vouch-protocol 1.6.2__tar.gz → 2.0.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {vouch_protocol-1.6.2/vouch_protocol.egg-info → vouch_protocol-2.0.0}/PKG-INFO +49 -32
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/README.md +45 -30
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/pyproject.toml +7 -2
- vouch_protocol-2.0.0/tests/test_accountability.py +371 -0
- vouch_protocol-2.0.0/tests/test_audit_trail.py +158 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_auditor.py +44 -34
- vouch_protocol-2.0.0/tests/test_autosign.py +452 -0
- vouch_protocol-2.0.0/tests/test_budget.py +102 -0
- vouch_protocol-2.0.0/tests/test_cli_init.py +63 -0
- vouch_protocol-2.0.0/tests/test_conformance.py +35 -0
- vouch_protocol-2.0.0/tests/test_credential_gate.py +126 -0
- vouch_protocol-2.0.0/tests/test_dx_sugar.py +481 -0
- vouch_protocol-2.0.0/tests/test_fastapi_credential_gate.py +106 -0
- vouch_protocol-2.0.0/tests/test_fleet.py +261 -0
- vouch_protocol-2.0.0/tests/test_grade.py +66 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_hasura_integration.py +42 -58
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_hybrid.py +13 -13
- vouch_protocol-2.0.0/tests/test_liveness_conformance.py +234 -0
- vouch_protocol-2.0.0/tests/test_proof_of_integration.py +161 -0
- vouch_protocol-2.0.0/tests/test_receipts.py +122 -0
- vouch_protocol-2.0.0/tests/test_recovery.py +113 -0
- vouch_protocol-2.0.0/tests/test_reputation_aggregate.py +99 -0
- vouch_protocol-2.0.0/tests/test_reputation_disputes.py +93 -0
- vouch_protocol-2.0.0/tests/test_reputation_ledger.py +105 -0
- vouch_protocol-2.0.0/tests/test_reputation_policy.py +81 -0
- vouch_protocol-2.0.0/tests/test_reputation_portability.py +106 -0
- vouch_protocol-2.0.0/tests/test_robot_conformance.py +169 -0
- vouch_protocol-2.0.0/tests/test_robot_custody.py +159 -0
- vouch_protocol-2.0.0/tests/test_robot_embodiment.py +197 -0
- vouch_protocol-2.0.0/tests/test_robot_handshake_blackbox_passport.py +186 -0
- vouch_protocol-2.0.0/tests/test_robot_identity.py +78 -0
- vouch_protocol-2.0.0/tests/test_robot_lease_quorum.py +231 -0
- vouch_protocol-2.0.0/tests/test_robot_lifecycle.py +160 -0
- vouch_protocol-2.0.0/tests/test_robot_liveness_revocation.py +356 -0
- vouch_protocol-2.0.0/tests/test_robot_perception.py +158 -0
- vouch_protocol-2.0.0/tests/test_robot_pq.py +112 -0
- vouch_protocol-2.0.0/tests/test_robot_provenance_capability.py +159 -0
- vouch_protocol-2.0.0/tests/test_robot_safety_record.py +161 -0
- vouch_protocol-2.0.0/tests/test_secure_key_custody.py +187 -0
- vouch_protocol-2.0.0/tests/test_shield_guard.py +107 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_signer_vc.py +35 -47
- vouch_protocol-2.0.0/tests/test_threshold.py +168 -0
- vouch_protocol-2.0.0/tests/test_tool_registry.py +105 -0
- vouch_protocol-2.0.0/tests/test_transport.py +247 -0
- vouch_protocol-2.0.0/tests/test_transport_http_rendezvous.py +219 -0
- vouch_protocol-2.0.0/tests/test_transport_rendezvous.py +157 -0
- vouch_protocol-2.0.0/tests/test_transport_udna_sdk.py +139 -0
- vouch_protocol-2.0.0/tests/test_trifecta.py +80 -0
- vouch_protocol-2.0.0/tests/test_trust_check.py +114 -0
- vouch_protocol-2.0.0/tests/test_validator_server.py +126 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_verifier_vc.py +54 -61
- vouch_protocol-2.0.0/vouch/__init__.py +529 -0
- vouch_protocol-2.0.0/vouch/accountability.py +592 -0
- vouch_protocol-2.0.0/vouch/agent.py +358 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/async_verifier.py +5 -177
- vouch_protocol-2.0.0/vouch/audit_trail.py +310 -0
- vouch_protocol-2.0.0/vouch/auditor.py +121 -0
- vouch_protocol-2.0.0/vouch/autosign.py +479 -0
- vouch_protocol-2.0.0/vouch/budget.py +211 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/cli.py +212 -31
- vouch_protocol-2.0.0/vouch/conformance.py +502 -0
- vouch_protocol-2.0.0/vouch/credential.py +181 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/data_integrity.py +21 -6
- vouch_protocol-2.0.0/vouch/fleet.py +291 -0
- vouch_protocol-2.0.0/vouch/gate.py +119 -0
- vouch_protocol-2.0.0/vouch/grade.py +221 -0
- vouch_protocol-2.0.0/vouch/integrations/_common.py +61 -0
- vouch_protocol-2.0.0/vouch/integrations/autogen/__init__.py +50 -0
- vouch_protocol-2.0.0/vouch/integrations/autogpt/__init__.py +17 -0
- vouch_protocol-2.0.0/vouch/integrations/autogpt/commands.py +42 -0
- vouch_protocol-2.0.0/vouch/integrations/claude-code/settings.hooks.json +16 -0
- vouch_protocol-2.0.0/vouch/integrations/crewai/__init__.py +17 -0
- vouch_protocol-2.0.0/vouch/integrations/crewai/tool.py +90 -0
- vouch_protocol-2.0.0/vouch/integrations/fastapi.py +75 -0
- vouch_protocol-2.0.0/vouch/integrations/google.py +24 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/integrations/hasura/webhook.py +60 -26
- vouch_protocol-2.0.0/vouch/integrations/langchain/__init__.py +17 -0
- vouch_protocol-2.0.0/vouch/integrations/langchain/tool.py +95 -0
- vouch_protocol-2.0.0/vouch/integrations/mcp/server.py +267 -0
- vouch_protocol-2.0.0/vouch/integrations/vertex_ai/__init__.py +22 -0
- vouch_protocol-2.0.0/vouch/keystore.py +217 -0
- vouch_protocol-2.0.0/vouch/liveness_conformance.py +409 -0
- vouch_protocol-2.0.0/vouch/mcp_guard.py +265 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/onboard.py +22 -4
- vouch_protocol-2.0.0/vouch/proof_of_integration.py +337 -0
- vouch_protocol-2.0.0/vouch/receipts.py +277 -0
- vouch_protocol-2.0.0/vouch/recovery.py +218 -0
- vouch_protocol-2.0.0/vouch/reputation_aggregate.py +161 -0
- vouch_protocol-2.0.0/vouch/reputation_disputes.py +150 -0
- vouch_protocol-2.0.0/vouch/reputation_ledger.py +209 -0
- vouch_protocol-2.0.0/vouch/reputation_policy.py +147 -0
- vouch_protocol-2.0.0/vouch/reputation_portability.py +178 -0
- vouch_protocol-2.0.0/vouch/robotics/__init__.py +253 -0
- vouch_protocol-2.0.0/vouch/robotics/_signing.py +29 -0
- vouch_protocol-2.0.0/vouch/robotics/blackbox.py +228 -0
- vouch_protocol-2.0.0/vouch/robotics/capability.py +170 -0
- vouch_protocol-2.0.0/vouch/robotics/conformance.py +405 -0
