@aep-foundation/conformance 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (62) hide show
  1. package/CHANGELOG.md +16 -0
  2. package/LICENSE +21 -0
  3. package/README.md +72 -0
  4. package/dist/index.cjs +473 -0
  5. package/dist/index.cjs.map +1 -0
  6. package/dist/index.d.cts +110 -0
  7. package/dist/index.d.ts +110 -0
  8. package/dist/index.js +406 -0
  9. package/dist/index.js.map +1 -0
  10. package/fixtures/aep-specs/manifest.json +61 -0
  11. package/fixtures/aep-specs/schemas/README.md +57 -0
  12. package/fixtures/aep-specs/schemas/api-key-grant-response.schema.json +32 -0
  13. package/fixtures/aep-specs/schemas/basic-grant-response.schema.json +36 -0
  14. package/fixtures/aep-specs/schemas/client-assertion-claims.schema.json +36 -0
  15. package/fixtures/aep-specs/schemas/enroll-request.schema.json +22 -0
  16. package/fixtures/aep-specs/schemas/enroll-response.schema.json +24 -0
  17. package/fixtures/aep-specs/schemas/grant-request.schema.json +20 -0
  18. package/fixtures/aep-specs/schemas/idempotency-metadata.schema.json +26 -0
  19. package/fixtures/aep-specs/schemas/inspect-document.schema.json +136 -0
  20. package/fixtures/aep-specs/schemas/oauth-bearer-grant-response.schema.json +32 -0
  21. package/fixtures/aep-specs/schemas/platform-agent-identity-list-response.schema.json +78 -0
  22. package/fixtures/aep-specs/schemas/platform-agent-identity.schema.json +60 -0
  23. package/fixtures/aep-specs/schemas/platform-discovery.schema.json +107 -0
  24. package/fixtures/aep-specs/schemas/platform-lifecycle-request.schema.json +14 -0
  25. package/fixtures/aep-specs/schemas/platform-lifecycle-response.schema.json +60 -0
  26. package/fixtures/aep-specs/schemas/platform-provision-request.schema.json +18 -0
  27. package/fixtures/aep-specs/schemas/platform-sign-request.schema.json +26 -0
  28. package/fixtures/aep-specs/schemas/platform-sign-response.schema.json +34 -0
  29. package/fixtures/aep-specs/schemas/platform-verification-request.schema.json +22 -0
  30. package/fixtures/aep-specs/schemas/platform-verification-response.schema.json +37 -0
  31. package/fixtures/aep-specs/schemas/problem.schema.json +25 -0
  32. package/fixtures/aep-specs/schemas/revoke-request.schema.json +32 -0
  33. package/fixtures/aep-specs/schemas/revoke-response.schema.json +7 -0
  34. package/fixtures/aep-specs/schemas/status-response.schema.json +28 -0
  35. package/fixtures/aep-specs/test-vectors/README.md +100 -0
  36. package/fixtures/aep-specs/test-vectors/client-assertion/enroll-claims.json +26 -0
  37. package/fixtures/aep-specs/test-vectors/credentials/api-key/grant-response.json +20 -0
  38. package/fixtures/aep-specs/test-vectors/credentials/basic/grant-response.json +21 -0
  39. package/fixtures/aep-specs/test-vectors/credentials/oauth-bearer/grant-response.json +20 -0
  40. package/fixtures/aep-specs/test-vectors/enroll/request-minimal.json +24 -0
  41. package/fixtures/aep-specs/test-vectors/enroll/response-active.json +19 -0
  42. package/fixtures/aep-specs/test-vectors/errors/not-recognized-problem.json +22 -0
  43. package/fixtures/aep-specs/test-vectors/grant-revoke/grant-request-oauth-bearer.json +25 -0
