KERI App API¶

keri.app.agenting¶

KERI keri.app.agenting module

class keri.app.agenting.HTTPMessenger(hab, wit, url, msgs=None, sent=None, doers=None, **kwa)[source]¶

Interacts with Recipients on HTTP and SSE for sending events and receiving receipts

__init__(hab, wit, url, msgs=None, sent=None, doers=None, **kwa)[source]¶

For the current event, gather the current set of witnesses, send the event, gather all receipts and send them to all other witnesses

Parameters:: hab – Habitat of the identifier to populate witnesses

msgDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatible generator method (doer dog)

Usage:: add result of doify on this method to doers list

responseDo(tymth=None, tock=0.0)[source]¶: Processes responses from client and adds them to sent cue

class keri.app.agenting.HTTPStreamMessenger(hab, wit, url, msg=b'', headers=None, **kwa)[source]¶

Interacts with Recipients on HTTP and SSE for sending events and receiving receipts

__init__(hab, wit, url, msg=b'', headers=None, **kwa)[source]¶

For the current event, gather the current set of witnesses, send the event, gather all receipts and send them to all other witnesses

Parameters:: hab – Habitat of the identifier to populate witnesses

recur(tyme, deeds=None)[source]¶

Returns doifiable Doist compatible generator method (doer dog)

Usage:: add result of doify on this method to doers list

class keri.app.agenting.Receiptor(hby, msgs=None, gets=None, cues=None)[source]¶

catchup(pre, wit)[source]¶

When adding a new Witness, use this method to catch the witness up to the current state of the KEL

Parameters:

pre (str) – qualified base64 AID of the KEL to send
wit (str) – qualified base64 AID of the witness to send the KEL to

get(pre, sn=None)[source]¶

Returns a generator for witness querying

The returns a generator that will request receipts for event identified by pre and sn

Parameters:

pre (str) – qualified base64 identifier to gather receipts for
sn – (Optiona[int]): sequence number of event to gather receipts for, latest is used if not provided

Returns:

identifiers of witnesses that returned receipts.

Return type:

list

gitDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process
.kevery and .tevery escrows.

Parameters:

tymth (function) – injected function wrapper closure returned by .tymen() of Tymist instance. Calling tymth() returns associated Tymist .tyme.
tock (float) – injected initial tock value

Usage:: add result of doify on this method to doers list

receipt(pre, sn=None)[source]¶

Returns a generator for witness receipting

The returns a generator that will submit the designated event to witnesses for receipts using the synchronous witness API, the propogate the receipts to each of the other witnesses.

Parameters:

pre (str) – qualified base64 identifier to gather receipts for
sn – (Optiona[int]): sequence number of event to gather receipts for, latest is used if not provided

Returns:

identifiers of witnesses that returned receipts.

Return type:

list

witDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process
.kevery and .tevery escrows.

Parameters:

tymth (function) – injected function wrapper closure returned by .tymen() of Tymist instance. Calling tymth() returns associated Tymist .tyme.
tock (float) – injected initial tock value

Usage:: add result of doify on this method to doers list

class keri.app.agenting.TCPMessenger(hab, wit, url, msgs=None, sent=None, doers=None, **kwa)[source]¶

Send events to witnesses for receipting using TCP direct connection

__init__(hab, wit, url, msgs=None, sent=None, doers=None, **kwa)[source]¶

For the current event, gather the current set of witnesses, send the event, gather all receipts and send them to all other witnesses

Parameters:: hab – Habitat of the identifier to populate witnesses

msgDo(tymth=None, tock=0.0, **opts)[source]¶

Returns doifiable Doist compatible generator method (doer dog) to process: incoming message stream of .kevery
Doist Injected Attributes:: g.tock = tock # default tock attributes g.done = None # default done state g.opts

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)
parameters (opts is dict of injected optional additional)

Usage:: add result of doify on this method to doers list

receiptDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatible generator method (doer dog)

Usage:: add result of doify on this method to doers list

class keri.app.agenting.TCPStreamMessenger(hab, wit, url, msgs=None, sent=None, doers=None, **kwa)[source]¶

Send events to witnesses for receipting using TCP direct connection

__init__(hab, wit, url, msgs=None, sent=None, doers=None, **kwa)[source]¶

For the current event, gather the current set of witnesses, send the event, gather all receipts and send them to all other witnesses

Parameters:: hab – Habitat of the identifier to populate witnesses

msgDo(tymth=None, tock=0.0, **opts)[source]¶

Returns doifiable Doist compatible generator method (doer dog) to process: incoming message stream of .kevery
Doist Injected Attributes:: g.tock = tock # default tock attributes g.done = None # default done state g.opts

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)
parameters (opts is dict of injected optional additional)

Usage:: add result of doify on this method to doers list

receiptDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatible generator method (doer dog)

Usage:: add result of doify on this method to doers list

class keri.app.agenting.WitnessInquisitor(hby, reger=None, msgs=None, klas=None, **kwa)[source]¶

Sends messages to all current witnesses of given identifier (from hab) and waits for receipts from each of those witnesses and propagates those receipts to each of the other witnesses after receiving the complete set.

Removes all Doers and exits as Done once all witnesses have been sent the entire receipt set. Could be enhanced to have a once method that runs once and cleans up and an all method that runs and waits for more messages to receipt.

__init__(hby, reger=None, msgs=None, klas=None, **kwa)[source]¶

For all msgs, select a random witness from Habitat’s current set of witnesses send the msg and process all responses (KEL replays, RCTs, etc)

Parameters:

hby (Habitat) – Habitat of the identifier to use to identify witnesses
msgs – is the message buffer to process and send to one random witness.

msgDo(tymth=None, tock=1.0, **opts)[source]¶

Returns doifiable Doist compatible generator method (doer dog)

Usage:: add result of doify on this method to doers list

query(pre, r='logs', sn='0', src=None, hab=None, anchor=None, wits=None, **kwa)[source]¶

Create, sign and return a qry message against the attester for the prefix

Parameters:

src (str) – qb64 identifier prefix of source of query
hab (Hab) – Hab to use instead of src if provided
pre (str) – qb64 identifier prefix being queried for
r (str) – query route
sn (str) – optional specific hex str of sequence number to query for
anchor (Seal) – anchored Seal to search for
wits (list)

Returns:

signed query event

Return type:

bytearray

class keri.app.agenting.WitnessPublisher(hby, msgs=None, cues=None, **kwa)[source]¶

Sends messages to all current witnesses of given identifier (from hab) and exits.

Removes all Doers and exits as Done once all witnesses have been sent the message. Could be enhanced to have a once method that runs once and cleans up and an all method that runs and waits for more messages to receipt.

__init__(hby, msgs=None, cues=None, **kwa)[source]¶

For the current event, gather the current set of witnesses, send the event, gather all receipts and send them to all other witnesses

Parameters:

hby (Habery) – Habitat of the identifier to populate witnesses
msgs (Deck) – incoming messages to publish to witnesses
cues (Deck) – outgoing cues of successful messages

sendDo(tymth=None, tock=0.0, **opts)[source]¶

Returns doifiable Doist compatible generator method (doer dog)

Usage:: add result of doify on this method to doers list

sent(said)[source]¶

Check if message with given SAID was sent

Parameters:: said (str) – qb64 SAID of message to check for

class keri.app.agenting.WitnessReceiptor(hby, msgs=None, cues=None, force=False, **kwa)[source]¶

Sends messages to all current witnesses of given identifier (from hab) and waits for receipts from each of those witnesses and propagates those receipts to each of the other witnesses after receiving the complete set.

Removes all Doers and exits as Done once all witnesses have been sent the entire receipt set. Could be enhanced to have a once method that runs once and cleans up and an all method that runs and waits for more messages to receipt.

__init__(hby, msgs=None, cues=None, force=False, **kwa)[source]¶

For the current event, gather the current set of witnesses, send the event, gather all receipts and send them to all other witnesses

Parameters:

hby (Habery) – Habitat of the identifier to receipt witnesses
msgs (Deck) – incoming messages to publish to witnesses
cues (Deck) – outgoing cues of successful messages
force (bool) – True means to send witnesses all receipts even if we have a full compliment.

receiptDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatible generator method (doer dog)

Usage:: add result of doify on this method to doers list

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)

keri.app.agenting.httpClient(hab, wit)[source]¶

Create and return a http.client and http.ClientDoer for the witness

Parameters:

hab (Habitat) – Environment to use to look up witness URLs
wit (str) – qb64 identifier prefix of witness for which to create a client

Returns:

Http client for connecting to remote identifier ClientDoer: Doer for client

Return type:

Client

keri.app.agenting.messenger(hab, pre)[source]¶

Create a Messenger (tcp or http) based on available endpoints

Parameters:

hab (Habitat) – Environment to use to look up witness URLs
pre (str) – qb64 identifier prefix of recipient to create a messanger for

Returns:

witnesser for ensuring full reciepts

Return type:

Optional(TcpWitnesser, HTTPMessenger)

keri.app.agenting.messengerFrom(hab, pre, urls)[source]¶

Create a Witnesser (tcp or http) based on provided endpoints

Parameters:

hab (Habitat) – Environment to use to look up witness URLs
pre (str) – qb64 identifier prefix of recipient to create a messanger for
urls (dict) – map of schemes to urls of available endpoints

Returns:

witnesser for ensuring full reciepts

Return type:

Optional(TcpWitnesser, HTTPMessenger)

keri.app.agenting.streamMessengerFrom(hab, pre, urls, msg, headers=None)[source]¶

Create a Witnesser (tcp or http) based on provided endpoints

Parameters:

hab (Habitat) – Environment to use to look up witness URLs
pre (str) – qb64 identifier prefix of recipient to create a messanger for
urls (dict) – map of schemes to urls of available endpoints
msg (bytes) – bytes of message to send
headers (dict) – optional headers to send with HTTP requests

Returns:

witnesser for ensuring full reciepts

Return type:

Optional(TcpWitnesser, HTTPMessenger)

keri.app.apping¶

KERI keri.app.apping module

class keri.app.apping.Consoler(db=None, console=None, **kwa)[source]¶

Manages command console

__init__(db=None, console=None, **kwa)[source]¶

recur(tyme)[source]¶

Do ‘recur’ context actions. Override in subclass. Regular method that perform repetitive actions once per invocation. Assumes resource setup in .enter() and resource takedown in .exit() (see ReDoer below for example of .recur that is a generator method)

Returns completion state of recurrence actions.: True means done False means continue

Parameters:: here. (Doist feeds its .tyme through .send to .do yield which passes it)

.recur maybe implemented by a subclass either as a non-generator method or a generator method. This stub here is as a non-generator method. The base class .do detects which type:

If non-generator .do method runs .recur method once per iteration
until .recur returns (True)

If generator .do method runs .recur with (yield from) until .recur
returns (see ReDoer for example of generator .recur)

keri.app.booting¶

keri.app.challenging¶

keri.vc.challenging module

class keri.app.challenging.ChallengeHandler(db, signaler)[source]¶

Handle challenge response peer to peer exn message

__init__(db, signaler)[source]¶: Initialize peer to peer challenge response messsage

handle(serder, attachments=None)[source]¶

Do route specific processsing of Challenge response messages

Parameters:

serder (Serder) – Serder of the exn challenge response message
attachments (list) – list of tuples of pather, CESR SAD path attachments to the exn event

keri.app.challenging.loadHandlers(db, signaler, exc)[source]¶

Load handlers for the peer-to-peer challenge response protocol

Parameters:

db (Baser) – database environment
signaler (Signaler) – Signaler for transient messages for the controller of the agent
exc (Exchanger) – Peer-to-peer message router

keri.app.configing¶

keri.app.configing module

class keri.app.configing.Configer(name='conf', base='main', filed=True, mode='r+b', fext='json', human=True, **kwa)[source]¶

Habitat Config File

Supports four serializations. HJSON, JSON, MGPK (MsgPack), and CBOR The serialization is determined by the file extension .fext which may be either ‘.json’, ‘.mgpk’, or ‘.cbor’. The default is that .json extension uses HJSON because HJSON can get (load) a strict json file. To use strict json on put (dump) then set .human to false.

See https://github.com/hjson/hjson-py

Attributes: (see Filer for inherited attributes): human (bool): True (default) means use human friendly HJSON when fext is JSON

__init__(name='conf', base='main', filed=True, mode='r+b', fext='json', human=True, **kwa)[source]¶

Setup config file .file at .path

Parameters:

name (str) – directory path name differentiator directory/file When system employs more than one keri installation, name allows differentiating each instance by name
base (str) – optional directory path segment inserted before name that allows further differentiation with a hierarchy. “” means optional.
temp (bool) – assign to .temp True then open in temporary directory, clear on close Otherwise then open persistent directory, do not clear on close
headDirPath (str) – optional head directory pathname for main database Default .HeadDirPath
perm (int) – optional numeric os dir permissions for database directory and database files. Default .DirMode
reopen (bool) – True means (re)opened by this init False means not (re)opened by this init but later
clear (bool) – True means remove directory upon close if reopon False means do not remove directory upon close if reopen
reuse (bool) – True means reuse self.path if already exists False means do not reuse but remake self.path
clean (bool) – True means path uses clean tail variant False means path uses normal tail variant
filed (bool) – True means .path is file path not directory path False means .path is directory path not file path
mode (str) – File open mode when filed default non-truncate r+w
fext (str) – File extension when filed
human (bool) – True means use human friendly HJSON when fext is json

get(human=None)[source]¶

Returns:

converted from contents of file path given extention: empty dict if empty file

Return type:

data (dict)

Raises:

IOError if unsupported file extension –

file may be either json, msgpack, or cbor given by extension .json, .mgpk, or .cbor respectively

put(data: dict, human=None)[source]¶

Serialize data dict and write to file given by .path where serialization is given by .fext path’s extension of either JSON, MsgPack, or CBOR for extension .json, .mgpk, or .cbor respectively

Parameters:: data (dict) – to be serialized per file extension on .path
Raises:: IOError if unsupported file extension –

class keri.app.configing.ConfigerDoer(configer, **kwa)[source]¶

Basic Filer Doer

done¶

completion state: True means completed Otherwise incomplete. Incompletion maybe due to close or abort.

Type:: bool

configer¶

instance

Type:: Configer

Properties:

tyme (float): relative cycle time of associated Tymist .tyme obtained: via injected .tymth function wrapper closure.
tymth (func): closure returned by Tymist .tymeth() method.: When .tymth is called it returns associated Tymist .tyme. .tymth provides injected dependency on Tymist tyme base.
tock (float)): desired time in seconds between runs or until next run,: non negative, zero means run asap

__init__(configer, **kwa)[source]¶

Parameters:

tymist (Tymist) – instance
tock (float) – initial value of .tock in seconds
configer (Configer) – instance

keri.app.configing.openCF(cls=None, filed=True, **kwa)[source]¶: Returns contextmanager generated by openFiler with Configer instance as default and filed = True

keri.app.connecting¶

keri.app.connecting module

class keri.app.connecting.Organizer(hby)[source]¶

Organizes contacts relating contact information to AIDs

__init__(hby)[source]¶

Create contact Organizer

Parameters:: hby (Habery) – database environment for contact information

find(field, val)[source]¶

Find all contact information for all contacts that have the val in field

Parameters:

field (str) – field name to search for
val (Union[str,bytes,list]) – value to search for

Returns:

All contacts that match the val in field

Return type:

list

get(pre, field=None)[source]¶

Retrieve all contact information for identifier prefix

Parameters:

pre (str) – qb64 identifier prefix for contact
field (str) – optional field name to retrieve a single field value

Returns:

Contact data

Return type:

dict

getImg(pre)[source]¶

Generator that yields image data in 4k chunks for identifier

Parameters:: pre (str) – qb64 identifier prefix for image

getImgData(pre)[source]¶

Get image metadata for identifier image if one exists

Parameters:: pre (str) – qb64 identifier prefix for image
Returns:: image metadata including length and type
Return type:: dict

list()[source]¶

Return list of all contact information for all remote identifiers

Returns:: All contact information
Return type:: list

rem(pre)[source]¶

Remove all contact information for identifier prefix

Parameters:: pre (str) – qb64 identifier prefix for contact to remove

Returns:

replace(pre, data)[source]¶

Replace all contact information for identifier prefix with data

Parameters:

pre (str) – qb64 identifier prefix of contact information to replace
data (dict) – data to replace contact information with

set(pre, field, val)[source]¶

Add or replace one value in contact information for identifier prefix

Parameters:

pre (str) – qb64 identifier prefix for contact
field (str) – field to set
val (Union[str,bytes]) – data value

setImg(pre, typ, stream)[source]¶

Upload image for identifier prefix

Streams image data in 4k chunks into database and sets content type and content length. Performs a full replace of all data for image of specified identifier

Parameters:

pre (str) – qb64 identifier prefix for image
typ (str) – image content mime type
stream (file) – file-like stream of image data

unset(pre, field)[source]¶

Remove field from contact information for identifier prefix

Parameters:

pre (str) – qb64 identifier prefix for contact
field (str) – field to remove

update(pre, data)[source]¶

Add or update contact information in data for the identifier prefix

Parameters:

pre (str) – qb64 identifier prefix of contact information to update
data (dict) – data to add to or update in contact information

values(field, val=None)[source]¶

Find unique values for field in all contacts

Parameters:

field (str) – field to load values for
val (Optional(str|None) – optional filter for the value of the grouped field

Returns:

Unique values from all contacts for field

Return type:

list

keri.app.delegating¶

KERI keri.app.delegating module

module for enveloping and forwarding KERI message

class keri.app.delegating.DelegateRequestHandler(hby, notifier)[source]¶

Handler for multisig group inception notification EXN messages

__init__(hby, notifier)[source]¶

Parameters:

hby (Habery)
notifier (str)

handle(serder, attachments=None)[source]¶

Do route specific processsing of delegation request messages

Parameters:

serder (Serder) – Serder of the exn delegation request message
attachments (list) – list of tuples of pather, CESR SAD path attachments to the exn event

class keri.app.delegating.Sealer(hby, proxy=None, **kwa)[source]¶

Sends messages to Delegator of an identifier and wait for the anchoring event to be processed to ensure the inception or rotation event has been approved by the delegator.

Removes all Doers and exits as Done once the event has been anchored.