- vouch_protocol-2.0.0/vouch/robotics/custody.py +231 -0
- vouch_protocol-2.0.0/vouch/robotics/embodiment.py +221 -0
- vouch_protocol-2.0.0/vouch/robotics/handshake.py +215 -0
- vouch_protocol-2.0.0/vouch/robotics/identity.py +258 -0
- vouch_protocol-2.0.0/vouch/robotics/lease.py +169 -0
- vouch_protocol-2.0.0/vouch/robotics/lifecycle.py +312 -0
- vouch_protocol-2.0.0/vouch/robotics/liveness.py +369 -0
- vouch_protocol-2.0.0/vouch/robotics/passport.py +174 -0
- vouch_protocol-2.0.0/vouch/robotics/perception.py +232 -0
- vouch_protocol-2.0.0/vouch/robotics/physical_quorum.py +159 -0
- vouch_protocol-2.0.0/vouch/robotics/pq.py +146 -0
- vouch_protocol-2.0.0/vouch/robotics/provenance.py +130 -0
- vouch_protocol-2.0.0/vouch/robotics/revocation.py +126 -0
- vouch_protocol-2.0.0/vouch/robotics/safety_record.py +259 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/shield/shield.py +87 -0
- vouch_protocol-2.0.0/vouch/signer.py +566 -0
- vouch_protocol-2.0.0/vouch/threshold.py +361 -0
- vouch_protocol-2.0.0/vouch/tool_registry.py +149 -0
- vouch_protocol-2.0.0/vouch/transport/__init__.py +137 -0
- vouch_protocol-2.0.0/vouch/transport/base.py +146 -0
- vouch_protocol-2.0.0/vouch/transport/did_key.py +77 -0
- vouch_protocol-2.0.0/vouch/transport/envelope.py +194 -0
- vouch_protocol-2.0.0/vouch/transport/http_rendezvous.py +332 -0
- vouch_protocol-2.0.0/vouch/transport/http_transport.py +160 -0
- vouch_protocol-2.0.0/vouch/transport/manager.py +188 -0
- vouch_protocol-2.0.0/vouch/transport/rendezvous.py +271 -0
- vouch_protocol-2.0.0/vouch/transport/udna.py +441 -0
- vouch_protocol-2.0.0/vouch/trifecta.py +219 -0
- vouch_protocol-2.0.0/vouch/trust_check.py +166 -0
- vouch_protocol-2.0.0/vouch/validator_server.py +193 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/verifier.py +122 -169
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0/vouch_protocol.egg-info}/PKG-INFO +49 -32
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch_protocol.egg-info/SOURCES.txt +99 -10
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch_protocol.egg-info/requires.txt +4 -1
- vouch_protocol-1.6.2/tests/test_async_verifier.py +0 -196
- vouch_protocol-1.6.2/tests/test_delegation_chain.py +0 -195
- vouch_protocol-1.6.2/tests/test_signer.py +0 -142
- vouch_protocol-1.6.2/tests/test_signer_reputation.py +0 -122
- vouch_protocol-1.6.2/tests/test_verifier.py +0 -204
- vouch_protocol-1.6.2/vouch/__init__.py +0 -255
- vouch_protocol-1.6.2/vouch/auditor.py +0 -140
- vouch_protocol-1.6.2/vouch/integrations/_common.py +0 -91
- vouch_protocol-1.6.2/vouch/integrations/a2a.py +0 -81
- vouch_protocol-1.6.2/vouch/integrations/autogen/__init__.py +0 -5
- vouch_protocol-1.6.2/vouch/integrations/autogen/tool.py +0 -44
- vouch_protocol-1.6.2/vouch/integrations/autogpt/__init__.py +0 -5
- vouch_protocol-1.6.2/vouch/integrations/autogpt/commands.py +0 -78
- vouch_protocol-1.6.2/vouch/integrations/crewai/__init__.py +0 -5
- vouch_protocol-1.6.2/vouch/integrations/crewai/tool.py +0 -53
- vouch_protocol-1.6.2/vouch/integrations/google.py +0 -108
- vouch_protocol-1.6.2/vouch/integrations/langchain/__init__.py +0 -5
- vouch_protocol-1.6.2/vouch/integrations/langchain/tool.py +0 -104
- vouch_protocol-1.6.2/vouch/integrations/mcp/server.py +0 -94
- vouch_protocol-1.6.2/vouch/integrations/mlflow.py +0 -101
- vouch_protocol-1.6.2/vouch/integrations/safetensors.py +0 -126
- vouch_protocol-1.6.2/vouch/integrations/vertex_ai/__init__.py +0 -5
- vouch_protocol-1.6.2/vouch/integrations/vertex_ai/tool.py +0 -42
- vouch_protocol-1.6.2/vouch/signer.py +0 -424
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/LICENSE +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/MANIFEST.in +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/setup.cfg +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_attribution.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_audio_bridge.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_behavioral_attestation.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_bridge.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_c2pa_formats.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_cache.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_canary.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_data_integrity.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_git_workflow.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_heartbeat.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_hybrid_interop.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_jcs.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_jcs_interop.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_media_badge.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_media_native.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_merkle.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_multikey.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_nonce.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_quorum.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_reputation.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_revocation.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_scan.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_security_hardening.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_status_list.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_trust_entropy.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/tests/test_vc.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/attribution.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/attribution_cli.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/audio.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/behavioral_attestation.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/bridge/__init__.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/bridge/audio_routes.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/bridge/config.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/bridge/server.