  44. package/fixtures/aep-specs/test-vectors/grant-revoke/revoke-request-all-grant-types.json +23 -0
  45. package/fixtures/aep-specs/test-vectors/grant-revoke/revoke-request-oauth-bearer.json +25 -0
  46. package/fixtures/aep-specs/test-vectors/grant-revoke/revoke-response-empty.json +17 -0
  47. package/fixtures/aep-specs/test-vectors/idempotency/enroll-conflict.json +25 -0
  48. package/fixtures/aep-specs/test-vectors/inspect/minimal-http.json +45 -0
  49. package/fixtures/aep-specs/test-vectors/platform/discovery.json +36 -0
  50. package/fixtures/aep-specs/test-vectors/platform/lifecycle-request.json +13 -0
  51. package/fixtures/aep-specs/test-vectors/platform/lifecycle-response.json +21 -0
  52. package/fixtures/aep-specs/test-vectors/platform/list-response.json +35 -0
  53. package/fixtures/aep-specs/test-vectors/platform/provision-request.json +14 -0
  54. package/fixtures/aep-specs/test-vectors/platform/provision-response-distinct-services.json +44 -0
  55. package/fixtures/aep-specs/test-vectors/platform/provision-response.json +21 -0
  56. package/fixtures/aep-specs/test-vectors/platform/sign-request.json +16 -0
  57. package/fixtures/aep-specs/test-vectors/platform/sign-response.json +18 -0
  58. package/fixtures/aep-specs/test-vectors/platform/verification-request.json +15 -0
  59. package/fixtures/aep-specs/test-vectors/platform/verification-response-recognized.json +19 -0
  60. package/fixtures/aep-specs/test-vectors/platform/verification-response-unrecognized.json +15 -0
  61. package/fixtures/aep-specs/test-vectors/status/response-active.json +22 -0
  62. package/package.json +56 -0
@@ -0,0 +1,20 @@
1
+ {
2
+ "id": "grant-response",
3
+ "title": "OAuth Bearer Grant response",
4
+ "description": "A successful OAuth Bearer session-credential response.",
5
+ "drafts": ["draft-kavian-aep-oauth-session-credential-01"],
6
+ "category": "credentials/oauth-bearer",
7
+ "applies_to": ["agent", "service"],
8
+ "profile": "oauth-bearer",
9
+ "input": {
10
+ "grant_type": "oauth-bearer",
11
+ "requested_scopes": ["read"]
12
+ },
13
+ "expected": {
14
+ "access_token": "ya29.example",
15
+ "credential_id": "tok_01HZY8W7Q2F8J7D3P9G9Z1N6TT",
16
+ "expires_at": "2026-12-01T00:00:00Z",
17
+ "scopes": ["read"],
18
+ "token_type": "Bearer"
19
+ }
20
+ }
@@ -0,0 +1,24 @@
1
+ {
2
+ "id": "request-minimal",
3
+ "title": "Minimal Enroll request",
4
+ "description": "A minimal Enroll request body with the required Agent DID, required claim, and body-carried idempotency key.",
5
+ "drafts": ["draft-kavian-agent-enrollment-protocol-01"],
6
+ "category": "enroll",
7
+ "applies_to": ["agent", "service"],
8
+ "profile": "core-http",
9
+ "input": {
10
+ "agent_did": "did:web:agent.example.com:agents:123",
11
+ "claims": {
12
+ "contact.email": "ops@example.com"
13
+ },
14
+ "idempotency_key": "9f8a4d2e-1c3b-4f5e-8b7a-000000000000"
15
+ },
16
+ "expected": {
17
+ "method": "POST",
18
+ "path": "/aep/enroll",
19
+ "content_type": "application/aep+json",
20
+ "authorization_scheme": "AEP",
21
+ "idempotency_key": "9f8a4d2e-1c3b-4f5e-8b7a-000000000000",
22
+ "client_assertion_op": "enroll"
23
+ }
24
+ }
@@ -0,0 +1,19 @@
1
+ {
2
+ "id": "response-active",
3
+ "title": "Synchronous active Enroll response",
4
