@epochcore/identity-sdk 1.0.0

package/README.md

@@ -0,0 +1,70 @@
+# @epochcore/identity-sdk
+
+**World's First Universal Infrastructure Identity SDK**
+
+Generate Ed25519 cryptographic identities for workers, databases, storage buckets, durable objects, and daemons. Goes beyond ERC-8004 (agents only) to provide identity for your entire infrastructure.
+
+## Features
+
+- **Ed25519 Keypairs** - Industry-standard elliptic curve cryptography
+- **secp256k1 Wallets** - Ethereum/Base compatible wallet derivation
+- **DID Format** - `did:epochcore:<type>:<name>:<fingerprint>`
+- **JWKS Support** - OAuth2/OIDC integration ready
+- **Post-Quantum Ready** - Prepared for NIST-5 algorithm upgrades
+
+## Installation
+
+```bash
+npm install @epochcore/identity-sdk
+```
+
+## Quick Start
+
+```typescript
+import { generateIdentity, deriveWallet, signPayload } from '@epochcore/identity-sdk';
+
+// Generate identity for a Cloudflare Worker
+const { identity, privateKey } = await generateIdentity('worker', 'my-api-worker');
+
+console.log(identity.did);
+// did:epochcore:worker:my-api-worker:a1b2c3d4e5f6g7h8
+
+// Derive Web3 wallet for on-chain operations
+const wallet = deriveWallet(privateKey, identity.did);
+console.log(wallet.address);
+// 0x1234...abcd
+
+// Sign a payload
+const signed = await signPayload('{"action":"deploy"}', privateKey);
+```
+
+## Identity Types
+
+| Type | Use Case |
+|------|----------|
+| `worker` | Cloudflare Workers, Lambda functions |
+| `database` | D1, Postgres, SQLite databases |
+| `storage` | R2 buckets, S3, blob storage |
+| `durable_object` | Stateful edge objects |
+| `daemon` | Local background processes |
+
+## JWKS Endpoint
+
+Generate a JWKS for your infrastructure identities:
+
+```typescript
+import { generateJWKS } from '@epochcore/identity-sdk';
+
+const jwks = generateJWKS([identity1.publicKey, identity2.publicKey]);
+// Serve at /.well-known/jwks.json
+```
+
+## Funded on Base Mainnet
+
+Our production ecosystem has 130 identities with 44 wallets funded on Base L2.
+
+TX: `0x88ac90f24c922ffd24b2553b2210de2b5d20d808a2e4367a4c011f26e2422270`
+
+## License
+
+MIT - EpochCore LLC

