npm - @dupecom/botcha-cloudflare - Versions diffs - 0.20.2 → 0.23.0 - Mend

@dupecom/botcha-cloudflare 0.20.2 → 0.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (88) hide show

package/README.md +74 -9
package/dist/agent-auth.d.ts +129 -0
package/dist/agent-auth.d.ts.map +1 -0
package/dist/agent-auth.js +210 -0
package/dist/agents.d.ts +10 -0
package/dist/agents.d.ts.map +1 -1
package/dist/agents.js +51 -1
package/dist/app-gate.d.ts +6 -0
package/dist/app-gate.d.ts.map +1 -0
package/dist/app-gate.js +69 -0
package/dist/apps.d.ts +13 -4
package/dist/apps.d.ts.map +1 -1
package/dist/apps.js +30 -4
package/dist/dashboard/account.d.ts +63 -0
package/dist/dashboard/account.d.ts.map +1 -0
package/dist/dashboard/account.js +488 -0
package/dist/dashboard/api.js +15 -68
package/dist/dashboard/auth.d.ts.map +1 -1
package/dist/dashboard/auth.js +14 -14
package/dist/dashboard/docs.d.ts.map +1 -1
package/dist/dashboard/docs.js +146 -3
package/dist/dashboard/layout.d.ts.map +1 -1
package/dist/dashboard/layout.js +2 -2
package/dist/dashboard/mcp-setup.d.ts +15 -0
package/dist/dashboard/mcp-setup.d.ts.map +1 -0
package/dist/dashboard/mcp-setup.js +391 -0
package/dist/dashboard/showcase.d.ts +6 -10
package/dist/dashboard/showcase.d.ts.map +1 -1
package/dist/dashboard/showcase.js +67 -991
package/dist/dashboard/whitepaper.d.ts.map +1 -1
package/dist/dashboard/whitepaper.js +42 -4
package/dist/index.d.ts +5 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +660 -83
package/dist/mcp.d.ts +20 -0
package/dist/mcp.d.ts.map +1 -0
package/dist/mcp.js +1290 -0
package/dist/oauth-agent.d.ts +130 -0
package/dist/oauth-agent.d.ts.map +1 -0
package/dist/oauth-agent.js +194 -0
package/dist/static.d.ts +781 -5
package/dist/static.d.ts.map +1 -1
package/dist/static.js +790 -111
package/dist/tap-a2a-routes.d.ts +355 -0
package/dist/tap-a2a-routes.d.ts.map +1 -0
package/dist/tap-a2a-routes.js +475 -0
package/dist/tap-a2a.d.ts +199 -0
package/dist/tap-a2a.d.ts.map +1 -0
package/dist/tap-a2a.js +502 -0
package/dist/tap-agents.d.ts +15 -0
package/dist/tap-agents.d.ts.map +1 -1
package/dist/tap-agents.js +31 -1
package/dist/tap-ans-routes.d.ts +302 -0
package/dist/tap-ans-routes.d.ts.map +1 -0
package/dist/tap-ans-routes.js +535 -0
package/dist/tap-ans.d.ts +241 -0
package/dist/tap-ans.d.ts.map +1 -0
package/dist/tap-ans.js +481 -0
package/dist/tap-delegation-routes.d.ts.map +1 -1
package/dist/tap-delegation-routes.js +11 -0
package/dist/tap-did.d.ts +140 -0
package/dist/tap-did.d.ts.map +1 -0
package/dist/tap-did.js +262 -0
package/dist/tap-oidca-routes.d.ts +383 -0
package/dist/tap-oidca-routes.d.ts.map +1 -0
package/dist/tap-oidca-routes.js +597 -0
package/dist/tap-oidca.d.ts +288 -0
package/dist/tap-oidca.d.ts.map +1 -0
package/dist/tap-oidca.js +461 -0
package/dist/tap-routes.d.ts +24 -8
package/dist/tap-routes.d.ts.map +1 -1
package/dist/tap-routes.js +169 -23
package/dist/tap-vc-routes.d.ts +358 -0
package/dist/tap-vc-routes.d.ts.map +1 -0
package/dist/tap-vc-routes.js +367 -0
package/dist/tap-vc.d.ts +125 -0
package/dist/tap-vc.d.ts.map +1 -0
package/dist/tap-vc.js +245 -0
package/dist/tap-x402-routes.d.ts +89 -0
package/dist/tap-x402-routes.d.ts.map +1 -0
