valleydam 0.1.0__tar.gz

valleydam-0.1.0/PKG-INFO

@@ -0,0 +1,185 @@
+Metadata-Version: 2.4
+Name: valleydam
+Version: 0.1.0
+Summary: A DNS-based cryptographic identity verification protocol for AI Agents.
+Home-page: https://github.com/supra-nlpn/valley-dam
+Author: Supra N.
+Project-URL: Bug Tracker, https://github.com/supra-nlpn/valley-dam/issues
+Classifier: Programming Language :: Python :: 3
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Topic :: Security
+Classifier: Topic :: Internet :: WWW/HTTP
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+Requires-Dist: requests>=2.25.0
+Requires-Dist: cryptography>=3.4.0
+Requires-Dist: dnspython>=2.1.0
+Dynamic: author
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: project-url
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+
+# ⛰️ ValleyDam
+
+ValleyDam is a lightweight, open protocol for verifying the identity of AI agents and web scrapers using **DNS-backed cryptographic proof**.
+
+It enables a website to verify that a request *actually* came from `bot.openai.com` (or your startup’s domain) **without** API keys, IP allowlists, or complex authentication handshakes.
+
+---
+
+## The Problem
+
+Today, websites have no reliable way to identify automated clients.
+
+- **User-Agent strings are lies**  
+  Anyone can send `User-Agent: Googlebot`.
+
+- **IP blocking is messy**  
+  Legitimate bots often run on shared cloud infrastructure (AWS, GCP).
+
+- **API keys don’t scale**  
+  You can’t safely issue and manage API keys for every website on the internet.
+
+---
+
+## The Solution
+
+ValleyDam uses **Ed25519 digital signatures** anchored in **DNS TXT records** to create a verifiable, spoof-resistant identity for bots.
+
+### How it works
+
+1. **The bot signs each request** using a private Ed25519 key.
+2. **The server retrieves the public key** from the bot’s DNS record  
+   (e.g. `_agent.yourwebsite.com`).
+3. **The signature is verified**. If it matches, the bot’s identity is cryptographically proven.
+
+No central authority. No shared secrets. No API keys.
+
+---
+
+## 📦 Installation
+
+```bash
+pip install valleydam
+```
+
+---
+
+## 🚀 Usage
+
+### For Web Scrapper or Agent Developers (The Client)
+
+If you are building a scraper or AI agent, use `ValleyDamSession` to automatically sign outgoing HTTP requests.
+
+---
+
+#### 1. Generate Your Identity
+
+Run the CLI to generate a private key and receive your DNS TXT record value:
+
+```bash
+valleydam-gen
+```
+
+Follow the printed instructions to add the TXT record to your domain’s DNS.
+
+---
+
+#### 2. Use ValleyDam in Your Code
+
+ValleyDam behaves just like the standard Python `requests` library.
+
+```python
+from valleydam import ValleyDamSession
+
+# Initialize your authenticated session
+agent = ValleyDamSession(
+    domain="yourwebsite.com",                       # Your verified domain
+    private_key_path="yourwebsite_com_private.pem"  # Generated in step 1
+)
+
+# Make requests as normal — they are now cryptographically signed
+response = agent.get("https://protected-website.com/api/data")
+
+print(response.text)
+```
+
+---
+
+### For Website Owners (The Server)
+
+Use theGuide
+
+ValleyDam verifies incoming automated traffic and prevents agent impersonation by validating request signatures against DNS-published public keys.
+
+It runs as middleware and works with Flask, Django, FastAPI, and similar frameworks.
+
+---
+
+
+#### 🔒 Hard Validation (Block)
+
+Reject invalid or spoofed requests. Best for protected or agent-only APIs.
+
+```python
+from flask import Flask, request, jsonify
+from valleydam import verify_request
+
+app = Flask(__name__)
+
+@app.route('/agent-api', methods=['POST'])
+def protected_route():
+    try:
+        verify_request(request)
+        identity = request.headers.get('X-ValleyDam-KeyID')
+        return jsonify({
+            "status": "Welcome",
+            "verified_user": identity
+        })
+    except ValueError as e:
+        return jsonify({
+            "error": "Access Denied",
+            "reason": str(e)
+        }), 403
+
+if __name__ == "__main__":
+    app.run(port=5000)
+```
+
+#### 📄 Soft Validation (Log Only)
+
+Attempt verification, log results, but allow all traffic.
+
+```python
+import logging
+from flask import Flask, request, jsonify
+from valleydam import verify_request
+
+app = Flask(__name__)
+logging.basicConfig(level=logging.INFO)
+
+@app.route('/public-api', methods=['GET', 'POST'])
+def public_route():
+    identity = "Unverified (Anonymous)"
+
+    try:
+        verify_request(request)
+        identity = request.headers.get('X-ValleyDam-KeyID')
+        logging.info(f"Verified request from: {identity}")
+    except ValueError as e:
+        logging.warning(f"Verification failed: {e}")
+
+    return jsonify({
+        "data": "This is public data",
+        "your_status": identity
+    })
+
+if __name__ == "__main__":
+    app.run(port=5000)
+```

