@peac/jwks-cache 0.12.5 → 0.12.6

package/README.md

@@ -1,6 +1,6 @@
 # @peac/jwks-cache
 
-Edge-safe JWKS fetch and cache with SSRF protection
+Edge-safe JWKS fetch and cache with SSRF protection for PEAC receipt verification.
 
 ## Installation
 
@@ -8,9 +8,62 @@ Edge-safe JWKS fetch and cache with SSRF protection
 pnpm add @peac/jwks-cache
 ```
 
-## Documentation
+## What It Does
 
-See [peacprotocol.org](https://www.peacprotocol.org) for full documentation.
+`@peac/jwks-cache` provides a secure JWKS (JSON Web Key Set) resolver with built-in SSRF prevention, in-memory caching with Cache-Control awareness, and Ed25519 key import. It validates URLs against metadata IP ranges before fetching and caches resolved keys to minimize network requests during receipt verification.
+
+## How Do I Use It?
+
+### Create a JWKS resolver and look up a key
+
+```typescript
+import { createResolver, resolveKey } from '@peac/jwks-cache';
+
+const resolver = createResolver({
+  cacheTtlMs: 300_000, // 5 minutes
+});
+
+const key = await resolveKey(resolver, {
+  jwksUri: 'https://issuer.example.com/.well-known/jwks.json',
+  kid: 'key-2026-03',
+});
+
+console.log(key.algorithm); // 'Ed25519'
+```
+
+### Validate a URL for SSRF safety
+
+```typescript
+import { validateUrl, isMetadataIp } from '@peac/jwks-cache';
+
+validateUrl('https://issuer.example.com/.well-known/jwks.json'); // passes
+validateUrl('http://169.254.169.254/latest/meta-data'); // throws: metadata IP
+```
+
+### Use the in-memory cache directly
+
+```typescript
+import { InMemoryCache, buildJwksCacheKey } from '@peac/jwks-cache';
+
+const cache = new InMemoryCache({ maxEntries: 100 });
+
+const cacheKey = buildJwksCacheKey('https://issuer.example.com/.well-known/jwks.json', 'key-1');
+await cache.set(cacheKey, { jwk, expiresAt: Date.now() + 300_000 });
+```
+
+## Integrates With
+
+- `@peac/http-signatures`: Key resolution for RFC 9421 signature verification
+- `@peac/protocol` (Layer 3): Receipt verification with remote key resolution
+- `@peac/server` (Layer 5): Verification server JWKS fetching with circuit breaker
+
+## For Agent Developers
+
+If you are building an AI agent or MCP server that needs evidence receipts:
+
+- Start with [`@peac/mcp-server`](https://www.npmjs.com/package/@peac/mcp-server) for a ready-to-use MCP tool server
+- Use `@peac/protocol` for programmatic receipt issuance and verification
+- See the [llms.txt](https://github.com/peacprotocol/peac/blob/main/llms.txt) for a concise overview
 
 ## License
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/jwks-cache",
-  "version": "0.12.5",
+  "version": "0.12.6",
   "description": "Edge-safe JWKS fetch and cache with SSRF protection",
   "type": "module",
   "main": "dist/index.cjs",
@@ -18,19 +18,23 @@
     "dist"
   ],
   "keywords": [
+    "peac",
+    "peacprotocol",
+    "interaction-records",
+    "signed-records",
+    "receipts",
+    "originary",
     "jwks",
+    "key-resolution",
     "cache",
-    "ed25519",
-    "ssrf",
-    "edge",
-    "peac"
+    "ssrf-safe"
   ],
   "author": "PEAC Protocol Contributors",
   "license": "Apache-2.0",
   "bugs": {
     "url": "https://github.com/peacprotocol/peac/issues"
   },
-  "homepage": "https://www.peacprotocol.org",
+  "homepage": "https://github.com/peacprotocol/peac#readme",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/peacprotocol/peac.git",
@@ -40,7 +44,7 @@
     "access": "public"
   },
   "dependencies": {
-    "@peac/http-signatures": "0.12.5"
+    "@peac/http-signatures": "0.12.6"
   },
   "devDependencies": {
     "typescript": "^5.3.0",