npm - @provenonce/sdk - Versions diffs - 0.10.0 → 0.11.0 - Mend

@provenonce/sdk 0.10.0 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -1,172 +1,187 @@
-# @provenonce/sdk
-Cryptographic identity and accountability SDK for AI agents. Chain-agnostic (Solana + Ethereum).
-## Install
-```bash
-npm install @provenonce/sdk
-```
-## Registration
-Before using the SDK, register your agent to get an API key:
-```typescript
-import { register } from '@provenonce/sdk';
-// No-wallet registration (default — identity only)
-const creds = await register('my-agent-v1', {
-  registryUrl: 'https://provenonce.io',
-  registrationSecret: process.env.REGISTRATION_SECRET, // required in production
-});
-console.log(creds.hash);    // unique agent identity
-console.log(creds.api_key); // use this for BeatAgent
-console.log(creds.secret);  // save — shown only once
-// Solana self-custody wallet (opt-in)
-const withWallet = await register('my-org', {
-  registryUrl: 'https://provenonce.io',
-  walletModel: 'self-custody',
-});
-// withWallet.wallet.address = Solana address
-// withWallet.wallet.secret_key = SAVE — cannot be recovered
-// Child registration (requires parent credentials)
-const child = await register('worker-1', {
-  registryUrl: 'https://provenonce.io',
-  parentHash: creds.hash,
-  parentApiKey: creds.api_key,
-});
-```
-## Quick Start
-```typescript
-import { BeatAgent } from '@provenonce/sdk';
-const agent = new BeatAgent({
-  apiKey: 'pvn_...',
-  registryUrl: 'https://provenonce.io',
-  verbose: true,
-});
-await agent.init();           // Birth in Beat time
-// Purchase a SIGIL (cryptographic identity)
-const sigil = await agent.purchaseSigil({
-  identityClass: 'autonomous',
-  paymentTx: 'solana-tx-signature...',
-});
-// Start heartbeating (paid liveness proofs)
-agent.startHeartbeat();
-// Get your Passport (latest lineage proof)
-const passport = await agent.getPassport();
-console.log(passport?.identity_class);     // 'autonomous'
-console.log(passport?.provenonce_signature); // Ed25519 signed
-// Verify any proof offline — no API call needed
-const valid = BeatAgent.verifyProofLocally(passport, authorityPubKeyHex);
-agent.stopHeartbeat();
-```
-## API
-### `BeatAgent`
-| Method | Description |
-|--------|-------------|
-| `init()` | Initialize the agent's Beat chain (birth in Logical Time) |
-| `purchaseSigil(opts)` | Purchase a SIGIL identity (required for heartbeating) |
-| `heartbeat(opts?)` | Submit a paid heartbeat and receive a signed lineage proof |
-| `startHeartbeat()` | Start autonomous heartbeat loop |
-| `stopHeartbeat()` | Stop heartbeat |
-| `getPassport()` | Get latest lineage proof (Passport) |
-| `reissueProof(paymentTx?)` | Reissue proof without extending lineage |
-| `requestSpawn(name?)` | Spawn a child agent (requires accumulated beats) |
-| `getStatus()` | Get full beat status from registry |
-| `getLocalState()` | Get local state (no network call) |
-| `static verifyProofLocally(proof, pubKey)` | Verify a lineage proof offline |
-### `BeatAgentConfig`
-| Option | Default | Description |
-|--------|---------|-------------|
-| `apiKey` | *required* | API key from registration (`pvn_...`) |
-| `registryUrl` | *required* | Provenonce registry URL |
-| `heartbeatIntervalSec` | `300` | Seconds between automatic heartbeats |
-| `onHeartbeat` | — | Callback when heartbeat completes |
-| `onError` | — | Callback on error |
-| `onStatusChange` | — | Callback when status changes |
-| `verbose` | `false` | Enable console logging |
-### `register(name, options)`
-| Option | Description |
-|--------|-------------|
-| `registryUrl` | Registry URL (required) |
-| `registrationSecret` | Registration gate (mainnet) |
-| `walletModel` | `'self-custody'` or `'operator'` (opt-in wallet) |
-| `walletChain` | `'solana'` or `'ethereum'` |
-| `walletAddress` | Ethereum BYO address |
-| `walletSignFn` | Signing function for BYO wallets |
-| `parentHash` | Parent hash (child registration) |
-| `parentApiKey` | Parent's API key (child registration) |
-Returns `RegistrationResult` with `hash`, `api_key`, `secret`, `wallet?`.
