@signedby/sdk 0.1.0 → 1.0.1

package/README.md

@@ -1,92 +1,108 @@
-# SignedByMe TypeScript SDK
+# SIGNEDBYME TypeScript SDK
 
-Human-controlled identity for autonomous agents.
+Human-Controlled Identity for Autonomous Agents
+
+## What is SIGNEDBYME?
+
+SIGNEDBYME is the identity layer for autonomous agents. Agents prove membership in enterprise-authorized groups using Groth16 zero-knowledge proofs — without revealing which agent they are. The enterprise gets a boolean: authorized. No identity revealed.
+
+This SDK enables agents to generate cryptographic identity, produce zero-knowledge proofs, and authenticate to enterprises via NOSTR and OIDC.
 
 ## Installation
 
 ```bash
 npm install @signedby/sdk
+# or
+yarn add @signedby/sdk
 ```
 
 ## Quick Start
 
-### For Agents - Authenticate to Enterprises
-
 ```typescript
-import { SignedByClient } from '@signedby/sdk';
-
-// Load delegation from your human owner
-const client = await SignedByClient.fromDelegation('./delegation.json');
-
-console.log(`Your npub: ${client.npub}`);
-console.log(`Authorized for: ${JSON.stringify(client.scopes)}`);
+import { 
+  AgentIdentity, 
+  EncryptedFileStorage, 
+  MembershipProver, 
+  NostrClient 
+} from '@signedby/sdk';
 
-// Authenticate to an enterprise
-const token = await client.login({
-  clientId: 'acme-corp',
-  nonce: 'random_nonce_here'
-});
+// Initialize secure storage
+const storage = new EncryptedFileStorage('./agent_data');
 
-// Use the OIDC token
-console.log(`ID Token: ${token.idToken}`);
-console.log(`Subject: ${token.sub}`);
-```
+// Create agent identity (one-time setup)
+const identity = new AgentIdentity(storage);
+const state = await identity.initialize();
 
-### For Agent Setup - Initialize Identity
-
-```typescript
-import { SignedByAgent } from '@signedby/sdk';
+console.log(`Agent npub: ${state.agentNpub}`);
+console.log(`Leaf commitment: ${state.leafCommitment}`);
 
-// Initialize agent (creates DID if first run)
-const agent = await SignedByAgent.init('./agent_data');
+// Generate Groth16 proof for authentication
+const prover = MembershipProver.fromCircuitsDir('./circuits');
 
-console.log(`Agent npub: ${agent.npub}`);
+const leafSecret = identity.getLeafSecret();
+const witness = await loadWitness(storage, 'acme');
 
-// Configure email mapping for enterprises
-agent.setEmailMapping({
-  'amazon.com': 'you@gmail.com',
-  'acme.com': 'you@gmail.com'
-});
+const proof = await prover.generateProof(leafSecret, witness);
+console.log(`Proof generated in ${proof.proofTimeMs}ms`);
 
-// Connect to relay and watch for authorizations
-await agent.connectRelay('wss://relay.privacy-lion.com');
-
-for await (const event of agent.watchForAuthorizations()) {
-  console.log(`New authorization from: ${event.enterprise}`);
-  console.log(`Scopes: ${event.scopes}`);
-}
+// Publish proof to NOSTR
+const client = await NostrClient.connect(identity);
+await client.publishProofEvent(proofData);
 ```
 
