Metadata-Version: 2.4
Name: agent-ca
Version: 0.2.0
Summary: A Zero Trust Cryptographic Certificate Authority SDK for Autonomous AI Agents.
Author-email: Agent CA  <217001207@student.uj.ac.za>
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Topic :: Security :: Cryptography
Requires-Python: >=3.8
Description-Content-Type: text/markdown
Requires-Dist: requests>=2.31.0
Requires-Dist: cryptography>=42.0.0

# Agent-CA 🛡️

[![PyPI version](https://badge.fury.io/py/agent-ca.svg)](https://badge.fury.io/py/agent-ca)
[![Version](https://img.shields.io/badge/version-0.2.0-blue.svg)](https://pypi.org/project/agent-ca/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

**Zero Trust Hardware Cryptography for Autonomous AI Agents.**

In an era of AI-to-API communication, hardcoded API keys are a catastrophic vulnerability. `agent-ca` allows autonomous AI agents (LangChain, CrewAI, AutoGen) to securely authenticate with internal enterprise APIs using mathematically unforgeable, short-lived X.509 passports backed by a cloud Hardware Security Module (HSM).

---

## 🏗️ Architecture

```mermaid
sequenceDiagram
    participant Agent as AI Agent (Python SDK)
    participant CA as Agent-CA (Azure Container)
    participant HSM as Azure Key Vault (Hardware)
    participant API as Internal Bouncer API

    Agent->>CA: 1. Request Passport (Budget: $500)
    CA->>HSM: 2. Validate Identity & Sign (ECDSA)
    HSM-->>CA: 3. Return Hardware Signature
    CA-->>Agent: 4. Issue X.509 Passport (60m expiry)
    Agent->>API: 5. Execute Task (Injects Passport in Headers)
    API-->>Agent: 6. Verify Signature & Allow Access

🚀 Quickstart
1. Get your API key
Register your agent in the Agent-CA Command Center. (Note: Link will update post-beta).
https://agent-ca-saas.vercel.app/

2. Install the SDK
```python
pip install agent-ca
```
3. Initialize your secure session
agent-ca acts as a drop-in secure replacement for requests.Session. It handles ephemeral key generation, CA negotiation, payload signing, and automatic background rotation.
```python
from agent_ca import SecureAgentSession

# 1. Initialize the Zero-Trust session
#Get the API key: https://agent-ca-saas.vercel.app/
session = SecureAgentSession(
    agent_name="Finance-LangGraph-Bot", 
    api_key="sk_live_your_key_here"
)

# 2. Execute requests. The SDK automatically signs the payload 
# and injects the X.509 passport into the headers.
response = session.post(
    "[https://api.your-company.com/v1/execute](https://api.your-company.com/v1/execute)",
    json={"action": "transfer_funds", "amount": 500}
)

print(response.json())
```

🔒 Why Agent-CA?
No Hardcoded Secrets: Agents generate ephemeral private keys in memory. If an LLM gets prompt-injected, the attacker gets nothing but useless math.

Hardware Anchored: Every certificate is signed by a physical FIPS 140-2 Level 2 Hardware Security Module hosted in the Microsoft Azure cloud.

Instant Revocation: Global Certificate Revocation Lists (CRL) give you a terrifyingly fast kill-switch for rogue AI agents.

Privacy by Design: Built-in telemetry sanitization ensures your proprietary LLM prompts and vector data never leave your infrastructure.

📄 License
This SDK is released under the MIT License. See LICENSE for more information.

Note: The Agent-CA core routing engine and cryptographic HSM backend are proprietary SaaS infrastructure.