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/cache.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/canary.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/config.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/data_integrity_hybrid.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/did_web.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/heartbeat.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/integrations/adk.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/integrations/amnesia.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/integrations/hasura/__init__.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/integrations/mcp/__init__.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/integrations/n8n.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/integrations/streamlit/__init__.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/integrations/streamlit/seal.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/jcs.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/keys.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/kms.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/media/__init__.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/media/badge.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/media/c2pa.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/media/native.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/merkle.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/metrics.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/multikey.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/nonce.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/quorum.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/ratelimit.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/registry.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/reputation.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/revocation.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/scan/__init__.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/scan/detector.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/scan/patterns.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/seal.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/shield/__init__.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/shield/demo.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/shield/flight_recorder.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/shield/permissions.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/shield/trust_registry.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/ssrf.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/status_list.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/status_list_fetcher.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/trust_entropy.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/vc.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch/verification.py +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch_protocol.egg-info/dependency_links.txt +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch_protocol.egg-info/entry_points.txt +0 -0
- {vouch_protocol-1.6.2 → vouch_protocol-2.0.0}/vouch_protocol.egg-info/top_level.txt +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: vouch-protocol
|
|
3
|
-
Version:
|
|
3
|
+
Version: 2.0.0
|
|
4
4
|
Summary: The Identity & Reputation Standard for AI Agents
|
|
5
5
|
Author-email: Vouch Protocol Contributors <hello@vouch-protocol.com>
|
|
6
6
|
License: Apache License 2.0
|
|
@@ -232,7 +232,7 @@ Requires-Dist: crewai>=0.1.0; extra == "crewai"
|
|
|
232
232
|
Provides-Extra: autogen
|
|
233
233
|
Requires-Dist: pyautogen>=0.2.0; extra == "autogen"
|
|
234
234
|
Provides-Extra: mcp
|
|
235
|
-
Requires-Dist: mcp>=1.
|
|
235
|
+
Requires-Dist: mcp>=0.1.0; extra == "mcp"
|
|
236
236
|
Provides-Extra: vertex
|
|
237
237
|
Requires-Dist: google-cloud-aiplatform>=1.0.0; extra == "vertex"
|
|
238
238
|
Provides-Extra: streamlit
|
|
@@ -250,6 +250,8 @@ Requires-Dist: google-cloud-kms>=2.0.0; extra == "gcp"
|
|
|
250
250
|
Provides-Extra: azure
|
|
251
251
|
Requires-Dist: azure-keyvault-keys>=4.0.0; extra == "azure"
|
|
252
252
|
Provides-Extra: pq
|
|
253
|
+
Provides-Extra: udna
|
|
254
|
+
Requires-Dist: sirraya-udna-sdk>=1.0.3; extra == "udna"
|
|
253
255
|
Provides-Extra: tracing
|
|
254
256
|
Requires-Dist: opentelemetry-api>=1.20.0; extra == "tracing"
|
|
255
257
|
Requires-Dist: opentelemetry-sdk>=1.20.0; extra == "tracing"
|
|
@@ -299,6 +301,10 @@ Dynamic: license-file
|
|
|
299
301
|
<a href="https://discord.gg/mMqx5cG9Y"><img src="https://img.shields.io/badge/Discord-Join_Community-7289da?logo=discord&logoColor=white" alt="Discord"></a>
|
|
300
302
|
</p>
|
|
301
303
|
|
|
304
|
+
<p align="center">
|
|
305
|
+
<a href="https://codespaces.new/vouch-protocol/vouch"><img src="https://github.com/codespaces/badge.svg" alt="Open in GitHub Codespaces" height="28"></a>
|
|
306
|
+
</p>
|
|
307
|
+
|
|
302
308
|
<p align="center">
|
|
303
309
|
<a href="https://github.com/vouch-protocol/vouch/blob/main/LICENSE"><img src="https://img.shields.io/badge/License-Apache_2.0-blue.svg" alt="Apache 2.0 License"></a>
|
|
304
310
|
</p>
|
|
@@ -307,6 +313,16 @@ Dynamic: license-file
|
|
|
307
313
|
|
|
308
314
|
## Quick Start
|
|
309
315
|
|
|
316
|
+
```bash
|
|
317
|
+
# Install (Linux and macOS). On Windows, use: pip install vouch-protocol
|
|
318
|
+
curl -fsSL https://vouch-protocol.com/install.sh | sh
|
|
319
|
+
|
|
320
|
+
# Run vouch with no arguments and pick what you want to do
|
|
321
|
+
vouch
|
|
322
|
+
```
|
|
323
|
+
|
|
324
|
+
Prefer to do it by hand? It is three commands:
|
|
325
|
+
|
|
310
326
|
```bash
|
|
311
327
|
pip install vouch-protocol
|
|
312
328
|
|
|
@@ -317,6 +333,8 @@ vouch git init
|
|
|
317
333
|
git commit -m "Secure commit"
|
|
318
334
|
```
|
|
319
335
|
|
|
336
|
+
Setting up an agent instead of git signing? `vouch onboard --quick` generates a working identity, allow-list, verifier, and heartbeat config in one command.
