npm - @aamp/protocol - Versions diffs - 1.1.4 → 1.1.6 - Mend

@aamp/protocol 1.1.4 → 1.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/aamp-protocol-1.1.5.tgz ADDED Viewed

Binary file

package/dist/agent.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 /**
  * Layer 2: Agent SDK
  */
-import { AccessPurpose, SignedAccessRequest, FeedbackSignal, QualityFlag, AgentIdentityManifest } from './types';
+import { AccessPurpose, SignedAccessRequest, FeedbackSignal, QualityFlag, AgentIdentityManifest } from './types.js';
 export interface AccessOptions {
     adsDisplayed?: boolean;
 }

package/dist/agent.js CHANGED Viewed

@@ -1,9 +1,6 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AAMPAgent = void 0;
-const crypto_1 = require("./crypto");
-const constants_1 = require("./constants");
-class AAMPAgent {
+import { generateKeyPair, signData, exportPublicKey } from './crypto.js';
+import { AAMP_VERSION } from './constants.js';
+export class AAMPAgent {
     constructor() {
         this.keyPair = null;
         this.agentId = "pending";
@@ -13,7 +10,7 @@ class AAMPAgent {
      * @param customAgentId For PRODUCTION, this should be your domain (e.g., "bot.openai.com")
      */
     async initialize(customAgentId) {
-        this.keyPair = await (0, crypto_1.generateKeyPair)();
+        this.keyPair = await generateKeyPair();
         // Use the provided ID (authentic) or generate a session ID (ephemeral)
         this.agentId = customAgentId || "agent_" + Math.random().toString(36).substring(7);
     }
@@ -21,7 +18,7 @@ class AAMPAgent {
         if (!this.keyPair)
             throw new Error("Agent not initialized. Call initialize() first.");
         const header = {
-            v: constants_1.AAMP_VERSION,
+            v: AAMP_VERSION,
             ts: new Date().toISOString(),
             agent_id: this.agentId,
             resource,
@@ -30,8 +27,8 @@ class AAMPAgent {
                 ads_displayed: options.adsDisplayed || false
             }
         };
-        const signature = await (0, crypto_1.signData)(this.keyPair.privateKey, JSON.stringify(header));
-        const publicKeyExport = await (0, crypto_1.exportPublicKey)(this.keyPair.publicKey);
+        const signature = await signData(this.keyPair.privateKey, JSON.stringify(header));
+        const publicKeyExport = await exportPublicKey(this.keyPair.publicKey);
         return { header, signature, publicKey: publicKeyExport };
     }
     /**
@@ -41,7 +38,7 @@ class AAMPAgent {
     async getIdentityManifest(contactEmail) {
         if (!this.keyPair)
             throw new Error("Agent not initialized.");
-        const publicKey = await (0, crypto_1.exportPublicKey)(this.keyPair.publicKey);
+        const publicKey = await exportPublicKey(this.keyPair.publicKey);
         return {
             agent_id: this.agentId,
             public_key: publicKey,
@@ -62,8 +59,7 @@ class AAMPAgent {
             flags,
             timestamp: new Date().toISOString()
         };
-        const signature = await (0, crypto_1.signData)(this.keyPair.privateKey, JSON.stringify(signal));
+        const signature = await signData(this.keyPair.privateKey, JSON.stringify(signal));
         return { signal, signature };
     }
 }
-exports.AAMPAgent = AAMPAgent;

package/dist/constants.d.ts CHANGED Viewed

@@ -13,6 +13,9 @@ export declare const HEADERS: {
     readonly ALGORITHM: "x-aamp-alg";
     readonly CONTENT_ORIGIN: "x-aamp-content-origin";
     readonly PROVENANCE_SIG: "x-aamp-provenance-sig";
+    readonly PROOF_TOKEN: "x-aamp-proof";
+    readonly PAYMENT_CREDENTIAL: "x-aamp-credential";
+    readonly FEEDBACK: "x-aamp-feedback";
 };
 export declare const CRYPTO_CONFIG: {
     readonly ALGORITHM_NAME: "ECDSA";

