fix(v2): snake_case attributes + alpha versioning before publish

Two pre-publish corrections to commit 6ec56f3:

1. Reshape camelCase dataclass attributes to snake_case per PEP 8.
   Add to_canonical_dict() methods that emit camelCase JSON for
   cross-impl byte-parity with TypeScript SDK. The canonical hash
   path now goes through to_canonical_dict; Python user-facing
   attributes are Pythonic.

   Byte-parity tests still pass — verified all 15 cross-impl
   scenarios produce byte-identical canonical JSON to the TS
   fixture.

2. Version bump 2.4.0 -> 2.4.0a0 (PEP 440 alpha). Symmetric with
   TS SDK 2.6.0-alpha.0 alpha-tag. Paper review window may
   shape-shift these primitives; alpha avoids forcing major-
   version ceremony for every adjustment. Default pip install
   still resolves to 2.3.0 stable; --pre opts into 2.4.0a0.

Author: aeoess

README.md

@@ -10,7 +10,7 @@
 pip install agent-passport-system
 ```
 
-> **Current PyPI version**: `2.4.0` (default install). Cross-language parity with `agent-passport-system` npm v2.6.0-alpha.0 covers identity, delegation, governance, data source registration, training attribution, per-period attribution settlement, mutual authentication, and the evidentiary type safety primitives (claim/evidence registry, claim verifier, contestation cascade). Wave 1 accountability primitives are still TypeScript-only this iteration.
+> **Current stable**: `2.3.0` (default `pip install`). **Pre-release**: `2.4.0a0` (`pip install --pre agent-passport-system==2.4.0a0`). The 2.4.0a0 alpha adds the evidentiary type safety primitives (claim/evidence registry, claim verifier with forbidden-substitution detection, contestation cascade) in symmetry with TypeScript SDK npm 2.6.0-alpha.0. Cross-impl byte-parity verified against TS-generated canonical JSON fixtures. Paper review window may shape-shift these primitives; alpha versioning avoids forcing major-version ceremony for every adjustment. Wave 1 accountability primitives are still TypeScript-only this iteration.
 
 
 ## Quick Start
@@ -110,7 +110,7 @@ This Python SDK implements all 8 Agent Passport Protocol layers:
 7. **Integration Wiring** — Cross-layer bridges (commerce+intent, coordination+agora)
 8. **Agentic Commerce** — 4-gate checkout, human approval, spend limits
 
-Strict subset of the [TypeScript SDK](https://www.npmjs.com/package/agent-passport-system) at npm v2.6.0-alpha.0. The four evidentiary type safety primitives (claim/evidence registry, claim verifier with forbidden-substitution detection, contestation cascade, GroundsClass extension) ship in `agent_passport.v2` from Python SDK 2.4.0 onward, with cross-impl byte-parity verified against TS-generated fixtures. Wave 1 accountability primitives (ActionReceipt, AuthorityBoundaryReceipt, CustodyReceipt, ContestabilityReceipt, APSBundle) ship in the TypeScript SDK only this iteration; full Python port deferred. The cascade primitive uses a minimal Python ContestabilityReceipt that widens when Wave 1 ports. Cross-language signature verification continues to work for the primitives Python does ship. Also available via the [MCP server](https://mcp.aeoess.com/sse).
+Strict subset of the [TypeScript SDK](https://www.npmjs.com/package/agent-passport-system) at npm v2.6.0-alpha.0. The four evidentiary type safety primitives (claim/evidence registry, claim verifier with forbidden-substitution detection, contestation cascade, GroundsClass extension) ship in `agent_passport.v2` from Python SDK 2.4.0a0 (alpha pre-release) onward, with cross-impl byte-parity verified against TS-generated fixtures. Wave 1 accountability primitives (ActionReceipt, AuthorityBoundaryReceipt, CustodyReceipt, ContestabilityReceipt, APSBundle) ship in the TypeScript SDK only this iteration; full Python port deferred. The cascade primitive uses a minimal Python ContestabilityReceipt that widens when Wave 1 ports. Cross-language signature verification continues to work for the primitives Python does ship. Also available via the [MCP server](https://mcp.aeoess.com/sse).
