@epochcore/identity-sdk 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +70 -0
- package/dist/index.d.ts +109 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +138 -0
- package/package.json +46 -0
package/README.md
ADDED
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
# @epochcore/identity-sdk
|
|
2
|
+
|
|
3
|
+
**World's First Universal Infrastructure Identity SDK**
|
|
4
|
+
|
|
5
|
+
Generate Ed25519 cryptographic identities for workers, databases, storage buckets, durable objects, and daemons. Goes beyond ERC-8004 (agents only) to provide identity for your entire infrastructure.
|
|
6
|
+
|
|
7
|
+
## Features
|
|
8
|
+
|
|
9
|
+
- **Ed25519 Keypairs** - Industry-standard elliptic curve cryptography
|
|
10
|
+
- **secp256k1 Wallets** - Ethereum/Base compatible wallet derivation
|
|
11
|
+
- **DID Format** - `did:epochcore:<type>:<name>:<fingerprint>`
|
|
12
|
+
- **JWKS Support** - OAuth2/OIDC integration ready
|
|
13
|
+
- **Post-Quantum Ready** - Prepared for NIST-5 algorithm upgrades
|
|
14
|
+
|
|
15
|
+
## Installation
|
|
16
|
+
|
|
17
|
+
```bash
|
|
18
|
+
npm install @epochcore/identity-sdk
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
## Quick Start
|
|
22
|
+
|
|
23
|
+
```typescript
|
|
24
|
+
import { generateIdentity, deriveWallet, signPayload } from '@epochcore/identity-sdk';
|
|
25
|
+
|
|
26
|
+
// Generate identity for a Cloudflare Worker
|
|
27
|
+
const { identity, privateKey } = await generateIdentity('worker', 'my-api-worker');
|
|
28
|
+
|
|
29
|
+
console.log(identity.did);
|
|
30
|
+
// did:epochcore:worker:my-api-worker:a1b2c3d4e5f6g7h8
|
|
31
|
+
|
|
32
|
+
// Derive Web3 wallet for on-chain operations
|
|
33
|
+
const wallet = deriveWallet(privateKey, identity.did);
|
|
34
|
+
console.log(wallet.address);
|
|
35
|
+
// 0x1234...abcd
|
|
36
|
+
|
|
37
|
+
// Sign a payload
|
|
38
|
+
const signed = await signPayload('{"action":"deploy"}', privateKey);
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
## Identity Types
|
|
42
|
+
|
|
43
|
+
| Type | Use Case |
|
|
44
|
+
|------|----------|
|
|
45
|
+
| `worker` | Cloudflare Workers, Lambda functions |
|
|
46
|
+
| `database` | D1, Postgres, SQLite databases |
|
|
47
|
+
| `storage` | R2 buckets, S3, blob storage |
|
|
48
|
+
| `durable_object` | Stateful edge objects |
|
|
49
|
+
| `daemon` | Local background processes |
|
|
50
|
+
|
|
51
|
+
## JWKS Endpoint
|
|
52
|
+
|
|
53
|
+
Generate a JWKS for your infrastructure identities:
|
|
54
|
+
|
|
55
|
+
```typescript
|
|
56
|
+
import { generateJWKS } from '@epochcore/identity-sdk';
|
|
57
|
+
|
|
58
|
+
const jwks = generateJWKS([identity1.publicKey, identity2.publicKey]);
|
|
59
|
+
// Serve at /.well-known/jwks.json
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
## Funded on Base Mainnet
|
|
63
|
+
|
|
64
|
+
Our production ecosystem has 130 identities with 44 wallets funded on Base L2.