__init__(hby, proxy=None, **kwa)[source]¶

For the current event, gather the current set of witnesses, send the event, gather all receipts and send them to all other witnesses

Parameters:

hab (Hab) – Habitat of the identifier to populate witnesses
msg (bytes) – is the message to send to all witnesses. Defaults to sending the latest KEL event if msg is None
scheme (str) – Scheme to favor if available

complete(prefixer, seqner, saider=None)[source]¶

Check for completed delegation protocol for the specific event

Parameters:

prefixer (Prefixer) – qb64 identifier prefix of event to check
seqner (Seqner) – sequence number of event to check
saider (Saider) – optional digest of event to verify

Returns:

escrowDo(tymth, tock=1.0)[source]¶

Process escrows of group multisig identifiers waiting to be compeleted.

Steps involve:

Sending local event with sig to other participants
Waiting for signature threshold to be met.
If elected and delegated identifier, send complete event to delegator
If delegated, wait for delegator’s anchored seal
If elected, send event to witnesses and collect receipts.
Otherwise, wait for fully receipted event

Parameters:

tymth (function) – injected function wrapper closure returned by .tymen() of Tymist instance. Calling tymth() returns associated Tymist .tyme.
tock (float) – injected initial tock value. Default to 1.0 to slow down processing

processPartialWitnessEscrow()[source]¶: Process escrow of delegated events that do not have a full compliment of receipts from witnesses yet. When receipting is complete, remove from escrow and cue up a message that the event is complete.

processUnanchoredEscrow()[source]¶: Process escrow of partially signed multisig group KEL events. Message processing will send this local controllers signature to all other participants then this escrow waits for signatures from all other participants

keri.app.delegating.delegateRequestExn(hab, delpre, evt, aids=None)[source]¶

Parameters:

hab (Hab) – database environment of sender
delpre (str) – qb64 AID of delegator
evt (bytes) – serialized and signed event requiring delegation approval
aids (list) – list of multisig AIDs participating

Returns:

keri.app.delegating.loadHandlers(hby, exc, notifier)[source]¶

Load handlers for the peer-to-peer delegation protocols

Parameters:

hby (Habery) – Database and keystore for environment
exc (Exchanger) – Peer-to-peer message router
notifier (Notifier) – Outbound notifications

keri.app.directing¶

KERI keri.app.directing module

simple direct mode demo support classes

class keri.app.directing.Directant(hab, server, verifier=None, exchanger=None, doers=None, **kwa)[source]¶

Directant class with TCP Server. Responds to initiated connections from a remote Director by creating and running a Reactant per connection. Each Reactant has TCP remoter.

Directant Subclass of DoDoer with doers list from do generator methods:: .serviceDo

Enables continuous scheduling of doers (do generator instances or functions)

Implements Doist like functionality to allow nested scheduling of doers. Each DoDoer runs a list of doers like a Doist but using the tyme from its

injected tymist as injected by its parent DoDoer or Doist.

Scheduling hierarchy: Doist->DoDoer…->DoDoer->Doers

Inherited Attributes:

.done is Boolean completion state:: True means completed Otherwise incomplete. Incompletion maybe due to close or abort.

.opts is dict of injected options for its generator .do .doers is list of Doers or Doer like generator functions

.hab is Habitat instance of local controller's context

.server is TCP client instance. Assumes operated by another doer.

.rants is dict of Reactants indexed by connection address

Inherited Properties:

.tyme is float relative cycle time of associated Tymist .tyme obtained: via injected .tymth function wrapper closure.
.tymth is function wrapper closure returned by Tymist .tymeth() method.: When .tymth is called it returns associated Tymist .tyme. .tymth provides injected dependency on Tymist tyme base.
.tock is desired time in seconds between runs or until next run,: non negative, zero means run asap

Properties:

Inherited Methods:

.wind injects ._tymth dependency from associated Tymist to get its .tyme .__call__ makes instance callable

Appears as generator function that returns generator

.do is generator method that returns generator .enter is enter context action method .recur is recur context action method or generator method .clean is clean context action method .exit is exit context method .close is close context method .abort is abort context method

Methods:

Hidden:

._tymth is injected function wrapper closure returned by .tymen() of: associated Tymist instance that returns Tymist .tyme. when called.

._tock is hidden attribute for .tock property

__init__(hab, server, verifier=None, exchanger=None, doers=None, **kwa)[source]¶

Initialize instance.

Inherited Parameters:: tymist is Tymist instance tock is float seconds initial value of .tock

Parameters:

context (db is database instance of local controller's)
verifier (optional)
instance (server is TCP Server)

closeConnection(ca)[source]¶: Close and remove connection given by ca and remove associated rant at ca.

serviceDo(tymth=None, tock=0.0, **opts)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to service: connections on .server. Creates remoter and rant (Reactant) for each open connection and adds rant to running doers.
Doist Injected Attributes:: g.tock = tock # default tock attributes g.done = None # default done state g.opts

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)
parameters (opts is dict of injected optional additional)

Usage:: add result of doify on this method to doers list

wind(tymth)[source]¶: Inject new tymist.tymth as new ._tymth. Changes tymist.tyme base. Updates winds .tymer .tymth

class keri.app.directing.Director(hab, client, **kwa)[source]¶

Base class for Direct Mode KERI Controller Doer with habitat and TCP Client

hab (Habitat: local controller’s context

client¶

hio TCP client instance. Assumes operated by another doer.

Type:: serving.Client

Inherited Properties:

tyme (float): relative cycle time of associated Tymist, obtained: via injected .tymth function wrapper closure.
tymth (function): function wrapper closure returned by Tymist .tymeth(): method. When .tymth is called it returns associated Tymist .tyme. .tymth provides injected dependency on Tymist tyme base.
tock (float): desired time in seconds between runs or until next run,: non negative, zero means run asap

Properties:

Inherited Methods:: .__call__ makes instance callable return generator .do is generator function returns generator

Methods:

Hidden:

._tymth is injected function wrapper closure returned by .tymen() of: associated Tymist instance that returns Tymist .tyme. when called.

._tock is hidden attribute for .tock property

__init__(hab, client, **kwa)[source]¶

Initialize instance.

Inherited Parameters:: tymist is Tymist instance tock is float seconds initial value of .tock

Parameters:

instance (hab is Habitat)
elsewhere (client is TCP Client instance. Assumes opened/closed)

sendOwnEvent(sn)[source]¶: Utility to send own event at sequence number sn

sendOwnInception()[source]¶: Utility to send own inception on client

wind(tymth)[source]¶: Inject new tymist.tymth as new ._tymth. Changes tymist.tyme base. Updates winds .tymer .tymth

class keri.app.directing.Reactant(hab, remoter, verifier=None, exchanger=None, doers=None, **kwa)[source]¶

Reactant Subclass of DoDoer with doers list from do generator methods:: .msgDo, .cueDo, and .escrowDo.

Enables continuous scheduling of doers (do generator instances or functions)

Implements Doist like functionality to allow nested scheduling of doers. Each DoDoer runs a list of doers like a Doist but using the tyme from its

injected tymist as injected by its parent DoDoer or Doist.

Scheduling hierarchy: Doist->DoDoer…->DoDoer->Doers

.hab is Habitat instance of local controller's context

.kevery is Kevery instance

.remoter is TCP Remoter instance for connection from remote TCP client.

Inherited Attributes:

.done is Boolean completion state:: True means completed Otherwise incomplete. Incompletion maybe due to close or abort.

.opts is dict of injected options for its generator .do .doers is list of Doers or Doer like generator functions

Inherited Properties:

.tyme is float relative cycle time of associated Tymist .tyme obtained: via injected .tymth function wrapper closure.
.tymth is function wrapper closure returned by Tymist .tymeth() method.: When .tymth is called it returns associated Tymist .tyme. .tymth provides injected dependency on Tymist tyme base.
.tock is float, desired time in seconds between runs or until next run,: non negative, zero means run asap

Properties:

Inherited Methods:

.wind injects ._tymth dependency from associated Tymist to get its .tyme .__call__ makes instance callable

Appears as generator function that returns generator

.do is generator method that returns generator .enter is enter context action method .recur is recur context action method or generator method .clean is clean context action method .exit is exit context method .close is close context method .abort is abort context method

Overidden Methods:

Hidden:

._tymth is injected function wrapper closure returned by .tymen() of: associated Tymist instance that returns Tymist .tyme. when called.

._tock is hidden attribute for .tock property

__init__(hab, remoter, verifier=None, exchanger=None, doers=None, **kwa)[source]¶

Initialize instance.

Inherited Parameters:: tymist is Tymist instance tock is float seconds initial value of .tock doers is list of doers (do generator instancs or functions)

Parameters:

context (verifier is Verifier instance of local controller's TEL)
context
instance (remoter is TCP Remoter)
doers (doers is list of)

cueDo(tymth=None, tock=0.0, **opts)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process
.kevery.cues deque

Doist Injected Attributes:: g.tock = tock # default tock attributes g.done = None # default done state g.opts

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)
parameters (opts is dict of injected optional additional)

Usage:: add result of doify on this method to doers list

escrowDo(tymth=None, tock=0.0, **opts)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process
.kevery escrows.

Doist Injected Attributes:: g.tock = tock # default tock attributes g.done = None # default done state g.opts

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)
parameters (opts is dict of injected optional additional)

Usage:: add result of doify on this method to doers list

msgDo(tymth=None, tock=0.0, **opts)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process: incoming message stream of .kevery
Doist Injected Attributes:: g.tock = tock # default tock attributes g.done = None # default done state g.opts

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)
parameters (opts is dict of injected optional additional)

Usage:: add result of doify on this method to doers list

sendMessage(msg, label='')[source]¶: Sends message msg and loggers label if any

wind(tymth)[source]¶: Inject new tymist.tymth as new ._tymth. Changes tymist.tyme base. Updates winds .tymer .tymth

class keri.app.directing.Reactor(hab, client, verifier=None, exchanger=None, direct=True, doers=None, **kwa)[source]¶

Reactor Subclass of DoDoer with doers list from do generator methods:: .msgDo, .cueDo, and .escrowDo.

Enables continuous scheduling of doers (do generator instances or functions)

Implements Doist like functionality to allow nested scheduling of doers. Each DoDoer runs a list of doers like a Doist but using the tyme from its

injected tymist as injected by its parent DoDoer or Doist.

Scheduling hierarchy: Doist->DoDoer…->DoDoer->Doers

Inherited Attributes:

.done is Boolean completion state:: True means completed Otherwise incomplete. Incompletion maybe due to close or abort.

.opts is dict of injected options for its generator .do .doers is list of Doers or Doer like generator functions

.hab is Habitat instance of local controller's context

.client is TCP Client instance.

.kevery is Kevery instance

Inherited Properties:

.tyme is float relative cycle time of associated Tymist .tyme obtained: via injected .tymth function wrapper closure.
.tymth is function wrapper closure returned by Tymist .tymeth() method.: When .tymth is called it returns associated Tymist .tyme. .tymth provides injected dependency on Tymist tyme base.
.tock is float, desired time in seconds between runs or until next run,: non negative, zero means run asap

Properties:

Inherited Methods:

.wind injects ._tymth dependency from associated Tymist to get its .tyme .__call__ makes instance callable

Appears as generator function that returns generator

.do is generator method that returns generator .enter is enter context action method .recur is recur context action method or generator method .clean is clean context action method .exit is exit context method .close is close context method .abort is abort context method

Overidden Methods:

Hidden:

._tymth is injected function wrapper closure returned by .tymen() of: associated Tymist instance that returns Tymist .tyme. when called.

._tock is hidden attribute for .tock property

__init__(hab, client, verifier=None, exchanger=None, direct=True, doers=None, **kwa)[source]¶

Initialize instance.

Inherited Parameters:: tymist is Tymist instance tock is float seconds initial value of .tock doers is list of doers (do generator instances, functions or methods)

Parameters:

context (verifier is Verifier instance of local controller's TEL)
instance (client is TCP Client)
context
Boolean (direct is) – False means indirect mode so don’t process cue’ed receipts
receipts (True means direct mode so process cue'd) – False means indirect mode so don’t process cue’ed receipts

cueDo(tymth=None, tock=0.0, **opts)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process
.kevery.cues deque

Doist Injected Attributes:: g.tock = tock # default tock attributes g.done = None # default done state g.opts

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)
parameters (opts is dict of injected optional additional)

Usage:: add result of doify on this method to doers list

escrowDo(tymth=None, tock=0.0, **opts)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process
.kevery escrows.

Doist Injected Attributes:: g.tock = tock # default tock attributes g.done = None # default done state g.opts

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)
parameters (opts is dict of injected optional additional)

Usage:: add result of doify on this method to doers list

msgDo(tymth=None, tock=0.0, **opts)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process: incoming message stream of .kevery
Doist Injected Attributes:: g.tock = tock # default tock attributes g.done = None # default done state g.opts

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)
parameters (opts is dict of injected optional additional)

Usage:: add result of doify on this method to doers list

sendMessage(msg, label='')[source]¶: Sends message msg and loggers label if any

wind(tymth)[source]¶: Inject new tymist.tymth as new ._tymth. Changes tymist.tyme base. Updates winds .tymer .tymth

keri.app.directing.runController(doers, expire=0.0)[source]¶: Utiitity Function to create doist to run doers

keri.app.forwarding¶

KERI keri.app.forwarding module

module for enveloping and forwarding KERI message

class keri.app.forwarding.ForwardHandler(hby, mbx)[source]¶

Handler for forward exn messages used to envelope other KERI messages intended for another recipient. This handler acts as a mailbox for other identifiers and stores the messages in a local database.

on

{

“v”: “KERI10JSON00011c_”, // KERI Version String “t”: “exn”, // peer to peer message ilk “dt”: “2020-08-22T17:50:12.988921+00:00” “r”: “/fwd”, “q”: {

“pre”: “EEBp64Aw2rsjdJpAR0e2qCq3jX7q7gLld3LjAwZgaLXU”, “topic”: “delegate”

}

“a”: ‘{: “v”:”KERI10JSON000154_”, “t”:”dip”, “d”:”Er4bHXd4piEtsQat1mquwsNZXItvuoj_auCUyICmwyXI”, “i”:”Er4bHXd4piEtsQat1mquwsNZXItvuoj_auCUyICmwyXI”, “s”:”0”, “kt”:”1”, “k”:[“DuK1x8ydpucu3480Jpd1XBfjnCwb3dZ3x5b1CJmuUphA”], “n”:”EWWkjZkZDXF74O2bOQ4H5hu4nXDlKg2m4CBEBkUxibiU”, “bt”:”0”, “b”:[], “c”:[], “a”:[], “di”:”Et78eYkh8A3H9w6Q87EC5OcijiVEJT8KyNtEGdpPVWV8”

}

}-AABAA1o61PgMhwhi89FES_vwYeSbbWnVuELV_jv7Yv6f5zNiOLnj1ZZa4MW2c6Z_vZDt55QUnLaiaikE-d_ApsFEgCA

__init__(hby, mbx)[source]¶

Parameters:

hby (Habery) – database environment
mbx (Mailboxer) – message storage for store and forward

handle(serder, attachments=None)[source]¶

Do route specific processsing of IPEX protocol exn messages

Parameters:

serder (Serder) – Serder of the IPEX protocol exn message
attachments (list) – list of tuples of root pathers and CESR SAD path attachments to the exn event

class keri.app.forwarding.Poster(hby, mbx=None, evts=None, cues=None, **kwa)[source]¶

DoDoer that wraps any KERI event (KEL, TEL, Peer to Peer) in a /fwd exn envelope and delivers them to one of the target recipient’s witnesses for store and forward to the intended recipient

deliverDo(tymth=None, tock=0.0)[source]¶

Returns: doifiable Doist compatible generator method that processes: a queue of messages and envelopes them in a fwd message and sends them to one of the witnesses of the recipient for store and forward.
Usage:: add result of doify on this method to doers list

send(dest, topic, serder, src=None, hab=None, attachment=None)[source]¶

Utility function to queue a msg on the Poster’s buffer for enveloping and forwarding to a witness

Parameters:

src (str) – qb64 identifier prefix of sender
hab (Hab) – Sender identifier habitat
dest (str)
topic (str) – topic of message
serder (Serder)
attachment (bytes) – attachment bytes

sendEvent(hab, fn=0)[source]¶: Returns generator for sending event and waiting until send is complete

sent(said)[source]¶

Check if message with given SAID was sent

Parameters:: said (str) – qb64 SAID of message to check for

class keri.app.forwarding.StreamPoster(hby, recp, src=None, hab=None, mbx=None, topic=None, headers=None, **kwa)[source]¶

DoDoer that wraps any KERI event (KEL, TEL, Peer to Peer) in a /fwd exn envelope and delivers them to one of the target recipient’s witnesses for store and forward to the intended recipient

deliver()[source]¶

Returns: doifiable Doist compatible generator method that processes: a queue of messages and envelopes them in a fwd message and sends them to one of the witnesses of the recipient for store and forward.
Usage:: add result of doify on this method to doers list

send(serder, attachment=None)[source]¶

Utility function to queue a msg on the Poster’s buffer for enveloping and forwarding to a witness

Parameters:

serder (Serder)
attachment (bytes) – attachment bytes

keri.app.forwarding.introduce(hab, wit)[source]¶

Clone and return hab KEL if lastest event has not been receipted by wit

Check to see if the target witness has already provided a receipt for the latest event for the identifier of hab, clone the KEL and return it as a bytearray so it can be sent to the target.

Parameters:

hab (Hab) – local environment for the identifier to propagate
wit (str) – qb64 identifier prefix of the recipient of KEL if not already receipted

Returns:

cloned KEL of hab

Return type:

bytearray

keri.app.grouping¶

KERI keri.app.grouping module

module for enveloping and forwarding KERI message

class keri.app.grouping.Counselor(hby, swain=None, proxy=None, **kwa)[source]¶

complete(prefixer, seqner, saider=None)[source]¶

Check for completed multsig protocol for the specific event

Parameters:

prefixer (Prefixer) – qb64 identifier prefix of event to check
seqner (Seqner) – sequence number of event to check
saider (Saider) – optional digest of event to verify

Returns:

escrowDo(tymth, tock=1.0)[source]¶

Process escrows of group multisig identifiers waiting to be compeleted.