-**Note:** Agent names should only contain `[a-zA-Z0-9_\-. ]`. Other characters are stripped by the server before signature verification.
-### Phase 2 Types
-```typescript
-import type { Passport, LineageProof, IdentityClass, SigilResult, HeartbeatResult } from '@provenonce/sdk';
-// Passport = LineageProof (type alias)
-// Contains: agent_hash, agent_public_key, identity_class, lineage_chain_hash,
-//           provenonce_signature, issued_at, valid_until, etc.
-// IdentityClass = 'narrow_task' | 'autonomous' | 'orchestrator'
-```
-### Error Handling
-```typescript
-import { ProvenonceError, AuthError, RateLimitError, FrozenError, ErrorCode } from '@provenonce/sdk';
-try {
-  await agent.heartbeat();
-} catch (err) {
-  if (err instanceof RateLimitError) {
-    console.log(`Retry after ${err.retryAfterMs}ms`);
-  } else if (err instanceof FrozenError) {
-    console.log('Agent is frozen — heartbeat refused');
-  } else if (err instanceof AuthError) {
-    console.log('Invalid API key');
-  }
-}
-```
-## Framework Integration Examples
-Ready-to-run examples for popular agent frameworks are in [`examples/`](./examples/):
-| Framework | File | What it shows |
-|-----------|------|---------------|
-| **CrewAI** | [`crewai_example.py`](./examples/crewai_example.py) | Register a research crew with parent-child lineage |
-| **AutoGen** | [`autogen_example.py`](./examples/autogen_example.py) | Coder + reviewer agents with post-run provenance audit |
-| **LangGraph** | [`langgraph_example.py`](./examples/langgraph_example.py) | Pipeline nodes with on-chain audit trail |
-| **Any (Node.js)** | [`add-provenonce.ts`](./examples/add-provenonce.ts) | 20-line generic integration |
-Python examples use the REST API directly — no Python SDK needed. See [`examples/README.md`](./examples/README.md) for details.
-## Links
-- [Live prototype](https://provenonce.io)
-- [npm package](https://www.npmjs.com/package/@provenonce/sdk)
-- [API docs](https://provenonce.dev)
-- [Whitepaper](https://provenonce.dev/concepts/architecture)
+# @provenonce/sdk
+Cryptographic identity and accountability SDK for AI agents. Chain-agnostic (Solana + Ethereum).
+## Install
+```bash
+npm install @provenonce/sdk
+```
+## Registration
+Before using the SDK, register your agent to get an API key:
+```typescript
+import { register } from '@provenonce/sdk';
+// No-wallet registration (default — identity only)
+const creds = await register('my-agent-v1', {
+  registryUrl: 'https://provenonce.io',
+  registrationSecret: process.env.REGISTRATION_SECRET, // required in production
+});
+console.log(creds.hash);    // unique agent identity
+console.log(creds.api_key); // use this for BeatAgent
+console.log(creds.secret);  // save — shown only once
+// Solana self-custody wallet (opt-in)
+const withWallet = await register('my-org', {
+  registryUrl: 'https://provenonce.io',
+  walletModel: 'self-custody',
+});
+// withWallet.wallet.address = Solana address
+// withWallet.wallet.secret_key = SAVE — cannot be recovered
+// Child registration (requires parent credentials)
+const child = await register('worker-1', {
+  registryUrl: 'https://provenonce.io',
+  parentHash: creds.hash,
+  parentApiKey: creds.api_key,
+});
+```
+## Quick Start
+```typescript
+import { BeatAgent } from '@provenonce/sdk';
+const agent = new BeatAgent({
+  apiKey: 'pvn_...',
+  registryUrl: 'https://provenonce.io',
+  verbose: true,
+});
+await agent.init();           // Birth in Beat time
+// Purchase a SIGIL (cryptographic identity)
+const sigil = await agent.purchaseSigil({
+  identity_class: 'autonomous',
+  principal: 'my-agent',
+  tier: 'ind',
+  payment_tx: 'solana-tx-signature...',
+});
+// Start heartbeating (paid liveness proofs)
+agent.startHeartbeat();
+// Get your Passport (latest lineage proof)
+const passport = await agent.getPassport();
+console.log(passport?.identity_class);     // 'autonomous'
+console.log(passport?.provenonce_signature); // Ed25519 signed
+// Verify any proof offline — no API call needed
+const valid = BeatAgent.verifyProofLocally(passport, authorityPubKeyHex);
+agent.stopHeartbeat();
+```
+## API
+### `BeatAgent`
