npm - @agentcred-ai/sdk - Versions diffs - 0.1.0 - Mend

@agentcred-ai/sdk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025 AgentCred Contributors
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,262 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  FileSystemKeyStorage: () => FileSystemKeyStorage,
+  MemoryKeyStorage: () => MemoryKeyStorage,
+  createDefaultStorage: () => createDefaultStorage,
+  createIdentity: () => createIdentity,
+  loadIdentity: () => loadIdentity,
+  resolvePublicKey: () => resolvePublicKey,
+  sign: () => sign,
+  verify: () => verify,
+  verifyOffline: () => verifyOffline,
+  version: () => version
+});
+module.exports = __toCommonJS(index_exports);
+// src/storage.ts
+var fs = __toESM(require("fs/promises"), 1);
+var path = __toESM(require("path"), 1);
+var os = __toESM(require("os"), 1);
+var MemoryKeyStorage = class {
+  keys = /* @__PURE__ */ new Map();
+  async save(username, privateKey) {
+    this.keys.set(username, privateKey);
+  }
+  async load(username) {
+    return this.keys.get(username) ?? null;
+  }
+  async list() {
+    return Array.from(this.keys.keys());
+  }
+};
+var FileSystemKeyStorage = class {
+  keyDir;
+  constructor(keyDir) {
+    this.keyDir = keyDir ?? path.join(os.homedir(), ".agentcred", "keys");
+  }
+  async save(username, privateKey) {
+    await fs.mkdir(this.keyDir, { recursive: true });
+    const keyPath = path.join(this.keyDir, `${username}.jwk`);
+    await fs.writeFile(keyPath, JSON.stringify(privateKey, null, 2));
+  }
+  async load(username) {
+    try {
+      const keyPath = path.join(this.keyDir, `${username}.jwk`);
+      const data = await fs.readFile(keyPath, "utf-8");
+      return JSON.parse(data);
+    } catch {
+      return null;
+    }
+  }
+  async list() {
+    try {
+      const files = await fs.readdir(this.keyDir);
+      return files.filter((f) => f.endsWith(".jwk")).map((f) => f.replace(".jwk", ""));
+    } catch {
+      return [];
+    }
+  }
+};
+function createDefaultStorage() {
+  if (typeof window !== "undefined") {
+    return new MemoryKeyStorage();
+  }
+  return new FileSystemKeyStorage();
+}
+// src/identity.ts
+var import_jose = require("jose");
+var import_crypto = require("crypto");
+async function createIdentity(githubToken, config) {
+  const apiUrl = config?.apiUrl ?? process.env.AGENTCRED_API_URL ?? "https://api.agentcred.dev";
+  const storage = config?.storage ?? createDefaultStorage();
+  const response = await fetch("https://api.github.com/user", {
+    headers: { Authorization: `Bearer ${githubToken}` }
+  });
+  if (!response.ok) throw new Error("GitHub authentication failed");
+  const profile = await response.json();
+  const { publicKey, privateKey } = await (0, import_jose.generateKeyPair)("EdDSA", { extractable: true });
+  const publicJWK = await (0, import_jose.exportJWK)(publicKey);
+  const privateJWK = await (0, import_jose.exportJWK)(privateKey);
+  const fingerprint = (0, import_crypto.createHash)("sha256").update(JSON.stringify(publicJWK)).digest("hex");
+  const registerResponse = await fetch(`${apiUrl}/v1/keys`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "Authorization": `Bearer ${githubToken}`
+    },
+    body: JSON.stringify({ public_key: publicJWK })
+  });
+  if (!registerResponse.ok) throw new Error("Key registration failed");
+  const registration = await registerResponse.json();
+  await storage.save(profile.login, privateJWK);
+  return {
+    github: {
+      username: profile.login,
+      id: profile.id,
+      avatarUrl: profile.avatar_url
+    },
+    publicKey: publicJWK,
+    fingerprint,
+    registeredAt: registration.registered_at
+  };
+}
+async function loadIdentity(githubUsername, config) {
+  const apiUrl = config?.apiUrl ?? process.env.AGENTCRED_API_URL ?? "https://api.agentcred.dev";
+  const storage = config?.storage ?? createDefaultStorage();
+  const privateJWK = await storage.load(githubUsername);
+  if (!privateJWK) return null;
+  const publicJWK = await resolvePublicKey(githubUsername, config);
+  if (!publicJWK) return null;
+  const privateKey = await (0, import_jose.importJWK)(privateJWK, "EdDSA");
+  const fingerprint = (0, import_crypto.createHash)("sha256").update(JSON.stringify(publicJWK)).digest("hex");
+  return {
+    identity: {
+      github: {
+        username: githubUsername,
+        id: 0,
+        avatarUrl: ""
+      },
+      publicKey: publicJWK,
+      fingerprint,
+      registeredAt: (/* @__PURE__ */ new Date()).toISOString()
+    },
+    privateKey
+  };
+}
+async function resolvePublicKey(githubUsername, config) {
+  const apiUrl = config?.apiUrl ?? process.env.AGENTCRED_API_URL ?? "https://api.agentcred.dev";
+  try {
+    const response = await fetch(`${apiUrl}/v1/keys/${githubUsername}`);
+    if (!response.ok) return null;
+    const data = await response.json();
+    return data.public_key;
+  } catch {
+    return null;
+  }
+}
+// src/sign.ts
+var import_jose2 = require("jose");
+var import_crypto2 = require("crypto");
+async function sign(content, identity, options) {
+  const agent = options?.agent ?? "default";
+  const contentType = options?.contentType ?? "text/plain";
+  const contentHash = (0, import_crypto2.createHash)("sha256").update(content).digest("hex");
+  const payload = {
+    iss: `${identity.github}@agentcred`,
+    sub: agent,
+    iat: Math.floor(Date.now() / 1e3),
+    content_hash: `sha256:${contentHash}`,
+    content_type: contentType,
+    nonce: (0, import_crypto2.randomUUID)()
+  };
+  const jws = await new import_jose2.CompactSign(
+    new TextEncoder().encode(JSON.stringify(payload))
+  ).setProtectedHeader({
+    alg: "EdDSA",
+    typ: "agentcred+jwt",
+    kid: `${identity.github}@agentcred`
+  }).sign(identity.privateKey);
+  return {
+    agentcred: {
+      v: "1.0",
+      jws,
