vouch-protocol 1.6.2__tar.gz → 2.0.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (239) hide show
  1. {vouch_protocol-1.6.2/vouch_protocol.egg-info → vouch_protocol-2.0.0}/PKG-INFO +49 -32
  2. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/README.md +45 -30
  3. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/pyproject.toml +7 -2
  4. vouch_protocol-2.0.0/tests/test_accountability.py +371 -0
  5. vouch_protocol-2.0.0/tests/test_audit_trail.py +158 -0
  6. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_auditor.py +44 -34
  7. vouch_protocol-2.0.0/tests/test_autosign.py +452 -0
  8. vouch_protocol-2.0.0/tests/test_budget.py +102 -0
  9. vouch_protocol-2.0.0/tests/test_cli_init.py +63 -0
  10. vouch_protocol-2.0.0/tests/test_conformance.py +35 -0
  11. vouch_protocol-2.0.0/tests/test_credential_gate.py +126 -0
  12. vouch_protocol-2.0.0/tests/test_dx_sugar.py +481 -0
  13. vouch_protocol-2.0.0/tests/test_fastapi_credential_gate.py +106 -0
  14. vouch_protocol-2.0.0/tests/test_fleet.py +261 -0
  15. vouch_protocol-2.0.0/tests/test_grade.py +66 -0
  16. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_hasura_integration.py +42 -58
  17. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_hybrid.py +13 -13
  18. vouch_protocol-2.0.0/tests/test_liveness_conformance.py +234 -0
  19. vouch_protocol-2.0.0/tests/test_proof_of_integration.py +161 -0
  20. vouch_protocol-2.0.0/tests/test_receipts.py +122 -0
  21. vouch_protocol-2.0.0/tests/test_recovery.py +113 -0
  22. vouch_protocol-2.0.0/tests/test_reputation_aggregate.py +99 -0
  23. vouch_protocol-2.0.0/tests/test_reputation_disputes.py +93 -0
  24. vouch_protocol-2.0.0/tests/test_reputation_ledger.py +105 -0
  25. vouch_protocol-2.0.0/tests/test_reputation_policy.py +81 -0
  26. vouch_protocol-2.0.0/tests/test_reputation_portability.py +106 -0
  27. vouch_protocol-2.0.0/tests/test_robot_conformance.py +169 -0
  28. vouch_protocol-2.0.0/tests/test_robot_custody.py +159 -0
  29. vouch_protocol-2.0.0/tests/test_robot_embodiment.py +197 -0
  30. vouch_protocol-2.0.0/tests/test_robot_handshake_blackbox_passport.py +186 -0
  31. vouch_protocol-2.0.0/tests/test_robot_identity.py +78 -0
  32. vouch_protocol-2.0.0/tests/test_robot_lease_quorum.py +231 -0
  33. vouch_protocol-2.0.0/tests/test_robot_lifecycle.py +160 -0
  34. vouch_protocol-2.0.0/tests/test_robot_liveness_revocation.py +356 -0
  35. vouch_protocol-2.0.0/tests/test_robot_perception.py +158 -0
  36. vouch_protocol-2.0.0/tests/test_robot_pq.py +112 -0
  37. vouch_protocol-2.0.0/tests/test_robot_provenance_capability.py +159 -0
  38. vouch_protocol-2.0.0/tests/test_robot_safety_record.py +161 -0
  39. vouch_protocol-2.0.0/tests/test_secure_key_custody.py +187 -0
  40. vouch_protocol-2.0.0/tests/test_shield_guard.py +107 -0
  41. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_signer_vc.py +35 -47
  42. vouch_protocol-2.0.0/tests/test_threshold.py +168 -0
  43. vouch_protocol-2.0.0/tests/test_tool_registry.py +105 -0
  44. vouch_protocol-2.0.0/tests/test_transport.py +247 -0
  45. vouch_protocol-2.0.0/tests/test_transport_http_rendezvous.py +219 -0
  46. vouch_protocol-2.0.0/tests/test_transport_rendezvous.py +157 -0
  47. vouch_protocol-2.0.0/tests/test_transport_udna_sdk.py +139 -0
  48. vouch_protocol-2.0.0/tests/test_trifecta.py +80 -0
  49. vouch_protocol-2.0.0/tests/test_trust_check.py +114 -0
  50. vouch_protocol-2.0.0/tests/test_validator_server.py +126 -0
  51. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_verifier_vc.py +54 -61
  52. vouch_protocol-2.0.0/vouch/__init__.py +529 -0
  53. vouch_protocol-2.0.0/vouch/accountability.py +592 -0
  54. vouch_protocol-2.0.0/vouch/agent.py +358 -0
  55. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/async_verifier.py +5 -177
  56. vouch_protocol-2.0.0/vouch/audit_trail.py +310 -0
  57. vouch_protocol-2.0.0/vouch/auditor.py +121 -0
  58. vouch_protocol-2.0.0/vouch/autosign.py +479 -0
  59. vouch_protocol-2.0.0/vouch/budget.py +211 -0
  60. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/cli.py +212 -31
  61. vouch_protocol-2.0.0/vouch/conformance.py +502 -0
  62. vouch_protocol-2.0.0/vouch/credential.py +181 -0
  63. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/data_integrity.py +21 -6
  64. vouch_protocol-2.0.0/vouch/fleet.py +291 -0
  65. vouch_protocol-2.0.0/vouch/gate.py +119 -0
  66. vouch_protocol-2.0.0/vouch/grade.py +221 -0
  67. vouch_protocol-2.0.0/vouch/integrations/_common.py +61 -0
  68. vouch_protocol-2.0.0/vouch/integrations/autogen/__init__.py +50 -0
  69. vouch_protocol-2.0.0/vouch/integrations/autogpt/__init__.py +17 -0
  70. vouch_protocol-2.0.0/vouch/integrations/autogpt/commands.py +42 -0
  71. vouch_protocol-2.0.0/vouch/integrations/claude-code/settings.hooks.json +16 -0
  72. vouch_protocol-2.0.0/vouch/integrations/crewai/__init__.py +17 -0
  73. vouch_protocol-2.0.0/vouch/integrations/crewai/tool.py +90 -0
  74. vouch_protocol-2.0.0/vouch/integrations/fastapi.py +75 -0
  75. vouch_protocol-2.0.0/vouch/integrations/google.py +24 -0
  76. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/integrations/hasura/webhook.py +60 -26
  77. vouch_protocol-2.0.0/vouch/integrations/langchain/__init__.py +17 -0
  78. vouch_protocol-2.0.0/vouch/integrations/langchain/tool.py +95 -0
  79. vouch_protocol-2.0.0/vouch/integrations/mcp/server.py +267 -0
  80. vouch_protocol-2.0.0/vouch/integrations/vertex_ai/__init__.py +22 -0
  81. vouch_protocol-2.0.0/vouch/keystore.py +217 -0
  82. vouch_protocol-2.0.0/vouch/liveness_conformance.py +409 -0
  83. vouch_protocol-2.0.0/vouch/mcp_guard.py +265 -0
  84. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/onboard.py +22 -4
  85. vouch_protocol-2.0.0/vouch/proof_of_integration.py +337 -0
  86. vouch_protocol-2.0.0/vouch/receipts.py +277 -0
  87. vouch_protocol-2.0.0/vouch/recovery.py +218 -0
  88. vouch_protocol-2.0.0/vouch/reputation_aggregate.py +161 -0
  89. vouch_protocol-2.0.0/vouch/reputation_disputes.py +150 -0
  90. vouch_protocol-2.0.0/vouch/reputation_ledger.py +209 -0
  91. vouch_protocol-2.0.0/vouch/reputation_policy.py +147 -0
  92. vouch_protocol-2.0.0/vouch/reputation_portability.py +178 -0
  93. vouch_protocol-2.0.0/vouch/robotics/__init__.py +253 -0
