@scopeblind/passport 0.3.0

package/dist/types-DHZHv2EE.d.mts

@@ -0,0 +1,278 @@
+/**
+ * @scopeblind/passport — Type Definitions (Schema Freeze)
+ *
+ * Seven distinct signed object types that compose the passport system.
+ * Manifests are IMMUTABLE once signed. Status changes use separate records.
+ *
+ * Key model (alpha): Ed25519 only.
+ * The `auth_key_bindings` field exists for forward compatibility with
+ * P-256 DPoP request-auth keys, but is not populated until lease binding.
+ */
+/** Role determines the ID prefix: sb:coach: or sb:agent: */
+type PassportRole = 'coach' | 'agent';
+interface PassportKeyPair {
+    /** Ed25519 public key (32 bytes) */
+    publicKey: Uint8Array;
+    /** Ed25519 secret key (64 bytes) */
+    secretKey: Uint8Array;
+    /** Derived identifier: sb:coach:<fingerprint> or sb:agent:<fingerprint> */
+    kid: string;
+    /** Role this key was generated for */
+    role: PassportRole;
+    /** ISO 8601 timestamp of key generation */
+    created_at: string;
+}
+type ManifestType = 'scopeblind:coach-manifest' | 'scopeblind:agent-manifest';
+/** Fields shared by both coach and agent manifests */
+interface BaseManifest {
+    /** Discriminator for manifest role */
+    type: ManifestType;
+    /** Unique identifier: sb:coach:<fingerprint> or sb:agent:<fingerprint> */
+    id: string;
+    /** Semver version string. Bumped on any config change. */
+    version: string;
+    /** ID + version of the predecessor, or null for genesis */
+    previous_version: string | null;
+    /** ISO 8601. Set once at creation. Manifests are immutable — no updated_at. */
+    created_at: string;
+    /** Base58-encoded Ed25519 public key */
+    public_key: string;
+    /**
+     * Optional P-256 DPoP key IDs bound to this passport.
+     * Populated in Sprint 3+ for protect-mcp lease validation.
+     * Empty or omitted in alpha.
+     */
+    auth_key_bindings?: string[];
+}
+interface CoachManifest extends BaseManifest {
+    type: 'scopeblind:coach-manifest';
+    /** Human-readable coach display name (max 32 chars) */
+    display_name: string;
+}
+interface AgentManifest extends BaseManifest {
+    type: 'scopeblind:agent-manifest';
+    /** Public-facing marketing and search metadata */
+    public_profile: AgentPublicProfile;
+    /** Cryptographic commitments to agent internals */
+    configuration_attestations: AgentConfigAttestations;
+    /** Declared capabilities and lease compatibility */
+    capability_declarations: AgentCapabilities;
+    /** Links to evidence on Acta, keyed by receipt type */
+    evidence_pointers: AgentEvidencePointers;
+}
+interface AgentPublicProfile {
+    name: string;
+    description: string;
+    /** Granular domain lanes, e.g. ["coding:bugfix", "analysis:decision"] */
+    domain_lanes: string[];
+}
+interface AgentConfigAttestations {
+    /** SHA-256 hash commitment to the underlying model (not a marketing tier) */
+    model_family_hash: string;
+    /** How memory is handled between sessions */
+    memory_mode: 'stateless' | 'isolated' | 'shared';
+    /** SHA-256 hash of the system prompt. Change triggers a new manifest version. */
+    prompt_hash: string;
+}
+interface AgentCapabilities {
+    /** Pre-built protect-mcp policy templates this agent is compatible with */
+    lease_template_compatibility: string[];
+    /** Tool classes the agent requires (e.g. ["database-read", "filesystem-read"]) */
+    requested_tool_classes: string[];
+}
+interface AgentEvidencePointers {
+    /** Acta topic slugs for arena battle receipts */
+    arena_topics?: string[];
+    /** Acta topic slugs for real work receipts */
+    work_topics?: string[];
+    /** Acta topic slugs for restraint/policy compliance receipts */
+    restraint_topics?: string[];
+}
+/** Union type for any manifest */
+type Manifest = CoachManifest | AgentManifest;
+/**
+ * Signed by the COACH's key, proving ownership of an agent.