valleydam-0.1.0/README.md

@@ -0,0 +1,158 @@
+# ⛰️ ValleyDam
+
+ValleyDam is a lightweight, open protocol for verifying the identity of AI agents and web scrapers using **DNS-backed cryptographic proof**.
+
+It enables a website to verify that a request *actually* came from `bot.openai.com` (or your startup’s domain) **without** API keys, IP allowlists, or complex authentication handshakes.
+
+---
+
+## The Problem
+
+Today, websites have no reliable way to identify automated clients.
+
+- **User-Agent strings are lies**  
+  Anyone can send `User-Agent: Googlebot`.
+
+- **IP blocking is messy**  
+  Legitimate bots often run on shared cloud infrastructure (AWS, GCP).
+
+- **API keys don’t scale**  
+  You can’t safely issue and manage API keys for every website on the internet.
+
+---
+
+## The Solution
+
+ValleyDam uses **Ed25519 digital signatures** anchored in **DNS TXT records** to create a verifiable, spoof-resistant identity for bots.
+
+### How it works
+
+1. **The bot signs each request** using a private Ed25519 key.
+2. **The server retrieves the public key** from the bot’s DNS record  
+   (e.g. `_agent.yourwebsite.com`).
+3. **The signature is verified**. If it matches, the bot’s identity is cryptographically proven.
+
+No central authority. No shared secrets. No API keys.
+
+---
+
+## 📦 Installation
+
+```bash
+pip install valleydam
+```
+
+---
+
+## 🚀 Usage
+
+### For Web Scrapper or Agent Developers (The Client)
+
+If you are building a scraper or AI agent, use `ValleyDamSession` to automatically sign outgoing HTTP requests.
+
+---
+
+#### 1. Generate Your Identity
+
+Run the CLI to generate a private key and receive your DNS TXT record value:
+
+```bash
+valleydam-gen
+```
+
+Follow the printed instructions to add the TXT record to your domain’s DNS.
+
+---
+
+#### 2. Use ValleyDam in Your Code
+
+ValleyDam behaves just like the standard Python `requests` library.
+
+```python
+from valleydam import ValleyDamSession
+
+# Initialize your authenticated session
+agent = ValleyDamSession(
+    domain="yourwebsite.com",                       # Your verified domain
+    private_key_path="yourwebsite_com_private.pem"  # Generated in step 1
+)
+
+# Make requests as normal — they are now cryptographically signed
+response = agent.get("https://protected-website.com/api/data")
+
+print(response.text)
+```
+
+---
+
+### For Website Owners (The Server)
+
+Use theGuide
+
+ValleyDam verifies incoming automated traffic and prevents agent impersonation by validating request signatures against DNS-published public keys.
+
+It runs as middleware and works with Flask, Django, FastAPI, and similar frameworks.
+
+---
+
+
+#### 🔒 Hard Validation (Block)
+
+Reject invalid or spoofed requests. Best for protected or agent-only APIs.
+
+```python
+from flask import Flask, request, jsonify
+from valleydam import verify_request
+
+app = Flask(__name__)
+
+@app.route('/agent-api', methods=['POST'])
+def protected_route():
+    try:
+        verify_request(request)
+        identity = request.headers.get('X-ValleyDam-KeyID')
+        return jsonify({
+            "status": "Welcome",
+            "verified_user": identity
+        })
+    except ValueError as e:
+        return jsonify({
+            "error": "Access Denied",
+            "reason": str(e)
+        }), 403
+
+if __name__ == "__main__":
+    app.run(port=5000)
+```
+
+#### 📄 Soft Validation (Log Only)
+
+Attempt verification, log results, but allow all traffic.
+
+```python
+import logging
+from flask import Flask, request, jsonify
+from valleydam import verify_request
+
+app = Flask(__name__)
+logging.basicConfig(level=logging.INFO)
+
+@app.route('/public-api', methods=['GET', 'POST'])
+def public_route():
+    identity = "Unverified (Anonymous)"
+
+    try:
+        verify_request(request)
+        identity = request.headers.get('X-ValleyDam-KeyID')
+        logging.info(f"Verified request from: {identity}")
+    except ValueError as e:
+        logging.warning(f"Verification failed: {e}")
+
+    return jsonify({
+        "data": "This is public data",
+        "your_status": identity
+    })
+
+if __name__ == "__main__":
+    app.run(port=5000)
+```

