vaultedge 1.0.0__tar.gz

vaultedge-1.0.0/PKG-INFO

@@ -0,0 +1,25 @@
+Metadata-Version: 2.4
+Name: vaultedge
+Version: 1.0.0
+Summary: VaultEdge — zero-trust AI key manager SDK for Python
+License: MIT
+Project-URL: Homepage, https://vaultedge.dev
+Project-URL: Repository, https://github.com/you/vaultedge
+Keywords: ai,llm,api-key,vault,openai,security,proxy
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: cryptography>=42.0.0
+Requires-Dist: httpx>=0.27.0
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.23.0; extra == "dev"

vaultedge-1.0.0/pyproject.toml

@@ -0,0 +1,38 @@
+[build-system]
+requires = ["setuptools>=68.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "vaultedge"
+version = "1.0.0"
+description = "VaultEdge — zero-trust AI key manager SDK for Python"
+readme = "README.md"
+requires-python = ">=3.9"
+license = { text = "MIT" }
+keywords = ["ai", "llm", "api-key", "vault", "openai", "security", "proxy"]
+classifiers = [
+  "Development Status :: 4 - Beta",
+  "Intended Audience :: Developers",
+  "License :: OSI Approved :: MIT License",
+  "Programming Language :: Python :: 3",
+  "Programming Language :: Python :: 3.9",
+  "Programming Language :: Python :: 3.10",
+  "Programming Language :: Python :: 3.11",
+  "Programming Language :: Python :: 3.12",
+  "Topic :: Security :: Cryptography",
+  "Topic :: Software Development :: Libraries :: Python Modules",
+]
+dependencies = [
+  "cryptography>=42.0.0",
+  "httpx>=0.27.0",
+]
+
+[project.optional-dependencies]
+dev = ["pytest>=8.0.0", "pytest-asyncio>=0.23.0"]
+
+[project.urls]
+Homepage = "https://vaultedge.dev"
+Repository = "https://github.com/you/vaultedge"
+
+[tool.pytest.ini_options]
+asyncio_mode = "auto"

vaultedge-1.0.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

vaultedge-1.0.0/vaultedge/__init__.py

@@ -0,0 +1,15 @@
+"""VaultEdge — zero-trust AI key manager SDK for Python."""
+
+from .vault import VaultEntry, encrypt_vault, decrypt_vault, VAULT_PREFIX
+from .client import VaultEdge, resolve_provider
+
+__all__ = [
+    "VaultEdge",
+    "VaultEntry",
+    "encrypt_vault",
+    "decrypt_vault",
+    "resolve_provider",
+    "VAULT_PREFIX",
+]
+
+__version__ = "1.0.0"