Steps involve:

Sending local event with sig to other participants
Waiting for signature threshold to be met.
If elected and delegated identifier, send complete event to delegator
If delegated, wait for delegator’s anchored seal
If elected, send event to witnesses and collect receipts.
Otherwise, wait for fully receipted event

Parameters:

tymth (function) – injected function wrapper closure returned by .tymen() of Tymist instance. Calling tymth() returns associated Tymist .tyme.
tock (float) – injected initial tock value. Default to 1.0 to slow down processing

processDelegateEscrow()[source]¶: Process escrow of delegate group multisig identifiers that are waiting for delegator approval of a recent establishment event.

processPartialSignedEscrow()[source]¶: Process escrow of partially signed multisig group KEL events. Message processing will send this local controllers signature to all other participants then this escrow waits for signatures from all other participants

processPartialWitnessEscrow()[source]¶: Process escrow of group multisig events that do not have a full compliment of receipts from witnesses yet. When receipting is complete, remove from escrow and cue up a message that the event is complete.

start(ghab, prefixer, seqner, saider)[source]¶

Begin processing of escrowed group multisig identifier

Escrow identifier for multisigs, witness receipts and delegation anchor

Parameters:

ghab (Hab) – group Habitat
prefixer (Prefixer) – prefixer of group identifier
seqner (Seqner) – seqner of event of group identifier
saider (Saider) – saider of event of group identifier

class keri.app.grouping.Multiplexor(hby, notifier)[source]¶

Multiplexor (mux) is responsible for coordinating peer-to-peer messages between group multisig participants

When new messages arrive the Mux will associate the SAID of the embedded messages with the exn message said as well as the sender. This will allow the controller of the participant in the group multisig to have knowledge of who has sent what messages and whether they match. In addition, if the controller of the local participant has already approved the messages embedded in this exn, the messages will be passed thru a non-local parser.

hby¶

database environment for local Habs

Type:: habbing.Habery

rtr¶

routes reply ‘rpy’ messages

Type:: routing.Router

rvy¶

factory that processes reply ‘rpy’ messages

Type:: routing.Revery

exc¶

processor and router for peer-to-peer msgs

Type:: exchanging.Exchanger

kvy¶

factory for local processing of local event msgs

Type:: eventing.Kevery

psr¶

parses local messages for .kvy .rvy

Type:: parsing.Parser

notifier¶

stores notices for numan consumption

Type:: notifying.Notifier

Parameters¶: hby (habbing.Habery): database environment for local Habs notifier (notifying.Notifier): stores notices for numan consumption

__init__(hby, notifier)[source]¶

Create Multiplexor for local database and Habs

Parameters:

hby (habbing.Habery) – database environment for local Habs
notifier (notifying.Notifier) – stores notices for numan consumption

add(serder)[source]¶

Process /multisig message by associating the exn with the SAID of the embedded event section

Adds the exn message contained in serder to the set of messages received for a given set of embedded events. Ensures this is a /multisig message with the correct properties and then stores the SAID of the exn message and the prefix of the sender associated with the SAID of the embedded event section. Also sends the controller of the local participant a notice.

This method will extract and parse the embedded events if the local participant has already approved the events so that any addition signatures can be processed.

Parameters:: serder (coring.Serder) – peer-to-peer exn “/multisig” message to coordinate from other participants

Returns:

class keri.app.grouping.MultisigNotificationHandler(resource, mux)[source]¶

Handler for multisig coordination EXN messages

__init__(resource, mux)[source]¶

Create an exn handler for multisig messages

Parameters:

resource
mux

handle(serder, attachments=None)[source]¶

Do route specific processsing of multisig exn messages

Parameters:

serder (Serder) – Serder of the exn multisig message
attachments (list) – list of tuples of pather, CESR SAD path attachments to the exn event

keri.app.grouping.loadHandlers(exc, mux)[source]¶

Load handlers for the peer-to-peer distributed group multisig protocol

Parameters:

exc (Exchanger) – Peer-to-peer message router
mux (Multiplexor) – Multisig communication coordinator

keri.app.grouping.multisigExn(ghab, exn)[source]¶

Create a peer to peer message to propose a credential issuance from a multisig group identifier

Either rot or ixn are required but not both

Parameters:

ghab (GroupHab) – identifier Hab for ensorsing the message to send
exn (bytes) – CESR stream of serialized echange message, with signatures

Returns:

(Serder, bytes): Serder of exn message and CESR attachments

Return type:

tuple

keri.app.grouping.multisigInceptExn(hab, smids, rmids, icp, delegator=None)[source]¶

Parameters:

hab (Hab) – habitat of local multisig member AID
smids (list) – list of qb64 AIDs of members with signing authority
rmids (list) – list of qb64 AIDs of members with rotation authority
icp (bytes) – serialized inception event with CESR streamed attachments
delegator (str) – qb64 AID of Delegator is group multisig is a delegated AID

Returns:

(Serder, bytes): Serder of exn message and CESR attachments

Return type:

tuple

keri.app.grouping.multisigInteractExn(ghab, aids, ixn)[source]¶

Create a peer to peer message to propose a multisig group interaction event

Parameters:

ghab (GroupHab) – group Hab to endorse the message
aids (list) – qb64 identifier prefixes to include in the interaction event
ixn (bytes) – serialized interaction event with CESR streamed attachments

Returns:

(Serder, bytes): Serder of exn message and CESR attachments

Return type:

tuple

keri.app.grouping.multisigIssueExn(ghab, acdc, iss, anc)[source]¶

Create a peer to peer message to propose a credential creation from a multisig group identifier

Either rot or ixn are required but not both

Parameters:

ghab (GroupHab) – identifier Hab for ensorsing the message to send
acdc (bytes) – serialized Credential
iss (bytes) – CESR stream of serialized and TEL issuance event
anc (bytes) – CESR stream of serialized and signed anchoring event anchoring creation

Returns:

(Serder, bytes): Serder of exn message and CESR attachments

Return type:

tuple

keri.app.grouping.multisigRegistryInceptExn(ghab, usage, vcp, anc)[source]¶

Create a peer to peer message to propose a credential registry inception from a multisig group identifier

Either rot or ixn are required but not both

Parameters:

ghab (GroupHab) – identifier Hab for ensorsing the message to send
usage (str) – human readable reason for creating the credential registry
vcp (bytes) – serialized Credentials registry inception event
anc (bytes) – CESR stream of serialized and signed event anchoring registry inception event

Returns:

(Serder, bytes): Serder of exn message and CESR attachments

Return type:

tuple

keri.app.grouping.multisigRevokeExn(ghab, said, rev, anc)[source]¶

Create a peer to peer message to propose a credential revocation from a multisig group identifier

Either rot or ixn are required but not both

Parameters:

ghab (GroupHab) – identifier Hab for ensorsing the message to send
said (str) – qb64 SAID of credential being revoked
rev (bytes) – CESR stream of serialized and TEL revocation event
anc (bytes) – CESR stream of serialized and signed anchoring event anchoring revocation

Returns:

(Serder, bytes): Serder of exn message and CESR attachments

Return type:

tuple

keri.app.grouping.multisigRotateExn(ghab, smids, rmids, rot)[source]¶

Parameters:

ghab (GroupHab) – habitat of group multisig AID
smids (list) – list of qb64 AIDs of members with signing authority
rmids (list) – list of qb64 AIDs of members with rotation authority
rot (bytes) – serialized rotation event with CESR streamed attachments

Returns:

(Serder, bytes): Serder of exn message and CESR attachments

Return type:

tuple

keri.app.grouping.multisigRpyExn(ghab, rpy)[source]¶

Create a peer to peer message to propose a credential revocation from a multisig group identifier

Either rot or ixn are required but not both

Parameters:

ghab (GroupHab) – identifier Hab for ensorsing the message to send
rpy (bytes) – CESR stream of serialized and reply event

Returns:

(Serder, bytes): Serder of exn message and CESR attachments

Return type:

tuple

keri.app.habbing¶

KERI keri.app.habbing module

class keri.app.habbing.BaseHab(ks, db, cf, mgr, rtr, rvy, kvy, psr, *, name='test', ns=None, pre=None, temp=False)[source]¶

Hab class provides a given idetnifier controller’s local resource environment i.e. hab or habitat. Includes dependency injection of database, keystore, configuration file as well as Kevery and key store Manager..

Attributes: (Injected)

ks (keeping.Keeper): lmdb key store db (basing.Baser): lmdb data base for KEL etc cf (configing.Configer): config file instance mgr (keeping.Manager): creates and rotates keys in key store rtr (routing.Router): routes reply ‘rpy’ messages rvy (routing.Revery): factory that processes reply ‘rpy’ messages kvy (eventing.Kevery): factory for local processing of local event msgs psr (parsing.Parser): parses local messages for .kvy .rvy

Attributes:

name (str): alias of controller pre (str): qb64 prefix of own local controller or None if new temp (bool): True means testing:

use weak level when salty algo for stretching in key creation for incept and rotate of keys for this hab.pre

inited (bool): True means fully initialized wrt databases.: False means not yet fully initialized

delpre (str | None): delegator prefix if any else None

Properties:

kever (Kever): instance of key state of local controller kevers (dict): of eventing.Kever instances from KELs in local db

keyed by qb64 prefix. Read through cache of of kevers of states for KELs in db.states

iserder (coring.Serder): own inception event prefixes (OrderedSet): local prefixes for .db accepted (bool): True means accepted into local KEL.

False otherwise

__init__(ks, db, cf, mgr, rtr, rvy, kvy, psr, *, name='test', ns=None, pre=None, temp=False)[source]¶

Initialize instance.

Injected Parameters: (injected dependencies): ks (keeping.Keeper): lmdb key store db (basing.Baser): lmdb data base for KEL etc cf (configing.Configer): config file instance mgr (keeping.Manager): creates and rotates keys in key store rtr (routing.Router): routes reply ‘rpy’ messages rvy (routing.Revery): factory that processes reply ‘rpy’ messages kvy (eventing.Kevery): factory for local processing of local event msgs psr (parsing.Parser): parses local messages for .kvy .rvy

Parameters:

name (str) – alias name for local controller of habitat
pre (str | None) – qb64 identifier prefix of own local controller else None
temp (bool) – True means testing: use weak level when salty algo for stretching in key creation for incept and rotate of keys for this hab.pre

decrypt(ser, verfers=None, **kwa)[source]¶

Sign given serialization ser using appropriate keys. Use provided verfers or .kever.verfers to lookup keys to sign.

Parameters:

ser (bytes) – serialization to sign
verfers (list[Verfer] | None) – Verfer instances to get pub verifier keys to lookup private siging keys. verfers None means use .kever.verfers. Assumes that when group and verfers is not None then provided verfers must be .kever.verfers

endorse(serder, last=False, pipelined=True)[source]¶

Returns msg with own endorsement of msg from serder with attached signature groups based on own pre transferable or non-transferable.

Parameters:

serder (Serder) – instance of msg
last (bool) – True means use SealLast. False means use SealEvent query messages use SealLast
pipelined (bool) – True means use pipelining attachment code

Useful for endorsing message when provided via serder such as state, reply, query or similar.

endsFor(pre)[source]¶

Load Authroized endpoints for provided AID

Parameters:: pre (str) – qb64 aid for which to load ends
Returns:: nest dict of Roles -> eid -> Schemes -> endpoints
Return type:: dict

exchange(route, payload, recipient, date=None, eid=None, dig=None, modifiers=None, embeds=None, save=False)[source]¶: Returns signed exn, message of serder with count code and receipt couples (pre+cig) Builds msg and then processes it into own db to validate

fetchEnd(cid: str, role: str, eid: str)[source]¶

Returns:: instance or None
Return type:: endpoint (basing.EndpointRecord)

fetchEndAllowed(cid: str, role: str, eid: str)[source]¶

Returns:

True if eid is allowed as endpoint provider for cid: in role. False otherwise.

Return type:

allowed (bool)

Parameters:

cid (str) – identifier prefix qb64 of controller authZ endpoint provided eid in role
role (str) – endpoint role such as (controller, witness, watcher, etc)
eid (str) – identifier prefix qb64 of endpoint provider in role

fetchEndAuthzed(cid: str, role: str, eid: str)[source]¶

Returns:

True if eid is allowed as endpoint provider for cid: in role. False otherwise.

Return type:

allowed (bool)

Parameters:

cid (str) – identifier prefix qb64 of controller authZ endpoint provided eid in role
role (str) – endpoint role such as (controller, witness, watcher, etc)
eid (str) – identifier prefix qb64 of endpoint provider in role

fetchEndEnabled(cid: str, role: str, eid: str)[source]¶

Returns:

True if eid is allowed as endpoint provider for cid: in role. False otherwise.

Return type:

allowed (bool)

Parameters:

cid (str) – identifier prefix qb64 of controller authZ endpoint provided eid in role
role (str) – endpoint role such as (controller, witness, watcher, etc)
eid (str) – identifier prefix qb64 of endpoint provider in role

fetchLoc(eid: str, scheme: str = 'http')[source]¶

Returns:: instance or None
Return type:: location (basing.LocationRecord)

fetchRoleUrls(cid: str, *, role: str = '', scheme: str = '', eids=None, enabled: bool = True, allowed: bool = True)[source]¶

Returns:

of nested dicts. The top level dict rurls is keyed by: role for a given cid. Each value in rurls is eurls dict keyed by the eid of authorized endpoint provider and each value in eurls is a surls dict keyed by scheme

Return type:

rurls (hicting.Mict)

Parameters:

cid (str) – identifier prefix qb64 of controller authZ endpoint provided eid in role
role (str) – endpoint role such as (controller, witness, watcher, etc)
scheme (str) – url scheme
eids (list) – when provided restrict returns to only eids in eids
enabled (bool) – True means fetch any allowed witnesses as well
allowed (bool) – True means fetech any enabled witnesses as well

fetchUrl(eid: str, scheme: str = 'http')[source]¶

Returns:

for endpoint provider given by eid: empty string when url is nullified None when no location record

Return type:

url (str)

fetchUrls(eid: str, scheme: str = '')[source]¶

Returns:

urls keyed by scheme for given eid. Assumes that: user independently verifies that the eid is allowed for a given cid and role. If url is empty then does not return

Return type:

surls (hicting.Mict)

Parameters:

eid (str) – identifier prefix qb64 of endpoint provider
scheme (str) – url scheme

fetchWitnessUrls(cid: str, scheme: str = '', eids=None, enabled: bool = True, allowed: bool = True)[source]¶

Fetch witness urls for witnesses of cid at latest key state or enabled or allowed witnesses if not a witness at latest key state.

Returns:

of nested dicts. The top level dict rurls is keyed by: role for a given cid. Each value in rurls is eurls dict dict keyed by the eid of authorized endpoint provider and each value in eurls is a surls dict keyed by scheme

Return type:

rurls (hicting.Mict)

Parameters:

cid (str) – identifier prefix qb64 of controller authZ endpoint provided eid is witness
scheme (str) – url scheme
eids (list) – when provided restrict returns to only eids in eids
enabled (bool) – True means fetch any allowed witnesses as well
allowed (bool) – True means fetech any enabled witnesses as well

getOwnEvent(sn, allowPartiallySigned=False)[source]¶

Returns: message Serder and controller signatures of: own event at sequence number sn from retrieving event at sn and associated signatures from database.

Parameters:

sn (int) – is int sequence number of event
allowPartiallySigned (bool) – True means attempt to load from partial signed escrow

incept(**kwa)[source]¶: Alias for .make

interact(*, data=None)[source]¶: Perform interaction operation. Register interaction in database. Returns: bytearray interaction message with attached signatures.

property iserder¶: Return serder of inception event

property kever¶: Returns kever for its .pre

property kevers¶: Returns .db.kevers

make(DnD, code, data, delpre, estOnly, isith, verfers, nsith, digers, toad, wits)[source]¶

Creates Serder of inception event for provided parameters. Assumes injected dependencies were already setup.

Parameters:

isith (int | str | list | None) – incepting signing threshold as int, str hex, or list weighted if any, otherwise compute default from verfers
code (str) – prefix derivation code default Blake3
nsith (int, str, list | None) – next signing threshold as int, str hex or list weighted if any, otherwise compute default from digers
verfers (list[Verfer]) – Verfer instances for initial signing keys
digers (list[Diger] | None)
toad (int |str| None) – int or str hex of witness threshold if specified else compute default based on number of wits (backers)
wits (list | None) – qb64 prefixes of witnesses if any
delpre (str | None) – qb64 of delegator identifier prefix if any
estOnly (bool | None) – True means add trait eventing.TraitCodex.EstOnly which means only establishment events allowed in KEL for this Hab False (default) means allows non-est events and no trait is added.
DnD (bool) – True means add trait of eventing.TraitCodex.DnD which means do not allow delegated identifiers from this identifier False (default) means do allow and no trait is added.
data (list | None) – seal dicts

makeEndRole(eid, role='controller', allow=True, stamp=None)[source]¶

Returns:

reply message allowing/disallowing endpoint provider: eid in role

Return type:

msg (bytearray)

Parameters:

eid (str) – qb64 of endpoint provider to be authorized
role (str) – authorized role for eid
allow (bool) – True means add eid at role as authorized False means cut eid at role as unauthorized
stamp (str) – date-time-stamp RFC-3339 profile of iso8601 datetime. None means use now.

makeLocScheme(url, eid=None, scheme='http', stamp=None)[source]¶

Returns:

reply message of own url service endpoint at scheme

Return type:

msg (bytearray)

Parameters:

url (str) – url of endpoint, may have scheme missing or not If url is empty then nullifies location
eid (str) – qb64 of endpoint provider to be authorized
scheme (str) – url scheme must matche scheme in url if any
stamp (str) – date-time-stamp RFC-3339 profile of iso8601 datetime. None means use now.

makeOtherEvent(pre, sn)[source]¶

Returns: messagized bytearray message with attached signatures of: own event at sequence number sn from retrieving event at sn and associated signatures from database.

Parameters:: event (sn is int sequence number of)

makeOwnEvent(sn, allowPartiallySigned=False)[source]¶

Returns: messagized bytearray message with attached signatures of: own event at sequence number sn from retrieving event at sn and associated signatures from database.

Parameters:

sn (int) – is int sequence number of event
allowPartiallySigned (bool) – True means attempt to load from partial signed escrow

makeOwnInception(allowPartiallySigned=False)[source]¶

Returns: messagized bytearray message with attached signatures of: own inception event by retrieving event and signatures from database.

property prefixes¶: Returns .db.prefixes

processCues(cues)[source]¶

Returns bytearray of messages as a result of processing all cues

Parameters:: cues (cues is deque of)

processCuesIter(cues)[source]¶

Iterate through cues and yields one or more msgs for each cue.