valleydam-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

valleydam-0.1.0/setup.py

@@ -0,0 +1,37 @@
+from setuptools import setup, find_packages
+
+with open("README.md", "r", encoding="utf-8") as fh:
+    long_description = fh.read()
+
+setup(
+    name="valleydam",
+    version="0.1.0",
+    author="Supra N.",
+    description="A DNS-based cryptographic identity verification protocol for AI Agents.",
+    long_description=long_description,
+    long_description_content_type="text/markdown",
+    url="https://github.com/supra-nlpn/valley-dam",
+    project_urls={
+        "Bug Tracker": "https://github.com/supra-nlpn/valley-dam/issues",
+    },
+    classifiers=[
+        "Programming Language :: Python :: 3",
+        "License :: OSI Approved :: MIT License",
+        "Operating System :: OS Independent",
+        "Topic :: Security",
+        "Topic :: Internet :: WWW/HTTP",
+    ],
+    package_dir={"": "src"},
+    packages=find_packages(where="src"),
+    python_requires=">=3.7",
+    install_requires=[
+        "requests>=2.25.0",
+        "cryptography>=3.4.0",
+        "dnspython>=2.1.0",
+    ],
+    entry_points={
+        'console_scripts': [
+            'valleydam-gen=valleydam.cli:main',
+        ],
+    },
+)

valleydam-0.1.0/src/valleydam/__init__.py

@@ -0,0 +1,16 @@
+"""
+ValleyDam: DNS-based Identity Verification Protocol.
+"""
+
+from .client import ValleyDamSession
+from .verifier import verify_request, DnsKeyResolver
+from .core import ValleyDamSigner, ValleyDamVerifier
+
+__version__ = "0.1.0"
+__all__ = [
+    "ValleyDamSession",
+    "verify_request",
+    "DnsKeyResolver",
+    "ValleyDamSigner",
+    "ValleyDamVerifier"
+]