|
|
65
|
+
|
|
66
|
+
TX: `0x88ac90f24c922ffd24b2553b2210de2b5d20d808a2e4367a4c011f26e2422270`
|
|
67
|
+
|
|
68
|
+
## License
|
|
69
|
+
|
|
70
|
+
MIT - EpochCore LLC
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @epochcore/identity-sdk
|
|
3
|
+
* World's First Universal Infrastructure Identity SDK
|
|
4
|
+
*
|
|
5
|
+
* Provides Ed25519 cryptographic identities for:
|
|
6
|
+
* - Cloudflare Workers
|
|
7
|
+
* - D1 Databases
|
|
8
|
+
* - R2 Storage Buckets
|
|
9
|
+
* - Durable Objects
|
|
10
|
+
* - Local Daemons
|
|
11
|
+
*/
|
|
12
|
+
export type IdentityType = 'worker' | 'database' | 'storage' | 'durable_object' | 'daemon';
|
|
13
|
+
export interface EpochCoreIdentity {
|
|
14
|
+
did: string;
|
|
15
|
+
publicKey: string;
|
|
16
|
+
fingerprint: string;
|
|
17
|
+
type: IdentityType;
|
|
18
|
+
name: string;
|
|
19
|
+
createdAt: string;
|
|
20
|
+
}
|
|
21
|
+
export interface EpochCoreWallet {
|
|
22
|
+
address: string;
|
|
23
|
+
publicKey: string;
|
|
24
|
+
identityDid: string;
|
|
25
|
+
}
|
|
26
|
+
export interface SignedPayload {
|
|
27
|
+
payload: string;
|
|
28
|
+
signature: string;
|
|
29
|
+
publicKey: string;
|
|
30
|
+
timestamp: string;
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Generate a new Ed25519 keypair for infrastructure identity
|
|
34
|
+
*/
|
|
35
|
+
export declare function generateKeypair(): Promise<{
|
|
36
|
+
privateKey: string;
|
|
37
|
+
publicKey: string;
|
|
38
|
+
}>;
|
|
39
|
+
/**
|
|
40
|
+
* Create a DID (Decentralized Identifier) for infrastructure
|
|
41
|
+
* Format: did:epochcore:<type>:<name>:<fingerprint>
|
|
42
|
+
*/
|
|
43
|
+
export declare function createDID(type: IdentityType, name: string, publicKey: string): string;
|
|
44
|
+
/**
|
|
45
|
+
* Generate a complete infrastructure identity
|
|
46
|
+
*/
|
|
47
|
+
export declare function generateIdentity(type: IdentityType, name: string): Promise<{
|
|
48
|
+
identity: EpochCoreIdentity;
|
|
49
|
+
privateKey: string;
|
|
50
|
+
}>;
|
|
51
|
+
/**
|
|
52
|
+
* Derive a secp256k1 wallet from an identity for Web3 operations
|
|
53
|
+
*/
|
|
54
|
+
export declare function deriveWallet(privateKey: string, identityDid: string): EpochCoreWallet;
|
|
55
|
+
/**
|
|
56
|
+
* Sign a payload with Ed25519 private key
|
|
57
|
+
*/
|
|
58
|
+
export declare function signPayload(payload: string, privateKey: string): Promise<SignedPayload>;
|
|
59
|
+
/**
|
|
60
|
+
* Verify an Ed25519 signature
|
|
61
|
+
*/
|
|
62
|
+
export declare function verifySignature(payload: string, signature: string, publicKey: string): Promise<boolean>;
|
|
63
|
+
/**
|
|
64
|
+
* Parse a DID string into components
|
|
65
|
+
*/
|
|
66
|
+
export declare function parseDID(did: string): {
|
|
67
|
+
method: string;
|
|
68
|
+
type: IdentityType;
|
|
69
|
+
name: string;
|
|
70
|
+
fingerprint: string;
|
|
71
|
+
} | null;
|
|
72
|
+
/**
|
|
73
|
+
* Generate JWKS (JSON Web Key Set) for OAuth2/OIDC integration
|
|
74
|
+
*/
|
|
75
|
+
export declare function generateJWKS(publicKeys: string[]): {
