@swimmingkiim/api-sdk 0.1.34 → 0.1.36

package/dist/discovery/attestation-signer.d.ts

@@ -0,0 +1,78 @@
+/**
+ * Function signature for VC verification.
+ * Injected by the caller — can be trust-sdk's VCHandler or any custom impl.
+ */
+export type VerifyVCFunction = (vcJwt: string) => Promise<{
+    valid: boolean;
+    did: string;
+}>;
+export interface AttestationSignerOptions {
+    /** Hex-encoded secp256k1 private key of the voucher (any registered agent or bootstrap) */
+    privateKey: `0x${string}`;
+    /** Address of the deployed CredentialVerifier contract */
+    verifierContractAddress: string;
+    /** Chain ID (e.g., 8453 for Base Mainnet) */
+    chainId: number;
+    /** Injected VC verification function */
+    verifyVC: VerifyVCFunction;
+    /** Attestation validity duration in seconds (default: 3600 = 1 hour) */
+    ttlSeconds?: number;
+}
+/**
+ * Structured attestation proof ready for on-chain submission.
+ */
+export interface AttestationProof {
+    /** keccak256 hash of the verified DID */
+    didHash: `0x${string}`;
+    /** Unix timestamp after which the attestation expires */
+    deadline: bigint;
+    /** EIP-712 ECDSA signature */
+    signature: string;
+    /** Encodes the proof as ABI-packed bytes for contract submission */
+    encode: () => `0x${string}`;
+}
+/**
+ * Creates EIP-712 signed attestation proofs for the on-chain CredentialVerifier.
+ *
+ * Web of Trust: Any registered agent (or bootstrap voucher) can sign attestations
+ * to vouch for new agents. No single trusted signer required.
+ *
+ * @example
+ * ```ts
+ * import { AttestationSigner } from '@swimmingkiim/api-sdk'
+ * import { VCHandler } from '@swimmingkiim/trust-sdk'
+ *
+ * const vcHandler = new VCHandler()
+ * // Any registered agent's key can be used as voucher
+ * const signer = new AttestationSigner({
+ *     privateKey: process.env.VOUCHER_KEY as `0x${string}`,
+ *     verifierContractAddress: '0x...',
+ *     chainId: 8453,
+ *     verifyVC: async (jwt) => {
+ *         const valid = await vcHandler.verifyCredential(jwt)
+ *         const payload = JSON.parse(atob(jwt.split('.')[1]))
+ *         return { valid, did: payload.iss }
+ *     },
+ * })
+ *
+ * const proof = await signer.createAttestation(vcJwt, walletAddress)
+ * // proof.encode() → bytes for AgentRegistry.register(meta, units, proof.encode())
+ * ```
+ */
+export declare class AttestationSigner {
+    private readonly account;
+    private readonly verifierContractAddress;
+    private readonly chainId;
+    private readonly verifyVC;
+    private readonly ttlSeconds;
+    constructor(options: AttestationSignerOptions);
+    /**
+     * Verifies a VC JWT and produces a signed attestation proof.
+     *
+     * @param vcJwt - Verifiable Credential JWT string
+     * @param walletAddress - The Ethereum address of the agent being attested
+     * @returns AttestationProof with didHash, deadline, signature, and encode()
+     */
+    createAttestation(vcJwt: string, walletAddress: string): Promise<AttestationProof>;
+}
+//# sourceMappingURL=attestation-signer.d.ts.map

package/dist/discovery/attestation-signer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"attestation-signer.d.ts","sourceRoot":"","sources":["../../src/discovery/attestation-signer.ts"],"names":[],"mappings":"AAgCA;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAC,CAAA;AAE1F,MAAM,WAAW,wBAAwB;IACrC,2FAA2F;IAC3F,UAAU,EAAE,KAAK,MAAM,EAAE,CAAA;IACzB,0DAA0D;IAC1D,uBAAuB,EAAE,MAAM,CAAA;IAC/B,6CAA6C;IAC7C,OAAO,EAAE,MAAM,CAAA;IACf,wCAAwC;IACxC,QAAQ,EAAE,gBAAgB,CAAA;IAC1B,wEAAwE;IACxE,UAAU,CAAC,EAAE,MAAM,CAAA;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC7B,yCAAyC;IACzC,OAAO,EAAE,KAAK,MAAM,EAAE,CAAA;IACtB,yDAAyD;IACzD,QAAQ,EAAE,MAAM,CAAA;IAChB,8BAA8B;IAC9B,SAAS,EAAE,MAAM,CAAA;IACjB,oEAAoE;IACpE,MAAM,EAAE,MAAM,KAAK,MAAM,EAAE,CAAA;CAC9B;AAID;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,qBAAa,iBAAiB;IAC1B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAe;IACvD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAQ;IAChC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAkB;IAC3C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAQ;gBAEvB,OAAO,EAAE,wBAAwB;IAU7C;;;;;;OAMG;IACG,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;CAmD3F"}

