Metadata-Version: 2.4
Name: asqav
Version: 0.4.0
Summary: AI agent governance - audit trails, policy enforcement, compliance
Project-URL: Homepage, https://asqav.com
Project-URL: Documentation, https://asqav.com/docs
Project-URL: Repository, https://github.com/jagmarques/asqav-sdk
Author-email: Asqav <support@asqav.com>
License-Expression: MIT
Keywords: agents,ai,ai-security,audit-trail,compliance,crewai,dspy,eu-ai-act,governance,haystack,langchain,llamaindex,mcp,ml-dsa,openai-agents,policy-enforcement,smolagents,strands-agents
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.10
Provides-Extra: all
Requires-Dist: crewai>=0.41.0; extra == 'all'
Requires-Dist: dspy>=2.5.0; extra == 'all'
Requires-Dist: haystack-ai>=2.0.0; extra == 'all'
Requires-Dist: httpx>=0.24.0; extra == 'all'
Requires-Dist: instructor>=1.5.0; extra == 'all'
Requires-Dist: langchain-core>=0.2.0; extra == 'all'
Requires-Dist: letta-client>=1.10.0; extra == 'all'
Requires-Dist: litellm!=1.82.7,!=1.82.8,>=1.0.0; extra == 'all'
Requires-Dist: llama-index-core>=0.10.0; extra == 'all'
Requires-Dist: openai-agents>=0.1.0; extra == 'all'
Requires-Dist: smolagents>=1.0.0; extra == 'all'
Requires-Dist: strands-agents>=0.1.0; extra == 'all'
Requires-Dist: typer>=0.12.0; extra == 'all'
Provides-Extra: cli
Requires-Dist: httpx>=0.24.0; extra == 'cli'
Requires-Dist: typer>=0.12.0; extra == 'cli'
Provides-Extra: crewai
Requires-Dist: crewai>=0.41.0; extra == 'crewai'
Provides-Extra: dev
Requires-Dist: mypy>=1.10.0; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
Requires-Dist: pytest>=8.0.0; extra == 'dev'
Requires-Dist: ruff>=0.5.0; extra == 'dev'
Provides-Extra: dspy
Requires-Dist: dspy>=2.5.0; extra == 'dspy'
Provides-Extra: haystack
Requires-Dist: haystack-ai>=2.0.0; extra == 'haystack'
Provides-Extra: httpx
Requires-Dist: httpx>=0.24.0; extra == 'httpx'
Provides-Extra: instructor
Requires-Dist: instructor>=1.5.0; extra == 'instructor'
Provides-Extra: langchain
Requires-Dist: langchain-core>=0.2.0; extra == 'langchain'
Provides-Extra: letta
Requires-Dist: letta-client>=1.10.0; extra == 'letta'
Provides-Extra: litellm
Requires-Dist: litellm!=1.82.7,!=1.82.8,>=1.0.0; extra == 'litellm'
Provides-Extra: llamaindex
Requires-Dist: llama-index-core>=0.10.0; extra == 'llamaindex'
Provides-Extra: openai-agents
Requires-Dist: openai-agents>=0.1.0; extra == 'openai-agents'
Provides-Extra: smolagents
Requires-Dist: smolagents>=1.0.0; extra == 'smolagents'
Provides-Extra: strands
Requires-Dist: strands-agents>=0.1.0; extra == 'strands'
Description-Content-Type: text/markdown

# asqav

Python SDK for [asqav.com](https://asqav.com). All ML-DSA cryptography runs server-side. Drop-in for AI agent governance: audit trails, policy enforcement, compliance.

## Install

```bash
pip install asqav
```

## Quick start

```python
import asqav

asqav.init(api_key="sk_...")
agent = asqav.Agent.create("my-agent")
sig = agent.sign("api:call", {"model": "gpt-4"})

print(sig.verification_url)
```

Each signed action is recorded server-side with an ML-DSA-65 (FIPS 204) signature, a chain hash, and a public verification URL.

