trustplane-sdk 0.1.0__tar.gz

trustplane_sdk-0.1.0/PKG-INFO

@@ -0,0 +1,51 @@
+Metadata-Version: 2.4
+Name: trustplane-sdk
+Version: 0.1.0
+Summary: Trustplane SDK (Python) for generating request proof headers
+Project-URL: Homepage, https://trustplane.mergematter.io
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+Requires-Dist: pynacl>=1.5.0
+
+# Trustplane Python SDK (v0.1)
+
+Minimal SDK to generate Trustplane proof headers.
+
+## Install
+
+```bash
+pip install trustplane-sdk
+```
+
+## Usage
+
+```python
+from trustplane_sdk import sign
+
+out = sign(
+    tenant_id="mergematter.io",
+    api_id="api_demo",
+    client_id="client_demo",
+    private_key_b64url="<private_key_b64url>",
+    method="GET",
+    path="/orders",
+    body=""
+)
+
+print(out["headers"])
+```
+
+## Config file
+
+```python
+from trustplane_sdk import from_file
+
+client = from_file("./trustplane.json")
+out = client.sign(method="GET", path="/orders", body="", private_key_b64url="<private_key_b64url>")
+```
+
+## Tests
+
+```bash
+python3 -m unittest sdk/python/tests/test_vector.py
+```

trustplane_sdk-0.1.0/README.md

@@ -0,0 +1,42 @@
+# Trustplane Python SDK (v0.1)
+
+Minimal SDK to generate Trustplane proof headers.
+
+## Install
+
+```bash
+pip install trustplane-sdk
+```
+
+## Usage
+
+```python
+from trustplane_sdk import sign
+
+out = sign(
+    tenant_id="mergematter.io",
+    api_id="api_demo",
+    client_id="client_demo",
+    private_key_b64url="<private_key_b64url>",
+    method="GET",
+    path="/orders",
+    body=""
+)
+
+print(out["headers"])
+```
+
+## Config file
+
+```python
+from trustplane_sdk import from_file
+
+client = from_file("./trustplane.json")
+out = client.sign(method="GET", path="/orders", body="", private_key_b64url="<private_key_b64url>")
+```
+
+## Tests
+
+```bash
+python3 -m unittest sdk/python/tests/test_vector.py
+```

trustplane_sdk-0.1.0/pyproject.toml

@@ -0,0 +1,14 @@
+[build-system]
+requires = ["setuptools>=61.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "trustplane-sdk"
+version = "0.1.0"
+description = "Trustplane SDK (Python) for generating request proof headers"
+readme = "README.md"
+requires-python = ">=3.8"
+dependencies = ["pynacl>=1.5.0"]
+
+[project.urls]
+Homepage = "https://trustplane.mergematter.io"

trustplane_sdk-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

trustplane_sdk-0.1.0/tests/test_vector.py

@@ -0,0 +1,34 @@
+import unittest
+
+from trustplane_sdk import sign
+
+
+class TestVector(unittest.TestCase):
+    def test_headers_shape(self) -> None:
+        out = sign(
+            tenant_id="mergematter.io",
+            api_id="api_demo",
+            client_id="client_demo",
+            private_key_b64url="dyIi-Xwr2tl6NdzkT0CXWUZkb9cPRXTSbDQgz-SCcORqDZPYyFAEXEGn6Eg6hlokBxvS8avUjpmk4VwaXmg7zQ",
+            method="GET",
+            path="/orders",
+            body="",
+            bucket_seconds=20,
+            time_bucket_override=88498363,
+            nonce_override="9biCQnN2URhTCqhn_-orBQ",
+        )
+        headers = out["headers"]
+        self.assertEqual(headers["x-tp-tenant-id"], "mergematter.io")
+        self.assertEqual(headers["x-tp-api-id"], "api_demo")
+        self.assertEqual(headers["x-tp-client-id"], "client_demo")
+        self.assertEqual(headers["x-tp-time-bucket"], "88498363")
+        self.assertEqual(headers["x-tp-nonce"], "9biCQnN2URhTCqhn_-orBQ")
+        self.assertTrue(headers["x-tp-signature"])
+        self.assertEqual(
+            headers["x-tp-body-hash"],
+            "sha256:47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU",
+        )
+
+
+if __name__ == "__main__":
+    unittest.main()