+ "description": "A successful synchronous Enroll response for an immediately active Agent identity.",
5
+ "drafts": ["draft-kavian-agent-enrollment-protocol-01"],
6
+ "category": "enroll",
7
+ "applies_to": ["agent", "service"],
8
+ "profile": "core-http",
9
+ "input": {
10
+ "enrollment_mode": "synchronous"
11
+ },
12
+ "expected": {
13
+ "status": 200,
14
+ "content_type": "application/aep+json",
15
+ "body": {
16
+ "status": "active"
17
+ }
18
+ }
19
+ }
@@ -0,0 +1,22 @@
1
+ {
2
+ "id": "not-recognized-problem",
3
+ "title": "not_recognized Problem Details response",
4
+ "description": "A uniform authentication-recognition failure represented as an AEP Problem Details response.",
5
+ "drafts": ["draft-kavian-agent-enrollment-protocol-01"],
6
+ "category": "errors",
7
+ "applies_to": ["agent", "service"],
8
+ "profile": "core-http",
9
+ "input": {
10
+ "failure_class": "bad_signature"
11
+ },
12
+ "expected": {
13
+ "status": 401,
14
+ "content_type": "application/problem+json",
15
+ "body": {
16
+ "type": "urn:aep:error:not_recognized",
17
+ "title": "Not recognized",
18
+ "status": 401,
19
+ "code": "not_recognized"
20
+ }
21
+ }
22
+ }
@@ -0,0 +1,25 @@
1
+ {
2
+ "id": "grant-request-oauth-bearer",
3
+ "title": "OAuth Bearer Grant request",
4
+ "description": "A core Grant request selecting the OAuth Bearer credential profile.",
5
+ "drafts": [
6
+ "draft-kavian-agent-enrollment-protocol-01",
7
+ "draft-kavian-aep-oauth-session-credential-01"
8
+ ],
9
+ "category": "grant-revoke",
10
+ "applies_to": ["agent", "service"],
11
+ "profile": "oauth-bearer",
12
+ "input": {
13
+ "grant_type": "oauth-bearer"
14
+ },
15
+ "expected": {
16
+ "method": "POST",
17
+ "path": "/aep/grant",
18
+ "content_type": "application/aep+json",
19
+ "authorization_scheme": "AEP",
20
+ "client_assertion_op": "grant",
21
+ "body": {
22
+ "grant_type": "oauth-bearer"
23
+ }
24
+ }
25
+ }
@@ -0,0 +1,23 @@
1
+ {
2
+ "id": "revoke-request-all-grant-types",
3
+ "title": "Revoke all grant types request",
4
+ "description": "A core Revoke request invalidating all session credentials of every grant type issued to the authenticated Agent.",
5
+ "drafts": ["draft-kavian-agent-enrollment-protocol-01"],
6
+ "category": "grant-revoke",
7
+ "applies_to": ["agent", "service"],
8
+ "profile": "core-http",
9
+ "input": {
10
+ "all_grant_types": "true"
11
+ },
12
+ "expected": {
13
+ "method": "POST",
14
+ "path": "/aep/revoke",
15
+ "content_type": "application/aep+json",
16
+ "authorization_scheme": "AEP",
17
+ "client_assertion_op": "revoke",
18
+ "body": {
19
+ "all_grant_types": "true"
20
+ },
21
+ "must_not_contain": ["grant_type", "credential_id"]
22
+ }
23
+ }
@@ -0,0 +1,25 @@
1
+ {
2
+ "id": "revoke-request-oauth-bearer",
3
+ "title": "OAuth Bearer Revoke request",
4
+ "description": "A core Revoke request targeting all OAuth Bearer credentials issued to the authenticated Agent.",
5
+ "drafts": [
6
+ "draft-kavian-agent-enrollment-protocol-01",
7
+ "draft-kavian-aep-oauth-session-credential-01"
8
+ ],
9
+ "category": "grant-revoke",
10
+ "applies_to": ["agent", "service"],
11
+ "profile": "oauth-bearer",
12
+ "input": {
13
+ "grant_type": "oauth-bearer"
14
+ },
15
+ "expected": {
16
+ "method": "POST",