+      github: identity.github,
+      agent
+    },
+    content
+  };
+}
+// src/verify.ts
+var import_jose3 = require("jose");
+var import_crypto3 = require("crypto");
+async function verify(envelope, config) {
+  try {
+    const { github } = envelope.agentcred;
+    const publicJWK = await resolvePublicKey(github, config);
+    if (!publicJWK) {
+      return { verified: false, error: "Public key not found" };
+    }
+    const publicKey = await (0, import_jose3.importJWK)(publicJWK, "EdDSA");
+    return await verifyOffline(envelope, publicKey);
+  } catch (error) {
+    return { verified: false, error: String(error) };
+  }
+}
+async function verifyOffline(envelope, publicKey) {
+  try {
+    const { payload } = await (0, import_jose3.compactVerify)(envelope.agentcred.jws, publicKey);
+    const claims = JSON.parse(new TextDecoder().decode(payload));
+    const actualHash = (0, import_crypto3.createHash)("sha256").update(envelope.content).digest("hex");
+    const expectedHash = claims.content_hash.replace("sha256:", "");
+    if (actualHash !== expectedHash) {
+      return { verified: false, error: "Content hash mismatch" };
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    const timeDiff = Math.abs(now - claims.iat);
+    if (timeDiff > 86400) {
+      return { verified: false, error: "Timestamp outside valid window" };
+    }
+    return {
+      verified: true,
+      github: {
+        username: envelope.agentcred.github,
+        id: 0,
+        avatarUrl: ""
+      },
+      agent: claims.sub,
+      signedAt: new Date(claims.iat * 1e3).toISOString()
+    };
+  } catch (error) {
+    return { verified: false, error: String(error) };
+  }
+}
+// src/index.ts
+var version = "0.0.1";
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  FileSystemKeyStorage,
+  MemoryKeyStorage,
+  createDefaultStorage,
+  createIdentity,
+  loadIdentity,
+  resolvePublicKey,
+  sign,
+  verify,
+  verifyOffline,
+  version
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts","../src/storage.ts","../src/identity.ts","../src/sign.ts","../src/verify.ts"],"sourcesContent":["export const version = '0.0.1'\n\nexport * from './types.js'\nexport { MemoryKeyStorage, FileSystemKeyStorage, createDefaultStorage } from './storage.js'\nexport { createIdentity, loadIdentity, resolvePublicKey } from './identity.js'\nexport { sign } from './sign.js'\nexport { verify, verifyOffline } from './verify.js'\n","import { KeyStorage } from './types.js'\nimport * as fs from 'fs/promises'\nimport * as path from 'path'\nimport * as os from 'os'\n\nexport class MemoryKeyStorage implements KeyStorage {\n private keys = new Map<string, JsonWebKey>()\n \n async save(username: string, privateKey: JsonWebKey): Promise<void> {\n this.keys.set(username, privateKey)\n }\n \n async load(username: string): Promise<JsonWebKey | null> {\n return this.keys.get(username) ?? null\n }\n \n async list(): Promise<string[]> {\n return Array.from(this.keys.keys())\n }\n}\n\nexport class FileSystemKeyStorage implements KeyStorage {\n private keyDir: string\n \n constructor(keyDir?: string) {\n this.keyDir = keyDir ?? path.join(os.homedir(), '.agentcred', 'keys')\n }\n \n async save(username: string, privateKey: JsonWebKey): Promise<void> {\n await fs.mkdir(this.keyDir, { recursive: true })\n const keyPath = path.join(this.keyDir, `${username}.jwk`)\n await fs.writeFile(keyPath, JSON.stringify(privateKey, null, 2))\n }\n \n async load(username: string): Promise<JsonWebKey | null> {\n try {\n const keyPath = path.join(this.keyDir, `${username}.jwk`)\n const data = await fs.readFile(keyPath, 'utf-8')\n return JSON.parse(data)\n } catch {\n return null\n }\n }\n \n async list(): Promise<string[]> {\n try {\n const files = await fs.readdir(this.keyDir)\n return files.filter(f => f.endsWith('.jwk')).map(f => f.replace('.jwk', ''))\n } catch {\n return []\n }\n }\n}\n\nexport function createDefaultStorage(): KeyStorage {\n if (typeof window !== 'undefined') {\n return new MemoryKeyStorage()\n }\n return new FileSystemKeyStorage()\n}\n","import { generateKeyPair, exportJWK, importJWK } from 'jose'\nimport { AgentCredIdentity, AgentCredConfig, SignIdentity } from './types.js'\nimport { createDefaultStorage } from './storage.js'\nimport { createHash } from 'crypto'\n\nexport async function createIdentity(\n githubToken: string,\n config?: AgentCredConfig\n): Promise<AgentCredIdentity> {\n const apiUrl = config?.apiUrl ?? process.env.AGENTCRED_API_URL ?? 'https://api.agentcred.dev'\n const storage = config?.storage ?? createDefaultStorage()\n \n const response = await fetch('https://api.github.com/user', {\n headers: { Authorization: `Bearer ${githubToken}` }\n })\n if (!response.ok) throw new Error('GitHub authentication failed')\n const profile = await response.json()\n \n const { publicKey, privateKey } = await generateKeyPair('EdDSA', { extractable: true })\n const publicJWK = await exportJWK(publicKey)\n const privateJWK = await exportJWK(privateKey)\n \n const fingerprint = createHash('sha256')\n .update(JSON.stringify(publicJWK))\n .digest('hex')\n \n const registerResponse = await fetch(`${apiUrl}/v1/keys`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n 'Authorization': `Bearer ${githubToken}`\n },\n body: JSON.stringify({ public_key: publicJWK })\n })\n if (!registerResponse.ok) throw new Error('Key registration failed')\n const registration = await registerResponse.json()\n \n await storage.save(profile.login, privateJWK)\n \n return {\n github: {\n username: profile.login,\n id: profile.id,\n avatarUrl: profile.avatar_url\n },\n publicKey: publicJWK,\n fingerprint,\n registeredAt: registration.registered_at\n }\n}\n\nexport async function loadIdentity(\n githubUsername: string,\n config?: AgentCredConfig\n): Promise<{ identity: AgentCredIdentity; privateKey: CryptoKey | Uint8Array } | null> {\n const apiUrl = config?.apiUrl ?? process.env.AGENTCRED_API_URL ?? 