package/dist/discovery/attestation-signer.js

@@ -0,0 +1,111 @@
+import { keccak256, toHex, encodeAbiParameters, isAddress, } from 'viem';
+import { privateKeyToAccount } from 'viem/accounts';
+import { z } from 'zod';
+// --- Validation ---
+const EthAddressSchema = z.string().refine((val) => isAddress(val), { message: 'Invalid Ethereum address format' });
+// --- EIP-712 Type Definitions (must match CredentialVerifier.sol) ---
+const EIP712_DOMAIN = {
+    name: 'CredentialVerifier',
+    version: '1',
+};
+const ATTESTATION_TYPES = {
+    Attestation: [
+        { name: 'user', type: 'address' },
+        { name: 'didHash', type: 'bytes32' },
+        { name: 'deadline', type: 'uint256' },
+    ],
+};
+const DEFAULT_TTL_SECONDS = 3600; // 1 hour
+/**
+ * Creates EIP-712 signed attestation proofs for the on-chain CredentialVerifier.
+ *
+ * Web of Trust: Any registered agent (or bootstrap voucher) can sign attestations
+ * to vouch for new agents. No single trusted signer required.
+ *
+ * @example
+ * ```ts
+ * import { AttestationSigner } from '@swimmingkiim/api-sdk'
+ * import { VCHandler } from '@swimmingkiim/trust-sdk'
+ *
+ * const vcHandler = new VCHandler()
+ * // Any registered agent's key can be used as voucher
+ * const signer = new AttestationSigner({
+ *     privateKey: process.env.VOUCHER_KEY as `0x${string}`,
+ *     verifierContractAddress: '0x...',
+ *     chainId: 8453,
+ *     verifyVC: async (jwt) => {
+ *         const valid = await vcHandler.verifyCredential(jwt)
+ *         const payload = JSON.parse(atob(jwt.split('.')[1]))
+ *         return { valid, did: payload.iss }
+ *     },
+ * })
+ *
+ * const proof = await signer.createAttestation(vcJwt, walletAddress)
+ * // proof.encode() → bytes for AgentRegistry.register(meta, units, proof.encode())
+ * ```
+ */
+export class AttestationSigner {
+    account;
+    verifierContractAddress;
+    chainId;
+    verifyVC;
+    ttlSeconds;
+    constructor(options) {
+        EthAddressSchema.parse(options.verifierContractAddress);
+        this.account = privateKeyToAccount(options.privateKey);
+        this.verifierContractAddress = options.verifierContractAddress;
+        this.chainId = options.chainId;
+        this.verifyVC = options.verifyVC;
+        this.ttlSeconds = options.ttlSeconds ?? DEFAULT_TTL_SECONDS;
+    }
+    /**
+     * Verifies a VC JWT and produces a signed attestation proof.
+     *
+     * @param vcJwt - Verifiable Credential JWT string
+     * @param walletAddress - The Ethereum address of the agent being attested
+     * @returns AttestationProof with didHash, deadline, signature, and encode()
+     */
+    async createAttestation(vcJwt, walletAddress) {
+        // 1. Validate wallet address
+        EthAddressSchema.parse(walletAddress);
+        // 2. Verify VC
+        const { valid, did } = await this.verifyVC(vcJwt);
+        if (!valid) {
+            throw new Error('VC verification failed');
+        }
+        // 3. Hash the DID for nullifier
+        const didHash = keccak256(toHex(did));
+        // 4. Calculate deadline
+        const deadline = BigInt(Math.floor(Date.now() / 1000) + this.ttlSeconds);
+        if (!this.account.signTypedData) {
+            throw new Error('Account does not support signTypedData');
+        }
+        // 5. Sign EIP-712 typed data
+        const signature = await this.account.signTypedData({
+            domain: {
+                ...EIP712_DOMAIN,
+                chainId: this.chainId,
+                verifyingContract: this.verifierContractAddress,
+            },
+            types: ATTESTATION_TYPES,
+            primaryType: 'Attestation',
+            message: {
+                user: walletAddress,
+                didHash,
+                deadline,
+            },
+        });
+        // 6. Return structured proof
+        return {
+            didHash,
+            deadline,
+            signature,
+            encode: () => encodeAbiParameters([
+                { name: 'didHash', type: 'bytes32' },
+                { name: 'deadline', type: 'uint256' },
+                { name: 'signature', type: 'bytes' },
+            ], [didHash, deadline, signature]),
+        };
+    }
+}
+//# sourceMappingURL=attestation-signer.js.map

