npm - @vess-id/ai-identity - Versions diffs - 0.3.0 → 0.3.1 - Mend

@vess-id/ai-identity 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

package/dist/agent/agent-did-manager.d.ts +50 -0
package/dist/agent/agent-did-manager.d.ts.map +1 -0
package/dist/auth/auth-provider.d.ts +51 -0
package/dist/auth/auth-provider.d.ts.map +1 -0
package/dist/auth/index.d.ts +2 -0
package/dist/auth/index.d.ts.map +1 -0
package/dist/client.d.ts +80 -0
package/dist/client.d.ts.map +1 -0
package/dist/config/index.d.ts +30 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/constraint/__tests__/fixtures/constraint.fixtures.d.ts +56 -0
package/dist/constraint/__tests__/fixtures/constraint.fixtures.d.ts.map +1 -0
package/dist/constraint/constraint-evaluator.d.ts +72 -0
package/dist/constraint/constraint-evaluator.d.ts.map +1 -0
package/dist/constraint/index.d.ts +5 -0
package/dist/constraint/index.d.ts.map +1 -0
package/dist/did/agent.d.ts +52 -0
package/dist/did/agent.d.ts.map +1 -0
package/dist/did/did-utils.d.ts +75 -0
package/dist/did/did-utils.d.ts.map +1 -0
package/dist/did/key-manager.d.ts +19 -0
package/dist/did/key-manager.d.ts.map +1 -0
package/dist/gateway/gateway-client.d.ts +103 -0
package/dist/gateway/gateway-client.d.ts.map +1 -0
package/dist/gateway/index.d.ts +2 -0
package/dist/gateway/index.d.ts.map +1 -0
package/dist/grant/grant-manager.d.ts +140 -0
package/dist/grant/grant-manager.d.ts.map +1 -0
package/dist/grant/index.d.ts +2 -0
package/dist/grant/index.d.ts.map +1 -0
package/dist/identity/device-enroll-manager.d.ts +111 -0
package/dist/identity/device-enroll-manager.d.ts.map +1 -0
package/dist/identity/user-identity-manager.d.ts +69 -0
package/dist/identity/user-identity-manager.d.ts.map +1 -0
package/dist/identity/user-key-pair-manager.d.ts +22 -0
package/dist/identity/user-key-pair-manager.d.ts.map +1 -0
package/dist/index.d.ts +32 -3077
package/dist/index.d.ts.map +1 -0
package/dist/index.js +350 -45
package/dist/index.js.map +1 -1
package/dist/index.mjs +350 -49
package/dist/index.mjs.map +1 -1
package/dist/memory/memory-manager.d.ts +71 -0
package/dist/memory/memory-manager.d.ts.map +1 -0
package/dist/monitoring/metrics-manager.d.ts +74 -0
package/dist/monitoring/metrics-manager.d.ts.map +1 -0
package/dist/organization/disclosure-config-manager.d.ts +61 -0
package/dist/organization/disclosure-config-manager.d.ts.map +1 -0
package/dist/organization/key-rotation-manager.d.ts +63 -0
package/dist/organization/key-rotation-manager.d.ts.map +1 -0
package/dist/organization/organization-manager.d.ts +38 -0
package/dist/organization/organization-manager.d.ts.map +1 -0
package/dist/registry/access-orchestrator.d.ts +183 -0
package/dist/registry/access-orchestrator.d.ts.map +1 -0
package/dist/registry/action-registry-json.d.ts +1363 -0
package/dist/registry/action-registry-json.d.ts.map +1 -0
package/dist/registry/action-registry.d.ts +65 -0
package/dist/registry/action-registry.d.ts.map +1 -0
package/dist/registry/index.d.ts +4 -0
package/dist/registry/index.d.ts.map +1 -0
package/dist/revocation/revocation-manager.d.ts +98 -0
package/dist/revocation/revocation-manager.d.ts.map +1 -0
package/dist/state/index.d.ts +3 -0
package/dist/state/index.d.ts.map +1 -0
package/dist/state/json-state-store.d.ts +24 -0
package/dist/state/json-state-store.d.ts.map +1 -0
package/dist/state/state-store.interface.d.ts +37 -0
package/dist/state/state-store.interface.d.ts.map +1 -0
package/dist/storage/filesystem-key-storage.d.ts +16 -0
