Document ecosystem: capsule-go and capsule-litellm

bradleygauthier · bradleygauthier · commit 861d18aa7b2f · 2026-03-15T09:14:50.000-05:00
README: restructure implementations section into Reference
Implementations (this repo) and Ecosystem Libraries (separate
repos). Add Quick Start sections for Go verification and
LiteLLM integration alongside existing Python and TypeScript.
Update footer links to include all four languages.

docs/README.md: add Ecosystem Libraries section documenting
capsule-go (Go verifier) and capsule-litellm (LiteLLM callback).

docs/architecture.md: add Ecosystem section with ASCII diagram
showing protocol, reference impls, ecosystem libs, and
integrations. Document capsule-go (verification-only design,
use cases) and capsule-litellm (prompt hashing, swallow_errors,
two-line integration).
diff --git a/README.md b/README.md
@@ -121,14 +121,10 @@ The **Capsule Protocol Specification (CPS)** defines the complete protocol:
 |---|---|
 | [CPS v1.0](./spec/) | Record structure, canonical serialization, sealing algorithm, hash chain rules |
 | [URI Scheme](./spec/uri-scheme.md) | `capsule://` content-addressable references |
-| [Conformance Suite](./conformance/) | 16 golden test vectors for cross-language verification |
+| [Conformance Suite](./conformance/) | 16 golden vectors (valid) + 15 negative vectors (invalid) |
 
 The specification is language-agnostic. Any implementation that passes the conformance suite can seal and verify Capsules produced by any other.
 
-```
-  Language A (seal)  ──→  Canonical JSON + SHA3-256 + Ed25519  ──→  Language B (verify) ✓
-```
-
 ---
 
 ## Example Capsule
@@ -164,16 +160,32 @@ See more examples in [`examples/`](./examples/).
 
 ---
 
-## Reference Implementations
+## Implementations
+
+### Reference Implementations
+
+These live in this repository and define correct behavior for each language.
 
 | Language | Status | Install | Source |
 |---|---|---|---|
-| **Python** | v1.3.0 (stable) | `pip install qp-capsule` | [`reference/python/`](./reference/python/) |
-| **TypeScript** | v0.0.1 (conformant, 16/16 fixtures) | `npm install @quantumpipes/capsule` | [`reference/typescript/`](./reference/typescript/) |
-| Go | Separate repo (planned) | — | [quantumpipes/capsule-go](https://github.com/quantumpipes/capsule-go) |
-| Rust | Separate repo (planned) | — | [quantumpipes/capsule-rust](https://github.com/quantumpipes/capsule-rust) |
+| **Python** | v1.3.0 — create, seal, verify, chain, store, CLI | `pip install qp-capsule` | [`reference/python/`](./reference/python/) |
+| **TypeScript** | v0.0.1 — create, seal, verify, chain | `npm install @quantumpipes/capsule` | [`reference/typescript/`](./reference/typescript/) |
+
+### Ecosystem Libraries
+
+These extend the protocol to new languages and frameworks.
+
+| Library | Purpose | Install | Source |
+|---|---|---|---|
+| **[capsule-go](https://github.com/quantumpipes/capsule-go)** | Verify Capsules in Go | `go get github.com/quantumpipes/capsule-go` | [quantumpipes/capsule-go](https://github.com/quantumpipes/capsule-go) |
+| **[capsule-litellm](https://github.com/quantumpipes/capsule-litellm)** | Automatic audit trail for LiteLLM | `pip install capsule-litellm` | [quantumpipes/capsule-litellm](https://github.com/quantumpipes/capsule-litellm) |
+| capsule-rust | Verify Capsules in Rust | — | Planned |
+
+All implementations must pass the [conformance suite](./conformance/). The specification is the source of truth.
 
-All reference implementations must pass the [conformance suite](./conformance/). The specification is the source of truth; implementations follow.
+```
+  Language A (seal)  ──→  Canonical JSON + SHA3-256 + Ed25519  ──→  Language B (verify) ✓
+```
 