'https://api.agentcred.dev'\n const storage = config?.storage ?? createDefaultStorage()\n \n const privateJWK = await storage.load(githubUsername)\n if (!privateJWK) return null\n \n const publicJWK = await resolvePublicKey(githubUsername, config)\n if (!publicJWK) return null\n \n const privateKey = await importJWK(privateJWK, 'EdDSA')\n \n const fingerprint = createHash('sha256')\n .update(JSON.stringify(publicJWK))\n .digest('hex')\n \n return {\n identity: {\n github: {\n username: githubUsername,\n id: 0,\n avatarUrl: ''\n },\n publicKey: publicJWK,\n fingerprint,\n registeredAt: new Date().toISOString()\n },\n privateKey\n }\n}\n\nexport async function resolvePublicKey(\n githubUsername: string,\n config?: AgentCredConfig\n): Promise<JsonWebKey | null> {\n const apiUrl = config?.apiUrl ?? process.env.AGENTCRED_API_URL ?? 'https://api.agentcred.dev'\n \n try {\n const response = await fetch(`${apiUrl}/v1/keys/${githubUsername}`)\n if (!response.ok) return null\n const data = await response.json()\n return data.public_key\n } catch {\n return null\n }\n}\n","import { CompactSign } from 'jose'\nimport { createHash, randomUUID } from 'crypto'\nimport { AgentCredEnvelope, SignOptions, SignIdentity } from './types.js'\n\nexport async function sign(\n content: string,\n identity: SignIdentity,\n options?: SignOptions\n): Promise<AgentCredEnvelope> {\n const agent = options?.agent ?? 'default'\n const contentType = options?.contentType ?? 'text/plain'\n \n const contentHash = createHash('sha256').update(content).digest('hex')\n \n const payload = {\n iss: `${identity.github}@agentcred`,\n sub: agent,\n iat: Math.floor(Date.now() / 1000),\n content_hash: `sha256:${contentHash}`,\n content_type: contentType,\n nonce: randomUUID()\n }\n \n const jws = await new CompactSign(\n new TextEncoder().encode(JSON.stringify(payload))\n )\n .setProtectedHeader({\n alg: 'EdDSA',\n typ: 'agentcred+jwt',\n kid: `${identity.github}@agentcred`\n })\n .sign(identity.privateKey)\n \n return {\n agentcred: {\n v: '1.0',\n jws,\n github: identity.github,\n agent\n },\n content\n }\n}\n","import { compactVerify, importJWK } from 'jose'\nimport { createHash } from 'crypto'\nimport { AgentCredEnvelope, VerifyResult, AgentCredConfig } from './types.js'\nimport { resolvePublicKey } from './identity.js'\n\nexport async function verify(\n envelope: AgentCredEnvelope,\n config?: AgentCredConfig\n): Promise<VerifyResult> {\n try {\n const { github } = envelope.agentcred\n \n const publicJWK = await resolvePublicKey(github, config)\n if (!publicJWK) {\n return { verified: false, error: 'Public key not found' }\n }\n \n const publicKey = await importJWK(publicJWK, 'EdDSA')\n return await verifyOffline(envelope, publicKey)\n } catch (error) {\n return { verified: false, error: String(error) }\n }\n}\n\nexport async function verifyOffline(\n envelope: AgentCredEnvelope,\n publicKey: any\n): Promise<VerifyResult> {\n try {\n const { payload } = await compactVerify(envelope.agentcred.jws, publicKey)\n const claims = JSON.parse(new TextDecoder().decode(payload))\n \n const actualHash = createHash('sha256').update(envelope.content).digest('hex')\n const expectedHash = claims.content_hash.replace('sha256:', '')\n if (actualHash !== expectedHash) {\n return { verified: false, error: 'Content hash mismatch' }\n }\n \n const now = Math.floor(Date.now() / 1000)\n const timeDiff = Math.abs(now - claims.iat)\n if (timeDiff > 86400) {\n return { verified: false, error: 'Timestamp outside valid window' }\n }\n \n return {\n verified: true,\n github: {\n username: envelope.agentcred.github,\n id: 0,\n avatarUrl: ''\n },\n agent: claims.sub,\n signedAt: new Date(claims.iat * 1000).toISOString()\n }\n } catch (error) {\n return { verified: false, error: String(error) }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACCA,SAAoB;AACpB,WAAsB;AACtB,SAAoB;AAEb,IAAM,mBAAN,MAA6C;AAAA,EAC1C,OAAO,oBAAI,IAAwB;AAAA,EAE3C,MAAM,KAAK,UAAkB,YAAuC;AAClE,SAAK,KAAK,IAAI,UAAU,UAAU;AAAA,EACpC;AAAA,EAEA,MAAM,KAAK,UAA8C;AACvD,WAAO,KAAK,KAAK,IAAI,QAAQ,KAAK;AAAA,EACpC;AAAA,EAEA,MAAM,OAA0B;AAC9B,WAAO,MAAM,KAAK,KAAK,KAAK,KAAK,CAAC;AAAA,EACpC;AACF;AAEO,IAAM,uBAAN,MAAiD;AAAA,EAC9C;AAAA,EAER,YAAY,QAAiB;AAC3B,SAAK,SAAS,UAAe,UAAQ,WAAQ,GAAG,cAAc,MAAM;AAAA,EACtE;AAAA,EAEA,MAAM,KAAK,UAAkB,YAAuC;AAClE,UAAS,SAAM,KAAK,QAAQ,EAAE,WAAW,KAAK,CAAC;AAC/C,UAAM,UAAe,UAAK,KAAK,QAAQ,GAAG,QAAQ,MAAM;AACxD,UAAS,aAAU,SAAS,KAAK,UAAU,YAAY,MAAM,CAAC,CAAC;AAAA,EACjE;AAAA,EAEA,MAAM,KAAK,UAA8C;AACvD,QAAI;AACF,YAAM,UAAe,UAAK,KAAK,QAAQ,GAAG,QAAQ,MAAM;AACxD,YAAM,OAAO,MAAS,YAAS,SAAS,OAAO;AAC/C,aAAO,KAAK,MAAM,IAAI;AAAA,IACxB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,OAA0B;AAC9B,QAAI;AACF,YAAM,QAAQ,MAAS,WAAQ,KAAK,MAAM;AAC1C,aAAO,MAAM,OAAO,OAAK,EAAE,SAAS,MAAM,CAAC,EAAE,IAAI,OAAK,EAAE,QAAQ,QAAQ,EAAE,CAAC;AAAA,IAC7E,QAAQ;AACN,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AACF;AAEO,SAAS,uBAAmC;AACjD,MAAI,OAAO,WAAW,aAAa;AACjC,WAAO,IAAI,iBAAiB;AAAA,EAC9B;AACA,SAAO,IAAI,qBAAqB;AAClC;;;AC3DA,kBAAsD;AAGtD,oBAA2B;AAE3B,eAAsB,eACpB,aACA,QAC4B;AAC5B,QAAM,SAAS,QAAQ,UAAU,QAAQ,IAAI,qBAAqB;AAClE,QAAM,UAAU,QAAQ,WAAW,qBAAqB;AAExD,QAAM,WAAW,MAAM,MAAM,+BAA+B;AAAA,IAC1D,SAAS,EAAE,eAAe,UAAU,WAAW,GAAG;AAAA,EACpD,CAAC;AACD,MAAI,CAAC,SAAS,GAAI,OAAM,IAAI,MAAM,8BAA8B;AAChE,QAAM,UAAU,MAAM,SAAS,KAAK;AAEpC,QAAM,EAAE,WAAW,WAAW,IAAI,UAAM,6BAAgB,SAAS,EAAE,aAAa,KAAK,CAAC;AACtF,QAAM,YAAY,UAAM,uBAAU,SAAS;AAC3C,QAAM,aAAa,UAAM,uBAAU,UAAU;AAE7C,QAAM,kBAAc,0BAAW,QAAQ,EACpC,OAAO,KAAK,UAAU,SAAS,CAAC,EAChC,OAAO,KAAK;AAEf,QAAM,mBAAmB,MAAM,MAAM,GAAG,MAAM,YAAY;AAAA,IACxD,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,gBAAgB;AAAA,MAChB,iBAAiB,UAAU,WAAW;AAAA,IACxC;AAAA,IACA,MAAM,KAAK,UAAU,EAAE,YAAY,UAAU,CAAC;AAAA,EAChD,CAAC;AACD,MAAI,CAAC,iBAAiB,GAAI,OAAM,IAAI,MAAM,yBAAyB;AACnE,QAAM,eAAe,MAAM,iBAAiB,KAAK;AAEjD,QAAM,QAAQ,KAAK,QAAQ,OAAO,UAAU;AAE5C,SAAO;AAAA,IACL,QAAQ;AAAA,MACN,UAAU,QAAQ;AAAA,MAClB,IAAI,QAAQ;AAAA,MACZ,WAAW,QAAQ;AAAA,IACrB;AAAA,IACA,WAAW;AAAA,IACX;AAAA,IACA,cAAc,aAAa;AAAA,EAC7B;AACF;AAEA,eAAsB,aACpB,gBACA,QACqF;AACrF,QAAM,SAAS,QAAQ,UAAU,QAAQ,IAAI,qBAAqB;AAClE,QAAM,UAAU,QAAQ,WAAW,qBAAqB;AAExD,QAAM,aAAa,MAAM,QAAQ,KAAK,cAAc;AACpD,MAAI,CAAC,WAAY,QAAO;AAExB,QAAM,YAAY,MAAM,iBAAiB,gBAAgB,MAAM;AAC/D,MAAI,CAAC,UAAW,QAAO;AAEvB,QAAM,aAAa,UAAM,uBAAU,YAAY,OAAO;AAEtD,QAAM,kBAAc,0BAAW,QAAQ,EACpC,OAAO,KAAK,UAAU,SAAS,CAAC,EAChC,OAAO,KAAK;AAEf,SAAO;AAAA,IACL,UAAU;AAAA,MACR,QAAQ;AAAA,QACN,UAAU;AAAA,QACV,IAAI;AAAA,QACJ,WAAW;AAAA,MACb;AAAA,MACA,WAAW;AAAA,MACX;AAAA,MACA,eAAc,oBAAI,KAAK,GAAE,YAAY;AAAA,IACvC;AAAA,IACA;AAAA,EACF;AACF;AAEA,eAAsB,iBACpB,gBACA,QAC4B;AAC5B,QAAM,SAAS,QAAQ,UAAU,QAAQ,IAAI,qBAAqB;AAElE,MAAI;AACF,UAAM,WAAW,MAAM,MAAM,GAAG,MAAM,YAAY,cAAc,EAAE;AAClE,QAAI,CAAC,SAAS,GAAI,QAAO;AACzB,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,WAAO,KAAK;AAAA,EACd,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ACnGA,IAAAA,eAA4B;AAC5B,IAAAC,iBAAuC;AAGvC,eAAsB,KACpB,SACA,UACA,SAC4B;AAC5B,QAAM,QAAQ,SAAS,SAAS;AAChC,QAAM,cAAc,SAAS,eAAe;AAE5C,QAAM,kBAAc,2BAAW,QAAQ,EAAE,OAAO,OAAO,EAAE,OAAO,KAAK;AAErE,QAAM,UAAU;AAAA,IACd,KAAK,GAAG,SAAS,MAAM;AAAA,IACvB,KAAK;AAAA,IACL,KAAK,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAAA,IACjC,cAAc,UAAU,WAAW;AAAA,IACnC,cAAc;AAAA,IACd,WAAO,2BAAW;AAAA,EACpB;AAEA,QAAM,MAAM,MAAM,IAAI;AAAA,IACpB,IAAI,YAAY,EAAE,OAAO,KAAK,UAAU,OAAO,CAAC;AAAA,EAClD,EACG,mBAAmB;AAAA,IAClB,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK,GAAG,SAAS,MAAM;AAAA,EACzB,CAAC,EACA,KAAK,SAAS,UAAU;AAE3B,SAAO;AAAA,IACL,WAAW;AAAA,MACT,GAAG;AAAA,MACH;AAAA,MACA,QAAQ,SAAS;AAAA,MACjB;AAAA,IACF;AAAA,IACA;AAAA,EACF;AACF;;;AC1CA,IAAAC,eAAyC;AACzC,IAAAC,iBAA2B;AAI3B,eAAsB,OACpB,UACA,QACuB;AACvB,MAAI;AACF,UAAM,EAAE,OAAO,IAAI,SAAS;AAE5B,UAAM,YAAY,MAAM,iBAAiB,QAAQ,MAAM;AACvD,QAAI,CAAC,WAAW;AACd,aAAO,EAAE,UAAU,OAAO,OAAO,uBAAuB;AAAA,IAC1D;AAEA,UAAM,YAAY,UAAM,wBAAU,WAAW,OAAO;AACpD,WAAO,MAAM,cAAc,UAAU,SAAS;AAAA,EAChD,SAAS,OAAO;AACd,WAAO,EAAE,UAAU,OAAO,OAAO,OAAO,KAAK,EAAE;AAAA,EACjD;AACF;AAEA,eAAsB,cACpB,UACA,WACuB;AACvB,MAAI;AACF,UAAM,EAAE,QAAQ,IAAI,UAAM,4BAAc,SAAS,UAAU,KAAK,SAAS;AACzE,UAAM,SAAS,KAAK,MAAM,IAAI,YAAY,EAAE,OAAO,OAAO,CAAC;AAE3D,UAAM,iBAAa,2BAAW,QAAQ,EAAE,OAAO,SAAS,OAAO,EAAE,OAAO,KAAK;AAC7E,UAAM,eAAe,OAAO,aAAa,QAAQ,WAAW,EAAE;AAC9D,QAAI,eAAe,cAAc;AAC/B,aAAO,EAAE,UAAU,OAAO,OAAO,wBAAwB;AAAA,IAC3D;AAEA,UAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AACxC,UAAM,WAAW,KAAK,IAAI,MAAM,OAAO,GAAG;AAC1C,QAAI,WAAW,OAAO;AACpB,aAAO,EAAE,UAAU,OAAO,OAAO,iCAAiC;AAAA,IACpE;AAEA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,QAAQ;AAAA,QACN,UAAU,SAAS,UAAU;AAAA,QAC7B,IAAI;AAAA,QACJ,WAAW;AAAA,MACb;AAAA,MACA,OAAO,OAAO;AAAA,MACd,UAAU,IAAI,KAAK,OAAO,MAAM,GAAI,EAAE,YAAY;AAAA,IACpD;AAAA,EACF,SAAS,OAAO;AACd,WAAO,EAAE,UAAU,OAAO,OAAO,OAAO,KAAK,EAAE;AAAA,EACjD;AACF;;;AJzDO,IAAM,UAAU;","names":["import_jose","import_crypto","import_jose","import_crypto"]}

package/dist/index.d.cts ADDED Viewed

@@ -0,0 +1,80 @@
+import { CryptoKey as CryptoKey$1 } from 'jose';
+interface AgentCredIdentity {
+    github: {
+        username: string;
+        id: number;
+        avatarUrl: string;
+    };
+    publicKey: JsonWebKey;
+    fingerprint: string;
+    registeredAt: string;
+}
+interface AgentCredEnvelope {
+    agentcred: {
+        v: '1.0';
+        jws: string;
+        github: string;
+        agent: string;
+    };
+    content: string;
+}
+interface SignOptions {
+    agent?: string;
+    contentType?: string;
+}
+interface VerifyResult {
+    verified: boolean;
+    github?: {
+        username: string;
+        id: number;
+        avatarUrl: string;
+    };
+    agent?: string;
+    signedAt?: string;
+    error?: string;
+}
+interface KeyStorage {
+    save(username: string, privateKey: JsonWebKey): Promise<void>;
+    load(username: string): Promise<JsonWebKey | null>;
+    list(): Promise<string[]>;
+}
+interface AgentCredConfig {
+    apiUrl?: string;
+    storage?: KeyStorage;
+}
+interface SignIdentity {
+    privateKey: CryptoKey$1 | Uint8Array;
+    github: string;
+}
+declare class MemoryKeyStorage implements KeyStorage {
+    private keys;
+    save(username: string, privateKey: JsonWebKey): Promise<void>;
+    load(username: string): Promise<JsonWebKey | null>;
+    list(): Promise<string[]>;
+}
+declare class FileSystemKeyStorage implements KeyStorage {
+    private keyDir;
+    constructor(keyDir?: string);
+    save(username: string, privateKey: JsonWebKey): Promise<void>;
+    load(username: string): Promise<JsonWebKey | null>;
+    list(): Promise<string[]>;
+}
+declare function createDefaultStorage(): KeyStorage;
+declare function createIdentity(githubToken: string, config?: AgentCredConfig): Promise<AgentCredIdentity>;
+declare function loadIdentity(githubUsername: string, config?: AgentCredConfig): Promise<{
+    identity: AgentCredIdentity;
+    privateKey: CryptoKey | Uint8Array;
+} | null>;
+declare function resolvePublicKey(githubUsername: string, config?: AgentCredConfig): Promise<JsonWebKey | null>;
+declare function sign(content: string, identity: SignIdentity, options?: SignOptions): Promise<AgentCredEnvelope>;
+declare function verify(envelope: AgentCredEnvelope, config?: AgentCredConfig): Promise<VerifyResult>;
+declare function verifyOffline(envelope: AgentCredEnvelope, publicKey: any): Promise<VerifyResult>;
+declare const version = "0.0.1";
+export { type AgentCredConfig, type AgentCredEnvelope, type AgentCredIdentity, FileSystemKeyStorage, type KeyStorage, MemoryKeyStorage, type SignIdentity, type SignOptions, type VerifyResult, createDefaultStorage, createIdentity, loadIdentity, resolvePublicKey, sign, verify, verifyOffline, version };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,80 @@