+| Method | Description |
+|--------|-------------|
+| `init()` | Initialize the agent's Beat chain (birth in Logical Time) |
+| `purchaseSigil(opts)` | Purchase a SIGIL identity (required for heartbeating) |
+| `updateMetadata(fields)` | Update mutable SIGIL metadata fields |
+| `heartbeat(paymentTx?, globalAnchor?)` | Submit a paid heartbeat and receive a signed lineage proof |
+| `startHeartbeat()` | Start autonomous heartbeat loop |
+| `stopHeartbeat()` | Stop heartbeat |
+| `getPassport()` | Get latest lineage proof (Passport) |
+| `reissueProof(paymentTx?)` | Reissue proof without extending lineage |
+| `requestSpawn(name?)` | Spawn a child agent (requires accumulated beats) |
+| `getStatus()` | Get full beat status from registry |
+| `getLocalState()` | Get local state (no network call) |
+| `static verifyProofLocally(proof, pubKey)` | Verify a lineage proof offline |
+### `BeatAgentConfig`
+| Option | Default | Description |
+|--------|---------|-------------|
+| `apiKey` | *required* | API key from registration (`pvn_...`) |
+| `registryUrl` | *required* | Provenonce registry URL |
+| `heartbeatIntervalSec` | `300` | Seconds between automatic heartbeats |
+| `onHeartbeat` | — | Callback when heartbeat completes |
+| `onError` | — | Callback on error |
+| `onStatusChange` | — | Callback when status changes |
+| `verbose` | `false` | Enable console logging |
+### `register(name, options)`
+| Option | Description |
+|--------|-------------|
+| `registryUrl` | Registry URL (required) |
+| `registrationSecret` | Registration gate (mainnet) |
+| `walletModel` | `'self-custody'` or `'operator'` (opt-in wallet) |
+| `walletChain` | `'solana'` or `'ethereum'` |
+| `walletAddress` | Ethereum BYO address |
+| `walletSignFn` | Signing function for BYO wallets |
+| `parentHash` | Parent hash (child registration) |
+| `parentApiKey` | Parent's API key (child registration) |
+Returns `RegistrationResult` with `hash`, `api_key`, `secret`, `wallet?`.
+**Note:** Agent names should only contain `[a-zA-Z0-9_\-. ]`. Other characters are stripped by the server before signature verification.
+### Phase 2 Types
+```typescript
+import type { Passport, LineageProof, IdentityClass, SigilResult, HeartbeatResult } from '@provenonce/sdk';
+// Passport = LineageProof (type alias)
+// Contains: agent_hash, agent_public_key, identity_class, lineage_chain_hash,
+//           provenonce_signature, issued_at, valid_until, etc.
+// IdentityClass = 'narrow_task' | 'autonomous' | 'orchestrator'
+```
+### `purchaseSigil(opts)` required fields
+```typescript
+await agent.purchaseSigil({
+  identity_class: 'narrow_task' | 'autonomous' | 'orchestrator',
+  principal: 'my-agent',
+  tier: 'sov' | 'org' | 'ind' | 'eph' | 'sbx',
+  payment_tx: 'solana-tx-signature...', // or 'devnet-skip' on devnet
+  name: 'optional-display-name'
+});
+```
+### Error Handling
+```typescript
+import { ProvenonceError, AuthError, RateLimitError, FrozenError, ErrorCode } from '@provenonce/sdk';
+try {
+  await agent.heartbeat();
+} catch (err) {
+  if (err instanceof RateLimitError) {
+    console.log(`Retry after ${err.retryAfterMs}ms`);
+  } else if (err instanceof FrozenError) {
+    console.log('Agent is frozen — heartbeat refused');
+  } else if (err instanceof AuthError) {
+    console.log('Invalid API key');
+  }
+}
+```
+## Framework Integration Examples
+Ready-to-run examples for popular agent frameworks are in [`examples/`](./examples/):
+| Framework | File | What it shows |
+|-----------|------|---------------|
+| **CrewAI** | [`crewai_example.py`](./examples/crewai_example.py) | Register a research crew with parent-child lineage |
+| **AutoGen** | [`autogen_example.py`](./examples/autogen_example.py) | Coder + reviewer agents with post-run provenance audit |
+| **LangGraph** | [`langgraph_example.py`](./examples/langgraph_example.py) | Pipeline nodes with on-chain audit trail |
+| **Any (Node.js)** | [`add-provenonce.ts`](./examples/add-provenonce.ts) | 20-line generic integration |
+Python examples use the REST API directly — no Python SDK needed. See [`examples/README.md`](./examples/README.md) for details.