|
|
76
|
+
keys: Array<{
|
|
77
|
+
kty: string;
|
|
78
|
+
crv: string;
|
|
79
|
+
x: string;
|
|
80
|
+
use: string;
|
|
81
|
+
kid: string;
|
|
82
|
+
}>;
|
|
83
|
+
};
|
|
84
|
+
export declare const CONSTANTS: {
|
|
85
|
+
DID_PREFIX: string;
|
|
86
|
+
SIGNING_ALGORITHM: string;
|
|
87
|
+
WALLET_ALGORITHM: string;
|
|
88
|
+
SUPPORTED_TYPES: IdentityType[];
|
|
89
|
+
VERSION: string;
|
|
90
|
+
};
|
|
91
|
+
declare const _default: {
|
|
92
|
+
generateKeypair: typeof generateKeypair;
|
|
93
|
+
generateIdentity: typeof generateIdentity;
|
|
94
|
+
createDID: typeof createDID;
|
|
95
|
+
parseDID: typeof parseDID;
|
|
96
|
+
deriveWallet: typeof deriveWallet;
|
|
97
|
+
signPayload: typeof signPayload;
|
|
98
|
+
verifySignature: typeof verifySignature;
|
|
99
|
+
generateJWKS: typeof generateJWKS;
|
|
100
|
+
CONSTANTS: {
|
|
101
|
+
DID_PREFIX: string;
|
|
102
|
+
SIGNING_ALGORITHM: string;
|
|
103
|
+
WALLET_ALGORITHM: string;
|
|
104
|
+
SUPPORTED_TYPES: IdentityType[];
|
|
105
|
+
VERSION: string;
|
|
106
|
+
};
|
|
107
|
+
};
|
|
108
|
+
export default _default;
|
|
109
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAOH,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,gBAAgB,GAAG,QAAQ,CAAC;AAE3F,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,YAAY,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC;IAC/C,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC,CAQD;AAED;;;GAGG;AACH,wBAAgB,SAAS,CACvB,IAAI,EAAE,YAAY,EAClB,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,GAChB,MAAM,CAGR;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,YAAY,EAClB,IAAI,EAAE,MAAM,GACX,OAAO,CAAC;IACT,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC,CAgBD;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAClB,eAAe,CAcjB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,aAAa,CAAC,CAWxB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,OAAO,CAAC,CAOlB;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,YAAY,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;CACrB,GAAG,IAAI,CAYP;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG;IAClD,IAAI,EAAE,KAAK,CAAC;QACV,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,CAAC,EAAE,MAAM,CAAC;QACV,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;KACb,CAAC,CAAC;CACJ,CAUA;AAGD,eAAO,MAAM,SAAS;;;;qBAI8D,YAAY,EAAE;;CAEjG,CAAC;;;;;;;;;;;;;;yBAFkF,YAAY,EAAE;;;;AAIlG,wBAUE"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,138 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @epochcore/identity-sdk
|
|
3
|
+
* World's First Universal Infrastructure Identity SDK
|
|
4
|
+
*
|
|
5
|
+
* Provides Ed25519 cryptographic identities for:
|
|
6
|
+
* - Cloudflare Workers
|
|
7
|
+
* - D1 Databases
|
|
8
|
+
* - R2 Storage Buckets
|
|
9
|
+
* - Durable Objects
|
|
10
|
+
* - Local Daemons
|
|
11
|
+
*/
|
|
12
|
+
import * as ed25519 from '@noble/ed25519';
|
|
13
|
+
import * as secp256k1 from '@noble/secp256k1';
|
|
14
|
+
import { sha256 } from '@noble/hashes/sha256';
|
|
15
|
+
import { bytesToHex, hexToBytes } from '@noble/hashes/utils';