+ * Separate from the agent manifest to enable transfer, team ownership,
+ * and leasing without mutating the manifest.
+ */
+interface OwnershipAttestation {
+    type: 'scopeblind:ownership-attestation';
+    /** Coach's sb:coach:<id> */
+    coach_id: string;
+    /** Agent's sb:agent:<id> */
+    agent_id: string;
+    /** Semver version of the agent manifest this attestation covers */
+    agent_manifest_version: string;
+    /** ISO 8601 */
+    granted_at: string;
+}
+/**
+ * Separate from the manifest because manifests are immutable.
+ * Signed by the entity's own key (self-revocation) or an authority key.
+ */
+interface StatusRecord {
+    type: 'scopeblind:status-record';
+    /** The coach or agent ID whose status is changing */
+    target_id: string;
+    /** New status */
+    status: 'active' | 'suspended' | 'revoked';
+    /** Optional human-readable reason */
+    reason?: string;
+    /** ISO 8601 */
+    changed_at: string;
+    /** Who issued this status change */
+    issuer_id: string;
+}
+type EvidenceReceiptType = 'blindllm:arena-battle' | 'blindllm:coach-uplift' | 'blindllm:formal-debate' | 'protectmcp:restraint';
+/** Agent identity reference within a battle */
+interface BattleParticipant {
+    /** sb:agent:<id> or sb:model:<id> for pure baselines */
+    id: string;
+    /** Semver of the agent manifest at time of battle */
+    manifest_version: string;
+}
+interface ArenaBattleReceipt {
+    type: 'blindllm:arena-battle';
+    battle_id: string;
+    lane_id: string;
+    agent_a: BattleParticipant;
+    agent_b: BattleParticipant;
+    /** Present only if coaching was used */
+    coach?: {
+        id: string;
+        coached_side: 'A' | 'B';
+        note_hash: string;
+        note_length: number;
+    };
+    winner: 'A' | 'B' | 'tie';
+    /** ISO 8601 */
+    issued_at: string;
+    /** BlindLLM issuer key that signed this receipt */
+    issuer_id: string;
+}
+interface CoachUpliftReceipt {
+    type: 'blindllm:coach-uplift';
+    battle_id: string;
+    coach_id: string;
+    coached_side: 'A' | 'B';
+    uplift_verdict: 'stronger' | 'same' | 'weaker';
+    /** ISO 8601 */
+    issued_at: string;
+    issuer_id: string;
+}
+interface FormalDebateParticipant {
+    /** sb:agent:<id> or sb:model:<id> */
+    id: string;
+    /** Semver of the participant manifest at time of debate */
+    manifest_version: string;
+    /** Optional coach/owner for the participant */
+    coach_id?: string;
+}
+interface FormalDebateReceipt {
+    type: 'blindllm:formal-debate';
+    debate_id: string;
+    spec_id: string;
+    lane_id: string;
+    artifact_hash: string;
+    resolution_hash: string;
+    pro: FormalDebateParticipant;
+    con: FormalDebateParticipant;
+    audience_winner: 'pro' | 'con' | 'tie';
+    judge_winner: 'pro' | 'con' | 'tie';
+    restraint_result: 'clean' | 'flagged';
+    /** ISO 8601 */
+    issued_at: string;
+    issuer_id: string;
+}
+interface RestraintReceipt {
+    type: 'protectmcp:restraint';
+    /** The agent whose tool call was evaluated */
+    agent_id: string;
+    agent_manifest_version: string;
+    /** The tool that was called */
+    tool_name: string;
+    /** Whether the call was allowed or denied */
+    decision: 'allow' | 'deny';
+    /** If denied, was it an active refusal by the agent or a policy block? */
+    denial_type?: 'policy-block' | 'agent-refusal';
+    /** ISO 8601 */
+    issued_at: string;
+    issuer_id: string;
+}
+/** Union type for all evidence receipts */
+type EvidenceReceipt = ArenaBattleReceipt | CoachUpliftReceipt | FormalDebateReceipt | RestraintReceipt;
+/**
+ * Links a passport's Ed25519 identity to one or more P-256 DPoP
+ * request-auth keys. Used by protect-mcp to verify that an incoming
+ * DPoP-authenticated request belongs to a known passport.
+ *
+ * NOT IMPLEMENTED IN ALPHA. Type defined for schema completeness.