valleydam-0.1.0/src/valleydam/cli.py

@@ -0,0 +1,61 @@
+import sys
+import base64
+import os
+from cryptography.hazmat.primitives.asymmetric import ed25519
+from cryptography.hazmat.primitives import serialization
+
+def main():
+    print("\n" + "="*50)
+    print(" ⛰️   VALLEYDAM IDENTITY GENERATOR")
+    print("="*50)
+    print("This tool will create a cryptographic identity for your AI Agent.\n")
+    
+    # 1. Get Domain
+    domain = input("Enter your Agent's Domain (e.g., bot.mysite.com): ").strip()
+    if not domain:
+        print("❌ Error: Domain is required.")
+        sys.exit(1)
+
+    # 2. Generate Keys
+    print(f"\nGenerating Ed25519 keypair for {domain}...")
+    private_key = ed25519.Ed25519PrivateKey.generate()
+    public_key = private_key.public_key()
+
+    # 3. Save Private Key
+    safe_name = domain.replace('.', '_')
+    filename = f"{safe_name}_private.pem"
+    
+    if os.path.exists(filename):
+        overwrite = input(f"⚠️  File {filename} exists. Overwrite? (y/N): ")
+        if overwrite.lower() != 'y':
+            print("Aborted.")
+            sys.exit(0)
+
+    private_bytes = private_key.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.PKCS8,
+        encryption_algorithm=serialization.NoEncryption()
+    )
+    
+    with open(filename, "wb") as f:
+        f.write(private_bytes)
+
+    # 4. Format Public Key for DNS
+    public_bytes = public_key.public_bytes(
+        encoding=serialization.Encoding.Raw,
+        format=serialization.PublicFormat.Raw
+    )
+    public_b64 = base64.b64encode(public_bytes).decode('utf-8')
+
+    # 5. Output Instructions
+    print(f"\n✅ SUCCESS! Private key saved to: {os.path.abspath(filename)}")
+    print("   (DO NOT share this file. Add it to your .gitignore)")
+    
+    print("\n🌍 === DNS SETUP INSTRUCTIONS ===")
+    print(f"Log in to your DNS provider for '{domain}' and add this TXT record:\n")
+    print(f"   Host:  _agent") 
+    print(f"   Value: v=vd1; k=ed25519; p={public_b64};\n")
+    print("="*50 + "\n")
+
+if __name__ == "__main__":
+    main()

valleydam-0.1.0/src/valleydam/client.py

@@ -0,0 +1,37 @@
+import requests
+from urllib.parse import urlparse
+from typing import Optional
+from .core import ValleyDamSigner
+
+class ValleyDamSession(requests.Session):
+    """
+    A Requests Session that automatically signs every outgoing request
+    with a ValleyDam Identity.
+    """
+
+    def __init__(self, domain: str, private_key_path: str):
+        super().__init__()
+        self.domain = domain
+        self.signer = ValleyDamSigner(private_key_path)
+
+    def request(self, method: str, url: str, *args, **kwargs):
+        """
+        Overrides the standard request method to inject authentication headers.
+        """
+        # Parse URL to get signing components
+        parsed = urlparse(url)
+        host = parsed.netloc 
+        path = parsed.path if parsed.path else "/"
+
+        # Generate Signature
+        headers = self.signer.sign(method, host, path)
+        
+        # Add Identity Pointer
+        headers['X-ValleyDam-KeyID'] = f"dns:{self.domain}"
+
+        # Merge with user-provided headers
+        if 'headers' not in kwargs:
+            kwargs['headers'] = {}
+        kwargs['headers'].update(headers)
+
+        return super().request(method, url, *args, **kwargs)