package/dist/constants.js CHANGED Viewed

@@ -1,16 +1,13 @@
-"use strict";
 /**
  * Layer 1: Protocol Constants
  * These values are immutable and defined by the AAMP Specification.
  */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.MAX_CLOCK_SKEW_MS = exports.CRYPTO_CONFIG = exports.HEADERS = exports.WELL_KNOWN_AGENT_PATH = exports.AAMP_VERSION = void 0;
-exports.AAMP_VERSION = '1.1';
+export const AAMP_VERSION = '1.1';
 // The path where Agents MUST host their public key to prove identity.
 // Example: https://bot.openai.com/.well-known/aamp-agent.json
-exports.WELL_KNOWN_AGENT_PATH = '/.well-known/aamp-agent.json';
+export const WELL_KNOWN_AGENT_PATH = '/.well-known/aamp-agent.json';
 // HTTP Headers used for the handshake
-exports.HEADERS = {
+export const HEADERS = {
     // Transport: The signed payload (Base64 encoded JSON of ProtocolHeader)
     PAYLOAD: 'x-aamp-payload',
     // Transport: The cryptographic signature (Hex)
@@ -23,13 +20,19 @@ exports.HEADERS = {
     ALGORITHM: 'x-aamp-alg',
     // v1.1 Addition: Provenance (Server to Agent)
     CONTENT_ORIGIN: 'x-aamp-content-origin',
-    PROVENANCE_SIG: 'x-aamp-provenance-sig'
+    PROVENANCE_SIG: 'x-aamp-provenance-sig',
+    // v1.2 Proof of Value
+    PROOF_TOKEN: 'x-aamp-proof',
+    // v1.2 Payment Credential (The "Digital Receipt")
+    PAYMENT_CREDENTIAL: 'x-aamp-credential',
+    // v1.2 Quality Feedback (The "Dispute Token")
+    FEEDBACK: 'x-aamp-feedback'
 };
 // Cryptographic Settings
-exports.CRYPTO_CONFIG = {
+export const CRYPTO_CONFIG = {
     ALGORITHM_NAME: 'ECDSA',
     CURVE: 'P-256',
     HASH: 'SHA-256',
 };
 // Tolerance
-exports.MAX_CLOCK_SKEW_MS = 5 * 60 * 1000; // 5 minutes
+export const MAX_CLOCK_SKEW_MS = 5 * 60 * 1000; // 5 minutes

package/dist/crypto.js CHANGED Viewed

@@ -1,35 +1,31 @@
-"use strict";
 /**
  * Layer 1: Cryptographic Primitives
  * Implementation of ECDSA P-256 signing/verification.
  */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.generateKeyPair = generateKeyPair;
-exports.signData = signData;
-exports.verifySignature = verifySignature;
-exports.exportPublicKey = exportPublicKey;
-exports.importPublicKey = importPublicKey;
-async function generateKeyPair() {
+export async function generateKeyPair() {
     // Uses standard Web Crypto API (Node 19+ compatible)
     return await crypto.subtle.generateKey({ name: "ECDSA", namedCurve: "P-256" }, true, ["sign", "verify"]);
 }
-async function signData(privateKey, data) {
+export async function signData(privateKey, data) {
     const encoder = new TextEncoder();
     const encoded = encoder.encode(data);
     const signature = await crypto.subtle.sign({ name: "ECDSA", hash: { name: "SHA-256" } }, privateKey, encoded);
     return bufToHex(signature);
 }
-async function verifySignature(publicKey, data, signatureHex) {
+export async function verifySignature(publicKey, data, signatureHex) {
     const encoder = new TextEncoder();
     const encodedData = encoder.encode(data);
     const signatureBytes = hexToBuf(signatureHex);
-    return await crypto.subtle.verify({ name: "ECDSA", hash: { name: "SHA-256" } }, publicKey, signatureBytes, encodedData);
+    console.log("   🔐 [AAMP Crypto] Verifying ECDSA P-256 Signature...");
+    const isValid = await crypto.subtle.verify({ name: "ECDSA", hash: { name: "SHA-256" } }, publicKey, signatureBytes, encodedData);
+    console.log(`   ${isValid ? "✅" : "❌"} [AAMP Crypto] Signature Result: ${isValid ? "VALID" : "INVALID"}`);
+    return isValid;
 }
-async function exportPublicKey(key) {
+export async function exportPublicKey(key) {
     const exported = await crypto.subtle.exportKey("spki", key);
     return btoa(String.fromCharCode(...new Uint8Array(exported)));
 }
-async function importPublicKey(keyData) {
+export async function importPublicKey(keyData) {
     const binaryString = atob(keyData);
     const bytes = new Uint8Array(binaryString.length);
     for (let i = 0; i < binaryString.length; i++) {