-## Error Handling
-
-```typescript
-import {
-  SignedByClient,
-  SignedByError,
-  DelegationRevokedError,
-  DelegationExpiredError,
-  ScopeDeniedError,
-} from '@signedby/sdk';
-
-try {
-  const token = await client.login({ clientId: 'acme-corp', nonce });
-} catch (error) {
-  if (error instanceof DelegationRevokedError) {
-    console.log('Delegation was revoked. Contact your human owner.');
-  } else if (error instanceof DelegationExpiredError) {
-    console.log('Delegation expired. Request renewal from your human owner.');
-  } else if (error instanceof ScopeDeniedError) {
-    console.log('Not authorized for this enterprise.');
-  } else if (error instanceof SignedByError) {
-    console.log(`Authentication failed: ${error.message}`);
-  }
-}
-```
+## Features
+
+- **DID Generation**: secp256k1 keypair in secure storage (OS keyring, Keychain, DPAPI), never extractable
+- **Groth16 ZK Proofs**: BN254 curve, ~101K constraints, <3s on ARM64 via native Rust core (napi-rs)
+- **Bitcoin-Backed**: Identity fused with Lightning payment at creation via NWC (NIP-47)
+- **NOSTR Integration**: Publish kinds 28101 (proof), 28102 (delegation ack), 28103 (revocation ack); poll for kinds 28200/28250/28251; NIP-42 relay authentication; decentralized audit trail on public relays
+- **Witness Caching**: Merkle path cached locally, auto-refresh when root rotates out of 30-root window
+
+## Modules
+
+| Export | Purpose |
+|--------|---------|
+| `AgentIdentity` | DID generation, leaf_secret derivation |
+| `EncryptedFileStorage` | Encrypted storage with OS keyring (ChaCha20-Poly1305) |
+| `MembershipProver` | Groth16 proof generation via native Rust |
+| `NostrClient` | NOSTR relay client with NIP-42 auth |
+| `EnrollmentBootstrap` | Three-gate genesis flow |
+| `DelegationValidator` | Delegation validation (kind 28250/28251) |
+| `NwcWallet` | NWC wallet integration (NIP-47) |
+
+## SDK Lifecycle
+
+### One-Time Initialization
+1. Generate DID in secure storage
+2. Derive leaf_secret (5 BN254 field elements)
+3. Compute leaf_commitment = Poseidon2(leaf_secret)
+4. Load Groth16 proving key (~88MB)
+5. Initialize NWC wallet for Lightning
+
+### Enrollment per Enterprise
+Three-gate genesis flow — runs once per enterprise:
+- **Gate 1**: Email + token verification via kind 28202
+- **Gate 2**: Human signs kind 28250 delegation
+- **Gate 3**: Leaf appended to Merkle tree
+
+### Authentication
+1. Generate Groth16 proof from leaf_secret + cached witness
+2. Publish kind 28101 to NOSTR
+3. Enterprise validates and calls API
+4. Agent receives OIDC id_token
 
 ## Requirements
 
 - Node.js 18+
-- Supported platforms: Linux (x86_64, arm64), macOS (x86_64, arm64), Windows (x86_64)
+- Native libraries bundled for supported platforms
+
+## Supported Platforms
+
+- Linux x64 (glibc)
+- Linux ARM64 (glibc)
+- macOS x64 (Intel)
+- macOS ARM64 (Apple Silicon)
+- Windows x64
 
 ## Documentation
 
@@ -96,6 +112,9 @@ try {
 
 ## License
 
-SignedByMe Source-Available License v1.0 (SSAL-1.0)
+SSAL-1.0 (SIGNEDBYME Source-Available License)
+
+## Links
 
-See [LICENSE](https://github.com/PrivacyLion/SignedByMe/blob/main/LICENSE) for details.
+- [GitHub](https://github.com/SIGNEDBYME-APP/SIGNEDBYME)
+- [Website](https://signedbyme.com)

package/dist/index.d.mts

@@ -1,5 +1,5 @@
 /**
- * Type definitions for SignedByMe SDK.
+ * Type definitions for SIGNEDBYME SDK.
  */
 /**
  * OIDC token returned from successful authentication.
@@ -48,7 +48,7 @@ interface AuthorizationEvent {
 interface LoginOptions {
     /** NOSTR relay URL (default: wss://relay.privacy-lion.com) */
     relayUrl?: string;
-    /** SignedByMe API URL (default: https://api.beta.privacy-lion.com) */
+    /** SIGNEDBYME API URL (default: https://api.beta.privacy-lion.com) */
     apiUrl?: string;
 }
 
@@ -57,7 +57,7 @@ interface LoginOptions {
  */
 
 /**
- * Client for authenticating to enterprises using SignedByMe.
+ * Client for authenticating to enterprises using SIGNEDBYME.
  *
  * @example
  * ```typescript
@@ -171,10 +171,10 @@ declare class SignedByAgent {
 }
 
 /**
- * SignedByMe SDK Errors.
+ * SIGNEDBYME SDK Errors.
  */
 /**
- * Base error class for all SignedByMe errors.
+ * Base error class for all SIGNEDBYME errors.
  */
 declare class SignedByError extends Error {
     constructor(message: string);
@@ -231,7 +231,7 @@ declare class RelayConnectionError extends SignedByError {
     constructor(message?: string);
 }
 /**
- * Raised when the SignedByMe API returns an error.
+ * Raised when the SIGNEDBYME API returns an error.
  */
 declare class ApiError extends SignedByError {
     readonly errorCode?: string;

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 /**
- * Type definitions for SignedByMe SDK.
+ * Type definitions for SIGNEDBYME SDK.
  */
 /**
  * OIDC token returned from successful authentication.
@@ -48,7 +48,7 @@ interface AuthorizationEvent {
 interface LoginOptions {
     /** NOSTR relay URL (default: wss://relay.privacy-lion.com) */
     relayUrl?: string;
-    /** SignedByMe API URL (default: https://api.beta.privacy-lion.com) */
+    /** SIGNEDBYME API URL (default: https://api.beta.privacy-lion.com) */
     apiUrl?: string;
 }
 
@@ -57,7 +57,7 @@ interface LoginOptions {
  */
 
 /**
- * Client for authenticating to enterprises using SignedByMe.
+ * Client for authenticating to enterprises using SIGNEDBYME.
  *
  * @example
  * ```typescript
@@ -171,10 +171,10 @@ declare class SignedByAgent {
 }
 