+ */
+interface AuthKeyBinding {
+    type: 'scopeblind:auth-key-binding';
+    /** The passport ID (coach or agent) */
+    passport_id: string;
+    /** P-256 DPoP key identifier being bound */
+    auth_kid: string;
+    /** Purpose of the binding */
+    purpose: 'request-auth' | 'tool-call' | 'lease';
+    /** ISO 8601 */
+    bound_at: string;
+    /** Optional expiry */
+    expires_at?: string;
+}
+/**
+ * Wrapper for any signed passport object.
+ * Uses @veritasacta/artifacts canonicalization + Ed25519 signing.
+ */
+interface SignedEnvelope<T> {
+    /** The signed payload */
+    payload: T;
+    /** Ed25519 signature metadata */
+    signature: {
+        /** Always 'EdDSA' for Ed25519 */
+        alg: 'EdDSA';
+        /** The signer's passport kid */
+        kid: string;
+        /** Hex-encoded Ed25519 signature (128 chars) */
+        sig: string;
+    };
+}
+/** A complete passport bundle for export/import */
+interface PassportBundle {
+    /** The passport keypair (secret key included for owner, omitted for verification) */
+    key: PassportKeyPair;
+    /** All manifests issued by this passport (version chain) */
+    manifests: SignedEnvelope<Manifest>[];
+    /** Ownership attestations (for coaches who own agents) */
+    ownership_attestations: SignedEnvelope<OwnershipAttestation>[];
+    /** Status records */
+    status_records: SignedEnvelope<StatusRecord>[];
+}
+/** Encrypted bundle for portable export */
+interface EncryptedPassportBundle {
+    /** Encryption algorithm */
+    enc: 'aes-256-gcm';
+    /** Base64url-encoded encrypted PassportBundle JSON */
+    ciphertext: string;
+    /** Base64url-encoded initialization vector */
+    iv: string;
+    /** Whether passphrase protection was used */
+    passphrase_protected: boolean;
+}
+/**
+ * One canonical payload signed by the coach per battle.
+ * NOT micro-action signing. The client signs this once,
+ * then BlindLLM verifies and issues its own receipt.
+ */
+interface CoachContribution {
+    type: 'scopeblind:coach-contribution';
+    battle_id: string;
+    coach_id: string;
+    coached_side: 'A' | 'B';
+    note_hash: string;
+    note_length: number;
+    uplift_verdict?: 'stronger' | 'same' | 'weaker';
+}
+
+export type { AgentPublicProfile as A, BaseManifest as B, CoachContribution as C, EncryptedPassportBundle as E, FormalDebateReceipt as F, Manifest as M, OwnershipAttestation as O, PassportBundle as P, RestraintReceipt as R, SignedEnvelope as S, PassportKeyPair as a, PassportRole as b, AgentConfigAttestations as c, AgentCapabilities as d, AgentEvidencePointers as e, AgentManifest as f, CoachManifest as g, StatusRecord as h, ArenaBattleReceipt as i, CoachUpliftReceipt as j, AuthKeyBinding as k, BattleParticipant as l, EvidenceReceipt as m, EvidenceReceiptType as n, FormalDebateParticipant as o, ManifestType as p };

package/dist/types-DHZHv2EE.d.ts

@@ -0,0 +1,278 @@
+/**
+ * @scopeblind/passport — Type Definitions (Schema Freeze)
+ *
+ * Seven distinct signed object types that compose the passport system.
+ * Manifests are IMMUTABLE once signed. Status changes use separate records.
+ *
+ * Key model (alpha): Ed25519 only.
+ * The `auth_key_bindings` field exists for forward compatibility with
+ * P-256 DPoP request-auth keys, but is not populated until lease binding.