|
|
337
|
+
|
|
320
338
|
---
|
|
321
339
|
|
|
322
340
|
## What's New in v1.0
|
|
@@ -329,7 +347,7 @@ Vouch Protocol v1.0 aligns directly with the open standard:
|
|
|
329
347
|
- **Hybrid post-quantum profile** (`hybrid-eddsa-mldsa44-jcs-2026`) as an optional add-on for regulated deployments aligning with NIST CNSA 2.0 / NSM-10 timelines.
|
|
330
348
|
- **Three-way cross-implementation interop** verified across Python, TypeScript, and Go.
|
|
331
349
|
|
|
332
|
-
|
|
350
|
+
Credentials are issued with `Signer.sign()` and checked with `Verifier.verify()`. See the Specification at [vouch-protocol.com/specs/SPEC/](https://vouch-protocol.com/specs/SPEC/) for the full specification.
|
|
333
351
|
|
|
334
352
|
---
|
|
335
353
|
|
|
@@ -356,8 +374,8 @@ Vouch is not one tool, it is a set of them. Here is the whole map.
|
|
|
356
374
|
- **Vouch Shield** a runtime check that inspects every tool call against your rules, like a customs officer at the door.
|
|
357
375
|
- **Continuous trust** heartbeats and session vouchers, so trust is a live signal that has to be renewed, not a badge that is issued once and trusted forever.
|
|
358
376
|
|
|
359
|
-
### Framework integrations (
|
|
360
|
-
Standalone packages that drop Vouch into the agent framework you already use. Each one issues a verifiable credential for a tool call, with optional delegation back to a human principal.
|
|
377
|
+
### Framework integrations (new in v1.6.2)
|
|
378
|
+
Standalone packages that drop Vouch into the agent framework you already use. Each one issues a verifiable credential for a tool call, with optional delegation back to a human principal.
|
|
361
379
|
- **`vouch-langchain`** a LangChain tool that signs each tool call before it leaves the agent.
|
|
362
380
|
- **`vouch-crewai`** a CrewAI tool, with supervisor-to-worker delegation that can only narrow authority, never widen it.
|
|
363
381
|
- **`vouch-a2a`** binds an A2A (Agent2Agent) Agent Card to a Vouch identity, so two agents can verify each other before they collaborate.
|
|
@@ -370,7 +388,7 @@ The standalone **`vouch-mcp`** package above ships alongside these in v1.6.2.
|
|
|
370
388
|
Python, TypeScript, and Go are the full reference implementations. A Rust core with idiomatic Swift, JVM (Java and Kotlin), .NET, and C wrappers shares one codebase, so every language produces byte-identical output, verified against shared test vectors. A WebAssembly build is included for the browser and the edge. See the table further down for status per language.
|
|
371
389
|
|
|
372
390
|
### Robots and embodied agents
|
|
373
|
-
A robot is an agent with a body, so the same
|
|
391
|
+
A robot is an agent with a body, so identity and accountability matter even more once it can cause physical harm. The `vouch.robotics` module ships six capabilities on the same `eddsa-jcs-2022` credentials as the rest of Vouch: hardware-rooted identity (bound to a TPM or secure element, so it cannot be cloned to other hardware), model and config provenance (re-signable on every OTA update), physical capability scope (force, speed, a tighter cap near humans, allowed zones, and shift windows, checked before each actuation, with narrow-only delegation), a robot-to-robot trust handshake, an encrypted tamper-evident black box with a verifiable kill switch, and a scannable offline passport. All six are implemented in Python, TypeScript, Go, and the Rust core, which flows to the Swift, Kotlin/JVM, .NET, C/C++, and WebAssembly wrappers, so a robotics credential signed in one language verifies in every other. Eleven further capabilities round out the set: a living-trust heartbeat (a signed per-interval motion summary whose trust decays unless it is renewed in-envelope), two-level credential revocation (per-credential status lists and whole-DID kill), an accountable safety record (a tamper-evident incident ledger summarized into a portable signed record), signed perception provenance (each captured sensor frame's hash bound to the robot's key and hash-linked, so a robot can prove what its sensors saw and a substituted frame is detectable), an offline delegation lease (a short-lived, scope-bounded grant a disconnected robot verifies and acts on with no network call, nesting across vendors), a physical quorum (a cryptographic two-person rule requiring M of N attested approvers for a high-consequence action), lifecycle credentials (ownership transfer that chains into a verifiable chain of custody, key rotation that forms a key history, and a signed decommission that retires the robot), a regulatory conformance profile (a machine-checkable mapping from a robot's credentials to the clauses of ISO 10218 and 15066, the EU Machinery Regulation, the EU AI Act, and UL 3300, with a deterministic checker and a signed conformance attestation), post-quantum signing by default (robot credentials sign with the hybrid classical-plus-ML-DSA-44 cryptosuite, with backward-compatible verification, so a robot stays unforgeable across its decade-long life), and cross-embodiment identity continuity (an agent identity that moves between robot bodies, with an embodiment credential re-binding to each body's hardware root and a continuity chain that proves the same accountable agent persisted, plus a fork check), and a physical custody handoff chain (a signed record of who accepted custody of a task or object at each hop across human and robot actors, so an incident traces to the exact hop and an attested condition localizes damage to the holder responsible), implemented across the same languages and pinned by the shared interop vector. See [docs/robotics.md](docs/robotics.md) and the defensive disclosures PAD-064 through PAD-070 and PAD-076 through PAD-084.
|
|
374
392
|
|
|
375
393
|
### Inside your AI tools
|
|
376
394
|
- **Claude Skill**, **OpenAI Custom GPT**, and **Gemini Gem** packages that teach your AI assistant how to add Vouch to your code, running on your own AI subscription.
