feat: add Authority Envelope SDK wrappers (RFC-008)#60
Merged
Conversation
Adds envelope creation, derivation, and transport header generation to the Python SDK, wrapping the new gRPC surface added in capiscio-core PR #70. Changes: - Regenerate proto stubs with CreateEnvelope, DeriveEnvelope, BuildTransportHeaders, VerifyEnvelopeChain RPCs and 8 new messages - Add low-level gRPC client wrappers in _rpc/client.py: - create_envelope(): Create root envelopes (§6.1) - derive_envelope(): Derive child envelopes with hash linking (§6.3) - build_transport_headers(): Encode chains to HTTP headers (§15.1-§15.3) - Add high-level SimpleGuard API methods: - create_envelope(): Simplified root envelope creation - derive_envelope(): Simplified child envelope derivation - make_delegation_headers(): Combined badge + chain headers for requests - Add 14 unit tests covering all envelope operations Tests cover: basic creation, constraints serialization, enforcement mode, error propagation, derivation with narrowing, header generation with/without badge maps.
|
✅ Documentation validation passed!
|
|
✅ All checks passed! Ready for review. |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
|
✅ SDK server contract tests passed (test_server_integration.py). Cross-product scenarios are validated in capiscio-e2e-tests. |
There was a problem hiding this comment.
Pull request overview
This PR adds RFC-008 “Authority Envelope” support to the Python SDK by introducing new SimpleGuard helpers and gRPC wrapper methods for creating envelopes, deriving child envelopes, and producing HTTP transport headers for delegation chains.
Changes:
- Added
SimpleGuard.create_envelope(),SimpleGuard.derive_envelope(), andSimpleGuard.make_delegation_headers()high-level APIs. - Added
_rpc/client.pySimpleGuardService wrapper methods:create_envelope(),derive_envelope(), andbuild_transport_headers(). - Regenerated SimpleGuard protobuf stubs and added a new unit test suite covering envelope flows and header generation.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
tests/unit/test_envelope.py |
New unit tests for envelope creation/derivation and delegation transport header generation. |
capiscio_sdk/simple_guard.py |
Adds high-level RFC-008 envelope and delegation-header helpers on SimpleGuard. |
capiscio_sdk/_rpc/client.py |
Adds RPC wrapper methods for the new SimpleGuardService envelope/header RPCs. |
capiscio_sdk/_rpc/gen/capiscio/v1/simpleguard_pb2.py |
Regenerated protobuf messages for the expanded SimpleGuardService surface. |
capiscio_sdk/_rpc/gen/capiscio/v1/simpleguard_pb2_grpc.py |
Regenerated gRPC stub methods for the new RPC endpoints. |
|
|
||
| def make_delegation_headers( | ||
| self, | ||
| chain: list, |
Comment on lines
5
to
18
| @@ -11,9 +11,9 @@ | |||
| from google.protobuf.internal import builder as _builder | |||
| _runtime_version.ValidateProtobufRuntimeVersion( | |||
| _runtime_version.Domain.PUBLIC, | |||
| 6, | |||
| 33, | |||
| 5, | |||
| 7, | |||
| 34, | |||
| 1, | |||
| '', | |||
| 'capiscio/v1/simpleguard.proto' | |||
- Use list[str] instead of bare list in make_delegation_headers - Align simpleguard_pb2.py runtime version check to 6.33.5 to match all other generated pb2 files and the protobuf>=6.33.5 dependency
|
✅ Documentation validation passed!
|
|
✅ All checks passed! Ready for review. |
|
✅ SDK server contract tests passed (test_server_integration.py). Cross-product scenarios are validated in capiscio-e2e-tests. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds envelope creation, derivation, and transport header generation to the Python SDK, wrapping the new gRPC surface added in capiscio-core PR #70.
RFC-008 Coverage
This PR implements Plan Section G5-G8 from the RFC-008 chain verification implementation plan.
New gRPC Client Wrappers (
_rpc/client.py)create_envelope()— Create root Authority Envelopes (§6.1)derive_envelope()— Derive child envelopes with hash linking and narrowing validation (§6.3)build_transport_headers()— Encode delegation chains into HTTP transport headers (§15.1–§15.3)New High-Level SimpleGuard API (
simple_guard.py)SimpleGuard.create_envelope()— Simplified root envelope creation with auto key selectionSimpleGuard.derive_envelope()— Simplified child derivation with constraints serializationSimpleGuard.make_delegation_headers()— Combined badge + authority chain headersProto Stubs Regenerated
simpleguard_pb2.py— 8 new message types (CreateEnvelope/DeriveEnvelope/BuildTransportHeaders/VerifyEnvelopeChain Request/Response)simpleguard_pb2_grpc.py— 4 new RPC client methodsTests
14 unit tests covering:
Dependencies