npm - @kybernesis/arp-templates - Versions diffs - 0.2.0 - Mend

@kybernesis/arp-templates 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Kybernesis AI
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,84 @@
+# @kybernesis/arp-templates
+Pure builder functions that produce validated ARP documents from typed inputs.
+Every export in this package takes a small typed input, constructs the canonical ARP shape, validates the result against the matching Zod schema from [`@kybernesis/arp-spec`](../spec), and returns the validated object. On validation failure, the builder throws `TemplateValidationError` — you should never see an invalid document leak out of a builder.
+These functions are stateless: no filesystem, no network, no clock reads beyond documented optional defaults. Safe to use in registrar integrations, the ARP runtime, SDKs, or the owner app.
+## Install
+```bash
+pnpm add @kybernesis/arp-templates
+# peer: @kybernesis/arp-spec is bundled as a regular dependency
+```
+## Usage
+### Build a DID document
+```ts
+import { buildDidDocument } from '@kybernesis/arp-templates';
+const didDoc = buildDidDocument({
+  agentDid: 'did:web:samantha.agent',
+  controllerDid: 'did:web:ian.example.agent',
+  publicKeyMultibase: 'z6MkiTBz1ymuepAQ4HEHYSF1H8quG5GLVVQR3djdX3mDooWp',
+  endpoints: {
+    didcomm: 'https://samantha.agent/didcomm',
+    agentCard: 'https://samantha.agent/.well-known/agent-card.json',
+  },
+  representationVcUrl: 'https://ian.samantha.agent/.well-known/representation.jwt',
+});
+```
+### Build an agent card
+```ts
+import { buildAgentCard } from '@kybernesis/arp-templates';
+const card = buildAgentCard({
+  name: 'Samantha',
+  did: 'did:web:samantha.agent',
+  endpoints: {
+    didcomm: 'https://samantha.agent/didcomm',
+    pairing: 'https://samantha.agent/pair',
+  },
+  agentOrigin: 'https://samantha.agent',
+});
+```
+### Build a handoff bundle (registrar integration)
+```ts
+import { buildHandoffBundle } from '@kybernesis/arp-templates';
+const bundle = buildHandoffBundle({
+  agentDid: 'did:web:samantha.agent',
+  principalDid: 'did:web:ian.example.agent',
+  publicKeyMultibase: 'z6Mk...',
+  agentOrigin: 'https://samantha.agent',
+  dnsRecordsPublished: ['A', '_arp TXT', '_did TXT', '_didcomm TXT', '_principal TXT'],
+  certExpiresAt: '2026-07-22T00:00:00Z',
+  bootstrapToken: bootstrapJwt,
+});
+```
+## Builders
+| Export | Source |
+|---|---|
+| `buildDidDocument` | `ARP-tld-integration-spec-v2.md §6.1` |
+| `buildAgentCard` | `ARP-tld-integration-spec-v2.md §6.2` |
+| `buildArpJson` | `ARP-tld-integration-spec-v2.md §6.3` |
+| `buildRepresentationVc` | `ARP-tld-integration-spec-v2.md §6.4` |
+| `buildRevocations` | `ARP-tld-integration-spec-v2.md §6.5` |
+| `buildHandoffBundle` | `ARP-tld-integration-spec-v2.md §7 step 14` |
+## Phase
+Shipped as part of Phase 1. See [`docs/ARP-phase-0-roadmap.md`](../../docs/ARP-phase-0-roadmap.md).
+## License
+MIT.

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,175 @@
+'use strict';
+var arpSpec = require('@kybernesis/arp-spec');
+// src/util.ts
+var TemplateValidationError = class extends Error {
+  issues;
+  constructor(templateName, issues) {
+    super(
+      `${templateName}: produced invalid output (${issues.length} issue${issues.length === 1 ? "" : "s"})`
+    );
+    this.name = "TemplateValidationError";
+    this.issues = issues;
+  }
+};
+function validateOrThrow(templateName, schema, candidate) {
+  const parsed = schema.safeParse(candidate);
+  if (!parsed.success) {
+    throw new TemplateValidationError(templateName, parsed.error.issues);
+  }
+  return parsed.data;
+}
+function makeServiceId(agentDid, suffix) {
+  return `${agentDid}#${suffix}`;
+}
+function buildDidDocument(input) {
+  const keyId = input.keyId ?? "key-1";
+  const verificationMethodId = makeServiceId(input.agentDid, keyId);
+  const doc = {
+    "@context": ["https://www.w3.org/ns/did/v1"],
+    id: input.agentDid,
+    controller: input.controllerDid,
+    verificationMethod: [
+      {
+        id: verificationMethodId,
+        type: "Ed25519VerificationKey2020",
+        controller: input.agentDid,
+        publicKeyMultibase: input.publicKeyMultibase
+      }
+    ],
+    authentication: [verificationMethodId],
+    assertionMethod: [verificationMethodId],
+    keyAgreement: [verificationMethodId],
+    service: [
+      {
+        id: makeServiceId(input.agentDid, "didcomm"),
+        type: "DIDCommMessaging",
+        serviceEndpoint: input.endpoints.didcomm,
+        accept: ["didcomm/v2"]
+      },
+      {
+        id: makeServiceId(input.agentDid, "agent-card"),
+        type: "AgentCard",
+        serviceEndpoint: input.endpoints.agentCard
+      }
+    ],
+    principal: {
+      did: input.controllerDid,
+      representationVC: input.representationVcUrl
+    }
+  };
+  return validateOrThrow("buildDidDocument", arpSpec.DidDocumentSchema, doc);
+}
+function buildAgentCard(input) {
+  const policySchemaUrl = input.policySchemaUrl ?? (input.agentOrigin ? `${input.agentOrigin.replace(/\/$/, "")}/.well-known/policy-schema.json` : void 0);
+  if (!policySchemaUrl) {
+    throw new Error(
+      "buildAgentCard: either policySchemaUrl or agentOrigin must be provided"
+    );
+  }
+  const card = {
+    arp_version: arpSpec.ARP_VERSION,
+    name: input.name,
+    did: input.did,
+    description: input.description ?? "Personal agent",
+    created_at: input.createdAt ?? (/* @__PURE__ */ new Date()).toISOString(),
+    endpoints: {
+      didcomm: input.endpoints.didcomm,
+      ...input.endpoints.a2a ? { a2a: input.endpoints.a2a } : {},
+      pairing: input.endpoints.pairing
+    },
+    accepted_protocols: [...input.acceptedProtocols ?? arpSpec.SUPPORTED_PROTOCOLS],
+    supported_scopes: [...input.supportedScopes ?? []],
+    payment: {
+      x402_enabled: input.payment?.x402Enabled ?? false,
+      currencies: [...input.payment?.currencies ?? []],
+      pricing_url: input.payment?.pricingUrl ?? null
+    },
+    vc_requirements: [...input.vcRequirements ?? []],
+    policy: {
+      engine: "cedar",
+      schema: policySchemaUrl
+    }
+  };
+  return validateOrThrow("buildAgentCard", arpSpec.AgentCardSchema, card);
+}
+var DEFAULT_CAPABILITIES = ["didcomm-v2", "cedar-pdp", "ucan-tokens"];
+function buildArpJson(input) {
+  const origin = input.agentOrigin.replace(/\/$/, "");
+  const doc = {
+    version: arpSpec.ARP_VERSION,
+    capabilities: [...input.capabilities ?? DEFAULT_CAPABILITIES],
+    scope_catalog_url: input.scopeCatalogUrl ?? `${origin}/.well-known/scope-catalog.json`,
+    policy_schema_url: input.policySchemaUrl ?? `${origin}/.well-known/policy-schema.json`
+  };
+  return validateOrThrow("buildArpJson", arpSpec.ArpJsonSchema, doc);
+}
+var DEFAULT_MAX_CONCURRENT_CONNECTIONS = 100;
+var ONE_YEAR_SECONDS = 365 * 24 * 60 * 60;
+function buildRepresentationVc(input) {
+  const iat = input.iat ?? Math.floor(Date.now() / 1e3);
+  const exp = input.exp ?? iat + ONE_YEAR_SECONDS;
+  const doc = {
+    iss: input.principalDid,
+    sub: input.agentDid,
+    iat,
+    exp,
+    vc: {
+      "@context": ["https://www.w3.org/2018/credentials/v1"],
+      type: ["VerifiableCredential", "AgentRepresentation"],
+      credentialSubject: {
+        id: input.agentDid,
+        representedBy: input.principalDid,
+        scope: input.scope ?? "full",
+        constraints: {
+          maxConcurrentConnections: input.constraints?.maxConcurrentConnections ?? DEFAULT_MAX_CONCURRENT_CONNECTIONS,
+          allowedTransferOfOwnership: input.constraints?.allowedTransferOfOwnership ?? false
+        }
+      }
+    }
+  };
+  return validateOrThrow("buildRepresentationVc", arpSpec.RepresentationVcSchema, doc);
+}
+function buildRevocations(input) {
+  const doc = {
+    issuer: input.issuer,
+    updated_at: input.updatedAt ?? (/* @__PURE__ */ new Date()).toISOString(),
+    revocations: input.revocations ? [...input.revocations] : [],
+    signature: {
+      alg: "EdDSA",