|
|
@@ -420,7 +438,6 @@ AI agents are making real-world API calls with **ZERO cryptographic proof** of:
|
|
|
420
438
|
- **Human-readable JSON** (proof attaches as a sibling object, no Base64-wrapped opaque payload)
|
|
421
439
|
- **Framework-agnostic** (works with MCP, LangChain, CrewAI, AutoGPT, AutoGen, Vertex AI)
|
|
422
440
|
- **Cross-language interop** (Python, TypeScript, Go, byte-identical canonical form)
|
|
423
|
-
- **Backward-compatible** (legacy v0.x JWS API still supported during deprecation window)
|
|
424
441
|
- **Open source** (Apache 2.0 license, CC0 prior-art portfolio)
|
|
425
442
|
|
|
426
443
|
**Think of it as:**
|
|
@@ -442,9 +459,9 @@ flowchart LR
|
|
|
442
459
|
V{"✅ Verified"}
|
|
443
460
|
|
|
444
461
|
P -->|"Delegation VC"| A
|
|
445
|
-
A -->|"
|
|
462
|
+
A -->|"sign(intent)"| C
|
|
446
463
|
C -->|"HTTP body<br/>application/vc+vouch"| API
|
|
447
|
-
API -->|"
|
|
464
|
+
API -->|"verify()"| V
|
|
448
465
|
```
|
|
449
466
|
|
|
450
467
|
**4 Simple Steps:**
|
|
@@ -502,6 +519,10 @@ flowchart TB
|
|
|
502
519
|
|
|
503
520
|
### 1. Install
|
|
504
521
|
```bash
|
|
522
|
+
# Linux and macOS: one line
|
|
523
|
+
curl -fsSL https://vouch-protocol.com/install.sh | sh
|
|
524
|
+
|
|
525
|
+
# Or with pip (any platform)
|
|
505
526
|
pip install vouch-protocol
|
|
506
527
|
```
|
|
507
528
|
|
|
@@ -522,19 +543,13 @@ signer = Signer(
|
|
|
522
543
|
did=os.environ['VOUCH_DID']
|
|
523
544
|
)
|
|
524
545
|
|
|
525
|
-
credential = signer.
|
|
546
|
+
credential = signer.sign(intent={
|
|
526
547
|
'action': 'read_database',
|
|
527
548
|
'target': 'users_table',
|
|
528
549
|
'resource': 'https://api.example.com/v1/users',
|
|
529
550
|
})
|
|
530
551
|
# Send credential as the JSON body of the API request, content-type
|
|
531
|
-
# application/vc+vouch
|
|
532
|
-
```
|
|
533
|
-
|
|
534
|
-
**Legacy v0.x path (JWS, still supported):**
|
|
535
|
-
```python
|
|
536
|
-
token = signer.sign({'action': 'read_database', 'target': 'users'})
|
|
537
|
-
# Include token in Vouch-Token header
|
|
552
|
+
# application/vc+vouch
|
|
538
553
|
```
|
|
539
554
|
|
|
540
555
|
### 4. Verify (API Side)
|
|
@@ -551,7 +566,7 @@ async def protected_route(request: Request):
|
|
|
551
566
|
credential = await request.json()
|
|
552
567
|
public_key = '{"kty":"OKP", ...}' # Resolved from did:web or trusted root
|
|
553
568
|
|
|
554
|
-
is_valid, passport = Verifier.
|
|
569
|
+
is_valid, passport = Verifier.verify(credential, public_key=public_key)
|
|
555
570
|
if not is_valid:
|
|
556
571
|
raise HTTPException(status_code=401, detail="Untrusted Agent")
|
|
557
572
|
|
|
@@ -562,18 +577,6 @@ async def protected_route(request: Request):
|
|
|
562
577
|
}
|
|
563
578
|
```
|
|
564
579
|
|
|
565
|
-
**Legacy v0.x path:**
|
|
566
|
-
```python
|
|
567
|
-
from vouch import Verifier
|
|
568
|
-
|
|
569
|
-
@app.post("/api/legacy")
|
|
570
|
-
def legacy_route(vouch_token: str = Header(alias="Vouch-Token")):
|
|
571
|
-
is_valid, passport = Verifier.verify(vouch_token, public_key_jwk=public_key)
|
|
572
|
-
if not is_valid:
|
|
573
|
-
raise HTTPException(status_code=401, detail="Untrusted Agent")
|
|
574
|
-
return {"status": "Verified", "agent": passport.sub}
|
|
575
|
-
```
|
|
576
|
-
|
|
577
580
|
**That's it.** A few lines to sign, a few to verify, on either path.
|
|
578
581
|
|
|
579
582
|
---
|
|
@@ -609,7 +612,7 @@ Works with all major AI frameworks out-of-the-box:
|
|
|
609
612
|
|
|
610
613
|
```python
|
|
611
614
|
# Optional v1.0 profile, requires `pip install pqcrypto`
|
|
612
|
-
credential = signer.
|
|
615
|
+
credential = signer.sign_hybrid(intent={
|
|
613
616
|
'action': 'submit_clinical_finding',
|
|
614
617
|
'target': 'trial:NCT00000001',
|
|
615
618
|
'resource': 'https://fda-submissions.example.com/api/findings',
|
|
@@ -740,7 +743,7 @@ Built by [Ramprasad Gaddam](https://www.linkedin.com/in/rampy) ([Twitter/X](http
|
|
|
740
743
|
|
|
741
744
|
## Contributing
|
|
742
745
|
|
|
743
|
-
Contributions welcome. See [CONTRIBUTING.md](https://github.com/vouch-protocol/vouch/blob/main/CONTRIBUTING.md).
|
|
746
|
+
Contributions welcome. See [CONTRIBUTING.md](https://github.com/vouch-protocol/vouch/blob/main/CONTRIBUTING.md). Looking for a place to start? Browse our [good first issues](https://github.com/vouch-protocol/vouch/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22), and open a ready-made dev environment with one click using the [Open in GitHub Codespaces](https://codespaces.new/vouch-protocol/vouch) badge above.
