@dupecom/botcha 0.10.0 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +72 -1
- package/dist/lib/client/index.js +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -35,6 +35,7 @@ Use cases:
|
|
|
35
35
|
- 📊 Per-app metrics dashboard at [botcha.ai/dashboard](https://botcha.ai/dashboard)
|
|
36
36
|
- 📧 Email verification, account recovery, and secret rotation
|
|
37
37
|
- 🤖 Agent-first dashboard auth (challenge-based login + device code handoff)
|
|
38
|
+
- 🆔 Persistent agent identities with registry
|
|
38
39
|
|
|
39
40
|
## Install
|
|
40
41
|
|
|
@@ -237,6 +238,32 @@ async with BotchaClient(app_id="app_abc123") as client:
|
|
|
237
238
|
response = await client.fetch("https://api.example.com/agent-only")
|
|
238
239
|
```
|
|
239
240
|
|
|
241
|
+
### SDK App Lifecycle (v0.10.0+)
|
|
242
|
+
|
|
243
|
+
Both SDKs now include methods for the full app lifecycle:
|
|
244
|
+
|
|
245
|
+
**TypeScript:**
|
|
246
|
+
|
|
247
|
+
```typescript
|
|
248
|
+
const client = new BotchaClient();
|
|
249
|
+
const app = await client.createApp('agent@example.com'); // auto-sets appId
|
|
250
|
+
await client.verifyEmail('123456'); // verify with email code
|
|
251
|
+
await client.resendVerification(); // resend code
|
|
252
|
+
await client.recoverAccount('agent@example.com'); // recovery device code via email
|
|
253
|
+
const rotated = await client.rotateSecret(); // rotate secret (auth required)
|
|
254
|
+
```
|
|
255
|
+
|
|
256
|
+
**Python:**
|
|
257
|
+
|
|
258
|
+
```python
|
|
259
|
+
async with BotchaClient() as client:
|
|
260
|
+
app = await client.create_app("agent@example.com") # auto-sets app_id
|
|
261
|
+
await client.verify_email("123456") # verify with email code
|
|
262
|
+
await client.resend_verification() # resend code
|
|
263
|
+
await client.recover_account("agent@example.com") # recovery device code via email
|
|
264
|
+
rotated = await client.rotate_secret() # rotate secret (auth required)
|
|
265
|
+
```
|
|
266
|
+
|
|
240
267
|
### Rate Limiting
|
|
241
268
|
|
|
242
269
|
Each app gets its own rate limit bucket:
|
|
@@ -285,6 +312,50 @@ Session uses cookie-based auth (HttpOnly, Secure, SameSite=Lax, 1hr expiry).
|
|
|
285
312
|
|
|
286
313
|
All metrics support `1h`, `24h`, `7d`, and `30d` time windows via htmx-powered buttons — no page reload required.
|
|
287
314
|
|
|
315
|
+
## 🤖 Agent Registry
|
|
316
|
+
|
|
317
|
+
BOTCHA now supports **persistent agent identities** — register your agent with a name, operator, and version to build a verifiable identity over time.
|
|
318
|
+
|
|
319
|
+
### Why Register an Agent?
|
|
320
|
+
|
|
321
|
+
- **Identity**: Get a persistent `agent_id` that survives across sessions
|
|
322
|
+
- **Attribution**: Track which agent made which API calls
|
|
323
|
+
- **Reputation**: Build trust over time (foundation for future reputation scoring)
|
|
324
|
+
- **Accountability**: Know who's operating each agent
|
|
325
|
+
|
|
326
|
+
### Registering an Agent
|
|
327
|
+
|
|
328
|
+
```bash
|
|
329
|
+
# Register a new agent (requires app_id)
|
|
330
|
+
curl -X POST "https://botcha.ai/v1/agents/register?app_id=app_abc123" \
|
|
331
|
+
-H "Content-Type: application/json" \
|
|
332
|
+
-d '{
|
|
333
|
+
"name": "my-assistant",
|
|
334
|
+
"operator": "Acme Corp",
|
|
335
|
+
"version": "1.0.0"
|
|
336
|
+
}'
|
|
337
|
+
|
|
338
|
+
# Returns:
|
|
339
|
+
{
|
|
340
|
+
"agent_id": "agent_xyz789",
|
|
341
|
+
"app_id": "app_abc123",
|
|
342
|
+
"name": "my-assistant",
|
|
343
|
+
"operator": "Acme Corp",
|
|
344
|
+
"version": "1.0.0",
|
|
345
|
+
"created_at": 1770936000000
|
|
346
|
+
}
|
|
347
|
+
```
|
|
348
|
+
|
|
349
|
+
### Agent Endpoints
|
|
350
|
+
|
|
351
|
+
| Endpoint | Description |
|
|
352
|
+
|----------|-------------|
|
|
353
|
+
| `POST /v1/agents/register` | Create a new agent identity (requires `app_id`) |
|
|
354
|
+
| `GET /v1/agents/:id` | Get agent info by ID (public, no auth) |
|
|
355
|
+
| `GET /v1/agents` | List all agents for authenticated app |
|
|
356
|
+
|
|
357
|
+
> **Note:** Agent Registry is the foundation for future features like delegation chains, capability attestation, and reputation scoring. See [ROADMAP.md](./ROADMAP.md) for details.
|
|
358
|
+
|
|
288
359
|
## 🔄 SSE Streaming Flow (AI-Native)
|
|
289
360
|
|
|
290
361
|
For AI agents that prefer a **conversational handshake**, BOTCHA offers **Server-Sent Events (SSE)** streaming:
|
|
@@ -362,7 +433,7 @@ BOTCHA is designed to be auto-discoverable by AI agents through multiple standar
|
|
|
362
433
|
All responses include these headers for agent discovery:
|
|
363
434
|
|
|
364
435
|
```http
|
|
365
|
-
X-Botcha-Version: 0.
|
|
436
|
+
X-Botcha-Version: 0.11.0
|
|
366
437
|
X-Botcha-Enabled: true
|
|
367
438
|
X-Botcha-Methods: hybrid-challenge,speed-challenge,reasoning-challenge,standard-challenge
|
|
368
439
|
X-Botcha-Docs: https://botcha.ai/openapi.json
|
package/dist/lib/client/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import crypto from 'crypto';
|
|
2
2
|
// SDK version - hardcoded since npm_package_version is unreliable when used as a library
|
|
3
|
-
const SDK_VERSION = '0.
|
|
3
|
+
const SDK_VERSION = '0.11.0';
|
|
4
4
|
// Export stream client
|
|
5
5
|
export { BotchaStreamClient } from './stream.js';
|
|
6
6
|
/**
|