package/dist/express.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AccessPolicy, ContentOrigin, UnauthenticatedStrategy, IdentityCache } from './types';
+import { AccessPolicy, ContentOrigin, UnauthenticatedStrategy, IdentityCache } from './types.js';
 export interface AAMPConfig {
     policy: Omit<AccessPolicy, 'version'>;
     meta: {

package/dist/express.js CHANGED Viewed

@@ -1,18 +1,15 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AAMP = void 0;
 /**
  * Layer 3: Framework Adapters
  * Zero-friction integration for Express/Node.js.
  */
-const publisher_1 = require("./publisher");
-const types_1 = require("./types");
-const crypto_1 = require("./crypto");
-class AAMP {
+import { AAMPPublisher } from './publisher.js';
+import { ContentOrigin } from './types.js';
+import { generateKeyPair } from './crypto.js';
+export class AAMP {
     constructor(config) {
-        this.publisher = new publisher_1.AAMPPublisher({ version: '1.1', ...config.policy }, config.strategy || 'PASSIVE', config.cache);
-        this.origin = types_1.ContentOrigin[config.meta.origin];
-        this.ready = (0, crypto_1.generateKeyPair)().then(keys => {
+        this.publisher = new AAMPPublisher({ version: '1.1', ...config.policy }, config.strategy || 'PASSIVE', config.cache);
+        this.origin = ContentOrigin[config.meta.origin];
+        this.ready = generateKeyPair().then(keys => {
             return this.publisher.initialize(keys);
         });
     }
@@ -39,7 +36,8 @@ class AAMP {
             if (!result.allowed) {
                 res.status(result.status).json({
                     error: result.reason,
-                    visitor_type: result.visitorType
+                    visitor_type: result.visitorType,
+                    proof_used: result.proofUsed
                 });
                 return;
             }
@@ -64,4 +62,3 @@ class AAMP {
         };
     }
 }
-exports.AAMP = AAMP;

package/dist/index.d.ts CHANGED Viewed

@@ -3,10 +3,10 @@
  *
  * This is the main entry point for the library.
  */
-export * from './types';
-export * from './constants';
-export * from './agent';
-export * from './publisher';
-export * from './crypto';
-export * from './express';
-export { AAMPNext } from './nextjs';
+export * from './types.js';
+export * from './constants.js';
+export * from './agent.js';
+export * from './publisher.js';
+export * from './crypto.js';
+export * from './express.js';
+export { AAMPNext } from './nextjs.js';

package/dist/index.js CHANGED Viewed

@@ -1,30 +1,12 @@
-"use strict";
 /**
  * AAMP SDK Public API
  *
  * This is the main entry point for the library.
  */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AAMPNext = void 0;
-__exportStar(require("./types"), exports);
-__exportStar(require("./constants"), exports);
-__exportStar(require("./agent"), exports);
-__exportStar(require("./publisher"), exports);
-__exportStar(require("./crypto"), exports);
-__exportStar(require("./express"), exports); // Node.js / Express Adapter
-var nextjs_1 = require("./nextjs"); // Serverless / Next.js Adapter
-Object.defineProperty(exports, "AAMPNext", { enumerable: true, get: function () { return nextjs_1.AAMPNext; } });
+export * from './types.js';
+export * from './constants.js';
+export * from './agent.js';
+export * from './publisher.js';
+export * from './crypto.js';
+export * from './express.js'; // Node.js / Express Adapter
+export { AAMPNext } from './nextjs.js'; // Serverless / Next.js Adapter

package/dist/nextjs.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AccessPolicy, ContentOrigin, UnauthenticatedStrategy, IdentityCache } from './types';
+import { AccessPolicy, ContentOrigin, UnauthenticatedStrategy, IdentityCache } from './types.js';
 type NextRequest = any;
 type NextResponse = any;
 export interface AAMPConfig {

