:
     """
     Check if attestation is valid without raising exceptions.
 
     Args:
         attestation: The execution_attestation dict
+        ignore_expiry: If True, only check signature authenticity
 
     Returns:
         True if valid, False otherwise
     """
     try:
-        return verify_signature(attestation)
+        return verify_signature(attestation, ignore_expiry=ignore_expiry)
     except Exception:
         return False

{swiftapi_python-1.0.3 → swiftapi_python-1.1.1}/swiftapi_python.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: swiftapi-python
-Version: 1.0.3
+Version: 1.1.1
 Summary: SwiftAPI Python SDK - AI Action Verification Gateway
 Author-email: Rayan Pal <rayan@swiftapi.ai>
 License-Expression: MIT

{swiftapi_python-1.0.3 → swiftapi_python-1.1.1}/swiftapi_python.egg-info/SOURCES.txt

@@ -4,6 +4,7 @@ swiftapi/__init__.py
 swiftapi/client.py
 swiftapi/enforcement.py
 swiftapi/exceptions.py
+swiftapi/openai.py
 swiftapi/utils.py
 swiftapi/verifier.py
 swiftapi_python.egg-info/PKG-INFO