|
|
744
747
|
|
|
745
748
|
**Areas where help is most useful:**
|
|
746
749
|
- [ ] Additional framework integrations (Haystack, Semantic Kernel, LlamaIndex, others)
|
|
@@ -749,6 +752,20 @@ Contributions welcome. See [CONTRIBUTING.md](https://github.com/vouch-protocol/v
|
|
|
749
752
|
- [ ] Independent security review and audit
|
|
750
753
|
- [ ] Reference implementations in additional languages (Rust, Java, .NET)
|
|
751
754
|
|
|
755
|
+
## Contributors
|
|
756
|
+
|
|
757
|
+
Thanks goes to these wonderful people. This section is maintained automatically by the [all-contributors](https://allcontributors.org/) bot.
|
|
758
|
+
|
|
759
|
+
<!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
|
|
760
|
+
<!-- ALL-CONTRIBUTORS-BADGE:END -->
|
|
761
|
+
|
|
762
|
+
<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
|
|
763
|
+
<!-- prettier-ignore-start -->
|
|
764
|
+
<!-- markdownlint-disable -->
|
|
765
|
+
<!-- markdownlint-restore -->
|
|
766
|
+
<!-- prettier-ignore-end -->
|
|
767
|
+
<!-- ALL-CONTRIBUTORS-LIST:END -->
|
|
768
|
+
|
|
752
769
|
---
|
|
753
770
|
|
|
754
771
|
**Star this repo if you find it useful.**
|
|
@@ -23,6 +23,10 @@
|
|
|
23
23
|
<a href="https://discord.gg/mMqx5cG9Y"><img src="https://img.shields.io/badge/Discord-Join_Community-7289da?logo=discord&logoColor=white" alt="Discord"></a>
|
|
24
24
|
</p>
|
|
25
25
|
|
|
26
|
+
<p align="center">
|
|
27
|
+
<a href="https://codespaces.new/vouch-protocol/vouch"><img src="https://github.com/codespaces/badge.svg" alt="Open in GitHub Codespaces" height="28"></a>
|
|
28
|
+
</p>
|
|
29
|
+
|
|
26
30
|
<p align="center">
|
|
27
31
|
<a href="https://github.com/vouch-protocol/vouch/blob/main/LICENSE"><img src="https://img.shields.io/badge/License-Apache_2.0-blue.svg" alt="Apache 2.0 License"></a>
|
|
28
32
|
</p>
|
|
@@ -31,6 +35,16 @@
|
|
|
31
35
|
|
|
32
36
|
## Quick Start
|
|
33
37
|
|
|
38
|
+
```bash
|
|
39
|
+
# Install (Linux and macOS). On Windows, use: pip install vouch-protocol
|
|
40
|
+
curl -fsSL https://vouch-protocol.com/install.sh | sh
|
|
41
|
+
|
|
42
|
+
# Run vouch with no arguments and pick what you want to do
|
|
43
|
+
vouch
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
Prefer to do it by hand? It is three commands:
|
|
47
|
+
|
|
34
48
|
```bash
|
|
35
49
|
pip install vouch-protocol
|
|
36
50
|
|
|
@@ -41,6 +55,8 @@ vouch git init
|
|
|
41
55
|
git commit -m "Secure commit"
|
|
42
56
|
```
|
|
43
57
|
|
|
58
|
+
Setting up an agent instead of git signing? `vouch onboard --quick` generates a working identity, allow-list, verifier, and heartbeat config in one command.
|
|
59
|
+
|
|
44
60
|
---
|
|
45
61
|
|
|
46
62
|
## What's New in v1.0
|
|
@@ -53,7 +69,7 @@ Vouch Protocol v1.0 aligns directly with the open standard:
|
|
|
53
69
|
- **Hybrid post-quantum profile** (`hybrid-eddsa-mldsa44-jcs-2026`) as an optional add-on for regulated deployments aligning with NIST CNSA 2.0 / NSM-10 timelines.
|
|
54
70
|
- **Three-way cross-implementation interop** verified across Python, TypeScript, and Go.
|
|
55
71
|
|
|
56
|
-
|
|
72
|
+
Credentials are issued with `Signer.sign()` and checked with `Verifier.verify()`. See the Specification at [vouch-protocol.com/specs/SPEC/](https://vouch-protocol.com/specs/SPEC/) for the full specification.
|
|
57
73
|
|
|
58
74
|
---
|
|
59
75
|
|
|
@@ -80,8 +96,8 @@ Vouch is not one tool, it is a set of them. Here is the whole map.
|
|
|
80
96
|
- **Vouch Shield** a runtime check that inspects every tool call against your rules, like a customs officer at the door.
|
|
81
97
|
- **Continuous trust** heartbeats and session vouchers, so trust is a live signal that has to be renewed, not a badge that is issued once and trusted forever.
|
|
82
98
|
|
|
83
|
-
### Framework integrations (
|
|
84
|
-
Standalone packages that drop Vouch into the agent framework you already use. Each one issues a verifiable credential for a tool call, with optional delegation back to a human principal.
|
|
99
|
+
### Framework integrations (new in v1.6.2)
|
|
100
|
+
Standalone packages that drop Vouch into the agent framework you already use. Each one issues a verifiable credential for a tool call, with optional delegation back to a human principal.
|
|
85
101
|
- **`vouch-langchain`** a LangChain tool that signs each tool call before it leaves the agent.
|
|
86
102
|
- **`vouch-crewai`** a CrewAI tool, with supervisor-to-worker delegation that can only narrow authority, never widen it.
|
|
87
103
|
- **`vouch-a2a`** binds an A2A (Agent2Agent) Agent Card to a Vouch identity, so two agents can verify each other before they collaborate.
|
|
@@ -94,7 +110,7 @@ The standalone **`vouch-mcp`** package above ships alongside these in v1.6.2.
|
|
|
94
110
|
Python, TypeScript, and Go are the full reference implementations. A Rust core with idiomatic Swift, JVM (Java and Kotlin), .NET, and C wrappers shares one codebase, so every language produces byte-identical output, verified against shared test vectors. A WebAssembly build is included for the browser and the edge. See the table further down for status per language.