package/dist/discovery/attestation-signer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"attestation-signer.js","sourceRoot":"","sources":["../../src/discovery/attestation-signer.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,SAAS,EACT,KAAK,EACL,mBAAmB,EACnB,SAAS,GACZ,MAAM,MAAM,CAAA;AACb,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAA;AAEnD,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,qBAAqB;AACrB,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CACtC,CAAC,GAAG,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,EACvB,EAAE,OAAO,EAAE,iCAAiC,EAAE,CACjD,CAAA;AAED,uEAAuE;AACvE,MAAM,aAAa,GAAG;IAClB,IAAI,EAAE,oBAAoB;IAC1B,OAAO,EAAE,GAAG;CACN,CAAA;AAEV,MAAM,iBAAiB,GAAG;IACtB,WAAW,EAAE;QACT,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE;QACjC,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE;QACpC,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE;KACxC;CACK,CAAA;AAqCV,MAAM,mBAAmB,GAAG,IAAI,CAAA,CAAC,SAAS;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,OAAO,iBAAiB;IACT,OAAO,CAAS;IAChB,uBAAuB,CAAe;IACtC,OAAO,CAAQ;IACf,QAAQ,CAAkB;IAC1B,UAAU,CAAQ;IAEnC,YAAY,OAAiC;QACzC,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAA;QAEvD,IAAI,CAAC,OAAO,GAAG,mBAAmB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;QACtD,IAAI,CAAC,uBAAuB,GAAG,OAAO,CAAC,uBAAwC,CAAA;QAC/E,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAA;QAC9B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAA;QAChC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,mBAAmB,CAAA;IAC/D,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,iBAAiB,CAAC,KAAa,EAAE,aAAqB;QACxD,6BAA6B;QAC7B,gBAAgB,CAAC,KAAK,CAAC,aAAa,CAAC,CAAA;QAErC,eAAe;QACf,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QACjD,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAA;QAC7C,CAAC;QAED,gCAAgC;QAChC,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAkB,CAAA;QAEtD,wBAAwB;QACxB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAA;QAExE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAA;QAC7D,CAAC;QAED,6BAA6B;QAC7B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC;YAC/C,MAAM,EAAE;gBACJ,GAAG,aAAa;gBAChB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,iBAAiB,EAAE,IAAI,CAAC,uBAAuB;aAClD;YACD,KAAK,EAAE,iBAAiB;YACxB,WAAW,EAAE,aAAa;YAC1B,OAAO,EAAE;gBACL,IAAI,EAAE,aAA8B;gBACpC,OAAO;gBACP,QAAQ;aACX;SACJ,CAAC,CAAA;QAEF,6BAA6B;QAC7B,OAAO;YACH,OAAO;YACP,QAAQ;YACR,SAAS;YACT,MAAM,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAC7B;gBACI,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE;gBACpC,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE;gBACrC,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE;aACvC,EACD,CAAC,OAAO,EAAE,QAAQ,EAAE,SAA0B,CAAC,CAClD;SACJ,CAAA;IACL,CAAC;CACJ"}

