@agentkv/client 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 The AgentKV Authors
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md ADDED
@@ -0,0 +1,131 @@
1
+ # @agentkv/client
2
+
3
+ The TypeScript SDK for [AgentKV](https://github.com/agentx402-ai/agentkv) — an agent-native,
4
+ encrypted key-value store paid per request over [x402](https://x402.org). **Wallet-native by
5
+ default** — your wallet address is the namespace, no signup — with an opt-in **account-key mode**
6
+ (an `ak_…` bearer token that owns the namespace, decoupled from the paying wallet) for managed
7
+ wallets that can't sign. Values are **encrypted client-side** (AES-256-GCM) before they leave your
8
+ process, so the server is zero-knowledge.
9
+
10
+ ```bash
11
+ npm install @agentkv/client
12
+ ```
13
+
14
+ ```ts
15
+ import { AgentKV } from "@agentkv/client";
16
+
17
+ const kv = new AgentKV({ privateKey, endpoint: "https://api.agentx402.ai" });
18
+
19
+ await kv.deposit(1); // pre-pay $1 of USDC credits
20
+ await kv.set("session:plan", plan); // encrypted client-side, stored as ciphertext
21
+ const restored = await kv.get("session:plan"); // decrypted locally
22
+ await kv.delete("session:plan");
23
+ const credits = await kv.balance();
24
+ ```
25
+
26
+ ### Account-key mode (managed wallets that can't sign)
27
+
28
+ Pass an `ak_…` bearer token plus a **local** encryption key instead of a wallet. The bearer owns
29
+ the namespace and its prepaid credits; any signing wallet funds it (the payer funds, the bearer
30
+ owns). Mint the pair with `agentkv account new`.
31
+
32
+ ```ts
33
+ const kv = new AgentKV({
34
+ accountKey: process.env.AGENTKV_ACCOUNT_KEY as string, // ak_<64 hex>
35
+ encryptionKey: process.env.AGENTKV_ENCRYPTION_KEY as `0x${string}`, // required — no wallet to derive from
36
+ endpoint: "https://api.agentx402.ai",
37
+ });
38
+
39
+ await kv.set("session:plan", plan); // bearer-authenticated; debits prepaid credits
40
+ ```
41
+
42
+ In account-key mode `deposit()` throws (there is no wallet to sign an x402 payment) — fund the
43
+ account instead by depositing to `<endpoint>/account/deposit` from any signing wallet, e.g. with
44
+ [awal](https://www.npmjs.com/package/awal).
45
+
46
+ ### `topoffPayer` — account-key auto top-off
47
+
48
+ Account-key mode has no signing wallet, so it cannot pay a 402 itself. Configure
49
+ `prepay` + `topoffPayer` and the client delegates top-offs to your hook:
50
+
51
+ ```ts
52
+ const kv = new AgentKV({
53
+ accountKey, encryptionKey, endpoint,
54
+ prepay: { watermark: 0.5, topoff: 1 }, // USD; topoff >= $1 (server minimum)
55
+ topoffPayer: async ({ depositUrl, accountKey, amountUsd, maxAmountAtomic }) => {
56
+ // pay `depositUrl` with ANY signing wallet, authorized by
57
+ // `Authorization: Bearer ${accountKey}`, capped at maxAmountAtomic.
58
+ // Resolve once settled; reject to surface `account_topoff_failed`.
59
+ },
60
+ });
61
+ ```
62
+
63
+ Fired single-flight when tracked credits drop below `prepay.watermark`
64
+ (failure non-fatal: the op proceeds on remaining credits) and on an
65
+ insufficient-credits 402 (failure fatal; on success the op retries once with
66
+ the same `Idempotency-Key` — exactly-once). Top-offs count against
67
+ `maxSessionSpendUsd` only, never the per-op `maxSpendUsd`. Both of
68
+ `prepay`/`topoffPayer` are required together in account-key mode;
69
+ `topoffPayer` is rejected in wallet mode.