+## Links
+- [Live prototype](https://provenonce.io)
+- [npm package](https://www.npmjs.com/package/@provenonce/sdk)
+- [API docs](https://provenonce.dev)
+- [Whitepaper](https://provenonce.dev/whitepaper)

package/dist/index.d.mts CHANGED Viewed

@@ -242,9 +242,42 @@ interface RegistrationResult {
         heartbeat?: string;
     };
 }
+/** Options for the register() function */
+interface RegisterOptions {
+    registryUrl?: string;
+    parentHash?: string;
+    parentApiKey?: string;
+    registrationSecret?: string;
+    /** Single-use registration token from POST /register/token or POST /register/email/verify */
+    registrationToken?: string;
+    /** Admin-minted invite token */
+    registrationInvite?: string;
+    /** Hex-encoded 32-byte Ed25519 secret seed (bring-your-own Solana key) */
+    walletSecretKey?: string;
+    /** Wallet model: 'self-custody' (Model A) or 'operator' (Model B). Must be set explicitly to opt in. */
+    walletModel?: 'self-custody' | 'operator';
+    /** Wallet chain: 'solana' (default when wallet is used) or 'ethereum' (D-63) */
+    walletChain?: 'solana' | 'ethereum';
+    /** Wallet address for Ethereum bring-your-own (0x + 40 hex chars) */
+    walletAddress?: string;
+    /** Async function to sign a message with an Ethereum wallet (EIP-191 personal_sign). Returns 0x-prefixed 65-byte hex sig. */
+    walletSignFn?: (message: string) => Promise<string>;
+    /** Operator's Solana wallet address (base58). Required when walletModel='operator'. */
+    operatorWalletAddress?: string;
+    /** Function to sign a message with the operator's Solana wallet. Required when walletModel='operator'. */
+    operatorSignFn?: (message: string) => Promise<string>;
+    /** Optional agent metadata (arbitrary JSON object, max 4KB). Returned in /verify and /status. */
+    metadata?: Record<string, unknown>;
+}
 /**
  * Register a new agent on the Provenonce registry.