  94. vouch_protocol-2.0.0/vouch/robotics/_signing.py +29 -0
  95. vouch_protocol-2.0.0/vouch/robotics/blackbox.py +228 -0
  96. vouch_protocol-2.0.0/vouch/robotics/capability.py +170 -0
  97. vouch_protocol-2.0.0/vouch/robotics/conformance.py +405 -0
  98. vouch_protocol-2.0.0/vouch/robotics/custody.py +231 -0
  99. vouch_protocol-2.0.0/vouch/robotics/embodiment.py +221 -0
  100. vouch_protocol-2.0.0/vouch/robotics/handshake.py +215 -0
  101. vouch_protocol-2.0.0/vouch/robotics/identity.py +258 -0
  102. vouch_protocol-2.0.0/vouch/robotics/lease.py +169 -0
  103. vouch_protocol-2.0.0/vouch/robotics/lifecycle.py +312 -0
  104. vouch_protocol-2.0.0/vouch/robotics/liveness.py +369 -0
  105. vouch_protocol-2.0.0/vouch/robotics/passport.py +174 -0
  106. vouch_protocol-2.0.0/vouch/robotics/perception.py +232 -0
  107. vouch_protocol-2.0.0/vouch/robotics/physical_quorum.py +159 -0
  108. vouch_protocol-2.0.0/vouch/robotics/pq.py +146 -0
  109. vouch_protocol-2.0.0/vouch/robotics/provenance.py +130 -0
  110. vouch_protocol-2.0.0/vouch/robotics/revocation.py +126 -0
  111. vouch_protocol-2.0.0/vouch/robotics/safety_record.py +259 -0
  112. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/shield/shield.py +87 -0
  113. vouch_protocol-2.0.0/vouch/signer.py +566 -0
  114. vouch_protocol-2.0.0/vouch/threshold.py +361 -0
  115. vouch_protocol-2.0.0/vouch/tool_registry.py +149 -0
  116. vouch_protocol-2.0.0/vouch/transport/__init__.py +137 -0
  117. vouch_protocol-2.0.0/vouch/transport/base.py +146 -0
  118. vouch_protocol-2.0.0/vouch/transport/did_key.py +77 -0
  119. vouch_protocol-2.0.0/vouch/transport/envelope.py +194 -0
  120. vouch_protocol-2.0.0/vouch/transport/http_rendezvous.py +332 -0
  121. vouch_protocol-2.0.0/vouch/transport/http_transport.py +160 -0
  122. vouch_protocol-2.0.0/vouch/transport/manager.py +188 -0
  123. vouch_protocol-2.0.0/vouch/transport/rendezvous.py +271 -0
  124. vouch_protocol-2.0.0/vouch/transport/udna.py +441 -0
  125. vouch_protocol-2.0.0/vouch/trifecta.py +219 -0
  126. vouch_protocol-2.0.0/vouch/trust_check.py +166 -0
  127. vouch_protocol-2.0.0/vouch/validator_server.py +193 -0
  128. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/verifier.py +122 -169
  129. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0/vouch_protocol.egg-info}/PKG-INFO +49 -32
  130. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch_protocol.egg-info/SOURCES.txt +99 -10
  131. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch_protocol.egg-info/requires.txt +4 -1
  132. vouch_protocol-1.6.2/tests/test_async_verifier.py +0 -196
  133. vouch_protocol-1.6.2/tests/test_delegation_chain.py +0 -195
  134. vouch_protocol-1.6.2/tests/test_signer.py +0 -142
  135. vouch_protocol-1.6.2/tests/test_signer_reputation.py +0 -122
  136. vouch_protocol-1.6.2/tests/test_verifier.py +0 -204
  137. vouch_protocol-1.6.2/vouch/__init__.py +0 -255
  138. vouch_protocol-1.6.2/vouch/auditor.py +0 -140
  139. vouch_protocol-1.6.2/vouch/integrations/_common.py +0 -91
  140. vouch_protocol-1.6.2/vouch/integrations/a2a.py +0 -81
  141. vouch_protocol-1.6.2/vouch/integrations/autogen/__init__.py +0 -5
  142. vouch_protocol-1.6.2/vouch/integrations/autogen/tool.py +0 -44
  143. vouch_protocol-1.6.2/vouch/integrations/autogpt/__init__.py +0 -5
  144. vouch_protocol-1.6.2/vouch/integrations/autogpt/commands.py +0 -78
  145. vouch_protocol-1.6.2/vouch/integrations/crewai/__init__.py +0 -5
  146. vouch_protocol-1.6.2/vouch/integrations/crewai/tool.py +0 -53
  147. vouch_protocol-1.6.2/vouch/integrations/google.py +0 -108
  148. vouch_protocol-1.6.2/vouch/integrations/langchain/__init__.py +0 -5
  149. vouch_protocol-1.6.2/vouch/integrations/langchain/tool.py +0 -104
  150. vouch_protocol-1.6.2/vouch/integrations/mcp/server.py +0 -94
  151. vouch_protocol-1.6.2/vouch/integrations/mlflow.py +0 -101
  152. vouch_protocol-1.6.2/vouch/integrations/safetensors.py +0 -126
  153. vouch_protocol-1.6.2/vouch/integrations/vertex_ai/__init__.py +0 -5
  154. vouch_protocol-1.6.2/vouch/integrations/vertex_ai/tool.py +0 -42
  155. vouch_protocol-1.6.2/vouch/signer.py +0 -424
  156. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/LICENSE +0 -0
  157. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/MANIFEST.in +0 -0
  158. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/setup.cfg +0 -0
  159. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_attribution.py +0 -0
  160. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_audio_bridge.py +0 -0
  161. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_behavioral_attestation.py +0 -0
  162. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_bridge.py +0 -0
  163. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_c2pa_formats.py +0 -0
  164. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_cache.py +0 -0
  165. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_canary.py +0 -0
  166. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_data_integrity.py +0 -0
  167. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_git_workflow.py +0 -0
  168. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_heartbeat.py +0 -0
  169. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_hybrid_interop.py +0 -0
  170. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_jcs.py +0 -0
  171. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_jcs_interop.py +0 -0
  172. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_media_badge.py +0 -0
  173. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_media_native.py +0 -0
  174. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_merkle.py +0 -0
  175. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_multikey.py +0 -0
  176. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_nonce.py +0 -0
  177. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_quorum.py +0 -0
  178. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_reputation.py +0 -0
  179. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_revocation.py +0 -0
  180. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_scan.py +0 -0
  181. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_security_hardening.py +0 -0