package/dist/discovery/registry-reader.d.ts

@@ -0,0 +1,48 @@
+export interface AgentInfo {
+    address: string;
+    metadataUrl: string;
+    stakedAmount: bigint;
+    resourceUnits: bigint;
+    registeredAt: bigint;
+    isRegistered: boolean;
+    reputation: number;
+    lastComplexityHash: bigint;
+}
+export interface PaginationOptions {
+    offset?: number;
+    limit?: number;
+}
+export interface PaginatedAgents {
+    agents: AgentInfo[];
+    total: number;
+    offset: number;
+    limit: number;
+}
+/**
+ * Read-only client for querying the on-chain AgentRegistry contract.
+ * Does not require a wallet or private key — only an RPC endpoint.
+ */
+export declare class RegistryReader {
+    private readonly client;
+    private readonly registryAddress;
+    constructor(rpcUrl: string, registryAddress: string);
+    /**
+     * Returns a paginated list of registered agents.
+     * Uses `getEligibleCandidates(0, 0)` to fetch all addresses,
+     * then applies client-side offset/limit slicing.
+     */
+    getRegisteredAgents(options?: PaginationOptions): Promise<PaginatedAgents>;
+    /**
+     * Returns detailed info for a specific agent.
+     */
+    getAgentInfo(address: string): Promise<AgentInfo>;
+    /**
+     * Checks if an address is currently registered as an agent.
+     */
+    isAgentRegistered(address: string): Promise<boolean>;
+    /**
+     * Internal: fetches raw agent struct from the contract and maps to AgentInfo.
+     */
+    private fetchAgentData;
+}
+//# sourceMappingURL=registry-reader.d.ts.map

package/dist/discovery/registry-reader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry-reader.d.ts","sourceRoot":"","sources":["../../src/discovery/registry-reader.ts"],"names":[],"mappings":"AA6CA,MAAM,WAAW,SAAS;IACtB,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,aAAa,EAAE,MAAM,CAAA;IACrB,YAAY,EAAE,MAAM,CAAA;IACpB,YAAY,EAAE,OAAO,CAAA;IACrB,UAAU,EAAE,MAAM,CAAA;IAClB,kBAAkB,EAAE,MAAM,CAAA;CAC7B;AAED,MAAM,WAAW,iBAAiB;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,eAAe;IAC5B,MAAM,EAAE,SAAS,EAAE,CAAA;IACnB,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;CAChB;AAKD;;;GAGG;AACH,qBAAa,cAAc;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA4C;IACnE,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;gBAE7B,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM;IASnD;;;;OAIG;IACG,mBAAmB,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,OAAO,CAAC,eAAe,CAAC;IAqBhF;;OAEG;IACG,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC;IAKvD;;OAEG;IACG,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK1D;;OAEG;YACW,cAAc;CAmB/B"}

package/dist/discovery/registry-reader.js

@@ -0,0 +1,108 @@
+import { createPublicClient, http, isAddress, getAddress } from 'viem';
+import { z } from 'zod';
+// --- ABI Fragment (read-only functions from AgentRegistry.sol) ---
+const AGENT_REGISTRY_ABI = [
+    {
+        type: 'function',
+        name: 'agents',
+        stateMutability: 'view',
+        inputs: [{ name: '', type: 'address' }],
+        outputs: [
+            { name: 'metadataUrl', type: 'string' },
+            { name: 'stakedAmount', type: 'uint256' },
+            { name: 'resourceUnits', type: 'uint256' },
+            { name: 'registeredAt', type: 'uint64' },
+            { name: 'isRegistered', type: 'bool' },
+            { name: 'reputation', type: 'uint8' },
+            { name: 'lastComplexityHash', type: 'uint256' }
+        ]
+    },
+    {
+        type: 'function',
+        name: 'getEligibleCandidates',
+        stateMutability: 'view',
+        inputs: [
+            { name: 'minReputation', type: 'uint256' },
+            { name: 'minTenure', type: 'uint256' }
+        ],
+        outputs: [{ name: '', type: 'address[]' }]
+    }
+];
+// --- Validation Schemas ---
+const EthAddressSchema = z.string().refine((val) => isAddress(val), { message: 'Invalid Ethereum address format' });
+const PaginationSchema = z.object({
+    offset: z.number().int().min(0, 'offset must be >= 0').default(0),
+    limit: z.number().int().min(1, 'limit must be >= 1').default(10)
+}).default({});
+// --- Constants ---
+const MAX_LIMIT = 100;
+/**
+ * Read-only client for querying the on-chain AgentRegistry contract.
+ * Does not require a wallet or private key — only an RPC endpoint.
+ */
+export class RegistryReader {
+    client;
+    registryAddress;
+    constructor(rpcUrl, registryAddress) {
+        EthAddressSchema.parse(registryAddress);
+        this.client = createPublicClient({
+            transport: http(rpcUrl)
+        });
+        this.registryAddress = getAddress(registryAddress);
+    }
+    /**
+     * Returns a paginated list of registered agents.
+     * Uses `getEligibleCandidates(0, 0)` to fetch all addresses,
+     * then applies client-side offset/limit slicing.
+     */
+    async getRegisteredAgents(options) {
+        const { offset, limit: rawLimit } = PaginationSchema.parse(options);
+        const limit = Math.min(rawLimit, MAX_LIMIT);
+        const allAddresses = await this.client.readContract({
+            address: this.registryAddress,
+            abi: AGENT_REGISTRY_ABI,
+            functionName: 'getEligibleCandidates',
+            args: [0n, 0n]
+        });
+        const total = allAddresses.length;
+        const sliced = allAddresses.slice(offset, offset + limit);
+        const agents = await Promise.all(sliced.map((addr) => this.fetchAgentData(addr)));
+        return { agents, total, offset, limit };
+    }
+    /**
+     * Returns detailed info for a specific agent.
+     */
+    async getAgentInfo(address) {
+        const validated = EthAddressSchema.parse(address);
+        return this.fetchAgentData(getAddress(validated));
+    }
+    /**
+     * Checks if an address is currently registered as an agent.
+     */
+    async isAgentRegistered(address) {
+        const info = await this.getAgentInfo(address);
+        return info.isRegistered;
+    }
+    /**
+     * Internal: fetches raw agent struct from the contract and maps to AgentInfo.
+     */
+    async fetchAgentData(address) {
+        const raw = await this.client.readContract({
+            address: this.registryAddress,
+            abi: AGENT_REGISTRY_ABI,
+            functionName: 'agents',
+            args: [address]
+        });
+        return {
+            address,
+            metadataUrl: raw[0],
+            stakedAmount: raw[1],
+            resourceUnits: raw[2],
+            registeredAt: raw[3],
+            isRegistered: raw[4],
+            reputation: raw[5],
+            lastComplexityHash: raw[6]
+        };
+    }
+}
+//# sourceMappingURL=registry-reader.js.map