+      kid: input.signature.kid,
+      value: input.signature.value
+    }
+  };
+  return validateOrThrow("buildRevocations", arpSpec.RevocationsSchema, doc);
+}
+function buildHandoffBundle(input) {
+  const origin = input.agentOrigin.replace(/\/$/, "");
+  const doc = {
+    agent_did: input.agentDid,
+    principal_did: input.principalDid,
+    public_key_multibase: input.publicKeyMultibase,
+    well_known_urls: {
+      did: input.wellKnownUrls?.did ?? `${origin}/.well-known/did.json`,
+      agent_card: input.wellKnownUrls?.agentCard ?? `${origin}/.well-known/agent-card.json`,
+      arp: input.wellKnownUrls?.arp ?? `${origin}/.well-known/arp.json`
+    },
+    dns_records_published: [...input.dnsRecordsPublished],
+    cert_expires_at: input.certExpiresAt,
+    bootstrap_token: input.bootstrapToken
+  };
+  return validateOrThrow("buildHandoffBundle", arpSpec.HandoffBundleSchema, doc);
+}
+exports.TemplateValidationError = TemplateValidationError;
+exports.buildAgentCard = buildAgentCard;
+exports.buildArpJson = buildArpJson;
+exports.buildDidDocument = buildDidDocument;
+exports.buildHandoffBundle = buildHandoffBundle;
+exports.buildRepresentationVc = buildRepresentationVc;
+exports.buildRevocations = buildRevocations;
+exports.makeServiceId = makeServiceId;
+exports.validateOrThrow = validateOrThrow;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/util.ts","../src/did-document.ts","../src/agent-card.ts","../src/arp-json.ts","../src/representation-vc.ts","../src/revocations.ts","../src/handoff-bundle.ts"],"names":["DidDocumentSchema","ARP_VERSION","SUPPORTED_PROTOCOLS","AgentCardSchema","ArpJsonSchema","RepresentationVcSchema","RevocationsSchema","HandoffBundleSchema"],"mappings":";;;;;AASO,IAAM,uBAAA,GAAN,cAAsC,KAAA,CAAM;AAAA,EACjC,MAAA;AAAA,EAEhB,WAAA,CAAY,cAAsB,MAAA,EAAsB;AACtD,IAAA,KAAA;AAAA,MACE,CAAA,EAAG,YAAY,CAAA,2BAAA,EAA8B,MAAA,CAAO,MAAM,SAAS,MAAA,CAAO,MAAA,KAAW,CAAA,GAAI,EAAA,GAAK,GAAG,CAAA,CAAA;AAAA,KACnG;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,yBAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AACF;AAMO,SAAS,eAAA,CACd,YAAA,EACA,MAAA,EACA,SAAA,EACY;AACZ,EAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,CAAU,SAAS,CAAA;AACzC,EAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,IAAA,MAAM,IAAI,uBAAA,CAAwB,YAAA,EAAc,MAAA,CAAO,MAAM,MAAM,CAAA;AAAA,EACrE;AACA,EAAA,OAAO,MAAA,CAAO,IAAA;AAChB;AAKO,SAAS,aAAA,CAAc,UAAkB,MAAA,EAAwB;AACtE,EAAA,OAAO,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AAC9B;ACVO,SAAS,iBAAiB,KAAA,EAA2C;AAC1E,EAAA,MAAM,KAAA,GAAQ,MAAM,KAAA,IAAS,OAAA;AAC7B,EAAA,MAAM,oBAAA,GAAuB,aAAA,CAAc,KAAA,CAAM,QAAA,EAAU,KAAK,CAAA;AAEhE,EAAA,MAAM,GAAA,GAAM;AAAA,IACV,UAAA,EAAY,CAAC,8BAA8B,CAAA;AAAA,IAC3C,IAAI,KAAA,CAAM,QAAA;AAAA,IACV,YAAY,KAAA,CAAM,aAAA;AAAA,IAClB,kBAAA,EAAoB;AAAA,MAClB;AAAA,QACE,EAAA,EAAI,oBAAA;AAAA,QACJ,IAAA,EAAM,4BAAA;AAAA,QACN,YAAY,KAAA,CAAM,QAAA;AAAA,QAClB,oBAAoB,KAAA,CAAM;AAAA;AAC5B,KACF;AAAA,IACA,cAAA,EAAgB,CAAC,oBAAoB,CAAA;AAAA,IACrC,eAAA,EAAiB,CAAC,oBAAoB,CAAA;AAAA,IACtC,YAAA,EAAc,CAAC,oBAAoB,CAAA;AAAA,IACnC,OAAA,EAAS;AAAA,MACP;AAAA,QACE,EAAA,EAAI,aAAA,CAAc,KAAA,CAAM,QAAA,EAAU,SAAS,CAAA;AAAA,QAC3C,IAAA,EAAM,kBAAA;AAAA,QACN,eAAA,EAAiB,MAAM,SAAA,CAAU,OAAA;AAAA,QACjC,MAAA,EAAQ,CAAC,YAAY;AAAA,OACvB;AAAA,MACA;AAAA,QACE,EAAA,EAAI,aAAA,CAAc,KAAA,CAAM,QAAA,EAAU,YAAY,CAAA;AAAA,QAC9C,IAAA,EAAM,WAAA;AAAA,QACN,eAAA,EAAiB,MAAM,SAAA,CAAU;AAAA;AACnC,KACF;AAAA,IACA,SAAA,EAAW;AAAA,MACT,KAAK,KAAA,CAAM,aAAA;AAAA,MACX,kBAAkB,KAAA,CAAM;AAAA;AAC1B,GACF;AAEA,EAAA,OAAO,eAAA,CAAgB,kBAAA,EAAoBA,yBAAA,EAAmB,GAAG,CAAA;AACnE;AC3BO,SAAS,eAAe,KAAA,EAAuC;AACpE,EAAA,MAAM,eAAA,GACJ,KAAA,CAAM,eAAA,KACL,KAAA,CAAM,WAAA,GACH,CAAA,EAAG,KAAA,CAAM,WAAA,CAAY,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAC,CAAA,+BAAA,CAAA,GACvC,MAAA,CAAA;AAEN,EAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,IAAA,GAAO;AAAA,IACX,WAAA,EAAaC,mBAAA;AAAA,IACb,MAAM,KAAA,CAAM,IAAA;AAAA,IACZ,KAAK,KAAA,CAAM,GAAA;AAAA,IACX,WAAA,EAAa,MAAM,WAAA,IAAe,gBAAA;AAAA,IAClC,YAAY,KAAA,CAAM,SAAA,IAAA,iBAAa,IAAI,IAAA,IAAO,WAAA,EAAY;AAAA,IACtD,SAAA,EAAW;AAAA,MACT,OAAA,EAAS,MAAM,SAAA,CAAU,OAAA;AAAA,MACzB,GAAI,KAAA,CAAM,SAAA,CAAU,GAAA,GAAM,EAAE,KAAK,KAAA,CAAM,SAAA,CAAU,GAAA,EAAI,GAAI,EAAC;AAAA,MAC1D,OAAA,EAAS,MAAM,SAAA,CAAU;AAAA,KAC3B;AAAA,IACA,kBAAA,EAAoB,CAAC,GAAI,KAAA,CAAM,qBAAqBC,2BAAoB,CAAA;AAAA,IACxE,kBAAkB,CAAC,GAAI,KAAA,CAAM,eAAA,IAAmB,EAAG,CAAA;AAAA,IACnD,OAAA,EAAS;AAAA,MACP,YAAA,EAAc,KAAA,CAAM,OAAA,EAAS,WAAA,IAAe,KAAA;AAAA,MAC5C,YAAY,CAAC,GAAI,MAAM,OAAA,EAAS,UAAA,IAAc,EAAG,CAAA;AAAA,MACjD,WAAA,EAAa,KAAA,CAAM,OAAA,EAAS,UAAA,IAAc;AAAA,KAC5C;AAAA,IACA,iBAAiB,CAAC,GAAI,KAAA,CAAM,cAAA,IAAkB,EAAG,CAAA;AAAA,IACjD,MAAA,EAAQ;AAAA,MACN,MAAA,EAAQ,OAAA;AAAA,MACR,MAAA,EAAQ;AAAA;AACV,GACF;AAEA,EAAA,OAAO,eAAA,CAAgB,gBAAA,EAAkBC,uBAAA,EAAiB,IAAI,CAAA;AAChE;AClEA,IAAM,oBAAA,GAAuB,CAAC,YAAA,EAAc,WAAA,EAAa,aAAa,CAAA;AAE/D,SAAS,aAAa,KAAA,EAAmC;AAC9D,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,WAAA,CAAY,OAAA,CAAQ,OAAO,EAAE,CAAA;AAClD,EAAA,MAAM,GAAA,GAAM;AAAA,IACV,OAAA,EAASF,mBAAAA;AAAA,IACT,YAAA,EAAc,CAAC,GAAI,KAAA,CAAM,gBAAgB,oBAAqB,CAAA;AAAA,IAC9D,iBAAA,EACE,KAAA,CAAM,eAAA,IAAmB,CAAA,EAAG,MAAM,CAAA,+BAAA,CAAA;AAAA,IACpC,iBAAA,EACE,KAAA,CAAM,eAAA,IAAmB,CAAA,EAAG,MAAM,CAAA,+BAAA;AAAA,GACtC;AACA,EAAA,OAAO,eAAA,CAAgB,cAAA,EAAgBG,qBAAA,EAAe,GAAG,CAAA;AAC3D;ACNA,IAAM,kCAAA,GAAqC,GAAA;AAC3C,IAAM,gBAAA,GAAmB,GAAA,GAAM,EAAA,GAAK,EAAA,GAAK,EAAA;AAElC,SAAS,sBAAsB,KAAA,EAAqD;AACzF,EAAA,MAAM,GAAA,GAAM,MAAM,GAAA,IAAO,IAAA,CAAK,MAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACrD,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,GAAA,IAAO,GAAA,GAAM,gBAAA;AAE/B,EAAA,MAAM,GAAA,GAAM;AAAA,IACV,KAAK,KAAA,CAAM,YAAA;AAAA,IACX,KAAK,KAAA,CAAM,QAAA;AAAA,IACX,GAAA;AAAA,IACA,GAAA;AAAA,IACA,EAAA,EAAI;AAAA,MACF,UAAA,EAAY,CAAC,wCAAwC,CAAA;AAAA,MACrD,IAAA,EAAM,CAAC,sBAAA,EAAwB,qBAAqB,CAAA;AAAA,MACpD,iBAAA,EAAmB;AAAA,QACjB,IAAI,KAAA,CAAM,QAAA;AAAA,QACV,eAAe,KAAA,CAAM,YAAA;AAAA,QACrB,KAAA,EAAO,MAAM,KAAA,IAAU,MAAA;AAAA,QACvB,WAAA,EAAa;AAAA,UACX,wBAAA,EACE,KAAA,CAAM,WAAA,EAAa,wBAAA,IAA4B,kCAAA;AAAA,UACjD,0BAAA,EAA4B,KAAA,CAAM,WAAA,EAAa,0BAAA,IAA8B;AAAA;AAC/E;AACF;AACF,GACF;AAEA,EAAA,OAAO,eAAA,CAAgB,uBAAA,EAAyBC,8BAAA,EAAwB,GAAG,CAAA;AAC7E;AC9BO,SAAS,iBAAiB,KAAA,EAA2C;AAC1E,EAAA,MAAM,GAAA,GAAM;AAAA,IACV,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,YAAY,KAAA,CAAM,SAAA,IAAA,iBAAa,IAAI,IAAA,IAAO,WAAA,EAAY;AAAA,IACtD,WAAA,EAAa,MAAM,WAAA,GAAc,CAAC,GAAG,KAAA,CAAM,WAAW,IAAI,EAAC;AAAA,IAC3D,SAAA,EAAW;AAAA,MACT,GAAA,EAAK,OAAA;AAAA,MACL,GAAA,EAAK,MAAM,SAAA,CAAU,GAAA;AAAA,MACrB,KAAA,EAAO,MAAM,SAAA,CAAU;AAAA;AACzB,GACF;AAEA,EAAA,OAAO,eAAA,CAAgB,kBAAA,EAAoBC,yBAAA,EAAmB,GAAG,CAAA;AACnE;ACLO,SAAS,mBAAmB,KAAA,EAA+C;AAChF,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,WAAA,CAAY,OAAA,CAAQ,OAAO,EAAE,CAAA;AAClD,EAAA,MAAM,GAAA,GAAM;AAAA,IACV,WAAW,KAAA,CAAM,QAAA;AAAA,IACjB,eAAe,KAAA,CAAM,YAAA;AAAA,IACrB,sBAAsB,KAAA,CAAM,kBAAA;AAAA,IAC5B,eAAA,EAAiB;AAAA,MACf,GAAA,EAAK,KAAA,CAAM,aAAA,EAAe,GAAA,IAAO,GAAG,MAAM,CAAA,qBAAA,CAAA;AAAA,MAC1C,UAAA,EACE,KAAA,CAAM,aAAA,EAAe,SAAA,IAAa,GAAG,MAAM,CAAA,4BAAA,CAAA;AAAA,MAC7C,GAAA,EAAK,KAAA,CAAM,aAAA,EAAe,GAAA,IAAO,GAAG,MAAM,CAAA,qBAAA;AAAA,KAC5C;AAAA,IACA,qBAAA,EAAuB,CAAC,GAAG,KAAA,CAAM,mBAAmB,CAAA;AAAA,IACpD,iBAAiB,KAAA,CAAM,aAAA;AAAA,IACvB,iBAAiB,KAAA,CAAM;AAAA,GACzB;AAEA,EAAA,OAAO,eAAA,CAAgB,oBAAA,EAAsBC,2BAAA,EAAqB,GAAG,CAAA;AACvE","file":"index.cjs","sourcesContent":["import { z, type ZodTypeAny } from 'zod';\n\n/**\n * Error thrown when a template output fails its own Zod validation.\n *\n * Template functions are pure — inputs are typed, but defaults, URL\n * composition, and date math still need a schema check before the object\n * leaves the builder.\n */\nexport class TemplateValidationError extends Error {\n public readonly issues: z.ZodIssue[];\n\n constructor(templateName: string, issues: z.ZodIssue[]) {\n super(\n `${templateName}: produced invalid output (${issues.length} issue${issues.length === 1 ? '' : 's'})`\n );\n this.name = 'TemplateValidationError';\n this.issues = issues;\n }\n}\n\n/**\n * Validate `candidate` against `schema`. Throws `TemplateValidationError` on\n * failure, returns the parsed value on success.