  182. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_status_list.py +0 -0
  183. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_trust_entropy.py +0 -0
  184. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_vc.py +0 -0
  185. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/attribution.py +0 -0
  186. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/attribution_cli.py +0 -0
  187. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/audio.py +0 -0
  188. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/behavioral_attestation.py +0 -0
  189. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/bridge/__init__.py +0 -0
  190. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/bridge/audio_routes.py +0 -0
  191. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/bridge/config.py +0 -0
  192. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/bridge/server.py +0 -0
  193. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/cache.py +0 -0
  194. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/canary.py +0 -0
  195. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/config.py +0 -0
  196. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/data_integrity_hybrid.py +0 -0
  197. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/did_web.py +0 -0
  198. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/heartbeat.py +0 -0
  199. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/integrations/adk.py +0 -0
  200. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/integrations/amnesia.py +0 -0
  201. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/integrations/hasura/__init__.py +0 -0
  202. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/integrations/mcp/__init__.py +0 -0
  203. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/integrations/n8n.py +0 -0
  204. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/integrations/streamlit/__init__.py +0 -0
  205. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/integrations/streamlit/seal.py +0 -0
  206. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/jcs.py +0 -0
  207. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/keys.py +0 -0
  208. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/kms.py +0 -0
  209. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/media/__init__.py +0 -0
  210. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/media/badge.py +0 -0
  211. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/media/c2pa.py +0 -0
  212. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/media/native.py +0 -0
  213. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/merkle.py +0 -0
  214. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/metrics.py +0 -0
  215. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/multikey.py +0 -0
  216. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/nonce.py +0 -0
  217. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/quorum.py +0 -0
  218. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/ratelimit.py +0 -0
  219. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/registry.py +0 -0
  220. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/reputation.py +0 -0
  221. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/revocation.py +0 -0
  222. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/scan/__init__.py +0 -0
  223. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/scan/detector.py +0 -0
  224. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/scan/patterns.py +0 -0
  225. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/seal.py +0 -0
  226. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/shield/__init__.py +0 -0
  227. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/shield/demo.py +0 -0
  228. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/shield/flight_recorder.py +0 -0
  229. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/shield/permissions.py +0 -0
  230. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/shield/trust_registry.py +0 -0
  231. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/ssrf.py +0 -0
  232. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/status_list.py +0 -0
  233. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/status_list_fetcher.py +0 -0
  234. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/trust_entropy.py +0 -0
  235. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/vc.py +0 -0
  236. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/verification.py +0 -0
  237. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch_protocol.egg-info/dependency_links.txt +0 -0
  238. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch_protocol.egg-info/entry_points.txt +0 -0
  239. {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch_protocol.egg-info/top_level.txt +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: vouch-protocol
3
- Version: 1.6.2
3
+ Version: 2.0.0
4
4
  Summary: The Identity & Reputation Standard for AI Agents
5
5
  Author-email: Vouch Protocol Contributors <hello@vouch-protocol.com>
6
6
  License: Apache License 2.0
@@ -232,7 +232,7 @@ Requires-Dist: crewai>=0.1.0; extra == "crewai"
232
232
  Provides-Extra: autogen
233
233
  Requires-Dist: pyautogen>=0.2.0; extra == "autogen"
234
234
  Provides-Extra: mcp
235
- Requires-Dist: mcp>=1.2.0; extra == "mcp"
235
+ Requires-Dist: mcp>=0.1.0; extra == "mcp"
236
236
  Provides-Extra: vertex
237
237
  Requires-Dist: google-cloud-aiplatform>=1.0.0; extra == "vertex"
238
238
  Provides-Extra: streamlit
@@ -250,6 +250,8 @@ Requires-Dist: google-cloud-kms>=2.0.0; extra == "gcp"
250
250
  Provides-Extra: azure
251
251
  Requires-Dist: azure-keyvault-keys>=4.0.0; extra == "azure"
252
252
  Provides-Extra: pq
253
+ Provides-Extra: udna
254
+ Requires-Dist: sirraya-udna-sdk>=1.0.3; extra == "udna"
253
255
  Provides-Extra: tracing
254
256
  Requires-Dist: opentelemetry-api>=1.20.0; extra == "tracing"
255
257
  Requires-Dist: opentelemetry-sdk>=1.20.0; extra == "tracing"
@@ -299,6 +301,10 @@ Dynamic: license-file
299
301
  <a href="https://discord.gg/mMqx5cG9Y"><img src="https://img.shields.io/badge/Discord-Join_Community-7289da?logo=discord&logoColor=white" alt="Discord"></a>
300
302
  </p>
301
303
 