|
|
95
111
|
|
|
96
112
|
### Robots and embodied agents
|
|
97
|
-
A robot is an agent with a body, so the same
|
|
113
|
+
A robot is an agent with a body, so identity and accountability matter even more once it can cause physical harm. The `vouch.robotics` module ships six capabilities on the same `eddsa-jcs-2022` credentials as the rest of Vouch: hardware-rooted identity (bound to a TPM or secure element, so it cannot be cloned to other hardware), model and config provenance (re-signable on every OTA update), physical capability scope (force, speed, a tighter cap near humans, allowed zones, and shift windows, checked before each actuation, with narrow-only delegation), a robot-to-robot trust handshake, an encrypted tamper-evident black box with a verifiable kill switch, and a scannable offline passport. All six are implemented in Python, TypeScript, Go, and the Rust core, which flows to the Swift, Kotlin/JVM, .NET, C/C++, and WebAssembly wrappers, so a robotics credential signed in one language verifies in every other. Eleven further capabilities round out the set: a living-trust heartbeat (a signed per-interval motion summary whose trust decays unless it is renewed in-envelope), two-level credential revocation (per-credential status lists and whole-DID kill), an accountable safety record (a tamper-evident incident ledger summarized into a portable signed record), signed perception provenance (each captured sensor frame's hash bound to the robot's key and hash-linked, so a robot can prove what its sensors saw and a substituted frame is detectable), an offline delegation lease (a short-lived, scope-bounded grant a disconnected robot verifies and acts on with no network call, nesting across vendors), a physical quorum (a cryptographic two-person rule requiring M of N attested approvers for a high-consequence action), lifecycle credentials (ownership transfer that chains into a verifiable chain of custody, key rotation that forms a key history, and a signed decommission that retires the robot), a regulatory conformance profile (a machine-checkable mapping from a robot's credentials to the clauses of ISO 10218 and 15066, the EU Machinery Regulation, the EU AI Act, and UL 3300, with a deterministic checker and a signed conformance attestation), post-quantum signing by default (robot credentials sign with the hybrid classical-plus-ML-DSA-44 cryptosuite, with backward-compatible verification, so a robot stays unforgeable across its decade-long life), and cross-embodiment identity continuity (an agent identity that moves between robot bodies, with an embodiment credential re-binding to each body's hardware root and a continuity chain that proves the same accountable agent persisted, plus a fork check), and a physical custody handoff chain (a signed record of who accepted custody of a task or object at each hop across human and robot actors, so an incident traces to the exact hop and an attested condition localizes damage to the holder responsible), implemented across the same languages and pinned by the shared interop vector. See [docs/robotics.md](docs/robotics.md) and the defensive disclosures PAD-064 through PAD-070 and PAD-076 through PAD-084.
|
|
98
114
|
|
|
99
115
|
### Inside your AI tools
|
|
100
116
|
- **Claude Skill**, **OpenAI Custom GPT**, and **Gemini Gem** packages that teach your AI assistant how to add Vouch to your code, running on your own AI subscription.
|
|
@@ -144,7 +160,6 @@ AI agents are making real-world API calls with **ZERO cryptographic proof** of:
|
|
|
144
160
|
- **Human-readable JSON** (proof attaches as a sibling object, no Base64-wrapped opaque payload)
|
|
145
161
|
- **Framework-agnostic** (works with MCP, LangChain, CrewAI, AutoGPT, AutoGen, Vertex AI)
|
|
146
162
|
- **Cross-language interop** (Python, TypeScript, Go, byte-identical canonical form)
|
|
147
|
-
- **Backward-compatible** (legacy v0.x JWS API still supported during deprecation window)
|
|
148
163
|
- **Open source** (Apache 2.0 license, CC0 prior-art portfolio)
|
|
149
164
|
|
|
150
165
|
**Think of it as:**
|
|
@@ -166,9 +181,9 @@ flowchart LR
|
|
|
166
181
|
V{"✅ Verified"}
|
|
167
182
|
|
|
168
183
|
P -->|"Delegation VC"| A
|
|
169
|
-
A -->|"
|
|
184
|
+
A -->|"sign(intent)"| C
|
|
170
185
|
C -->|"HTTP body<br/>application/vc+vouch"| API
|
|
171
|
-
API -->|"
|
|
186
|
+
API -->|"verify()"| V
|
|
172
187
|
```
|
|
173
188
|
|
|
174
189
|
**4 Simple Steps:**
|
|
@@ -226,6 +241,10 @@ flowchart TB
|
|
|
226
241
|
|
|
227
242
|
### 1. Install
|
|
228
243
|
```bash
|
|
244
|
+
# Linux and macOS: one line
|
|
245
|
+
curl -fsSL https://vouch-protocol.com/install.sh | sh
|
|
246
|
+
|
|
247
|
+
# Or with pip (any platform)
|
|
229
248
|
pip install vouch-protocol
|
|
230
249
|
```
|
|
231
250
|
|
|
@@ -246,19 +265,13 @@ signer = Signer(
|
|
|
246
265
|
did=os.environ['VOUCH_DID']
|
|
247
266
|
)
|
|
248
267
|
|
|
249
|
-
credential = signer.
|
|
268
|
+
credential = signer.sign(intent={
|
|
250
269
|
'action': 'read_database',
|
|
251
270
|
'target': 'users_table',
|
|
252
271
|
'resource': 'https://api.example.com/v1/users',
|
|
253
272
|
})
|
|
254
273
|
# Send credential as the JSON body of the API request, content-type
|
|
255
|
-
# application/vc+vouch
|
|
256
|
-
```
|
|
257
|
-
|
|
258
|
-
**Legacy v0.x path (JWS, still supported):**
|
|
259
|
-
```python
|
|
260
|
-
token = signer.sign({'action': 'read_database', 'target': 'users'})
|
|
261
|
-
# Include token in Vouch-Token header
|
|
274
|
+
# application/vc+vouch
|
|
262
275
|
```
|
|
263
276
|
|
|
264
277
|
### 4. Verify (API Side)
|
|
@@ -275,7 +288,7 @@ async def protected_route(request: Request):
|
|
|
275
288
|
credential = await request.json()
|
|
276
289
|
public_key = '{"kty":"OKP", ...}' # Resolved from did:web or trusted root
|
|
277
290
|
|
|
278
|
-
is_valid, passport = Verifier.
