Metadata-Version: 2.4
Name: synth-provenance-api
Version: 0.1.0
Summary: Compliance proxy for AI-generated media with C2PA watermarking and audit trails
Author-email: ZachOS Mesh <dev@example.com>
License: MIT
Requires-Python: >=3.11
Requires-Dist: alembic>=1.13.0
Requires-Dist: fastapi>=0.110.0
Requires-Dist: httpx>=0.26.0
Requires-Dist: jinja2>=3.1.3
Requires-Dist: opencv-python-headless>=4.9.0
Requires-Dist: passlib[bcrypt]>=1.7.4
Requires-Dist: pillow>=10.2.0
Requires-Dist: pydantic-settings>=2.1.0
Requires-Dist: pydantic>=2.6.0
Requires-Dist: python-dateutil>=2.8.2
Requires-Dist: python-jose[cryptography]>=3.3.0
Requires-Dist: python-multipart>=0.0.9
Requires-Dist: sqlalchemy>=2.0.25
Requires-Dist: uvicorn[standard]>=0.27.0
Provides-Extra: dev
Requires-Dist: black>=24.0.0; extra == 'dev'
Requires-Dist: httpx>=0.26.0; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
Requires-Dist: pytest>=8.0.0; extra == 'dev'
Requires-Dist: ruff>=0.2.0; extra == 'dev'
Description-Content-Type: text/markdown

# synth-provenance-api

**A compliance proxy for synthetic media generation—automatically inject C2PA credentials, watermarks, and audit trails into AI video/image APIs.**

## What is this?

`synth-provenance-api` is a FastAPI middleware that sits between your application and AI generation models (Replicate, HuggingFace, local deployments), transparently adding legal compliance and provenance metadata. It addresses the critical gap between rapid synthetic media adoption and EU AI Act Annex III enforcement (Q3 2026) by ensuring every generated image/video carries cryptographically signed content credentials, visible/invisible watermarks, and immutable audit trails.

Works as a drop-in HTTP proxy—no model retraining or client code changes required.

## Features

- **C2PA Content Credentials** – Cryptographically signed provenance metadata (model info, generation parameters, timestamp)
- **Dual Watermarking** – Configurable visible overlays + invisible (LSB/DCT) watermarks resistant to compression
- **Audit Trail** – SQLite-backed logging of all generations (user, prompt, model, timestamp, outputs) with retention policies
- **Multi-Provider Support** – Proxy requests to Replicate, HuggingFace, or self-hosted models via single API
- **Role-Based Access Control** – API tokens with scoped permissions (generate, audit, admin)
- **Compliance Reports** – Export audit logs and watermark verification proofs as PDF for legal teams
- **Production-Ready** – Docker deployment, database migrations (Alembic), middleware security, error handling

## Quick Start

### Installation

```bash
# Clone the repository
git clone https://github.com/yourusername/synth-provenance-api.git
cd synth-provenance-api

# Create virtual environment
python -m venv venv
source venv/bin/activate  # or `venv\Scripts\activate` on Windows

# Install dependencies
pip install -r pyproject.toml

# Copy environment template and configure
cp .env.example .env
# Edit .env with your API keys (Replicate, HuggingFace, C2PA signing cert)
```

### Docker Deployment

```bash
docker build -t synth-provenance-api .
docker run -p 8000:8000 --env-file .env synth-provenance-api
```

### Database Setup

```bash
# Run migrations
alembic upgrade head
```

## Usage

### Generate image with automatic watermarking & credentials

```bash
curl -X POST http://localhost:8000/api/generate \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d {
    "prompt": "a serene landscape at sunset",
    "model": "replicate:stability-ai/sdxl",
    "watermark_type": "visible",
    "watermark_opacity": 0.15
  }
```

**Response:**
```json
{
  "id": "gen_abc123xyz",
  "output_url": "https://cdn.example.com/output.png",
  "c2pa_manifest": "eyJjbGFpbXMiOiBbeyJ0eXBlIjogIm1vZGVsIn1dLCJ0aW1lc3RhbXAiOiAiMjAyNC0wMi0xNVQxMDozMDoxNloifQ==",
  "watermark_embedded": true,
  "audit_id": "audit_def456"
}
```

### Query audit trail

```bash
curl -X GET "http://localhost:8000/api/audit?user_id=user_123&limit=50" \
  -H "Authorization: Bearer YOUR_API_TOKEN"
```

### Export compliance report

```bash
curl -X POST http://localhost:8000/api/admin/export-report \
  -H "Authorization: Bearer ADMIN_TOKEN" \
  -d '{"start_date": "2024-01-01", "end_date": "2024-02-15"}' \
  --output compliance_report.pdf
```

## Tech Stack

- **Framework** – FastAPI (async, OpenAPI docs)
- **Database** – SQLite + Alembic (migrations)
- **Watermarking** – OpenCV, Pillow (visible & invisible)
- **C2PA** – c2pa-python library (content credentials)
- **Auth** – JWT tokens with role-based scopes
- **Deployment** – Docker, environment-based config
- **Testing** – pytest (see `tests/`)

## Configuration

All configuration via `.env`:

```env
# API Keys
REPLICATE_API_KEY=your_key
HUGGINGFACE_API_KEY=your_key

# C2PA Signing
C2PA_PRIVATE_KEY_PATH=/etc/certs/private.pem
C2PA_CERT_PATH=/etc/certs/cert.pem

# Database
DATABASE_URL=sqlite:///./data/audit.db

# Watermark Defaults
WATERMARK_TEXT="Generated by AI - See credentials"
WATERMARK_OPACITY=0.12

# Audit Retention (days)
AUDIT_RETENTION_DAYS=365
```

## License

MIT

---

**Questions?** Check [OVERVIEW.md](./OVERVIEW.md) for architecture details or open an issue.