valleydam-0.1.0/src/valleydam/core.py

@@ -0,0 +1,102 @@
+import base64
+import time
+from typing import Dict, Optional
+from cryptography.hazmat.primitives.asymmetric import ed25519
+from cryptography.hazmat.primitives import serialization
+
+# Protocol Constants
+SIGNATURE_ALGORITHM = 'ed25519'
+MAX_TIME_SKEW_SECONDS = 30
+
+class ValleyDamSigner:
+    """Handles the cryptographic signing of HTTP requests."""
+
+    def __init__(self, private_key_path: str):
+        """
+        Load an Ed25519 private key from a PEM file.
+        
+        Args:
+            private_key_path: Path to the .pem file generated by the CLI.
+        """
+        try:
+            with open(private_key_path, 'rb') as key_file:
+                self.private_key = serialization.load_pem_private_key(
+                    key_file.read(),
+                    password=None
+                )
+        except FileNotFoundError:
+            raise ValueError(f"Private key not found at: {private_key_path}")
+        except ValueError:
+            raise ValueError("Invalid PEM file format.")
+
+    def sign(self, method: str, host: str, path: str) -> Dict[str, str]:
+        """
+        Generate authentication headers for a request.
+        
+        The payload format is: "{METHOD} {HOST} {PATH} {TIMESTAMP}"
+        """
+        timestamp = int(time.time())
+        
+        # Canonicalization: Create the immutable string to sign
+        payload = f"{method.upper()} {host} {path} {timestamp}".encode('utf-8')
+        
+        # Sign using Ed25519
+        sig_bytes = self.private_key.sign(payload)
+        sig_b64 = base64.b64encode(sig_bytes).decode('utf-8')
+        
+        return {
+            'X-ValleyDam-Signature': sig_b64,
+            'X-ValleyDam-Time': str(timestamp),
+            'X-ValleyDam-Method': SIGNATURE_ALGORITHM
+        }
+
+
+class ValleyDamVerifier:
+    """Handles the verification of incoming request signatures."""
+
+    def __init__(self, key_resolver_func):
+        """
+        Args:
+            key_resolver_func: A callable that takes a key_id string and 
+                               returns an Ed25519PublicKey object (or None).
+        """
+        self.resolve_key = key_resolver_func
+
+    def verify(self, method: str, host: str, path: str, headers: Dict) -> bool:
+        """
+        Verify that a request was signed by the owner of the DNS record.
+
+        Raises:
+            ValueError: If headers are missing, timestamp is expired, or signature is invalid.
+        """
+        # 1. Extract Headers
+        sig_b64 = headers.get('X-ValleyDam-Signature')
+        timestamp = headers.get('X-ValleyDam-Time')
+        key_id = headers.get('X-ValleyDam-KeyID') 
+
+        if not all([sig_b64, timestamp, key_id]):
+            raise ValueError("Missing required ValleyDam authentication headers.")
+
+        # 2. Check Timestamp (Replay Attack Prevention)
+        try:
+            req_time = int(timestamp)
+            now = int(time.time())
+            if abs(now - req_time) > MAX_TIME_SKEW_SECONDS:
+                raise ValueError(f"Request expired. Server time: {now}, Request time: {req_time}")
+        except ValueError:
+            raise ValueError("Invalid timestamp format.")
+
+        # 3. Resolve Public Key
+        public_key = self.resolve_key(key_id)
+        if not public_key:
+            raise ValueError(f"Public key not found for identity: {key_id}")
+
+        # 4. Reconstruct and Verify Payload
+        payload = f"{method.upper()} {host} {path} {timestamp}".encode('utf-8')
+
+        try:
+            sig_bytes = base64.b64decode(sig_b64)
+            public_key.verify(sig_bytes, payload)
+            return True
+        except Exception:
+            raise ValueError("Cryptographic verification failed. Signature does not match payload.")