package/dist/storage/filesystem-key-storage.d.ts.map +1 -0
package/dist/storage/index.d.ts +4 -0
package/dist/storage/index.d.ts.map +1 -0
package/dist/storage/key-storage.interface.d.ts +42 -0
package/dist/storage/key-storage.interface.d.ts.map +1 -0
package/dist/storage/memory-key-storage.d.ts +17 -0
package/dist/storage/memory-key-storage.d.ts.map +1 -0
package/dist/tool/tool-manager.d.ts +44 -0
package/dist/tool/tool-manager.d.ts.map +1 -0
package/dist/utils/crypto.d.ts +22 -0
package/dist/utils/crypto.d.ts.map +1 -0
package/dist/utils/sdjwt-client.d.ts +168 -0
package/dist/utils/sdjwt-client.d.ts.map +1 -0
package/dist/vc/api-vc-manager.d.ts +40 -0
package/dist/vc/api-vc-manager.d.ts.map +1 -0
package/dist/vc/vc-manager.d.ts +55 -0
package/dist/vc/vc-manager.d.ts.map +1 -0
package/dist/vp/vp-manager.d.ts +40 -0
package/dist/vp/vp-manager.d.ts.map +1 -0
package/package.json +2 -2
package/dist/index.d.mts +0 -3078

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAGrD,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA;AAGrD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAA;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAA;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AACrE,YAAY,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAA;AAC/E,OAAO,EACL,mBAAmB,EACnB,uBAAuB,EACvB,4BAA4B,EAC5B,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAA;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAC3C,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AACjE,OAAO,EACL,aAAa,EACb,cAAc,EACd,WAAW,EACX,iBAAiB,GAClB,MAAM,yBAAyB,CAAA;AAGhC,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,eAAe,GAChB,MAAM,qCAAqC,CAAA;AAC5C,OAAO,EACL,uBAAuB,EACvB,4BAA4B,EAC5B,0BAA0B,GAC3B,MAAM,0CAA0C,CAAA;AAGjD,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAA;AAC5F,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,iCAAiC,CAAA;AAGxC,OAAO,EACL,mBAAmB,EACnB,0BAA0B,EAC1B,0BAA0B,EAC1B,mBAAmB,EACpB,MAAM,mCAAmC,CAAA;AAG1C,cAAc,WAAW,CAAA;AAGzB,YAAY,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAA;AAChE,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAA;AAGzD,OAAO,EACL,aAAa,EACb,YAAY,GACb,MAAM,0BAA0B,CAAA;AACjC,YAAY,EACV,YAAY,EACZ,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,sBAAsB,GACvB,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAA;AACnD,YAAY,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AAErD,cAAc,YAAY,CAAA;AAG1B,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAA;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAGlD,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,uBAAuB,EACvB,aAAa,EACb,eAAe,GAChB,MAAM,iBAAiB,CAAA;AAGxB,cAAc,4BAA4B,CAAA;AAG1C,eAAO,MAAM,OAAO,UAAU,CAAA"}

package/dist/index.js CHANGED Viewed

@@ -37,12 +37,16 @@ __export(index_exports, {
   AgentDIDManager: () => AgentDIDManager,
   AgentManager: () => AgentManager,
   AllowAllAbac: () => AllowAllAbac,
+  AuthProvider: () => AuthProvider,
   ConstraintEvaluator: () => ConstraintEvaluator,
   DeviceEnrollManager: () => DeviceEnrollManager,
   DisclosureConfigManager: () => DisclosureConfigManager,
   DummyCreds: () => DummyCreds,
   DummyVpVerifier: () => DummyVpVerifier,
   FilesystemKeyStorage: () => FilesystemKeyStorage,
+  GatewayClient: () => GatewayClient,
+  GatewayError: () => GatewayError,
+  JsonStateStore: () => JsonStateStore,
   KeyManager: () => KeyManager,
   KeyRotationManager: () => KeyRotationManager,
   MemoryKeyStorage: () => MemoryKeyStorage,
@@ -100,26 +104,26 @@ function configure(config) {
 function getConfig() {