304
+ <p align="center">
305
+ <a href="https://codespaces.new/vouch-protocol/vouch"><img src="https://github.com/codespaces/badge.svg" alt="Open in GitHub Codespaces" height="28"></a>
306
+ </p>
307
+
302
308
  <p align="center">
303
309
  <a href="https://github.com/vouch-protocol/vouch/blob/main/LICENSE"><img src="https://img.shields.io/badge/License-Apache_2.0-blue.svg" alt="Apache 2.0 License"></a>
304
310
  </p>
@@ -307,6 +313,16 @@ Dynamic: license-file
307
313
 
308
314
  ## Quick Start
309
315
 
316
+ ```bash
317
+ # Install (Linux and macOS). On Windows, use: pip install vouch-protocol
318
+ curl -fsSL https://vouch-protocol.com/install.sh | sh
319
+
320
+ # Run vouch with no arguments and pick what you want to do
321
+ vouch
322
+ ```
323
+
324
+ Prefer to do it by hand? It is three commands:
325
+
310
326
  ```bash
311
327
  pip install vouch-protocol
312
328
 
@@ -317,6 +333,8 @@ vouch git init
317
333
  git commit -m "Secure commit"
318
334
  ```
319
335
 
336
+ Setting up an agent instead of git signing? `vouch onboard --quick` generates a working identity, allow-list, verifier, and heartbeat config in one command.
337
+
320
338
  ---
321
339
 
322
340
  ## What's New in v1.0
@@ -329,7 +347,7 @@ Vouch Protocol v1.0 aligns directly with the open standard:
329
347
  - **Hybrid post-quantum profile** (`hybrid-eddsa-mldsa44-jcs-2026`) as an optional add-on for regulated deployments aligning with NIST CNSA 2.0 / NSM-10 timelines.
330
348
  - **Three-way cross-implementation interop** verified across Python, TypeScript, and Go.
331
349
 
332
- The legacy v0.x JWS API (`Signer.sign()`, `Verifier.verify()`) continues to work unchanged for a deprecation window. New code should prefer `Signer.sign_credential()` and `Verifier.verify_credential()`. See the Specification at [vouch-protocol.com/specs/SPEC/](https://vouch-protocol.com/specs/SPEC/) for the full specification.
350
+ Credentials are issued with `Signer.sign()` and checked with `Verifier.verify()`. See the Specification at [vouch-protocol.com/specs/SPEC/](https://vouch-protocol.com/specs/SPEC/) for the full specification.
333
351
 
334
352
  ---
335
353
 
@@ -356,8 +374,8 @@ Vouch is not one tool, it is a set of them. Here is the whole map.
356
374
  - **Vouch Shield** a runtime check that inspects every tool call against your rules, like a customs officer at the door.
357
375
  - **Continuous trust** heartbeats and session vouchers, so trust is a live signal that has to be renewed, not a badge that is issued once and trusted forever.
358
376
 
359
- ### Framework integrations (coming soon)
360
- Standalone packages that drop Vouch into the agent framework you already use. Each one issues a verifiable credential for a tool call, with optional delegation back to a human principal. Landing on PyPI with v1.6.2.
377
+ ### Framework integrations (new in v1.6.2)
378
+ Standalone packages that drop Vouch into the agent framework you already use. Each one issues a verifiable credential for a tool call, with optional delegation back to a human principal.
361
379
  - **`vouch-langchain`** a LangChain tool that signs each tool call before it leaves the agent.
362
380
  - **`vouch-crewai`** a CrewAI tool, with supervisor-to-worker delegation that can only narrow authority, never widen it.
363
381
  - **`vouch-a2a`** binds an A2A (Agent2Agent) Agent Card to a Vouch identity, so two agents can verify each other before they collaborate.
@@ -370,7 +388,7 @@ The standalone **`vouch-mcp`** package above ships alongside these in v1.6.2.
370
388
  Python, TypeScript, and Go are the full reference implementations. A Rust core with idiomatic Swift, JVM (Java and Kotlin), .NET, and C wrappers shares one codebase, so every language produces byte-identical output, verified against shared test vectors. A WebAssembly build is included for the browser and the edge. See the table further down for status per language.
371
389
 
