vouch-protocol 1.0.0__py3-none-any.whl

vouch/__init__.py

@@ -0,0 +1,3 @@
+from .auditor import Auditor
+from .verifier import Verifier
+from .seal import vouch_seal_component

vouch/auditor.py

@@ -0,0 +1,28 @@
+import json
+import time
+import uuid
+from jwcrypto import jwk, jws
+
+class Auditor:
+    def __init__(self, private_key_json):
+        self.signing_key = jwk.JWK.from_json(private_key_json)
+
+    def issue_vouch(self, agent_data):
+        # Default starting score for new agents
+        reputation_score = agent_data.get('reputation_score', 50) 
+        
+        payload = {
+            "jti": str(uuid.uuid4()),
+            "sub": agent_data.get('did'),
+            "iss": "did:web:vouch-authority",
+            "nbf": int(time.time()),
+            "exp": int(time.time()) + 86400, # 24 Hours
+            "vc": { 
+                "integrity_hash": agent_data.get('integrity_hash'),
+                "reputation_score": reputation_score, # <-- NEW MANIFESTO FIELD
+                "type": "Identity+Reputation"
+            }
+        }
+        signer = jws.JWS(json.dumps(payload).encode('utf-8'))
+        signer.add_signature(self.signing_key, None, json.dumps({"alg":"EdDSA"}), json.dumps({"kid":self.signing_key.key_id}))
+        return {"certificate": signer.serialize(compact=True)}

vouch/integrations/autogen/tool.py

@@ -0,0 +1,22 @@
+from vouch import Auditor
+import os
+from typing import Annotated
+
+def sign_action(
+    intent: Annotated[str, "The action you are about to take"]
+) -> str:
+    """
+    Generates a Vouch-Token to sign a sensitive action for AutoGen agents.
+    """
+    key = os.getenv("VOUCH_PRIVATE_KEY")
+    did = os.getenv("VOUCH_DID")
+    
+    if not key:
+        return "Error: VOUCH_PRIVATE_KEY not configured."
+
+    auditor = Auditor(key)
+    proof = auditor.issue_vouch({
+        "did": did,
+        "integrity_hash": intent
+    })
+    return f"Vouch-Token: {proof['certificate']}"

vouch/integrations/autogpt/commands.py

@@ -0,0 +1,30 @@
+import os
+from vouch import Auditor
+
+# Mock decorator if AutoGPT is not installed
+try:
+    from autogpt.command_decorator import command
+except ImportError:
+    def command(*args, **kwargs):
+        def decorator(func): return func
+        return decorator
+
+@command(
+    "sign_with_vouch",
+    "Generates a Vouch-Token to prove identity",
+    {
+        "intent": {"type": "string", "description": "What you are doing", "required": True},
+        "target_service": {"type": "string", "description": "Target domain", "required": True}
+    },
+)
+def sign_with_vouch(intent: str, target_service: str) -> str:
+    try:
+        key = os.getenv("VOUCH_PRIVATE_KEY")
+        did = os.getenv("VOUCH_DID", "did:web:anonymous")
+        if not key: return "Error: VOUCH_PRIVATE_KEY missing"
+        
+        auditor = Auditor(key)
+        proof = auditor.issue_vouch({"did": did, "integrity_hash": f"{target_service}:{intent}"})
+        return f"Vouch-Token generated. Add header: 'Vouch-Token: {proof['certificate']}'"
+    except Exception as e:
+        return f"Error: {str(e)}"

vouch/integrations/crewai/tool.py

@@ -0,0 +1,16 @@
+from langchain.tools import tool
+from vouch import Auditor
+import os
+
+class VouchCrewTools:
+    @tool("Sign Request with Vouch")
+    def sign_request(intent: str):
+        """Generates a cryptographic Vouch-Token. Useful for proving identity to external APIs."""
+        key = os.getenv("VOUCH_PRIVATE_KEY")
+        did = os.getenv("VOUCH_DID")
+        
+        if not key: return "Error: VOUCH_PRIVATE_KEY not found."
+        
+        auditor = Auditor(key)
+        proof = auditor.issue_vouch({"did": did, "integrity_hash": intent})
+        return f"Vouch-Token: {proof['certificate']}"

