Metadata-Version: 2.4
Name: sealed-for-ai
Version: 0.1.0
Summary: Cryptographic receipts for AI-generated artifacts. One POST per artifact, public verifier URL, 7-year retention.
Project-URL: Homepage, https://ai.epochpay.today
Project-URL: Documentation, https://ai.epochpay.today/docs
Project-URL: Source, https://github.com/QuantumSwarms/sealed-for-ai
Project-URL: Issues, https://github.com/QuantumSwarms/sealed-for-ai/issues
Author-email: EpochCore LLC <partners@epochcoreqcs.com>
License-Expression: LicenseRef-Proprietary
License-File: LICENSE.md
Keywords: ai,audit,compliance,ed25519,ml-dsa,post-quantum,provenance,sha256
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: Other/Proprietary License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Software Development :: Libraries
Requires-Python: >=3.11
Requires-Dist: httpx>=0.27.0
Provides-Extra: dev
Requires-Dist: mypy>=1.10.0; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
Requires-Dist: pytest>=8.0.0; extra == 'dev'
Requires-Dist: respx>=0.21.0; extra == 'dev'
Requires-Dist: ruff>=0.5.0; extra == 'dev'
Description-Content-Type: text/markdown

# sealed-for-ai (Python)

Cryptographic receipts for AI-generated artifacts. One POST per artifact, public verifier URL, 7-year retention.

## Install

```bash
pip install sealed-for-ai
```

Requires Python 3.11+.

## Five-minute quickstart

```python
import hashlib
from sealed_for_ai import SealedAIClient

client = SealedAIClient(api_key="sk-ai-...")  # get one at https://ai.epochpay.today

output_bytes = b"This is whatever your AI just produced."
receipt = client.seal(
    artifact_kind="llm_output",
    subject="Generated for customer #42",
    payload_sha256=hashlib.sha256(output_bytes).hexdigest(),
    metadata={
        "model": "claude-opus-4-7",
        "tokens": 1284,
    },
)

print("Verifier URL:", receipt.verifier_url)
print("Seal ID:", receipt.seal_id)
# Verifier URL is now a public link anyone can open to confirm this artifact.
```

## Async usage

```python
import asyncio
from sealed_for_ai import AsyncSealedAIClient

async def main():
    async with AsyncSealedAIClient(api_key="sk-ai-...") as client:
        receipt = await client.seal(
            artifact_kind="llm_output",
            subject="...",
            payload_sha256="...",
        )
        print(receipt.verifier_url)

asyncio.run(main())
```

## Chaining (multi-step pipelines)

```python
seal_1 = client.seal(artifact_kind="rag_response", ...)
seal_2 = client.seal(artifact_kind="llm_output", chain_prev=seal_1.full_hash, ...)
seal_3 = client.seal(artifact_kind="agent_action", chain_prev=seal_2.full_hash, ...)
```

If any intermediate artifact is tampered with, the chain root changes and downstream seals self-invalidate.

## Verification

```python
verified = client.verify("EP-DKAP-A5C2F07B...")
assert verified.found
assert verified.signatures.ed25519_valid
print(verified.sealed_at, verified.retention_until)
```

Anyone can verify any seal — they don't need an API key. Pass them the `verifier_url` from a seal response and they can confirm in any browser.

## Configuration

```python
client = SealedAIClient(
    api_key="sk-ai-...",
    base_url="https://ai.epochpay.today",  # default
    timeout=30.0,                          # seconds, default
    max_retries=3,                         # exponential backoff on 5xx
)
```

Environment variables (used as defaults if not passed explicitly):

| Env var | Default |
| ------- | ------- |
| `SEALED_AI_KEY` | (required) |
| `SEALED_AI_BASE_URL` | `https://ai.epochpay.today` |
| `SEALED_AI_TIMEOUT` | `30` |

## Errors

Every API error raises a typed exception:

- `SealedAuthError` — 401 (bad / missing key)
- `SealedRateLimitError` — 429 (over plan limit; `retry_after` attr in seconds)
- `SealedValidationError` — 400 (bad request body)
- `SealedServerError` — 5xx (we're down or in maintenance; the SDK retries first)
- `SealedError` — base class; catch this if you want all of the above

```python
from sealed_for_ai.exceptions import SealedRateLimitError

try:
    receipt = client.seal(...)
except SealedRateLimitError as e:
    print(f"Wait {e.retry_after}s")
```

## Compliance

Every seal carries:

- SHA-256 (FIPS 180-4)
- Ed25519 signature (RFC 8032)
- ML-DSA-87 signature (FIPS 204, post-quantum)
- Base L2 anchor
- 7-year retention floor (`SEC 17 CFR § 240.17a-4`, FINRA Rule 4370)

For SOC 2 / EU AI Act mapping, see [`compliance.md`](https://ai.epochpay.today/docs/compliance).

## License

Proprietary · © 2026 EpochCore LLC · All Rights Reserved · Patent Pending.

See [LICENSE.md](https://github.com/QuantumSwarms/sealed-for-ai/blob/main/LICENSE.md).