package/dist/tap-x402-routes.js +579 -0
package/dist/tap-x402.d.ts +222 -0
package/dist/tap-x402.d.ts.map +1 -0
package/dist/tap-x402.js +546 -0
package/dist/webhooks.d.ts +99 -0
package/dist/webhooks.d.ts.map +1 -0
package/dist/webhooks.js +642 -0
package/package.json +3 -1

package/dist/tap-a2a-routes.js ADDED Viewed

@@ -0,0 +1,475 @@
+/**
+ * A2A Agent Card Attestation — Route Handlers
+ *
+ * Routes:
+ *   GET  /.well-known/agent.json   — BOTCHA's own A2A Agent Card
+ *   POST /v1/a2a/attest            — Attest an A2A Agent Card
+ *   POST /v1/a2a/verify-card       — Verify an attested A2A Agent Card
+ *   GET  /v1/a2a/cards             — List BOTCHA-verified Agent Cards
+ *   GET  /v1/a2a/cards/:id         — Get a specific A2A attestation record
+ */
+import { extractBearerToken, verifyToken, getSigningPublicKeyJWK } from './auth.js';
+import { getBotchaAgentCard, attestCard, verifyCard, getCardAttestation, listVerifiedCards, } from './tap-a2a.js';
+// ============ HELPERS ============
+function getVerificationPublicKey(env) {
+    const rawSigningKey = env?.JWT_SIGNING_KEY;
+    if (!rawSigningKey)
+        return undefined;
+    try {
+        const signingKey = JSON.parse(rawSigningKey);
+        return getSigningPublicKeyJWK(signingKey);
+    }
+    catch {
+        console.error('Failed to parse JWT_SIGNING_KEY for A2A route verification');
+        return undefined;
+    }
+}
+async function validateAppAccess(c, requireAuth = true) {
+    const queryAppId = c.req.query('app_id');
+    const authHeader = c.req.header('authorization');
+    const token = extractBearerToken(authHeader);
+    if (!token) {
+        if (!requireAuth)
+            return { valid: true, appId: queryAppId };
+        return { valid: false, error: 'UNAUTHORIZED', status: 401 };
+    }
+    const publicKey = getVerificationPublicKey(c.env);
+    const result = await verifyToken(token, c.env.JWT_SECRET, c.env, undefined, publicKey);
+    if (!result.valid || !result.payload) {
+        return { valid: false, error: 'INVALID_TOKEN', status: 401 };
+    }
+    const jwtAppId = result.payload.app_id;
+    if (!jwtAppId) {
+        return { valid: false, error: 'MISSING_APP_ID', status: 403 };
+    }
+    if (queryAppId && queryAppId !== jwtAppId) {
+        return { valid: false, error: 'APP_ID_MISMATCH', status: 403 };
+    }
+    return { valid: true, appId: jwtAppId };
+}
+// ============ ROUTE HANDLERS ============
+/**
+ * GET /.well-known/agent.json
+ *
+ * BOTCHA's own A2A Agent Card. Serves the standard A2A discovery document
+ * so any A2A-compatible agent can discover BOTCHA's skills and auth requirements.
+ *
+ * No auth required — this is a public discovery endpoint.
+ */
+export async function agentCardRoute(c) {
+    const version = c.env?.BOTCHA_VERSION;
+    const card = getBotchaAgentCard(version);
+    return c.json(card, 200, {
+        'Cache-Control': 'public, max-age=3600',
+        'Content-Type': 'application/json',
+        'X-A2A-Version': '0.2.2',
+    });
+}
+/**
+ * POST /v1/a2a/attest
+ *
+ * Attest an A2A Agent Card. BOTCHA verifies the card structure, hashes its
+ * content, signs a JWT attestation, and embeds it in extensions.botcha_attestation.