\n */\nexport function validateOrThrow<S extends ZodTypeAny>(\n templateName: string,\n schema: S,\n candidate: unknown\n): z.infer<S> {\n const parsed = schema.safeParse(candidate);\n if (!parsed.success) {\n throw new TemplateValidationError(templateName, parsed.error.issues);\n }\n return parsed.data;\n}\n\n/**\n * Canonical service ID helper: `<agentDid>#<suffix>`.\n */\nexport function makeServiceId(agentDid: string, suffix: string): string {\n return `${agentDid}#${suffix}`;\n}\n","import {\n DidDocumentSchema,\n type DidDocument,\n type DidUri,\n type PublicKeyMultibase,\n} from '@kybernesis/arp-spec';\nimport { validateOrThrow, makeServiceId } from './util.js';\n\nexport interface BuildDidDocumentInput {\n /** Agent DID (e.g. \"did:web:samantha.agent\"). */\n agentDid: DidUri;\n /** Principal (controller) DID. May be a placeholder pre-binding. */\n controllerDid: DidUri;\n /** Ed25519 public key in multibase (z-base58btc). */\n publicKeyMultibase: PublicKeyMultibase;\n /** Service endpoints. */\n endpoints: {\n didcomm: string;\n agentCard: string;\n };\n /** Representation VC URL served on the owner subdomain. */\n representationVcUrl: string;\n /** Optional verification-method key id suffix. Defaults to `key-1`. */\n keyId?: string;\n}\n\n/**\n * Build a W3C DID Document conforming to ARP-tld-integration-spec-v2 §6.1.\n *\n * The output is validated against `DidDocumentSchema` before return; on\n * failure a `TemplateValidationError` is thrown.\n */\nexport function buildDidDocument(input: BuildDidDocumentInput): DidDocument {\n const keyId = input.keyId ?? 'key-1';\n const verificationMethodId = makeServiceId(input.agentDid, keyId);\n\n const doc = {\n '@context': ['https://www.w3.org/ns/did/v1'],\n id: input.agentDid,\n controller: input.controllerDid,\n verificationMethod: [\n {\n id: verificationMethodId,\n type: 'Ed25519VerificationKey2020' as const,\n controller: input.agentDid,\n publicKeyMultibase: input.publicKeyMultibase,\n },\n ],\n authentication: [verificationMethodId],\n assertionMethod: [verificationMethodId],\n keyAgreement: [verificationMethodId],\n service: [\n {\n id: makeServiceId(input.agentDid, 'didcomm'),\n type: 'DIDCommMessaging' as const,\n serviceEndpoint: input.endpoints.didcomm,\n accept: ['didcomm/v2'],\n },\n {\n id: makeServiceId(input.agentDid, 'agent-card'),\n type: 'AgentCard' as const,\n serviceEndpoint: input.endpoints.agentCard,\n },\n ],\n principal: {\n did: input.controllerDid,\n representationVC: input.representationVcUrl,\n },\n };\n\n return validateOrThrow('buildDidDocument', DidDocumentSchema, doc);\n}\n","import {\n AgentCardSchema,\n ARP_VERSION,\n SUPPORTED_PROTOCOLS,\n type AgentCard,\n type DidUri,\n} from '@kybernesis/arp-spec';\nimport { validateOrThrow } from './util.js';\n\nexport interface BuildAgentCardInput {\n name: string;\n did: DidUri;\n /** One-line description; defaults to \"Personal agent\". */\n description?: string;\n /** ISO 8601 datetime with offset. Defaults to `new Date().toISOString()`. */\n createdAt?: string;\n endpoints: {\n didcomm: string;\n /** Optional in v0 (stubbed). */\n a2a?: string;\n pairing: string;\n };\n /**\n * Override accepted protocols. Defaults to the canonical `didcomm/v2` +\n * `a2a/1.0` set from `@kybernesis/arp-spec`.\n */\n acceptedProtocols?: readonly string[];\n supportedScopes?: readonly string[];\n payment?: {\n x402Enabled: boolean;\n currencies?: readonly string[];\n pricingUrl?: string | null;\n };\n vcRequirements?: readonly string[];\n /**\n * HTTPS URL of the Cedar policy schema. Defaults to the conventional\n * `<agent-origin>/.well-known/policy-schema.json` when `policySchemaUrl`\n * is omitted and `agentOrigin` is provided.\n */\n policySchemaUrl?: string;\n /** Used to derive the default `policySchemaUrl`. */\n agentOrigin?: string;\n}\n\nexport function buildAgentCard(input: BuildAgentCardInput): AgentCard {\n const policySchemaUrl =\n input.policySchemaUrl ??\n (input.agentOrigin\n ? `${input.agentOrigin.replace(/\\/$/, '')}/.well-known/policy-schema.json`\n : undefined);\n\n if (!policySchemaUrl) {\n throw new Error(\n 'buildAgentCard: either policySchemaUrl or agentOrigin must be provided'\n );\n }\n\n const card = {\n arp_version: ARP_VERSION,\n name: input.name,\n did: input.did,\n description: input.description ?? 'Personal agent',\n created_at: input.createdAt ?? new Date().toISOString(),\n endpoints: {\n didcomm: input.endpoints.didcomm,\n ...(input.endpoints.a2a ? { a2a: input.endpoints.a2a } : {}),\n pairing: input.endpoints.pairing,\n },\n accepted_protocols: [...(input.acceptedProtocols ?? SUPPORTED_PROTOCOLS)],\n supported_scopes: [...(input.supportedScopes ?? [])],\n payment: {\n x402_enabled: input.payment?.x402Enabled ?? false,\n currencies: [...(input.payment?.currencies ?? [])],\n pricing_url: input.payment?.pricingUrl ?? null,\n },\n vc_requirements: [...(input.vcRequirements ?? [])],\n policy: {\n engine: 'cedar' as const,\n schema: policySchemaUrl,\n },\n };\n\n return validateOrThrow('buildAgentCard', AgentCardSchema, card);\n}\n","import { ArpJsonSchema, ARP_VERSION, type ArpJson } from '@kybernesis/arp-spec';\nimport { validateOrThrow } from './util.js';\n\nexport interface BuildArpJsonInput {\n /** HTTPS origin of the agent (e.g. \"https://samantha.agent\"). */\n agentOrigin: string;\n /**\n * Override the advertised capabilities. Defaults to the v0 set:\n * didcomm-v2, cedar-pdp, ucan-tokens.\n */\n capabilities?: readonly string[];\n /** Override the scope-catalog URL (defaults to `<agentOrigin>/.well-known/scope-catalog.json`). */\n scopeCatalogUrl?: string;\n /** Override the policy-schema URL (defaults to `<agentOrigin>/.well-known/policy-schema.json`). */\n policySchemaUrl?: string;\n}\n\nconst DEFAULT_CAPABILITIES = ['didcomm-v2', 'cedar-pdp', 'ucan-tokens'] as const;\n\nexport function buildArpJson(input: BuildArpJsonInput): ArpJson {\n const origin = input.agentOrigin.replace(/\\/$/, '');\n const doc = {\n version: ARP_VERSION,\n capabilities: [...(input.capabilities ?? DEFAULT_CAPABILITIES)],\n scope_catalog_url:\n input.scopeCatalogUrl ?? `${origin}/.well-known/scope-catalog.json`,\n policy_schema_url:\n input.policySchemaUrl ?? `${origin}/.well-known/policy-schema.json`,\n };\n return validateOrThrow('buildArpJson', ArpJsonSchema, doc);\n}\n","import {\n RepresentationVcSchema,\n type RepresentationVc,\n type DidUri,\n} from '@kybernesis/arp-spec';\nimport { validateOrThrow } from './util.js';\n\nexport interface BuildRepresentationVcInput {\n /** Principal DID (the human doing the representing). */\n principalDid: DidUri;\n /** Agent DID (the agent being represented). */\n agentDid: DidUri;\n /** Issued-at (Unix seconds). Defaults to now. */\n iat?: number;\n /** Expiry (Unix seconds). Defaults to iat + 1 year. */\n exp?: number;\n /** Representation scope. Defaults to \"full\". */\n scope?: 'full' | 'scoped';\n constraints?: {\n maxConcurrentConnections?: number;\n allowedTransferOfOwnership?: boolean;\n };\n}\n\nconst DEFAULT_MAX_CONCURRENT_CONNECTIONS = 100;\nconst ONE_YEAR_SECONDS = 365 * 24 * 60 * 60;\n\nexport function buildRepresentationVc(input: BuildRepresentationVcInput): RepresentationVc {\n const iat = input.iat ?? Math.floor(Date.now() / 1000);\n const exp = input.exp ?? iat + ONE_YEAR_SECONDS;\n\n const doc = {\n iss: input.principalDid,\n sub: input.agentDid,\n iat,\n exp,\n vc: {\n '@context': ['https://www.w3.org/2018/credentials/v1'],\n type: ['VerifiableCredential', 'AgentRepresentation'],\n credentialSubject: {\n id: input.agentDid,\n representedBy: input.principalDid,\n scope: input.scope ?? ('full' as const),\n constraints: {\n maxConcurrentConnections:\n input.constraints?.maxConcurrentConnections ?? DEFAULT_MAX_CONCURRENT_CONNECTIONS,\n allowedTransferOfOwnership: input.constraints?.allowedTransferOfOwnership ?? false,\n },\n },\n },\n };\n\n return validateOrThrow('buildRepresentationVc', RepresentationVcSchema, doc);\n}\n","import {\n RevocationsSchema,\n type Revocations,\n type RevocationEntry,\n type DidUri,\n} from '@kybernesis/arp-spec';\nimport { validateOrThrow } from './util.js';\n\nexport interface BuildRevocationsInput {\n /** Issuer DID (principal). */\n issuer: DidUri;\n /** ISO 8601 timestamp. Defaults to now. */\n updatedAt?: string;\n /** Revocation entries. Defaults to empty. */\n revocations?: readonly RevocationEntry[];\n /** Signature over the JCS canonicalization of the unsigned document. */\n signature: {\n kid: string;\n /** Base64url-encoded signature bytes. */\n value: string;\n };\n}\n\nexport function buildRevocations(input: BuildRevocationsInput): Revocations {\n const doc = {\n issuer: input.issuer,\n updated_at: input.updatedAt ?? new Date().toISOString(),\n revocations: input.revocations ? [...input.revocations] : [],\n signature: {\n alg: 'EdDSA' as const,\n kid: input.signature.kid,\n value: input.signature.value,\n },\n };\n\n return validateOrThrow('buildRevocations', RevocationsSchema, doc);\n}\n","import {\n HandoffBundleSchema,\n type HandoffBundle,\n type DidUri,\n type PublicKeyMultibase,\n type DnsRecordTag,\n} from '@kybernesis/arp-spec';\nimport { validateOrThrow } from './util.js';\n\nexport interface BuildHandoffBundleInput {\n agentDid: DidUri;\n principalDid: DidUri;\n publicKeyMultibase: PublicKeyMultibase;\n /**\n * HTTPS origin of the agent. Used to derive the canonical well-known URLs\n * when individual overrides are not provided.\n */\n agentOrigin: string;\n /** Override well-known URLs (useful when hosting is on a different origin). */\n wellKnownUrls?: {\n did?: string;\n agentCard?: string;\n arp?: string;\n };\n dnsRecordsPublished: readonly DnsRecordTag[];\n /** ISO 8601 cert expiry. */\n certExpiresAt: string;\n /** Bootstrap JWT scoped to the arp-sdk takeover (exp ≤ 15min). */\n bootstrapToken: string;\n}\n\nexport function buildHandoffBundle(input: BuildHandoffBundleInput): HandoffBundle {\n const origin = input.agentOrigin.replace(/\\/$/, '');\n const doc = {\n agent_did: input.agentDid,\n principal_did: input.principalDid,\n public_key_multibase: input.publicKeyMultibase,\n well_known_urls: {\n did: input.wellKnownUrls?.did ?? `${origin}/.well-known/did.json`,\n agent_card:\n input.wellKnownUrls?.agentCard ?? `${origin}/.well-known/agent-card.json`,\n arp: input.wellKnownUrls?.arp ?? `${origin}/.well-known/arp.json`,\n },\n dns_records_published: [...input.dnsRecordsPublished],\n cert_expires_at: input.certExpiresAt,\n bootstrap_token: input.bootstrapToken,\n };\n\n return validateOrThrow('buildHandoffBundle', HandoffBundleSchema, doc);\n}\n"]}

package/dist/index.d.cts ADDED Viewed

@@ -0,0 +1,158 @@
+import { z, ZodTypeAny } from 'zod';
+import { DidUri, PublicKeyMultibase, DidDocument, AgentCard, ArpJson, RepresentationVc, RevocationEntry, Revocations, DnsRecordTag, HandoffBundle } from '@kybernesis/arp-spec';
+/**
+ * Error thrown when a template output fails its own Zod validation.
+ *
+ * Template functions are pure — inputs are typed, but defaults, URL
+ * composition, and date math still need a schema check before the object
+ * leaves the builder.
+ */
+declare class TemplateValidationError extends Error {
+    readonly issues: z.ZodIssue[];
+    constructor(templateName: string, issues: z.ZodIssue[]);
+}
+/**
+ * Validate `candidate` against `schema`. Throws `TemplateValidationError` on
+ * failure, returns the parsed value on success.
+ */
+declare function validateOrThrow<S extends ZodTypeAny>(templateName: string, schema: S, candidate: unknown): z.infer<S>;
+/**
+ * Canonical service ID helper: `<agentDid>#<suffix>`.
+ */
+declare function makeServiceId(agentDid: string, suffix: string): string;
+interface BuildDidDocumentInput {
+    /** Agent DID (e.g. "did:web:samantha.agent"). */
+    agentDid: DidUri;
+    /** Principal (controller) DID. May be a placeholder pre-binding. */
+    controllerDid: DidUri;
+    /** Ed25519 public key in multibase (z-base58btc). */
+    publicKeyMultibase: PublicKeyMultibase;
+    /** Service endpoints. */
+    endpoints: {
+        didcomm: string;
+        agentCard: string;
+    };
+    /** Representation VC URL served on the owner subdomain. */
+    representationVcUrl: string;
+    /** Optional verification-method key id suffix. Defaults to `key-1`. */
+    keyId?: string;
+}
+/**
+ * Build a W3C DID Document conforming to ARP-tld-integration-spec-v2 §6.1.
+ *
+ * The output is validated against `DidDocumentSchema` before return; on
+ * failure a `TemplateValidationError` is thrown.
+ */
+declare function buildDidDocument(input: BuildDidDocumentInput): DidDocument;
+interface BuildAgentCardInput {
+    name: string;
+    did: DidUri;
+    /** One-line description; defaults to "Personal agent". */
+    description?: string;
+    /** ISO 8601 datetime with offset. Defaults to `new Date().toISOString()`. */
+    createdAt?: string;
+    endpoints: {
+        didcomm: string;
+        /** Optional in v0 (stubbed). */
+        a2a?: string;
+        pairing: string;
+    };
+    /**
+     * Override accepted protocols. Defaults to the canonical `didcomm/v2` +
+     * `a2a/1.0` set from `@kybernesis/arp-spec`.
+     */
+    acceptedProtocols?: readonly string[];
+    supportedScopes?: readonly string[];
+    payment?: {
+        x402Enabled: boolean;
+        currencies?: readonly string[];
+        pricingUrl?: string | null;
+    };
+    vcRequirements?: readonly string[];
+    /**
+     * HTTPS URL of the Cedar policy schema. Defaults to the conventional
+     * `<agent-origin>/.well-known/policy-schema.json` when `policySchemaUrl`
+     * is omitted and `agentOrigin` is provided.
+     */
+    policySchemaUrl?: string;
+    /** Used to derive the default `policySchemaUrl`. */
+    agentOrigin?: string;
+}
+declare function buildAgentCard(input: BuildAgentCardInput): AgentCard;
+interface BuildArpJsonInput {
+    /** HTTPS origin of the agent (e.g. "https://samantha.agent"). */
+    agentOrigin: string;
+    /**
+     * Override the advertised capabilities. Defaults to the v0 set:
+     * didcomm-v2, cedar-pdp, ucan-tokens.
+     */
+    capabilities?: readonly string[];
+    /** Override the scope-catalog URL (defaults to `<agentOrigin>/.well-known/scope-catalog.json`). */
+    scopeCatalogUrl?: string;
+    /** Override the policy-schema URL (defaults to `<agentOrigin>/.well-known/policy-schema.json`). */
+    policySchemaUrl?: string;
+}
+declare function buildArpJson(input: BuildArpJsonInput): ArpJson;
+interface BuildRepresentationVcInput {
+    /** Principal DID (the human doing the representing). */
+    principalDid: DidUri;
+    /** Agent DID (the agent being represented). */
+    agentDid: DidUri;
+    /** Issued-at (Unix seconds). Defaults to now. */
+    iat?: number;
+    /** Expiry (Unix seconds). Defaults to iat + 1 year. */
+    exp?: number;
+    /** Representation scope. Defaults to "full". */
+    scope?: 'full' | 'scoped';
+    constraints?: {
+        maxConcurrentConnections?: number;
+        allowedTransferOfOwnership?: boolean;
+    };
+}
+declare function buildRepresentationVc(input: BuildRepresentationVcInput): RepresentationVc;
+interface BuildRevocationsInput {
+    /** Issuer DID (principal). */
+    issuer: DidUri;
+    /** ISO 8601 timestamp. Defaults to now. */
+    updatedAt?: string;
+    /** Revocation entries. Defaults to empty. */
+    revocations?: readonly RevocationEntry[];
+    /** Signature over the JCS canonicalization of the unsigned document. */
+    signature: {
+        kid: string;
+        /** Base64url-encoded signature bytes. */
+        value: string;
+    };
+}
+declare function buildRevocations(input: BuildRevocationsInput): Revocations;
+interface BuildHandoffBundleInput {
+    agentDid: DidUri;
+    principalDid: DidUri;
+    publicKeyMultibase: PublicKeyMultibase;
+    /**
+     * HTTPS origin of the agent. Used to derive the canonical well-known URLs
+     * when individual overrides are not provided.