|
|
16
|
+
/**
|
|
17
|
+
* Generate a new Ed25519 keypair for infrastructure identity
|
|
18
|
+
*/
|
|
19
|
+
export async function generateKeypair() {
|
|
20
|
+
const privateKey = ed25519.utils.randomPrivateKey();
|
|
21
|
+
const publicKey = await ed25519.getPublicKeyAsync(privateKey);
|
|
22
|
+
return {
|
|
23
|
+
privateKey: bytesToHex(privateKey),
|
|
24
|
+
publicKey: bytesToHex(publicKey)
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Create a DID (Decentralized Identifier) for infrastructure
|
|
29
|
+
* Format: did:epochcore:<type>:<name>:<fingerprint>
|
|
30
|
+
*/
|
|
31
|
+
export function createDID(type, name, publicKey) {
|
|
32
|
+
const fingerprint = bytesToHex(sha256(hexToBytes(publicKey))).slice(0, 16);
|
|
33
|
+
return `did:epochcore:${type}:${name}:${fingerprint}`;
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* Generate a complete infrastructure identity
|
|
37
|
+
*/
|
|
38
|
+
export async function generateIdentity(type, name) {
|
|
39
|
+
const { privateKey, publicKey } = await generateKeypair();
|
|
40
|
+
const fingerprint = bytesToHex(sha256(hexToBytes(publicKey))).slice(0, 16);
|
|
41
|
+
const did = createDID(type, name, publicKey);
|
|
42
|
+
return {
|
|
43
|
+
identity: {
|
|
44
|
+
did,
|
|
45
|
+
publicKey,
|
|
46
|
+
fingerprint,
|
|
47
|
+
type,
|
|
48
|
+
name,
|
|
49
|
+
createdAt: new Date().toISOString()
|
|
50
|
+
},
|
|
51
|
+
privateKey
|
|
52
|
+
};
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Derive a secp256k1 wallet from an identity for Web3 operations
|
|
56
|
+
*/
|
|
57
|
+
export function deriveWallet(privateKey, identityDid) {
|
|
58
|
+
const seedBytes = sha256(hexToBytes(privateKey));
|
|
59
|
+
const walletPrivKey = secp256k1.utils.normPrivateKeyToScalar(seedBytes);
|
|
60
|
+
const walletPubKey = secp256k1.getPublicKey(walletPrivKey, false);
|
|
61
|
+
// Ethereum-style address derivation
|
|
62
|
+
const pubKeyHash = sha256(walletPubKey.slice(1));
|
|
63
|
+
const address = '0x' + bytesToHex(pubKeyHash).slice(-40);
|
|
64
|
+
return {
|
|
65
|
+
address,
|
|
66
|
+
publicKey: bytesToHex(walletPubKey),
|
|
67
|
+
identityDid
|
|
68
|
+
};
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Sign a payload with Ed25519 private key
|
|
72
|
+
*/
|
|
73
|
+
export async function signPayload(payload, privateKey) {
|
|
74
|
+
const message = new TextEncoder().encode(payload);
|
|
75
|
+
const signature = await ed25519.signAsync(message, hexToBytes(privateKey));
|
|
76
|
+
const publicKey = await ed25519.getPublicKeyAsync(hexToBytes(privateKey));
|
|
77
|
+
return {
|
|
78
|
+
payload,
|
|
79
|
+
signature: bytesToHex(signature),
|
|
80
|
+
publicKey: bytesToHex(publicKey),
|
|
81
|
+
timestamp: new Date().toISOString()
|
|
82
|
+
};
|
|
83
|
+
}
|
|
84
|
+
/**
|
|
85
|
+
* Verify an Ed25519 signature
|
|
86
|
+
*/
|
|
87
|
+
export async function verifySignature(payload, signature, publicKey) {
|
|
88
|
+
const message = new TextEncoder().encode(payload);
|
|
89
|
+