 
 ## Links
 

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "agent-passport-system"
-version = "2.4.0"
+version = "2.4.0a0"
 description = "Python SDK for the Agent Passport System. Identity, delegation, governance, data source registration, training attribution, per-period attribution settlement, mutual authentication, evidentiary type safety (claim/evidence registry, claim verifier with forbidden-substitution detection, contestation cascade). Cross-language parity with agent-passport-system npm v2.6.0-alpha.0 verified by byte-identical canonical JSON fixtures. Wave 1 accountability primitives in JS SDK; Python port deferred. Product intelligence lives in the private gateway."
 readme = "README.md"
 license = "Apache-2.0"

src/agent_passport/__init__.py

@@ -28,7 +28,7 @@
 Docs: https://aeoess.com/llms-full.txt
 """
 
-__version__ = "2.4.0"
+__version__ = "2.4.0a0"
 
 # Crypto
 from .crypto import generate_key_pair, sign, verify, public_key_from_private
@@ -285,7 +285,7 @@
 from .canonical import canonicalize_jcs
 
 
-# Evidentiary Type Safety primitives (SDK v2.4.0)
+# Evidentiary Type Safety primitives (SDK v2.4.0a0 alpha pre-release)
 # Ports of the four TypeScript SDK 2.6.0-alpha.0 primitives:
 # claim-evidence-types, claim-verifier, downstream-taint, GroundsClass.
 # ContestabilityReceipt fully ports when Wave 1 accountability ports;

src/agent_passport/v2/claim_verifier.py

@@ -47,8 +47,10 @@
      rest of this Python SDK does not carry.
 
 Pre-decided in the port spec: option 1. Documented here for future
-maintainers. The to_dict() helper drops None-valued fields so the
-canonical JSON form is byte-identical to what TypeScript produces.
+maintainers. Python attribute names are snake_case per PEP 8; the
+to_canonical_dict() method emits camelCase JSON keys for cross-impl
+byte-parity with TypeScript. The canonical-hash path goes through
+to_canonical_dict, not the dataclass attributes directly.
 """
 
 from dataclasses import dataclass, field
@@ -133,61 +135,59 @@ class ClaimVerificationResult:
 
     The `status` field is the discriminator. Per-variant fields are
     Optional and only populated when the discriminator selects them.
-    to_dict() drops None-valued fields so the canonical JSON shape
-    matches what the TypeScript discriminated union produces.
-
-    Field naming follows TS exactly (camelCase, not snake_case) for
-    cross-impl JSON byte-parity. Python callers reading these via
-    attribute access still get camelCase identifiers; this is the
-    deliberate trade-off for wire compatibility.
+    Python attribute names are snake_case per PEP 8; the
+    to_canonical_dict() method emits camelCase JSON keys for cross-impl
+    byte-parity with the TypeScript SDK. None-valued fields drop from
+    the canonical-dict output so each variant's JSON shape matches
+    TS exactly.
     """
 
     status: ClaimVerificationStatus
-    claimType: ClaimType
+    claim_type: ClaimType
     # 'valid' fields
-    satisfiedBy: Optional[List[RecordType]] = None
+    satisfied_by: Optional[List[RecordType]] = None
     # 'missing_evidence' fields
     missing: Optional[List[RecordType]] = None
     provided: Optional[List[RecordType]] = None
     # 'forbidden_substitution' fields
-    offendingRecord: Optional[RecordType] = None
+    offending_record: Optional[RecordType] = None
     reason: Optional[str] = None
     # 'bundle_requires_inclusion_proof' fields
-    bundleRecord: Optional[APSBundle] = None
+    bundle_record: Optional[APSBundle] = None
     # 'contested' fields
-    contestedRecordId: Optional[str] = None
-    contestationId: Optional[str] = None
-    contestationStatus: Optional[ContestStatus] = None
+    contested_record_id: Optional[str] = None
+    contestation_id: Optional[str] = None
+    contestation_status: Optional[ContestStatus] = None
 
-    def to_dict(self) -> dict:
-        """Serialize as a dict matching the TS discriminated-union shape.