17
+ "path": "/aep/revoke",
18
+ "content_type": "application/aep+json",
19
+ "authorization_scheme": "AEP",
20
+ "client_assertion_op": "revoke",
21
+ "body": {
22
+ "grant_type": "oauth-bearer"
23
+ }
24
+ }
25
+ }
@@ -0,0 +1,17 @@
1
+ {
2
+ "id": "revoke-response-empty",
3
+ "title": "Successful Revoke response",
4
+ "description": "A successful Revoke response returns an empty JSON object regardless of whether matching credentials existed.",
5
+ "drafts": ["draft-kavian-agent-enrollment-protocol-01"],
6
+ "category": "grant-revoke",
7
+ "applies_to": ["agent", "service"],
8
+ "profile": "core-http",
9
+ "input": {
10
+ "matching_credentials_existed": "false"
11
+ },
12
+ "expected": {
13
+ "status": 200,
14
+ "content_type": "application/aep+json",
15
+ "body": {}
16
+ }
17
+ }
@@ -0,0 +1,25 @@
1
+ {
2
+ "id": "enroll-conflict",
3
+ "title": "Enroll idempotency conflict",
4
+ "description": "A repeated idempotency key with a different request body yields idempotency_conflict.",
5
+ "drafts": ["draft-kavian-agent-enrollment-protocol-01"],
6
+ "category": "idempotency",
7
+ "applies_to": ["service"],
8
+ "profile": "core-http",
9
+ "input": {
10
+ "agent_did": "did:web:agent.example.com:agents:123",
11
+ "idempotency_key": "9f8a4d2e-1c3b-4f5e-8b7a-000000000000",
12
+ "first_body_hash": "sha256:1111111111111111111111111111111111111111111111111111111111111111",
13
+ "second_body_hash": "sha256:2222222222222222222222222222222222222222222222222222222222222222"
14
+ },
15
+ "expected": {
16
+ "status": 409,
17
+ "content_type": "application/problem+json",
18
+ "body": {
19
+ "type": "urn:aep:error:idempotency_conflict",
20
+ "title": "Idempotency conflict",
21
+ "status": 409,
22
+ "code": "idempotency_conflict"
23
+ }
24
+ }
25
+ }
@@ -0,0 +1,45 @@
1
+ {
2
+ "id": "minimal-http",
3
+ "title": "Minimal HTTP Inspect document",
4
+ "description": "A Service advertising the baseline HTTP binding, did:web identity, and the three published credential profiles.",
5
+ "drafts": [
6
+ "draft-kavian-agent-enrollment-protocol-01",
7
+ "draft-kavian-aep-oauth-session-credential-01",
8
+ "draft-kavian-aep-api-key-session-credential-01",
9
+ "draft-kavian-aep-basic-session-credential-01"
10
+ ],
11
+ "category": "inspect",
12
+ "applies_to": ["agent", "service"],
13
+ "profile": "core-http",
14
+ "input": {},
15
+ "expected": {
16
+ "aep_version": "1.0",
17
+ "bindings": {
18
+ "supported": ["http"]
19
+ },
20
+ "claims": {
21
+ "optional": [],
22
+ "preferred": [],
23
+ "required": ["contact.email"]
24
+ },
25
+ "commands": {
26
+ "grant_types": ["oauth-bearer", "api-key", "basic"],
27
+ "supported": ["enroll", "grant", "inspect", "revoke", "status"]
28
+ },
29
+ "core": {
30
+ "signing_algorithms": ["EdDSA", "ES256"]
31
+ },
32
+ "extensions": {
33
+ "supported": []
34
+ },
35
+ "http": {
36
+ "endpoint_base": "/aep/"
37
+ },
38
+ "identity": {
39
+ "methods": ["did:web"]
40
+ },
41
+ "service": {
42
+ "did": "did:web:api.example.com"
43
+ }
44
+ }
45
+ }
@@ -0,0 +1,36 @@
1
+ {
2
+ "applies_to": ["agent", "platform", "service"],
3
+ "category": "platform",
4
+ "description": "A Platform advertising hosted identity provisioning, DID publication, delegated signing, custody, and hosted verification capabilities.",