 /**
- * SignedByMe SDK Errors.
+ * SIGNEDBYME SDK Errors.
  */
 /**
- * Base error class for all SignedByMe errors.
+ * Base error class for all SIGNEDBYME errors.
  */
 declare class SignedByError extends Error {
     constructor(message: string);
@@ -231,7 +231,7 @@ declare class RelayConnectionError extends SignedByError {
     constructor(message?: string);
 }
 /**
- * Raised when the SignedByMe API returns an error.
+ * Raised when the SIGNEDBYME API returns an error.
  */
 declare class ApiError extends SignedByError {
     readonly errorCode?: string;

package/dist/index.js

@@ -46,7 +46,7 @@ var require_native = __commonJS({
       const packageName = platformMap[platformName]?.[archName];
       if (!packageName) {
         throw new Error(
-          `Unsupported platform: ${platformName}-${archName}. SignedByMe SDK supports: linux-x64, linux-arm64, darwin-x64, darwin-arm64, win32-x64`
+          `Unsupported platform: ${platformName}-${archName}. SIGNEDBYME SDK supports: linux-x64, linux-arm64, darwin-x64, darwin-arm64, win32-x64`
         );
       }
       try {

package/dist/index.mjs

@@ -35,7 +35,7 @@ var require_native = __commonJS({
       const packageName = platformMap[platformName]?.[archName];
       if (!packageName) {
         throw new Error(
-          `Unsupported platform: ${platformName}-${archName}. SignedByMe SDK supports: linux-x64, linux-arm64, darwin-x64, darwin-arm64, win32-x64`
+          `Unsupported platform: ${platformName}-${archName}. SIGNEDBYME SDK supports: linux-x64, linux-arm64, darwin-x64, darwin-arm64, win32-x64`
         );
       }
       try {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@signedby/sdk",
-  "version": "0.1.0",
-  "description": "SignedByMe SDK - Human-controlled identity for autonomous agents",
+  "version": "1.0.1",
+  "description": "SIGNEDBYME SDK - Human-Controlled Identity for Autonomous Agents",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
   "types": "dist/index.d.ts",
@@ -34,32 +34,32 @@
     "oidc",
     "did"
   ],
-  "author": "Privacy Lion <contact@privacy-lion.com>",
+  "author": "SIGNEDBYME <contact@signedbyme.com>",
   "license": "SSAL-1.0",
   "repository": {
     "type": "git",
-    "url": "https://github.com/PrivacyLion/SignedByMe.git",
+    "url": "https://github.com/SIGNEDBYME-APP/SIGNEDBYME.git",
     "directory": "sdk/typescript"
   },
   "homepage": "https://signedbyme.com",
   "bugs": {
-    "url": "https://github.com/PrivacyLion/SignedByMe/issues"
+    "url": "https://github.com/SIGNEDBYME-APP/SIGNEDBYME/issues"
   },
   "engines": {
     "node": ">=18.0.0"
   },
   "devDependencies": {
-    "@types/node": "^20.0.0",
-    "tsup": "^8.0.0",
-    "typescript": "^5.0.0",
-    "vitest": "^1.0.0",
-    "eslint": "^8.0.0",
-    "@typescript-eslint/eslint-plugin": "^6.0.0",
-    "@typescript-eslint/parser": "^6.0.0"
+    "@types/node": "^22.0.0",
+    "@typescript-eslint/eslint-plugin": "^8.0.0",
+    "@typescript-eslint/parser": "^8.0.0",
+    "eslint": "^9.0.0",
+    "tsup": "^8.2.0",
+    "typescript": "^5.5.0",
+    "vitest": "^2.0.0"
   },
   "dependencies": {
-    "@noble/curves": "^1.3.0",
-    "@noble/hashes": "^1.3.0"
+    "@noble/curves": "^1.6.0",
+    "@noble/hashes": "^1.5.0"
   },
   "optionalDependencies": {
     "@signedby/core-linux-x64-gnu": "0.1.0",