 ### Quick Start (Python)
 
@@ -197,23 +209,47 @@ seal.seal(capsule)
 assert seal.verify(capsule)
 ```
 
-### CLI
+### Quick Start (Go — Verification)
 
-The Python package includes a CLI for verification, inspection, and key management:
+```bash
+go get github.com/quantumpipes/capsule-go
+```
+
+```go
+import capsule "github.com/quantumpipes/capsule-go"
+
+// Verify a capsule's hash integrity
+valid := capsule.VerifyHash(capsuleDict, expectedHash)
+
+// Verify an Ed25519 signature
+valid := capsule.VerifySignature(hashHex, signatureHex, publicKeyHex)
+
+// Verify an entire chain (structural + cryptographic)
+errs := capsule.VerifyChainFull(sealedCapsules)
+```
+
+The Go library is verification-only by design. Seal in any language, verify in Go — infrastructure tooling, CI gates, and audit pipelines can validate Capsules without a full SDK.
+
+### Quick Start (LiteLLM Integration)
 
 ```bash
-capsule verify chain.json                      # Structural verification
-capsule verify --full --db capsules.db         # + SHA3-256 recomputation
-capsule verify --signatures --json chain.json  # + Ed25519, JSON output
-capsule inspect --db capsules.db --seq 47      # Full 6-section display
-capsule keys info                              # Epoch history
-capsule keys rotate                            # Rotate to new key (no downtime)
-capsule hash document.pdf                      # SHA3-256 of any file
+pip install capsule-litellm
 ```
 
-Exit codes: `0` = pass, `1` = fail, `2` = error. Designed for CI/CD gates: `capsule verify --quiet && deploy`.
+```python
+import litellm
+from capsule_litellm import CapsuleLogger
 
-See the [Python reference documentation](./reference/python/) for the full guide.
+litellm.callbacks = [CapsuleLogger()]
+
+# Every LLM call now produces a sealed Capsule automatically
+response = litellm.completion(
+    model="gpt-4o",
+    messages=[{"role": "user", "content": "Deploy service v2.4"}],
+)
+```
+
+Two lines of code. Every `litellm.completion()` and `litellm.acompletion()` call produces a sealed, hash-chained Capsule with the model identity, SHA3-256 prompt hash, token metrics, and latency — without touching your application code.
 
 ### Quick Start (TypeScript)
 
@@ -241,7 +277,23 @@ await seal(capsule, privateKey);
 console.log(await verify(capsule, await publicKey)); // true
 ```
 
-See the [TypeScript reference documentation](./reference/typescript/) for the full guide.
+### CLI
+
+The Python package includes a CLI for verification, inspection, and key management:
+
+```bash
+capsule verify chain.json                      # Structural verification
+capsule verify --full --db capsules.db         # + SHA3-256 recomputation
+capsule verify --signatures --json chain.json  # + Ed25519, JSON output
+capsule inspect --db capsules.db --seq 47      # Full 6-section display
+capsule keys info                              # Epoch history
+capsule keys rotate                            # Rotate to new key (no downtime)
+capsule hash document.pdf                      # SHA3-256 of any file
+```
+
+Exit codes: `0` = pass, `1` = fail, `2` = error. Designed for CI/CD gates: `capsule verify --quiet && deploy`.
+
+See the [Python reference documentation](./reference/python/) for the full guide.
 
 ---
 
@@ -294,7 +346,7 @@ See [CONTRIBUTING.md](./CONTRIBUTING.md). Protocol changes go through the [CPS c
 
 **∀ action: ∃ capsule**
 
-An open protocol · Reference implementations in [Python](./reference/python/) and [TypeScript](./reference/typescript/) · [Conformance suite](./conformance/) for any language
+An open protocol · [Python](./reference/python/) · [TypeScript](./reference/typescript/) · [Go](https://github.com/quantumpipes/capsule-go) · [LiteLLM](https://github.com/quantumpipes/capsule-litellm) · [Conformance suite](./conformance/) for any language
 
 [Specification](./spec/) · [Conformance](./conformance/) · [Security Policy](./SECURITY.md) · [Patent Grant](./PATENTS.md)
 
diff --git a/docs/README.md b/docs/README.md
@@ -30,3 +30,12 @@ Each reference implementation has its own documentation:
 |---|---|
 | [Python](../reference/python/docs/) | API reference, getting started, high-level API |
 | [TypeScript](../reference/typescript/) | README with API reference, quick start, conformance status |
+
+## Ecosystem Libraries
+
+These extend the protocol to additional languages and frameworks. Each lives in its own repository.
+
+| Library | What It Does | Repository |
+|---|---|---|
+| **capsule-go** | Verify Capsules in Go. Canonical JSON serialization, SHA3-256 hashing, Ed25519 signature verification, and structural/cryptographic chain verification. Passes all 16 golden vectors. Verification-only by design — seal in any language, verify in Go. | [quantumpipes/capsule-go](https://github.com/quantumpipes/capsule-go) |
+| **capsule-litellm** | Automatic Capsule creation for every LLM call through LiteLLM. Two lines to add. Captures model identity, SHA3-256 prompt hash (not the prompt itself), token counts, latency, and errors. Sync and async. | [quantumpipes/capsule-litellm](https://github.com/quantumpipes/capsule-litellm) |
diff --git a/docs/architecture.md b/docs/architecture.md
@@ -460,13 +460,68 @@ capsule hash document.pdf                     # SHA3-256 of any file
 