+ *
+ * Request body:
+ *   card             — A2A Agent Card JSON (required)
+ *   duration_seconds — TTL for attestation (default 86400, max 2592000)
+ *   trust_level      — 'basic' | 'verified' | 'enterprise' (default 'verified')
+ *
+ * Auth: BOTCHA Bearer token (app_id required)
+ */
+export async function attestCardRoute(c) {
+    try {
+        const appAccess = await validateAppAccess(c, true);
+        if (!appAccess.valid) {
+            return c.json({
+                success: false,
+                error: appAccess.error,
+                message: 'Authentication required. Solve a BOTCHA challenge to get a Bearer token.',
+                hint: 'GET /v1/token?app_id=<your_app_id> → solve SHA256 → POST /v1/token/verify',
+            }, (appAccess.status || 401));
+        }
+        const body = await c.req.json().catch(() => ({}));
+        if (!body.card || typeof body.card !== 'object') {
+            return c.json({
+                success: false,
+                error: 'MISSING_CARD',
+                message: 'Request body must include a "card" field containing an A2A Agent Card JSON object.',
+                example: {
+                    card: {
+                        name: 'My Commerce Agent',
+                        description: 'An A2A-compatible commerce agent',
+                        url: 'https://myagent.example.com',
+                        version: '1.0.0',
+                        capabilities: { streaming: false },
+                        skills: [{ id: 'browse', name: 'Browse', description: 'Browse products' }],
+                    },
+                    duration_seconds: 86400,
+                },
+            }, 400);
+        }
+        const card = body.card;
+        const result = await attestCard(c.env.SESSIONS, c.env.JWT_SECRET, {
+            card,
+            app_id: appAccess.appId,
+            duration_seconds: typeof body.duration_seconds === 'number' ? body.duration_seconds : undefined,
+            trust_level: typeof body.trust_level === 'string' ? body.trust_level : undefined,
+        });
+        if (!result.success) {
+            const status = result.error?.includes('must have') ? 400
+                : result.error?.includes('Invalid') ? 400
+                    : 500;
+            return c.json({
+                success: false,
+                error: 'ATTESTATION_FAILED',
+                message: result.error,
+            }, status);
+        }
+        const att = result.attestation;
+        return c.json({
+            success: true,
+            message: 'Agent Card attested successfully. BOTCHA is now the trust oracle for this card.',
+            attestation: {
+                attestation_id: att.attestation_id,
+                agent_url: att.agent_url,
+                agent_name: att.agent_name,
+                app_id: att.app_id,
+                card_hash: att.card_hash,
+                trust_level: att.trust_level,
+                token: att.token,
+                created_at: new Date(att.created_at).toISOString(),
+                expires_at: new Date(att.expires_at).toISOString(),
+            },
+            attested_card: result.attested_card,
+            usage: {
+                note: 'Embed the attested_card in your A2A discovery endpoint (/.well-known/agent.json)',
+                verify: 'Other agents can verify this card via POST /v1/a2a/verify-card',
+                registry: 'This card is now listed in GET /v1/a2a/cards?verified=true',
+            },
+        }, 201);
+    }
+    catch (error) {
+        console.error('A2A attest route error:', error);
+        return c.json({
+            success: false,
+            error: 'INTERNAL_ERROR',
+            message: 'Internal server error',
+        }, 500);
+    }
+}
+/**
+ * POST /v1/a2a/verify-card
+ *
+ * Verify a BOTCHA-attested A2A Agent Card. Any agent can call this endpoint
+ * to check whether a card's attestation is valid. No auth required.