70
+
71
+ ### `opInlinePayer` — inline pay-per-op (no prepay)
72
+
73
+ An alternative to `topoffPayer` for account-key mode: instead of buying a
74
+ prepaid-credit top-off, `opInlinePayer` routes the **whole failing op** through
75
+ an external x402 transport (e.g. [awal](https://www.npmjs.com/package/awal)'s
76
+ `awal x402 pay`) that does its own discovery → pay → retry:
77
+
78
+ ```ts
79
+ const kv = new AgentKV({
80
+ accountKey, encryptionKey, endpoint,
81
+ opInlinePayer: async ({ url, method, body, headers, maxAmountAtomic }) => {
82
+ // Send `url`/`method`/`body`/`headers` (already bearer- and
83
+ // Idempotency-Key-authenticated) through your own 402-aware transport,
84
+ // capped at `maxAmountAtomic`, and return its final response.
85
+ return { status, body, headers };
86
+ },
87
+ });
88
+ ```
89
+
90
+ No `prepay` required — it is pay-per-op, fired directly off a hard 402 with no
91
+ watermark/top-off machinery. Rejected (`invalid_config`) in wallet mode (a
92
+ signing wallet pays its own x402 challenges directly).
93
+
94
+ **Precedence, if you configure both `topoffPayer` and `opInlinePayer`:**
95
+ `topoffPayer` always wins. The two hooks are mutually exclusive **per op** —
96
+ `opInlinePayer` only ever fires when no `topoffPayer` is configured at all, so
97
+ a single op can never trigger both a deposit top-off and an inline payment.
98
+ Pick one strategy per client instance: `topoffPayer` if you want a standing
99
+ credit balance (cheaper per-op, but requires prepay bootstrapping), or
100
+ `opInlinePayer` if you want strict pay-per-op with no balance to manage.
101
+
102
+ **The account must already exist.** Auto top-off maintains a funded account; it does not
103
+ create one. A brand-new `ak_…` has no server-side account until its first deposit, so the
104
+ first op returns `account_not_found` (401) rather than a credits 402 — the hook does not fire
105
+ on a 401 (that error is indistinguishable from a typo'd or rotated key, so auto-depositing on
106
+ it could fund the wrong namespace). Bootstrap the account with one explicit deposit first
107
+ (e.g. `fundAccount(payer, 1)` or an out-of-band `awal x402 pay …/account/deposit`); after it
108
+ exists, `topoffPayer` keeps it funded.
109
+
110
+ The same applies to `opInlinePayer`: it also only fires on a `402`, and a brand-new account
111
+ 401s before it ever sees one, so it cannot bootstrap a fresh account either — deposit once
112
+ first, same as above.
113
+
114
+ - **Usage envelope is asymmetric** — writes get it inline on `SetResult.usage`; reads need the
115
+ separate `getWithUsage(key)` accessor (returning `{ value, usage }`), since `get()` keeps its
116
+ `Promise<T | null>` signature unchanged.
117
+ - **Identity & payment are structural** — free/credit ops are EIP-712 identity-signed (or, in
118
+ account-key mode, bearer-authenticated); paid ops settle USDC via x402 (EIP-3009
119
+ `transferWithAuthorization`).
120
+ - **Zero-knowledge** — an AES-256-GCM key is derived (HKDF from the wallet key, or an explicit
121
+ `encryptionKey`); the server only ever stores ciphertext it cannot read.
122
+ - **Pay per request** — pay-as-you-go in USDC, or pre-pay credits at **a tenth** the pay-per-op
123
+ price. `prepay: { watermark, topoff }` keeps credits auto-topped-up, and `maxSpendUsd` /
124
+ `maxSessionSpendUsd` cap per-call and cumulative spend.
125
+
126
+ See the [monorepo README](https://github.com/agentx402-ai/agentkv#readme) for the CLI, MCP server,
127
+ and Claude plugin.
128
+
129
+ ## License
130
+
131
+ [MIT](./LICENSE)