@signet-auth/core 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/src/index.d.ts +28 -0
- package/dist/src/index.js +18 -0
- package/dist/tests/core.test.d.ts +1 -0
- package/dist/tests/core.test.js +52 -0
- package/package.json +20 -0
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
export interface SignetKeypair {
|
|
2
|
+
secretKey: string;
|
|
3
|
+
publicKey: string;
|
|
4
|
+
}
|
|
5
|
+
export interface SignetAction {
|
|
6
|
+
tool: string;
|
|
7
|
+
params: unknown;
|
|
8
|
+
params_hash: string;
|
|
9
|
+
target: string;
|
|
10
|
+
transport: string;
|
|
11
|
+
}
|
|
12
|
+
export interface SignetSigner {
|
|
13
|
+
pubkey: string;
|
|
14
|
+
name: string;
|
|
15
|
+
owner: string;
|
|
16
|
+
}
|
|
17
|
+
export interface SignetReceipt {
|
|
18
|
+
v: number;
|
|
19
|
+
id: string;
|
|
20
|
+
action: SignetAction;
|
|
21
|
+
signer: SignetSigner;
|
|
22
|
+
ts: string;
|
|
23
|
+
nonce: string;
|
|
24
|
+
sig: string;
|
|
25
|
+
}
|
|
26
|
+
export declare function generateKeypair(): SignetKeypair;
|
|
27
|
+
export declare function sign(secretKey: string, action: SignetAction, signerName: string, signerOwner: string): SignetReceipt;
|
|
28
|
+
export declare function verify(receipt: SignetReceipt, publicKey: string): boolean;
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
// @signet/core — TypeScript wrapper for signet WASM
|
|
2
|
+
import { wasm_generate_keypair, wasm_sign, wasm_verify } from '../wasm/signet_wasm.js';
|
|
3
|
+
export function generateKeypair() {
|
|
4
|
+
const json = wasm_generate_keypair();
|
|
5
|
+
const result = JSON.parse(json);
|
|
6
|
+
return {
|
|
7
|
+
secretKey: result.secret_key,
|
|
8
|
+
publicKey: result.public_key,
|
|
9
|
+
};
|
|
10
|
+
}
|
|
11
|
+
export function sign(secretKey, action, signerName, signerOwner) {
|
|
12
|
+
const actionJson = JSON.stringify(action);
|
|
13
|
+
const receiptJson = wasm_sign(secretKey, actionJson, signerName, signerOwner);
|
|
14
|
+
return JSON.parse(receiptJson);
|
|
15
|
+
}
|
|
16
|
+
export function verify(receipt, publicKey) {
|
|
17
|
+
return wasm_verify(JSON.stringify(receipt), publicKey);
|
|
18
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
import { describe, it } from 'node:test';
|
|
2
|
+
import assert from 'node:assert';
|
|
3
|
+
import { generateKeypair, sign, verify } from '../src/index.js';
|
|
4
|
+
describe('@signet/core', () => {
|
|
5
|
+
const testAction = {
|
|
6
|
+
tool: 'github_create_issue',
|
|
7
|
+
params: { title: 'fix bug', body: 'details' },
|
|
8
|
+
params_hash: '',
|
|
9
|
+
target: 'mcp://github.local',
|
|
10
|
+
transport: 'stdio',
|
|
11
|
+
};
|
|
12
|
+
it('generateKeypair returns secretKey and publicKey', () => {
|
|
13
|
+
const kp = generateKeypair();
|
|
14
|
+
assert(kp.secretKey, 'secretKey should be non-empty');
|
|
15
|
+
assert(kp.publicKey, 'publicKey should be non-empty');
|
|
16
|
+
assert(typeof kp.secretKey === 'string');
|
|
17
|
+
assert(typeof kp.publicKey === 'string');
|
|
18
|
+
});
|
|
19
|
+
it('sign produces receipt with all fields', () => {
|
|
20
|
+
const kp = generateKeypair();
|
|
21
|
+
const receipt = sign(kp.secretKey, testAction, 'test-agent', 'owner');
|
|
22
|
+
assert.strictEqual(receipt.v, 1);
|
|
23
|
+
assert(receipt.id.startsWith('rec_'));
|
|
24
|
+
assert(receipt.sig.startsWith('ed25519:'));
|
|
25
|
+
assert(receipt.nonce.startsWith('rnd_'));
|
|
26
|
+
assert.strictEqual(receipt.signer.name, 'test-agent');
|
|
27
|
+
assert.strictEqual(receipt.action.tool, 'github_create_issue');
|
|
28
|
+
});
|
|
29
|
+
it('sign then verify roundtrip succeeds', () => {
|
|
30
|
+
const kp = generateKeypair();
|
|
31
|
+
const receipt = sign(kp.secretKey, testAction, 'agent', 'owner');
|
|
32
|
+
assert.strictEqual(verify(receipt, kp.publicKey), true);
|
|
33
|
+
});
|
|
34
|
+
it('verify with wrong key returns false', () => {
|
|
35
|
+
const kp1 = generateKeypair();
|
|
36
|
+
const kp2 = generateKeypair();
|
|
37
|
+
const receipt = sign(kp1.secretKey, testAction, 'agent', 'owner');
|
|
38
|
+
assert.strictEqual(verify(receipt, kp2.publicKey), false);
|
|
39
|
+
});
|
|
40
|
+
it('verify tampered receipt returns false', () => {
|
|
41
|
+
const kp = generateKeypair();
|
|
42
|
+
const receipt = sign(kp.secretKey, testAction, 'agent', 'owner');
|
|
43
|
+
const tampered = { ...receipt, action: { ...receipt.action, tool: 'evil_tool' } };
|
|
44
|
+
assert.strictEqual(verify(tampered, kp.publicKey), false);
|
|
45
|
+
});
|
|
46
|
+
it('params_hash is computed automatically', () => {
|
|
47
|
+
const kp = generateKeypair();
|
|
48
|
+
const receipt = sign(kp.secretKey, testAction, 'agent', 'owner');
|
|
49
|
+
assert(receipt.action.params_hash.startsWith('sha256:'));
|
|
50
|
+
assert(receipt.action.params_hash.length > 10);
|
|
51
|
+
});
|
|
52
|
+
});
|
package/package.json
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@signet-auth/core",
|
|
3
|
+
"version": "0.1.0",
|
|
4
|
+
"description": "Cryptographic action receipts for AI agents",
|
|
5
|
+
"type": "module",
|
|
6
|
+
"main": "dist/src/index.js",
|
|
7
|
+
"types": "dist/src/index.d.ts",
|
|
8
|
+
"files": [
|
|
9
|
+
"dist/",
|
|
10
|
+
"wasm/"
|
|
11
|
+
],
|
|
12
|
+
"scripts": {
|
|
13
|
+
"build": "npx tsc && cp -r wasm dist/wasm",
|
|
14
|
+
"test": "npx tsc && cp -r wasm dist/wasm && node --test dist/tests/core.test.js"
|
|
15
|
+
},
|
|
16
|
+
"license": "Apache-2.0 OR MIT",
|
|
17
|
+
"devDependencies": {
|
|
18
|
+
"@types/node": "^25.5.0"
|
|
19
|
+
}
|
|
20
|
+
}
|