   return globalConfig;
 }
-function getDidApiUrl(path3) {
+function getDidApiUrl(path4) {
   const baseUrl = globalConfig.didApi?.baseUrl || process.env.DID_API_BASE_URL;
   if (!baseUrl) {
     throw new Error("DID API base URL not configured");
   }
-  return `${baseUrl}${path3}`;
+  return `${baseUrl}${path4}`;
 }
-function getIssuerApiUrl(path3) {
+function getIssuerApiUrl(path4) {
   const baseUrl = globalConfig.issuerApi?.baseUrl || process.env.ISSUER_API_BASE_URL;
   if (!baseUrl) {
     throw new Error("Issuer API base URL not configured");
   }
-  return `${baseUrl}${path3}`;
+  return `${baseUrl}${path4}`;
 }
-function getVerifierApiUrl(path3) {
+function getVerifierApiUrl(path4) {
   const baseUrl = globalConfig.verifierApi?.baseUrl || process.env.VERIFIER_API_BASE_URL;
   if (!baseUrl) {
     throw new Error("Verifier API base URL not configured");
   }
-  return `${baseUrl}${path3}`;
+  return `${baseUrl}${path4}`;
 }
 function getApiHeaders(apiType) {
   const headers = {
@@ -966,12 +970,12 @@ var AgentDIDManager = class {
    * List all agent DIDs
    */
   async listAgentDIDs() {
-    const fs3 = await import("fs/promises");
-    const path3 = await import("path");
-    const os2 = await import("os");
-    const mappingDir = path3.join(os2.homedir(), ".vess-aidentity", "agent-dids");
+    const fs4 = await import("fs/promises");
+    const path4 = await import("path");
+    const os3 = await import("os");
+    const mappingDir = path4.join(os3.homedir(), ".vess-aidentity", "agent-dids");
     try {
-      const files = await fs3.readdir(mappingDir);
+      const files = await fs4.readdir(mappingDir);
       const results = [];
       for (const file of files) {
         if (file.endsWith(".did")) {
@@ -992,24 +996,24 @@ var AgentDIDManager = class {
    * Save agent ID -> DID mapping to persistent storage
    */
   async saveAgentDIDMapping(agentId, did) {
-    const fs3 = await import("fs/promises");
-    const path3 = await import("path");
-    const os2 = await import("os");
-    const mappingDir = path3.join(os2.homedir(), ".vess-aidentity", "agent-dids");
-    await fs3.mkdir(mappingDir, { recursive: true });
-    const mappingFile = path3.join(mappingDir, `${agentId}.did`);
-    await fs3.writeFile(mappingFile, did, "utf-8");
+    const fs4 = await import("fs/promises");
+    const path4 = await import("path");
+    const os3 = await import("os");
+    const mappingDir = path4.join(os3.homedir(), ".vess-aidentity", "agent-dids");
+    await fs4.mkdir(mappingDir, { recursive: true });
+    const mappingFile = path4.join(mappingDir, `${agentId}.did`);
+    await fs4.writeFile(mappingFile, did, "utf-8");
   }
   /**
    * Load agent ID -> DID mapping from persistent storage
    */
   async loadAgentDIDMapping(agentId) {
-    const fs3 = await import("fs/promises");
-    const path3 = await import("path");
-    const os2 = await import("os");
-    const mappingFile = path3.join(os2.homedir(), ".vess", "agent-dids", `${agentId}.did`);
+    const fs4 = await import("fs/promises");
+    const path4 = await import("path");
+    const os3 = await import("os");
+    const mappingFile = path4.join(os3.homedir(), ".vess", "agent-dids", `${agentId}.did`);
     try {
-      return await fs3.readFile(mappingFile, "utf-8");
+      return await fs4.readFile(mappingFile, "utf-8");
     } catch {
       return null;
     }
@@ -1018,12 +1022,12 @@ var AgentDIDManager = class {
    * Delete agent ID -> DID mapping from persistent storage
    */