Parameters:: cues (cues is deque of)

query(pre, src, query=None, **kwa)[source]¶

Create, sign and return a qry message against the attester for the prefix

Parameters:

pre (str) – qb64 identifier prefix being queried for
src (str) – qb64 identifier prefix of attester being queried
query (dict) – addition query modifiers to include in q
**kwa (dict) – keyword arguments passed to eventing.query

Returns:

signed query event

Return type:

bytearray

receipt(serder)[source]¶: Returns own receipt, rct, message of serder with count code and receipt couples (pre+cig) Builds msg and then processes it into own db to validate

reconfigure()[source]¶

Apply configuration from config file managed by .cf. to this Hab. Assumes that .pre and signing keys have been setup in order to create own endpoint auth when provided in .cf.

conf {

dt: “isodatetime”, curls: [”tcp://localhost:5620/”], iurls: [”tcp://localhost:5621/?name=eve”]

}

Config file is meant to be read only at init not changed by app at run time. Any dynamic app changes must go in database not config file that way we don’t have to worry about multiple writers of cf. Use config file to preload database not as a database. Config file may have named sections for Habery or individual Habs as needed.

replay(pre=None, fn=0)[source]¶

Returns replay of FEL first seen event log for pre starting from fn Default pre is own .pre

Parameters:

prefix. (pre is qb64 str or bytes of identifier) – default is own .pre
number (fn is int first seen ordering)

replayAll(key=b'')[source]¶

Returns replay of FEL first seen event log for all pre starting at key

Parameters:: key (bytes) – fnKey(pre, fn)

reply(**kwa)[source]¶

Returns:

reply message

Return type:

msg (bytearray)

Parameters:

handler (route is route path string that indicates data flow) – to processs the reply
seals (data is list of dicts of comitted data such as)
creation (dts is date-time-stamp of message at time or)
instance (version is Version)
kind (kind is serialization)

replyEndRole(cid, role=None, eids=None, scheme='')[source]¶

Returns a reply message stream composed of entries authed by the given cid from the appropriate reply database including associated attachments in order to disseminate (percolate) BADA reply data authentication proofs.

Currently uses promiscuous model for permitting endpoint discovery. Future is to use identity constraint graph to constrain discovery of whom by whom.

cid and not role and not scheme then:: end authz for all eids in all roles and loc url for all schemes at each eid if eids then only eids in eids else all eids
cid and not role and scheme then:: end authz for all eid in all roles and loc url for scheme at each eid if eids then only eids in eids else all eids
cid and role and not scheme then:: end authz for all eid in role and loc url for all schemes at each eid if eids then only eids in eids else all eids
cid and role and scheme then:: end authz for all eid in role and loc url for scheme at each eid if eids then only eids in eids else all eids

Parameters:

cid (str) – identifier prefix qb64 of controller authZ endpoint provided eid is witness
role (str) – authorized role for eid
eids (list) – when provided restrict returns to only eids in eids
scheme (str) – url scheme

replyLocScheme(eid, scheme='')[source]¶

Returns a reply message stream composed of entries authed by the given eid from the appropriate reply database including associated attachments in order to disseminate (percolate) BADA reply data authentication proofs.

Currently uses promiscuous model for permitting endpoint discovery. Future is to use identity constraint graph to constrain discovery of whom by whom.

eid and not scheme then:: loc url for all schemes at eid
eid and scheme then:: loc url for scheme at eid

Parameters:

eid (str) – endpoint provider id
scheme (str) – url scheme

replyToOobi(aid, role, eids=None)[source]¶

Returns a reply message stream composed of entries authed by the given aid from the appropriate reply database including associated attachments in order to disseminate (percolate) BADA reply data authentication proofs.

Currently uses promiscuous model for permitting oobi initiated endpoint discovery. Future is to use identity constraint graph to constrain discovery of whom by whom.

This method is entry point for initiating replies generated by .replyEndRole and/or .replyLocScheme

Parameters:

aid (str) – qb64 of identifier in oobi, may be cid or eid
role (str) – authorized role for eid
eids (list) – when provided restrict returns to only eids in eids

rotate(*, verfers=None, digers=None, isith=None, nsith=None, toad=None, cuts=None, adds=None, data=None)[source]¶

Perform rotation operation. Register rotation in database. Returns: bytearrayrotation message with attached signatures.

Parameters:

verfers (list | None) – Verfer instances of public keys qb64
digers (list | None) – Diger instances of public next key digests qb64
isith (int |str | None) – current signing threshold as int or str hex or list of str weights default is prior next sith
nsith (int |str | None) – next, next signing threshold as int or str hex or list of str weights default is based on isith when None
toad (int | str | None) – hex of witness threshold after cuts and adds
cuts (list | None) – of qb64 pre of witnesses to be removed from witness list
adds (list | None) – of qb64 pre of witnesses to be added to witness list
data (list | None) – of dicts of committed data such as seals

sign(ser, verfers=None, indexed=True, indices=None, ondices=None, **kwa)[source]¶

Sign given serialization ser using appropriate keys. Use provided verfers or .kever.verfers to lookup keys to sign.

Parameters:

ser (bytes) – serialization to sign
verfers (list[Verfer] | None) – Verfer instances to get pub verifier keys to lookup private siging keys. verfers None means use .kever.verfers. Assumes that when group and verfers is not None then provided verfers must be .kever.verfers
indexed (bool) – When not mhab then True means use use indexed signatures and return list of Siger instances. False means do not use indexed signatures and return list of Cigar instances
indices (list[int] | None) – indices (offsets) when indexed == True. See Manager.sign
ondices (list[int | None] | None) – other indices (offsets) when indexed is True. See Manager.sign

witness(serder)[source]¶

Returns own receipt, rct, message of serder with count code and witness indexed receipt signatures if key state of serder.pre shows that own pre is a current witness of event in serder

Before calling this must check that serder being witnessed has been accepted as valid event into controller’s KEL

class keri.app.habbing.GroupHab(smids, mhab=None, rmids=None, **kwa)[source]¶

Hab class provides a given idetnifier controller’s local resource environment i.e. hab or habitat. Includes dependency injection of database, keystore, configuration file as well as Kevery and key store Manager.

Attributes: (Injected)

ks (keeping.Keeper): lmdb key store db (basing.Baser): lmdb data base for KEL etc cf (configing.Configer): config file instance mgr (keeping.Manager): creates and rotates keys in key store rtr (routing.Router): routes reply ‘rpy’ messages rvy (routing.Revery): factory that processes reply ‘rpy’ messages kvy (eventing.Kevery): factory for local processing of local event msgs psr (parsing.Parser): parses local messages for .kvy .rvy

Attributes:

name (str): alias of controller pre (str): qb64 prefix of own local controller or None if new mhab (Hab | None): group member (local) hab when this Hab is multisig group

else None

smids (list | None): group signing member ids qb64 when this Hab is group: else None
rmids (list | None): group rotating member ids qb64 when this Hab is group: else None
temp (bool): True means testing:: use weak level when salty algo for stretching in key creation for incept and rotate of keys for this hab.pre
inited (bool): True means fully initialized wrt databases.: False means not yet fully initialized

delpre (str | None): delegator prefix if any else None

Properties:

kever (Kever): instance of key state of local controller kevers (dict): of eventing.Kever instances from KELs in local db

keyed by qb64 prefix. Read through cache of of kevers of states for KELs in db.states

iserder (serdering.SerderKERI): own inception event prefixes (OrderedSet): local prefixes for .db accepted (bool): True means accepted into local KEL.

False otherwise

__init__(smids, mhab=None, rmids=None, **kwa)[source]¶

Initialize instance.

Injected Parameters: (injected dependencies): ks (keeping.Keeper): lmdb key store db (basing.Baser): lmdb data base for KEL etc cf (configing.Configer): config file instance mgr (keeping.Manager): creates and rotates keys in key store rtr (routing.Router): routes reply ‘rpy’ messages rvy (routing.Revery): factory that processes reply ‘rpy’ messages kvy (eventing.Kevery): factory for local processing of local event msgs psr (parsing.Parser): parses local messages for .kvy .rvy

Parameters:

name (str) – alias name for local controller of habitat
pre (str | None) – qb64 identifier prefix of own local controller else None
mhab (Hab | None) – group member hab (local) when this Hab is multisig group else None. The mhab.pre aid could be a member of .smids, or .rmids, or both.
smids (list | None) – group signing member ids (prefixes) when this Hab is multisig group else None. Set holds current signing authority for group multi-sig identifier.
rmids (list | None) – group rotation member ids (prefixes) when this Hab is multisig group else None. Set holds next rotating authority for group multi-sig identifier. When None defaults to copy of smids.
temp (bool) – True means testing: use weak level when salty algo for stretching in key creation for incept and rotate of keys for this hab.pre

make(*, code='E', transferable=True, isith=None, nsith=None, toad=None, wits=None, delpre=None, estOnly=False, DnD=False, merfers, migers=None, data=None)[source]¶

Finish setting up or making GroupHab from parameters includes inception. Assumes injected dependencies were already setup.

Parameters:

code (str) – prefix derivation code default Blake3
transferable (bool) – True means pre is transferable (default) False means pre is nontransferable
isith (int | str | list | None) – incepting signing threshold as int, str hex, or list weighted if any, otherwise compute default from verfers
nsith (int, str, list | None) – next signing threshold as int, str hex or list weighted if any, otherwise compute default from digers
toad (int |str| None) – int or str hex of witness threshold if specified else compute default based on number of wits (backers)
wits (list | None) – qb64 prefixes of witnesses if any
delpre (str | None) – qb64 of delegator identifier prefix if any
estOnly (bool | None) – True means add trait eventing.TraitCodex.EstOnly which means only establishment events allowed in KEL for this Hab False (default) means allows non-est events and no trait is added.
DnD (bool) – True means add trait of eventing.TraitCodex.DnD which means do not allow delegated identifiers from this identifier False (default) means do allow and no trait is added.
merfers (list[Verfer] | None) – group member Verfer instances of public keys qb64 one collected from each multisig group member
migers (list[Diger] | None) – group member Diger instances of public next key digests qb64 one collected from each multisig group member
data (list | None) – seal dicts

query(pre, src, query=None, **kwa)[source]¶

Create, sign and return a qry message against the attester for the prefix

Parameters:

pre (str) – qb64 identifier prefix being queried for
src (str) – qb64 identifier prefix of attester being queried
query (dict) – addition query modifiers to include in q
**kwa (dict) – keyword arguments passed to eventing.query

Returns:

signed query event

Return type:

bytearray

rotate(serder=None, **kwargs)[source]¶

Perform rotation operation. Register rotation in database. Returns: bytearrayrotation message with attached signatures.

Parameters:

verfers (list | None) – Verfer instances of public keys qb64
digers (list | None) – Diger instances of public next key digests qb64
isith (int |str | None) – current signing threshold as int or str hex or list of str weights default is prior next sith
nsith (int |str | None) – next, next signing threshold as int or str hex or list of str weights default is based on isith when None
toad (int | str | None) – hex of witness threshold after cuts and adds
cuts (list | None) – of qb64 pre of witnesses to be removed from witness list
adds (list | None) – of qb64 pre of witnesses to be added to witness list
data (list | None) – of dicts of committed data such as seals

sign(ser, verfers=None, indexed=True, rotated=False, indices=None, ondices=None)[source]¶

Sign given serialization ser using appropriate keys.

Walk .mhab’s kel to find latest contribution of signing key material to group in order to sign properly. Contributions to group key material always use the zeroth element of signing key and/or rotating key digest lists. Find index into provided group verfers from current group key state.

Parameters:

ser (bytes) – serialization to sign
verfers (list[Verfer] | None) – Verfer instances to get pub verifier keys to lookup private siging keys. verfers None means use .kever.verfers. Assumes that when group and verfers is not None then provided verfers must be .kever.verfers
indexed (bool) – When not mhab then True means use use indexed signatures and return list of Siger instances. False means do not use indexed signatures and return list of Cigar instances
rotated (bool) – When indexed and .mhab then True means use use dual indexed signatures, i.e. current indices and prior next ondices False means do not use dual indexed signatures, i.e. current siging indices only Otherwise ignore Assumes .kever.digers represent prior next
indices (list[int] | None) – indices (offsets) when indexed == True. See Manager.sign
ondices (list[int | None] | None) – other indices (offsets) when indexed is True. See Manager.sign

witness(serder)[source]¶: Group Habs are not valid witnesses thus can’t provide witness receipts

witnesser()[source]¶: This method name does not match logic???

class keri.app.habbing.Hab(**kwa)[source]¶

Hab class provides a given idetnifier controller’s local resource environment i.e. hab or habitat. Includes dependency injection of database, keystore, configuration file as well as Kevery and key store Manager..

Attributes: (Injected)

ks (keeping.Keeper): lmdb key store db (basing.Baser): lmdb data base for KEL etc cf (configing.Configer): config file instance mgr (keeping.Manager): creates and rotates keys in key store rtr (routing.Router): routes reply ‘rpy’ messages rvy (routing.Revery): factory that processes reply ‘rpy’ messages kvy (eventing.Kevery): factory for local processing of local event msgs psr (parsing.Parser): parses local messages for .kvy .rvy

Attributes:

name (str): alias of controller pre (str): qb64 prefix of own local controller or None if new mhab (Hab | None): group member (local) hab when this Hab is multisig group

else None

smids (list | None): group signing member ids qb64 when this Hab is group: else None
rmids (list | None): group rotating member ids qb64 when this Hab is group: else None
temp (bool): True means testing:: use weak level when salty algo for stretching in key creation for incept and rotate of keys for this hab.pre
inited (bool): True means fully initialized wrt databases.: False means not yet fully initialized

delpre (str | None): delegator prefix if any else None

Properties:

kever (Kever): instance of key state of local controller kevers (dict): of eventing.Kever instances from KELs in local db

keyed by qb64 prefix. Read through cache of of kevers of states for KELs in db.states

iserder (serdering.SerderKERI): own inception event prefixes (OrderedSet): local prefixes for .db accepted (bool): True means accepted into local KEL.

False otherwise

make(*, secrecies=None, iridx=0, code='E', dcode='E', icode='A', transferable=True, isith=None, icount=1, nsith=None, ncount=None, toad=None, wits=None, delpre=None, estOnly=False, DnD=False, hidden=False, data=None, algo=None, salt=None, tier=None)[source]¶

Finish setting up or making Hab from parameters includes inception. Assumes injected dependencies were already setup.

Parameters:

secrecies (list | None) – list of secrets to preload key pairs if any
iridx (int) – initial rotation index after ingestion of secrecies
code (str) – prefix derivation code default Blake3
icode (str) – signing key code default Ed25519
dcode (str) – next key derivation code default Blake3
transferable (bool) – True means pre is transferable (default) False means pre is nontransferable
isith (int | str | list | None) – incepting signing threshold as int, str hex, or list weighted if any, otherwise compute default from verfers
icount (int) – incepting key count for number of keys. default 1
nsith (int, str, list | None) – next signing threshold as int, str hex or list weighted if any, otherwise compute default from digers
ncount (int | None) – next key count for number of next keys
toad (int |str| None) – int or str hex of witness threshold if specified else compute default based on number of wits (backers)
wits (list | None) – qb64 prefixes of witnesses if any
delpre (str | None) – qb64 of delegator identifier prefix if any
estOnly (bool | None) – True means add trait eventing.TraitCodex.EstOnly which means only establishment events allowed in KEL for this Hab False (default) means allows non-est events and no trait is added.
DnD (bool) – True means add trait of eventing.TraitCodex.DnD which means do not allow delegated identifiers from this identifier False (default) means do allow and no trait is added.
hidden (bool) – A hidden Hab is not included in the list of Habs.
data (list | None) – seal dicts algo is str key creation algorithm code
salt (str) – qb64 salt for randomization when salty algorithm used
tier (str) – is str security criticality tier code when using salty algorithm

rotate(*, isith=None, nsith=None, ncount=None, toad=None, cuts=None, adds=None, data=None, **kwargs)[source]¶

Perform rotation operation. Register rotation in database. Returns: bytearrayrotation message with attached signatures.

Parameters:

isith (int |str | None) – current signing threshold as int or str hex or list of str weights default is prior next sith
nsith (int |str | None) – next, next signing threshold as int or str hex or list of str weights default is based on isith when None
ncount (int | None) – next number of signing keys default is len of prior next digs
toad (int | str | None) – hex of witness threshold after cuts and adds
cuts (list | None) – of qb64 pre of witnesses to be removed from witness list
adds (list | None) – of qb64 pre of witnesses to be added to witness list
data (list | None) – of dicts of committed data such as seals

class keri.app.habbing.Habery(*, name='test', base='', temp=False, ks=None, db=None, cf=None, clear=False, headDirPath=None, **kwa)[source]¶

Habery class provides shared database environments for all its Habitats Key controller and identifier controller shared configuration file, keystore and KEL databases.

name¶

name of associated databases

Type:: str

base¶

optional directory path segment inserted before name that allows further hierarchical differentiation of databases. “” means optional.

Type:: str

temp¶

True for testing: temporary storage of databases and config file weak resources for stretch of salty key

Type:: bool

ks¶

lmdb key store

Type:: keeping.Keeper

db¶

lmdb data base for KEL etc

Type:: basing.Baser

cf¶

config file instance

Type:: configing.Configer

mgr¶

creates and rotates keys in key store

Type:: keeping.Manager

rtr¶

routes reply ‘rpy’ messages

Type:: routing.Router

rvy¶

factory that processes reply ‘rpy’ messages

Type:: routing.Revery

kvy¶

factory for local processing of local event msgs

Type:: eventing.Kevery

psr¶

parses local messages for .kvy .rvy

Type:: parsing.Parser

habs¶

Hab instances keyed by prefix. To look up Hab by name get prefix from db.habs .prefix field using .habByName

Type:: dict

inited¶

True means fully initialized wrt databases. False means not yet fully initialized

Type:: bool

Properties:: kevers (dict): of eventing.Kever(s) keyed by qb64 prefix prefixes (OrderedSet): local prefixes for .db

__init__(*, name='test', base='', temp=False, ks=None, db=None, cf=None, clear=False, headDirPath=None, **kwa)[source]¶

Initialize instance.