+import { CryptoKey as CryptoKey$1 } from 'jose';
+interface AgentCredIdentity {
+    github: {
+        username: string;
+        id: number;
+        avatarUrl: string;
+    };
+    publicKey: JsonWebKey;
+    fingerprint: string;
+    registeredAt: string;
+}
+interface AgentCredEnvelope {
+    agentcred: {
+        v: '1.0';
+        jws: string;
+        github: string;
+        agent: string;
+    };
+    content: string;
+}
+interface SignOptions {
+    agent?: string;
+    contentType?: string;
+}
+interface VerifyResult {
+    verified: boolean;
+    github?: {
+        username: string;
+        id: number;
+        avatarUrl: string;
+    };
+    agent?: string;
+    signedAt?: string;
+    error?: string;
+}
+interface KeyStorage {
+    save(username: string, privateKey: JsonWebKey): Promise<void>;
+    load(username: string): Promise<JsonWebKey | null>;
+    list(): Promise<string[]>;
+}
+interface AgentCredConfig {
+    apiUrl?: string;
+    storage?: KeyStorage;
+}
+interface SignIdentity {
+    privateKey: CryptoKey$1 | Uint8Array;
+    github: string;
+}
+declare class MemoryKeyStorage implements KeyStorage {
+    private keys;
+    save(username: string, privateKey: JsonWebKey): Promise<void>;
+    load(username: string): Promise<JsonWebKey | null>;
+    list(): Promise<string[]>;
+}
+declare class FileSystemKeyStorage implements KeyStorage {
+    private keyDir;
+    constructor(keyDir?: string);
+    save(username: string, privateKey: JsonWebKey): Promise<void>;
+    load(username: string): Promise<JsonWebKey | null>;
+    list(): Promise<string[]>;
+}
+declare function createDefaultStorage(): KeyStorage;
+declare function createIdentity(githubToken: string, config?: AgentCredConfig): Promise<AgentCredIdentity>;
+declare function loadIdentity(githubUsername: string, config?: AgentCredConfig): Promise<{
+    identity: AgentCredIdentity;
+    privateKey: CryptoKey | Uint8Array;
+} | null>;
+declare function resolvePublicKey(githubUsername: string, config?: AgentCredConfig): Promise<JsonWebKey | null>;
+declare function sign(content: string, identity: SignIdentity, options?: SignOptions): Promise<AgentCredEnvelope>;
+declare function verify(envelope: AgentCredEnvelope, config?: AgentCredConfig): Promise<VerifyResult>;
+declare function verifyOffline(envelope: AgentCredEnvelope, publicKey: any): Promise<VerifyResult>;
+declare const version = "0.0.1";
+export { type AgentCredConfig, type AgentCredEnvelope, type AgentCredIdentity, FileSystemKeyStorage, type KeyStorage, MemoryKeyStorage, type SignIdentity, type SignOptions, type VerifyResult, createDefaultStorage, createIdentity, loadIdentity, resolvePublicKey, sign, verify, verifyOffline, version };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,216 @@
+// src/storage.ts
+import * as fs from "fs/promises";
+import * as path from "path";
+import * as os from "os";
+var MemoryKeyStorage = class {
+  keys = /* @__PURE__ */ new Map();
+  async save(username, privateKey) {
+    this.keys.set(username, privateKey);
+  }
+  async load(username) {
+    return this.keys.get(username) ?? null;
+  }
+  async list() {
+    return Array.from(this.keys.keys());
+  }
+};
+var FileSystemKeyStorage = class {
+  keyDir;
+  constructor(keyDir) {
+    this.keyDir = keyDir ?? path.join(os.homedir(), ".agentcred", "keys");
+  }
+  async save(username, privateKey) {
+    await fs.mkdir(this.keyDir, { recursive: true });
+    const keyPath = path.join(this.keyDir, `${username}.jwk`);
+    await fs.writeFile(keyPath, JSON.stringify(privateKey, null, 2));
+  }
+  async load(username) {
+    try {
+      const keyPath = path.join(this.keyDir, `${username}.jwk`);
+      const data = await fs.readFile(keyPath, "utf-8");
+      return JSON.parse(data);
+    } catch {
+      return null;
+    }
+  }
+  async list() {
+    try {
+      const files = await fs.readdir(this.keyDir);
+      return files.filter((f) => f.endsWith(".jwk")).map((f) => f.replace(".jwk", ""));
+    } catch {
+      return [];
+    }
+  }
+};
+function createDefaultStorage() {
+  if (typeof window !== "undefined") {
+    return new MemoryKeyStorage();
+  }
+  return new FileSystemKeyStorage();
+}
+// src/identity.ts
+import { generateKeyPair, exportJWK, importJWK } from "jose";
+import { createHash } from "crypto";
+async function createIdentity(githubToken, config) {
+  const apiUrl = config?.apiUrl ?? process.env.AGENTCRED_API_URL ?? "https://api.agentcred.dev";
+  const storage = config?.storage ?? createDefaultStorage();
+  const response = await fetch("https://api.github.com/user", {
+    headers: { Authorization: `Bearer ${githubToken}` }
+  });
+  if (!response.ok) throw new Error("GitHub authentication failed");
+  const profile = await response.json();
+  const { publicKey, privateKey } = await generateKeyPair("EdDSA", { extractable: true });
+  const publicJWK = await exportJWK(publicKey);
+  const privateJWK = await exportJWK(privateKey);
+  const fingerprint = createHash("sha256").update(JSON.stringify(publicJWK)).digest("hex");
+  const registerResponse = await fetch(`${apiUrl}/v1/keys`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "Authorization": `Bearer ${githubToken}`
+    },
+    body: JSON.stringify({ public_key: publicJWK })
+  });
+  if (!registerResponse.ok) throw new Error("Key registration failed");
+  const registration = await registerResponse.json();
+  await storage.save(profile.login, privateJWK);
+  return {
+    github: {
+      username: profile.login,
+      id: profile.id,
+      avatarUrl: profile.avatar_url
+    },
+    publicKey: publicJWK,
+    fingerprint,
+    registeredAt: registration.registered_at
+  };
+}
+async function loadIdentity(githubUsername, config) {
+  const apiUrl = config?.apiUrl ?? process.env.AGENTCRED_API_URL ?? "https://api.agentcred.dev";
+  const storage = config?.storage ?? createDefaultStorage();