package/dist/discovery/registry-reader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry-reader.js","sourceRoot":"","sources":["../../src/discovery/registry-reader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,MAAM,CAAA;AAEtE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,oEAAoE;AACpE,MAAM,kBAAkB,GAAG;IACvB;QACI,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,QAAQ;QACd,eAAe,EAAE,MAAM;QACvB,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QACvC,OAAO,EAAE;YACL,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,QAAQ,EAAE;YACvC,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,SAAS,EAAE;YACzC,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,SAAS,EAAE;YAC1C,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,QAAQ,EAAE;YACxC,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE;YACtC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,EAAE;YACrC,EAAE,IAAI,EAAE,oBAAoB,EAAE,IAAI,EAAE,SAAS,EAAE;SAClD;KACJ;IACD;QACI,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,uBAAuB;QAC7B,eAAe,EAAE,MAAM;QACvB,MAAM,EAAE;YACJ,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,SAAS,EAAE;YAC1C,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE;SACzC;QACD,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;KAC7C;CACK,CAAA;AAEV,6BAA6B;AAC7B,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CACtC,CAAC,GAAG,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,EACvB,EAAE,OAAO,EAAE,iCAAiC,EAAE,CACjD,CAAA;AAED,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,qBAAqB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IACjE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,oBAAoB,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;CACnE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;AA0Bd,oBAAoB;AACpB,MAAM,SAAS,GAAG,GAAG,CAAA;AAErB;;;GAGG;AACH,MAAM,OAAO,cAAc;IACN,MAAM,CAA4C;IAClD,eAAe,CAAS;IAEzC,YAAY,MAAc,EAAE,eAAuB;QAC/C,gBAAgB,CAAC,KAAK,CAAC,eAAe,CAAC,CAAA;QAEvC,IAAI,CAAC,MAAM,GAAG,kBAAkB,CAAC;YAC7B,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC;SAC1B,CAAC,CAAA;QACF,IAAI,CAAC,eAAe,GAAG,UAAU,CAAC,eAAe,CAAC,CAAA;IACtD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,mBAAmB,CAAC,OAA2B;QACjD,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QACnE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;QAE3C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;YAChD,OAAO,EAAE,IAAI,CAAC,eAAe;YAC7B,GAAG,EAAE,kBAAkB;YACvB,YAAY,EAAE,uBAAuB;YACrC,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC;SACjB,CAAsB,CAAA;QAEvB,MAAM,KAAK,GAAG,YAAY,CAAC,MAAM,CAAA;QACjC,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,KAAK,CAAC,CAAA;QAEzD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAC5B,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,IAAe,CAAC,CAAC,CAC7D,CAAA;QAED,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;IAC3C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,OAAe;QAC9B,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QACjD,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAA;IACrD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CAAC,OAAe;QACnC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;QAC7C,OAAO,IAAI,CAAC,YAAY,CAAA;IAC5B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,cAAc,CAAC,OAAgB;QACzC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;YACvC,OAAO,EAAE,IAAI,CAAC,eAAe;YAC7B,GAAG,EAAE,kBAAkB;YACvB,YAAY,EAAE,QAAQ;YACtB,IAAI,EAAE,CAAC,OAAO,CAAC;SAClB,CAAuE,CAAA;QAExE,OAAO;YACH,OAAO;YACP,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC;YACnB,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;YACpB,aAAa,EAAE,GAAG,CAAC,CAAC,CAAC;YACrB,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;YACpB,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;YACpB,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC;YAClB,kBAAkB,EAAE,GAAG,CAAC,CAAC,CAAC;SAC7B,CAAA;IACL,CAAC;CACJ"}