Parameters:

name (str) – alias name for shared environment config databases etc.
base (str) – optional directory path segment inserted before name that allows further differentiation with a hierarchy. “” means optional.
temp (bool) –
True means use temporary or limited resources testing. Store .ks, .db, and .cf in /tmp Use quick method to stretch salts for seeds such as

bran salt to seed or key creation of Habs. Otherwise use more resources set by tier to stretch
ks (Keeper) – keystore lmdb subclass instance
db (Baser) – database lmdb subclass instance
cf (Configer) – config file instance
clear (bool) –

True means remove resource directory upon close when
reopening

False means do not remove directory upon close when
reopening
headDirPath (str) – directory override

Parameters: Passed through via kwa to setup for later init

seed (str): qb64 private-signing key (seed) for the aeid from which: the private decryption key may be derived. If aeid stored in database is not empty then seed may required to do any key management operations. The seed value is memory only and MUST NOT be persisted to the database for the manager with which it is used. It MUST only be loaded once when the process that runs the Manager is initialized. Its presence acts as an authentication, authorization, and decryption secret for the Manager and must be stored on another device from the device that runs the Manager.
aeid (str): qb64 of non-transferable identifier prefix for: authentication and encryption of secrets in keeper. If provided aeid (not None) and different from aeid stored in database then all secrets Haberyare re-encrypted using new aeid. In this case the provided prikey must not be empty. A change in aeid should require a second authentication mechanism besides the prikey.
bran (str): Base64 22 char string that is used as base material for: seed. bran allows alphanumeric passcodes generated by key managers like 1password to be key store for seed.

pidx (int): Initial prefix index for vacuous ks algo (str): algorithm (randy or salty) for creating key pairs

default is root algo which defaults to salty

salt (str): qb64 salt for creating key pairs tier (str): security tier for generating keys from salt (Tierage) free (boo): free resources by closing on Doer exit if any temp (bool): See above

close(clear=False)[source]¶: Close resources. :param clear is boolean: :param True means clear resource directories:

extractMerfersMigers(smids, rmids=None)[source]¶

Extract the public key verfer and next digest diger from the current est event of all the members of the multisig group. Assumes that the KEL for each member is already in .kevers

Parameters:

smids (list) – group signing member ids qb64 in group multisig
rmids (list) – group rotating member ids qb64 in group multisig

habByName(name, ns=None)[source]¶

Returns:

instance from .habs by name if any otherwise None

Return type:

hab (Hab)

Parameters:

name (str) – alias of Hab
ns (str) – optional namespace of hab

habByPre(pre)[source]¶

Returns the Hab from and namespace including the default namespace.

Parameters:: pre (str) – qb64 aid of hab to find
Returns:: Hab instance for the aid pre or None
Return type:: Hab

joinGroupHab(pre, group, mhab, smids, rmids=None, ns=None)[source]¶

Make new Group Hab using group has group hab name, with lhab as local participant.

Parameters: (non-pass-through):

pre (str): qb64 identifier prefix of group group (str): human readable alias for group identifier mhab (Hab): group member (local) hab smids (list): group member signing ids (qb64) from which to extract

inception event current signing keys

rmids (list | None): group member rotation ids (qb64) from which to extract: inception event next key digests if rmids is None then use assign smids to rmids if rmids is empty then no next key digests which means group identifier is no longer transferable.

joinSignifyGroupHab(pre, name, mhab, smids, rmids=None, ns=None)[source]¶

Make new Group Hab using group has group hab name, with lhab as local participant.

Parameters: (non-pass-through):

pre (str): qb64 identifier prefix of group name (str): human readable alias for group identifier mhab (Hab): group member (local) hab smids (list): group member signing ids (qb64) from which to extract

inception event current signing keys

rmids (list | None): group member rotation ids (qb64) from which to extract: inception event next key digests if rmids is None then use assign smids to rmids if rmids is empty then no next key digests which means group identifier is no longer transferable.

property kevers¶: Returns .db.kevers of all Kevers

loadHabs()[source]¶

Load Habs instance from db

.db.reopen calls .db.reload which loads .db.kevers from key state in .db.states and loads associated .db.prefixes. It also removes any bare .habs without key state Thus by now know that .habs are valid so can create Hab instances

makeGroupHab(group, mhab, smids, rmids=None, ns=None, **kwa)[source]¶

Make new Group Hab using group has group hab name, with lhab as local participant.

Parameters: (non-pass-through):

group (str): human readable alias for group identifier mhab (Hab): group member (local) hab smids (list): group member signing ids (qb64) from which to extract

inception event current signing keys

rmids (list | None): group member rotation ids (qb64) from which to extract: inception event next key digests if rmids is None then use assign smids to rmids if rmids is empty then no next key digests which means group identifier is no longer transferable.

Parameters: (**kwa pass-through to hab.make)

secrecies (list): of list of secrets to preload key pairs if any iridx (int): initial rotation index after ingestion of secrecies code (str): prefix derivation code transferable (bool): True means pre is transferable (default)

False means pre is nontransferable

isith (Union[int, str, list]): incepting signing threshold as int, str hex, or list icount (int): incepting key count for number of keys nsith (Union[int, str, list]): next signing threshold as int, str hex or list ncount (int): next key count for number of next keys toad (Union[int,str]): int or str hex of witness threshold wits (list): of qb64 prefixes of witnesses delpre (str): qb64 of delegator identifier prefix estOnly (str): eventing.TraitCodex.EstOnly means only establishment

events allowed in KEL for this Hab

DnD (bool): eventing.TraitCodex.DnD means do allow delegated identifiers from this identifier

ToDo: NRR add midxs tuples for each group member or all in group multisig.

makeHab(name, ns=None, cf=None, **kwa)[source]¶

Make new Hab with name, pre is generated from **kwa

Parameters: (Passthrough to hab.make)

secrecies (list): of list of secrets to preload key pairs if any iridx (int): initial rotation index after ingestion of secrecies code (str): prefix derivation code transferable (bool): True means pre is transferable (default)

False means pre is nontransferable

isith (Union[int, str, list]): incepting signing threshold as int, str hex, or list icount (int): incepting key count for number of keys nsith (Union[int, str, list]): next signing threshold as int, str hex or list ncount (int): next key count for number of next keys toad (Union[int,str]): int or str hex of witness threshold wits (list): of qb64 prefixes of witnesses delpre (str): qb64 of delegator identifier prefix estOnly (str): eventing.TraitCodex.EstOnly means only establishment

events allowed in KEL for this Hab

data (list | None): seal dicts

property prefixes¶: Returns .db.prefixes of local prefixes

reconfigure()[source]¶

Apply configuration from config file managed by .cf. to this Habery Process any oobis or endpoints

conf {

dt: “isodatetime”, curls: [”tcp://localhost:5620/”], iurls: [”tcp://localhost:5621/?name=eve”],

}

Config file is meant to be read only at init not changed by app at run time. Any dynamic app changes must go in database not config file that way we don’t have to worry about multiple writers of cf. Use config file to preload database not as a database. Config file may have named sections for Habery or individual Habs as needed.

setup(*, seed=None, aeid=None, bran=None, pidx=None, algo=None, salt=None, tier=None, free=False, temp=None)[source]¶

Setup Habery. Assumes that both .db and .ks have been opened. This allows dependency injection of .db and .ks into Habery instance prior to .db and .kx being opened to accomodate asynchronous process setup of these resources. Putting the .db and .ks associated initialization here enables asynchronous opening .db and .ks after Baser and Keeper instances are instantiated. First call to .setup will initialize databases (vacuous initialization).

Parameters:

seed (str) – qb64 private-signing key (seed) for the aeid from which the private decryption key may be derived. If aeid stored in database is not empty then seed may required to do any key management operations. The seed value is memory only and MUST NOT be persisted to the database for the manager with which it is used. It MUST only be loaded once when the process that runs the Manager is initialized. Its presence acts as an authentication, authorization, and decryption secret for the Manager and must be stored on another device from the device that runs the Manager.
aeid (str) – qb64 of non-transferable identifier prefix for authentication and encryption of secrets in keeper. If provided aeid (not None) and different from aeid stored in database then all secrets are re-encrypted using new aeid. In this case the provided prikey must not be empty. A change in aeid should require a second authentication mechanism besides the prikey.
bran (str) – Base64 21 char string that is used as base material for seed. bran allows alphanumeric passcodes generated by key managers like 1password to be Okey store for seed.
pidx (int) – Initial prefix index for vacuous ks
algo (str) – algorithm (randy or salty) for creating key pairs default is root algo which defaults to salty
salt (str) – qb64 salt for creating key pairs
tier (str) – security tier for generating keys from salt (Tierage)
free (boo) – free resources by closing on Doer exit if any
temp (bool) – True means use shortcuts for testing. Use quick method to stretch salts for seeds such as bran salt to seed or key creation of Habs. Otherwise use more resources set by tier to stretch

property signator¶

signator for signing and verifying data at rest for this Habery environment Assumes db initialized.

Returns:: signer for data at rest
Return type:: Signator

class keri.app.habbing.HaberyDoer(habery, **kwa)[source]¶

Basic Habery Doer to initialize habery databases and config file. .cf, .ks, .db

Inherited Attributes:

.done is Boolean completion state:: True means completed Otherwise incomplete. Incompletion maybe due to close or abort.

.habery is Habery subclass

Inherited Properties:

.tyme is float relative cycle time of associated Tymist .tyme obtained: via injected .tymth function wrapper closure.
.tymth is function wrapper closure returned by Tymist .tymeth() method.: When .tymth is called it returns associated Tymist .tyme. .tymth provides injected dependency on Tymist tyme base.
.tock is float, desired time in seconds between runs or until next run,: non negative, zero means run asap

Properties:

.wind injects ._tymth dependency from associated Tymist to get its .tyme

.__call__ makes instance callable: Appears as generator function that returns generator

.do is generator method that returns generator

.enter is enter context action method

.recur is recur context action method or generator method

.exit is exit context method

.close is close context method

.abort is abort context method

Hidden:

._tymth is injected function wrapper closure returned by .tymen() of: associated Tymist instance that returns Tymist .tyme. when called.

._tock is hidden attribute for .tock property

__init__(habery, **kwa)[source]¶

Parameters:: habery (Habery) – instance

enter()[source]¶: Enter context and set up Habery

exit()[source]¶: Exit context and close Habery

class keri.app.habbing.Signator(db, name='__signatory__', **kwa)[source]¶

Signator will create one non-transferable identifier when it is first initialized and use that identifier to sign and verify any data it is passed. This class can be used to maintain BADA data ensuring that it is signed at rest.

__init__(db, name='__signatory__', **kwa)[source]¶

Create a Signator by checking for a signing AID in the Habery database and creating one if it does not exist.

Parameters:: db (Baser) – Database environment for data signing

sign(ser)[source]¶

Sign the data in ser with the Signator’s private key using the Manager

Parameters:: ser (bytes) – Raw byte data to sign
Returns:: signature object for non-transferable key
Return type:: Cigar

verify(ser, cigar)[source]¶

Parameters:

ser (bytes) – Raw byte data to verify against signature
cigar (Cigar) – Single non-transferable signature to verify

Returns:

True means valid signature against data provided

Return type:

bool

class keri.app.habbing.SignifyGroupHab(mhab=None, **kwa)[source]¶

make(*, serder, sigers, **kwargs)[source]¶

Creates Serder of inception event for provided parameters. Assumes injected dependencies were already setup.

Parameters:

isith (int | str | list | None) – incepting signing threshold as int, str hex, or list weighted if any, otherwise compute default from verfers
code (str) – prefix derivation code default Blake3
nsith (int, str, list | None) – next signing threshold as int, str hex or list weighted if any, otherwise compute default from digers
verfers (list[Verfer]) – Verfer instances for initial signing keys
digers (list[Diger] | None)
toad (int |str| None) – int or str hex of witness threshold if specified else compute default based on number of wits (backers)
wits (list | None) – qb64 prefixes of witnesses if any
delpre (str | None) – qb64 of delegator identifier prefix if any
estOnly (bool | None) – True means add trait eventing.TraitCodex.EstOnly which means only establishment events allowed in KEL for this Hab False (default) means allows non-est events and no trait is added.
DnD (bool) – True means add trait of eventing.TraitCodex.DnD which means do not allow delegated identifiers from this identifier False (default) means do allow and no trait is added.
data (list | None) – seal dicts

processEvent(serder, sigers)[source]¶

Process event with signatures ignoring missing signature exceptions

Performs event processing using local Kevery allowing missing signature exceptions to be ignored so multisig events can be created with a single local signature

Parameters:

serder (Serder) – event serder to process
sigers (list) – list of Siger or Cigar instances representing signatures over serder.raw

class keri.app.habbing.SignifyHab(**kwa)[source]¶

Hab class provides a given idetnifier controller’s local resource environment i.e. hab or habitat. Includes dependency injection of database, keystore, configuration file as well as Kevery and key store Manager..

exchange(serder, seal=None, sigers=None, save=False)[source]¶: Returns signed exn, message of serder with count code and receipt couples (pre+cig) Builds msg and then processes it into own db to validate

interact(*, serder=None, sigers=None, **kwargs)[source]¶: Perform interaction operation. Register interaction in database. Returns: bytearray interaction message with attached signatures.

make(*, serder, sigers, **kwargs)[source]¶

Creates Serder of inception event for provided parameters. Assumes injected dependencies were already setup.

Parameters:

isith (int | str | list | None) – incepting signing threshold as int, str hex, or list weighted if any, otherwise compute default from verfers
code (str) – prefix derivation code default Blake3
nsith (int, str, list | None) – next signing threshold as int, str hex or list weighted if any, otherwise compute default from digers
verfers (list[Verfer]) – Verfer instances for initial signing keys
digers (list[Diger] | None)
toad (int |str| None) – int or str hex of witness threshold if specified else compute default based on number of wits (backers)
wits (list | None) – qb64 prefixes of witnesses if any
delpre (str | None) – qb64 of delegator identifier prefix if any
estOnly (bool | None) – True means add trait eventing.TraitCodex.EstOnly which means only establishment events allowed in KEL for this Hab False (default) means allows non-est events and no trait is added.
DnD (bool) – True means add trait of eventing.TraitCodex.DnD which means do not allow delegated identifiers from this identifier False (default) means do allow and no trait is added.
data (list | None) – seal dicts

processEvent(serder, sigers)[source]¶

Process event with signatures raising any exception that occurs

Performs event processing using local Kevery allowing raising all exceptions

Parameters:

serder (Serder) – event serder to process
sigers (list) – list of Siger or Cigar instances representing signatures over serder.raw

replyEndRole(cid, role=None, eids=None, scheme='')[source]¶

Returns a reply message stream composed of entries authed by the given cid from the appropriate reply database including associated attachments in order to disseminate (percolate) BADA reply data authentication proofs.

Currently uses promiscuous model for permitting endpoint discovery. Future is to use identity constraint graph to constrain discovery of whom by whom.

cid and not role and not scheme then:: end authz for all eids in all roles and loc url for all schemes at each eid if eids then only eids in eids else all eids
cid and not role and scheme then:: end authz for all eid in all roles and loc url for scheme at each eid if eids then only eids in eids else all eids
cid and role and not scheme then:: end authz for all eid in role and loc url for all schemes at each eid if eids then only eids in eids else all eids
cid and role and scheme then:: end authz for all eid in role and loc url for scheme at each eid if eids then only eids in eids else all eids

Parameters:

cid (str) – identifier prefix qb64 of controller authZ endpoint provided eid is witness
role (str) – authorized role for eid
eids (list) – when provided restrict returns to only eids in eids
scheme (str) – url scheme

rotate(*, serder=None, sigers=None, **kwargs)[source]¶

Perform rotation operation. Register rotation in database. Returns: bytearrayrotation message with attached signatures.

Parameters:

serder (Serder) – pre-created rotation event
sigers (list[Siger]) – Siger instances on next rotation event

sign(ser, verfers=None, indexed=True, indices=None, ondices=None, **kwa)[source]¶

Sign given serialization ser using appropriate keys. Use provided verfers or .kever.verfers to lookup keys to sign.

Parameters:

ser (bytes) – serialization to sign
verfers (list[Verfer] | None) – Verfer instances to get pub verifier keys to lookup private siging keys. verfers None means use .kever.verfers. Assumes that when group and verfers is not None then provided verfers must be .kever.verfers
indexed (bool) – When not mhab then True means use use indexed signatures and return list of Siger instances. False means do not use indexed signatures and return list of Cigar instances
indices (list[int] | None) – indices (offsets) when indexed == True. See Manager.sign
ondices (list[int | None] | None) – other indices (offsets) when indexed is True. See Manager.sign

keri.app.habbing.openHab(name='test', base='', salt=b'0123456789abcdef', temp=True, cf=None, **kwa)[source]¶

Context manager wrapper for Hab instance. Defaults to temporary resources Context ‘with’ statements call .close on exit of ‘with’ block

Parameters:

name (str) – name of habitat to create
base (str) – the name used for shared resources i.e. Baser and Keeper The habitat specific config file will be
base/name (in)
salt (bytes) – passed to habitat to use for inception raw salt not qb64
temp (bool) – indicates if this uses temporary databases
cf (Configer) – optional configer for loading configuration data

keri.app.habbing.openHby(*, name='test', base='', temp=True, salt=None, **kwa)[source]¶

Context manager wrapper for Habery instance. Context ‘with’ statements call .close on exit of ‘with’ block

Parameters:

name (str) – name of habery and shared db and file path
base (str) – optional if “” path component of shared db and files.
temp (bool) –
True means use temporary or limited resources testing. Store .ks, .db, and .cf in /tmp Use quick method to stretch salts for seeds such as

bran salt to seed or key creation of Habs. Otherwise use more resources set by tier to stretch
salt (str) – qb64 salt for creating key pairs

Parameters: Passed through via kwa

ks (Keeper): keystore lmdb subclass instance db (Baser): database lmdb subclass instance cf (Configer): config file instance seed (str): qb64 private-signing key (seed) for the aeid from which

the private decryption key may be derived. If aeid stored in database is not empty then seed may required to do any key management operations. The seed value is memory only and MUST NOT be persisted to the database for the manager with which it is used. It MUST only be loaded once when the process that runs the Manager is initialized. Its presence acts as an authentication, authorization, and decryption secret for the Manager and must be stored on another device from the device that runs the Manager.

aeid (str): qb64 of non-transferable identifier prefix for: authentication and encryption of secrets in keeper. If provided aeid (not None) and different from aeid stored in database then all secrets are re-encrypted using new aeid. In this case the provided prikey must not be empty. A change in aeid should require a second authentication mechanism besides the prikey.
bran (str): Base64 22 char string that is used as base material for: seed. bran allows alphanumeric passcodes generated by key managers like 1password to be key store for seed.

pidx (int): Initial prefix index for vacuous ks algo (str): algorithm (randy or salty) for creating key pairs

default is root algo which defaults to salty

tier (str): security tier for generating keys from salt (Tierage) free (boo): free resources by closing on Doer exit if any

keri.app.httping¶

keri.peer.httping module

class keri.app.httping.CesrRequest(payload: dict, attachments: str)[source]¶

class keri.app.httping.Clienter[source]¶

clientDo(tymth, tock=0.0)[source]¶

Periodically prune stale clients

Process existing clients and prune any that have receieved a response longer than timeout

Parameters:

tymth (function) – injected function wrapper closure returned by .tymen() of Tymist instance. Calling tymth() returns associated Tymist .tyme.
tock (float) – injected initial tock value

remove(client)[source]¶

Remove doers from .doers list and any associated deeds from .deeds deque. Force close removed deeds.

