@truealter/sdk 0.4.1 → 0.5.0

package/dist/index.js

@@ -1,6 +1,7 @@
 import { p256 } from '@noble/curves/p256';
 import { sha256 } from '@noble/hashes/sha256';
 import { randomBytes, bytesToHex as bytesToHex$1, hexToBytes } from '@noble/hashes/utils';
+import { createPrivateKey, createHash } from 'crypto';
 import * as ed25519 from '@noble/ed25519';
 import { sha512 } from '@noble/hashes/sha512';
 import { spawnSync } from 'child_process';
@@ -8,18 +9,11 @@ import { homedir, platform } from 'os';
 import { join, resolve, dirname } from 'path';
 import { env } from 'process';
 import { existsSync, readFileSync, mkdirSync, writeFileSync, copyFileSync, renameSync, unlinkSync } from 'fs';
-import { createHash } from 'crypto';
 
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
 var __esm = (fn, res) => function __init() {
   return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
 };
@@ -104,8 +98,7 @@ function loadPrivateKey(key) {
     return key;
   }
   if (typeof key === "string" && key.includes("-----BEGIN")) {
-    const nodeCrypto = __require("crypto");
-    const keyObj = nodeCrypto.createPrivateKey({ key, format: "pem" });
+    const keyObj = createPrivateKey({ key, format: "pem" });
     const jwk = keyObj.export({ format: "jwk" });
     if (jwk.crv !== "P-256" || !jwk.d) {
       throw new TypeError("PEM is not a P-256 private key.");
@@ -501,6 +494,7 @@ var MCPClient = class {
   clientInfo;
   x402;
   signing;
+  extraHeaders;
   requestCounter = 0;
   initialised = false;
   constructor(opts = {}) {
@@ -512,6 +506,7 @@ var MCPClient = class {
     this.clientInfo = opts.clientInfo ?? { name: "@truealter/sdk", version: "0.2.0" };
     this.x402 = opts.x402;
     this.signing = opts.signing;
+    this.extraHeaders = opts.extraHeaders;
   }
   /**
    * Send the MCP `initialize` handshake and capture the resulting session
@@ -675,6 +670,7 @@ var MCPClient = class {
   }
   buildHeaders(extra) {
     const headers = {
+      ...this.extraHeaders ?? {},
       "Content-Type": "application/json",
       Accept: "application/json",
       "User-Agent": `${this.clientInfo.name}/${this.clientInfo.version}`
@@ -815,6 +811,7 @@ var DEFAULT_VERIFY_AT_ALLOWLIST = Object.freeze([
   "api.truealter.com",
   "mcp.truealter.com"
 ]);
+var ALTER_PLATFORM_ISS = "did:alter:platform";
 async function verifyProvenance(envelope, opts = {}) {
   const token = typeof envelope === "string" ? envelope : envelope.token;
   if (!token) return { valid: false, reason: "empty token" };
@@ -897,6 +894,15 @@ async function verifyProvenance(envelope, opts = {}) {
   if (typeof payload.iat === "number" && payload.iat > now + 300) {
     return { valid: false, reason: "issued in the future", payload, kid: header.kid };
   }
+  const expectedIss = opts.expectedIss !== void 0 ? opts.expectedIss : ALTER_PLATFORM_ISS;
+  if (expectedIss !== "" && payload.iss !== expectedIss) {
+    return {
+      valid: false,
+      reason: `iss mismatch: expected "${expectedIss}", got "${payload.iss}"`,
+      payload,
+      kid: header.kid
+    };
+  }
   return { valid: true, payload, kid: header.kid };
 }
 async function verifyToolSignatures(tools, signatures) {
@@ -1093,10 +1099,10 @@ var AlterClient = class {
   }
   /** Verify a person is registered with ALTER (handle or id). */
   async verify(handleOrId, claims) {
-    const args = handleOrId.includes("@") ? { candidate_id: "", email: handleOrId } : handleOrId.startsWith("~") ? (
-      // ~handle — server resolves these via the candidate_id field
-      { candidate_id: handleOrId }
-    ) : { candidate_id: handleOrId };
+    const args = handleOrId.includes("@") ? { member_id: "", email: handleOrId } : handleOrId.startsWith("~") ? (
+      // ~handle — server resolves these via the member_id field
+      { member_id: handleOrId }
+    ) : { member_id: handleOrId };
     if (claims) args.claims = claims;
     return this.mcp.callTool("verify_identity", args);
   }
@@ -1890,4 +1896,22 @@ var TOOL_BLAST_RADIUS = {
   query_graph_similarity: "high"
 };
 