package/dist/index.d.ts

@@ -1,4 +1,6 @@
 export * from './mcp-server.js';
 export * from './discovery/llms-reader.js';
+export * from './discovery/registry-reader.js';
+export * from './discovery/attestation-signer.js';
 export * from './types.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAA;AAC/B,cAAc,4BAA4B,CAAA;AAC1C,cAAc,YAAY,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAA;AAC/B,cAAc,4BAA4B,CAAA;AAC1C,cAAc,gCAAgC,CAAA;AAC9C,cAAc,mCAAmC,CAAA;AACjD,cAAc,YAAY,CAAA"}

package/dist/index.js

@@ -1,4 +1,6 @@
 export * from './mcp-server.js';
 export * from './discovery/llms-reader.js';
+export * from './discovery/registry-reader.js';
+export * from './discovery/attestation-signer.js';
 export * from './types.js';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAA;AAC/B,cAAc,4BAA4B,CAAA;AAC1C,cAAc,YAAY,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAA;AAC/B,cAAc,4BAA4B,CAAA;AAC1C,cAAc,gCAAgC,CAAA;AAC9C,cAAc,mCAAmC,CAAA;AACjD,cAAc,YAAY,CAAA"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swimmingkiim/api-sdk",
-  "version": "0.1.34",
+  "version": "0.1.36",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/swimmingkiim/a2a-project.git"
@@ -17,6 +17,7 @@
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^0.6.0",
+    "viem": "2.7.1",
     "zod": "^3.22.4"
   },
   "devDependencies": {

