python – How can I tweak a private key in bitcoin core

I’ve done the bitcoin taproot workshop a couple times now and starting to get a grip of what is going on, but I can’t find where I can do the same things in the workshop’s provided python libraries with bitcoin core

I think you need to be clearer on exactly what you want to achieve. There is Taproot code in Python in the Bitcoin Core functional tests if you want to dig a bit deeper for educational purposes in Python. But that isn’t set up to be a standalone library to interact with. A Python library that does have Taproot support (and MuSig2 support) is buidl-python. Other Python libraries like python-bitcoinlib, ofek’s bit and darosior’s python-bip380 don’t support Taproot at the time of writing (May 2023) unfortunately.

Could bitcoin core benefit from this added functionality? Command’s like tweak add, Tapleaf construction of csa, hashlock, csa hashlock delay and proper Tapscript construction?

Bitcoin Core as a full node implementation already supports verifying any Taproot spend in C++. The Bitcoin Core wallet supports Taproot via the tr() descriptor again written in C++. OP_CHECKSIGADD (CSA) is supported via the multi_a and sortedmulti_a descriptors within the tr() descriptor. Hashlocks isn’t at the time of writing (May 2023) supported within the tr() descriptor but there is a PR open (PR 27255) to add Taproot’d Miniscript to the Bitcoin Core wallet which would enable it.

I can generate a new address, but how do I tweak it with the tap script?

A note on the terminology. You tweak the internal public key, you don’t tweak the address. How you tweak the internal public key is explained in the Bitcoin Optech Taproot workshop here.

I’m also wary of generating my own keys, as the workshop says specifically not to do that. “Bad randomness and no side channel protection.” to loosely quote.

Right now it seems like I would have to implement these features in a separate python library, maybe by calling bindings to secp256k1 lib for safe randomness?

If you are using signet or testnet coins you don’t need to worry about bad randomness and potentially losing your coins. But note the randomness for seeds, private keys isn’t generated in secp256k1, it is generated in the main Core repo (random.cpp).