EATP SDK

The EATP SDK is a standalone Python package implementing the full Enterprise Agent Trust Protocol specification. What it is NOT: an access control library or a permissions framework. The EATP SDK implements cryptographic trust lineage: every agent action traces through a signed chain to the human authority that authorized it. It is independent of the broader Kailash platform, enabling adoption without learning or deploying the full stack.

Installation

pip install eatp

Optional extras:

pip install eatp[postgres]   # PostgreSQL-backed trust store
pip install eatp[dev]        # Development tools (pytest, mypy, ruff)

Requires Python 3.11+.

What it does

The EATP SDK implements the five-element Trust Lineage Chain:

1. Genesis Record: establishes the organizational root of authority, the founding moment from which all delegation flows
2. Delegation Record: transfers bounded authority from one entity to another; authority can never be expanded beyond what was received
3. Constraint Envelope: specifies five dimensions of permitted behavior: Financial, Operational, Temporal, Data Access, Communication
4. Capability Attestation: confirms that an agent possesses the capabilities required to operate within its delegated authority
5. Audit Anchor: creates tamper-evident records linking each action to the trust chain that authorized it

Key features

• Dataclass-based decision records: All trust records use Python dataclasses with to_dict()/from_dict() serialization
• Ed25519 signing: Mandatory cryptographic signing for all trust chain elements
• HMAC integrity verification: Optional overlay for integrity checking
• Monotonic trust escalation: Trust state can only escalate (Auto-Approved, Flagged, Held, Blocked), never downgrade
• Reasoning traces (v2.2): Machine-verifiable records of why trust decisions were made, with five-level confidentiality classification
• Multiple store backends: In-memory, filesystem, SQLite, and PostgreSQL trust stores
• CLI interface: Full trust lifecycle management from the terminal

CLI

The eatp command provides trust lifecycle management:

Command	Description
eatp init	Create authority keypair and genesis record
eatp establish	Establish trust for a new agent
eatp delegate	Delegate capabilities to another agent
eatp verify	Verify an agent’s trust for an action
eatp revoke	Revoke an agent’s trust or delegation
eatp status	Show agent trust chain status

Quick example

import asyncio
from eatp import TrustOperations, TrustKeyManager, CapabilityRequest
from eatp.chain import AuthorityType, CapabilityType
from eatp.crypto import generate_keypair
from eatp.store.memory import InMemoryTrustStore
from eatp.authority import OrganizationalAuthority, AuthorityPermission

async def main():
    # Setup
    store = InMemoryTrustStore()
    await store.initialize()
    key_mgr = TrustKeyManager()
    priv_key, pub_key = generate_keypair()
    key_mgr.register_key("key-org", priv_key)

    # Register authority
    authority = OrganizationalAuthority(
        id="org-acme", name="ACME Corp",
        authority_type=AuthorityType.ORGANIZATION,
        public_key=pub_key, signing_key_id="key-org",
        permissions=[AuthorityPermission.CREATE_AGENTS],
    )

    class Registry:
        async def initialize(self): pass
        async def get_authority(self, aid, include_inactive=False):
            return authority

    # Establish trust
    ops = TrustOperations(
        authority_registry=Registry(),
        key_manager=key_mgr,
        trust_store=store,
    )
    chain = await ops.establish(
        agent_id="agent-001",
        authority_id="org-acme",
        capabilities=[
            CapabilityRequest(
                capability="analyze_data",
                capability_type=CapabilityType.ACTION
            ),
        ],
    )

    # Verify before acting
    result = await ops.verify(
        agent_id="agent-001",
        action="analyze_data"
    )
    print(f"Verified: {result.valid}")  # True

asyncio.run(main())

SDK modules

Module	Purpose
eatp.chain	Trust chain records (Genesis, Delegation, Constraint Envelope)
eatp.crypto	Ed25519 key generation and signing
eatp.authority	Organizational authority management
eatp.constraints	Five-dimensional constraint definition and evaluation
eatp.enforce	Runtime constraint enforcement
eatp.governance	Governance policy management
eatp.interop	Cross-organization trust interoperability
eatp.registry	Authority and agent registry
eatp.store	Trust record persistence (memory, filesystem, SQLite, PostgreSQL)

Project details

License	Apache 2.0
Language	Python 3.11+
Source	github.com/terrene-foundation/kailash-py (packages/eatp)
PyPI	pip install eatp
Specification	EATP (CC BY 4.0)
Owner	Terrene Foundation

Further reading

• EATP specification: the full protocol specification
• Quickstart guide: build your first trust chain
• CARE Platform: the full governance platform using EATP
• Dual Plane Model: the architecture EATP verifies