+ */
+/** Role determines the ID prefix: sb:coach: or sb:agent: */
+type PassportRole = 'coach' | 'agent';
+interface PassportKeyPair {
+    /** Ed25519 public key (32 bytes) */
+    publicKey: Uint8Array;
+    /** Ed25519 secret key (64 bytes) */
+    secretKey: Uint8Array;
+    /** Derived identifier: sb:coach:<fingerprint> or sb:agent:<fingerprint> */
+    kid: string;
+    /** Role this key was generated for */
+    role: PassportRole;
+    /** ISO 8601 timestamp of key generation */
+    created_at: string;
+}
+type ManifestType = 'scopeblind:coach-manifest' | 'scopeblind:agent-manifest';
+/** Fields shared by both coach and agent manifests */
+interface BaseManifest {
+    /** Discriminator for manifest role */
+    type: ManifestType;
+    /** Unique identifier: sb:coach:<fingerprint> or sb:agent:<fingerprint> */
+    id: string;
+    /** Semver version string. Bumped on any config change. */
+    version: string;
+    /** ID + version of the predecessor, or null for genesis */
+    previous_version: string | null;
+    /** ISO 8601. Set once at creation. Manifests are immutable — no updated_at. */
+    created_at: string;
+    /** Base58-encoded Ed25519 public key */
+    public_key: string;
+    /**
+     * Optional P-256 DPoP key IDs bound to this passport.
+     * Populated in Sprint 3+ for protect-mcp lease validation.
+     * Empty or omitted in alpha.
+     */
+    auth_key_bindings?: string[];
+}
+interface CoachManifest extends BaseManifest {
+    type: 'scopeblind:coach-manifest';
+    /** Human-readable coach display name (max 32 chars) */
+    display_name: string;
+}
+interface AgentManifest extends BaseManifest {
+    type: 'scopeblind:agent-manifest';
+    /** Public-facing marketing and search metadata */
+    public_profile: AgentPublicProfile;
+    /** Cryptographic commitments to agent internals */
+    configuration_attestations: AgentConfigAttestations;
+    /** Declared capabilities and lease compatibility */
+    capability_declarations: AgentCapabilities;
+    /** Links to evidence on Acta, keyed by receipt type */
+    evidence_pointers: AgentEvidencePointers;
+}
+interface AgentPublicProfile {
+    name: string;
+    description: string;
+    /** Granular domain lanes, e.g. ["coding:bugfix", "analysis:decision"] */
+    domain_lanes: string[];
+}
+interface AgentConfigAttestations {
+    /** SHA-256 hash commitment to the underlying model (not a marketing tier) */
+    model_family_hash: string;
+    /** How memory is handled between sessions */
+    memory_mode: 'stateless' | 'isolated' | 'shared';
+    /** SHA-256 hash of the system prompt. Change triggers a new manifest version. */
+    prompt_hash: string;
+}
+interface AgentCapabilities {
+    /** Pre-built protect-mcp policy templates this agent is compatible with */
+    lease_template_compatibility: string[];
+    /** Tool classes the agent requires (e.g. ["database-read", "filesystem-read"]) */
+    requested_tool_classes: string[];
+}
+interface AgentEvidencePointers {
+    /** Acta topic slugs for arena battle receipts */
+    arena_topics?: string[];
+    /** Acta topic slugs for real work receipts */
+    work_topics?: string[];
+    /** Acta topic slugs for restraint/policy compliance receipts */
+    restraint_topics?: string[];
+}
+/** Union type for any manifest */
+type Manifest = CoachManifest | AgentManifest;
+/**
+ * Signed by the COACH's key, proving ownership of an agent.
+ * Separate from the agent manifest to enable transfer, team ownership,
+ * and leasing without mutating the manifest.
+ */
+interface OwnershipAttestation {
+    type: 'scopeblind:ownership-attestation';
+    /** Coach's sb:coach:<id> */
+    coach_id: string;
+    /** Agent's sb:agent:<id> */
+    agent_id: string;
+    /** Semver version of the agent manifest this attestation covers */
+    agent_manifest_version: string;
+    /** ISO 8601 */
+    granted_at: string;
+}
+/**
+ * Separate from the manifest because manifests are immutable.
+ * Signed by the entity's own key (self-revocation) or an authority key.