+    def to_canonical_dict(self) -> dict:
+        """Emit camelCase JSON dict for cross-impl byte-parity with TS.
 
-        None-valued fields drop. Enums collapse to their string values.
-        Lists of enums collapse element-wise. Use this output as the
-        input to canonicalize() for cross-impl byte comparison.
+        The canonical hash path uses this output, not the dataclass
+        attributes. None-valued fields drop. Enums collapse to their
+        string values. Lists of enums collapse element-wise.
         """
         out: dict = {
             "status": self.status,
-            "claimType": _enum_value(self.claimType),
+            "claimType": _enum_value(self.claim_type),
         }
-        if self.satisfiedBy is not None:
-            out["satisfiedBy"] = [_enum_value(r) for r in self.satisfiedBy]
+        if self.satisfied_by is not None:
+            out["satisfiedBy"] = [_enum_value(r) for r in self.satisfied_by]
         if self.missing is not None:
             out["missing"] = [_enum_value(r) for r in self.missing]
         if self.provided is not None:
             out["provided"] = [_enum_value(r) for r in self.provided]
-        if self.offendingRecord is not None:
-            out["offendingRecord"] = _enum_value(self.offendingRecord)
+        if self.offending_record is not None:
+            out["offendingRecord"] = _enum_value(self.offending_record)
         if self.reason is not None:
             out["reason"] = self.reason
-        if self.bundleRecord is not None:
-            out["bundleRecord"] = self.bundleRecord
-        if self.contestedRecordId is not None:
-            out["contestedRecordId"] = self.contestedRecordId
-        if self.contestationId is not None:
-            out["contestationId"] = self.contestationId
-        if self.contestationStatus is not None:
-            out["contestationStatus"] = self.contestationStatus
+        if self.bundle_record is not None:
+            out["bundleRecord"] = self.bundle_record
+        if self.contested_record_id is not None:
+            out["contestedRecordId"] = self.contested_record_id
+        if self.contestation_id is not None:
+            out["contestationId"] = self.contestation_id
+        if self.contestation_status is not None:
+            out["contestationStatus"] = self.contestation_status
         return out
 
 
@@ -213,7 +213,7 @@ def verify_evidence_claim(input: ClaimVerificationInput) -> ClaimVerificationRes
     if profile is None:
         return ClaimVerificationResult(
             status="unsupported_claim_type",
-            claimType=claim_type,
+            claim_type=claim_type,
         )
 
     # 2. profile_not_populated — registry entry is a stub.
@@ -222,7 +222,7 @@ def verify_evidence_claim(input: ClaimVerificationInput) -> ClaimVerificationRes
     if not has_required and not has_forbidden:
         return ClaimVerificationResult(
             status="profile_not_populated",
-            claimType=claim_type,
+            claim_type=claim_type,
         )
 
     # 3. bundle_requires_inclusion_proof — APSBundle slipped in for a
@@ -232,8 +232,8 @@ def verify_evidence_claim(input: ClaimVerificationInput) -> ClaimVerificationRes
             if entry.record_type == RecordType.APSBundle:
                 return ClaimVerificationResult(
                     status="bundle_requires_inclusion_proof",
-                    claimType=claim_type,
-                    bundleRecord=entry.record,
+                    claim_type=claim_type,
+                    bundle_record=entry.record,
                 )
 
