sigstore-models

0.0.6 verified Mon Apr 27 auth: no python

Pydantic based models for Sigstore's protobuf specifications. Version 0.0.6 supports Python >=3.10. The library provides Pythonic data structures for Sigstore bundles, verifiable materials, and other sigstore artifacts. Currently in early active development with frequent releases.

pip install sigstore-models

Common errors

error ImportError: cannot import name 'Bundle' from 'sigstore' ↓

cause Incorrect package name; using 'sigstore' instead of 'sigstore_models'.

fix

Use 'from sigstore_models import Bundle'

error pydantic_core._pydantic_core.ValidationError: 1 validation error for Bundle ↓

cause The input JSON does not match the expected structure (e.g., missing required field).

fix

Ensure the bundle conforms to the latest Sigstore bundle spec. Use bundle.model_dump() to see expected schema.

error AttributeError: module 'sigstore_models' has no attribute 'Bundle' ↓

cause Installed version is too old (pre-0.0.2) or import path wrong.

fix

Upgrade to latest: pip install --upgrade sigstore-models, then import correctly.

Warnings

breaking Drop of Python 3.9 support in v0.0.6. Upgrade to Python 3.10+ after updating. ↓

fix Use Python 3.10 or higher. If stuck on 3.9, pin to sigstore-models<0.0.6.

gotcha The library currently has no stable release and APIs may change without notice in minor version bumps. ↓

fix Pin dependencies to exact version (e.g., sigstore-models==0.0.6) in production.

deprecated Some model fields may be renamed as the protobuf spec evolves. Always validate with recent bundles. ↓

fix Use model_dump() to inspect fields after loading if you encounter validation errors.

Imports

Bundle

wrong

from sigstore.models import Bundle

correct

from sigstore_models import Bundle

Package name uses underscore, not hyphen

VerificationMaterial
```
from sigstore_models import VerificationMaterial
```
Commonly used type for verifying signatures

Quickstart

Load and validate a Sigstore bundle from a JSON file using the Pydantic model. Requires Python >=3.10.

from sigstore_models import Bundle

# Load a bundle from a file (e.g., sigstore bundle JSON)
import json
with open('bundle.sigstore.json') as f:
    data = json.load(f)
bundle = Bundle.model_validate(data)
print(bundle.media_type)