372
390
  ### Robots and embodied agents
373
- A robot is an agent with a body, so the same primitives apply: a `did:vouch:agent` identity, delegation chains for who authorized it, and continuous trust for whether it is still behaving. Vouch adds a hardware-root-of-trust profile, so a robot's secure element (a TPM or a secure enclave) anchors its DID and signs its heartbeats, binding identity to the physical device rather than a config file. This is the open identity layer; richer robot-lifecycle tooling builds on top of it. See the open `did:vouch:agent` profile in [docs/specs/](docs/specs/).
391
+ A robot is an agent with a body, so identity and accountability matter even more once it can cause physical harm. The `vouch.robotics` module ships six capabilities on the same `eddsa-jcs-2022` credentials as the rest of Vouch: hardware-rooted identity (bound to a TPM or secure element, so it cannot be cloned to other hardware), model and config provenance (re-signable on every OTA update), physical capability scope (force, speed, a tighter cap near humans, allowed zones, and shift windows, checked before each actuation, with narrow-only delegation), a robot-to-robot trust handshake, an encrypted tamper-evident black box with a verifiable kill switch, and a scannable offline passport. All six are implemented in Python, TypeScript, Go, and the Rust core, which flows to the Swift, Kotlin/JVM, .NET, C/C++, and WebAssembly wrappers, so a robotics credential signed in one language verifies in every other. Eleven further capabilities round out the set: a living-trust heartbeat (a signed per-interval motion summary whose trust decays unless it is renewed in-envelope), two-level credential revocation (per-credential status lists and whole-DID kill), an accountable safety record (a tamper-evident incident ledger summarized into a portable signed record), signed perception provenance (each captured sensor frame's hash bound to the robot's key and hash-linked, so a robot can prove what its sensors saw and a substituted frame is detectable), an offline delegation lease (a short-lived, scope-bounded grant a disconnected robot verifies and acts on with no network call, nesting across vendors), a physical quorum (a cryptographic two-person rule requiring M of N attested approvers for a high-consequence action), lifecycle credentials (ownership transfer that chains into a verifiable chain of custody, key rotation that forms a key history, and a signed decommission that retires the robot), a regulatory conformance profile (a machine-checkable mapping from a robot's credentials to the clauses of ISO 10218 and 15066, the EU Machinery Regulation, the EU AI Act, and UL 3300, with a deterministic checker and a signed conformance attestation), post-quantum signing by default (robot credentials sign with the hybrid classical-plus-ML-DSA-44 cryptosuite, with backward-compatible verification, so a robot stays unforgeable across its decade-long life), and cross-embodiment identity continuity (an agent identity that moves between robot bodies, with an embodiment credential re-binding to each body's hardware root and a continuity chain that proves the same accountable agent persisted, plus a fork check), and a physical custody handoff chain (a signed record of who accepted custody of a task or object at each hop across human and robot actors, so an incident traces to the exact hop and an attested condition localizes damage to the holder responsible), implemented across the same languages and pinned by the shared interop vector. See [docs/robotics.md](docs/robotics.md) and the defensive disclosures PAD-064 through PAD-070 and PAD-076 through PAD-084.
374
392
 
375
393
  ### Inside your AI tools
376
394
  - **Claude Skill**, **OpenAI Custom GPT**, and **Gemini Gem** packages that teach your AI assistant how to add Vouch to your code, running on your own AI subscription.
@@ -420,7 +438,6 @@ AI agents are making real-world API calls with **ZERO cryptographic proof** of:
420
438
  - **Human-readable JSON** (proof attaches as a sibling object, no Base64-wrapped opaque payload)
421
439
  - **Framework-agnostic** (works with MCP, LangChain, CrewAI, AutoGPT, AutoGen, Vertex AI)
422
440
  - **Cross-language interop** (Python, TypeScript, Go, byte-identical canonical form)
423
- - **Backward-compatible** (legacy v0.x JWS API still supported during deprecation window)
424
441
  - **Open source** (Apache 2.0 license, CC0 prior-art portfolio)
425
442
 
426
443
  **Think of it as:**
@@ -442,9 +459,9 @@ flowchart LR
442
459
  V{"✅ Verified"}
443
460
 
444
461
  P -->|"Delegation VC"| A
445
- A -->|"sign_credential(intent)"| C
462
+ A -->|"sign(intent)"| C
446
463
  C -->|"HTTP body<br/>application/vc+vouch"| API
447
- API -->|"verify_credential()"| V
464
+ API -->|"verify()"| V
448
465
  ```
449
466
 
450
467
  **4 Simple Steps:**
@@ -502,6 +519,10 @@ flowchart TB
502
519
 
503
520
  ### 1. Install
504
521
  ```bash
522
+ # Linux and macOS: one line
523
+ curl -fsSL https://vouch-protocol.com/install.sh | sh
524
+
525
+ # Or with pip (any platform)
505
526
  pip install vouch-protocol
506
527
  ```
507
528
 
@@ -522,19 +543,13 @@ signer = Signer(
522
543
  did=os.environ['VOUCH_DID']
523
544
  )
524
545
 
525
- credential = signer.sign_credential(intent={
546
+ credential = signer.sign(intent={
526
547
  'action': 'read_database',
527
548
  'target': 'users_table',
528
549
  'resource': 'https://api.example.com/v1/users',
529
550
  })
530
551
  # Send credential as the JSON body of the API request, content-type
531
- # application/vc+vouch (legacy: application/vouch+credential+json)
532
- ```
533
-
534
- **Legacy v0.x path (JWS, still supported):**
535
- ```python
536
- token = signer.sign({'action': 'read_database', 'target': 'users'})
537
- # Include token in Vouch-Token header
552
+ # application/vc+vouch
538
553
  ```
539
554
 
540
555
  ### 4. Verify (API Side)
@@ -551,7 +566,7 @@ async def protected_route(request: Request):
551
566
  credential = await request.json()
552
567
  public_key = '{"kty":"OKP", ...}' # Resolved from did:web or trusted root
553
568
 
554
- is_valid, passport = Verifier.verify_credential(credential, public_key=public_key)
569
+ is_valid, passport = Verifier.verify(credential, public_key=public_key)
555
570
  if not is_valid:
556
571
  raise HTTPException(status_code=401, detail="Untrusted Agent")
557
572
 