+ *
+ * Request body:
+ *   card  — A2A Agent Card JSON including extensions.botcha_attestation (required)
+ *
+ * Returns:
+ *   valid: true  → card is verified, claims decoded
+ *   valid: false → reason for failure (expired, tampered, revoked, missing)
+ */
+export async function verifyCardRoute(c) {
+    try {
+        const body = await c.req.json().catch(() => ({}));
+        if (!body.card || typeof body.card !== 'object') {
+            return c.json({
+                success: false,
+                error: 'MISSING_CARD',
+                message: 'Request body must include a "card" field containing an A2A Agent Card JSON with extensions.botcha_attestation.',
+            }, 400);
+        }
+        const card = body.card;
+        const result = await verifyCard(c.env.SESSIONS, c.env.JWT_SECRET, card);
+        if (!result.success) {
+            return c.json({
+                success: false,
+                error: 'VERIFICATION_ERROR',
+                message: result.error,
+            }, 500);
+        }
+        if (!result.valid) {
+            return c.json({
+                success: true,
+                valid: false,
+                verified: false,
+                error: result.error,
+                reason: result.reason,
+                attestation_id: result.attestation_id || null,
+                card_hash: result.card_hash || null,
+            }, 200);
+        }
+        return c.json({
+            success: true,
+            valid: true,
+            verified: true,
+            attestation_id: result.attestation_id,
+            agent_url: result.agent_url,
+            agent_name: result.agent_name,
+            card_hash: result.card_hash,
+            trust_level: result.trust_level,
+            app_id: result.app_id,
+            issued_at: result.issued_at,
+            expires_at: result.expires_at,
+            issuer: 'https://botcha.ai',
+            message: '✅ Agent Card verified. BOTCHA attests this agent is who it claims to be.',
+        }, 200);
+    }
+    catch (error) {
+        console.error('A2A verify-card route error:', error);
+        return c.json({
+            success: false,
+            error: 'INTERNAL_ERROR',
+            message: 'Internal server error',
+        }, 500);
+    }
+}
+/**
+ * GET /v1/a2a/cards
+ *
+ * List BOTCHA-verified A2A Agent Cards from the public registry.
+ *
+ * Query params:
+ *   verified=true   — only non-revoked (default true)
+ *   agent_url=      — filter by agent URL
+ *   limit=          — max results (default 50, max 200)
+ *
+ * No auth required — this is a public discovery endpoint.
+ */
+export async function listCardsRoute(c) {
+    try {
+        const verifiedParam = c.req.query('verified');
+        const agentUrl = c.req.query('agent_url');
+        const limitParam = c.req.query('limit');
+        const verifiedOnly = verifiedParam !== 'false';
+        const limit = limitParam ? Math.min(parseInt(limitParam, 10) || 50, 200) : 50;
+        const result = await listVerifiedCards(c.env.SESSIONS, {
+            verified_only: verifiedOnly,
+            agent_url: agentUrl || undefined,
+            limit,
+        });
+        if (!result.success) {
+            return c.json({
+                success: false,
+                error: 'REGISTRY_ERROR',
+                message: result.error,
+            }, 500);
+        }
+        const attestations = result.attestations;
+        return c.json({
+            success: true,
+            count: attestations.length,
+            verified_only: verifiedOnly,
+            agent_url_filter: agentUrl || null,
+            cards: attestations.map(att => ({
+                attestation_id: att.attestation_id,
+                agent_url: att.agent_url,
+                agent_name: att.agent_name,
+                app_id: att.app_id,
+                card_hash: att.card_hash,
+                trust_level: att.trust_level,
+                created_at: new Date(att.created_at).toISOString(),
+                expires_at: new Date(att.expires_at).toISOString(),
+                revoked: att.revoked,
+            })),
+            meta: {
+                note: 'BOTCHA-verified A2A Agent Card registry. Each entry is a cryptographically attested agent.',
+                verify: 'Verify any listed card: POST /v1/a2a/verify-card with the card JSON',
+                attest: 'Add your agent: POST /v1/a2a/attest (requires BOTCHA Bearer token)',
+            },
+        }, 200, {
+            'Cache-Control': 'public, max-age=60',
+        });
+    }
+    catch (error) {
+        console.error('A2A list cards route error:', error);
+        return c.json({
+            success: false,
+            error: 'INTERNAL_ERROR',
+            message: 'Internal server error',
+        }, 500);
+    }
+}
+/**
+ * GET /v1/a2a/cards/:id
+ *
+ * Get a specific A2A attestation record by attestation ID.