valleydam-0.1.0/src/valleydam/verifier.py

@@ -0,0 +1,87 @@
+import dns.resolver
+import base64
+from functools import lru_cache
+from typing import Optional
+from cryptography.hazmat.primitives.asymmetric import ed25519
+from .core import ValleyDamVerifier
+
+# --- CACHED LOOKUP FUNCTION ---
+@lru_cache(maxsize=256)
+def _fetch_dns_record(key_id: str) -> Optional[ed25519.Ed25519PublicKey]:
+    """
+    Fetch and cache the Ed25519 public key from a DNS TXT record.
+    Format expected: v=vd1; k=ed25519; p=<BASE64_KEY>;
+    """
+    if not key_id.startswith("dns:"):
+        return None
+    
+    try:
+        domain = key_id.split(":", 1)[1]
+    except IndexError:
+        return None
+
+    # Use Google and Cloudflare DNS to avoid local ISP caching issues
+    resolver = dns.resolver.Resolver(configure=False)
+    resolver.nameservers = ['8.8.8.8', '1.1.1.1']
+    resolver.lifetime = 2.0  # Timeout after 2 seconds
+
+    try:
+        txt_target = f"_agent.{domain}"
+        answers = resolver.resolve(txt_target, 'TXT')
+        
+        for rdata in answers:
+            # Clean up the TXT record string
+            txt_string = rdata.to_text().replace('"', '').strip()
+            
+            # Parse key-value pairs
+            parts = {}
+            for item in txt_string.split(';'):
+                if '=' in item:
+                    k, v = item.strip().split('=', 1)
+                    parts[k] = v
+            
+            # Return the key if found
+            if parts.get('p'):
+                try:
+                    pub_bytes = base64.b64decode(parts['p'])
+                    return ed25519.Ed25519PublicKey.from_public_bytes(pub_bytes)
+                except Exception:
+                    continue  # Malformed key, try next record
+
+    except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, dns.exception.Timeout):
+        return None
+    except Exception as e:
+        # In production, you might want to log this error
+        # print(f"DNS Error: {e}") 
+        return None
+    
+    return None
+
+
+class DnsKeyResolver:
+    """Wrapper class for the cached DNS lookup."""
+    def resolve(self, key_id: str):
+        return _fetch_dns_record(key_id)
+
+
+# Singleton instance to maintain cache across requests
+GLOBAL_RESOLVER = DnsKeyResolver()
+
+
+def verify_request(request) -> bool:
+    """
+    Helper function for Flask/Django/FastAPI.
+    
+    Usage:
+        try:
+            verify_request(request)
+        except ValueError as e:
+            abort(403, str(e))
+    """
+    verifier = ValleyDamVerifier(GLOBAL_RESOLVER.resolve)
+    
+    # Handle Flask-style request objects
+    host = request.host
+    path = request.path
+    
+    return verifier.verify(request.method, host, path, request.headers)