return ed25519.verifyAsync(hexToBytes(signature), message, hexToBytes(publicKey));
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* Parse a DID string into components
|
|
93
|
+
*/
|
|
94
|
+
export function parseDID(did) {
|
|
95
|
+
const parts = did.split(':');
|
|
96
|
+
if (parts.length !== 5 || parts[0] !== 'did' || parts[1] !== 'epochcore') {
|
|
97
|
+
return null;
|
|
98
|
+
}
|
|
99
|
+
return {
|
|
100
|
+
method: parts[1],
|
|
101
|
+
type: parts[2],
|
|
102
|
+
name: parts[3],
|
|
103
|
+
fingerprint: parts[4]
|
|
104
|
+
};
|
|
105
|
+
}
|
|
106
|
+
/**
|
|
107
|
+
* Generate JWKS (JSON Web Key Set) for OAuth2/OIDC integration
|
|
108
|
+
*/
|
|
109
|
+
export function generateJWKS(publicKeys) {
|
|
110
|
+
return {
|
|
111
|
+
keys: publicKeys.map((pk, i) => ({
|
|
112
|
+
kty: 'OKP',
|
|
113
|
+
crv: 'Ed25519',
|
|
114
|
+
x: Buffer.from(hexToBytes(pk)).toString('base64url'),
|
|
115
|
+
use: 'sig',
|
|
116
|
+
kid: `epochcore-${i + 1}`
|
|
117
|
+
}))
|
|
118
|
+
};
|
|
119
|
+
}
|
|
120
|
+
// Constants
|
|
121
|
+
export const CONSTANTS = {
|
|
122
|
+
DID_PREFIX: 'did:epochcore',
|
|
123
|
+
SIGNING_ALGORITHM: 'Ed25519',
|
|
124
|
+
WALLET_ALGORITHM: 'secp256k1',
|
|
125
|
+
SUPPORTED_TYPES: ['worker', 'database', 'storage', 'durable_object', 'daemon'],
|
|
126
|
+
VERSION: '1.0.0'
|
|
127
|
+
};
|
|
128
|
+
export default {
|
|
129
|
+
generateKeypair,
|
|
130
|
+
generateIdentity,
|
|
131
|
+
createDID,
|
|
132
|
+
parseDID,
|
|
133
|
+
deriveWallet,
|
|
134
|
+
signPayload,
|
|
135
|
+
verifySignature,
|
|
136
|
+
generateJWKS,
|
|
137
|
+
CONSTANTS
|
|
138
|
+
};
|
package/package.json
ADDED
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@epochcore/identity-sdk",
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "World's First Universal Infrastructure Identity SDK - Ed25519 cryptographic identities for workers, databases, storage, and daemons",
|
|
5
|
+
"main": "dist/index.js",
|
|
6
|
+
"types": "dist/index.d.ts",
|
|
7
|
+
"scripts": {
|
|
8
|
+
"build": "tsc",
|
|
9
|
+
"test": "vitest",
|
|
10
|
+
"prepublishOnly": "npm run build"
|
|
11
|
+
},
|
|
12
|
+
"keywords": [
|
|
13
|
+
"did",
|
|
14
|
+
"decentralized-identity",
|
|
15
|
+
"infrastructure",
|
|
16
|
+
"ed25519",
|
|
17
|
+
"secp256k1",
|
|
18
|
+
"web3",
|
|
19
|
+
"cloudflare-workers",
|
|
20
|
+
"quantum",
|
|
21
|
+
"cryptography"
|
|
22
|
+
],
|
|
23
|
+
"author": "EpochCore LLC",
|
|
24
|
+
"license": "MIT",
|
|
25
|
+
"repository": {
|
|
26
|
+
"type": "git",
|
|
27
|
+
"url": "https://github.com/epochcore/identity-sdk"
|
|
28
|
+
},
|
|
29
|
+
"homepage": "https://epochcore.io",
|
|
30
|
+
"dependencies": {
|
|
31
|
+
"@noble/ed25519": "^2.0.0",
|
|
32
|
+
"@noble/secp256k1": "^2.0.0",
|
|
33
|
+
"@noble/hashes": "^1.3.0"
|
|
34
|
+
},
|
|
35
|
+
"devDependencies": {
|
|
36
|
+
"typescript": "^5.3.0",
|
|
37
|
+
"vitest": "^1.0.0"
|
|
38
|
+
},
|
|
39
|
+
"engines": {
|
|
40
|
+
"node": ">=18.0.0"
|
|
41
|
+
},
|
|
42
|
+
"files": [
|
|
43
|
+
"dist",
|
|
44
|
+
"README.md"
|
|
45
|
+
]
|
|
46
|
+
}
|