Python SDK
The Python SDK ships every Oris primitive under one package. Sync and async clients. Pydantic v2 models for every response. Ed25519 request signing built in. Cross-language parity with the TypeScript SDK on every method.
Install
pip install "oris-sdk==0.2.0"Requires Python 3.10 or later. No system dependencies beyond pip.
Quickstart
import osfrom oris import OrisClient
client = OrisClient( api_key=os.environ["ORIS_API_KEY"], private_key=os.environ["ORIS_PRIVATE_KEY"],)
agent = client.agents.create(name="procurement-bot", description="...")client.agents.promote(agent.id, target_level=1, attestation="kyb_dev")
result = client.payments.send( agent_id=agent.id, to_address="0xA1b2...", amount=12.50, chain="base-sepolia",)
print(result.bundle_id, result.tx_hash)Modules
| Module | Purpose |
|---|---|
oris | Top-level package: OrisClient, resources, errors. |
oris.protocol | L8 verifier client, network adapters, offline verification. |
oris.types | Pydantic models for every request and response shape. |
oris.errors | Typed exception hierarchy (OrisAuthError, OrisPolicyDeny, etc.). |
Resource surface
Every API tag maps to a resource on OrisClient:
client.agents # KYA + identityclient.wallets # multi-chain wallet primitiveclient.policies # spending rulesclient.payments # send, status, refundclient.micropayments # channel lifecycleclient.compliance # screening, attestationclient.audit # log verify + listclient.marketplace # list, search, order, settleclient.treasury # balances, refill, hierarchical budgetsclient.provider_keys # BYOKEach resource exposes a uniform CRUD surface plus domain-specific methods. The full method reference is documented inline in the package; see oris-sdk on PyPI for the auto-generated docstrings.
Authentication
Every authenticated call signs:
{timestamp}.{nonce}.{METHOD}.{path}.{SHA256(body)}with the developer’s Ed25519 private key. The SDK builds and signs this automatically. You only configure the API key and the private key.
client = OrisClient( api_key="oris_sk_live_...", private_key="oris_pk_live_...", # Optional base_url="https://api.useoris.xyz", timeout=30.0, max_retries=3,)Async client
from oris import AsyncOrisClient
async with AsyncOrisClient(api_key="...", private_key="...") as client: agent = await client.agents.create(name="async-bot", description="...") result = await client.payments.send( agent_id=agent.id, to_address="0xA1b2...", amount=12.50, chain="base-sepolia", )Same method names, awaitable. Connection pooling via httpx.AsyncClient under the hood.
The protocol namespace
For anyone who consumes Oris bundles (a verifier, a network operator, an auditor) but does not produce them:
from oris.protocol import OrisProtocol
p = OrisProtocol(network="base-sepolia")
# 1. Fetch the live verifier pubkeypubkey = p.verifier.get_pubkey()
# 2. Verify a compliance bundleverdict = p.verifier.verify( bundle_bytes_hex=bundle_hex, tx_intent_hex=tx_intent_hex, signer_pubkey_hex=agent_pubkey_hex,)
# 3. Verify the verdict's signature offline against the cached pubkeyok = p.verifier.verify_response_signature(verdict, pubkey.pubkey_hex)OrisProtocol does not require an API key. It is the read-side of the protocol.
Error hierarchy
from oris.errors import ( OrisError, # base OrisAuthError, # 401 / signature invalid OrisRateLimitError, # 429 OrisPolicyDeny, # policy engine rejected the payment OrisSanctionsError, # sanctions hit on counterparty OrisRevocationError, # tier 1 or tier 2 revocation OrisNetworkError, # network adapter failed)
try: client.payments.send(...)except OrisPolicyDeny as e: print(e.rule, e.detail)except OrisError as e: print(e)All HTTP-level errors map to typed exceptions with the reason code from the verifier verdict.
Where to go next
- Quickstart for the ten-minute end-to-end flow.
- Agent registration guide for the KYA L0 to L3 walkthrough.
- Bundle verification guide for
oris.protocoldeep dive. - API reference for every endpoint the SDK wraps.