Metadata-Version: 2.4
Name: agent-id-service-sdk
Version: 0.4.0
Summary: AgentID — Service-side SDK for verifying AI agent JWTs and reporting activity
Project-URL: Homepage, https://github.com/agentscope-ai/agent-identity
Project-URL: Documentation, https://github.com/agentscope-ai/agent-identity
Project-URL: Repository, https://github.com/agentscope-ai/agent-identity
Author-email: Tongyi Lab <yilei.z@alibaba-inc.com>
License-Expression: Apache-2.0
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries
Requires-Python: >=3.10
Requires-Dist: cryptography>=41.0
Requires-Dist: httpx>=0.25
Requires-Dist: pyjwt[crypto]>=2.8
Provides-Extra: dev
Requires-Dist: pytest-asyncio>=0.23; extra == 'dev'
Requires-Dist: pytest>=7.0; extra == 'dev'
Description-Content-Type: text/markdown

# agent-id-service-sdk

AgentID Service SDK — for services and APIs to verify AI agent JWTs and report activity back to the IdP.

## Installation

```
pip install agent-id-service-sdk
```

## Quick Start

```python
from agent_id_service_sdk import AIPVerifier

verifier = AIPVerifier(
    trusted_providers=["qwenpaw.ai"],
    audience="https://my-service.example.com",
)

# HTTP (REST)
agent = await verifier.verify(request.headers["Authorization"])

# WebSocket / gRPC / MCP — use verify_token() with the raw JWT
agent = await verifier.verify_token(raw_jwt_string)

print(f"Agent: {agent.agent_id}, Principal: {agent.principal}")
```

## Features

- **Transport-agnostic** — `verify()` for HTTP headers, `verify_token()` for raw JWTs (WebSocket, gRPC, MCP)
- **Multi-algorithm support** — Verifies JWTs signed with ES256 (ECDSA P-256) or EdDSA (Ed25519)
- **Key rotation resilience** — Automatically refetches JWKS when an unknown `kid` is encountered
- **Clock skew tolerance** — Configurable leeway (default 30s) for JWT expiry checks
- **JWKS caching** — Caches provider public keys with configurable TTL (default 1 hour)
- **Activity reporting** — Built-in `AIPActivityReporter` for sending activity logs back to the IdP

## Configuration

```python
verifier = AIPVerifier(
    trusted_providers=["qwenpaw.ai", "other-idp.example.com"],
    audience="https://my-service.example.com",
    cache_ttl=3600,            # JWKS cache TTL in seconds (default: 1 hour)
    clock_skew_seconds=30,     # Clock skew tolerance (default: 30s)
    provider_urls={            # Optional: override base URLs (e.g. for local dev)
        "localhost": "http://localhost:8000",
    },
)
```

## Documentation

See the [AgentID](https://github.com/agentscope-ai/agent-identity) repository for full documentation.