+  const privateJWK = await storage.load(githubUsername);
+  if (!privateJWK) return null;
+  const publicJWK = await resolvePublicKey(githubUsername, config);
+  if (!publicJWK) return null;
+  const privateKey = await importJWK(privateJWK, "EdDSA");
+  const fingerprint = createHash("sha256").update(JSON.stringify(publicJWK)).digest("hex");
+  return {
+    identity: {
+      github: {
+        username: githubUsername,
+        id: 0,
+        avatarUrl: ""
+      },
+      publicKey: publicJWK,
+      fingerprint,
+      registeredAt: (/* @__PURE__ */ new Date()).toISOString()
+    },
+    privateKey
+  };
+}
+async function resolvePublicKey(githubUsername, config) {
+  const apiUrl = config?.apiUrl ?? process.env.AGENTCRED_API_URL ?? "https://api.agentcred.dev";
+  try {
+    const response = await fetch(`${apiUrl}/v1/keys/${githubUsername}`);
+    if (!response.ok) return null;
+    const data = await response.json();
+    return data.public_key;
+  } catch {
+    return null;
+  }
+}
+// src/sign.ts
+import { CompactSign } from "jose";
+import { createHash as createHash2, randomUUID } from "crypto";
+async function sign(content, identity, options) {
+  const agent = options?.agent ?? "default";
+  const contentType = options?.contentType ?? "text/plain";
+  const contentHash = createHash2("sha256").update(content).digest("hex");
+  const payload = {
+    iss: `${identity.github}@agentcred`,
+    sub: agent,
+    iat: Math.floor(Date.now() / 1e3),
+    content_hash: `sha256:${contentHash}`,
+    content_type: contentType,
+    nonce: randomUUID()
+  };
+  const jws = await new CompactSign(
+    new TextEncoder().encode(JSON.stringify(payload))
+  ).setProtectedHeader({
+    alg: "EdDSA",
+    typ: "agentcred+jwt",
+    kid: `${identity.github}@agentcred`
+  }).sign(identity.privateKey);
+  return {
+    agentcred: {
+      v: "1.0",
+      jws,
+      github: identity.github,
+      agent
+    },
+    content
+  };
+}
+// src/verify.ts
+import { compactVerify, importJWK as importJWK2 } from "jose";
+import { createHash as createHash3 } from "crypto";
+async function verify(envelope, config) {
+  try {
+    const { github } = envelope.agentcred;
+    const publicJWK = await resolvePublicKey(github, config);
+    if (!publicJWK) {
+      return { verified: false, error: "Public key not found" };
+    }
+    const publicKey = await importJWK2(publicJWK, "EdDSA");
+    return await verifyOffline(envelope, publicKey);
+  } catch (error) {
+    return { verified: false, error: String(error) };
+  }
+}
+async function verifyOffline(envelope, publicKey) {
+  try {
+    const { payload } = await compactVerify(envelope.agentcred.jws, publicKey);
+    const claims = JSON.parse(new TextDecoder().decode(payload));
+    const actualHash = createHash3("sha256").update(envelope.content).digest("hex");
+    const expectedHash = claims.content_hash.replace("sha256:", "");
+    if (actualHash !== expectedHash) {
+      return { verified: false, error: "Content hash mismatch" };
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    const timeDiff = Math.abs(now - claims.iat);
+    if (timeDiff > 86400) {
+      return { verified: false, error: "Timestamp outside valid window" };
+    }
+    return {
+      verified: true,
+      github: {
+        username: envelope.agentcred.github,
+        id: 0,
+        avatarUrl: ""
+      },
+      agent: claims.sub,
+      signedAt: new Date(claims.iat * 1e3).toISOString()
+    };
+  } catch (error) {
+    return { verified: false, error: String(error) };
+  }
+}
+// src/index.ts
+var version = "0.0.1";
+export {
+  FileSystemKeyStorage,
+  MemoryKeyStorage,
+  createDefaultStorage,
+  createIdentity,
+  loadIdentity,
+  resolvePublicKey,
+  sign,
+  verify,
+  verifyOffline,
+  version
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/storage.ts","../src/identity.ts","../src/sign.ts","../src/verify.ts","../src/index.ts"],"sourcesContent":["import { KeyStorage } from './types.js'\nimport * as fs from 'fs/promises'\nimport * as path from 'path'\nimport * as os from 'os'\n\nexport class MemoryKeyStorage implements KeyStorage {\n private keys = new Map<string, JsonWebKey>()\n \n async save(username: string, privateKey: JsonWebKey): Promise<void> {\n this.keys.set(username, privateKey)\n }\n \n async load(username: string): Promise<JsonWebKey | null> {\n return this.keys.get(username) ?? null\n }\n \n async list(): Promise<string[]> {\n return Array.from(this.keys.keys())\n }\n}\n\nexport class FileSystemKeyStorage implements KeyStorage {\n private keyDir: string\n \n constructor(keyDir?: string) {\n this.keyDir = keyDir ?? path.join(os.homedir(), '.agentcred', 'keys')\n }\n \n async save(username: string, privateKey: JsonWebKey): Promise<void> {\n await fs.mkdir(this.keyDir, { recursive: true })\n const keyPath = path.join(this.keyDir, `${username}.jwk`)\n await fs.writeFile(keyPath, JSON.stringify(privateKey, null, 2))\n }\n \n async load(username: string): Promise<JsonWebKey | null> {\n try {\n const keyPath = path.join(this.keyDir, `${username}.jwk`)\n const data = await fs.readFile(keyPath, 'utf-8')\n return JSON.parse(data)\n } catch {\n return null\n }\n }\n \n async list(): Promise<string[]> {\n try {\n const files = await fs.readdir(this.keyDir)\n return files.filter(f => f.endsWith('.jwk')).map(f => f.replace('.jwk', ''))\n } catch {\n return []\n }\n }\n}\n\nexport function createDefaultStorage(): KeyStorage {\n if (typeof window !== 'undefined') {\n return new MemoryKeyStorage()\n }\n return new FileSystemKeyStorage()\n}\n","import { generateKeyPair, exportJWK, importJWK } from 'jose'\nimport { AgentCredIdentity, AgentCredConfig, SignIdentity } from './types.js'\nimport { createDefaultStorage } from './storage.js'\nimport { createHash } from 'crypto'\n\nexport async function createIdentity(\n githubToken: string,\n config?: AgentCredConfig\n): Promise<AgentCredIdentity> {\n const apiUrl = config?.apiUrl ?? process.env.AGENTCRED_API_URL ?? 