  *
+ * With registration token (from /register/token or email verification):
+ *   const creds = await register('my-agent', {
+ *     registryUrl: '...',
+ *     registrationToken: '<token-from-email-verify>',
+ *   });
+ *
  * No wallet (default, single-phase):
  *   const creds = await register('my-agent', { registryUrl: '...' });
  *
@@ -285,28 +318,7 @@ interface RegistrationResult {
  *     parentApiKey: parentCreds.api_key,
  *   });
  */
-declare function register(name: string, options?: {
-    registryUrl?: string;
-    parentHash?: string;
-    parentApiKey?: string;
-    registrationSecret?: string;
-    /** Hex-encoded 32-byte Ed25519 secret seed (bring-your-own Solana key) */
-    walletSecretKey?: string;
-    /** Wallet model: 'self-custody' (Model A) or 'operator' (Model B). Must be set explicitly to opt in. */
-    walletModel?: 'self-custody' | 'operator';
-    /** Wallet chain: 'solana' (default when wallet is used) or 'ethereum' (D-63) */
-    walletChain?: 'solana' | 'ethereum';
-    /** Wallet address for Ethereum bring-your-own (0x + 40 hex chars) */
-    walletAddress?: string;
-    /** Async function to sign a message with an Ethereum wallet (EIP-191 personal_sign). Returns 0x-prefixed 65-byte hex sig. */
-    walletSignFn?: (message: string) => Promise<string>;
-    /** Operator's Solana wallet address (base58). Required when walletModel='operator'. */
-    operatorWalletAddress?: string;
-    /** Function to sign a message with the operator's Solana wallet. Required when walletModel='operator'. */
-    operatorSignFn?: (message: string) => Promise<string>;
-    /** Optional agent metadata (arbitrary JSON object, max 4KB). Returned in /verify and /status. */
-    metadata?: Record<string, unknown>;
-}): Promise<RegistrationResult>;
+declare function register(name: string, options?: RegisterOptions): Promise<RegistrationResult>;
 interface BeatAgentConfig {
     /** API key from registration (pvn_...) */
     apiKey: string;
@@ -573,4 +585,4 @@ declare class ServerError extends ProvenonceError {
     constructor(message: string, statusCode?: number);
 }
-export { type AgentStatus, AuthError, type Beat, BeatAgent, type BeatAgentConfig, type Capability, type CheckinResult, type ComplianceRegime, ErrorCode, FrozenError, type HeartbeatResult, type IdentityClass, type LineageProof, type MetadataUpdateResult, NetworkError, NotFoundError, type Passport, ProvenonceError, RateLimitError, type RegistrationResult, ServerError, type SigilMutableFields, type SigilProtocol, type SigilPurchaseOptions, type SigilResult, type SigilTier, type SpawnResult, StateError, type Substrate, type SubstrateProvider, ValidationError, type VerificationResult, type WalletInfo, computeBeat, computeBeatsLite, generateWalletKeypair, register };
+export { type AgentStatus, AuthError, type Beat, BeatAgent, type BeatAgentConfig, type Capability, type CheckinResult, type ComplianceRegime, ErrorCode, FrozenError, type HeartbeatResult, type IdentityClass, type LineageProof, type MetadataUpdateResult, NetworkError, NotFoundError, type Passport, ProvenonceError, RateLimitError, type RegisterOptions, type RegistrationResult, ServerError, type SigilMutableFields, type SigilProtocol, type SigilPurchaseOptions, type SigilResult, type SigilTier, type SpawnResult, StateError, type Substrate, type SubstrateProvider, ValidationError, type VerificationResult, type WalletInfo, computeBeat, computeBeatsLite, generateWalletKeypair, register };

package/dist/index.d.ts CHANGED Viewed

@@ -242,9 +242,42 @@ interface RegistrationResult {
         heartbeat?: string;
     };
 }
+/** Options for the register() function */
+interface RegisterOptions {
+    registryUrl?: string;
+    parentHash?: string;
+    parentApiKey?: string;
+    registrationSecret?: string;
+    /** Single-use registration token from POST /register/token or POST /register/email/verify */
+    registrationToken?: string;
+    /** Admin-minted invite token */
+    registrationInvite?: string;
+    /** Hex-encoded 32-byte Ed25519 secret seed (bring-your-own Solana key) */
+    walletSecretKey?: string;
+    /** Wallet model: 'self-custody' (Model A) or 'operator' (Model B). Must be set explicitly to opt in. */
+    walletModel?: 'self-custody' | 'operator';
+    /** Wallet chain: 'solana' (default when wallet is used) or 'ethereum' (D-63) */
+    walletChain?: 'solana' | 'ethereum';
+    /** Wallet address for Ethereum bring-your-own (0x + 40 hex chars) */
+    walletAddress?: string;
+    /** Async function to sign a message with an Ethereum wallet (EIP-191 personal_sign). Returns 0x-prefixed 65-byte hex sig. */
+    walletSignFn?: (message: string) => Promise<string>;
+    /** Operator's Solana wallet address (base58). Required when walletModel='operator'. */
+    operatorWalletAddress?: string;
+    /** Function to sign a message with the operator's Solana wallet. Required when walletModel='operator'. */
+    operatorSignFn?: (message: string) => Promise<string>;
+    /** Optional agent metadata (arbitrary JSON object, max 4KB). Returned in /verify and /status. */
+    metadata?: Record<string, unknown>;
+}
 /**
  * Register a new agent on the Provenonce registry.