## CLI

The package ships an `asqav` CLI mirroring the Python API. Set `ASQAV_API_KEY` and run:

```bash
asqav verify <signature_id> [--output json]   # IETF axes when present
asqav sign --agent-id ID --action-type T --action-json action.json \
           --compliance-mode --receipt-type protectmcp:decision \
           --risk-class high --issuer-id legal:Acme
asqav agents list / create / revoke
asqav sessions list / end
asqav replay <agent_id> <session_id>          # Pro
asqav replay-verify <agent_id> <session_id> [--strict]   # IETF chain
asqav preflight <agent_id> <action_type>      # Pro
asqav budget check / record                   # Pro
asqav approve <session_id> <entity_id>        # Pro
asqav compliance frameworks / export          # Business
asqav audit-pack export --start ISO --end ISO --output-file bundle.json
asqav audit-pack policy <sha256:hex>
asqav payloads erase <signature_id>           # P4: GDPR right-to-erasure
asqav org set-compliance-strict <org_id> --enable|--disable
asqav keys generate --algorithm ed25519|es256 [--out priv.pem]
asqav migrate run v3-20|v3-21|v3-22           # X-Maintenance-Key required
asqav policies / webhooks list / create / delete   # Pro
```

Pro and Business commands are gated client-side via `GET /account` so a free-tier key gets a clean upgrade message instead of a mid-pipeline 402.

The IETF Compliance Receipts profile commands (`sign --compliance-mode`, `audit-pack export`, `audit-pack policy`, `payloads erase`, `replay-verify --strict`, `org set-compliance-strict`) match the SDK kwargs on `Agent.sign(...)` and `verify_compliance_receipt(...)`. See `docs/CLI.md` for full flag reference.

## Roadmap

Six-line view of what is shipped on Asqav:

- Hash-only mode for cloud - Today (default for `*.asqav.com`).
- Self-hosted signer (split-trust) - Today.
- Bring-your-own KMS (AWS KMS / GCP KMS) - Today, Enterprise tier.
- Customer-owned storage - Today (self-hosted; relay payload allowlist enforced in code).
- SCITT / COSE_Sign1 receipt export - Today (public `GET /api/v1/signatures/{id}/cose` returns `application/cose`).
- Air-gapped / on-prem mode - Today (offline license + zero-egress, see `docs/airgapped-mode.md` in the backend repo).

See the docs at <https://asqav.com/docs> for the current feature set.

## Standards

Asqav's compliance receipts are profiled in IETF Internet-Draft [`draft-marques-asqav-compliance-receipts`](https://datatracker.ietf.org/doc/draft-marques-asqav-compliance-receipts/), profiling the upstream [`draft-farley-acta-signed-receipts`](https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/) for EU AI Act Articles 12 and 26, and DORA Article 17 bindings.

## Compliance receipts (IETF profile)

Pass `compliance_mode=True` to `agent.sign(...)` to emit a Compliance Receipt under [`draft-marques-asqav-compliance-receipts`](https://datatracker.ietf.org/doc/draft-marques-asqav-compliance-receipts/). The SDK fills `action_ref` automatically (`sha256:` over the JCS-canonical action object) so callers only need to supply policy-relevant context.

```python
import asqav

asqav.init(api_key="sk_...")
agent = asqav.Agent.create("payments-agent")

sig = agent.sign(
    "payment.wire_transfer",
    {"amount_eur": 850000, "beneficiary_iban": "DE89370400440532013000"},
    compliance_mode=True,
    receipt_type="protectmcp:decision",
    risk_class="high",
    issuer_id="legal:Acme GmbH",
    iteration_id="task-2026-Q2-4821",
    sandbox_state="enabled",
)

print(sig.compliance_mode)        # True
print(sig.receipt_type)           # "protectmcp:decision"
print(sig.action_ref)             # "sha256:..."
print(sig.previous_receipt_hash)  # 64 hex; "0"*64 on the first record per agent
```

Local-side sanity checks (presence of REQUIRED fields, namespace, 300s skew bound, predecessor rederivation) are available as `asqav.verify_compliance_receipt(envelope, predecessor_envelope=...)`. The cloud is the authoritative verifier; this helper is a convenience.

Algorithm agility per profile section 10.8 is exposed via `asqav.SUPPORTED_ALGORITHMS`. Pass `algorithm="ed25519"` or `"es256"` to `Agent.create(...)` for non-post-quantum identities, or `asqav.generate_local_keypair("ed25519")` for offline scenarios.

## Documentation

- Repository: <https://github.com/jagmarques/asqav-sdk>
- Full docs: <https://asqav.com/docs>
- Roadmap: <https://asqav.com/roadmap>

## License

MIT. Get an API key at [asqav.com](https://asqav.com).