+ * No auth required — public registry lookup.
+ */
+export async function getCardAttestationRoute(c) {
+    try {
+        const attestationId = c.req.param('id');
+        if (!attestationId) {
+            return c.json({
+                success: false,
+                error: 'MISSING_ID',
+                message: 'Attestation ID is required',
+            }, 400);
+        }
+        const result = await getCardAttestation(c.env.SESSIONS, attestationId);
+        if (!result.success || !result.attestation) {
+            return c.json({
+                success: false,
+                error: 'NOT_FOUND',
+                message: result.error || 'Attestation not found or expired',
+            }, 404);
+        }
+        const att = result.attestation;
+        return c.json({
+            success: true,
+            attestation_id: att.attestation_id,
+            agent_url: att.agent_url,
+            agent_name: att.agent_name,
+            app_id: att.app_id,
+            card_hash: att.card_hash,
+            trust_level: att.trust_level,
+            created_at: new Date(att.created_at).toISOString(),
+            expires_at: new Date(att.expires_at).toISOString(),
+            revoked: att.revoked,
+            revoked_at: att.revoked_at ? new Date(att.revoked_at).toISOString() : null,
+        }, 200);
+    }
+    catch (error) {
+        console.error('A2A get card attestation route error:', error);
+        return c.json({
+            success: false,
+            error: 'INTERNAL_ERROR',
+            message: 'Internal server error',
+        }, 500);
+    }
+}
+/**
+ * POST /v1/a2a/verify-agent
+ *
+ * Verify an agent by agent_card (with embedded attestation) or by agent_url.
+ * Convenience wrapper: accepts the same payload as /v1/a2a/verify-card
+ * plus an `agent_url` shorthand to look up the latest active attestation.
+ */
+export async function verifyAgentRoute(c) {
+    try {
+        const body = await c.req
+            .json()
+            .catch(() => ({}));
+        const sessions = c.env.SESSIONS;
+        // Shorthand: agent_url lookup
+        if (body.agent_url && !body.agent_card) {
+            const cards = await listVerifiedCards(sessions, {
+                agent_url: body.agent_url,
+                verified_only: true,
+                limit: 1,
+            });
+            if (!cards.success || !cards.attestations?.length) {
+                return c.json({
+                    success: false,
+                    verified: false,
+                    error: 'NOT_FOUND',
+                    message: `No active attestation found for agent_url: ${body.agent_url}`,
+                }, 404);
+            }
+            const att = cards.attestations[0];
+            return c.json({
+                success: true,
+                verified: true,
+                agent_url: att.agent_url,
+                agent_name: att.agent_name,
+                attestation_id: att.attestation_id,
+                trust_level: att.trust_level,
+                issued_at: new Date(att.created_at).toISOString(),
+                expires_at: new Date(att.expires_at).toISOString(),
+                issuer: 'https://botcha.ai',
+            });
+        }
+        // Full card verification path (same as verify-card)
+        if (!body.agent_card) {
+            return c.json({
+                success: false,
+                verified: false,
+                error: 'MISSING_CARD',
+                message: 'Provide { agent_card: {...} } (Agent Card with embedded attestation) or { agent_url: "..." }',
+                example: { agent_card: { name: 'My Agent', url: 'https://example.com', extensions: { botcha_attestation: '...' } } },
+            }, 400);
+        }
+        const result = await verifyCard(sessions, c.env.JWT_SECRET, body.agent_card);
+        if (!result.success) {
+            return c.json({
+                success: false,
+                verified: false,
+                error: result.error || 'VERIFICATION_FAILED',
+                valid: false,
+            }, result.error === 'MISSING_CARD' ? 400 : 200);
+        }
+        return c.json({
+            success: true,
+            verified: result.valid,
+            valid: result.valid,
+            attestation_id: result.attestation_id,
+            trust_level: result.trust_level,
+            card_hash: result.card_hash,
+            issued_at: result.issued_at,
+            expires_at: result.expires_at,
+            issuer: 'https://botcha.ai',
+        });
+    }
+    catch (error) {
+        console.error('A2A verify-agent route error:', error);
+        return c.json({ success: false, error: 'INTERNAL_ERROR', message: 'Internal server error' }, 500);
+    }
+}
+/**
+ * GET /v1/a2a/trust-level/:agent_url
+ *
+ * Returns the current trust level for an agent identified by URL.