@@ -562,18 +577,6 @@ async def protected_route(request: Request):
562
577
  }
563
578
  ```
564
579
 
565
- **Legacy v0.x path:**
566
- ```python
567
- from vouch import Verifier
568
-
569
- @app.post("/api/legacy")
570
- def legacy_route(vouch_token: str = Header(alias="Vouch-Token")):
571
- is_valid, passport = Verifier.verify(vouch_token, public_key_jwk=public_key)
572
- if not is_valid:
573
- raise HTTPException(status_code=401, detail="Untrusted Agent")
574
- return {"status": "Verified", "agent": passport.sub}
575
- ```
576
-
577
580
  **That's it.** A few lines to sign, a few to verify, on either path.
578
581
 
579
582
  ---
@@ -609,7 +612,7 @@ Works with all major AI frameworks out-of-the-box:
609
612
 
610
613
  ```python
611
614
  # Optional v1.0 profile, requires `pip install pqcrypto`
612
- credential = signer.sign_credential_hybrid(intent={
615
+ credential = signer.sign_hybrid(intent={
613
616
  'action': 'submit_clinical_finding',
614
617
  'target': 'trial:NCT00000001',
615
618
  'resource': 'https://fda-submissions.example.com/api/findings',
@@ -740,7 +743,7 @@ Built by [Ramprasad Gaddam](https://www.linkedin.com/in/rampy) ([Twitter/X](http
740
743
 
741
744
  ## Contributing
742
745
 
743
- Contributions welcome. See [CONTRIBUTING.md](https://github.com/vouch-protocol/vouch/blob/main/CONTRIBUTING.md).
746
+ Contributions welcome. See [CONTRIBUTING.md](https://github.com/vouch-protocol/vouch/blob/main/CONTRIBUTING.md). Looking for a place to start? Browse our [good first issues](https://github.com/vouch-protocol/vouch/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22), and open a ready-made dev environment with one click using the [Open in GitHub Codespaces](https://codespaces.new/vouch-protocol/vouch) badge above.
744
747
 
745
748
  **Areas where help is most useful:**
746
749
  - [ ] Additional framework integrations (Haystack, Semantic Kernel, LlamaIndex, others)
@@ -749,6 +752,20 @@ Contributions welcome. See [CONTRIBUTING.md](https://github.com/vouch-protocol/v
749
752
  - [ ] Independent security review and audit
750
753
  - [ ] Reference implementations in additional languages (Rust, Java, .NET)
751
754
 
755
+ ## Contributors
756
+
757
+ Thanks goes to these wonderful people. This section is maintained automatically by the [all-contributors](https://allcontributors.org/) bot.
758
+
759
+ <!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
760
+ <!-- ALL-CONTRIBUTORS-BADGE:END -->
761
+
762
+ <!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
763
+ <!-- prettier-ignore-start -->
764
+ <!-- markdownlint-disable -->
765
+ <!-- markdownlint-restore -->
766
+ <!-- prettier-ignore-end -->
767
+ <!-- ALL-CONTRIBUTORS-LIST:END -->
768
+
752
769
  ---
753
770
 
754
771
  **Star this repo if you find it useful.**
@@ -23,6 +23,10 @@
23
23
  <a href="https://discord.gg/mMqx5cG9Y"><img src="https://img.shields.io/badge/Discord-Join_Community-7289da?logo=discord&logoColor=white" alt="Discord"></a>
24
24
  </p>
25
25
 
26
+ <p align="center">
27
+ <a href="https://codespaces.new/vouch-protocol/vouch"><img src="https://github.com/codespaces/badge.svg" alt="Open in GitHub Codespaces" height="28"></a>
28
+ </p>
29
+
26
30
  <p align="center">
27
31
  <a href="https://github.com/vouch-protocol/vouch/blob/main/LICENSE"><img src="https://img.shields.io/badge/License-Apache_2.0-blue.svg" alt="Apache 2.0 License"></a>
28
32
  </p>
@@ -31,6 +35,16 @@
31
35
 
32
36
  ## Quick Start
33
37
 
38
+ ```bash
39
+ # Install (Linux and macOS). On Windows, use: pip install vouch-protocol
40
+ curl -fsSL https://vouch-protocol.com/install.sh | sh
41
+
42
+ # Run vouch with no arguments and pick what you want to do
43
+ vouch
44
+ ```
45
+
46
+ Prefer to do it by hand? It is three commands:
47
+
34
48
  ```bash
35
49
  pip install vouch-protocol
36
50
 
@@ -41,6 +55,8 @@ vouch git init
41
55
  git commit -m "Secure commit"
42
56
  ```
43
57
 
58
+ Setting up an agent instead of git signing? `vouch onboard --quick` generates a working identity, allow-list, verifier, and heartbeat config in one command.
59
+
44
60
  ---
45
61
 
46
62
  ## What's New in v1.0
@@ -53,7 +69,7 @@ Vouch Protocol v1.0 aligns directly with the open standard:
53
69
  - **Hybrid post-quantum profile** (`hybrid-eddsa-mldsa44-jcs-2026`) as an optional add-on for regulated deployments aligning with NIST CNSA 2.0 / NSM-10 timelines.
54
70
  - **Three-way cross-implementation interop** verified across Python, TypeScript, and Go.
55
71
 
56
- The legacy v0.x JWS API (`Signer.sign()`, `Verifier.verify()`) continues to work unchanged for a deprecation window. New code should prefer `Signer.sign_credential()` and `Verifier.verify_credential()`. See the Specification at [vouch-protocol.com/specs/SPEC/](https://vouch-protocol.com/specs/SPEC/) for the full specification.
72
+ Credentials are issued with `Signer.sign()` and checked with `Verifier.verify()`. See the Specification at [vouch-protocol.com/specs/SPEC/](https://vouch-protocol.com/specs/SPEC/) for the full specification.
57
73
 
58
74
  ---
59
75
 
@@ -80,8 +96,8 @@ Vouch is not one tool, it is a set of them. Here is the whole map.
80
96
  - **Vouch Shield** a runtime check that inspects every tool call against your rules, like a customs officer at the door.
81
97
  - **Continuous trust** heartbeats and session vouchers, so trust is a live signal that has to be renewed, not a badge that is issued once and trusted forever.
82
98
 