     # 4. forbidden_substitution — first match wins, in evidence order.
@@ -242,8 +242,8 @@ def verify_evidence_claim(input: ClaimVerificationInput) -> ClaimVerificationRes
         if reason is not None:
             return ClaimVerificationResult(
                 status="forbidden_substitution",
-                claimType=claim_type,
-                offendingRecord=entry.record_type,
+                claim_type=claim_type,
+                offending_record=entry.record_type,
                 reason=reason,
             )
 
@@ -254,7 +254,7 @@ def verify_evidence_claim(input: ClaimVerificationInput) -> ClaimVerificationRes
     if missing:
         return ClaimVerificationResult(
             status="missing_evidence",
-            claimType=claim_type,
+            claim_type=claim_type,
             missing=missing,
             provided=provided_types,
         )
@@ -269,15 +269,15 @@ def verify_evidence_claim(input: ClaimVerificationInput) -> ClaimVerificationRes
             if lookup is not None and lookup.status in BLOCKING_CONTEST_STATUSES:
                 return ClaimVerificationResult(
                     status="contested",
-                    claimType=claim_type,
-                    contestedRecordId=entry.receipt_id,
-                    contestationId=lookup.contestation_id,
-                    contestationStatus=lookup.status,
+                    claim_type=claim_type,
+                    contested_record_id=entry.receipt_id,
+                    contestation_id=lookup.contestation_id,
+                    contestation_status=lookup.status,
                 )
 
     # 7. valid.
     return ClaimVerificationResult(
         status="valid",
-        claimType=claim_type,
-        satisfiedBy=list(profile.required),
+        claim_type=claim_type,
+        satisfied_by=list(profile.required),
     )

src/agent_passport/v2/downstream_taint.py

@@ -107,23 +107,50 @@ def is_contestation_tainting(c: ContestabilityReceipt) -> bool:
 
 @dataclass
 class TaintedRecord:
-    """One receipt downstream of a tainting contestation."""
+    """One receipt downstream of a tainting contestation.
+
+    Python attribute names are snake_case per PEP 8; to_canonical_dict
+    emits camelCase JSON keys for cross-impl byte-parity with TS.
+    """
 
     receipt_id: str
     record_type: RecordType
     taint_reason: str
     # 1 = direct reference to the contested action_id. 2+ = transitive.
     taint_depth: int
 
+    def to_canonical_dict(self) -> dict:
+        """Emit camelCase JSON dict for cross-impl byte-parity with TS."""
+        return {
+            "receiptId": self.receipt_id,
+            "recordType": self.record_type.value
+            if isinstance(self.record_type, RecordType)
+            else self.record_type,
+            "taintReason": self.taint_reason,
+            "taintDepth": self.taint_depth,
+        }
+
 
 @dataclass
 class TaintedSet:
-    """Result of computing the cascade closure."""
+    """Result of computing the cascade closure.
+
+    Python attribute names are snake_case per PEP 8; to_canonical_dict
+    emits camelCase JSON keys for cross-impl byte-parity with TS.
+    """
 
     root_action_id: str
     root_contestation_id: str
     tainted: List[TaintedRecord] = field(default_factory=list)
 
+    def to_canonical_dict(self) -> dict:
+        """Emit camelCase JSON dict for cross-impl byte-parity with TS."""
+        return {
+            "rootActionId": self.root_action_id,
+            "rootContestationId": self.root_contestation_id,
+            "tainted": [t.to_canonical_dict() for t in self.tainted],
+        }
+
 
 @dataclass
 class TaintCandidate:

tests/v2/test_claim_verifier.py

@@ -57,8 +57,8 @@ def test_binding_commitment_with_only_action_receipt_returns_forbidden_substitut
         )
     )
     assert result.status == "forbidden_substitution"
-    assert result.claimType == ClaimType.BINDING_COMMITMENT
-    assert result.offendingRecord == RecordType.ActionReceipt
+    assert result.claim_type == ClaimType.BINDING_COMMITMENT
+    assert result.offending_record == RecordType.ActionReceipt
     assert (
         result.reason
         == "Action receipts prove execution or communication, not binding commitment."