 ---
 
+## Ecosystem
+
+The Capsule Protocol is implemented across languages and frameworks. The specification and conformance suite live in this repository. Ecosystem libraries extend the protocol to new runtimes.
+
+```
+┌─────────────────────────────────────────────────────────────────────┐
+│                     Capsule Protocol (CPS v1.0)                     │
+│               spec/ · conformance/ · 16 golden vectors              │
+├──────────────────────┬──────────────────────┬───────────────────────┤
+│   Reference Impls    │   Ecosystem Libs     │   Integrations        │
+│   (this repo)        │   (separate repos)   │   (separate repos)    │
+├──────────────────────┼──────────────────────┼───────────────────────┤
+│ Python (qp-capsule)  │ Go (capsule-go)      │ LiteLLM               │
+│   create + seal      │   verify only        │   (capsule-litellm)   │
+│   verify + chain     │   canonical JSON     │   auto-seal LLM calls │
+│   store + CLI        │   SHA3 + Ed25519     │   prompt hash, tokens │
+│                      │   chain verification │   sync + async        │
+│ TypeScript           │                      │                       │
+│   create + seal      │ Rust (planned)       │                       │
+│   verify + chain     │                      │                       │
+└──────────────────────┴──────────────────────┴───────────────────────┘
+```
+
+### capsule-go — Verification in Go
+
+[`quantumpipes/capsule-go`](https://github.com/quantumpipes/capsule-go) is a Go library for verifying Capsules. It implements canonical JSON serialization (CPS Section 2), SHA3-256 hashing (Section 3.1), Ed25519 signature verification (Section 3.2), and chain verification at all three levels (Section 7.5). It passes all 16 golden conformance vectors.
+
+The library is verification-only by design. Infrastructure tooling, CI/CD gates, Kubernetes admission controllers, and audit pipelines can validate Capsules sealed by any language without pulling in a full creation SDK. Dependencies are `crypto/ed25519` (stdlib) and `golang.org/x/crypto/sha3`.
+
+```go
+import capsule "github.com/quantumpipes/capsule-go"
+
+valid := capsule.VerifyHash(capsuleDict, expectedHash)   // content integrity
+valid := capsule.VerifySignature(hash, sig, pubKey)       // Ed25519 authenticity
+errs  := capsule.VerifyChainFull(sealedCapsules)          // structural + cryptographic
+```
+
+### capsule-litellm — Automatic Audit Trail for LLM Calls
+
+[`quantumpipes/capsule-litellm`](https://github.com/quantumpipes/capsule-litellm) is a LiteLLM callback that creates a sealed, hash-chained Capsule for every LLM call. Two lines to integrate. No application code changes.
+
+Each Capsule records the model, a SHA3-256 hash of the prompt (the prompt itself is never stored), token counts, latency, and success or failure status. Supports both `litellm.completion()` and `litellm.acompletion()`. Errors in capsule creation are swallowed by default so they never interrupt the LLM call path.
+
+```python
+import litellm
+from capsule_litellm import CapsuleLogger
+
+litellm.callbacks = [CapsuleLogger()]
+# Every LLM call now produces a sealed Capsule
+```
+
+---
+
 ## Related Documentation
 
 - [Why Capsules](./why-capsules.md) — The case for cryptographic AI memory
 - [Security Evaluation](./security.md) — Cryptographic guarantees for CISOs
 - [Compliance Mapping](./compliance/) — Regulatory framework alignment
 - [CPS Specification](../spec/) — Protocol rules for SDK authors
 - [Python Reference](../reference/python/) — Python API reference and quickstart
+- [Go Verifier](https://github.com/quantumpipes/capsule-go) — Verify Capsules in Go
+- [LiteLLM Integration](https://github.com/quantumpipes/capsule-litellm) — Auto-seal LLM calls
 
 ---
 