vouch/integrations/langchain/tool.py

@@ -0,0 +1,25 @@
+from typing import Optional, Type
+from langchain.tools import BaseTool
+from pydantic import BaseModel, Field
+from vouch import Auditor
+import os
+
+class VouchSignerInput(BaseModel):
+    intent: str = Field(description="A description of the action being signed (e.g. 'search_database')")
+
+class VouchSignerTool(BaseTool):
+    name = "vouch_signer"
+    description = "Generates a verifiable identity proof (Vouch-Token) for sensitive actions."
+    args_schema: Type[BaseModel] = VouchSignerInput
+
+    def _run(self, intent: str) -> str:
+        private_key = os.getenv("VOUCH_PRIVATE_KEY")
+        agent_did = os.getenv("VOUCH_DID")
+        if not private_key: return "Error: VOUCH_PRIVATE_KEY not set."
+        
+        auditor = Auditor(private_key)
+        proof = auditor.issue_vouch({"did": agent_did, "integrity_hash": intent})
+        return f"Vouch-Token: {proof['certificate']}"
+
+    def _arun(self, intent: str):
+        raise NotImplementedError("Async not implemented yet")

vouch/integrations/langchain/tools.py

@@ -0,0 +1,49 @@
+from typing import Optional, Type
+from pydantic import BaseModel, Field
+
+# Try importing LangChain (It's optional, so we handle the error if missing)
+try:
+    from langchain.tools import BaseTool
+except ImportError:
+    # Fallback for users who don't have LangChain installed
+    class BaseTool:
+        pass
+
+from vouch import Auditor
+
+class VouchSignerInput(BaseModel):
+    """Input for the Vouch Signer."""
+    action_summary: str = Field(..., description="A brief summary of what action the agent is taking (e.g., 'booking_flight')")
+
+class VouchSignerTool(BaseTool):
+    name = "vouch_identity_signer"
+    description = "Use this tool to generate a cryptographic Vouch-Token when you need to prove your identity to an external API."
+    args_schema: Type[BaseModel] = VouchSignerInput
+
+    # Private attributes
+    _auditor: Auditor = None
+    _did: str = None
+
+    def __init__(self, private_key_json: str, agent_did: str):
+        super().__init__()
+        self._auditor = Auditor(private_key_json)
+        self._did = agent_did
+
+    def _run(self, action_summary: str) -> str:
+        """Generates the Vouch-Token header."""
+
+        # Create the payload based on the agent's intent
+        vouch_data = {
+            "did": self._did,
+            "integrity_hash": f"action:{action_summary}" # Simple binding of intent
+        }
+
+        # Issue the token
+        result = self._auditor.issue_vouch(vouch_data)
+
+        # Return the ready-to-use header value
+        return result['certificate']
+
+    async def _arun(self, action_summary: str) -> str:
+        """Async support (optional but good practice)."""
+        return self._run(action_summary)

vouch/integrations/mcp/server.py

@@ -0,0 +1,71 @@
+import sys
+import json
+import logging
+from vouch import Auditor
+
+# A simple Standard-IO Model Context Protocol (MCP) Server
+# This allows Claude Desktop or Cursor to "use" Vouch tools locally.
+
+logging.basicConfig(level=logging.INFO, stream=sys.stderr)
+
+class VouchMCPServer:
+    def __init__(self):
+        self.auditor = None
+        # Try to load keys from env
+        self.load_keys()
+
+    def load_keys(self):
+        # In a real app, manage this securely. For MVP, we look for env vars.
+        import os
+        key = os.getenv("VOUCH_PRIVATE_KEY")
+        if key:
+            self.auditor = Auditor(key)
+
+    def process_request(self, line):
+        try:
+            request = json.loads(line)
+            if request.get("method") == "tools/list":
+                return {
+                    "jsonrpc": "2.0",
+                    "id": request["id"],
+                    "result": {
+                        "tools": [{
+                            "name": "sign_action",
+                            "description": "Generate a cryptographic Vouch-Token to sign a sensitive action.",
+                            "inputSchema": {
+                                "type": "object",
+                                "properties": {
+                                    "intent": {"type": "string", "description": "What are you doing? (e.g. 'read_email')"},
+                                    "did": {"type": "string", "description": "Your Agent DID"}
+                                },
+                                "required": ["intent", "did"]
+                            }
+                        }]
+                    }
+                }
+            elif request.get("method") == "tools/call":
+                if request["params"]["name"] == "sign_action":
+                    if not self.auditor:
+                        return {"jsonrpc": "2.0", "id": request["id"], "error": {"code": -32603, "message": "VOUCH_PRIVATE_KEY not set in env"}}
+                    
+                    args = request["params"]["arguments"]
+                    proof = self.auditor.issue_vouch({
+                        "did": args["did"],
+                        "integrity_hash": args["intent"]
+                    })
+                    return {
+                        "jsonrpc": "2.0", "id": request["id"],
+                        "result": {"content": [{"type": "text", "text": proof["certificate"]}]}
+                    }
+        except Exception as e:
+            pass
+        return None
+
+if __name__ == "__main__":
+    server = VouchMCPServer()
+    # MCP loop
+    for line in sys.stdin:
+        response = server.process_request(line)
+        if response:
+            print(json.dumps(response))
+            sys.stdout.flush()