+ * The :agent_url path param should be URL-encoded.
+ */
+export async function agentTrustLevelRoute(c) {
+    try {
+        const agentUrl = decodeURIComponent(c.req.param('agent_url') || '');
+        const sessions = c.env.SESSIONS;
+        if (!agentUrl) {
+            return c.json({
+                success: false,
+                error: 'MISSING_AGENT_URL',
+                message: 'Provide the agent URL as a URL-encoded path parameter: /v1/a2a/trust-level/:agent_url',
+            }, 400);
+        }
+        const cards = await listVerifiedCards(sessions, {
+            agent_url: agentUrl,
+            verified_only: true,
+            limit: 1,
+        });
+        if (!cards.success || !cards.attestations?.length) {
+            return c.json({
+                success: true,
+                agent_url: agentUrl,
+                trust_level: 'unverified',
+                attestation_count: 0,
+                message: 'No active BOTCHA attestation found for this agent.',
+            });
+        }
+        const att = cards.attestations[0];
+        return c.json({
+            success: true,
+            agent_url: att.agent_url,
+            agent_name: att.agent_name,
+            trust_level: att.trust_level,
+            attestation_id: att.attestation_id,
+            issued_at: new Date(att.created_at).toISOString(),
+            expires_at: new Date(att.expires_at).toISOString(),
+            verified: !att.revoked,
+        });
+    }
+    catch (error) {
+        console.error('A2A trust-level route error:', error);
+        return c.json({ success: false, error: 'INTERNAL_ERROR', message: 'Internal server error' }, 500);
+    }
+}
+export default {
+    agentCardRoute,
+    attestCardRoute,
+    verifyCardRoute,
+    listCardsRoute,
+    getCardAttestationRoute,
+    verifyAgentRoute,
+    agentTrustLevelRoute,
+};

package/dist/tap-a2a.d.ts ADDED Viewed

@@ -0,0 +1,199 @@
+/**
+ * A2A Agent Card Attestation — BOTCHA as A2A Trust Oracle
+ *
+ * Implements Google's A2A (Agent-to-Agent) protocol trust layer:
+ *   1. BOTCHA's own Agent Card (/.well-known/agent.json)
+ *   2. Agent Card attestation issuance (POST /v1/a2a/attest)
+ *   3. Agent Card attestation verification (POST /v1/a2a/verify-card)
+ *   4. Verified card registry (GET /v1/a2a/cards)
+ *
+ * Attestation model:
+ *   - Input:  any A2A Agent Card JSON
+ *   - Output: a signed JWT embedding SHA-256(canonicalized card)
+ *   - The JWT is embedded into card.extensions.botcha_attestation
+ *   - Verification checks: signature, hash match, expiration, revocation
+ *
+ * References:
+ *   https://google.github.io/A2A/
+ *   https://github.com/google-a2a/A2A
+ */
+import type { KVNamespace } from './agents.js';
+export interface A2AAgentCardAuthentication {
+    schemes: string[];
+    description?: string;
+    credentials?: Record<string, string>;
+}
+export interface A2AAgentCardSkill {
+    id: string;
+    name: string;
+    description?: string;
+    tags?: string[];
+    examples?: string[];
+    inputModes?: string[];
+    outputModes?: string[];
+}
+export interface A2AAgentCardCapabilities {
+    streaming?: boolean;
+    pushNotifications?: boolean;
+    stateTransitionHistory?: boolean;
+}
+export interface BotchaAttestationExtension {