package/src/discovery/attestation-signer.ts

@@ -0,0 +1,171 @@
+import {
+    keccak256,
+    toHex,
+    encodeAbiParameters,
+    isAddress,
+} from 'viem'
+import { privateKeyToAccount } from 'viem/accounts'
+import type { Account } from 'viem'
+import { z } from 'zod'
+
+// --- Validation ---
+const EthAddressSchema = z.string().refine(
+    (val) => isAddress(val),
+    { message: 'Invalid Ethereum address format' }
+)
+
+// --- EIP-712 Type Definitions (must match CredentialVerifier.sol) ---
+const EIP712_DOMAIN = {
+    name: 'CredentialVerifier',
+    version: '1',
+} as const
+
+const ATTESTATION_TYPES = {
+    Attestation: [
+        { name: 'user', type: 'address' },
+        { name: 'didHash', type: 'bytes32' },
+        { name: 'deadline', type: 'uint256' },
+    ],
+} as const
+
+// --- Types ---
+
+/**
+ * Function signature for VC verification.
+ * Injected by the caller — can be trust-sdk's VCHandler or any custom impl.
+ */
+export type VerifyVCFunction = (vcJwt: string) => Promise<{ valid: boolean; did: string }>
+
+export interface AttestationSignerOptions {
+    /** Hex-encoded secp256k1 private key of the voucher (any registered agent or bootstrap) */
+    privateKey: `0x${string}`
+    /** Address of the deployed CredentialVerifier contract */
+    verifierContractAddress: string
+    /** Chain ID (e.g., 8453 for Base Mainnet) */
+    chainId: number
+    /** Injected VC verification function */
+    verifyVC: VerifyVCFunction
+    /** Attestation validity duration in seconds (default: 3600 = 1 hour) */
+    ttlSeconds?: number
+}
+
+/**
+ * Structured attestation proof ready for on-chain submission.
+ */
+export interface AttestationProof {
+    /** keccak256 hash of the verified DID */
+    didHash: `0x${string}`
+    /** Unix timestamp after which the attestation expires */
+    deadline: bigint
+    /** EIP-712 ECDSA signature */
+    signature: string
+    /** Encodes the proof as ABI-packed bytes for contract submission */
+    encode: () => `0x${string}`
+}
+
+const DEFAULT_TTL_SECONDS = 3600 // 1 hour
+
+/**
+ * Creates EIP-712 signed attestation proofs for the on-chain CredentialVerifier.
+ *
+ * Web of Trust: Any registered agent (or bootstrap voucher) can sign attestations
+ * to vouch for new agents. No single trusted signer required.
+ *
+ * @example
+ * ```ts
+ * import { AttestationSigner } from '@swimmingkiim/api-sdk'
+ * import { VCHandler } from '@swimmingkiim/trust-sdk'
+ *
+ * const vcHandler = new VCHandler()
+ * // Any registered agent's key can be used as voucher
+ * const signer = new AttestationSigner({
+ *     privateKey: process.env.VOUCHER_KEY as `0x${string}`,
+ *     verifierContractAddress: '0x...',
+ *     chainId: 8453,
+ *     verifyVC: async (jwt) => {
+ *         const valid = await vcHandler.verifyCredential(jwt)
+ *         const payload = JSON.parse(atob(jwt.split('.')[1]))
+ *         return { valid, did: payload.iss }
+ *     },
+ * })
+ *
+ * const proof = await signer.createAttestation(vcJwt, walletAddress)
+ * // proof.encode() → bytes for AgentRegistry.register(meta, units, proof.encode())
+ * ```
+ */
+export class AttestationSigner {
+    private readonly account: Account
+    private readonly verifierContractAddress: `0x${string}`
+    private readonly chainId: number
+    private readonly verifyVC: VerifyVCFunction
+    private readonly ttlSeconds: number
+
+    constructor(options: AttestationSignerOptions) {
+        EthAddressSchema.parse(options.verifierContractAddress)
+
+        this.account = privateKeyToAccount(options.privateKey)
+        this.verifierContractAddress = options.verifierContractAddress as `0x${string}`
+        this.chainId = options.chainId
+        this.verifyVC = options.verifyVC
+        this.ttlSeconds = options.ttlSeconds ?? DEFAULT_TTL_SECONDS
+    }
+
+    /**
+     * Verifies a VC JWT and produces a signed attestation proof.
+     *
+     * @param vcJwt - Verifiable Credential JWT string
+     * @param walletAddress - The Ethereum address of the agent being attested
+     * @returns AttestationProof with didHash, deadline, signature, and encode()
+     */
+    async createAttestation(vcJwt: string, walletAddress: string): Promise<AttestationProof> {
+        // 1. Validate wallet address
+        EthAddressSchema.parse(walletAddress)
+
+        // 2. Verify VC
+        const { valid, did } = await this.verifyVC(vcJwt)
+        if (!valid) {
+            throw new Error('VC verification failed')
+        }
+
+        // 3. Hash the DID for nullifier
+        const didHash = keccak256(toHex(did)) as `0x${string}`
+
+        // 4. Calculate deadline
+        const deadline = BigInt(Math.floor(Date.now() / 1000) + this.ttlSeconds)
+
+        if (!this.account.signTypedData) {
+            throw new Error('Account does not support signTypedData')
+        }
+
+        // 5. Sign EIP-712 typed data
+        const signature = await this.account.signTypedData({
+            domain: {
+                ...EIP712_DOMAIN,
+                chainId: this.chainId,
+                verifyingContract: this.verifierContractAddress,
+            },
+            types: ATTESTATION_TYPES,
+            primaryType: 'Attestation',
+            message: {
+                user: walletAddress as `0x${string}`,
+                didHash,
+                deadline,
+            },
+        })
+
+        // 6. Return structured proof
+        return {
+            didHash,
+            deadline,
+            signature,
+            encode: () => encodeAbiParameters(
+                [
+                    { name: 'didHash', type: 'bytes32' },
+                    { name: 'deadline', type: 'uint256' },
+                    { name: 'signature', type: 'bytes' },
+                ],
+                [didHash, deadline, signature as `0x${string}`]
+            ),
+        }
+    }
+}