Metadata-Version: 2.4
Name: bpc-client
Version: 1.0.0
Summary: Python client SDK for the BPC (Bound Pair Credentials) request-signing protocol — device-bound cryptographic identity for APIs
Project-URL: Homepage, https://selfconnect.ai
Project-URL: Repository, https://github.com/rblake2320/bpc-protocol
Project-URL: Documentation, https://github.com/rblake2320/bpc-protocol/tree/main/packages/bpc-client
Author-email: SelfConnect <hello@selfconnect.ai>
License: MIT
Keywords: api-security,authentication,bpc,cryptography,ecdsa,selfconnect
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Topic :: Security :: Cryptography
Requires-Python: >=3.9
Requires-Dist: click>=8.0.0
Requires-Dist: cryptography>=41.0.0
Requires-Dist: httpx>=0.24.0
Provides-Extra: dev
Requires-Dist: pytest-asyncio>=0.21; extra == 'dev'
Requires-Dist: pytest>=7.0; extra == 'dev'
Requires-Dist: respx>=0.20; extra == 'dev'
Description-Content-Type: text/markdown

# bpc-client

Python client SDK for the **BPC (Bound Pair Credentials)** protocol — cryptographic device-binding and per-request signing for APIs.

BPC replaces static API keys with a multi-factor, per-request signing protocol. Every request is signed with an ECDSA P-256 device key, a user-chosen secret (HMAC-derived), a fresh nonce, and a timestamp. Stolen credentials are useless without the device key.

## Install

```bash
pip install bpc-client
```

## 3-Line Integration

```python
from bpc_client import BPCClient

# Register a new pair (development mode — auto-approved)
client = BPCClient.register(base_url="https://api.example.com", name="my-app", secret="MySecret1!")

# Every request is automatically signed
response = client.get("/api/data")
response = client.post("/api/items", json={"name": "test"})
```

## CLI

```bash
bpc pair register --url https://api.example.com --name my-app --secret MySecret1!
bpc pair list
bpc status --name my-app
bpc audit --name my-app
bpc request GET /api/data --name my-app
```

## MCP Server (Claude Desktop)

```json
{
  "mcpServers": {
    "bpc": { "command": "bpc-mcp" }
  }
}
```

## Protocol

BPC implements a 12-step server-side verification pipeline:
device key (ECDSA P-256) + secret (HMAC-SHA-256) + nonce (UUID) + timestamp (60s window) + body hash (SHA-256) + scope enforcement.

See the [full spec](https://github.com/rblake2320/bpc-protocol/blob/main/spec/bpc-spec-v1.md).