Parameters:: remove. (doers is list of doers to)

class keri.app.httping.SignatureValidationComponent(hby, pre)[source]¶

Validate SKWA signatures

process_request(req, resp)[source]¶

Process request to ensure has a valid signature from controller

Parameters:

req – Http request object
resp – Http response object

keri.app.httping.createCESRRequest(msg, client, dest, path=None)[source]¶

Turns a KERI message into a CESR http request against the provided hio http Client

Parameters: msg: KERI message parsable as Serder.raw dest (str): qb64 identifier prefix of destination controller client: hio http Client that will send the message as a CESR request path (str): path to post to

keri.app.httping.parseCesrHttpRequest(req)[source]¶

Parse Falcon HTTP request and create a CESR message from the body of the request and the two CESR HTTP headers (Date, Attachment).

Parameters: req (falcon.Request) http request object in CESR format:

keri.app.httping.streamCESRRequests(client, ims, dest, path=None)[source]¶

Turns a stream of KERI messages into CESR http requests against the provided hio http Client

Parameters: client (Client): hio http Client that will send the message as a CESR request ims (bytearray): stream of KERI messages parsable as Serder.raw dest (str): qb64 identifier prefix of destination controller path (str): path to post to
Returns: int: Number of individual requests posted

keri.app.indirecting¶

KERI keri.app.indirecting module

simple indirect mode demo support classes

class keri.app.indirecting.HttpEnd(rxbs=None, mbx=None, qrycues=None)[source]¶

HTTP handler that accepts and KERI events POSTed as the body of a request with all attachments to the message as a CESR attachment HTTP header. KEL Messages are processed and added to the database of the provided Habitat.

This also handles req, exn and tel messages that respond with a KEL replay.

__init__(rxbs=None, mbx=None, qrycues=None)[source]¶

Create the KEL HTTP server from the Habitat with an optional Falcon App to register the routes with.

Parameters: rxbs (bytearray): output queue of bytes for message processing mbx (Mailboxer): Mailbox storage qrycues (Deck): inbound qry response queues

on_post(req, rep)[source]¶

Handles POST for KERI event messages.

Parameters:

req (Request)
rep (Response)

— summary: Accept KERI events with attachment headers and parse description: Accept KERI events with attachment headers and parse. tags:

Events

requestBody:

required: true content:

application/json:

schema:
type: object description: KERI event message

responses:

200:: description: Mailbox query response for server sent events
204:: description: KEL or EXN event accepted.

on_put(req, rep)[source]¶

Handles PUT for KERI mbx event messages.

Parameters:

req (Request)
rep (Response)

— summary: Accept KERI events with attachment headers and parse description: Accept KERI events with attachment headers and parse. tags:

Events

requestBody:

required: true content:

application/json:

schema:
type: object description: KERI event message

responses:

200:: description: Mailbox query response for server sent events
204:: description: KEL or EXN event accepted.

class keri.app.indirecting.Indirector(hab, client, direct=True, doers=None, **kwa)[source]¶

Base class for Indirect Mode KERI Controller Doer with habitat and TCP Clients for talking to witnesses

Subclass of DoDoer with doers list from do generator methods:: .msgDo, .cueDo, and .escrowDo.

Enables continuous scheduling of doers (do generator instances or functions)

Implements Doist like functionality to allow nested scheduling of doers. Each DoDoer runs a list of doers like a Doist but using the tyme from its

injected tymist as injected by its parent DoDoer or Doist.

Scheduling hierarchy: Doist->DoDoer…->DoDoer->Doers

.done is Boolean completion state: True means completed Otherwise incomplete. Incompletion maybe due to close or abort.

.opts is dict of injected options for its generator .do

.doers is list of Doers or Doer like generator functions

hab (Habitat: local controller’s context

client¶

hio TCP client instance. Assumes operated by another doer.

Type:: serving.Client

Properties:

tyme (float): relative cycle time of associated Tymist, obtained: via injected .tymth function wrapper closure.
tymth (function): function wrapper closure returned by Tymist .tymeth(): method. When .tymth is called it returns associated Tymist .tyme. .tymth provides injected dependency on Tymist tyme base.
tock (float): desired time in seconds between runs or until next run,: non negative, zero means run asap

.wind injects ._tymth dependency from associated Tymist to get its .tyme

.__call__ makes instance callable: Appears as generator function that returns generator

.do is generator method that returns generator

.enter is enter context action method

.recur is recur context action method or generator method

.clean is clean context action method

.exit is exit context method

.close is close context method

.abort is abort context method

Hidden:

._tymth is injected function wrapper closure returned by .tymen() of: associated Tymist instance that returns Tymist .tyme. when called.

._tock is hidden attribute for .tock property

__init__(hab, client, direct=True, doers=None, **kwa)[source]¶

Initialize instance.

Inherited Parameters:: tymist is Tymist instance tock is float seconds initial value of .tock doers is list of doers (do generator instances, functions or methods)

Parameters:

context (hab is Habitat instance of local controller's)
instance (client is TCP Client)
Boolean (direct is) – False means indirect mode don’t process cue’ed receipts
receipts (True means direwct mode process cured) – False means indirect mode don’t process cue’ed receipts

cueDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process
.kevery.cues deque

Doist Injected Attributes:: g.tock = tock # default tock attributes g.done = None # default done state g.opts

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)

Usage:: add result of doify on this method to doers list

escrowDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process
.kevery escrows.

Doist Injected Attributes:: g.tock = tock # default tock attributes g.done = None # default done state g.opts

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)

Usage:: add result of doify on this method to doers list

msgDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process: incoming message stream of .kevery
Doist Injected Attributes:: g.tock = tock # default tock attributes g.done = None # default done state g.opts

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)

Usage:: add result of doify on this method to doers list

sendMessage(msg, label='')[source]¶: Sends message msg and loggers label if any

wind(tymth)[source]¶: Inject new tymist.tymth as new ._tymth. Changes tymist.tyme base. Updates winds .tymer .tymth

class keri.app.indirecting.MailboxDirector(hby, topics, ims=None, verifier=None, kvy=None, exc=None, rep=None, cues=None, rvy=None, tvy=None, **kwa)[source]¶

Class for Indirect Mode KERI Controller Doer with habitat and TCP Clients for talking to witnesses

Subclass of DoDoer with doers list from do generator methods:: .msgDo, .cueDo, and .escrowDo.

Enables continuous scheduling of doers (do generator instances or functions)

Implements Doist like functionality to allow nested scheduling of doers. Each DoDoer runs a list of doers like a Doist but using the tyme from its

injected tymist as injected by its parent DoDoer or Doist.

Scheduling hierarchy: Doist->DoDoer…->DoDoer->Doers

.done is Boolean completion state: True means completed Otherwise incomplete. Incompletion maybe due to close or abort.

.opts is dict of injected options for its generator .do

.doers is list of Doers or Doer like generator functions

hby (Habitat: local controller’s context

Properties:

tyme (float): relative cycle time of associated Tymist, obtained: via injected .tymth function wrapper closure.
tymth (function): function wrapper closure returned by Tymist .tymeth(): method. When .tymth is called it returns associated Tymist .tyme. .tymth provides injected dependency on Tymist tyme base.
tock (float): desired time in seconds between runs or until next run,: non negative, zero means run asap

.wind injects ._tymth dependency from associated Tymist to get its .tyme

.__call__ makes instance callable: Appears as generator function that returns generator

.do is generator method that returns generator

.enter is enter context action method

.recur is recur context action method or generator method

.clean is clean context action method

.exit is exit context method

.close is close context method

.abort is abort context method

Hidden:

._tymth is injected function wrapper closure returned by .tymen() of: associated Tymist instance that returns Tymist .tyme. when called.

._tock is hidden attribute for .tock property

__init__(hby, topics, ims=None, verifier=None, kvy=None, exc=None, rep=None, cues=None, rvy=None, tvy=None, **kwa)[source]¶

Initialize instance.

Inherited Parameters:: tymist is Tymist instance tock is float seconds initial value of .tock doers is list of doers (do generator instances, functions or methods)

Parameters:

context (hab is Habitat instance of local controller's)
instance (client is TCP Client)
Boolean (direct is) – False means indirect mode don’t process cue’ed receipts
receipts (True means direwct mode process cured) – False means indirect mode don’t process cue’ed receipts

addPollers(hab)[source]¶

add mailbox pollers for every witness for this prefix identifier

Parameters:: hab (Hab) – the Hab of the prefix

escrowDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process
.kevery escrows.

Doist Injected Attributes:: g.tock = tock # default tock attributes g.done = None # default done state g.opts

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)

Usage:: add result of doify on this method to doers list

msgDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process: incoming message stream of .kevery
Doist Injected Attributes:: g.tock = tock # default tock attributes g.done = None # default done state g.opts

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)

Usage:: add result of doify on this method to doers list

pollDo(tymth=None, tock=0.0)[source]¶

Returns:: doifiable Doist compatible generator method

Usage:: add result of doify on this method to doers list

processPollIter()[source]¶

Iterate through cues and yields one or more responses for each cue.

Parameters:: cues (cues is deque of)

wind(tymth)[source]¶: Inject new tymist.tymth as new ._tymth. Changes tymist.tyme base. Updates winds .tymer .tymth

class keri.app.indirecting.Poller(hab, witness, topics, msgs=None, retry=1000, **kwa)[source]¶

Polls remote SSE endpoint for event that are KERI messages to be processed

__init__(hab, witness, topics, msgs=None, retry=1000, **kwa)[source]¶

Returns doist compatible doing.Doer that polls a witness for mailbox messages as SSE events

Parameters:

hab
witness
topics
msgs

eventDo(tymth=None, tock=0.0)[source]¶

Returns:: doifiable Doist compatible generator method

Usage:: add result of doify on this method to doers list

class keri.app.indirecting.ReceiptEnd(hab, inbound=None, outbound=None, aids=None)[source]¶

Endpoint class for Witnessing receipting functionality

Most times a witness will be able to return its receipt for an event inband. This API will provide that functionality. When an event needs to be escrowed, this POST API will return a 202 and also provides a generic GET API for retrieving a receipt for any event.

interceptDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process
Kevery and Tevery cues deque

Usage:: add result of doify on this method to doers list

on_get(req, rep)[source]¶

Receipt GET endpoint handler

Parameters:

req (Request) – Falcon HTTP request object
rep (Response) – Falcon HTTP response object

on_post(req, rep)[source]¶

Receipt POST endpoint handler

Parameters:

req (Request) – Falcon HTTP request object
rep (Response) – Falcon HTTP response object

class keri.app.indirecting.WitnessStart(hab, parser, kvy, tvy, rvy, exc, cues=None, replies=None, responses=None, queries=None, **opts)[source]¶

Doer to print witness prefix after initialization

cueDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process
.kevery.cues deque

Doist Injected Attributes:: g.tock = tock # default tock attributes g.done = None # default done state g.opts

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)

Usage:: add result of doify on this method to doers list

escrowDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process
.kevery and .tevery escrows.

Parameters:

tymth (function) – injected function wrapper closure returned by .tymen() of Tymist instance. Calling tymth() returns associated Tymist .tyme.
tock (float) – injected initial tock value

Usage:: add result of doify on this method to doers list

msgDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process: incoming message stream of .kevery

Parameters:

tymth (function) – injected function wrapper closure returned by .tymen() of Tymist instance. Calling tymth() returns associated Tymist .tyme.
tock (float) – injected initial tock value

Usage:: add result of doify on this method to doers list

start(tymth=None, tock=0.0)[source]¶

Prints witness name and prefix

Parameters:

tymth (function) – injected function wrapper closure returned by .tymen() of Tymist instance. Calling tymth() returns associated Tymist .tyme.
tock (float) – injected initial tock value

keri.app.indirecting.createHttpServer(port, app, keypath=None, certpath=None, cafilepath=None)[source]¶

Create an HTTP or HTTPS server depending on whether TLS key material is present :param port: port to listen on for all HTTP(s) server instances :type port: int :param app: application instance to pass to the http.Server instance :type app: falcon.App :param keypath: the file path to the TLS private key :type keypath: string :param certpath: the file path to the TLS signed certificate (public key) :type certpath: string :param cafilepath: the file path to the TLS CA certificate chain file :type cafilepath: string

Returns:: hio.core.http.Server

keri.app.indirecting.setupWitness(hby, alias='witness', mbx=None, aids=None, tcpPort=5631, httpPort=5632, keypath=None, certpath=None, cafilepath=None)[source]¶: Setup witness controller and doers

keri.app.keeping¶

KERI keri.app.keeping module

Terminology:

salt is 128 bit 16 char random bytes used as root entropy to derive seed or secret private key same as seed or secret for key pair seed or secret or private key is crypto suite length dependent random bytes public key

txn.put(

did.encode(), json.dumps(certifiable_data).encode(“utf-8”)

)

raw_data = txn.get(did.encode())

if raw_data is None:: return None

return json.loads(raw_data)

ked = json.loads(raw[:size].decode(“utf-8”)) raw = json.dumps(ked, separators=(“,”, “:”), ensure_ascii=False).encode(“utf-8”)

class keri.app.keeping.Algoage(randy, salty, group, extern)¶

extern¶: Alias for field number 3

group¶: Alias for field number 2

randy¶: Alias for field number 0

salty¶: Alias for field number 1

class keri.app.keeping.Creator(**kwa)[source]¶

Class for creating a key pair based on algorithm.

Attributes:

Properties:

.create is method to create key pair

Hidden:

__init__(**kwa)[source]¶

Setup Creator.

Parameters:

create(**kwa)[source]¶: Returns tuple of signers one per key pair

property salt¶: salt property getter

property stem¶: stem property getter

property tier¶: tier property getter

class keri.app.keeping.Creatory(algo='salty')[source]¶

Factory class for creating Creator subclasses to create key pairs based on the provided algorithm.

Usage: creator = Creatory(algo=’salty’).make(salt=b’0123456789abcdef’)

Attributes:

Properties:

.create is method to create key pair

Hidden:: ._create is method reference set to one of algorithm methods ._novelCreate ._indexCreate

__init__(algo='salty')[source]¶

Setup Creator.

Parameters:: algorithm (algo is str code for)

make(**kwa)[source]¶: Returns Creator subclass based on inited algo

class keri.app.keeping.Initage(aeid, pidx, salt, tier)¶

aeid¶: Alias for field number 0

pidx¶: Alias for field number 1

salt¶: Alias for field number 2

tier¶: Alias for field number 3

class keri.app.keeping.Keeper(headDirPath=None, perm=None, reopen=False, **kwa)[source]¶

Keeper sets up named sub databases for key pair storage (KS). Methods provide key pair creation, storage, and data signing.

Attributes: (inherited)
name (str): unique path component used in directory or file path name base (str): another unique path component inserted before name temp (bool): True means use /tmp directory headDirPath is head directory path path is full directory path perm is numeric os permissions for directory and/or file(s) filed (bool): True means .path ends in file.

False means .path ends in directory

mode (str): file open mode if filed fext (str): file extension if filed file (File) opened is Boolean, True means directory created and if file then file

is opened. False otherwise

env (lmdb.env): LMDB main (super) database environment readonly (bool): True means open LMDB env as readonly

gbls¶

named sub DB whose values are global parameters for all prefixes Key is parameter labels Value is parameter

parameters:

aeid (bytes): fully qualified qb64 non-transferable identifier
prefix for authentication via signing and asymmetric encryption of secrets using the associated (public, private) key pair. Secrets include both salts and private keys for all key sets in keeper. Defaults to empty which means no authentication or encryption of key sets.

pidx (bytes): hex index of next prefix key-pair sequence to be incepted algo (str): default root algorithm for generating key pair salt (bytes): root salt for generating key pairs tier (bytes): default root security tier for root salt

Type:: subing.Suber

pris¶

named sub DB whose keys are public key from key pair and values are private keys from key pair Key is public key (fully qualified qb64) Value is private key (fully qualified qb64)

Type:: subing.CryptSignerSuber

pres¶

named sub DB whose values are prefixes or first public keys Key is first public key in key sequence for a prefix (fully qualified qb64) Value is prefix or first public key (temporary) (fully qualified qb64

Type:: subing.CesrSuber

prms¶

named sub DB whose values are serialized dicts of PrePrm instance Key is identifier prefix (fully qualified qb64) Value is serialized parameter dict of public key parameters {

pidx: , algo: , salt: , stem: , tier: ,

}

Type:: koming.Komer

sits¶

named sub DB whose values are serialized dicts of PreSit instance Key is identifier prefix (fully qualified qb64) Value is serialized parameter dict of public key situation

{
old: { pubs: ridx:, kidx, dt:}, new: { pubs: ridx:, kidx:, dt:}, nxt: { pubs: ridx:, kidx:, dt:}

}

Type:: koming.Komer

.pubs¶

named sub DB whose values are serialized lists of public keys Enables lookup of public keys from prefix and ridx for replay of public keys by prefix in establishment event order. Key is prefix.ridx (rotation index as 32 char hex string)

use riKey(pre, ri)

Value is serialized list of fully qualified public keys that are the: current signing keys after the rotation given by rotation index

Type:: koming.Komer

Properties:

__init__(headDirPath=None, perm=None, reopen=False, **kwa)[source]¶

Setup named sub databases.

Inherited Parameters:

name is str directory path name differentiator for main database: When system employs more than one keri database, name allows differentiating each instance by name default name=’main’
temp is boolean, assign to .temp: True then open in temporary directory, clear on close Othewise then open persistent directory, do not clear on close default temp=False
headDirPath is optional str head directory pathname for main database: If not provided use default .HeadDirpath default headDirPath=None so uses self.HeadDirPath
perm is numeric optional os dir permissions mode: default perm=None so do not set mode
reopen is boolean, IF True then database will be reopened by this init: default reopen=True

Notes:

dupsort=True for sub DB means allow unique (key,pair) duplicates at a key. Duplicate means that is more than one value at a key but not a redundant copies a (key,value) pair per key. In other words the pair (key,value) must be unique both key and value in combination. Attempting to put the same (key,value) pair a second time does not add another copy.