5
+ "drafts": ["draft-kavian-aep-platform-hosted-identity-00"],
6
+ "expected": {
7
+ "aep_version": "1.0",
8
+ "endpoints": {
9
+ "hosted_verification": "/v1/aep/verifications",
10
+ "lifecycle": "/v1/aep/agent-identities/{agent_identity_id}",
11
+ "provision": "/v1/aep/agent-identities",
12
+ "sign": "/v1/aep/agent-identities/{agent_identity_id}/sign",
13
+ "list": "/v1/aep/agent-identities"
14
+ },
15
+ "http": {
16
+ "endpoint_base": "/v1/aep"
17
+ },
18
+ "identity": {
19
+ "did_methods": ["did:web"],
20
+ "did_url_template": "https://p.example/a/{agent_did_id}/did.json"
21
+ },
22
+ "platform": {
23
+ "did": "did:web:p.example",
24
+ "hosted_verification": true,
25
+ "name": "Example Platform"
26
+ },
27
+ "signing": {
28
+ "algorithms": ["ES256"],
29
+ "default_lifetime_seconds": "300"
30
+ }
31
+ },
32
+ "id": "discovery",
33
+ "input": {},
34
+ "profile": "platform-hosted-identity",
35
+ "title": "Platform discovery document"
36
+ }
@@ -0,0 +1,13 @@
1
+ {
2
+ "applies_to": ["agent", "platform"],
3
+ "category": "platform",
4
+ "description": "An authenticated caller asks the Platform to update a Service-scoped Agent identity lifecycle state.",
5
+ "drafts": ["draft-kavian-aep-platform-hosted-identity-00"],
6
+ "expected": {},
7
+ "id": "lifecycle-request",
8
+ "input": {
9
+ "status": "suspended"
10
+ },
11
+ "profile": "platform-hosted-identity",
12
+ "title": "Platform lifecycle request"
13
+ }
@@ -0,0 +1,21 @@
1
+ {
2
+ "applies_to": ["agent", "platform"],
3
+ "category": "platform",
4
+ "description": "A Platform returns the updated public metadata for a Service-scoped Agent identity after a lifecycle state change.",
5
+ "drafts": ["draft-kavian-aep-platform-hosted-identity-00"],
6
+ "expected": {
7
+ "agent_did": "did:web:p.example:a:4Yf7p2xQd9",
8
+ "agent_identity_id": "pai_01J0AEPPLATFORM000000000001",
9
+ "created_at": "2026-07-06T12:00:00Z",
10
+ "did_document_url": "https://p.example/a/4Yf7p2xQd9/did.json",
11
+ "key_id": "did:web:p.example:a:4Yf7p2xQd9",
12
+ "service_did": "did:web:api.service.example",
13
+ "signing_algorithms": ["ES256"],
14
+ "status": "suspended",
15
+ "updated_at": "2026-07-06T12:10:00Z"
16
+ },
17
+ "id": "lifecycle-response",
18
+ "input": {},
19
+ "profile": "platform-hosted-identity",
20
+ "title": "Platform lifecycle response"
21
+ }
@@ -0,0 +1,35 @@
1
+ {
2
+ "applies_to": ["agent", "platform"],
3
+ "category": "platform",
4
+ "description": "A Platform returns the authenticated caller's Service-scoped Agent identities filtered by Service DID and lifecycle state.",
5
+ "drafts": ["draft-kavian-aep-platform-hosted-identity-00"],
6
+ "expected": {
7
+ "count": "1",
8
+ "data": [
9
+ {
10
+ "agent_did": "did:web:p.example:a:4Yf7p2xQd9",
11
+ "agent_identity_id": "pai_01J0AEPPLATFORM000000000001",
12
+ "created_at": "2026-07-06T12:00:00Z",
13
+ "did_document_url": "https://p.example/a/4Yf7p2xQd9/did.json",
14
+ "key_id": "did:web:p.example:a:4Yf7p2xQd9",
15
+ "service_did": "did:web:api.service.example",
16
+ "signing_algorithms": ["ES256"],
17
+ "status": "active",
18
+ "updated_at": "2026-07-06T12:00:00Z"
19
+ }
20
+ ],
21
+ "total": "1"
22
+ },
23
+ "id": "list-response",
24
