DevTools / DX skeptic — Quickstart
Does the package actually import? Yes, in v0.4.0-rc.2. Here's the smallest possible test you can run in 60 seconds to verify the DX claim before reading anything else.
You're here because…
You're a senior DX-minded developer and the funnel evaluation said the previous Attestix install required sys.path.insert to a cloned repo because pip install attestix dropped flat top-level packages (services/, auth/, storage/, …) into site-packages. That was the cheapest, loudest failure across the whole ICP review. v0.4.0-rc.2 fixes it. This page exists so you can prove that, end-to-end, in under a minute, without reading any other doc.
60-second install
python -m venv /tmp/attestix-smoketest && \
. /tmp/attestix-smoketest/bin/activate && \
pip install --pre attestixWindows PowerShell:
python -m venv $env:TEMP\attestix-smoketest
& $env:TEMP\attestix-smoketest\Scripts\Activate.ps1
pip install --pre attestixFirst 30 lines that actually do something
# smoketest.py — runs from any directory, no sys.path hack.
from attestix.services.identity_service import IdentityService
svc = IdentityService()
agent = svc.create_identity(
display_name="smoketest",
source_protocol="manual",
capabilities=["test"],
issuer_name="VibeTensor",
)
verification = svc.verify_identity(agent["agent_id"])
assert verification["valid"], verification
print("OK", agent["agent_id"], agent["issuer"]["did"])Run it:
python smoketest.py
# OK attestix:abc... did:key:z6Mk...Then prove there are no legacy imports anywhere in your dependency graph:
python -W error::DeprecationWarning -c \
"from attestix.services.identity_service import IdentityService; print('canonical ok')"If you see canonical ok and zero stderr, the import surface is clean. If you see a DeprecationWarning it means something in your tree is still hitting the legacy flat shim (from services..., from auth..., etc.) — see the namespace migration guide.
What you just got
- Proof the package imports from a clean venv with no path hacks.
- A signed Ed25519 identity row in
identities.json(cwd-relative). Delete the file to reset. - A canonical
attestix.*import path that maps 1:1 to every module name — same names you'd discover viapython -c "import attestix; help(attestix)".
Honest things you should know before sending this to your team
- v0.4.0-rc.2 is a release candidate. The legacy flat top-level packages (
services/,auth/,storage/, …) are still installed as deprecation shims and will be removed in v0.5.0. - Single maintainer, ~15 GitHub stars, no third-party security audit. The package is functional but not yet enterprise-hardened — see the enterprise architect quickstart for the explicit gap list.
- The signing key lives in
.signing_key.jsonin the working directory and is plaintext by default. SetATTESTIX_KEY_PASSPHRASEto enable AES-256-GCM encryption at rest.
Next step (5 minutes)
If the smoke test passed and you want to see the actual product surface, clone the repo and run the bundled end-to-end example (9-step compliance workflow, ~3 seconds):
git clone https://github.com/VibeTensor/attestix.git
python attestix/examples/quickstart.pyOr jump straight to the Integration Guide for LangChain / OpenAI Agents / CrewAI wiring.
EU AI Act / GRC consultant — Quickstart
Generate Annex IV technical documentation and an Annex V Declaration of Conformity for a client's high-risk AI system. Honest about where cryptographic integrity ends and human / notified-body sign-off begins.
Web3 / on-chain dev — Quickstart
Anchor an Attestix artefact to Base L2 Sepolia testnet via the Ethereum Attestation Service. Schema UID, gas estimate, faucet, on-chain verification — testnet only in v0.4.0.