Duplicates are inserted in lexocographic order by value, insertion order.

reopen(**kwa)[source]¶: Open sub databases

class keri.app.keeping.KeeperDoer(keeper, **kwa)[source]¶

Basic Keeper Doer ( LMDB Database )

Inherited Attributes:

.done is Boolean completion state:: True means completed Otherwise incomplete. Incompletion maybe due to close or abort.

.keeper is Keeper or LMDBer subclass

Inherited Properties:

.tyme is float relative cycle time of associated Tymist .tyme obtained: via injected .tymth function wrapper closure.
.tymth is function wrapper closure returned by Tymist .tymeth() method.: When .tymth is called it returns associated Tymist .tyme. .tymth provides injected dependency on Tymist tyme base.
.tock is float, desired time in seconds between runs or until next run,: non negative, zero means run asap

Properties:

.wind injects ._tymth dependency from associated Tymist to get its .tyme

.__call__ makes instance callable: Appears as generator function that returns generator

.do is generator method that returns generator

.enter is enter context action method

.recur is recur context action method or generator method

.exit is exit context method

.close is close context method

.abort is abort context method

Hidden:

._tymth is injected function wrapper closure returned by .tymen() of: associated Tymist instance that returns Tymist .tyme. when called.

._tock is hidden attribute for .tock property

__init__(keeper, **kwa)[source]¶

Parameters:: instance (keeper is Keeper)

class keri.app.keeping.Manager(*, ks=None, seed=None, **kwa)[source]¶

Manages key pairs creation, storage, and signing Class for managing key pair creation, storage, retrieval, and message signing.

ks¶

key store LMDB database instance for storing public and private keys

Type:: Keeper

encrypter¶

instance for encrypting secrets. Public encryption key is derived from aeid (public signing key)

Type:: coring.Encrypter

decrypter¶

instance for decrypting secrets. Private decryption key is derived seed (private signing key seed)

Type:: coring.Decrypter

inited¶

True means fully initialized wrt database. False means not yet fully initialized

Type:: bool

Attributes (Hidden):

_seed (str): qb64 private-signing key (seed) for the aeid from which
the private decryption key is derived. If aeid stored in database is not empty then seed may required to do any key management operations. The seed value is memory only and MUST NOT be persisted to the database for the manager with which it is used. It MUST only be loaded once when the process that runs the Manager is initialized. Its presence acts as an authentication, authorization, and decryption secret for the Manager and must be stored on another device from the device that runs the Manager.

Properties:

aeid (str): authentication and encryption fully qualified qb64: non-transferable identifier prefix for authentication via signing and asymmetric encryption of secrets using the associated (public, private) key pair. Secrets include both salts and private keys for all key sets in keeper. Defaults to empty which means no authentication or encryption of key sets. Use initial attribute because keeper may not be open on init.
pidx (int): pidx prefix index.: Use initial attribute because keeper may not be open on init. Each sequence gets own pidx. Enables unique recreatable salting of key sequence based on pidx.
salt (str): qb64 of root salt. Makes random root salt if not provided: initial salt. Use inital attribute because keeper may not be open on init.
tier (str): initial security tier as value of Tierage. Use initial attribute: because keeper may not be open on init

Methods:

__init__(*, ks=None, seed=None, **kwa)[source]¶

Setup Manager.

Parameters:

ks (Keeper) – key store instance (LMDB)
seed (str) – qb64 private-signing key (seed) for the aeid from which the private decryption key may be derived. If aeid stored in database is not empty then seed may required to do any key management operations. The seed value is memory only and MUST NOT be persisted to the database for the manager with which it is used. It MUST only be loaded once when the process that runs the Manager is initialized. Its presence acts as an authentication, authorization, and decryption secret for the Manager and must be stored on another device from the device that runs the Manager. Currently only code MtrDex.Ed25519_Seed is supported.

Parameters: Passthrough to .setup for later initialization

aeid (str): qb64 of non-transferable identifier prefix for: authentication and encryption of secrets in keeper. If provided aeid (not None) and different from aeid stored in database then all secrets are re-encrypted using new aeid. In this case the provided seed must not be empty. A change in aeid should require a second authentication mechanism besides the seed.
pidx (int): index of next new created key pair sequence bound to a: given identifier prefix. Each sequence gets own pidx. Enables unique recreatable salting of key sequence based on pidx.

salt (str): qb64 of root salt. Makes random root salt if not provided tier (str): default security tier (Tierage) for root salt

property aeid¶: aeid property getter from key store db. Assumes db initialized. aeid is qb64 auth encrypt id prefix

property algo¶: also property getter from key store db. Assumes db initialized. algo is default root algorithm for creating key pairs

decrypt(ser, pubs=None, verfers=None)[source]¶

Returns list of signatures of ser if indexed as Sigers else as Cigars with .verfer assigned.

Parameters:

ser (bytes) – serialization to sign
pubs (list[str] | None) – of qb64 public keys to lookup private keys one of pubs or verfers is required. If both then verfers is ignored.
verfers (list[Verfer] | None) – Verfer instances of public keys one of pubs or verfers is required. If both then verfers is ignored. If not pubs then gets public key from verfer.qb64

Returns:

decrypted data

Return type:

bytes

incept(icodes=None, icount=1, icode='A', ncodes=None, ncount=1, ncode='A', dcode='E', algo=None, salt=None, stem=None, tier=None, rooted=True, transferable=True, temp=False)[source]¶

Returns tuple (verfers, digers) for inception event where

verfers is list of current public key verfers: public key is verfer.qb64
digers is list of next public key digers: digest to xor is diger.raw

Incept a prefix. Use first public key as temporary prefix. Must .repre later to move pubsit dict to correct permanent prefix. Store the dictified PreSit in the keeper under the first public key

Parameters:

str (ncodes is list of private key derivation codes qb64) – one per incepting key pair
provided (ncount is int count of next public keys when ncodes not)
keys (ncode is str derivation code qb64 of all ncount next public) – when icodes list not provided
str – one per next key pair
provided
keys – when ncodes not provided
MtrDex.Blake3_256 (dcode is str derivation code qb64 of next digers. Default is)
code (algo is str key creation algorithm)
used (salt is str qb64 salt for randomization when salty algorithm)
using (stem is path modifier used with salt to derive private keys when) – salty agorithms. if stem is None then uses pidx
algorithm (temp is Boolean. True is temporary for testing. It modifies tier of salty)
when (rooted is Boolean true means derive incept salt from root salt) – incept salt not provided. Otherwise use incept salt only
Boolean (transferable is) – derivation code. Default is transferable. Special case is non-transferable Use case for incept to use transferable = False is for basic derivation of non-transferable identifier prefix. When the derivation process of the identifier prefix is transferable then one should not use non-transferable for the associated public key(s).
transferable (True means each public key uses) – derivation code. Default is transferable. Special case is non-transferable Use case for incept to use transferable = False is for basic derivation of non-transferable identifier prefix. When the derivation process of the identifier prefix is transferable then one should not use non-transferable for the associated public key(s).
algorithm

When both ncodes is empty and ncount is 0 then the nxt is null and will: not be rotatable. This makes the identifier non-transferable in effect even when the identifier prefix is transferable.

ingest(secrecies, iridx=0, ncount=1, ncode='A', dcode='E', algo='salty', salt=None, stem=None, tier=None, rooted=True, transferable=True, temp=False)[source]¶

Ingest secrecies as a list of lists of secrets organized in event order to register the sets of secrets of associated externally generated keypair lists into the database.

Returns:

(ipre, veferies) where:

ipre is prefix index of ingested key pairs needed to fetch later: for replay

veferies is list of lists of all the verfers for the public keys from the private keys in secrecies in order of appearance.

Return type:

ret (tuple)

Essentially ingest ends with the current keys as the last key list in secrecies and the nxt keys are newly created as if a rotation to the last set of keys was performed. Unlike rotate, however, ingest does not delete any of the private keys it ingests. This must be done separately if desired.

Each list in secrecies is an ordered list of private keys corresponding to the public list in the key state for each establishment event in order. The first list are the keys for the inception event, the next list for the first rotation, and each subsequent list for the next rotation and so on.

May be used for import or recovery from backup. Method parameters specify the policy for generating new keys pairs for rotations that follow the ingested list of lists. The parameters are used to define how to rotate to new key pairs that follow the ingested sequence.

Parameters:

secrecies (algo is str key creation algorithm code for next after end of) – list of lists of fully qualified secrets (private keys)
iridx (int) – initial ridx at where set PubSit after ingestion enables database to store where initial replay should start from
ncount (int) – count of next public keys for next after end of secrecies
ncode (str) – derivation code qb64 of all ncount next public keys after end of secrecies
secrecies – Default is MtrDex.Blake3_256
secrecies
used (salt is str qb64 salt for randomization when salty algorithm) – for next after end of secrecies
using (stem is path modifier used with salt to derive private keys when) – salty agorithms. if stem is None then uses pidx
algorithm (tier is str security criticality tier code when using salty)
when (rooted is Boolean true means derive incept salt from root salt) – incept salt not provided. Otherwise use incept salt only
Boolean (transferable is) – derivation code. Default is transferable. Special case is non-transferable Use case for incept to use transferable = False is for basic derivation of non-transferable identifier prefix. When the derivation process of the identifier prefix is transferable then one should not use non-transferable for the associated public key(s).
transferable (True means each public key uses) – derivation code. Default is transferable. Special case is non-transferable Use case for incept to use transferable = False is for basic derivation of non-transferable identifier prefix. When the derivation process of the identifier prefix is transferable then one should not use non-transferable for the associated public key(s).
strech (temp is Boolean. True is temporary for testing. It modifies) – time of salty algorithm

move(old, new)[source]¶

Assigns new pre to old default .pres at old

Moves PrePrm and PreSit dicts in keeper db from old default pre to new pre db key The new pre is the newly derived prefix which may only be known some time after the original creation of the associated key pairs.

Paraameters:: old is str for old prefix of pubsit dict in keeper db new is str for new prefix to move pubsit dict to in keeper db

property pidx¶: pidx property getter from key store db. Assumes db initialized. pidx is prefix index int for next new key sequence

replay(pre, dcode='E', advance=True, erase=True)[source]¶

Returns duple (verfers, digers) associated with public key set from the key sequence for identifier prefix pre at rotation index ridx stored in db .pubs. Inception is at ridx == 0. Enables replay of preexisting public key sequence. In returned duple:

verfers is list of current public key verfers
public key is verfer.qb64

digers is list of next public key digers
digest to xor is diger.raw

If key sequence at ridx does already exist in .pubs database for pre then: raises ValueError.
If preexisting pubs for pre exist but .ridx is two large for preexisting: pubs then raises IndexError.

Parameters:

pre (str) – fully qualified qb64 identifier prefix
dcode (str) – derivation code for digers for next xor digest. Default is MtrDex.Blake3_256
advance (bool) – True means advance to next set of keys for replay
erase (bool) – True means erase old private keys made stale by advancement when advance is True otherwise ignore

rotate(pre, ncodes=None, ncount=1, ncode='A', dcode='E', transferable=True, temp=False, erase=True)[source]¶

Returns tuple (verfers, digers) for rotation event of keys for pre where

verfers is list of current public key verfers: public key is verfer.qb64
digers is list of next public key digers: digest to xor is diger.raw

Rotate a prefix. Store the updated dictified PreSit in the keeper under pre

Parameters:

pre (str)
ncodes (list) – of private key derivation codes qb64 str one per next key pair
ncount (int) – count of next public keys when icodes not provided
ncode (str) – derivation code qb64 of all ncount next public keys when ncodes not provided
i (dcode) – derivation code qb64 of next key digest of digers Default is MtrDex.Blake3_256
transferable (bool) – True means each public key uses transferable derivation code. Default is transferable. Special case is non-transferable Normally no use case for rotation to use transferable = False. When the derivation process of the identifier prefix is transferable then one should not use transferable = False for the associated public key(s).
temp (bool) – True is temporary for testing. It modifies tier of salty algorithm
erase (bool) – True means erase old private keys made stale by rotation

When both ncodes is empty and ncount is 0 then the nxt is null and will: not be rotatable. This makes the identifier non-transferable in effect even when the identifier prefix is transferable.

property salt¶: salt property getter from key store db. Assumes db initialized. salt is default root salt for new key sequence creation

property seed¶: seed property getter from ._seed. seed (str): qb64 from which aeid is derived

setup(aeid=None, pidx=None, algo=None, salt=None, tier=None)[source]¶

Setups manager root or global attributes and properties Assumes that .keeper db is open. If .keeper.gbls sub database has not been initialized for the first time then initializes from ._inits. This allows dependency injection of keepr db into manager instance prior to keeper db being opened to accomodate asynchronous process setup of db resources. Putting the db initialization here enables asynchronous opening of keeper db after keeper instance is instantiated. First call to .setup will initialize keeper db defaults if never before initialized (vacuous initialization).

Parameters:

aeid (str) – qb64 of non-transferable identifier prefix for authentication and encryption of secrets in keeper. If provided aeid (not None) and different from aeid stored in database then all secrets are re-encrypted using new aeid. In this case the provided seed must not be empty. A change in aeid should require a second authentication mechanism besides the secret. aeid same as current aeid no change innocuous aeid different but empty which unencrypts and removes aeid aeid different not empty which reencrypts and updates aeid
pidx (int) – index of next new created key pair sequence for given identifier prefix
algo (str) – root algorithm (randy or salty) for creating key pairs
salt (str) – qb64 of root salt. Makes random root salt if not provided
tier (str) – default security tier (Tierage) for root salt

sign(ser, pubs=None, verfers=None, indexed=True, indices=None, ondices=None, pre=None, path=None)[source]¶

Returns list of signatures of ser if indexed as Sigers else as Cigars with .verfer assigned.

Parameters:

ser (bytes) – serialization to sign
pubs (list[str] | None) – of qb64 public keys to lookup private keys one of pubs or verfers is required. If both then verfers is ignored.
verfers (list[Verfer] | None) – Verfer instances of public keys one of pubs or verfers is required. If both then verfers is ignored. If not pubs then gets public key from verfer.qb64
indexed (bool) –
True means use use indexed signatures and return list of Siger instances. False means do not use indexed signatures and return list of Cigar instances

When indexed True, each index is an offset that maps the offset in the coherent lists: pubs, verfers, signers (pris from keystore .ks) onto the appropriate offset into the signing keys or prior next keys lists of a key event as determined by the indices and ondices lists, or appropriate defaults when indices and/or ondices are not provided.
indices (list[int] | None) – indices (offsets) when indexed == True, to use for indexed signatures whose offset into the current keys or prior next list may differ from the order of appearance in the provided coherent pubs, verfers, signers lists. This allows witness indexed sigs or controller multi-sig where the parties do not share the same manager or ordering so the default ordering in pubs or verfers is wrong for the index. This sets the value of the index property of the returned Siger. When provided the length of indices must match the len of the coherent lists: pubs, verfers, signers (pris from keystore .ks) else raises ValueError. When not provided and indexed is True then use default index that is the offset into the coherent lists: pubs, verfers, signers (pris from keystore .ks)
ondices (list[int | None] | None) – other indices (offsets) when indexed is True for indexed signatures whose offset into the prior next list may differ from the order of appearance in the provided coherent pubs, verfers, signers lists. This allows partial rotation with reserve or custodial key management so that the index (hash of index) of the public key for the signature appears at a different index in the current key list from the prior next list. This sets the value of the ondex property of the returned Siger. When provided the length of indices must match the len of the coherent lists: pubs, verfers, signers (pris from keystore .ks) else raises ValueError. When no ondex is applicable to a given signature then the value of the entry in ondices MUST be None. When ondices is not provided then all sigers .ondex is None.
pre (str | None) – identity prefix (aid) of signer. Used for HDK salty algo key lookup or re-creation. Look up key path state and algo from local keystore .ks
path (tuple | None) – HDX randy algo signing key path tuple part of form (ridx, kidx) where ridx is the optional rotation index and kidx is the required zeroth key index of the key list. The fully HDK path is formed by looking up the stem and pidx using the pre and when provided the ridx and then computing the pidxes for each signing key. When indices is provided then the kidxes are computed by adding the index offset to the zeroth kidx. When indices is not provided then the kidxes are assumed to be all the keys in the key list computed from the local keystore by subtracting the kidx of the zeroth element of the following key list. When path is not provided then the default is all the kidxs of the key list from the current .new key info.

if neither pubs or verfers provided then returns empty list of signatures If pubs then ignores verfers otherwise uses verferss

Manager implement .sign method and tests sign(self,ser,pubs,indexed=True) checks for pris for pubs in db is not raises error then signs ser with eah pub returns list of sigers indexed else list of cigars if not

property tier¶: tier property getter from key store db. Assumes db initialized. tier is default root security tier for new key sequence creation

updateAeid(aeid, seed)[source]¶

Given seed belongs to aeid and encrypter, update aeid and re-encrypt all secrets

Parameters:

aeid (Optional(str)) – qb64 of new auth encrypt id (public signing key) aeid may match current aeid no change innocuous aeid may be empty which unencrypts and removes aeid aeid may be different not empty which reencrypts
seed (str) – qb64 of new seed from which new aeid is derived (private signing key seed)

class keri.app.keeping.ManagerDoer(manager, **kwa)[source]¶

Basic Manager Doer to initialize keystore database .ks

Inherited Attributes:

.done is Boolean completion state:: True means completed Otherwise incomplete. Incompletion maybe due to close or abort.

.manager is Manager subclass

Inherited Properties:

.tyme is float relative cycle time of associated Tymist .tyme obtained: via injected .tymth function wrapper closure.
.tymth is function wrapper closure returned by Tymist .tymeth() method.: When .tymth is called it returns associated Tymist .tyme. .tymth provides injected dependency on Tymist tyme base.
.tock is float, desired time in seconds between runs or until next run,: non negative, zero means run asap

Properties:

.wind injects ._tymth dependency from associated Tymist to get its .tyme

.__call__ makes instance callable: Appears as generator function that returns generator

.do is generator method that returns generator

.enter is enter context action method

.recur is recur context action method or generator method

.exit is exit context method

.close is close context method

.abort is abort context method

Hidden:

._tymth is injected function wrapper closure returned by .tymen() of: associated Tymist instance that returns Tymist .tyme. when called.