trustplane_sdk-0.1.0/trustplane_sdk/__init__.py

@@ -0,0 +1,155 @@
+import base64
+import hashlib
+import json
+import os
+import time
+from typing import Any, Dict
+
+from nacl.signing import SigningKey
+
+
+def _b64url_encode(data: bytes) -> str:
+    return base64.urlsafe_b64encode(data).decode("utf-8").rstrip("=")
+
+
+def _b64url_decode(data: str) -> bytes:
+    pad = "=" * (-len(data) % 4)
+    return base64.urlsafe_b64decode(data + pad)
+
+
+def _sha256_b64url(data: bytes) -> str:
+    return _b64url_encode(hashlib.sha256(data).digest())
+
+
+def _random_nonce() -> str:
+    return _b64url_encode(os.urandom(16))
+
+
+def _build_transcript(
+    tenant_id: str,
+    api_id: str,
+    client_id: str,
+    method: str,
+    path: str,
+    body_hash: str,
+    time_bucket: int,
+    nonce: str,
+) -> str:
+    return "\n".join(
+        [
+            "TP1",
+            f"tenant_id={tenant_id}",
+            f"api_id={api_id}",
+            f"client_id={client_id}",
+            f"method={method}",
+            f"path={path}",
+            f"body_hash={body_hash}",
+            f"time_bucket={time_bucket}",
+            f"nonce={nonce}",
+        ]
+    )
+
+
+def sign(
+    tenant_id: str,
+    api_id: str,
+    client_id: str,
+    private_key_b64url: str,
+    method: str = "GET",
+    path: str = "/",
+    body: str = "",
+    bucket_seconds: int = 20,
+    time_bucket_override: int = None,
+    nonce_override: str = None,
+) -> Dict[str, Any]:
+    if not tenant_id or not api_id or not client_id:
+        raise ValueError("tenant_id, api_id, and client_id are required")
+    if not private_key_b64url:
+        raise ValueError("private_key_b64url is required")
+    if not path:
+        raise ValueError("path is required")
+
+    body_hash = f"sha256:{_sha256_b64url(body.encode('utf-8'))}"
+    now_seconds = int(time.time())
+    bucket = bucket_seconds if bucket_seconds > 0 else 20
+    time_bucket = time_bucket_override if time_bucket_override is not None else (now_seconds // bucket)
+    nonce = nonce_override if nonce_override is not None else _random_nonce()
+
+    transcript = _build_transcript(
+        tenant_id,
+        api_id,
+        client_id,
+        method.upper(),
+        path,
+        body_hash,
+        time_bucket,
+        nonce,
+    )
+
+    digest = hashlib.sha256(transcript.encode("utf-8")).digest()
+    priv = _b64url_decode(private_key_b64url)
+    if len(priv) != 64:
+        raise ValueError("private_key_b64url must be ed25519 private key (64 bytes)")
+    signing_key = SigningKey(priv[:32])
+    signature = signing_key.sign(digest).signature
+    signature_b64url = _b64url_encode(signature)
+
+    headers = {
+        "x-tp-tenant-id": tenant_id,
+        "x-tp-api-id": api_id,
+        "x-tp-client-id": client_id,
+        "x-tp-time-bucket": str(time_bucket),
+        "x-tp-nonce": nonce,
+        "x-tp-signature": signature_b64url,
+        "x-tp-body-hash": body_hash,
+    }
+
+    verify_payload = {
+        "tenant_id": tenant_id,
+        "api_id": api_id,
+        "client_id": client_id,
+        "method": method.upper(),
+        "path": path,
+        "body_hash": body_hash,
+        "time_bucket": time_bucket,
+        "nonce": nonce,
+        "signature": signature_b64url,
+    }
+
+    return {
+        "headers": headers,
+        "verify_payload": verify_payload,
+        "transcript": transcript,
+        "digest_b64url": _b64url_encode(digest),
+    }
+
+
+class TrustplaneClient:
+    def __init__(self, tenant_id: str, api_id: str, client_id: str, bucket_seconds: int = 20):
+        self.tenant_id = tenant_id
+        self.api_id = api_id
+        self.client_id = client_id
+        self.bucket_seconds = bucket_seconds
+
+    def sign(self, method: str, path: str, body: str, private_key_b64url: str) -> Dict[str, Any]:
+        return sign(
+            tenant_id=self.tenant_id,
+            api_id=self.api_id,
+            client_id=self.client_id,
+            private_key_b64url=private_key_b64url,
+            method=method,
+            path=path,
+            body=body,
+            bucket_seconds=self.bucket_seconds,
+        )
+
+
+def from_file(path: str) -> TrustplaneClient:
+    with open(path, "r", encoding="utf-8") as f:
+        cfg = json.load(f)
+    return TrustplaneClient(
+        tenant_id=cfg.get("tenant_id"),
+        api_id=cfg.get("api_id"),
+        client_id=cfg.get("client_id"),
+        bucket_seconds=cfg.get("bucket_seconds", 20),
+    )

trustplane_sdk-0.1.0/trustplane_sdk.egg-info/PKG-INFO

@@ -0,0 +1,51 @@
+Metadata-Version: 2.4
+Name: trustplane-sdk
+Version: 0.1.0
+Summary: Trustplane SDK (Python) for generating request proof headers
+Project-URL: Homepage, https://trustplane.mergematter.io
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+Requires-Dist: pynacl>=1.5.0
+
+# Trustplane Python SDK (v0.1)
+
+Minimal SDK to generate Trustplane proof headers.
+
+## Install
+
+```bash
+pip install trustplane-sdk
+```
+
+## Usage
+
+```python
+from trustplane_sdk import sign
+
+out = sign(
+    tenant_id="mergematter.io",
+    api_id="api_demo",
+    client_id="client_demo",
+    private_key_b64url="<private_key_b64url>",
+    method="GET",
+    path="/orders",
+    body=""
+)
+
+print(out["headers"])
+```
+
+## Config file
+
+```python
+from trustplane_sdk import from_file
+
+client = from_file("./trustplane.json")
+out = client.sign(method="GET", path="/orders", body="", private_key_b64url="<private_key_b64url>")
+```
+
+## Tests
+
+```bash
+python3 -m unittest sdk/python/tests/test_vector.py
+```

trustplane_sdk-0.1.0/trustplane_sdk.egg-info/SOURCES.txt

@@ -0,0 +1,9 @@
+README.md
+pyproject.toml
+tests/test_vector.py
+trustplane_sdk/__init__.py
+trustplane_sdk.egg-info/PKG-INFO
+trustplane_sdk.egg-info/SOURCES.txt
+trustplane_sdk.egg-info/dependency_links.txt
+trustplane_sdk.egg-info/requires.txt
+trustplane_sdk.egg-info/top_level.txt

trustplane_sdk-0.1.0/trustplane_sdk.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

trustplane_sdk-0.1.0/trustplane_sdk.egg-info/requires.txt

@@ -0,0 +1 @@
+pynacl>=1.5.0

trustplane_sdk-0.1.0/trustplane_sdk.egg-info/top_level.txt

@@ -0,0 +1 @@
+trustplane_sdk