   async deleteAgentDIDMapping(agentId) {
-    const fs3 = await import("fs/promises");
-    const path3 = await import("path");
-    const os2 = await import("os");
-    const mappingFile = path3.join(os2.homedir(), ".vess", "agent-dids", `${agentId}.did`);
+    const fs4 = await import("fs/promises");
+    const path4 = await import("path");
+    const os3 = await import("os");
+    const mappingFile = path4.join(os3.homedir(), ".vess", "agent-dids", `${agentId}.did`);
     try {
-      await fs3.unlink(mappingFile);
+      await fs4.unlink(mappingFile);
     } catch {
     }
   }
@@ -1295,24 +1299,24 @@ var UserIdentityManager = class {
    * Save current user DID to persistent storage
    */
   async saveUserDID(did) {
-    const fs3 = await import("fs/promises");
-    const path3 = await import("path");
-    const os2 = await import("os");
-    const configDir = path3.join(os2.homedir(), ".vess-aidentity");
-    await fs3.mkdir(configDir, { recursive: true });
-    const userDIDFile = path3.join(configDir, "user-did.txt");
-    await fs3.writeFile(userDIDFile, did, "utf-8");
+    const fs4 = await import("fs/promises");
+    const path4 = await import("path");
+    const os3 = await import("os");
+    const configDir = path4.join(os3.homedir(), ".vess-aidentity");
+    await fs4.mkdir(configDir, { recursive: true });
+    const userDIDFile = path4.join(configDir, "user-did.txt");
+    await fs4.writeFile(userDIDFile, did, "utf-8");
   }
   /**
    * Load current user DID from persistent storage
    */
   async loadUserDID() {
-    const fs3 = await import("fs/promises");
-    const path3 = await import("path");
-    const os2 = await import("os");
-    const userDIDFile = path3.join(os2.homedir(), ".vess-aidentity", "user-did.txt");
+    const fs4 = await import("fs/promises");
+    const path4 = await import("path");
+    const os3 = await import("os");
+    const userDIDFile = path4.join(os3.homedir(), ".vess-aidentity", "user-did.txt");
     try {
-      return await fs3.readFile(userDIDFile, "utf-8");
+      return await fs4.readFile(userDIDFile, "utf-8");
     } catch {
       return null;
     }
@@ -1321,12 +1325,12 @@ var UserIdentityManager = class {
    * Clear saved user DID
    */
   async clearUserDID() {
-    const fs3 = await import("fs/promises");
-    const path3 = await import("path");
-    const os2 = await import("os");
-    const userDIDFile = path3.join(os2.homedir(), ".vess-aidentity", "user-did.txt");
+    const fs4 = await import("fs/promises");
+    const path4 = await import("path");
+    const os3 = await import("os");
+    const userDIDFile = path4.join(os3.homedir(), ".vess-aidentity", "user-did.txt");
     try {
-      await fs3.unlink(userDIDFile);
+      await fs4.unlink(userDIDFile);
     } catch {
     }
   }
@@ -4027,6 +4031,303 @@ function evaluateConstraints(constraints, context, currentInvocations, expiresAt
   return defaultConstraintEvaluator.evaluate(constraints, context, currentInvocations, expiresAt);
 }
+// src/state/json-state-store.ts
+var fs2 = __toESM(require("fs/promises"));
+var path2 = __toESM(require("path"));
+var os2 = __toESM(require("os"));
+var JsonStateStore = class {
+  filePath;
+  data = null;
+  constructor(filePath) {
+    this.filePath = filePath || path2.join(os2.homedir(), ".vess", "state.json");
+  }
+  async get(key) {
+    const data = await this.load();
+    return getNestedValue(data, key);
+  }
+  async set(key, value) {
+    const data = await this.load();