+     */
+    agentOrigin: string;
+    /** Override well-known URLs (useful when hosting is on a different origin). */
+    wellKnownUrls?: {
+        did?: string;
+        agentCard?: string;
+        arp?: string;
+    };
+    dnsRecordsPublished: readonly DnsRecordTag[];
+    /** ISO 8601 cert expiry. */
+    certExpiresAt: string;
+    /** Bootstrap JWT scoped to the arp-sdk takeover (exp ≤ 15min). */
+    bootstrapToken: string;
+}
+declare function buildHandoffBundle(input: BuildHandoffBundleInput): HandoffBundle;
+export { type BuildAgentCardInput, type BuildArpJsonInput, type BuildDidDocumentInput, type BuildHandoffBundleInput, type BuildRepresentationVcInput, type BuildRevocationsInput, TemplateValidationError, buildAgentCard, buildArpJson, buildDidDocument, buildHandoffBundle, buildRepresentationVc, buildRevocations, makeServiceId, validateOrThrow };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,158 @@
+import { z, ZodTypeAny } from 'zod';
+import { DidUri, PublicKeyMultibase, DidDocument, AgentCard, ArpJson, RepresentationVc, RevocationEntry, Revocations, DnsRecordTag, HandoffBundle } from '@kybernesis/arp-spec';
+/**
+ * Error thrown when a template output fails its own Zod validation.
+ *
+ * Template functions are pure — inputs are typed, but defaults, URL
+ * composition, and date math still need a schema check before the object
+ * leaves the builder.
+ */
+declare class TemplateValidationError extends Error {
+    readonly issues: z.ZodIssue[];
+    constructor(templateName: string, issues: z.ZodIssue[]);
+}
+/**
+ * Validate `candidate` against `schema`. Throws `TemplateValidationError` on
+ * failure, returns the parsed value on success.
+ */
+declare function validateOrThrow<S extends ZodTypeAny>(templateName: string, schema: S, candidate: unknown): z.infer<S>;
+/**
+ * Canonical service ID helper: `<agentDid>#<suffix>`.
+ */
+declare function makeServiceId(agentDid: string, suffix: string): string;
+interface BuildDidDocumentInput {
+    /** Agent DID (e.g. "did:web:samantha.agent"). */
+    agentDid: DidUri;
+    /** Principal (controller) DID. May be a placeholder pre-binding. */
+    controllerDid: DidUri;
+    /** Ed25519 public key in multibase (z-base58btc). */
+    publicKeyMultibase: PublicKeyMultibase;
+    /** Service endpoints. */
+    endpoints: {
+        didcomm: string;
+        agentCard: string;
+    };
+    /** Representation VC URL served on the owner subdomain. */
+    representationVcUrl: string;
+    /** Optional verification-method key id suffix. Defaults to `key-1`. */
+    keyId?: string;
+}
+/**
+ * Build a W3C DID Document conforming to ARP-tld-integration-spec-v2 §6.1.
+ *
+ * The output is validated against `DidDocumentSchema` before return; on
+ * failure a `TemplateValidationError` is thrown.
+ */
+declare function buildDidDocument(input: BuildDidDocumentInput): DidDocument;
+interface BuildAgentCardInput {
+    name: string;
+    did: DidUri;
+    /** One-line description; defaults to "Personal agent". */
+    description?: string;
+    /** ISO 8601 datetime with offset. Defaults to `new Date().toISOString()`. */
+    createdAt?: string;
+    endpoints: {
+        didcomm: string;
+        /** Optional in v0 (stubbed). */
+        a2a?: string;
+        pairing: string;
+    };
+    /**
+     * Override accepted protocols. Defaults to the canonical `didcomm/v2` +
+     * `a2a/1.0` set from `@kybernesis/arp-spec`.
+     */
+    acceptedProtocols?: readonly string[];
+    supportedScopes?: readonly string[];
+    payment?: {
+        x402Enabled: boolean;
+        currencies?: readonly string[];
+        pricingUrl?: string | null;
+    };
+    vcRequirements?: readonly string[];
+    /**
+     * HTTPS URL of the Cedar policy schema. Defaults to the conventional
+     * `<agent-origin>/.well-known/policy-schema.json` when `policySchemaUrl`
+     * is omitted and `agentOrigin` is provided.
+     */
+    policySchemaUrl?: string;
+    /** Used to derive the default `policySchemaUrl`. */
+    agentOrigin?: string;
+}
+declare function buildAgentCard(input: BuildAgentCardInput): AgentCard;
+interface BuildArpJsonInput {
+    /** HTTPS origin of the agent (e.g. "https://samantha.agent"). */
+    agentOrigin: string;
+    /**
+     * Override the advertised capabilities. Defaults to the v0 set:
+     * didcomm-v2, cedar-pdp, ucan-tokens.
+     */
+    capabilities?: readonly string[];
+    /** Override the scope-catalog URL (defaults to `<agentOrigin>/.well-known/scope-catalog.json`). */
+    scopeCatalogUrl?: string;
+    /** Override the policy-schema URL (defaults to `<agentOrigin>/.well-known/policy-schema.json`). */
+    policySchemaUrl?: string;
+}
+declare function buildArpJson(input: BuildArpJsonInput): ArpJson;
+interface BuildRepresentationVcInput {
+    /** Principal DID (the human doing the representing). */
+    principalDid: DidUri;
+    /** Agent DID (the agent being represented). */
+    agentDid: DidUri;
+    /** Issued-at (Unix seconds). Defaults to now. */
+    iat?: number;
+    /** Expiry (Unix seconds). Defaults to iat + 1 year. */
+    exp?: number;
+    /** Representation scope. Defaults to "full". */
+    scope?: 'full' | 'scoped';
+    constraints?: {
+        maxConcurrentConnections?: number;
+        allowedTransferOfOwnership?: boolean;
+    };
+}
+declare function buildRepresentationVc(input: BuildRepresentationVcInput): RepresentationVc;
+interface BuildRevocationsInput {
+    /** Issuer DID (principal). */
+    issuer: DidUri;
+    /** ISO 8601 timestamp. Defaults to now. */
+    updatedAt?: string;
+    /** Revocation entries. Defaults to empty. */
+    revocations?: readonly RevocationEntry[];
+    /** Signature over the JCS canonicalization of the unsigned document. */
+    signature: {
+        kid: string;
+        /** Base64url-encoded signature bytes. */
+        value: string;
+    };
+}
+declare function buildRevocations(input: BuildRevocationsInput): Revocations;
+interface BuildHandoffBundleInput {
+    agentDid: DidUri;
+    principalDid: DidUri;
+    publicKeyMultibase: PublicKeyMultibase;
+    /**
+     * HTTPS origin of the agent. Used to derive the canonical well-known URLs
+     * when individual overrides are not provided.