+    token: string;
+    verified_at: string;
+    trust_level: string;
+    issuer: string;
+    card_hash: string;
+    expires_at: string;
+}
+export interface A2AAgentCard {
+    name: string;
+    description?: string;
+    url: string;
+    version?: string;
+    documentationUrl?: string;
+    capabilities?: A2AAgentCardCapabilities;
+    authentication?: A2AAgentCardAuthentication[];
+    defaultInputModes?: string[];
+    defaultOutputModes?: string[];
+    skills?: A2AAgentCardSkill[];
+    extensions?: {
+        botcha_attestation?: BotchaAttestationExtension;
+        [key: string]: unknown;
+    };
+    [key: string]: unknown;
+}
+export interface A2AAttestationPayload {
+    sub: string;
+    iss: string;
+    type: 'botcha-a2a-attestation';
+    jti: string;
+    iat: number;
+    exp: number;
+    card_hash: string;
+    agent_name: string;
+    agent_url: string;
+    app_id: string;
+    trust_level: string;
+}
+export interface A2AAttestation {
+    attestation_id: string;
+    agent_url: string;
+    agent_name: string;
+    app_id: string;
+    card_hash: string;
+    token: string;
+    trust_level: string;
+    created_at: number;
+    expires_at: number;
+    revoked: boolean;
+    revoked_at?: number;
+    card_snapshot?: A2AAgentCard;
+}
+export interface AttestCardOptions {
+    card: A2AAgentCard;
+    app_id: string;
+    duration_seconds?: number;
+    trust_level?: string;
+}
+export interface AttestCardResult {
+    success: boolean;
+    attestation?: A2AAttestation;
+    attested_card?: A2AAgentCard;
+    error?: string;
+}
+export interface VerifyCardResult {
+    success: boolean;
+    valid?: boolean;
+    attestation_id?: string;
+    agent_url?: string;
+    agent_name?: string;
+    card_hash?: string;
+    trust_level?: string;
+    issued_at?: string;
+    expires_at?: string;
+    app_id?: string;
+    error?: string;
+    reason?: string;
+}
+export declare const BOTCHA_VERSION = "0.21.2";
+export declare const BOTCHA_URL = "https://botcha.ai";
+/**
+ * BOTCHA's A2A Agent Card.
+ * Served at /.well-known/agent.json
+ */
+export declare function getBotchaAgentCard(version?: string): A2AAgentCard;
+/**
+ * Canonicalize an A2A Agent Card for hashing.
+ *
+ * We remove the extensions.botcha_attestation field before hashing
+ * so that the attestation can be embedded in the card without
+ * invalidating its own hash. All other fields are included.
+ *
+ * Canonicalization: JSON.stringify with sorted keys (deterministic).
+ */
+export declare function canonicalizeCard(card: A2AAgentCard): string;
+/**
+ * Compute SHA-256 of a canonicalized card string.
+ * Returns lowercase hex string.
+ */
+export declare function hashCard(card: A2AAgentCard): Promise<string>;
+/**
+ * Issue a BOTCHA attestation for an A2A Agent Card.
+ *
+ * Steps:
+ * 1. Validate card (name + url required)
+ * 2. Canonicalize and hash the card (without extensions)
+ * 3. Sign a JWT with card_hash + agent identity
+ * 4. Embed attestation in card.extensions.botcha_attestation
+ * 5. Store attestation in KV for lookup and revocation
+ */
+export declare function attestCard(sessions: KVNamespace, secret: string, options: AttestCardOptions): Promise<AttestCardResult>;
+/**
+ * Verify a BOTCHA-attested A2A Agent Card.