vaultedge-1.0.0/vaultedge/client.py

@@ -0,0 +1,271 @@
+"""
+VaultEdge Python SDK — main client.
+
+Usage:
+    import asyncio
+    import os
+    from vaultedge import VaultEdge
+
+    ve = VaultEdge(
+        vault=os.environ["VAULTEDGE_VAULT"],
+        password=os.environ["VAULTEDGE_PASSWORD"],
+    )
+
+    async def main():
+        response = await ve.chat.completions.create(
+            model="gpt-4o",
+            messages=[{"role": "user", "content": "Hello!"}],
+        )
+        print(response["choices"][0]["message"]["content"])
+
+    asyncio.run(main())
+"""
+
+import os
+from typing import Any, AsyncIterator, Dict, List, Optional, Union
+import httpx
+
+from .vault import VaultEntry, decrypt_vault
+
+# ─── Provider Config ───────────────────────────────────────────────────────────
+
+PROVIDER_CONFIGS: Dict[str, Dict[str, Any]] = {
+    "OpenAI":      {"url": "https://api.openai.com/v1/chat/completions",          "scheme": "bearer"},
+    "Groq":        {"url": "https://api.groq.com/openai/v1/chat/completions",     "scheme": "bearer"},
+    "Anthropic":   {"url": "https://api.anthropic.com/v1/messages",               "scheme": "x-api-key"},
+    "Gemini":      {"url": "https://generativelanguage.googleapis.com/v1beta/openai/chat/completions", "scheme": "bearer"},
+    "Mistral":     {"url": "https://api.mistral.ai/v1/chat/completions",           "scheme": "bearer"},
+    "xAI":         {"url": "https://api.x.ai/v1/chat/completions",                "scheme": "bearer"},
+    "DeepSeek":    {"url": "https://api.deepseek.com/v1/chat/completions",         "scheme": "bearer"},
+    "OpenRouter":  {"url": "https://openrouter.ai/api/v1/chat/completions",        "scheme": "bearer"},
+    "Cohere":      {"url": "https://api.cohere.ai/v1/chat/completions",            "scheme": "bearer"},
+    "Cerebras":    {"url": "https://api.cerebras.ai/v1/chat/completions",          "scheme": "bearer"},
+    "Sambanova":   {"url": "https://api.sambanova.ai/v1/chat/completions",         "scheme": "bearer"},
+    "Nvidia":      {"url": "https://integrate.api.nvidia.com/v1/chat/completions", "scheme": "bearer"},
+    "Together":    {"url": "https://api.together.xyz/v1/chat/completions",         "scheme": "bearer"},
+    "Perplexity":  {"url": "https://api.perplexity.ai/chat/completions",           "scheme": "bearer"},
+}
+
+MODEL_PREFIX_MAP = [
+    ("gpt-",       "OpenAI"),
+    ("o1",         "OpenAI"),
+    ("o3",         "OpenAI"),
+    ("davinci",    "OpenAI"),
+    ("llama",      "Groq"),
+    ("groq",       "Groq"),
+    ("mixtral",    "Groq"),
+    ("gemma",      "Groq"),
+    ("gemini",     "Gemini"),
+    ("claude",     "Anthropic"),
+    ("mistral",    "Mistral"),
+    ("codestral",  "Mistral"),
+    ("grok",       "xAI"),
+    ("deepseek",   "DeepSeek"),
+    ("command",    "Cohere"),
+    ("cohere",     "Cohere"),
+    ("nvidia",     "Nvidia"),
+    ("nim",        "Nvidia"),
+    ("sonar",      "Perplexity"),
+    ("pplx-",      "Perplexity"),
+]
+
+
+def resolve_provider(model: str) -> Optional[str]:
+    lower = model.lower()
+    for prefix, provider in MODEL_PREFIX_MAP:
+        if lower.startswith(prefix):
+            return provider
+    return None
+
+
+def build_headers(provider: str, api_key: str) -> Dict[str, str]:
+    config = PROVIDER_CONFIGS.get(provider, {})
+    scheme = config.get("scheme", "bearer")
+    headers = {"Content-Type": "application/json"}
+    if scheme == "bearer":
+        headers["Authorization"] = f"Bearer {api_key}"
+    elif scheme == "x-api-key":
+        headers["x-api-key"] = api_key
+        headers["anthropic-version"] = "2023-06-01"
+    return headers
+
+
+# ─── Completions ───────────────────────────────────────────────────────────────
+
+class Completions:
+    def __init__(self, client: "VaultEdge") -> None:
+        self._client = client
+
+    async def create(
+        self,
+        model: str,
+        messages: List[Dict[str, Any]],
+        *,
+        stream: bool = False,
+        temperature: Optional[float] = None,
+        max_tokens: Optional[int] = None,
+        top_p: Optional[float] = None,
+        **kwargs: Any,
+    ) -> Union[Dict[str, Any], AsyncIterator[Dict[str, Any]]]:
+        """
+        Create a chat completion.
+
+        Args:
+            model: Model name (e.g. "gpt-4o", "claude-3-5-sonnet-latest")
+            messages: List of message dicts with "role" and "content"
+            stream: If True, returns an async iterator of chunk dicts
+            temperature: Sampling temperature
+            max_tokens: Max tokens to generate
+            **kwargs: Any other OpenAI-compatible parameters
+
+        Returns:
+            If stream=False: A dict matching the OpenAI ChatCompletion format.
+            If stream=True: An async iterator of chunk dicts.
+        """
+        entries = await self._client._get_entries()
+        provider_keys: Dict[str, List[str]] = {}
+        for e in entries:
+            provider_keys.setdefault(e.provider, []).append(e.key)
+
+        primary = resolve_provider(model)
+        if not primary:
+            raise ValueError(f"No provider found for model '{model}'.")
+
+        order = [primary] + [p for p in PROVIDER_CONFIGS if p != primary]
+        payload: Dict[str, Any] = {
+            "model": model,
+            "messages": messages,
+            "stream": stream,
+            **kwargs,
+        }
+        if temperature is not None:
+            payload["temperature"] = temperature
+        if max_tokens is not None:
+            payload["max_tokens"] = max_tokens
+        if top_p is not None:
+            payload["top_p"] = top_p
+
+        errors = []
+        attempts = 0
+
+        for provider in order:
+            keys = provider_keys.get(provider, [])
+            if not keys:
+                continue
+            if attempts >= self._client.max_retries:
+                break
+
+            config = PROVIDER_CONFIGS.get(provider)
+            if not config:
+                continue
+
+            for key in keys:
+                if attempts >= self._client.max_retries:
+                    break
+                attempts += 1
+                headers = build_headers(provider, key)
+                try:
+                    async with httpx.AsyncClient(timeout=self._client.timeout) as http:
+                        if stream:
+                            return self._stream_response(http, config["url"], headers, payload)
+                        resp = await http.post(config["url"], json=payload, headers=headers)
+                        if resp.status_code == 200:
+                            return resp.json()
+                        errors.append(f"{provider}: HTTP {resp.status_code}")
+                except Exception as exc:
+                    errors.append(f"{provider}: {exc}")
+
+        raise RuntimeError(f"All providers failed: {'; '.join(errors)}")
+
+    async def _stream_response(
+        self,
+        http: httpx.AsyncClient,
+        url: str,
+        headers: Dict[str, str],
+        payload: Dict[str, Any],
+    ) -> AsyncIterator[Dict[str, Any]]:
+        import json as _json
+        async with http.stream("POST", url, json=payload, headers=headers) as resp:
+            async for line in resp.aiter_lines():
+                if line.startswith("data: "):
+                    data = line[6:]
+                    if data == "[DONE]":
+                        break
+                    try:
+                        yield _json.loads(data)
+                    except _json.JSONDecodeError:
+                        pass
+
+
+class Chat:
+    def __init__(self, client: "VaultEdge") -> None:
+        self.completions = Completions(client)
+
+
+# ─── Main Client ───────────────────────────────────────────────────────────────
+
+class VaultEdge:
+    """
+    VaultEdge Python SDK client.
+
+    Example::
+
+        ve = VaultEdge(
+            vault=os.environ["VAULTEDGE_VAULT"],
+            password=os.environ["VAULTEDGE_PASSWORD"],
+        )
+        response = await ve.chat.completions.create(
+            model="gpt-4o",
+            messages=[{"role": "user", "content": "Hello!"}],
+        )
+    """
+
+    def __init__(
+        self,
+        vault: Optional[str] = None,
+        password: Optional[str] = None,
+        *,
+        timeout: float = 60.0,
+        max_retries: int = 3,
+        debug: bool = False,
+    ) -> None:
+        self._vault_string = vault or os.environ.get("VAULTEDGE_VAULT")
+        self._password = password or os.environ.get("VAULTEDGE_PASSWORD")
+
+        if not self._vault_string:
+            raise ValueError(
+                "No vault provided. Pass vault= or set VAULTEDGE_VAULT env var."
+            )
+        if not self._password:
+            raise ValueError(
+                "No password provided. Pass password= or set VAULTEDGE_PASSWORD env var."
+            )
+
+        self.timeout = timeout
+        self.max_retries = max_retries
+        self.debug = debug
+        self.chat = Chat(self)
+        self._cached_entries: Optional[List[VaultEntry]] = None
+
+    async def _get_entries(self) -> List[VaultEntry]:
+        if self._cached_entries is None:
+            if self.debug:
+                print("[vaultedge] Decrypting vault...")
+            self._cached_entries = decrypt_vault(self._vault_string, self._password)  # type: ignore[arg-type]
+            if self.debug:
+                print(f"[vaultedge] Vault decrypted: {len(self._cached_entries)} entries")
+        return self._cached_entries
+
+    async def get_providers(self) -> List[str]:
+        """Return list of providers available in the vault."""
+        entries = await self._get_entries()
+        return list({e.provider for e in entries})
+
+    async def has_provider(self, provider: str) -> bool:
+        """Check if the vault has a key for the given provider."""
+        entries = await self._get_entries()
+        return any(e.provider == provider for e in entries)
+
+    def resolve_model(self, model: str) -> Optional[str]:
+        """Resolve which provider will handle a given model name."""
+        return resolve_provider(model)