valleydam-0.1.0/src/valleydam.egg-info/PKG-INFO

@@ -0,0 +1,185 @@
+Metadata-Version: 2.4
+Name: valleydam
+Version: 0.1.0
+Summary: A DNS-based cryptographic identity verification protocol for AI Agents.
+Home-page: https://github.com/supra-nlpn/valley-dam
+Author: Supra N.
+Project-URL: Bug Tracker, https://github.com/supra-nlpn/valley-dam/issues
+Classifier: Programming Language :: Python :: 3
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Topic :: Security
+Classifier: Topic :: Internet :: WWW/HTTP
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+Requires-Dist: requests>=2.25.0
+Requires-Dist: cryptography>=3.4.0
+Requires-Dist: dnspython>=2.1.0
+Dynamic: author
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: project-url
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+
+# ⛰️ ValleyDam
+
+ValleyDam is a lightweight, open protocol for verifying the identity of AI agents and web scrapers using **DNS-backed cryptographic proof**.
+
+It enables a website to verify that a request *actually* came from `bot.openai.com` (or your startup’s domain) **without** API keys, IP allowlists, or complex authentication handshakes.
+
+---
+
+## The Problem
+
+Today, websites have no reliable way to identify automated clients.
+
+- **User-Agent strings are lies**  
+  Anyone can send `User-Agent: Googlebot`.
+
+- **IP blocking is messy**  
+  Legitimate bots often run on shared cloud infrastructure (AWS, GCP).
+
+- **API keys don’t scale**  
+  You can’t safely issue and manage API keys for every website on the internet.
+
+---
+
+## The Solution
+
+ValleyDam uses **Ed25519 digital signatures** anchored in **DNS TXT records** to create a verifiable, spoof-resistant identity for bots.
+
+### How it works
+
+1. **The bot signs each request** using a private Ed25519 key.
+2. **The server retrieves the public key** from the bot’s DNS record  
+   (e.g. `_agent.yourwebsite.com`).
+3. **The signature is verified**. If it matches, the bot’s identity is cryptographically proven.
+
+No central authority. No shared secrets. No API keys.
+
+---
+
+## 📦 Installation
+
+```bash
+pip install valleydam
+```
+
+---
+
+## 🚀 Usage
+
+### For Web Scrapper or Agent Developers (The Client)
+
+If you are building a scraper or AI agent, use `ValleyDamSession` to automatically sign outgoing HTTP requests.
+
+---
+
+#### 1. Generate Your Identity
+
+Run the CLI to generate a private key and receive your DNS TXT record value:
+
+```bash
+valleydam-gen
+```
+
+Follow the printed instructions to add the TXT record to your domain’s DNS.
+
+---
+
+#### 2. Use ValleyDam in Your Code
+
+ValleyDam behaves just like the standard Python `requests` library.
+
+```python
+from valleydam import ValleyDamSession
+
+# Initialize your authenticated session
+agent = ValleyDamSession(
+    domain="yourwebsite.com",                       # Your verified domain
+    private_key_path="yourwebsite_com_private.pem"  # Generated in step 1
+)
+
+# Make requests as normal — they are now cryptographically signed
+response = agent.get("https://protected-website.com/api/data")
+
+print(response.text)
+```
+
+---
+
+### For Website Owners (The Server)
+
+Use theGuide
+
+ValleyDam verifies incoming automated traffic and prevents agent impersonation by validating request signatures against DNS-published public keys.
+
+It runs as middleware and works with Flask, Django, FastAPI, and similar frameworks.
+
+---
+
+
+#### 🔒 Hard Validation (Block)
+
+Reject invalid or spoofed requests. Best for protected or agent-only APIs.
+
+```python
+from flask import Flask, request, jsonify
+from valleydam import verify_request
+
+app = Flask(__name__)
+
+@app.route('/agent-api', methods=['POST'])
+def protected_route():
+    try:
+        verify_request(request)
+        identity = request.headers.get('X-ValleyDam-KeyID')
+        return jsonify({
+            "status": "Welcome",
+            "verified_user": identity
+        })
+    except ValueError as e:
+        return jsonify({
+            "error": "Access Denied",
+            "reason": str(e)
+        }), 403
+
+if __name__ == "__main__":
+    app.run(port=5000)
+```
+
+#### 📄 Soft Validation (Log Only)
+
+Attempt verification, log results, but allow all traffic.
+
+```python
+import logging
+from flask import Flask, request, jsonify
+from valleydam import verify_request
+
+app = Flask(__name__)
+logging.basicConfig(level=logging.INFO)
+
+@app.route('/public-api', methods=['GET', 'POST'])
+def public_route():
+    identity = "Unverified (Anonymous)"
+
+    try:
+        verify_request(request)
+        identity = request.headers.get('X-ValleyDam-KeyID')
+        logging.info(f"Verified request from: {identity}")
+    except ValueError as e:
+        logging.warning(f"Verification failed: {e}")
+
+    return jsonify({
+        "data": "This is public data",
+        "your_status": identity
+    })
+
+if __name__ == "__main__":
+    app.run(port=5000)
+```

valleydam-0.1.0/src/valleydam.egg-info/SOURCES.txt

@@ -0,0 +1,13 @@
+README.md
+setup.py
+src/valleydam/__init__.py
+src/valleydam/cli.py
+src/valleydam/client.py
+src/valleydam/core.py
+src/valleydam/verifier.py
+src/valleydam.egg-info/PKG-INFO
+src/valleydam.egg-info/SOURCES.txt
+src/valleydam.egg-info/dependency_links.txt
+src/valleydam.egg-info/entry_points.txt
+src/valleydam.egg-info/requires.txt
+src/valleydam.egg-info/top_level.txt

valleydam-0.1.0/src/valleydam.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

valleydam-0.1.0/src/valleydam.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+valleydam-gen = valleydam.cli:main

valleydam-0.1.0/src/valleydam.egg-info/requires.txt

@@ -0,0 +1,3 @@
+requests>=2.25.0
+cryptography>=3.4.0
+dnspython>=2.1.0

valleydam-0.1.0/src/valleydam.egg-info/top_level.txt

@@ -0,0 +1 @@
+valleydam