vouch/integrations/vertex_ai/tool.py

@@ -0,0 +1,9 @@
+from vouch import Auditor
+import os
+def sign_request_with_vouch(intent: str) -> str:
+    key = os.environ.get("VOUCH_PRIVATE_KEY")
+    did = os.environ.get("VOUCH_DID")
+    if not key: return "Error: Keys missing"
+    auditor = Auditor(key)
+    proof = auditor.issue_vouch({"did": did, "integrity_hash": intent})
+    return f"Vouch-Token: {proof['certificate']}"

vouch/keys.py

@@ -0,0 +1,24 @@
+import json
+from jwcrypto import jwk
+
+def generate_identity():
+    """
+    Generates a fresh Ed25519 Keypair for a new Agent.
+    """
+    # 1. Generate Key
+    key = jwk.JWK.generate(kty='OKP', crv='Ed25519')
+    
+    # 2. Export Private Key (Save this securely!)
+    private_key = key.export_private()
+    
+    # 3. Export Public Key (Put this in vouch.json)
+    public_key = key.export_public()
+    
+    print("🔑 NEW AGENT IDENTITY GENERATED\n")
+    print("--- PRIVATE KEY (Keep Secret / Set as Env Var) ---")
+    print(private_key)
+    print("\n--- PUBLIC KEY (Put this in vouch.json) ---")
+    print(public_key)
+
+if __name__ == "__main__":
+    generate_identity()

vouch/seal.py

@@ -0,0 +1,7 @@
+import streamlit as st
+
+def vouch_seal_component(is_verified=False, agent_name="Agent"):
+    if is_verified: 
+        st.success(f"✅ {agent_name}: VOUCHED")
+    else: 
+        st.error(f"⚠️ {agent_name}: UNVERIFIED")

vouch/verifier.py

@@ -0,0 +1,57 @@
+import json
+import time
+import base64
+import requests
+from jwcrypto import jwk, jws
+
+class Verifier:
+    def __init__(self, trusted_roots=None):
+        self.trusted_roots = trusted_roots or {}
+        self.used_nonces = set()
+
+    def _resolve_did(self, did):
+        if did in self.trusted_roots:
+            return jwk.JWK.from_json(self.trusted_roots[did])
+
+        if not did.startswith("did:web:"):
+            raise ValueError(f"Unsupported DID method: {did}")
+
+        domain = did.replace("did:web:", "")
+        url = f"https://{domain}/.well-known/did.json"
+        
+        try:
+            response = requests.get(url, timeout=5)
+            response.raise_for_status()
+            did_doc = response.json()
+            key_data = did_doc['verificationMethod'][0]['publicKeyJwk']
+            return jwk.JWK.from_json(json.dumps(key_data))
+        except Exception as e:
+            return None
+
+    def check_vouch(self, token):
+        try:
+            parts = token.split('.')
+            if len(parts) != 3: return False, "Invalid Token Format"
+            
+            payload_str = parts[1] + '=' * (-len(parts[1]) % 4)
+            payload = json.loads(base64.urlsafe_b64decode(payload_str))
+            
+            agent_did = payload.get('sub')
+            if not agent_did: return False, "No Identity (sub) in token"
+
+            public_key = self._resolve_did(agent_did)
+            if not public_key:
+                return False, f"Could not resolve public key for {agent_did}"
+
+            verifier = jws.JWS()
+            verifier.deserialize(token)
+            verifier.verify(public_key)
+            
+            if time.time() > payload['exp']: return False, "Expired Vouch"
+            if payload['jti'] in self.used_nonces: return False, "Replay Detected"
+            self.used_nonces.add(payload['jti'])
+
+            return True, payload
+
+        except Exception as e:
+            return False, f"Verification Error: {str(e)}"