+ */
+interface StatusRecord {
+    type: 'scopeblind:status-record';
+    /** The coach or agent ID whose status is changing */
+    target_id: string;
+    /** New status */
+    status: 'active' | 'suspended' | 'revoked';
+    /** Optional human-readable reason */
+    reason?: string;
+    /** ISO 8601 */
+    changed_at: string;
+    /** Who issued this status change */
+    issuer_id: string;
+}
+type EvidenceReceiptType = 'blindllm:arena-battle' | 'blindllm:coach-uplift' | 'blindllm:formal-debate' | 'protectmcp:restraint';
+/** Agent identity reference within a battle */
+interface BattleParticipant {
+    /** sb:agent:<id> or sb:model:<id> for pure baselines */
+    id: string;
+    /** Semver of the agent manifest at time of battle */
+    manifest_version: string;
+}
+interface ArenaBattleReceipt {
+    type: 'blindllm:arena-battle';
+    battle_id: string;
+    lane_id: string;
+    agent_a: BattleParticipant;
+    agent_b: BattleParticipant;
+    /** Present only if coaching was used */
+    coach?: {
+        id: string;
+        coached_side: 'A' | 'B';
+        note_hash: string;
+        note_length: number;
+    };
+    winner: 'A' | 'B' | 'tie';
+    /** ISO 8601 */
+    issued_at: string;
+    /** BlindLLM issuer key that signed this receipt */
+    issuer_id: string;
+}
+interface CoachUpliftReceipt {
+    type: 'blindllm:coach-uplift';
+    battle_id: string;
+    coach_id: string;
+    coached_side: 'A' | 'B';
+    uplift_verdict: 'stronger' | 'same' | 'weaker';
+    /** ISO 8601 */
+    issued_at: string;
+    issuer_id: string;
+}
+interface FormalDebateParticipant {
+    /** sb:agent:<id> or sb:model:<id> */
+    id: string;
+    /** Semver of the participant manifest at time of debate */
+    manifest_version: string;
+    /** Optional coach/owner for the participant */
+    coach_id?: string;
+}
+interface FormalDebateReceipt {
+    type: 'blindllm:formal-debate';
+    debate_id: string;
+    spec_id: string;
+    lane_id: string;
+    artifact_hash: string;
+    resolution_hash: string;
+    pro: FormalDebateParticipant;
+    con: FormalDebateParticipant;
+    audience_winner: 'pro' | 'con' | 'tie';
+    judge_winner: 'pro' | 'con' | 'tie';
+    restraint_result: 'clean' | 'flagged';
+    /** ISO 8601 */
+    issued_at: string;
+    issuer_id: string;
+}
+interface RestraintReceipt {
+    type: 'protectmcp:restraint';
+    /** The agent whose tool call was evaluated */
+    agent_id: string;
+    agent_manifest_version: string;
+    /** The tool that was called */
+    tool_name: string;
+    /** Whether the call was allowed or denied */
+    decision: 'allow' | 'deny';
+    /** If denied, was it an active refusal by the agent or a policy block? */
+    denial_type?: 'policy-block' | 'agent-refusal';
+    /** ISO 8601 */
+    issued_at: string;
+    issuer_id: string;
+}
+/** Union type for all evidence receipts */
+type EvidenceReceipt = ArenaBattleReceipt | CoachUpliftReceipt | FormalDebateReceipt | RestraintReceipt;
+/**
+ * Links a passport's Ed25519 identity to one or more P-256 DPoP
+ * request-auth keys. Used by protect-mcp to verify that an incoming
+ * DPoP-authenticated request belongs to a known passport.
+ *
+ * NOT IMPLEMENTED IN ALPHA. Type defined for schema completeness.
+ */
+interface AuthKeyBinding {
+    type: 'scopeblind:auth-key-binding';
+    /** The passport ID (coach or agent) */
+    passport_id: string;
+    /** P-256 DPoP key identifier being bound */
+    auth_kid: string;
+    /** Purpose of the binding */
+    purpose: 'request-auth' | 'tool-call' | 'lease';
+    /** ISO 8601 */
+    bound_at: string;
+    /** Optional expiry */
+    expires_at?: string;
+}
+/**
+ * Wrapper for any signed passport object.
+ * Uses @veritasacta/artifacts canonicalization + Ed25519 signing.