  *
+ * With registration token (from /register/token or email verification):
+ *   const creds = await register('my-agent', {
+ *     registryUrl: '...',
+ *     registrationToken: '<token-from-email-verify>',
+ *   });
+ *
  * No wallet (default, single-phase):
  *   const creds = await register('my-agent', { registryUrl: '...' });
  *
@@ -285,28 +318,7 @@ interface RegistrationResult {
  *     parentApiKey: parentCreds.api_key,
  *   });
  */
-declare function register(name: string, options?: {
-    registryUrl?: string;
-    parentHash?: string;
-    parentApiKey?: string;
-    registrationSecret?: string;
-    /** Hex-encoded 32-byte Ed25519 secret seed (bring-your-own Solana key) */
-    walletSecretKey?: string;
-    /** Wallet model: 'self-custody' (Model A) or 'operator' (Model B). Must be set explicitly to opt in. */
-    walletModel?: 'self-custody' | 'operator';
-    /** Wallet chain: 'solana' (default when wallet is used) or 'ethereum' (D-63) */
-    walletChain?: 'solana' | 'ethereum';
-    /** Wallet address for Ethereum bring-your-own (0x + 40 hex chars) */
-    walletAddress?: string;
-    /** Async function to sign a message with an Ethereum wallet (EIP-191 personal_sign). Returns 0x-prefixed 65-byte hex sig. */
-    walletSignFn?: (message: string) => Promise<string>;
-    /** Operator's Solana wallet address (base58). Required when walletModel='operator'. */
-    operatorWalletAddress?: string;
-    /** Function to sign a message with the operator's Solana wallet. Required when walletModel='operator'. */
-    operatorSignFn?: (message: string) => Promise<string>;
-    /** Optional agent metadata (arbitrary JSON object, max 4KB). Returned in /verify and /status. */
-    metadata?: Record<string, unknown>;
-}): Promise<RegistrationResult>;
+declare function register(name: string, options?: RegisterOptions): Promise<RegistrationResult>;
 interface BeatAgentConfig {
     /** API key from registration (pvn_...) */
     apiKey: string;
@@ -573,4 +585,4 @@ declare class ServerError extends ProvenonceError {
     constructor(message: string, statusCode?: number);
 }
-export { type AgentStatus, AuthError, type Beat, BeatAgent, type BeatAgentConfig, type Capability, type CheckinResult, type ComplianceRegime, ErrorCode, FrozenError, type HeartbeatResult, type IdentityClass, type LineageProof, type MetadataUpdateResult, NetworkError, NotFoundError, type Passport, ProvenonceError, RateLimitError, type RegistrationResult, ServerError, type SigilMutableFields, type SigilProtocol, type SigilPurchaseOptions, type SigilResult, type SigilTier, type SpawnResult, StateError, type Substrate, type SubstrateProvider, ValidationError, type VerificationResult, type WalletInfo, computeBeat, computeBeatsLite, generateWalletKeypair, register };
+export { type AgentStatus, AuthError, type Beat, BeatAgent, type BeatAgentConfig, type Capability, type CheckinResult, type ComplianceRegime, ErrorCode, FrozenError, type HeartbeatResult, type IdentityClass, type LineageProof, type MetadataUpdateResult, NetworkError, NotFoundError, type Passport, ProvenonceError, RateLimitError, type RegisterOptions, type RegistrationResult, ServerError, type SigilMutableFields, type SigilProtocol, type SigilPurchaseOptions, type SigilResult, type SigilTier, type SpawnResult, StateError, type Substrate, type SubstrateProvider, ValidationError, type VerificationResult, type WalletInfo, computeBeat, computeBeatsLite, generateWalletKeypair, register };

package/dist/index.js CHANGED Viewed

@@ -183,6 +183,12 @@ async function register(name, options) {
   if (options?.registrationSecret) {
     headers["x-registration-secret"] = options.registrationSecret;
   }
+  if (options?.registrationToken) {
+    headers["x-registration-token"] = options.registrationToken;
+  }
+  if (options?.registrationInvite) {
+    headers["x-registration-invite"] = options.registrationInvite;
+  }
   if (options?.parentHash) {
     if (options.parentApiKey) {
       headers["Authorization"] = `Bearer ${options.parentApiKey}`;