attestproto-py — Reference Python implementation

Python 3.10+ reference implementation of the Agent Work Attestation Protocol v0.1.

Spec: ~/mediator/spec/SPEC.md.

What it does

• Generates Ed25519 keypairs.
• Constructs canonicalized JSON attestation objects per spec §3.
• Signs canonicalized form with Ed25519 (RFC 8032), per spec §4 + §6.
• Verifies signatures, structural conformance (§3), version (§2), and canonical round-trip (§2).
• CLI for keygen / canonicalize / hash / sign / verify.

Install

cd ~/mediator/lib/python
~/.pyenv/versions/3.13.2/bin/python3 -m venv .venv
source .venv/bin/activate
pip install -U pip setuptools wheel
pip install -e ".[dev]"

Library use

from attestproto import (
    SPEC_VERSION, sha256_hex,
    generate_keypair, sign_attestation, verify_attestation,
    build_attestation_id,
)

kp = generate_keypair()

attestation = {
    "version": SPEC_VERSION,
    "attestation_id": build_attestation_id(),
    "agent": {"id": "asst_demo", "platform": "openai",
              "model": "gpt-5o", "operator": "https://demo.com"},
    "task": {"type": "demo.task", "spec_hash": sha256_hex(b"spec")},
    "input": {"hash": sha256_hex(b"in"), "size_bytes": 2,
              "redaction_policy": "none"},
    "output": {"hash": sha256_hex(b"out"), "verdict": "success",
               "redaction_policy": "none"},
    "tool_calls": [],
    "timestamps": {"task_started": "...", "task_completed": "...",
                   "attestation_emitted": "..."},
    "signature": {"alg": "ed25519", "key_id": kp.fingerprint},
}

sign_attestation(attestation, kp.signing_key)
verify_attestation(attestation, kp.verify_key)  # True or raises

CLI

attestproto keygen ./keys
attestproto sign --in-place att.json ./keys/signing_key.hex
attestproto verify att.json ./keys/verify_key.hex   # exit 0 = OK, 1 = FAIL
attestproto canonicalize att.json                    # RFC 8785 byte form
attestproto hash some-payload.bin                    # sha256:<hex>

Tests

python -m pytest tests/ -v

9 tests cover: round-trip, tamper detection, wrong-key rejection, version policy, required-field policy, sig-alg policy, attestation-id format, Ed25519 determinism, and canonicalization defeating field reorders.

Status

• ✅ Sign / verify / canonicalize core
• ✅ CLI
• ✅ Pytest suite (9 / 9 pass)
• ⏳ JSON Schema enforcement against ~/mediator/spec/attestation-v0.1.schema.json
• ⏳ Multi-modal key_id resolver (DNS / DID / HTTPS / fingerprint per spec §6)
• ⏳ ZK-confidential mode (spec §8)
• ⏳ Multi-hop delegation chain walker (spec §7)
• ⏳ Co-signature support (spec §3 + §9)

License

MIT.