-export { ALL_CLIENTS, AlterAuthError, AlterClient, AlterDiscoveryError, AlterError, AlterInvalidResponse, AlterNetworkError, AlterPaymentRequired, AlterProvenanceError, AlterRateLimited, AlterTimeoutError, AlterToolError, CLAUDE_CODE, CLAUDE_DESKTOP, CURSOR, DEFAULT_DOMAIN, DEFAULT_ENDPOINT, DEFAULT_VERIFY_AT_ALLOWLIST, FREE_TOOL_NAMES, MCPClient, MCP_PROTOCOL_VERSION, PREMIUM_TOOL_NAMES, SDK_NAME, SDK_VERSION, TOOL_BLAST_RADIUS, TOOL_COSTS, TOOL_TIERS, VSCODE, X402Client, base64urlDecode, base64urlEncode2 as base64urlEncode, canonicalArgsSha256, canonicalStringify, clearDiscoveryCache, decodeDid, detectSyncedVolume, discover, encodeDid, fetchPublicKeys, generateClaudeConfig, generateClaudeDesktopConfig, generateCursorConfig, generateGenericMcpConfig, generateKeypair, keypairFromPrivateKey, loadPrivateKey, parsePaymentHeader, probeAll, probeByDir, probeClaudeCode, readWireState, resolveVerifyAt, sha2562 as sha256, sign, signInvocation, unwire, verify, verifyProvenance, verifyToolSignatures, wire, writeWireState };
+// src/homepage.ts
+var HOMEPAGE_LIMITS = {
+  whoami_max_chars: 240,
+  opener_max_chars: 280,
+  pronouns_max_chars: 32,
+  attunement_glyph_max_chars: 16
+};
+
+// src/themes.ts
+var THEME_LIMITS = {
+  meta_name_pattern: /^[a-z][a-z0-9-]{0,63}$/,
+  meta_description_max_chars: 240,
+  opener_library_max_entries: 32,
+  opener_entry_max_chars: 240,
+  share_note_max_chars: 280
+};
+var OSC8_ALLOWED_SCHEMES = ["https:", "mailto:"];
+
+export { ALL_CLIENTS, AlterAuthError, AlterClient, AlterDiscoveryError, AlterError, AlterInvalidResponse, AlterNetworkError, AlterPaymentRequired, AlterProvenanceError, AlterRateLimited, AlterTimeoutError, AlterToolError, CLAUDE_CODE, CLAUDE_DESKTOP, CURSOR, DEFAULT_DOMAIN, DEFAULT_ENDPOINT, DEFAULT_VERIFY_AT_ALLOWLIST, FREE_TOOL_NAMES, HOMEPAGE_LIMITS, MCPClient, MCP_PROTOCOL_VERSION, OSC8_ALLOWED_SCHEMES, PREMIUM_TOOL_NAMES, SDK_NAME, SDK_VERSION, THEME_LIMITS, TOOL_BLAST_RADIUS, TOOL_COSTS, TOOL_TIERS, VSCODE, X402Client, base64urlDecode, base64urlEncode2 as base64urlEncode, canonicalArgsSha256, canonicalStringify, clearDiscoveryCache, decodeDid, detectSyncedVolume, discover, encodeDid, fetchPublicKeys, generateClaudeConfig, generateClaudeDesktopConfig, generateCursorConfig, generateGenericMcpConfig, generateKeypair, keypairFromPrivateKey, loadPrivateKey, parsePaymentHeader, probeAll, probeByDir, probeClaudeCode, readWireState, resolveVerifyAt, sha2562 as sha256, sign, signInvocation, unwire, verify, verifyProvenance, verifyToolSignatures, wire, writeWireState };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@truealter/sdk",
-  "version": "0.4.1",
+  "version": "0.5.0",
   "description": "ALTER Identity SDK — query the continuous identity field from any JavaScript/TypeScript environment",
   "license": "Apache-2.0",
   "type": "module",
@@ -36,9 +36,9 @@
     "prepublishOnly": "npm run build"
   },
   "dependencies": {
-    "@noble/curves": "^1.6.0",
-    "@noble/ed25519": "^2.1.0",
-    "@noble/hashes": "^1.4.0"
+    "@noble/curves": "1.9.7",
+    "@noble/ed25519": "2.3.0",
+    "@noble/hashes": "1.8.0"
   },
   "devDependencies": {
     "@types/node": "^20.11.0",