+     */
+    agentOrigin: string;
+    /** Override well-known URLs (useful when hosting is on a different origin). */
+    wellKnownUrls?: {
+        did?: string;
+        agentCard?: string;
+        arp?: string;
+    };
+    dnsRecordsPublished: readonly DnsRecordTag[];
+    /** ISO 8601 cert expiry. */
+    certExpiresAt: string;
+    /** Bootstrap JWT scoped to the arp-sdk takeover (exp ≤ 15min). */
+    bootstrapToken: string;
+}
+declare function buildHandoffBundle(input: BuildHandoffBundleInput): HandoffBundle;
+export { type BuildAgentCardInput, type BuildArpJsonInput, type BuildDidDocumentInput, type BuildHandoffBundleInput, type BuildRepresentationVcInput, type BuildRevocationsInput, TemplateValidationError, buildAgentCard, buildArpJson, buildDidDocument, buildHandoffBundle, buildRepresentationVc, buildRevocations, makeServiceId, validateOrThrow };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,165 @@
+import { DidDocumentSchema, SUPPORTED_PROTOCOLS, ARP_VERSION, AgentCardSchema, ArpJsonSchema, RepresentationVcSchema, RevocationsSchema, HandoffBundleSchema } from '@kybernesis/arp-spec';
+// src/util.ts
+var TemplateValidationError = class extends Error {
+  issues;
+  constructor(templateName, issues) {
+    super(
+      `${templateName}: produced invalid output (${issues.length} issue${issues.length === 1 ? "" : "s"})`
+    );
+    this.name = "TemplateValidationError";
+    this.issues = issues;
+  }
+};
+function validateOrThrow(templateName, schema, candidate) {
+  const parsed = schema.safeParse(candidate);
+  if (!parsed.success) {
+    throw new TemplateValidationError(templateName, parsed.error.issues);
+  }
+  return parsed.data;
+}
+function makeServiceId(agentDid, suffix) {
+  return `${agentDid}#${suffix}`;
+}
+function buildDidDocument(input) {
+  const keyId = input.keyId ?? "key-1";
+  const verificationMethodId = makeServiceId(input.agentDid, keyId);
+  const doc = {
+    "@context": ["https://www.w3.org/ns/did/v1"],
+    id: input.agentDid,
+    controller: input.controllerDid,
+    verificationMethod: [
+      {
+        id: verificationMethodId,
+        type: "Ed25519VerificationKey2020",
+        controller: input.agentDid,
+        publicKeyMultibase: input.publicKeyMultibase
+      }
+    ],
+    authentication: [verificationMethodId],
+    assertionMethod: [verificationMethodId],
+    keyAgreement: [verificationMethodId],
+    service: [
+      {
+        id: makeServiceId(input.agentDid, "didcomm"),
+        type: "DIDCommMessaging",
+        serviceEndpoint: input.endpoints.didcomm,
+        accept: ["didcomm/v2"]
+      },
+      {
+        id: makeServiceId(input.agentDid, "agent-card"),
+        type: "AgentCard",
+        serviceEndpoint: input.endpoints.agentCard
+      }
+    ],
+    principal: {
+      did: input.controllerDid,
+      representationVC: input.representationVcUrl
+    }
+  };
+  return validateOrThrow("buildDidDocument", DidDocumentSchema, doc);
+}
+function buildAgentCard(input) {
+  const policySchemaUrl = input.policySchemaUrl ?? (input.agentOrigin ? `${input.agentOrigin.replace(/\/$/, "")}/.well-known/policy-schema.json` : void 0);
+  if (!policySchemaUrl) {
+    throw new Error(
+      "buildAgentCard: either policySchemaUrl or agentOrigin must be provided"
+    );
+  }
+  const card = {
+    arp_version: ARP_VERSION,
+    name: input.name,
+    did: input.did,
+    description: input.description ?? "Personal agent",
+    created_at: input.createdAt ?? (/* @__PURE__ */ new Date()).toISOString(),
+    endpoints: {
+      didcomm: input.endpoints.didcomm,
+      ...input.endpoints.a2a ? { a2a: input.endpoints.a2a } : {},
+      pairing: input.endpoints.pairing
+    },
+    accepted_protocols: [...input.acceptedProtocols ?? SUPPORTED_PROTOCOLS],
+    supported_scopes: [...input.supportedScopes ?? []],
+    payment: {
+      x402_enabled: input.payment?.x402Enabled ?? false,
+      currencies: [...input.payment?.currencies ?? []],
+      pricing_url: input.payment?.pricingUrl ?? null
+    },
+    vc_requirements: [...input.vcRequirements ?? []],
+    policy: {
+      engine: "cedar",
+      schema: policySchemaUrl
+    }
+  };
+  return validateOrThrow("buildAgentCard", AgentCardSchema, card);
+}
+var DEFAULT_CAPABILITIES = ["didcomm-v2", "cedar-pdp", "ucan-tokens"];
+function buildArpJson(input) {
+  const origin = input.agentOrigin.replace(/\/$/, "");
+  const doc = {
+    version: ARP_VERSION,
+    capabilities: [...input.capabilities ?? DEFAULT_CAPABILITIES],
+    scope_catalog_url: input.scopeCatalogUrl ?? `${origin}/.well-known/scope-catalog.json`,
+    policy_schema_url: input.policySchemaUrl ?? `${origin}/.well-known/policy-schema.json`
+  };
+  return validateOrThrow("buildArpJson", ArpJsonSchema, doc);
+}
+var DEFAULT_MAX_CONCURRENT_CONNECTIONS = 100;
+var ONE_YEAR_SECONDS = 365 * 24 * 60 * 60;
+function buildRepresentationVc(input) {
+  const iat = input.iat ?? Math.floor(Date.now() / 1e3);
+  const exp = input.exp ?? iat + ONE_YEAR_SECONDS;
+  const doc = {
+    iss: input.principalDid,
+    sub: input.agentDid,
+    iat,
+    exp,
+    vc: {
+      "@context": ["https://www.w3.org/2018/credentials/v1"],
+      type: ["VerifiableCredential", "AgentRepresentation"],
+      credentialSubject: {
+        id: input.agentDid,
+        representedBy: input.principalDid,
+        scope: input.scope ?? "full",
+        constraints: {
+          maxConcurrentConnections: input.constraints?.maxConcurrentConnections ?? DEFAULT_MAX_CONCURRENT_CONNECTIONS,
+          allowedTransferOfOwnership: input.constraints?.allowedTransferOfOwnership ?? false
+        }
+      }
+    }
+  };
+  return validateOrThrow("buildRepresentationVc", RepresentationVcSchema, doc);
+}
+function buildRevocations(input) {
+  const doc = {
+    issuer: input.issuer,
+    updated_at: input.updatedAt ?? (/* @__PURE__ */ new Date()).toISOString(),
+    revocations: input.revocations ? [...input.revocations] : [],
+    signature: {
+      alg: "EdDSA",
+      kid: input.signature.kid,
+      value: input.signature.value
+    }
+  };
+  return validateOrThrow("buildRevocations", RevocationsSchema, doc);
+}
+function buildHandoffBundle(input) {
+  const origin = input.agentOrigin.replace(/\/$/, "");
+  const doc = {
+    agent_did: input.agentDid,
+    principal_did: input.principalDid,
+    public_key_multibase: input.publicKeyMultibase,
+    well_known_urls: {
+      did: input.wellKnownUrls?.did ?? `${origin}/.well-known/did.json`,
+      agent_card: input.wellKnownUrls?.agentCard ?? `${origin}/.well-known/agent-card.json`,
+      arp: input.wellKnownUrls?.arp ?? `${origin}/.well-known/arp.json`
+    },
+    dns_records_published: [...input.dnsRecordsPublished],
+    cert_expires_at: input.certExpiresAt,
+    bootstrap_token: input.bootstrapToken
+  };
+  return validateOrThrow("buildHandoffBundle", HandoffBundleSchema, doc);
+}
+export { TemplateValidationError, buildAgentCard, buildArpJson, buildDidDocument, buildHandoffBundle, buildRepresentationVc, buildRevocations, makeServiceId, validateOrThrow };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/util.ts","../src/did-document.ts","../src/agent-card.ts","../src/arp-json.ts","../src/representation-vc.ts","../src/revocations.ts","../src/handoff-bundle.ts"],"names":["ARP_VERSION"],"mappings":";;;AASO,IAAM,uBAAA,GAAN,cAAsC,KAAA,CAAM;AAAA,EACjC,MAAA;AAAA,EAEhB,WAAA,CAAY,cAAsB,MAAA,EAAsB;AACtD,IAAA,KAAA;AAAA,MACE,CAAA,EAAG,YAAY,CAAA,2BAAA,EAA8B,MAAA,CAAO,MAAM,SAAS,MAAA,CAAO,MAAA,KAAW,CAAA,GAAI,EAAA,GAAK,GAAG,CAAA,CAAA;AAAA,KACnG;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,yBAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AACF;AAMO,SAAS,eAAA,CACd,YAAA,EACA,MAAA,EACA,SAAA,EACY;AACZ,EAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,CAAU,SAAS,CAAA;AACzC,EAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,IAAA,MAAM,IAAI,uBAAA,CAAwB,YAAA,EAAc,MAAA,CAAO,MAAM,MAAM,CAAA;AAAA,EACrE;AACA,EAAA,OAAO,MAAA,CAAO,IAAA;AAChB;AAKO,SAAS,aAAA,CAAc,UAAkB,MAAA,EAAwB;AACtE,EAAA,OAAO,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AAC9B;ACVO,SAAS,iBAAiB,KAAA,EAA2C;AAC1E,EAAA,MAAM,KAAA,GAAQ,MAAM,KAAA,IAAS,OAAA;AAC7B,EAAA,MAAM,oBAAA,GAAuB,aAAA,CAAc,KAAA,CAAM,QAAA,EAAU,KAAK,CAAA;AAEhE,EAAA,MAAM,GAAA,GAAM;AAAA,IACV,UAAA,EAAY,CAAC,8BAA8B,CAAA;AAAA,IAC3C,IAAI,KAAA,CAAM,QAAA;AAAA,