._tock is hidden attribute for .tock property

__init__(manager, **kwa)[source]¶

Parameters:: manager (Manager) – instance

class keri.app.keeping.PrePrm(pidx: int = 0, algo: str = 'salty', salt: str = '', stem: str = '', tier: str = '')[source]¶: Prefix’s parameters for creating new key pairs

class keri.app.keeping.PreSit(old: ~keri.app.keeping.PubLot = <factory>, new: ~keri.app.keeping.PubLot = <factory>, nxt: ~keri.app.keeping.PubLot = <factory>)[source]¶: Prefix’s public key situation (sets of public kets)

class keri.app.keeping.PubLot(pubs: list = <factory>, ridx: int = 0, kidx: int = 0, dt: str = '')[source]¶

Public key list with indexes and datetime created .. attribute:: pubs

list of fully qualified Base64 public keys. Defaults to empty.

type:

list

ridx¶

rotation index of set of public keys at establishment event. Includes of key set at inception event is 0.

Type:: int

kidx¶

key index of starting key in key set in sequence wrt to all public keys. Example if each set has 3 keys then ridx 2 has kidx of 2*3 = 6.

Type:: int

dt¶

datetime in ISO8601 format of when key set was first created

Type:: str

class keri.app.keeping.PubSet(pubs: list = <factory>)[source]¶: Prefix’s public key set (list) at rotation index ridx

class keri.app.keeping.RandyCreator(**kwa)[source]¶

Class for creating a key pair based on re-randomizing each seed algorithm.

Attributes:

Properties:

.create is method to create key pair

Hidden:

__init__(**kwa)[source]¶

Setup Creator.

Parameters:

create(codes=None, count=1, code='A', transferable=True, **kwa)[source]¶

Returns list of signers one per kidx in kidxs

Parameters:

create (codes is list of derivation codes one per key pair to)
provided (code is derivation code to use for count key pairs if codes not)
provided
Boolean (transferable is)
nontrans (True means use trans deriv code. Otherwise)

class keri.app.keeping.SaltyCreator(salt=None, stem=None, tier=None, **kwa)[source]¶

Class for creating a key pair based on random salt plus path stretch algorithm.

.salter is salter instance

Properties:

.create is method to create key pair

Hidden:: ._salter holds instance for .salter property

__init__(salt=None, stem=None, tier=None, **kwa)[source]¶

Setup Creator.

Parameters:

key (salt is unique salt from which to derive private)
keys. (stem is path modifier used with salt to derive private) – if stem is None then uses pidx
use. (tier is derivation criticality that determines how much hashing to)

create(codes=None, count=1, code='A', pidx=0, ridx=0, kidx=0, transferable=True, temp=False, **kwa)[source]¶

Returns list of signers one per kidx in kidxs

Parameters:

create (codes is list of derivation codes one per key pair to)
provided (code is derivation code to use for count key pairs if codes not)
provided
sequence (pidx is int prefix index for key pair)
set (temp is Boolean True means use temp stretch otherwise use time)
set
Boolean (transferable is)
nontrans (True means use trans deriv code. Otherwise)
set – by tier for streching

property salt¶: salt property getter

property stem¶: stem property getter

property tier¶: tier property getter

keri.app.keeping.openKS(name='test', **kwa)[source]¶

Returns contextmanager generated by openLMDB but with Keeper instance as KeyStore default name=”test” default temp=True,

openLMDB Parameters:

cls is Class instance of subclass instance name is str name of LMDBer dirPath so can have multiple databasers

at different directory path names thar each use different name

temp is Boolean, True means open in temporary directory, clear on close: Otherwise open in persistent directory, do not clear on close

keri.app.keeping.riKey(pre, ri)[source]¶: Returns bytes DB key from concatenation with ‘.’ of qualified Base64 prefix bytes pre and int ri (rotation index) of key rotation. Inception has ri == 0

keri.app.kiwiing¶

keri.app.notifying¶

keri.app.notifying module

class keri.app.notifying.DicterSuber(*pa, klas: ~typing.Type[~keri.core.coring.Dicter] = <class 'keri.core.coring.Dicter'>, **kwa)[source]¶

Data serialization for Sadder and subclasses

Sub class of Suber where data is serialized Sadder instance or subclass Automatically serializes and deserializes using Sadder methods

__init__(*pa, klas: ~typing.Type[~keri.core.coring.Dicter] = <class 'keri.core.coring.Dicter'>, **kwa)[source]¶

Parameters:

db (dbing.LMDBer) – base db
subkey (str) – LMDB sub database key

cntAll()[source]¶

Return count over the all the items in subdb

Returns:: count of all items

get(keys: str | Iterable)[source]¶

Gets Sadder at keys

Parameters:: keys (tuple) – of key strs to be combined in order to form key
Returns:: instance at keys None: if no entry at keys
Return type:: Sadder

Usage:

Use walrus operator to catch and raise missing entry if (creder := mydb.get(keys)) is None:

raise ExceptionHere

use creder here

getItemIter(keys: str | Iterable = b'')[source]¶

Return iterator over the all the items in subdb

Parameters:: keys (tuple) – of key strs to be combined in order to form key
Returns:: of tuples of keys tuple and val coring.Serder for each entry in db
Return type:: iterator

pin(keys: str | Iterable, val: Dicter)[source]¶

Pins (sets) val at key made from keys. Overwrites.

Parameters:

keys (tuple) – of key strs to be combined in order to form key
val (Sadder) – instance

Returns:

True If successful. False otherwise.

Return type:

bool

put(keys: str | Iterable, val: Dicter)[source]¶

Puts val at key made from keys. Does not overwrite

Parameters:

keys (tuple) – of key strs to be combined in order to form key
val (Sadder) – instance

Returns:

True If successful, False otherwise, such as key: already in database.

Return type:

bool

rem(keys: str | Iterable)[source]¶

Removes entry at keys

Parameters:: keys (tuple) – of key strs to be combined in order to form key
Returns:: True if key exists so delete successful. False otherwise
Return type:: bool

class keri.app.notifying.Noter(name='not', headDirPath=None, reopen=True, **kwa)[source]¶

Noter stores Notifications generated by the agent that are intended to be read and dismissed by the controller of the agent.

__init__(name='not', headDirPath=None, reopen=True, **kwa)[source]¶

Parameters:

headDirPath
perm
reopen
kwa

add(note, cigar)[source]¶

Adds note to database, keyed by the datetime and said of the note.

Parameters:

note (Notice) – sad message content
cigar (Cigar) – non-transferable signature over note

get(rid)[source]¶

Adds note to database, keyed by the datetime and said of the note.

Parameters:: rid (str) – qb64 random ID of note to get
Returns:: (Notice, Cigar) = couple of notice object and accompanying signature

getNoteCnt()[source]¶

Return count over the all Notes

Returns:: count of all items
Return type:: int

getNotes(start=0, end=25)[source]¶

Returns list of tuples (note, cigar) of notes for controller of agent

Parameters:

start (int) – number of item to start
end (int) – number of last item to return

rem(rid)[source]¶

Remove note from database if it exists

Parameters:: rid (str) – qb64 random ID of note to remove
Returns:: True if deleted
Return type:: bool

reopen(**kwa)[source]¶

Parameters:: kwa
Returns:

update(note, cigar)[source]¶

Adds note to database, keyed by the datetime and said of the note.

Parameters:

note (Notice) – sad message content
cigar (Cigar) – non-transferable signature over note

class keri.app.notifying.Notice(raw=b'', pad=None, note=None)[source]¶

Notice is for creating notification messages for the controller of the agent

Sub class of Sadder that adds notification specific validation and properties

Inherited Properties:: .raw is bytes of serialized event only .pad is key event dict
Properties:: .datetime (str): ISO8601 formatted datetime of notice .pad (dict): payload of the notice

__init__(raw=b'', pad=None, note=None)[source]¶

Creates a serializer/deserializer for a ACDC Verifiable Credential in CESR Proof Format

Requires either raw or (crd and kind) to load credential from serialized form or in memory

Parameters:

raw (bytes) – is raw credential
pad (dict) – is populated data

property attrs¶: pad property getter

property datetime¶: issuer property getter

property read¶: read property getter

class keri.app.notifying.Notifier(hby, signaler=None, noter=None)[source]¶

Class for sending notifications to the controller of an agent.

The notifications are not just signals to reload data and not persistent messages that can be reread

__init__(hby, signaler=None, noter=None)[source]¶

Parameters:

hby (Habery) – habery database environment with Signator
noter (Noter) – database
signaler (Signaler) – signaler for sending signals to controller that new data is available

add(attrs)[source]¶

Add unread notice to the end of the current list of notices

Parameters:: attrs (dict) – body of a new unread notice to append to the current list of notices
Returns:: returns True if the notice was added
Return type:: bool

getNoteCnt()[source]¶

Return count over the all Notes

Returns:: count of all items
Return type:: int

getNotes(start=0, end=24)[source]¶

Returns list of tuples (note, cigar) of notes for controller of agent

Parameters:

start (int) – number of item to start
end (int) – number of last item to return

mar(rid)[source]¶

Mark as Read

Mark the note identified by the provided SAID as having been read by the controller of the agent

Parameters:: rid (str) – qb64 random ID of the Note to mark as read
Returns:: True means the note was marked as read, False otherwise
Return type:: bool

rem(rid)[source]¶

Mark as Read

Delete the note identified by the provided random ID

Parameters:: rid (str) – qb64 random ID of the Note to delete
Returns:: True means the note was deleted, False otherwise
Return type:: bool

keri.app.notifying.notice(attrs, dt=None, read=False)[source]¶

Parameters:

attrs (dict) – payload of the notice
dt (Optional(str, datetime)) – iso8601 formatted datetime of notice
read (bool) – message read indicator

Returns:

Notice instance

Return type:

Notice

keri.app.oobing¶

keri.app.signaling¶

keri.app.signaling module

class keri.app.signaling.Signal(pad, ckey=None)[source]¶

__init__(pad, ckey=None)[source]¶

New Signal

Signals with a collapse key will replace any existing signal not yet read with a matching value as collapse key

Parameters:

pad (dict) – Attribute values that make up the payload of the signal
ckey (str) – The collapse key to use for

class keri.app.signaling.Signaler(signals=None)[source]¶

Class for sending signals to the controller of an agent.

The signals are just pings to reload data and not persistent messages that can be reread

__init__(signals=None)[source]¶: Parameters:

expireDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatible generator method (doer dog)

Usage:: add result of doify on this method to doers list

Parameters:

of (tymth is injected function wrapper closure returned by .tymen()) – Tymist instance. Calling tymth() returns associated Tymist .tyme.
value (tock is injected initial tock)

push(attrs, topic, ckey=None, dt=None)[source]¶

Parameters:

attrs (dict) – signal attributes to push to the cue
topic (str) – routing for recipient of message
ckey (str) – collapse key
dt (Optional(str, datetime)) – iso8601 formatted datetime of notice

Returns:

class keri.app.signaling.SignalsEnd(signals=None)[source]¶

HTTP handler that accepts and KERI events POSTed as the body of a request with all attachments to the message as a CESR attachment HTTP header. KEL Messages are processed and added to the database of the provided Habitat.

This also handles req, exn and tel messages that respond with a KEL replay.

__init__(signals=None)[source]¶

Create the MBX HTTP server from the Habitat with an optional Falcon App to register the routes with.

Parameters: rxbs (bytearray): output queue of bytes for message processing mbx (Mailboxer): Mailbox storage qrycues (Deck): inbound qry response queues

on_get(req, rep)[source]¶

Handles GET requests as a stream of SSE events :param req: :type req: Request :param rep: :type rep: Response

— summary: Stream Server-Sent Events for KERI mailbox for identifier description: Stream Server-Sent Events for KERI mailbox for identifier tags:

Mailbox

responses:

200:

content:

text/event-stream:

schema:: type: object

description: Mailbox query response for server sent events

204:

description: KEL or EXN event accepted.

on_post(req, rep)[source]¶

Handles POST for KERI mailbox service.

Parameters:

req (Request)
rep (Response)

— summary: Stream Server-Sent Events for KERI mailbox for identifier description: Stream Server-Sent Events for KERI mailbox for identifier tags:

Mailbox

responses:

200:

content:

text/event-stream:

schema:: type: object

description: Signal query response for server sent events

204:

description: KEL or EXN event accepted.

keri.app.signaling.loadEnds(app, *, signals=None)[source]¶

Load endpoints for agent to controller messages

Parameters:

app (falcon.App) – falcon.App to register handlers with:
signals (Deck) – messages for the mailbox stream

Returns:

keri.app.signaling.signal(attrs, topic, ckey=None, dt=None)[source]¶

Parameters:

attrs (dict) – payload of the notice
topic (str) – routing for recipient of message
dt (Optional(str, datetime)) – iso8601 formatted datetime of notice
ckey (str) – collapse key

Returns:

Notice instance

Return type:

Notice

keri.app.signing¶

KERI keri.app.signing module

class keri.app.signing.SadPathSigGroup(pather, cigars=None, sigers=None, tsgs=None)[source]¶

Transposable group of signatures

Supports transposing groups of signatures from transferable or non-transferable identifiers

transpose(pather)[source]¶

Transpose path for all signatures in group

Parameters:: pather

keri.app.signing.provision(serder, *, sadsigers=None, sadcigars=None, pipelined=False)[source]¶

Attaches indexed signatures from sigers and/or cigars and/or wigers to KERI message data from serder :param serder: instance containing the event :type serder: Union[Serder,Creder] :param sadsigers: of Siger instances (optional) to create indexed signatures :type sadsigers: list :param sadcigars: optional list of Cigars instances of non-transferable non indexed

signatures from which to form receipt couples. Each cigar.vefer.qb64 is pre of receiptor and cigar.qb64 is signature

Parameters:: pipelined (bool) – True means prepend pipelining count code to attachemnts False means to not prepend pipelining count code

Returns: bytearray SAD with CESR Proof Signature

keri.app.signing.ratify(hab, serder, paths=None, pipelined=False)[source]¶

Sign the SAD or SAIDs with the keys from the Habitat.

Sign the SADs or SAIDs of the SADs as identified by the paths. If paths is None, default to signing the root SAD only.

Parameters:

hab (Habitat) – environment used to sign the SAD
serder (Union[Serder,Creder]) – the self addressing data (SAD)
paths (list) – list of paths specified as arrays of path components
pipelined (bool) – True means prepend pipelining count code to attachemnts False means to not prepend pipelining count code

Returns:

serialized SAD with qb64 CESR Proof Signature attachments

Return type:

bytes

keri.app.signing.signPaths(hab, serder, paths)[source]¶

Sign the SAD or SAIDs with the keys from the Habitat.

Sign the SADs or SAIDs of the SADs as identified by the paths.

Parameters:

hab (Habitat) – environment used to sign the SAD
serder (Union[Serder,Creder]) – the self addressing data (SAD)
paths (list) – list of paths specified as arrays of path components

Returns:

qb64 signature attachment

Return type:

str

keri.app.signing.transSeal(hab)[source]¶

Returns seal components and signing indices as appropriate for current state of Habitat

Parameters:: hab (Habitat) – environment that contains the information for the idenfitier prefix
Returns:: seal components with signing indices
Return type:: tuple

ToDo: NRR: indices for both hab.smids and hab.rmids

keri.app.specing¶

class keri.app.specing.SpecResource(app, title, resources, version='1.0.0', openapiVersion='3.0.2')[source]¶

Resource for OpenAPI spec

on_get(_, rep)[source]¶

GET endpoint for OpenAPI spec

Parameters:

_ – falcon.Request HTTP request
rep – falcon.Response HTTP response

keri.app.storing¶

keri.app.storing module

class keri.app.storing.Mailboxer(name='mbx', headDirPath=None, reopen=True, **kwa)[source]¶

Mailboxer stores exn messages in order and provider iterator access at an index.

__init__(name='mbx', headDirPath=None, reopen=True, **kwa)[source]¶

Parameters:

headDirPath
perm
reopen
kwa

appendToTopic(topic, val)[source]¶

Return first seen order number int, fn, of appended entry. Computes fn as next fn after last entry.

Append val to end of db entries with same topic but with fn incremented by 1 relative to last preexisting entry at pre.

Parameters:

message (topic is bytes identifier prefix/topic for)
digest (val is event)

cloneTopicIter(topic, fn=0)[source]¶: Returns iterator of first seen exn messages with attachments for the identifier prefix pre starting at first seen order number, fn.

delTopic(key)[source]¶: Use snKey() Deletes value at key. Returns True If key exists in database Else False

getTopicMsgs(topic, fn=0)[source]¶

Returns:

the insertion ordered set of values at same apparent effective key. Uses hidden ordinal key suffix for insertion ordering. The suffix is appended and stripped transparently.

Return type:

ioset (oset)

Parameters:: topic (Option(bytes|str)): Apparent effective key fn (int) starting index

reopen(**kwa)[source]¶

Parameters:: kwa
Returns:

storeMsg(topic, msg)[source]¶

Add exn event to mailbox of dest identifier

Parameters:

msg (bytes)
topic (qb64b)

class keri.app.storing.Respondant(hby, reps=None, cues=None, mbx=None, aids=None, **kwa)[source]¶

Respondant processes buffer of response messages from inbound ‘exn’ messages and routes them to the appropriate mailbox. If destination has witnesses, send response to one of the (randomly selected) witnesses. Otherwise store the response in the recipients mailbox locally.

__init__(hby, reps=None, cues=None, mbx=None, aids=None, **kwa)[source]¶

Creates Respondant that uses local environment to find the destination KEL and stores peer to peer messages in mbx, the mailboxer

Parameters:

hab (Habitat) – local environment
mbx (Mailboxer) – storage for local messages

cueDo(tymth=None, tock=0.0)[source]¶

Returns doifiable Doist compatibile generator method (doer dog) to process
Kevery and Tevery cues deque

Usage:: add result of doify on this method to doers list

responseDo(tymth=None, tock=0.0)[source]¶

Doifiable Doist compatibile generator method to process response messages from exn handlers. If dest is not in local environment, ignore the response (for now). If dest has witnesses, pick one at random and send the response to that witness for storage in the recipients mailbox on that witness. Otherwise this is a peer to peer HTTP message and should be stored in a mailbox locally for the recipient.

Usage:: add result of doify on this method to doers list

KERI App API¶

keri.app.agenting¶

keri.app.apping¶

keri.app.booting¶

keri.app.challenging¶

keri.app.configing¶

keri.app.connecting¶

keri.app.delegating¶

keri.app.directing¶

keri.app.forwarding¶

keri.app.grouping¶

keri.app.habbing¶

keri.app.httping¶

keri.app.indirecting¶

keri.app.keeping¶

keri.app.kiwiing¶

keri.app.notifying¶

keri.app.oobing¶

keri.app.signaling¶

keri.app.signing¶

keri.app.specing¶

keri.app.storing¶

keri.app.watching¶

Table of Contents

Previous topic

Next topic

This Page