RFC-002: Trust Badge gRPC Client#7
Conversation
This adds a thin gRPC client that connects to capiscio-core's gRPC server, enabling Python SDK to leverage the full Go implementation. ## Changes ### Generated Protobuf Code (capiscio_sdk/_rpc/gen/) - All *_pb2.py and *_pb2_grpc.py files for 7 services - Generated from capiscio-core proto files ### RPC Client (capiscio_sdk/_rpc/) - client.py: CapiscioRPCClient with service wrappers - process.py: ProcessManager to spawn/manage Go binary ## Services Available - BadgeService: Trust Badge signing/verification - DIDService: did:web parsing and construction - TrustStoreService: Key management - RevocationService: Key/badge revocation - ScoringService: Agent card validation - SimpleGuardService: Basic signing - RegistryService: Agent discovery Implements: RFC-002 Trust Badge Depends-on: capiscio/capiscio-core#17
|
✅ All checks passed! Ready for review. |
|
✅ Documentation validation passed!
|
There was a problem hiding this comment.
Pull request overview
This PR adds a gRPC client implementation for the Python SDK to communicate with the capiscio-core Go server, enabling Trust Badge functionality through remote procedure calls rather than native Python implementations.
Key Changes:
- Generated protobuf/gRPC code for 7 services (Badge, DID, TrustStore, Revocation, Scoring, SimpleGuard, Registry)
- Process manager to spawn and manage the Go binary lifecycle
- High-level Python client wrapper with typed service interfaces
Reviewed changes
Copilot reviewed 23 out of 23 changed files in this pull request and generated 13 comments.
Show a summary per file
| File | Description |
|---|---|
| pyproject.toml | Adds grpcio and protobuf dependencies |
| capiscio_sdk/_rpc/process.py | Process manager for Go binary lifecycle management |
| capiscio_sdk/_rpc/client.py | Main RPC client with service wrappers |
| capiscio_sdk/_rpc/gen/capiscio/v1/*_pb2.py | Generated protobuf message definitions |
| capiscio_sdk/_rpc/gen/capiscio/v1/*_pb2_grpc.py | Generated gRPC service stubs |
| capiscio_sdk/_rpc/init.py | Package exports |
| capiscio_sdk/_rpc/gen/**/init.py | Module initialization for generated code |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…ement - SimpleGuardClient: added sign_attached, verify_attached, generate_key_pair, load_key, export_key, get_key_info methods - SimpleGuardRPC: new drop-in replacement class for native SimpleGuard - Provides identical interface for easy migration to gRPC backend
|
✅ Documentation validation passed!
|
|
✅ All checks passed! Ready for review. |
PR Summary for ReviewThis PR adds gRPC client infrastructure to call Go core via the new RPC server. What's included:Generated Protobuf Code (
Client Wrappers (
Drop-in Replacement (
Usagefrom capiscio_sdk._rpc.client import CapiscioRPCClient
client = CapiscioRPCClient(address='localhost:50051')
client.connect()
client.simpleguard.sign_attached(payload=b'data', key_id='my-key')TestingIntegration tests passing against Go server ✅ |
- Fix _initialized check to use hasattr (prevents AttributeError) - Fix path calculation for dev binary (was one level too deep) - Remove unused imports (signal, sys) - Add explanatory comment for except OSError pass
|
✅ Documentation validation passed!
|
|
✅ All checks passed! Ready for review. |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 24 changed files in this pull request and generated 5 comments.
Comments suppressed due to low confidence (1)
capiscio_sdk/simple_guard_rpc.py:92
- Variable payload_bytes is not used.
payload_bytes = json.dumps(payload).encode("utf-8")
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| card_data = { | ||
| "agent_id": self.agent_id, | ||
| "public_keys": [{ | ||
| "kty": "OKP", | ||
| "crv": "Ed25519", | ||
| "kid": self.signing_kid, | ||
| "use": "sig", | ||
| # Note: x would need to be extracted from PEM | ||
| }], |
There was a problem hiding this comment.
The _update_agent_card_with_pem method creates an agent card with incomplete JWK data. The public key JWK is missing the required 'x' field (line 251 comment notes this), which will result in an invalid agent card. The PEM should be converted to a proper JWK format with all required fields before writing the agent-card.json.
| def sign_badge( | ||
| self, | ||
| claims: dict, | ||
| private_key_jwk: str, | ||
| key_id: str = "", | ||
| ) -> tuple[str, dict]: |
There was a problem hiding this comment.
The return type annotation uses Python 3.10+ syntax (tuple[str, dict]) but this may not be compatible with the project's minimum Python version. Consider using Tuple[str, dict] from the typing module for broader compatibility, or verify that Python 3.10+ is the minimum supported version.
|
|
||
| # Sign via gRPC - use SignAttached which handles timestamps and body hash | ||
| jws, error = self._client.simpleguard.sign_attached( | ||
| payload=body_bytes, # This gets hashed into 'bh' claim |
There was a problem hiding this comment.
The sign_outbound method incorrectly uses the body parameter as the payload for signing. According to the comment on line 98, the body should be "hashed into 'bh' claim", but the actual JWT payload from the payload argument is being ignored. The payload dictionary should be serialized and used as the payload, while the body should be used for the body hash claim.
| payload=body_bytes, # This gets hashed into 'bh' claim | |
| payload=payload_bytes, # The actual JWT payload to sign | |
| body=body_bytes, # This gets hashed into 'bh' claim |
| import grpc | ||
|
|
There was a problem hiding this comment.
Import of 'grpc' is not used.
| import grpc |
| from capiscio_sdk._rpc.gen.capiscio.v1 import common_pb2 as capiscio_dot_v1_dot_common__pb2 | ||
|
|
||
|
|
There was a problem hiding this comment.
Import of 'capiscio_dot_v1_dot_common__pb2' is not used.
| from capiscio_sdk._rpc.gen.capiscio.v1 import common_pb2 as capiscio_dot_v1_dot_common__pb2 |
Summary
Adds a thin gRPC client that connects to capiscio-core's gRPC server, enabling the Python SDK to leverage the full Go implementation for Trust Badge functionality.
Architecture
This client is designed to be a thin wrapper that delegates all cryptographic operations to the Go core via gRPC:
Changes
Generated Protobuf Code (
capiscio_sdk/_rpc/gen/)All
*_pb2.pyand*_pb2_grpc.pyfiles for 7 services:badge_pb2.py/badge_pb2_grpc.pydid_pb2.py/did_pb2_grpc.pytrust_pb2.py/trust_pb2_grpc.pyrevocation_pb2.py/revocation_pb2_grpc.pyscoring_pb2.py/scoring_pb2_grpc.pysimpleguard_pb2.py/simpleguard_pb2_grpc.pyregistry_pb2.py/registry_pb2_grpc.pyRPC Client (
capiscio_sdk/_rpc/)client.py:CapiscioRPCClientwith typed service wrappersprocess.py:ProcessManagerto spawn/manage the Go binaryUsage
Services Available
BadgeServiceDIDServiceTrustStoreServiceRevocationServiceScoringServiceSimpleGuardServiceRegistryServiceDependencies
grpcio>=1.60.0protobuf>=4.25.0Related