IACV,YAAY,KAAA,CAAM,aAAA;AAAA,IAClB,kBAAA,EAAoB;AAAA,MAClB;AAAA,QACE,EAAA,EAAI,oBAAA;AAAA,QACJ,IAAA,EAAM,4BAAA;AAAA,QACN,YAAY,KAAA,CAAM,QAAA;AAAA,QAClB,oBAAoB,KAAA,CAAM;AAAA;AAC5B,KACF;AAAA,IACA,cAAA,EAAgB,CAAC,oBAAoB,CAAA;AAAA,IACrC,eAAA,EAAiB,CAAC,oBAAoB,CAAA;AAAA,IACtC,YAAA,EAAc,CAAC,oBAAoB,CAAA;AAAA,IACnC,OAAA,EAAS;AAAA,MACP;AAAA,QACE,EAAA,EAAI,aAAA,CAAc,KAAA,CAAM,QAAA,EAAU,SAAS,CAAA;AAAA,QAC3C,IAAA,EAAM,kBAAA;AAAA,QACN,eAAA,EAAiB,MAAM,SAAA,CAAU,OAAA;AAAA,QACjC,MAAA,EAAQ,CAAC,YAAY;AAAA,OACvB;AAAA,MACA;AAAA,QACE,EAAA,EAAI,aAAA,CAAc,KAAA,CAAM,QAAA,EAAU,YAAY,CAAA;AAAA,QAC9C,IAAA,EAAM,WAAA;AAAA,QACN,eAAA,EAAiB,MAAM,SAAA,CAAU;AAAA;AACnC,KACF;AAAA,IACA,SAAA,EAAW;AAAA,MACT,KAAK,KAAA,CAAM,aAAA;AAAA,MACX,kBAAkB,KAAA,CAAM;AAAA;AAC1B,GACF;AAEA,EAAA,OAAO,eAAA,CAAgB,kBAAA,EAAoB,iBAAA,EAAmB,GAAG,CAAA;AACnE;AC3BO,SAAS,eAAe,KAAA,EAAuC;AACpE,EAAA,MAAM,eAAA,GACJ,KAAA,CAAM,eAAA,KACL,KAAA,CAAM,WAAA,GACH,CAAA,EAAG,KAAA,CAAM,WAAA,CAAY,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAC,CAAA,+BAAA,CAAA,GACvC,MAAA,CAAA;AAEN,EAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,IAAA,GAAO;AAAA,IACX,WAAA,EAAa,WAAA;AAAA,IACb,MAAM,KAAA,CAAM,IAAA;AAAA,IACZ,KAAK,KAAA,CAAM,GAAA;AAAA,IACX,WAAA,EAAa,MAAM,WAAA,IAAe,gBAAA;AAAA,IAClC,YAAY,KAAA,CAAM,SAAA,IAAA,iBAAa,IAAI,IAAA,IAAO,WAAA,EAAY;AAAA,IACtD,SAAA,EAAW;AAAA,MACT,OAAA,EAAS,MAAM,SAAA,CAAU,OAAA;AAAA,MACzB,GAAI,KAAA,CAAM,SAAA,CAAU,GAAA,GAAM,EAAE,KAAK,KAAA,CAAM,SAAA,CAAU,GAAA,EAAI,GAAI,EAAC;AAAA,MAC1D,OAAA,EAAS,MAAM,SAAA,CAAU;AAAA,KAC3B;AAAA,IACA,kBAAA,EAAoB,CAAC,GAAI,KAAA,CAAM,qBAAqB,mBAAoB,CAAA;AAAA,IACxE,kBAAkB,CAAC,GAAI,KAAA,CAAM,eAAA,IAAmB,EAAG,CAAA;AAAA,IACnD,OAAA,EAAS;AAAA,MACP,YAAA,EAAc,KAAA,CAAM,OAAA,EAAS,WAAA,IAAe,KAAA;AAAA,MAC5C,YAAY,CAAC,GAAI,MAAM,OAAA,EAAS,UAAA,IAAc,EAAG,CAAA;AAAA,MACjD,WAAA,EAAa,KAAA,CAAM,OAAA,EAAS,UAAA,IAAc;AAAA,KAC5C;AAAA,IACA,iBAAiB,CAAC,GAAI,KAAA,CAAM,cAAA,IAAkB,EAAG,CAAA;AAAA,IACjD,MAAA,EAAQ;AAAA,MACN,MAAA,EAAQ,OAAA;AAAA,MACR,MAAA,EAAQ;AAAA;AACV,GACF;AAEA,EAAA,OAAO,eAAA,CAAgB,gBAAA,EAAkB,eAAA,EAAiB,IAAI,CAAA;AAChE;AClEA,IAAM,oBAAA,GAAuB,CAAC,YAAA,EAAc,WAAA,EAAa,aAAa,CAAA;AAE/D,SAAS,aAAa,KAAA,EAAmC;AAC9D,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,WAAA,CAAY,OAAA,CAAQ,OAAO,EAAE,CAAA;AAClD,EAAA,MAAM,GAAA,GAAM;AAAA,IACV,OAAA,EAASA,WAAAA;AAAA,IACT,YAAA,EAAc,CAAC,GAAI,KAAA,CAAM,gBAAgB,oBAAqB,CAAA;AAAA,IAC9D,iBAAA,EACE,KAAA,CAAM,eAAA,IAAmB,CAAA,EAAG,MAAM,CAAA,+BAAA,CAAA;AAAA,IACpC,iBAAA,EACE,KAAA,CAAM,eAAA,IAAmB,CAAA,EAAG,MAAM,CAAA,+BAAA;AAAA,GACtC;AACA,EAAA,OAAO,eAAA,CAAgB,cAAA,EAAgB,aAAA,EAAe,GAAG,CAAA;AAC3D;ACNA,IAAM,kCAAA,GAAqC,GAAA;AAC3C,IAAM,gBAAA,GAAmB,GAAA,GAAM,EAAA,GAAK,EAAA,GAAK,EAAA;AAElC,SAAS,sBAAsB,KAAA,EAAqD;AACzF,EAAA,MAAM,GAAA,GAAM,MAAM,GAAA,IAAO,IAAA,CAAK,MAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACrD,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,GAAA,IAAO,GAAA,GAAM,gBAAA;AAE/B,EAAA,MAAM,GAAA,GAAM;AAAA,IACV,KAAK,KAAA,CAAM,YAAA;AAAA,IACX,KAAK,KAAA,CAAM,QAAA;AAAA,IACX,GAAA;AAAA,IACA,GAAA;AAAA,IACA,EAAA,EAAI;AAAA,MACF,UAAA,EAAY,CAAC,wCAAwC,CAAA;AAAA,MACrD,IAAA,EAAM,CAAC,sBAAA,EAAwB,qBAAqB,CAAA;AAAA,MACpD,iBAAA,EAAmB;AAAA,QACjB,IAAI,KAAA,CAAM,QAAA;AAAA,QACV,eAAe,KAAA,CAAM,YAAA;AAAA,QACrB,KAAA,EAAO,MAAM,KAAA,IAAU,MAAA;AAAA,QACvB,WAAA,EAAa;AAAA,UACX,wBAAA,EACE,KAAA,CAAM,WAAA,EAAa,wBAAA,IAA4B,kCAAA;AAAA,UACjD,0BAAA,EAA4B,KAAA,CAAM,WAAA,EAAa,0BAAA,IAA8B;AAAA;AAC/E;AACF;AACF,GACF;AAEA,EAAA,OAAO,eAAA,CAAgB,uBAAA,EAAyB,sBAAA,EAAwB,GAAG,CAAA;AAC7E;AC9BO,SAAS,iBAAiB,KAAA,EAA2C;AAC1E,EAAA,MAAM,GAAA,GAAM;AAAA,IACV,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,YAAY,KAAA,CAAM,SAAA,IAAA,iBAAa,IAAI,IAAA,IAAO,WAAA,EAAY;AAAA,IACtD,WAAA,EAAa,MAAM,WAAA,GAAc,CAAC,GAAG,KAAA,CAAM,WAAW,IAAI,EAAC;AAAA,IAC3D,SAAA,EAAW;AAAA,MACT,GAAA,EAAK,OAAA;AAAA,MACL,GAAA,EAAK,MAAM,SAAA,CAAU,GAAA;AAAA,MACrB,KAAA,EAAO,MAAM,SAAA,CAAU;AAAA;AACzB,GACF;AAEA,EAAA,OAAO,eAAA,CAAgB,kBAAA,EAAoB,iBAAA,EAAmB,GAAG,CAAA;AACnE;ACLO,SAAS,mBAAmB,KAAA,EAA+C;AAChF,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,WAAA,CAAY,OAAA,CAAQ,OAAO,EAAE,CAAA;AAClD,EAAA,MAAM,GAAA,GAAM;AAAA,IACV,WAAW,KAAA,CAAM,QAAA;AAAA,IACjB,eAAe,KAAA,CAAM,YAAA;AAAA,IACrB,sBAAsB,KAAA,CAAM,kBAAA;AAAA,IAC5B,eAAA,EAAiB;AAAA,MACf,GAAA,EAAK,KAAA,CAAM,aAAA,EAAe,GAAA,IAAO,GAAG,MAAM,CAAA,qBAAA,CAAA;AAAA,MAC1C,UAAA,EACE,KAAA,CAAM,aAAA,EAAe,SAAA,IAAa,GAAG,MAAM,CAAA,4BAAA,CAAA;AAAA,MAC7C,GAAA,EAAK,KAAA,CAAM,aAAA,EAAe,GAAA,IAAO,GAAG,MAAM,CAAA,qBAAA;AAAA,KAC5C;AAAA,IACA,qBAAA,EAAuB,CAAC,GAAG,KAAA,CAAM,mBAAmB,CAAA;AAAA,IACpD,iBAAiB,KAAA,CAAM,aAAA;AAAA,IACvB,iBAAiB,KAAA,CAAM;AAAA,GACzB;AAEA,EAAA,OAAO,eAAA,CAAgB,oBAAA,EAAsB,mBAAA,EAAqB,GAAG,CAAA;AACvE","file":"index.js","sourcesContent":["import { z, type ZodTypeAny } from 'zod';\n\n/**\n * Error thrown when a template output fails its own Zod validation.\n *\n * Template functions are pure — inputs are typed, but defaults, URL\n * composition, and date math still need a schema check before the object\n * leaves the builder.\n */\nexport class TemplateValidationError extends Error {\n public readonly issues: z.ZodIssue[];\n\n constructor(templateName: string, issues: z.ZodIssue[]) {\n super(\n `${templateName}: produced invalid output (${issues.length} issue${issues.length === 1 ? '' : 's'})`\n );\n this.name = 'TemplateValidationError';\n this.issues = issues;\n }\n}\n\n/**\n * Validate `candidate` against `schema`. Throws `TemplateValidationError` on\n * failure, returns the parsed value on success.\n */\nexport function validateOrThrow<S extends ZodTypeAny>(\n templateName: string,\n schema: S,\n candidate: unknown\n): z.infer<S> {\n const parsed = schema.safeParse(candidate);\n if (!parsed.success) {\n throw new TemplateValidationError(templateName, parsed.error.issues);\n }\n return parsed.data;\n}\n\n/**\n * Canonical service ID helper: `<agentDid>#<suffix>`.\n */\nexport function makeServiceId(agentDid: string, suffix: string): string {\n return `${agentDid}#${suffix}`;\n}\n","import {\n DidDocumentSchema,\n type DidDocument,\n type DidUri,\n type PublicKeyMultibase,\n} from '@kybernesis/arp-spec';\nimport { validateOrThrow, makeServiceId } from './util.js';\n\nexport interface BuildDidDocumentInput {\n /** Agent DID (e.g. \"did:web:samantha.agent\"). */\n agentDid: DidUri;\n /** Principal (controller) DID. May be a placeholder pre-binding. */\n controllerDid: DidUri;\n /** Ed25519 public key in multibase (z-base58btc). */\n publicKeyMultibase: PublicKeyMultibase;\n /** Service endpoints. */\n endpoints: {\n didcomm: string;\n agentCard: string;\n };\n /** Representation VC URL served on the owner subdomain. */\n representationVcUrl: string;\n /** Optional verification-method key id suffix. Defaults to `key-1`. */\n keyId?: string;\n}\n\n/**\n * Build a W3C DID Document conforming to ARP-tld-integration-spec-v2 §6.1.\n *\n * The output is validated against `DidDocumentSchema` before return; on\n * failure a `TemplateValidationError` is thrown.\n */\nexport function buildDidDocument(input: BuildDidDocumentInput): DidDocument {\n const keyId = input.keyId ?? 'key-1';\n const verificationMethodId = makeServiceId(input.agentDid, keyId);\n\n const doc = {\n '@context': ['https://www.w3.org/ns/did/v1'],\n id: input.agentDid,\n controller: input.controllerDid,\n verificationMethod: [\n {\n id: verificationMethodId,\n type: 'Ed25519VerificationKey2020' as const,\n controller: input.agentDid,\n publicKeyMultibase: input.publicKeyMultibase,\n },\n ],\n authentication: [verificationMethodId],\n assertionMethod: [verificationMethodId],\n keyAgreement: [verificationMethodId],\n service: [\n {\n id: makeServiceId(input.agentDid, 'didcomm'),\n type: 'DIDCommMessaging' as const,\n serviceEndpoint: input.endpoints.didcomm,\n accept: ['didcomm/v2'],\n },\n {\n id: makeServiceId(input.agentDid, 'agent-card'),\n type: 'AgentCard' as const,\n serviceEndpoint: input.endpoints.agentCard,\n },\n ],\n principal: {\n did: input.controllerDid,\n representationVC: input.representationVcUrl,\n },\n };\n\n return validateOrThrow('buildDidDocument', DidDocumentSchema, doc);\n}\n","import {\n AgentCardSchema,\n ARP_VERSION,\n SUPPORTED_PROTOCOLS,\n type AgentCard,\n type DidUri,\n} from '@kybernesis/arp-spec';\nimport { validateOrThrow } from './util.js';\n\nexport interface BuildAgentCardInput {\n name: string;\n did: DidUri;\n /** One-line description; defaults to \"Personal agent\". */\n description?: string;\n /** ISO 8601 datetime with offset. Defaults to `new Date().toISOString()`. */\n createdAt?: string;\n endpoints: {\n didcomm: string;\n /** Optional in v0 (stubbed). */\n a2a?: string;\n pairing: string;\n };\n /**\n * Override accepted protocols. Defaults to the canonical `didcomm/v2` +\n * `a2a/1.0` set from `@kybernesis/arp-spec`.