+ *
+ * Checks:
+ * 1. Card has extensions.botcha_attestation.token
+ * 2. JWT signature and expiration (cryptographic)
+ * 3. JWT type is 'botcha-a2a-attestation'
+ * 4. card_hash matches the current card content (tamper detection)
+ * 5. Revocation status (KV lookup, fail-open)
+ *
+ * Returns verified/invalid + decoded claims.
+ */
+export declare function verifyCard(sessions: KVNamespace, secret: string, card: A2AAgentCard): Promise<VerifyCardResult>;
+/**
+ * Get a specific A2A attestation record by ID.
+ */
+export declare function getCardAttestation(sessions: KVNamespace, attestationId: string): Promise<{
+    success: boolean;
+    attestation?: A2AAttestation;
+    error?: string;
+}>;
+/**
+ * List BOTCHA-verified A2A cards from the registry.
+ *
+ * Query options:
+ *   verified_only: boolean — only return non-revoked attestations (default: true)
+ *   agent_url: string — filter by agent URL
+ *   limit: number — max results (default 50, max 200)
+ */
+export declare function listVerifiedCards(sessions: KVNamespace, opts?: {
+    verified_only?: boolean;
+    agent_url?: string;
+    limit?: number;
+}): Promise<{
+    success: boolean;
+    attestations?: A2AAttestation[];
+    error?: string;
+}>;
+declare const _default: {
+    getBotchaAgentCard: typeof getBotchaAgentCard;
+    canonicalizeCard: typeof canonicalizeCard;
+    hashCard: typeof hashCard;
+    attestCard: typeof attestCard;
+    verifyCard: typeof verifyCard;
+    getCardAttestation: typeof getCardAttestation;
+    listVerifiedCards: typeof listVerifiedCards;
+};
+export default _default;
+//# sourceMappingURL=tap-a2a.d.ts.map

package/dist/tap-a2a.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tap-a2a.d.ts","sourceRoot":"","sources":["../src/tap-a2a.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAI/C,MAAM,WAAW,0BAA0B;IACzC,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,wBAAwB;IACvC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,sBAAsB,CAAC,EAAE,OAAO,CAAC;CAClC;AAED,MAAM,WAAW,0BAA0B;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,YAAY,CAAC,EAAE,wBAAwB,CAAC;IACxC,cAAc,CAAC,EAAE,0BAA0B,EAAE,CAAC;IAC9C,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,MAAM,CAAC,EAAE,iBAAiB,EAAE,CAAC;IAC7B,UAAU,CAAC,EAAE;QACX,kBAAkB,CAAC,EAAE,0BAA0B,CAAC;QAChD,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,qBAAqB;IACpC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,wBAAwB,CAAC;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,YAAY,CAAC;CAC9B;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,YAAY,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,CAAC,EAAE,cAAc,CAAC;IAC7B,aAAa,CAAC,EAAE,YAAY,CAAC;IAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAID,eAAO,MAAM,cAAc,WAAW,CAAC;AACvC,eAAO,MAAM,UAAU,sBAAsB,CAAC;AAE9C;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,YAAY,CA+EjE;AAID;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,YAAY,GAAG,MAAM,CAK3D;AAED;;;GAGG;AACH,wBAAsB,QAAQ,CAAC,IAAI,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,CAOlE;AAwDD;;;;;;;;;GASG;AACH,wBAAsB,UAAU,CAC9B,QAAQ,EAAE,WAAW,EACrB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,gBAAgB,CAAC,CAsG3B;AAID;;;;;;;;;;;GAWG;AACH,wBAAsB,UAAU,CAC9B,QAAQ,EAAE,WAAW,EACrB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,YAAY,GACjB,OAAO,CAAC,gBAAgB,CAAC,CAsG3B;AAID;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,QAAQ,EAAE,WAAW,EACrB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,cAAc,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAW7E;AAED;;;;;;;GAOG;AACH,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,WAAW,EACrB,IAAI,GAAE;IACJ,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CACX,GACL,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,YAAY,CAAC,EAAE,cAAc,EAAE,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA2ChF;;;;;;;;;;AA6CD,wBAQE"}