|
|
291
|
+
is_valid, passport = Verifier.verify(credential, public_key=public_key)
|
|
279
292
|
if not is_valid:
|
|
280
293
|
raise HTTPException(status_code=401, detail="Untrusted Agent")
|
|
281
294
|
|
|
@@ -286,18 +299,6 @@ async def protected_route(request: Request):
|
|
|
286
299
|
}
|
|
287
300
|
```
|
|
288
301
|
|
|
289
|
-
**Legacy v0.x path:**
|
|
290
|
-
```python
|
|
291
|
-
from vouch import Verifier
|
|
292
|
-
|
|
293
|
-
@app.post("/api/legacy")
|
|
294
|
-
def legacy_route(vouch_token: str = Header(alias="Vouch-Token")):
|
|
295
|
-
is_valid, passport = Verifier.verify(vouch_token, public_key_jwk=public_key)
|
|
296
|
-
if not is_valid:
|
|
297
|
-
raise HTTPException(status_code=401, detail="Untrusted Agent")
|
|
298
|
-
return {"status": "Verified", "agent": passport.sub}
|
|
299
|
-
```
|
|
300
|
-
|
|
301
302
|
**That's it.** A few lines to sign, a few to verify, on either path.
|
|
302
303
|
|
|
303
304
|
---
|
|
@@ -333,7 +334,7 @@ Works with all major AI frameworks out-of-the-box:
|
|
|
333
334
|
|
|
334
335
|
```python
|
|
335
336
|
# Optional v1.0 profile, requires `pip install pqcrypto`
|
|
336
|
-
credential = signer.
|
|
337
|
+
credential = signer.sign_hybrid(intent={
|
|
337
338
|
'action': 'submit_clinical_finding',
|
|
338
339
|
'target': 'trial:NCT00000001',
|
|
339
340
|
'resource': 'https://fda-submissions.example.com/api/findings',
|
|
@@ -464,7 +465,7 @@ Built by [Ramprasad Gaddam](https://www.linkedin.com/in/rampy) ([Twitter/X](http
|
|
|
464
465
|
|
|
465
466
|
## Contributing
|
|
466
467
|
|
|
467
|
-
Contributions welcome. See [CONTRIBUTING.md](https://github.com/vouch-protocol/vouch/blob/main/CONTRIBUTING.md).
|
|
468
|
+
Contributions welcome. See [CONTRIBUTING.md](https://github.com/vouch-protocol/vouch/blob/main/CONTRIBUTING.md). Looking for a place to start? Browse our [good first issues](https://github.com/vouch-protocol/vouch/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22), and open a ready-made dev environment with one click using the [Open in GitHub Codespaces](https://codespaces.new/vouch-protocol/vouch) badge above.
|
|
468
469
|
|
|
469
470
|
**Areas where help is most useful:**
|
|
470
471
|
- [ ] Additional framework integrations (Haystack, Semantic Kernel, LlamaIndex, others)
|
|
@@ -473,6 +474,20 @@ Contributions welcome. See [CONTRIBUTING.md](https://github.com/vouch-protocol/v
|
|
|
473
474
|
- [ ] Independent security review and audit
|
|
474
475
|
- [ ] Reference implementations in additional languages (Rust, Java, .NET)
|
|
475
476
|
|
|
477
|
+
## Contributors
|
|
478
|
+
|
|
479
|
+
Thanks goes to these wonderful people. This section is maintained automatically by the [all-contributors](https://allcontributors.org/) bot.
|
|
480
|
+
|
|
481
|
+
<!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
|
|
482
|
+
<!-- ALL-CONTRIBUTORS-BADGE:END -->
|
|
483
|
+
|
|
484
|
+
<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
|
|
485
|
+
<!-- prettier-ignore-start -->
|
|
486
|
+
<!-- markdownlint-disable -->
|
|
487
|
+
<!-- markdownlint-restore -->
|
|
488
|
+
<!-- prettier-ignore-end -->
|
|
489
|
+
<!-- ALL-CONTRIBUTORS-LIST:END -->
|
|
490
|
+
|
|
476
491
|
---
|
|
477
492
|
|
|
478
493
|
**Star this repo if you find it useful.**
|
|
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
|
|
|
4
4
|
|
|
5
5
|
[project]
|
|
6
6
|
name = "vouch-protocol"
|
|
7
|
-
version = "
|
|
7
|
+
version = "2.0.0"
|
|
8
8
|
description = "The Identity & Reputation Standard for AI Agents"
|
|
9
9
|
readme = "README.md"
|
|
10
10
|
requires-python = ">=3.9"
|
|
@@ -44,7 +44,7 @@ dependencies = [
|
|
|
44
44
|
langchain = ["langchain>=0.1.0"]
|
|
45
45
|
crewai = ["crewai>=0.1.0"]
|
|
46
46
|
autogen = ["pyautogen>=0.2.0"]
|
|
47
|
-
mcp = ["mcp>=1.
|
|
47
|
+
mcp = ["mcp>=0.1.0"]
|
|
48
48
|
vertex = ["google-cloud-aiplatform>=1.0.0"]
|
|
49
49
|
streamlit = ["streamlit>=1.0.0"]
|
|
50
50
|
|
|
@@ -71,6 +71,11 @@ azure = ["azure-keyvault-keys>=4.0.0"]
|
|
|
71
71
|
# wrote that into a Dockerfile or requirements.txt.
|
|
72
72
|
pq = []
|
|
73
73
|
|
|
74
|
+
# UDNA (Universal DID-Native Addressing) identity-first transport.
|
|
75
|
+
# Distribution `sirraya-udna-sdk` imports as the `udna_sdk` package.
|
|
76
|
+
# Optional: when absent, the hybrid transport stack degrades to HTTP fallback.
|
|
77
|
+
udna = ["sirraya-udna-sdk>=1.0.3"]
|
|
78
|
+
|
|
74
79
|
# OpenTelemetry tracing
|
|
75
80
|
tracing = [
|
|
76
81
|
"opentelemetry-api>=1.20.0",
|