83
- ### Framework integrations (coming soon)
84
- Standalone packages that drop Vouch into the agent framework you already use. Each one issues a verifiable credential for a tool call, with optional delegation back to a human principal. Landing on PyPI with v1.6.2.
99
+ ### Framework integrations (new in v1.6.2)
100
+ Standalone packages that drop Vouch into the agent framework you already use. Each one issues a verifiable credential for a tool call, with optional delegation back to a human principal.
85
101
  - **`vouch-langchain`** a LangChain tool that signs each tool call before it leaves the agent.
86
102
  - **`vouch-crewai`** a CrewAI tool, with supervisor-to-worker delegation that can only narrow authority, never widen it.
87
103
  - **`vouch-a2a`** binds an A2A (Agent2Agent) Agent Card to a Vouch identity, so two agents can verify each other before they collaborate.
@@ -94,7 +110,7 @@ The standalone **`vouch-mcp`** package above ships alongside these in v1.6.2.
94
110
  Python, TypeScript, and Go are the full reference implementations. A Rust core with idiomatic Swift, JVM (Java and Kotlin), .NET, and C wrappers shares one codebase, so every language produces byte-identical output, verified against shared test vectors. A WebAssembly build is included for the browser and the edge. See the table further down for status per language.
95
111
 
96
112
  ### Robots and embodied agents
97
- A robot is an agent with a body, so the same primitives apply: a `did:vouch:agent` identity, delegation chains for who authorized it, and continuous trust for whether it is still behaving. Vouch adds a hardware-root-of-trust profile, so a robot's secure element (a TPM or a secure enclave) anchors its DID and signs its heartbeats, binding identity to the physical device rather than a config file. This is the open identity layer; richer robot-lifecycle tooling builds on top of it. See the open `did:vouch:agent` profile in [docs/specs/](docs/specs/).
113
+ A robot is an agent with a body, so identity and accountability matter even more once it can cause physical harm. The `vouch.robotics` module ships six capabilities on the same `eddsa-jcs-2022` credentials as the rest of Vouch: hardware-rooted identity (bound to a TPM or secure element, so it cannot be cloned to other hardware), model and config provenance (re-signable on every OTA update), physical capability scope (force, speed, a tighter cap near humans, allowed zones, and shift windows, checked before each actuation, with narrow-only delegation), a robot-to-robot trust handshake, an encrypted tamper-evident black box with a verifiable kill switch, and a scannable offline passport. All six are implemented in Python, TypeScript, Go, and the Rust core, which flows to the Swift, Kotlin/JVM, .NET, C/C++, and WebAssembly wrappers, so a robotics credential signed in one language verifies in every other. Eleven further capabilities round out the set: a living-trust heartbeat (a signed per-interval motion summary whose trust decays unless it is renewed in-envelope), two-level credential revocation (per-credential status lists and whole-DID kill), an accountable safety record (a tamper-evident incident ledger summarized into a portable signed record), signed perception provenance (each captured sensor frame's hash bound to the robot's key and hash-linked, so a robot can prove what its sensors saw and a substituted frame is detectable), an offline delegation lease (a short-lived, scope-bounded grant a disconnected robot verifies and acts on with no network call, nesting across vendors), a physical quorum (a cryptographic two-person rule requiring M of N attested approvers for a high-consequence action), lifecycle credentials (ownership transfer that chains into a verifiable chain of custody, key rotation that forms a key history, and a signed decommission that retires the robot), a regulatory conformance profile (a machine-checkable mapping from a robot's credentials to the clauses of ISO 10218 and 15066, the EU Machinery Regulation, the EU AI Act, and UL 3300, with a deterministic checker and a signed conformance attestation), post-quantum signing by default (robot credentials sign with the hybrid classical-plus-ML-DSA-44 cryptosuite, with backward-compatible verification, so a robot stays unforgeable across its decade-long life), and cross-embodiment identity continuity (an agent identity that moves between robot bodies, with an embodiment credential re-binding to each body's hardware root and a continuity chain that proves the same accountable agent persisted, plus a fork check), and a physical custody handoff chain (a signed record of who accepted custody of a task or object at each hop across human and robot actors, so an incident traces to the exact hop and an attested condition localizes damage to the holder responsible), implemented across the same languages and pinned by the shared interop vector. See [docs/robotics.md](docs/robotics.md) and the defensive disclosures PAD-064 through PAD-070 and PAD-076 through PAD-084.
98
114
 
99
115
  ### Inside your AI tools
100
116
  - **Claude Skill**, **OpenAI Custom GPT**, and **Gemini Gem** packages that teach your AI assistant how to add Vouch to your code, running on your own AI subscription.
@@ -144,7 +160,6 @@ AI agents are making real-world API calls with **ZERO cryptographic proof** of:
144
160
  - **Human-readable JSON** (proof attaches as a sibling object, no Base64-wrapped opaque payload)
145
161
  - **Framework-agnostic** (works with MCP, LangChain, CrewAI, AutoGPT, AutoGen, Vertex AI)
146
162
  - **Cross-language interop** (Python, TypeScript, Go, byte-identical canonical form)
147
- - **Backward-compatible** (legacy v0.x JWS API still supported during deprecation window)
148
163
  - **Open source** (Apache 2.0 license, CC0 prior-art portfolio)
149
164
 
150
165
  **Think of it as:**
@@ -166,9 +181,9 @@ flowchart LR
166
181
  V{"✅ Verified"}
167
182
 