package/dist/nextjs.js CHANGED Viewed

@@ -1,24 +1,21 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AAMPNext = void 0;
 /**
  * Layer 3: Framework Adapters
  * Serverless integration for Next.js (App Router & API Routes).
  */
-const publisher_1 = require("./publisher");
-const types_1 = require("./types");
-const crypto_1 = require("./crypto");
+import { AAMPPublisher } from './publisher.js';
+import { ContentOrigin } from './types.js';
+import { generateKeyPair } from './crypto.js';
 const createJsonResponse = (body, status = 200) => {
     return new Response(JSON.stringify(body), {
         status,
         headers: { 'Content-Type': 'application/json' }
     });
 };
-class AAMPNext {
+export class AAMPNext {
     constructor(config) {
-        this.publisher = new publisher_1.AAMPPublisher({ version: '1.1', ...config.policy }, config.strategy || 'PASSIVE', config.cache);
-        this.origin = types_1.ContentOrigin[config.meta.origin];
-        this.ready = (0, crypto_1.generateKeyPair)().then(keys => this.publisher.initialize(keys));
+        this.publisher = new AAMPPublisher({ version: '1.1', ...config.policy }, config.strategy || 'PASSIVE', config.cache);
+        this.origin = ContentOrigin[config.meta.origin];
+        this.ready = generateKeyPair().then(keys => this.publisher.initialize(keys));
     }
     static init(config) {
         return new AAMPNext(config);
@@ -39,7 +36,8 @@ class AAMPNext {
             if (!result.allowed) {
                 return createJsonResponse({
                     error: result.reason,
-                    visitor_type: result.visitorType
+                    visitor_type: result.visitorType,
+                    proof_used: result.proofUsed
                 }, result.status);
             }
             // Execute Handler
@@ -60,4 +58,3 @@ class AAMPNext {
         };
     }
 }
-exports.AAMPNext = AAMPNext;

package/dist/proof.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Verifies a JWT (Proof Token or Payment Credential) using JWKS.
+ *
+ * @param token The JWT string
+ * @param jwksUrl The URL to fetch Public Keys
+ * @param issuer The expected issuer
+ * @param audience The expected audience range
+ */
+export declare function verifyJwt(token: string, jwksUrl: string, issuer: string, audience?: string): Promise<boolean>;

package/dist/proof.js ADDED Viewed

@@ -0,0 +1,27 @@
+import { createRemoteJWKSet, jwtVerify } from 'jose';
+// In-memory cache for JWKS to avoid repeated fetches
+// Jose's createRemoteJWKSet handles caching/cooldowns internally.
+/**
+ * Verifies a JWT (Proof Token or Payment Credential) using JWKS.
+ *
+ * @param token The JWT string
+ * @param jwksUrl The URL to fetch Public Keys
+ * @param issuer The expected issuer
+ * @param audience The expected audience range
+ */
+export async function verifyJwt(token, jwksUrl, issuer, audience) {
+    try {
+        const JWKS = createRemoteJWKSet(new URL(jwksUrl));
+        const { payload } = await jwtVerify(token, JWKS, {
+            issuer: issuer,
+            audience: audience // specific audience check if provided
+        });
+        // Check specific AAMP claims if we standardize them
+        // if (payload.type !== 'AD_IMPRESSION') return false;
+        return true;
+    }
+    catch (error) {
+        // console.error("Ad Proof Verification Failed:", error);
+        return false;
+    }
+}

package/dist/publisher.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AccessPolicy, ContentOrigin, EvaluationResult, IdentityCache, UnauthenticatedStrategy } from './types';
+import { AccessPolicy, ContentOrigin, EvaluationResult, IdentityCache, UnauthenticatedStrategy } from './types.js';
 export declare class AAMPPublisher {
     private policy;
     private keyPair;
@@ -27,4 +27,9 @@ export declare class AAMPPublisher {
     private verifyDnsBinding;
     private isDomain;
     generateResponseHeaders(origin: ContentOrigin): Promise<Record<string, string>>;
+    /**
+     * Handling Quality Feedback (The "Dispute" Layer)
+     * This runs when an Agent sends 'x-aamp-feedback'.
+     */
+    private handleFeedback;
 }