+ "input": {
25
+ "query": {
26
+ "descending": true,
27
+ "limit": 10,
28
+ "offset": 0,
29
+ "service_did": "did:web:api.service.example",
30
+ "status": "active"
31
+ }
32
+ },
33
+ "profile": "platform-hosted-identity",
34
+ "title": "Platform Agent identity listing response"
35
+ }
@@ -0,0 +1,14 @@
1
+ {
2
+ "applies_to": ["agent", "platform"],
3
+ "category": "platform",
4
+ "description": "An authenticated caller asks a Platform to mint or retrieve an Agent DID scoped to a supplied Service DID.",
5
+ "drafts": ["draft-kavian-aep-platform-hosted-identity-00"],
6
+ "expected": {},
7
+ "id": "provision-request",
8
+ "input": {
9
+ "idempotency_key": "01J0AEPPLATFORM000000000001",
10
+ "service_did": "did:web:api.service.example"
11
+ },
12
+ "profile": "platform-hosted-identity",
13
+ "title": "Platform provisioning request"
14
+ }
@@ -0,0 +1,44 @@
1
+ {
2
+ "applies_to": ["agent", "platform"],
3
+ "category": "platform",
4
+ "description": "A Platform returns distinct opaque Agent DIDs for the same Agent when provisioning identities for two unrelated Services.",
5
+ "drafts": ["draft-kavian-aep-platform-hosted-identity-00"],
6
+ "expected": {
7
+ "first_response": {
8
+ "agent_did": "did:web:p.example:a:4Yf7p2xQd9",
9
+ "agent_identity_id": "pai_01J0AEPPLATFORM000000000001",
10
+ "created_at": "2026-07-06T12:00:00Z",
11
+ "did_document_url": "https://p.example/a/4Yf7p2xQd9/did.json",
12
+ "key_id": "did:web:p.example:a:4Yf7p2xQd9",
13
+ "service_did": "did:web:api.service.example",
14
+ "signing_algorithms": ["ES256"],
15
+ "status": "active",
16
+ "updated_at": "2026-07-06T12:00:00Z"
17
+ },
18
+ "invariant": "agent_did values differ and reveal no shared structure beyond the Platform-controlled did:web prefix",
19
+ "second_response": {
20
+ "agent_did": "did:web:p.example:a:9Lm2r8VnQ4",
21
+ "agent_identity_id": "pai_01J0AEPPLATFORM000000000002",
22
+ "created_at": "2026-07-06T12:01:00Z",
23
+ "did_document_url": "https://p.example/a/9Lm2r8VnQ4/did.json",
24
+ "key_id": "did:web:p.example:a:9Lm2r8VnQ4",
25
+ "service_did": "did:web:billing.service.example",
26
+ "signing_algorithms": ["ES256"],
27
+ "status": "active",
28
+ "updated_at": "2026-07-06T12:01:00Z"
29
+ }
30
+ },
31
+ "id": "provision-response-distinct-services",
32
+ "input": {
33
+ "first_request": {
34
+ "idempotency_key": "01J0AEPPLATFORM000000000001",
35
+ "service_did": "did:web:api.service.example"
36
+ },
37
+ "second_request": {
38
+ "idempotency_key": "01J0AEPPLATFORM000000000002",
39
+ "service_did": "did:web:billing.service.example"
40
+ }
41
+ },
42
+ "profile": "platform-hosted-identity",
43
+ "title": "Platform provisioning produces distinct Service-scoped Agent DIDs"
44
+ }
@@ -0,0 +1,21 @@
1
+ {
2
+ "applies_to": ["agent", "platform"],
3
+ "category": "platform",
4
+ "description": "A Platform returns public metadata for a Service-scoped Agent DID.",
5
+ "drafts": ["draft-kavian-aep-platform-hosted-identity-00"],
6
+ "expected": {
7
+ "agent_did": "did:web:p.example:a:4Yf7p2xQd9",
8
+ "agent_identity_id": "pai_01J0AEPPLATFORM000000000001",
9
+ "created_at": "2026-07-06T12:00:00Z",
10
+ "did_document_url": "https://p.example/a/4Yf7p2xQd9/did.json",
11
+ "key_id": "did:web:p.example:a:4Yf7p2xQd9",