+ */
+interface SignedEnvelope<T> {
+    /** The signed payload */
+    payload: T;
+    /** Ed25519 signature metadata */
+    signature: {
+        /** Always 'EdDSA' for Ed25519 */
+        alg: 'EdDSA';
+        /** The signer's passport kid */
+        kid: string;
+        /** Hex-encoded Ed25519 signature (128 chars) */
+        sig: string;
+    };
+}
+/** A complete passport bundle for export/import */
+interface PassportBundle {
+    /** The passport keypair (secret key included for owner, omitted for verification) */
+    key: PassportKeyPair;
+    /** All manifests issued by this passport (version chain) */
+    manifests: SignedEnvelope<Manifest>[];
+    /** Ownership attestations (for coaches who own agents) */
+    ownership_attestations: SignedEnvelope<OwnershipAttestation>[];
+    /** Status records */
+    status_records: SignedEnvelope<StatusRecord>[];
+}
+/** Encrypted bundle for portable export */
+interface EncryptedPassportBundle {
+    /** Encryption algorithm */
+    enc: 'aes-256-gcm';
+    /** Base64url-encoded encrypted PassportBundle JSON */
+    ciphertext: string;
+    /** Base64url-encoded initialization vector */
+    iv: string;
+    /** Whether passphrase protection was used */
+    passphrase_protected: boolean;
+}
+/**
+ * One canonical payload signed by the coach per battle.
+ * NOT micro-action signing. The client signs this once,
+ * then BlindLLM verifies and issues its own receipt.
+ */
+interface CoachContribution {
+    type: 'scopeblind:coach-contribution';
+    battle_id: string;
+    coach_id: string;
+    coached_side: 'A' | 'B';
+    note_hash: string;
+    note_length: number;
+    uplift_verdict?: 'stronger' | 'same' | 'weaker';
+}
+
+export type { AgentPublicProfile as A, BaseManifest as B, CoachContribution as C, EncryptedPassportBundle as E, FormalDebateReceipt as F, Manifest as M, OwnershipAttestation as O, PassportBundle as P, RestraintReceipt as R, SignedEnvelope as S, PassportKeyPair as a, PassportRole as b, AgentConfigAttestations as c, AgentCapabilities as d, AgentEvidencePointers as e, AgentManifest as f, CoachManifest as g, StatusRecord as h, ArenaBattleReceipt as i, CoachUpliftReceipt as j, AuthKeyBinding as k, BattleParticipant as l, EvidenceReceipt as m, EvidenceReceiptType as n, FormalDebateParticipant as o, ManifestType as p };

package/package.json

@@ -0,0 +1,63 @@
+{
+    "name": "@scopeblind/passport",
+    "version": "0.3.0",
+    "description": "Portable cryptographic identity for AI agents and coaches. Ed25519 passports, immutable manifests, ownership attestations, and evidence receipt verification.",
+    "main": "dist/index.js",
+    "types": "dist/index.d.ts",
+    "module": "dist/index.mjs",
+    "exports": {
+        ".": {
+            "types": "./dist/index.d.ts",
+            "import": "./dist/index.mjs",
+            "require": "./dist/index.js"
+        },
+        "./browser": {
+            "types": "./dist/browser.d.ts",
+            "import": "./dist/browser.mjs",
+            "require": "./dist/browser.js"
+        }
+    },
+    "scripts": {
+        "build": "tsup src/index.ts src/browser.ts --format cjs,esm --dts --clean --external @noble/curves --external @noble/hashes",
+        "test": "vitest run",
+        "smoke": "vite --config vite.smoke.config.ts",
+        "pack:fresh": "npm run build && npm pack",
+        "prepublishOnly": "npm run build"
+    },
+    "files": [
+        "dist",
+        "README.md"
+    ],
+    "keywords": [
+        "scopeblind",
+        "passport",
+        "agent-identity",
+        "ed25519",
+        "manifest",
+        "verifiable-credentials",
+        "ai-agent",
+        "coach",
+        "portable-identity"
+    ],
+    "author": "Tom Farley <tommy@scopeblind.com>",
+    "license": "FSL-1.1-MIT",
+    "homepage": "https://www.scopeblind.com",
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/tomjwxf/scopeblind-gateway"
+    },
+    "dependencies": {
+        "@noble/curves": "^1.8.0",
+        "@noble/hashes": "^1.7.0"
+    },
+    "devDependencies": {
+        "@types/node": "^20.0.0",
+        "tsup": "^8.0.0",
+        "typescript": "^5.0.0",
+        "vite": "^5.4.21",
+        "vitest": "^2.0.0"
+    },
+    "engines": {
+        "node": ">=18.0.0"
+    }
+}