vaultedge-1.0.0/vaultedge/vault.py

@@ -0,0 +1,107 @@
+"""
+VaultEdge vault crypto — AES-256-GCM + PBKDF2.
+
+Wire format:
+  Prefix: "VE_VAULT_v1_"
+  Payload (base64): salt[32] + nonce[12] + AES-256-GCM ciphertext+tag
+"""
+
+import base64
+import json
+import os
+from dataclasses import dataclass
+from typing import List
+
+from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+from cryptography.hazmat.primitives import hashes
+
+VAULT_PREFIX = "VE_VAULT_v1_"
+PBKDF2_ITERATIONS = 210_000
+SALT_BYTES = 32
+NONCE_BYTES = 12
+
+
+@dataclass
+class VaultEntry:
+    """A decrypted API key entry from the vault."""
+    provider: str
+    key: str
+
+
+def _derive_key(password: str, salt: bytes) -> bytes:
+    """Derive a 256-bit AES key from a password using PBKDF2-HMAC-SHA256."""
+    kdf = PBKDF2HMAC(
+        algorithm=hashes.SHA256(),
+        length=32,
+        salt=salt,
+        iterations=PBKDF2_ITERATIONS,
+    )
+    return kdf.derive(password.encode("utf-8"))
+
+
+def encrypt_vault(entries: List[VaultEntry], password: str) -> str:
+    """
+    Encrypt a list of VaultEntry objects with a master password.
+
+    Returns a string starting with VE_VAULT_v1_ suitable for an env var.
+    """
+    salt = os.urandom(SALT_BYTES)
+    nonce = os.urandom(NONCE_BYTES)
+    key = _derive_key(password, salt)
+
+    plaintext = json.dumps(
+        [{"provider": e.provider, "key": e.key} for e in entries]
+    ).encode("utf-8")
+
+    aesgcm = AESGCM(key)
+    ciphertext = aesgcm.encrypt(nonce, plaintext, None)
+
+    wire = salt + nonce + ciphertext
+    b64 = base64.b64encode(wire).decode("ascii")
+    return f"{VAULT_PREFIX}{b64}"
+
+
+def decrypt_vault(vault_string: str, password: str) -> List[VaultEntry]:
+    """
+    Decrypt a VaultEdge vault string.
+
+    Raises:
+        ValueError: If the vault string is invalid or the password is wrong.
+    """
+    if vault_string.startswith(VAULT_PREFIX):
+        b64 = vault_string[len(VAULT_PREFIX):]
+    else:
+        raise ValueError(
+            f"Invalid vault format. Expected string starting with '{VAULT_PREFIX}'."
+        )
+
+    try:
+        wire = base64.b64decode(b64)
+    except Exception as exc:
+        raise ValueError("Vault string is not valid base64.") from exc
+
+    if len(wire) < SALT_BYTES + NONCE_BYTES + 16:
+        raise ValueError("Vault data is too short to be valid.")
+
+    salt = wire[:SALT_BYTES]
+    nonce = wire[SALT_BYTES:SALT_BYTES + NONCE_BYTES]
+    ciphertext = wire[SALT_BYTES + NONCE_BYTES:]
+
+    key = _derive_key(password, salt)
+    aesgcm = AESGCM(key)
+
+    try:
+        plaintext = aesgcm.decrypt(nonce, ciphertext, None)
+    except Exception as exc:
+        raise ValueError(
+            "Decryption failed. The password is incorrect or the vault is corrupted."
+        ) from exc
+
+    try:
+        data = json.loads(plaintext.decode("utf-8"))
+        if not isinstance(data, list):
+            raise ValueError("Vault decrypted but contained invalid JSON structure.")
+        return [VaultEntry(provider=item["provider"], key=item["key"]) for item in data]
+    except (json.JSONDecodeError, KeyError) as exc:
+        raise ValueError("Vault decrypted but contained invalid JSON.") from exc

vaultedge-1.0.0/vaultedge.egg-info/PKG-INFO

@@ -0,0 +1,25 @@
+Metadata-Version: 2.4
+Name: vaultedge
+Version: 1.0.0
+Summary: VaultEdge — zero-trust AI key manager SDK for Python
+License: MIT
+Project-URL: Homepage, https://vaultedge.dev
+Project-URL: Repository, https://github.com/you/vaultedge
+Keywords: ai,llm,api-key,vault,openai,security,proxy
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: cryptography>=42.0.0
+Requires-Dist: httpx>=0.27.0
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.23.0; extra == "dev"

vaultedge-1.0.0/vaultedge.egg-info/SOURCES.txt

@@ -0,0 +1,9 @@
+pyproject.toml
+vaultedge/__init__.py
+vaultedge/client.py
+vaultedge/vault.py
+vaultedge.egg-info/PKG-INFO
+vaultedge.egg-info/SOURCES.txt
+vaultedge.egg-info/dependency_links.txt
+vaultedge.egg-info/requires.txt
+vaultedge.egg-info/top_level.txt

vaultedge-1.0.0/vaultedge.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

vaultedge-1.0.0/vaultedge.egg-info/requires.txt

@@ -0,0 +1,6 @@
+cryptography>=42.0.0
+httpx>=0.27.0
+
+[dev]
+pytest>=8.0.0
+pytest-asyncio>=0.23.0

vaultedge-1.0.0/vaultedge.egg-info/top_level.txt

@@ -0,0 +1 @@
+vaultedge