package/dist/index.d.ts

@@ -0,0 +1,109 @@
+/**
+ * @epochcore/identity-sdk
+ * World's First Universal Infrastructure Identity SDK
+ *
+ * Provides Ed25519 cryptographic identities for:
+ * - Cloudflare Workers
+ * - D1 Databases
+ * - R2 Storage Buckets
+ * - Durable Objects
+ * - Local Daemons
+ */
+export type IdentityType = 'worker' | 'database' | 'storage' | 'durable_object' | 'daemon';
+export interface EpochCoreIdentity {
+    did: string;
+    publicKey: string;
+    fingerprint: string;
+    type: IdentityType;
+    name: string;
+    createdAt: string;
+}
+export interface EpochCoreWallet {
+    address: string;
+    publicKey: string;
+    identityDid: string;
+}
+export interface SignedPayload {
+    payload: string;
+    signature: string;
+    publicKey: string;
+    timestamp: string;
+}
+/**
+ * Generate a new Ed25519 keypair for infrastructure identity
+ */
+export declare function generateKeypair(): Promise<{
+    privateKey: string;
+    publicKey: string;
+}>;
+/**
+ * Create a DID (Decentralized Identifier) for infrastructure
+ * Format: did:epochcore:<type>:<name>:<fingerprint>
+ */
+export declare function createDID(type: IdentityType, name: string, publicKey: string): string;
+/**
+ * Generate a complete infrastructure identity
+ */
+export declare function generateIdentity(type: IdentityType, name: string): Promise<{
+    identity: EpochCoreIdentity;
+    privateKey: string;
+}>;
+/**
+ * Derive a secp256k1 wallet from an identity for Web3 operations
+ */
+export declare function deriveWallet(privateKey: string, identityDid: string): EpochCoreWallet;
+/**
+ * Sign a payload with Ed25519 private key
+ */
+export declare function signPayload(payload: string, privateKey: string): Promise<SignedPayload>;
+/**
+ * Verify an Ed25519 signature
+ */
+export declare function verifySignature(payload: string, signature: string, publicKey: string): Promise<boolean>;
+/**
+ * Parse a DID string into components
+ */
+export declare function parseDID(did: string): {
+    method: string;
+    type: IdentityType;
+    name: string;
+    fingerprint: string;
+} | null;
+/**
+ * Generate JWKS (JSON Web Key Set) for OAuth2/OIDC integration
+ */
+export declare function generateJWKS(publicKeys: string[]): {
+    keys: Array<{
+        kty: string;
+        crv: string;
+        x: string;
+        use: string;
+        kid: string;
+    }>;
+};
+export declare const CONSTANTS: {
+    DID_PREFIX: string;
+    SIGNING_ALGORITHM: string;
+    WALLET_ALGORITHM: string;
+    SUPPORTED_TYPES: IdentityType[];
+    VERSION: string;
+};
+declare const _default: {
+    generateKeypair: typeof generateKeypair;
+    generateIdentity: typeof generateIdentity;
+    createDID: typeof createDID;
+    parseDID: typeof parseDID;
+    deriveWallet: typeof deriveWallet;
+    signPayload: typeof signPayload;
+    verifySignature: typeof verifySignature;
+    generateJWKS: typeof generateJWKS;
+    CONSTANTS: {
+        DID_PREFIX: string;
+        SIGNING_ALGORITHM: string;
+        WALLET_ALGORITHM: string;
+        SUPPORTED_TYPES: IdentityType[];
+        VERSION: string;
+    };
+};
+export default _default;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAOH,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,gBAAgB,GAAG,QAAQ,CAAC;AAE3F,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,YAAY,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC;IAC/C,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC,CAQD;AAED;;;GAGG;AACH,wBAAgB,SAAS,CACvB,IAAI,EAAE,YAAY,EAClB,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,GAChB,MAAM,CAGR;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,YAAY,EAClB,IAAI,EAAE,MAAM,GACX,OAAO,CAAC;IACT,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC,CAgBD;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAClB,eAAe,CAcjB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,aAAa,CAAC,CAWxB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,OAAO,CAAC,CAOlB;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,YAAY,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;CACrB,GAAG,IAAI,CAYP;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG;IAClD,IAAI,EAAE,KAAK,CAAC;QACV,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,CAAC,EAAE,MAAM,CAAC;QACV,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;KACb,CAAC,CAAC;CACJ,CAUA;AAGD,eAAO,MAAM,SAAS;;;;qBAI8D,YAAY,EAAE;;CAEjG,CAAC;;;;;;;;;;;;;;yBAFkF,YAAY,EAAE;;;;AAIlG,wBAUE"}