'https://api.agentcred.dev'\n const storage = config?.storage ?? createDefaultStorage()\n \n const response = await fetch('https://api.github.com/user', {\n headers: { Authorization: `Bearer ${githubToken}` }\n })\n if (!response.ok) throw new Error('GitHub authentication failed')\n const profile = await response.json()\n \n const { publicKey, privateKey } = await generateKeyPair('EdDSA', { extractable: true })\n const publicJWK = await exportJWK(publicKey)\n const privateJWK = await exportJWK(privateKey)\n \n const fingerprint = createHash('sha256')\n .update(JSON.stringify(publicJWK))\n .digest('hex')\n \n const registerResponse = await fetch(`${apiUrl}/v1/keys`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n 'Authorization': `Bearer ${githubToken}`\n },\n body: JSON.stringify({ public_key: publicJWK })\n })\n if (!registerResponse.ok) throw new Error('Key registration failed')\n const registration = await registerResponse.json()\n \n await storage.save(profile.login, privateJWK)\n \n return {\n github: {\n username: profile.login,\n id: profile.id,\n avatarUrl: profile.avatar_url\n },\n publicKey: publicJWK,\n fingerprint,\n registeredAt: registration.registered_at\n }\n}\n\nexport async function loadIdentity(\n githubUsername: string,\n config?: AgentCredConfig\n): Promise<{ identity: AgentCredIdentity; privateKey: CryptoKey | Uint8Array } | null> {\n const apiUrl = config?.apiUrl ?? process.env.AGENTCRED_API_URL ?? 'https://api.agentcred.dev'\n const storage = config?.storage ?? createDefaultStorage()\n \n const privateJWK = await storage.load(githubUsername)\n if (!privateJWK) return null\n \n const publicJWK = await resolvePublicKey(githubUsername, config)\n if (!publicJWK) return null\n \n const privateKey = await importJWK(privateJWK, 'EdDSA')\n \n const fingerprint = createHash('sha256')\n .update(JSON.stringify(publicJWK))\n .digest('hex')\n \n return {\n identity: {\n github: {\n username: githubUsername,\n id: 0,\n avatarUrl: ''\n },\n publicKey: publicJWK,\n fingerprint,\n registeredAt: new Date().toISOString()\n },\n privateKey\n }\n}\n\nexport async function resolvePublicKey(\n githubUsername: string,\n config?: AgentCredConfig\n): Promise<JsonWebKey | null> {\n const apiUrl = config?.apiUrl ?? process.env.AGENTCRED_API_URL ?? 'https://api.agentcred.dev'\n \n try {\n const response = await fetch(`${apiUrl}/v1/keys/${githubUsername}`)\n if (!response.ok) return null\n const data = await response.json()\n return data.public_key\n } catch {\n return null\n }\n}\n","import { CompactSign } from 'jose'\nimport { createHash, randomUUID } from 'crypto'\nimport { AgentCredEnvelope, SignOptions, SignIdentity } from './types.js'\n\nexport async function sign(\n content: string,\n identity: SignIdentity,\n options?: SignOptions\n): Promise<AgentCredEnvelope> {\n const agent = options?.agent ?? 'default'\n const contentType = options?.contentType ?? 'text/plain'\n \n const contentHash = createHash('sha256').update(content).digest('hex')\n \n const payload = {\n iss: `${identity.github}@agentcred`,\n sub: agent,\n iat: Math.floor(Date.now() / 1000),\n content_hash: `sha256:${contentHash}`,\n content_type: contentType,\n nonce: randomUUID()\n }\n \n const jws = await new CompactSign(\n new TextEncoder().encode(JSON.stringify(payload))\n )\n .setProtectedHeader({\n alg: 'EdDSA',\n typ: 'agentcred+jwt',\n kid: `${identity.github}@agentcred`\n })\n .sign(identity.privateKey)\n \n return {\n agentcred: {\n v: '1.0',\n jws,\n github: identity.github,\n agent\n },\n content\n }\n}\n","import { compactVerify, importJWK } from 'jose'\nimport { createHash } from 'crypto'\nimport { AgentCredEnvelope, VerifyResult, AgentCredConfig } from './types.js'\nimport { resolvePublicKey } from './identity.js'\n\nexport async function verify(\n envelope: AgentCredEnvelope,\n config?: AgentCredConfig\n): Promise<VerifyResult> {\n try {\n const { github } = envelope.agentcred\n \n const publicJWK = await resolvePublicKey(github, config)\n if (!publicJWK) {\n return { verified: false, error: 'Public key not found' }\n }\n \n const publicKey = await importJWK(publicJWK, 'EdDSA')\n return await verifyOffline(envelope, publicKey)\n } catch (error) {\n return { verified: false, error: String(error) }\n }\n}\n\nexport async function verifyOffline(\n envelope: AgentCredEnvelope,\n publicKey: any\n): Promise<VerifyResult> {\n try {\n const { payload } = await compactVerify(envelope.agentcred.jws, publicKey)\n const claims = JSON.parse(new TextDecoder().decode(payload))\n \n const actualHash = createHash('sha256').update(envelope.content).digest('hex')\n const expectedHash = claims.content_hash.replace('sha256:', '')\n if (actualHash !== expectedHash) {\n return { verified: false, error: 'Content hash mismatch' }\n }\n \n const now = Math.floor(Date.now() / 1000)\n const timeDiff = Math.abs(now - claims.iat)\n if (timeDiff > 86400) {\n return { verified: false, error: 'Timestamp outside valid window' }\n }\n \n return {\n verified: true,\n github: {\n username: envelope.agentcred.github,\n id: 0,\n avatarUrl: ''\n },\n agent: claims.sub,\n signedAt: new Date(claims.iat * 1000).toISOString()\n }\n } catch (error) {\n return { verified: false, error: String(error) }\n }\n}\n","export const version = '0.0.1'\n\nexport * from './types.js'\nexport { MemoryKeyStorage, FileSystemKeyStorage, createDefaultStorage } from './storage.js'\nexport { createIdentity, loadIdentity, resolvePublicKey } from './identity.js'\nexport { sign } from './sign.js'\nexport { verify, verifyOffline } from './verify.js'\n"],"mappings":";AACA,YAAY,QAAQ;AACpB,YAAY,UAAU;AACtB,YAAY,QAAQ;AAEb,IAAM,mBAAN,MAA6C;AAAA,EAC1C,OAAO,oBAAI,IAAwB;AAAA,EAE3C,MAAM,KAAK,UAAkB,YAAuC;AAClE,SAAK,KAAK,IAAI,UAAU,UAAU;AAAA,EACpC;AAAA,EAEA,MAAM,KAAK,UAA8C;AACvD,WAAO,KAAK,KAAK,IAAI,QAAQ,KAAK;AAAA,EACpC;AAAA,EAEA,MAAM,OAA0B;AAC9B,WAAO,MAAM,KAAK,KAAK,KAAK,KAAK,CAAC;AAAA,EACpC;AACF;AAEO,IAAM,uBAAN,MAAiD;AAAA,EAC9C;AAAA,EAER,YAAY,QAAiB;AAC3B,SAAK,SAAS,UAAe,UAAQ,WAAQ,GAAG,cAAc,MAAM;AAAA,EACtE;AAAA,EAEA,MAAM,KAAK,UAAkB,YAAuC;AAClE,UAAS,SAAM,KAAK,QAAQ,EAAE,WAAW,KAAK,CAAC;AAC/C,UAAM,UAAe,UAAK,KAAK,QAAQ,GAAG,QAAQ,MAAM;AACxD,UAAS,aAAU,SAAS,KAAK,UAAU,YAAY,MAAM,CAAC,CAAC;AAAA,EACjE;AAAA,EAEA,MAAM,KAAK,UAA8C;AACvD,QAAI;AACF,YAAM,UAAe,UAAK,KAAK,QAAQ,GAAG,QAAQ,MAAM;AACxD,YAAM,OAAO,MAAS,YAAS,SAAS,OAAO;AAC/C,aAAO,KAAK,MAAM,IAAI;AAAA,IACxB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,OAA0B;AAC9B,QAAI;AACF,YAAM,QAAQ,MAAS,WAAQ,KAAK,MAAM;AAC1C,aAAO,MAAM,OAAO,OAAK,EAAE,SAAS,MAAM,CAAC,EAAE,IAAI,OAAK,EAAE,QAAQ,QAAQ,EAAE,CAAC;AAAA,IAC7E,QAAQ;AACN,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AACF;AAEO,SAAS,uBAAmC;AACjD,MAAI,OAAO,WAAW,aAAa;AACjC,WAAO,IAAI,iBAAiB;AAAA,EAC9B;AACA,SAAO,IAAI,qBAAqB;AAClC;;;AC3DA,SAAS,iBAAiB,WAAW,iBAAiB;AAGtD,SAAS,kBAAkB;AAE3B,eAAsB,eACpB,aACA,QAC4B;AAC5B,QAAM,SAAS,QAAQ,UAAU,QAAQ,IAAI,qBAAqB;AAClE,QAAM,UAAU,QAAQ,WAAW,qBAAqB;AAExD,QAAM,WAAW,MAAM,MAAM,+BAA+B;AAAA,IAC1D,SAAS,EAAE,eAAe,UAAU,WAAW,GAAG;AAAA,EACpD,CAAC;AACD,MAAI,CAAC,SAAS,GAAI,OAAM,IAAI,MAAM,8BAA8B;AAChE,QAAM,UAAU,MAAM,SAAS,KAAK;AAEpC,QAAM,EAAE,WAAW,WAAW,IAAI,MAAM,gBAAgB,SAAS,EAAE,aAAa,KAAK,CAAC;AACtF,QAAM,YAAY,MAAM,UAAU,SAAS;AAC3C,QAAM,aAAa,MAAM,UAAU,UAAU;AAE7C,QAAM,cAAc,WAAW,QAAQ,EACpC,OAAO,KAAK,UAAU,SAAS,CAAC,EAChC,OAAO,KAAK;AAEf,QAAM,mBAAmB,MAAM,MAAM,GAAG,MAAM,YAAY;AAAA,IACxD,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,gBAAgB;AAAA,MAChB,iBAAiB,UAAU,WAAW;AAAA,IACxC;AAAA,IACA,MAAM,KAAK,UAAU,EAAE,YAAY,UAAU,CAAC;AAAA,EAChD,CAAC;AACD,MAAI,CAAC,iBAAiB,GAAI,OAAM,IAAI,MAAM,yBAAyB;AACnE,QAAM,eAAe,MAAM,iBAAiB,KAAK;AAEjD,QAAM,QAAQ,KAAK,QAAQ,OAAO,UAAU;AAE5C,SAAO;AAAA,IACL,QAAQ;AAAA,MACN,UAAU,QAAQ;AAAA,MAClB,IAAI,QAAQ;AAAA,MACZ,WAAW,QAAQ;AAAA,IACrB;AAAA,IACA,WAAW;AAAA,IACX;AAAA,IACA,cAAc,aAAa;AAAA,EAC7B;AACF;AAEA,eAAsB,aACpB,gBACA,QACqF;AACrF,QAAM,SAAS,QAAQ,UAAU,QAAQ,IAAI,qBAAqB;AAClE,QAAM,UAAU,QAAQ,WAAW,qBAAqB;AAExD,QAAM,aAAa,MAAM,QAAQ,KAAK,cAAc;AACpD,MAAI,CAAC,WAAY,QAAO;AAExB,QAAM,YAAY,MAAM,iBAAiB,gBAAgB,MAAM;AAC/D,MAAI,CAAC,UAAW,QAAO;AAEvB,QAAM,aAAa,MAAM,UAAU,YAAY,OAAO;AAEtD,QAAM,cAAc,WAAW,QAAQ,EACpC,OAAO,KAAK,UAAU,SAAS,CAAC,EAChC,OAAO,KAAK;AAEf,SAAO;AAAA,IACL,UAAU;AAAA,MACR,QAAQ;AAAA,QACN,UAAU;AAAA,QACV,IAAI;AAAA,QACJ,WAAW;AAAA,MACb;AAAA,MACA,WAAW;AAAA,MACX;AAAA,MACA,eAAc,oBAAI,KAAK,GAAE,YAAY;AAAA,IACvC;AAAA,IACA;AAAA,EACF;AACF;AAEA,eAAsB,iBACpB,gBACA,QAC4B;AAC5B,QAAM,SAAS,QAAQ,UAAU,QAAQ,IAAI,qBAAqB;AAElE,MAAI;AACF,UAAM,WAAW,MAAM,MAAM,GAAG,MAAM,YAAY,cAAc,EAAE;AAClE,QAAI,CAAC,SAAS,GAAI,QAAO;AACzB,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,WAAO,KAAK;AAAA,EACd,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ACnGA,SAAS,mBAAmB;AAC5B,SAAS,cAAAA,aAAY,kBAAkB;AAGvC,eAAsB,KACpB,SACA,UACA,SAC4B;AAC5B,QAAM,QAAQ,SAAS,SAAS;AAChC,QAAM,cAAc,SAAS,eAAe;AAE5C,QAAM,cAAcA,YAAW,QAAQ,EAAE,OAAO,OAAO,EAAE,OAAO,KAAK;AAErE,QAAM,UAAU;AAAA,IACd,KAAK,GAAG,SAAS,MAAM;AAAA,IACvB,KAAK;AAAA,IACL,KAAK,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAAA,IACjC,cAAc,UAAU,WAAW;AAAA,IACnC,cAAc;AAAA,IACd,OAAO,WAAW;AAAA,EACpB;AAEA,QAAM,MAAM,MAAM,IAAI;AAAA,IACpB,IAAI,YAAY,EAAE,OAAO,KAAK,UAAU,OAAO,CAAC;AAAA,EAClD,EACG,mBAAmB;AAAA,IAClB,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK,GAAG,SAAS,MAAM;AAAA,EACzB,CAAC,EACA,KAAK,SAAS,UAAU;AAE3B,SAAO;AAAA,IACL,WAAW;AAAA,MACT,GAAG;AAAA,MACH;AAAA,MACA,QAAQ,SAAS;AAAA,MACjB;AAAA,IACF;AAAA,IACA;AAAA,EACF;AACF;;;AC1CA,SAAS,eAAe,aAAAC,kBAAiB;AACzC,SAAS,cAAAC,mBAAkB;AAI3B,eAAsB,OACpB,UACA,QACuB;AACvB,MAAI;AACF,UAAM,EAAE,OAAO,IAAI,SAAS;AAE5B,UAAM,YAAY,MAAM,iBAAiB,QAAQ,MAAM;AACvD,QAAI,CAAC,WAAW;AACd,aAAO,EAAE,UAAU,OAAO,OAAO,uBAAuB;AAAA,IAC1D;AAEA,UAAM,YAAY,MAAMC,WAAU,WAAW,OAAO;AACpD,WAAO,MAAM,cAAc,UAAU,SAAS;AAAA,EAChD,SAAS,OAAO;AACd,WAAO,EAAE,UAAU,OAAO,OAAO,OAAO,KAAK,EAAE;AAAA,EACjD;AACF;AAEA,eAAsB,cACpB,UACA,WACuB;AACvB,MAAI;AACF,UAAM,EAAE,QAAQ,IAAI,MAAM,cAAc,SAAS,UAAU,KAAK,SAAS;AACzE,UAAM,SAAS,KAAK,MAAM,IAAI,YAAY,EAAE,OAAO,OAAO,CAAC;AAE3D,UAAM,aAAaC,YAAW,QAAQ,EAAE,OAAO,SAAS,OAAO,EAAE,OAAO,KAAK;AAC7E,UAAM,eAAe,OAAO,aAAa,QAAQ,WAAW,EAAE;AAC9D,QAAI,eAAe,cAAc;AAC/B,aAAO,EAAE,UAAU,OAAO,OAAO,wBAAwB;AAAA,IAC3D;AAEA,UAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AACxC,UAAM,WAAW,KAAK,IAAI,MAAM,OAAO,GAAG;AAC1C,QAAI,WAAW,OAAO;AACpB,aAAO,EAAE,UAAU,OAAO,OAAO,iCAAiC;AAAA,IACpE;AAEA,WAAO;AAAA,MACL,UAAU;AAAA,MACV,QAAQ;AAAA,QACN,UAAU,SAAS,UAAU;AAAA,QAC7B,IAAI;AAAA,QACJ,WAAW;AAAA,MACb;AAAA,MACA,OAAO,OAAO;AAAA,MACd,UAAU,IAAI,KAAK,OAAO,MAAM,GAAI,EAAE,YAAY;AAAA,IACpD;AAAA,EACF,SAAS,OAAO;AACd,WAAO,EAAE,UAAU,OAAO,OAAO,OAAO,KAAK,EAAE;AAAA,EACjD;AACF;;;ACzDO,IAAM,UAAU;","names":["createHash","importJWK","createHash","importJWK","createHash"]}

package/package.json ADDED Viewed

@@ -0,0 +1,54 @@
+{
+  "name": "@agentcred-ai/sdk",
+  "version": "0.1.0",
+  "description": "Core SDK for AgentCred - sign, verify, and manage agent credentials",
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "devDependencies": {
+    "@types/node": "^25.1.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.8.0",
+    "vitest": "^3.0.0"
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/agentcred-ai/agentcred",
+    "directory": "packages/sdk"
+  },
+  "homepage": "https://agentcred.dev",
+  "bugs": {
+    "url": "https://github.com/agentcred-ai/agentcred/issues"
+  },
+  "keywords": [
+    "agentcred",
+    "ai-agent",
+    "mcp",
+    "cryptography",
+    "ed25519",
+    "identity",
+    "signature"
+  ],
+  "author": "AgentCred Contributors",
+  "dependencies": {
+    "jose": "^6.1.3",
+    "zod": "^4.3.6"
+  },
+  "scripts": {
+    "build": "tsup",
+    "test": "vitest run",
+    "typecheck": "tsc --noEmit"
+  }
+}