12
+ "service_did": "did:web:api.service.example",
13
+ "signing_algorithms": ["ES256"],
14
+ "status": "active",
15
+ "updated_at": "2026-07-06T12:00:00Z"
16
+ },
17
+ "id": "provision-response",
18
+ "input": {},
19
+ "profile": "platform-hosted-identity",
20
+ "title": "Platform provisioning response"
21
+ }
@@ -0,0 +1,16 @@
1
+ {
2
+ "applies_to": ["agent", "platform"],
3
+ "category": "platform",
4
+ "description": "An authenticated caller asks the Platform to sign an AEP client assertion for a Service-scoped Agent DID.",
5
+ "drafts": ["draft-kavian-aep-platform-hosted-identity-00"],
6
+ "expected": {},
7
+ "id": "sign-request",
8
+ "input": {
9
+ "jti": "01J0AEPASSERTION0000000001",
10
+ "lifetime_seconds": "300",
11
+ "op": "enroll",
12
+ "service_did": "did:web:api.service.example"
13
+ },
14
+ "profile": "platform-hosted-identity",
15
+ "title": "Platform delegated signing request"
16
+ }
@@ -0,0 +1,18 @@
1
+ {
2
+ "applies_to": ["agent", "platform", "service"],
3
+ "category": "platform",
4
+ "description": "A Platform returns a signed AEP client assertion and public issuance metadata.",
5
+ "drafts": ["draft-kavian-aep-platform-hosted-identity-00"],
6
+ "expected": {
7
+ "agent_did": "did:web:p.example:a:4Yf7p2xQd9",
8
+ "client_assertion": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImRpZDp3ZWI6cC5leGFtcGxlOmE6NFlmN3AyeFFkOSJ9.eyJhdWQiOiJkaWQ6d2ViOnMuZXhhbXBsZSIsImV4cCI6MTc4MzQyNTkwMCwiaWF0IjoxNzgzNDI1NjAwLCJpc3MiOiJkaWQ6d2ViOnAuZXhhbXBsZTphOjRZZjdwMnhRZDkiLCJqdGkiOiIwMUowQUVQQVNTRVJUSU9OMDAwMDAwMDAwMSIsIm9wIjoiZW5yb2xsIiwic3ViIjoiZGlkOndlYjpwLmV4YW1wbGU6YTo0WWY3cDJ4UWQ5In0.signature",
9
+ "expires_at": "2026-07-06T12:05:00Z",
10
+ "issued_at": "2026-07-06T12:00:00Z",
11
+ "jti": "01J0AEPASSERTION0000000001",
12
+ "service_did": "did:web:api.service.example"
13
+ },
14
+ "id": "sign-response",
15
+ "input": {},
16
+ "profile": "platform-hosted-identity",
17
+ "title": "Platform delegated signing response"
18
+ }
@@ -0,0 +1,15 @@
1
+ {
2
+ "applies_to": ["platform", "service"],
3
+ "category": "platform",
4
+ "description": "A Service asks a Platform to verify a hosted Agent assertion for a Service DID and AEP command.",
5
+ "drafts": ["draft-kavian-aep-platform-hosted-identity-00"],
6
+ "expected": {},
7
+ "id": "verification-request",
8
+ "input": {
9
+ "client_assertion": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImRpZDp3ZWI6cC5leGFtcGxlOmE6NFlmN3AyeFFkOSJ9.eyJhdWQiOiJkaWQ6d2ViOmFwaS5zZXJ2aWNlLmV4YW1wbGUiLCJleHAiOjE3ODM0MjU5MDAsImlhdCI6MTc4MzQyNTYwMCwiaXNzIjoiZGlkOndlYjpwLmV4YW1wbGU6YTo0WWY3cDJ4UWQ5IiwianRpIjoiMDFKMEFFUEFTU0VSVElPTjAwMDAwMDAwMDEiLCJvcCI6ImVucm9sbCIsInN1YiI6ImRpZDp3ZWI6cC5leGFtcGxlOmE6NFlmN3AyeFFkOSJ9.signature",
10
+ "op": "enroll",
11
+ "service_did": "did:web:api.service.example"
12
+ },
13
+ "profile": "platform-hosted-identity",
14
+ "title": "Platform hosted verification request"
15
+ }
@@ -0,0 +1,19 @@
1
+ {
2
+ "applies_to": ["platform", "service"],
3
+ "category": "platform",
4
+ "description": "A Platform returns a recognized hosted verification result without requiring the Service to resolve the Agent DID locally.",
5
+ "drafts": ["draft-kavian-aep-platform-hosted-identity-00"],
6