\n */\n acceptedProtocols?: readonly string[];\n supportedScopes?: readonly string[];\n payment?: {\n x402Enabled: boolean;\n currencies?: readonly string[];\n pricingUrl?: string | null;\n };\n vcRequirements?: readonly string[];\n /**\n * HTTPS URL of the Cedar policy schema. Defaults to the conventional\n * `<agent-origin>/.well-known/policy-schema.json` when `policySchemaUrl`\n * is omitted and `agentOrigin` is provided.\n */\n policySchemaUrl?: string;\n /** Used to derive the default `policySchemaUrl`. */\n agentOrigin?: string;\n}\n\nexport function buildAgentCard(input: BuildAgentCardInput): AgentCard {\n const policySchemaUrl =\n input.policySchemaUrl ??\n (input.agentOrigin\n ? `${input.agentOrigin.replace(/\\/$/, '')}/.well-known/policy-schema.json`\n : undefined);\n\n if (!policySchemaUrl) {\n throw new Error(\n 'buildAgentCard: either policySchemaUrl or agentOrigin must be provided'\n );\n }\n\n const card = {\n arp_version: ARP_VERSION,\n name: input.name,\n did: input.did,\n description: input.description ?? 'Personal agent',\n created_at: input.createdAt ?? new Date().toISOString(),\n endpoints: {\n didcomm: input.endpoints.didcomm,\n ...(input.endpoints.a2a ? { a2a: input.endpoints.a2a } : {}),\n pairing: input.endpoints.pairing,\n },\n accepted_protocols: [...(input.acceptedProtocols ?? SUPPORTED_PROTOCOLS)],\n supported_scopes: [...(input.supportedScopes ?? [])],\n payment: {\n x402_enabled: input.payment?.x402Enabled ?? false,\n currencies: [...(input.payment?.currencies ?? [])],\n pricing_url: input.payment?.pricingUrl ?? null,\n },\n vc_requirements: [...(input.vcRequirements ?? [])],\n policy: {\n engine: 'cedar' as const,\n schema: policySchemaUrl,\n },\n };\n\n return validateOrThrow('buildAgentCard', AgentCardSchema, card);\n}\n","import { ArpJsonSchema, ARP_VERSION, type ArpJson } from '@kybernesis/arp-spec';\nimport { validateOrThrow } from './util.js';\n\nexport interface BuildArpJsonInput {\n /** HTTPS origin of the agent (e.g. \"https://samantha.agent\"). */\n agentOrigin: string;\n /**\n * Override the advertised capabilities. Defaults to the v0 set:\n * didcomm-v2, cedar-pdp, ucan-tokens.\n */\n capabilities?: readonly string[];\n /** Override the scope-catalog URL (defaults to `<agentOrigin>/.well-known/scope-catalog.json`). */\n scopeCatalogUrl?: string;\n /** Override the policy-schema URL (defaults to `<agentOrigin>/.well-known/policy-schema.json`). */\n policySchemaUrl?: string;\n}\n\nconst DEFAULT_CAPABILITIES = ['didcomm-v2', 'cedar-pdp', 'ucan-tokens'] as const;\n\nexport function buildArpJson(input: BuildArpJsonInput): ArpJson {\n const origin = input.agentOrigin.replace(/\\/$/, '');\n const doc = {\n version: ARP_VERSION,\n capabilities: [...(input.capabilities ?? DEFAULT_CAPABILITIES)],\n scope_catalog_url:\n input.scopeCatalogUrl ?? `${origin}/.well-known/scope-catalog.json`,\n policy_schema_url:\n input.policySchemaUrl ?? `${origin}/.well-known/policy-schema.json`,\n };\n return validateOrThrow('buildArpJson', ArpJsonSchema, doc);\n}\n","import {\n RepresentationVcSchema,\n type RepresentationVc,\n type DidUri,\n} from '@kybernesis/arp-spec';\nimport { validateOrThrow } from './util.js';\n\nexport interface BuildRepresentationVcInput {\n /** Principal DID (the human doing the representing). */\n principalDid: DidUri;\n /** Agent DID (the agent being represented). */\n agentDid: DidUri;\n /** Issued-at (Unix seconds). Defaults to now. */\n iat?: number;\n /** Expiry (Unix seconds). Defaults to iat + 1 year. */\n exp?: number;\n /** Representation scope. Defaults to \"full\". */\n scope?: 'full' | 'scoped';\n constraints?: {\n maxConcurrentConnections?: number;\n allowedTransferOfOwnership?: boolean;\n };\n}\n\nconst DEFAULT_MAX_CONCURRENT_CONNECTIONS = 100;\nconst ONE_YEAR_SECONDS = 365 * 24 * 60 * 60;\n\nexport function buildRepresentationVc(input: BuildRepresentationVcInput): RepresentationVc {\n const iat = input.iat ?? Math.floor(Date.now() / 1000);\n const exp = input.exp ?? iat + ONE_YEAR_SECONDS;\n\n const doc = {\n iss: input.principalDid,\n sub: input.agentDid,\n iat,\n exp,\n vc: {\n '@context': ['https://www.w3.org/2018/credentials/v1'],\n type: ['VerifiableCredential', 'AgentRepresentation'],\n credentialSubject: {\n id: input.agentDid,\n representedBy: input.principalDid,\n scope: input.scope ?? ('full' as const),\n constraints: {\n maxConcurrentConnections:\n input.constraints?.maxConcurrentConnections ?? DEFAULT_MAX_CONCURRENT_CONNECTIONS,\n allowedTransferOfOwnership: input.constraints?.allowedTransferOfOwnership ?? false,\n },\n },\n },\n };\n\n return validateOrThrow('buildRepresentationVc', RepresentationVcSchema, doc);\n}\n","import {\n RevocationsSchema,\n type Revocations,\n type RevocationEntry,\n type DidUri,\n} from '@kybernesis/arp-spec';\nimport { validateOrThrow } from './util.js';\n\nexport interface BuildRevocationsInput {\n /** Issuer DID (principal). */\n issuer: DidUri;\n /** ISO 8601 timestamp. Defaults to now. */\n updatedAt?: string;\n /** Revocation entries. Defaults to empty. */\n revocations?: readonly RevocationEntry[];\n /** Signature over the JCS canonicalization of the unsigned document. */\n signature: {\n kid: string;\n /** Base64url-encoded signature bytes. */\n value: string;\n };\n}\n\nexport function buildRevocations(input: BuildRevocationsInput): Revocations {\n const doc = {\n issuer: input.issuer,\n updated_at: input.updatedAt ?? new Date().toISOString(),\n revocations: input.revocations ? [...input.revocations] : [],\n signature: {\n alg: 'EdDSA' as const,\n kid: input.signature.kid,\n value: input.signature.value,\n },\n };\n\n return validateOrThrow('buildRevocations', RevocationsSchema, doc);\n}\n","import {\n HandoffBundleSchema,\n type HandoffBundle,\n type DidUri,\n type PublicKeyMultibase,\n type DnsRecordTag,\n} from '@kybernesis/arp-spec';\nimport { validateOrThrow } from './util.js';\n\nexport interface BuildHandoffBundleInput {\n agentDid: DidUri;\n principalDid: DidUri;\n publicKeyMultibase: PublicKeyMultibase;\n /**\n * HTTPS origin of the agent. Used to derive the canonical well-known URLs\n * when individual overrides are not provided.\n */\n agentOrigin: string;\n /** Override well-known URLs (useful when hosting is on a different origin). */\n wellKnownUrls?: {\n did?: string;\n agentCard?: string;\n arp?: string;\n };\n dnsRecordsPublished: readonly DnsRecordTag[];\n /** ISO 8601 cert expiry. */\n certExpiresAt: string;\n /** Bootstrap JWT scoped to the arp-sdk takeover (exp ≤ 15min). */\n bootstrapToken: string;\n}\n\nexport function buildHandoffBundle(input: BuildHandoffBundleInput): HandoffBundle {\n const origin = input.agentOrigin.replace(/\\/$/, '');\n const doc = {\n agent_did: input.agentDid,\n principal_did: input.principalDid,\n public_key_multibase: input.publicKeyMultibase,\n well_known_urls: {\n did: input.wellKnownUrls?.did ?? `${origin}/.well-known/did.json`,\n agent_card:\n input.wellKnownUrls?.agentCard ?? `${origin}/.well-known/agent-card.json`,\n arp: input.wellKnownUrls?.arp ?? `${origin}/.well-known/arp.json`,\n },\n dns_records_published: [...input.dnsRecordsPublished],\n cert_expires_at: input.certExpiresAt,\n bootstrap_token: input.bootstrapToken,\n };\n\n return validateOrThrow('buildHandoffBundle', HandoffBundleSchema, doc);\n}\n"]}

package/package.json ADDED Viewed

@@ -0,0 +1,40 @@
+{
+  "name": "@kybernesis/arp-templates",
+  "version": "0.2.0",
+  "description": "ARP document builders — pure functions that produce validated DID documents, agent cards, arp.json, representation VCs, revocations, and handoff bundles.",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/KybernesisAI/arp.git",
+    "directory": "packages/templates"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "dependencies": {
+    "zod": "^3.23.8",
+    "@kybernesis/arp-spec": "0.2.0"
+  },
+  "devDependencies": {},
+  "scripts": {
+    "build": "tsup",
+    "test": "vitest run",
+    "typecheck": "tsc --noEmit",
+    "lint": "eslint src tests"
+  }
+}