@@ -76,7 +76,7 @@ def test_binding_commitment_with_promotion_and_provisional_returns_valid():
         )
     )
     assert result.status == "valid"
-    assert result.satisfiedBy == [
+    assert result.satisfied_by == [
         RecordType.PromotionEvent,
         RecordType.ProvisionalStatement,
     ]
@@ -94,7 +94,7 @@ def test_authority_to_execute_with_authority_boundary_returns_valid():
         )
     )
     assert result.status == "valid"
-    assert result.satisfiedBy == [RecordType.AuthorityBoundaryReceipt]
+    assert result.satisfied_by == [RecordType.AuthorityBoundaryReceipt]
 
 
 def test_authority_to_execute_with_no_evidence_returns_missing_evidence():
@@ -112,7 +112,7 @@ def test_batch_attested_with_aps_bundle_returns_valid():
         )
     )
     assert result.status == "valid"
-    assert result.satisfiedBy == [RecordType.APSBundle]
+    assert result.satisfied_by == [RecordType.APSBundle]
 
 
 def test_binding_commitment_with_aps_bundle_returns_bundle_requires_inclusion_proof():
@@ -124,7 +124,7 @@ def test_binding_commitment_with_aps_bundle_returns_bundle_requires_inclusion_pr
         )
     )
     assert result.status == "bundle_requires_inclusion_proof"
-    assert result.bundleRecord == bundle_rec
+    assert result.bundle_record == bundle_rec
 
 
 def test_evidence_custody_held_with_action_receipt_forbidden():
@@ -135,7 +135,7 @@ def test_evidence_custody_held_with_action_receipt_forbidden():
         )
     )
     assert result.status == "forbidden_substitution"
-    assert result.offendingRecord == RecordType.ActionReceipt
+    assert result.offending_record == RecordType.ActionReceipt
     assert "held the evidence" in result.reason.lower()
 
 
@@ -147,7 +147,7 @@ def test_evidence_custody_held_with_custody_receipt_valid():
         )
     )
     assert result.status == "valid"
-    assert result.satisfiedBy == [RecordType.CustodyReceipt]
+    assert result.satisfied_by == [RecordType.CustodyReceipt]
 
 
 def test_effect_safety_attested_with_full_chain_returns_profile_not_populated():
@@ -167,7 +167,7 @@ def test_effect_safety_attested_with_full_chain_returns_profile_not_populated():
         )
     )
     assert result.status == "profile_not_populated"
-    assert result.claimType == ClaimType.EFFECT_SAFETY_ATTESTED
+    assert result.claim_type == ClaimType.EFFECT_SAFETY_ATTESTED
 
 
 def test_unsupported_claim_type():
@@ -221,9 +221,9 @@ def resolver(record_id):
         )
     )
     assert result.status == "contested"
-    assert result.contestedRecordId == "auth_001"
-    assert result.contestationId == "contest_xyz"
-    assert result.contestationStatus == "filed"
+    assert result.contested_record_id == "auth_001"
+    assert result.contestation_id == "contest_xyz"
+    assert result.contestation_status == "filed"
 
 
 def test_resolver_rejected_returns_valid():
@@ -264,7 +264,7 @@ def resolver(record_id):
         )
     )
     assert result.status == "contested"
-    assert result.contestationStatus == "upheld"
+    assert result.contestation_status == "upheld"
 
 
 # ── Cross-impl byte-parity (load TS fixtures, assert byte-identical output) ──
@@ -309,7 +309,7 @@ def test_verifier_byte_parity_with_ts(fixture):
         evidence=evidence,
     )
     result = verify_evidence_claim(input)
-    result_dict = result.to_dict()
+    result_dict = result.to_canonical_dict()
     result_dict.pop("bundleRecord", None)
     canonical = canonicalize(result_dict)
     digest = hashlib.sha256(canonical.encode("utf-8")).hexdigest()