168
183
  P -->|"Delegation VC"| A
169
- A -->|"sign_credential(intent)"| C
184
+ A -->|"sign(intent)"| C
170
185
  C -->|"HTTP body<br/>application/vc+vouch"| API
171
- API -->|"verify_credential()"| V
186
+ API -->|"verify()"| V
172
187
  ```
173
188
 
174
189
  **4 Simple Steps:**
@@ -226,6 +241,10 @@ flowchart TB
226
241
 
227
242
  ### 1. Install
228
243
  ```bash
244
+ # Linux and macOS: one line
245
+ curl -fsSL https://vouch-protocol.com/install.sh | sh
246
+
247
+ # Or with pip (any platform)
229
248
  pip install vouch-protocol
230
249
  ```
231
250
 
@@ -246,19 +265,13 @@ signer = Signer(
246
265
  did=os.environ['VOUCH_DID']
247
266
  )
248
267
 
249
- credential = signer.sign_credential(intent={
268
+ credential = signer.sign(intent={
250
269
  'action': 'read_database',
251
270
  'target': 'users_table',
252
271
  'resource': 'https://api.example.com/v1/users',
253
272
  })
254
273
  # Send credential as the JSON body of the API request, content-type
255
- # application/vc+vouch (legacy: application/vouch+credential+json)
256
- ```
257
-
258
- **Legacy v0.x path (JWS, still supported):**
259
- ```python
260
- token = signer.sign({'action': 'read_database', 'target': 'users'})
261
- # Include token in Vouch-Token header
274
+ # application/vc+vouch
262
275
  ```
263
276
 
264
277
  ### 4. Verify (API Side)
@@ -275,7 +288,7 @@ async def protected_route(request: Request):
275
288
  credential = await request.json()
276
289
  public_key = '{"kty":"OKP", ...}' # Resolved from did:web or trusted root
277
290
 
278
- is_valid, passport = Verifier.verify_credential(credential, public_key=public_key)
291
+ is_valid, passport = Verifier.verify(credential, public_key=public_key)
279
292
  if not is_valid:
280
293
  raise HTTPException(status_code=401, detail="Untrusted Agent")
281
294
 
@@ -286,18 +299,6 @@ async def protected_route(request: Request):
286
299
  }
287
300
  ```
288
301
 
289
- **Legacy v0.x path:**
290
- ```python
291
- from vouch import Verifier
292
-
293
- @app.post("/api/legacy")
294
- def legacy_route(vouch_token: str = Header(alias="Vouch-Token")):
295
- is_valid, passport = Verifier.verify(vouch_token, public_key_jwk=public_key)
296
- if not is_valid:
297
- raise HTTPException(status_code=401, detail="Untrusted Agent")
298
- return {"status": "Verified", "agent": passport.sub}
299
- ```
300
-
301
302
  **That's it.** A few lines to sign, a few to verify, on either path.
302
303
 
303
304
  ---
@@ -333,7 +334,7 @@ Works with all major AI frameworks out-of-the-box:
333
334
 
334
335
  ```python
335
336
  # Optional v1.0 profile, requires `pip install pqcrypto`
336
- credential = signer.sign_credential_hybrid(intent={
337
+ credential = signer.sign_hybrid(intent={
337
338
  'action': 'submit_clinical_finding',
338
339
  'target': 'trial:NCT00000001',
339
340
  'resource': 'https://fda-submissions.example.com/api/findings',
@@ -464,7 +465,7 @@ Built by [Ramprasad Gaddam](https://www.linkedin.com/in/rampy) ([Twitter/X](http
464
465
 
465
466
  ## Contributing
466
467
 
467
- Contributions welcome. See [CONTRIBUTING.md](https://github.com/vouch-protocol/vouch/blob/main/CONTRIBUTING.md).
468
+ Contributions welcome. See [CONTRIBUTING.md](https://github.com/vouch-protocol/vouch/blob/main/CONTRIBUTING.md). Looking for a place to start? Browse our [good first issues](https://github.com/vouch-protocol/vouch/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22), and open a ready-made dev environment with one click using the [Open in GitHub Codespaces](https://codespaces.new/vouch-protocol/vouch) badge above.
468
469
 
469
470
  **Areas where help is most useful:**
470
471
  - [ ] Additional framework integrations (Haystack, Semantic Kernel, LlamaIndex, others)
@@ -473,6 +474,20 @@ Contributions welcome. See [CONTRIBUTING.md](https://github.com/vouch-protocol/v
473
474
  - [ ] Independent security review and audit
474
475
  - [ ] Reference implementations in additional languages (Rust, Java, .NET)
475
476
 
477
+ ## Contributors
478
+
479
+ Thanks goes to these wonderful people. This section is maintained automatically by the [all-contributors](https://allcontributors.org/) bot.
480
+
481
+ <!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
482
+ <!-- ALL-CONTRIBUTORS-BADGE:END -->
483
+
484
+ <!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
485
+ <!-- prettier-ignore-start -->
486
+ <!-- markdownlint-disable -->
487
+ <!-- markdownlint-restore -->
488
+ <!-- prettier-ignore-end -->
489
+ <!-- ALL-CONTRIBUTORS-LIST:END -->
490
+
476
491
  ---
477
492
 
478
493
  **Star this repo if you find it useful.**
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
4
4
 
5
5
  [project]
6
6
  name = "vouch-protocol"
7
- version = "1.6.2"
7
+ version = "2.0.0"
8
8
  description = "The Identity & Reputation Standard for AI Agents"
9
9
  readme = "README.md"
10
10
  requires-python = ">=3.9"
@@ -44,7 +44,7 @@ dependencies = [
44
44
  langchain = ["langchain>=0.1.0"]
45
45
  crewai = ["crewai>=0.1.0"]
46
46
  autogen = ["pyautogen>=0.2.0"]
47
- mcp = ["mcp>=1.2.0"]
47
+ mcp = ["mcp>=0.1.0"]
48
48
  vertex = ["google-cloud-aiplatform>=1.0.0"]
49
49
  streamlit = ["streamlit>=1.0.0"]
50
50
 
@@ -71,6 +71,11 @@ azure = ["azure-keyvault-keys>=4.0.0"]
71
71
  # wrote that into a Dockerfile or requirements.txt.
72
72
  pq = []
73
73
 
74
+ # UDNA (Universal DID-Native Addressing) identity-first transport.
75
+ # Distribution `sirraya-udna-sdk` imports as the `udna_sdk` package.
76
+ # Optional: when absent, the hybrid transport stack degrades to HTTP fallback.
77
+ udna = ["sirraya-udna-sdk>=1.0.3"]
78
+
74
79
  # OpenTelemetry tracing
75
80
  tracing = [
76
81
  "opentelemetry-api>=1.20.0",