+ "expected": {
7
+ "agent_did": "did:web:p.example:a:4Yf7p2xQd9",
8
+ "agent_identity_id": "pai_01J0AEPPLATFORM000000000001",
9
+ "op": "enroll",
10
+ "reason": "verified",
11
+ "service_did": "did:web:api.service.example",
12
+ "status": "active",
13
+ "verified": true
14
+ },
15
+ "id": "verification-response-recognized",
16
+ "input": {},
17
+ "profile": "platform-hosted-identity",
18
+ "title": "Platform hosted verification recognized response"
19
+ }
@@ -0,0 +1,15 @@
1
+ {
2
+ "applies_to": ["platform", "service"],
3
+ "category": "platform",
4
+ "description": "A Platform returns a generic hosted verification failure when assertion details are not recognized or cannot be safely disclosed.",
5
+ "drafts": ["draft-kavian-aep-platform-hosted-identity-00"],
6
+ "expected": {
7
+ "reason": "not_recognized",
8
+ "service_did": "did:web:api.service.example",
9
+ "verified": false
10
+ },
11
+ "id": "verification-response-unrecognized",
12
+ "input": {},
13
+ "profile": "platform-hosted-identity",
14
+ "title": "Platform hosted verification unrecognized response"
15
+ }
@@ -0,0 +1,22 @@
1
+ {
2
+ "id": "response-active",
3
+ "title": "Active Status response",
4
+ "description": "A successful Status response for an active enrolled Agent identity.",
5
+ "drafts": ["draft-kavian-agent-enrollment-protocol-01"],
6
+ "category": "status",
7
+ "applies_to": ["agent", "service"],
8
+ "profile": "core-http",
9
+ "input": {
10
+ "client_assertion_op": "status"
11
+ },
12
+ "expected": {
13
+ "status": 200,
14
+ "content_type": "application/aep+json",
15
+ "body": {
16
+ "owner_action_required": "false",
17
+ "requirements_pending": [],
18
+ "since": "2026-05-28T12:00:00Z",
19
+ "status": "active"
20
+ }
21
+ }
22
+ }
package/package.json ADDED
@@ -0,0 +1,56 @@
1
+ {
2
+ "name": "@aep-foundation/conformance",
3
+ "version": "0.1.0",
4
+ "description": "Conformance helpers for checking AEP SDK outputs against schemas and test vectors.",
5
+ "type": "module",
6
+ "main": "./dist/index.cjs",
7
+ "module": "./dist/index.js",
8
+ "types": "./dist/index.d.ts",
9
+ "sideEffects": false,
10
+ "exports": {
11
+ ".": {
12
+ "types": "./dist/index.d.ts",
13
+ "node": {
14
+ "import": "./dist/index.js",
15
+ "require": "./dist/index.cjs"
16
+ },
17
+ "default": "./dist/index.js"
18
+ },
19
+ "./package.json": "./package.json"
20
+ },
21
+ "files": [
22
+ "dist",
23
+ "fixtures",
24
+ "CHANGELOG.md",
25
+ "README.md",
26
+ "LICENSE"
27
+ ],
28
+ "engines": {
29
+ "node": ">=22.0.0"
30
+ },
31
+ "license": "MIT",
32
+ "dependencies": {
33
+ "@aep-foundation/core": "^0.1.0"
34
+ },
35
+ "devDependencies": {
36
+ "@aep-foundation/service": "^0.1.0"
37
+ },
38
+ "publishConfig": {
39
+ "access": "public",
40
+ "provenance": true
41
+ },
42
+ "repository": {
43
+ "type": "git",
44
+ "url": "git+https://github.com/aep-foundation/aep-node.git",
45
+ "directory": "packages/conformance"
46
+ },
47
+ "scripts": {
48
+ "build": "tsup",
49
+ "dev": "tsup --watch",
50
+ "test": "vitest run --coverage",
51
+ "test:watch": "vitest",
52
+ "lint": "eslint src test --max-warnings 0",
53
+ "typecheck": "tsc --noEmit && tsc --noEmit -p tsconfig.test.json",
54
+ "clean": "rm -rf dist .turbo coverage"
55
+ }
56
+ }