package/dist/index.js

@@ -0,0 +1,138 @@
+/**
+ * @epochcore/identity-sdk
+ * World's First Universal Infrastructure Identity SDK
+ *
+ * Provides Ed25519 cryptographic identities for:
+ * - Cloudflare Workers
+ * - D1 Databases
+ * - R2 Storage Buckets
+ * - Durable Objects
+ * - Local Daemons
+ */
+import * as ed25519 from '@noble/ed25519';
+import * as secp256k1 from '@noble/secp256k1';
+import { sha256 } from '@noble/hashes/sha256';
+import { bytesToHex, hexToBytes } from '@noble/hashes/utils';
+/**
+ * Generate a new Ed25519 keypair for infrastructure identity
+ */
+export async function generateKeypair() {
+    const privateKey = ed25519.utils.randomPrivateKey();
+    const publicKey = await ed25519.getPublicKeyAsync(privateKey);
+    return {
+        privateKey: bytesToHex(privateKey),
+        publicKey: bytesToHex(publicKey)
+    };
+}
+/**
+ * Create a DID (Decentralized Identifier) for infrastructure
+ * Format: did:epochcore:<type>:<name>:<fingerprint>
+ */
+export function createDID(type, name, publicKey) {
+    const fingerprint = bytesToHex(sha256(hexToBytes(publicKey))).slice(0, 16);
+    return `did:epochcore:${type}:${name}:${fingerprint}`;
+}
+/**
+ * Generate a complete infrastructure identity
+ */
+export async function generateIdentity(type, name) {
+    const { privateKey, publicKey } = await generateKeypair();
+    const fingerprint = bytesToHex(sha256(hexToBytes(publicKey))).slice(0, 16);
+    const did = createDID(type, name, publicKey);
+    return {
+        identity: {
+            did,
+            publicKey,
+            fingerprint,
+            type,
+            name,
+            createdAt: new Date().toISOString()
+        },
+        privateKey
+    };
+}
+/**
+ * Derive a secp256k1 wallet from an identity for Web3 operations
+ */
+export function deriveWallet(privateKey, identityDid) {
+    const seedBytes = sha256(hexToBytes(privateKey));
+    const walletPrivKey = secp256k1.utils.normPrivateKeyToScalar(seedBytes);
+    const walletPubKey = secp256k1.getPublicKey(walletPrivKey, false);
+    // Ethereum-style address derivation
+    const pubKeyHash = sha256(walletPubKey.slice(1));
+    const address = '0x' + bytesToHex(pubKeyHash).slice(-40);
+    return {
+        address,
+        publicKey: bytesToHex(walletPubKey),
+        identityDid
+    };
+}
+/**
+ * Sign a payload with Ed25519 private key
+ */
+export async function signPayload(payload, privateKey) {
+    const message = new TextEncoder().encode(payload);
+    const signature = await ed25519.signAsync(message, hexToBytes(privateKey));
+    const publicKey = await ed25519.getPublicKeyAsync(hexToBytes(privateKey));
+    return {
+        payload,
+        signature: bytesToHex(signature),
+        publicKey: bytesToHex(publicKey),
+        timestamp: new Date().toISOString()
+    };
+}
+/**
+ * Verify an Ed25519 signature
+ */
+export async function verifySignature(payload, signature, publicKey) {
+    const message = new TextEncoder().encode(payload);
+    return ed25519.verifyAsync(hexToBytes(signature), message, hexToBytes(publicKey));
+}
+/**
+ * Parse a DID string into components
+ */
+export function parseDID(did) {
+    const parts = did.split(':');
+    if (parts.length !== 5 || parts[0] !== 'did' || parts[1] !== 'epochcore') {
+        return null;
+    }
+    return {
+        method: parts[1],
+        type: parts[2],
+        name: parts[3],
+        fingerprint: parts[4]
+    };
+}
+/**
+ * Generate JWKS (JSON Web Key Set) for OAuth2/OIDC integration
+ */
+export function generateJWKS(publicKeys) {
+    return {
+        keys: publicKeys.map((pk, i) => ({
+            kty: 'OKP',
+            crv: 'Ed25519',
+            x: Buffer.from(hexToBytes(pk)).toString('base64url'),
+            use: 'sig',
+            kid: `epochcore-${i + 1}`
+        }))
+    };
+}
+// Constants
+export const CONSTANTS = {
+    DID_PREFIX: 'did:epochcore',
+    SIGNING_ALGORITHM: 'Ed25519',
+    WALLET_ALGORITHM: 'secp256k1',
+    SUPPORTED_TYPES: ['worker', 'database', 'storage', 'durable_object', 'daemon'],
+    VERSION: '1.0.0'
+};
+export default {
+    generateKeypair,
+    generateIdentity,
+    createDID,
+    parseDID,
+    deriveWallet,
+    signPayload,
+    verifySignature,
+    generateJWKS,
+    CONSTANTS
+};

package/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "@epochcore/identity-sdk",
+  "version": "1.0.0",
+  "description": "World's First Universal Infrastructure Identity SDK - Ed25519 cryptographic identities for workers, databases, storage, and daemons",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "did",
+    "decentralized-identity",
+    "infrastructure",
+    "ed25519",
+    "secp256k1",
+    "web3",
+    "cloudflare-workers",
+    "quantum",
+    "cryptography"
+  ],
+  "author": "EpochCore LLC",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/epochcore/identity-sdk"
+  },
+  "homepage": "https://epochcore.io",
+  "dependencies": {
+    "@noble/ed25519": "^2.0.0",
+    "@noble/secp256k1": "^2.0.0",
+    "@noble/hashes": "^1.3.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.3.0",
+    "vitest": "^1.0.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ]
+}