+    setNestedValue(data, key, value);
+    await this.save(data);
+  }
+  async delete(key) {
+    const data = await this.load();
+    const existed = getNestedValue(data, key) !== void 0;
+    if (existed) {
+      deleteNestedValue(data, key);
+      await this.save(data);
+    }
+    return existed;
+  }
+  async has(key) {
+    const data = await this.load();
+    return getNestedValue(data, key) !== void 0;
+  }
+  async getAll() {
+    return { ...await this.load() };
+  }
+  async clear() {
+    this.data = {};
+    await this.save(this.data);
+  }
+  /**
+   * Get the file path used by this store (useful for diagnostics)
+   */
+  getFilePath() {
+    return this.filePath;
+  }
+  async load() {
+    if (this.data !== null) {
+      return this.data;
+    }
+    try {
+      const raw = await fs2.readFile(this.filePath, "utf-8");
+      this.data = JSON.parse(raw);
+    } catch (err) {
+      if (err.code === "ENOENT") {
+        this.data = {};
+      } else if (err instanceof SyntaxError) {
+        this.data = {};
+      } else {
+        throw err;
+      }
+    }
+    return this.data;
+  }
+  async save(data) {
+    this.data = data;
+    const dir = path2.dirname(this.filePath);
+    await fs2.mkdir(dir, { recursive: true, mode: 448 });
+    const tmpPath = this.filePath + ".tmp";
+    await fs2.writeFile(tmpPath, JSON.stringify(data, null, 2), { encoding: "utf-8", mode: 384 });
+    await fs2.rename(tmpPath, this.filePath);
+  }
+};
+function getNestedValue(obj, key) {
+  const parts = key.split(".");
+  let current = obj;
+  for (const part of parts) {
+    if (current === null || current === void 0 || typeof current !== "object") {
+      return void 0;
+    }
+    current = current[part];
+  }
+  return current;
+}
+function setNestedValue(obj, key, value) {
+  const parts = key.split(".");
+  let current = obj;
+  for (let i = 0; i < parts.length - 1; i++) {
+    const part = parts[i];
+    if (current[part] === void 0 || current[part] === null || typeof current[part] !== "object") {
+      current[part] = {};
+    }
+    current = current[part];
+  }
+  current[parts[parts.length - 1]] = value;
+}
+function deleteNestedValue(obj, key) {
+  const parts = key.split(".");
+  let current = obj;
+  for (let i = 0; i < parts.length - 1; i++) {
+    const part = parts[i];
+    if (current[part] === void 0 || typeof current[part] !== "object") {
+      return;
+    }
+    current = current[part];
+  }
+  delete current[parts[parts.length - 1]];
+}
+// src/gateway/gateway-client.ts
+var GatewayClient = class {
+  baseUrl;
+  stateStore;
+  apiKey;
+  sessionToken;
+  constructor(options) {
+    this.baseUrl = options.baseUrl.replace(/\/+$/, "").replace(/\/v1$/, "");
+    this.stateStore = options.stateStore;
+    this.apiKey = options.apiKey;
+    this.sessionToken = options.sessionToken;
+  }
+  /**
+   * Set session token for authenticated requests
+   */
+  setSessionToken(token) {
+    this.sessionToken = token;
+  }
+  /**
+   * Fetch events from the Gateway.
+   * If cursor is not provided, attempts to load it from StateStore.
+   *
+   * NOTE: The /events long-poll endpoint may not be implemented on the API server yet.
+   * This client is designed to work once the endpoint is available.
+   */
+  async getEvents(options = {}) {
+    let cursor = options.cursor;
+    if (!cursor && this.stateStore) {
+      cursor = await this.stateStore.get("events.cursor");
+    }
+    const params = new URLSearchParams();
+    if (cursor) params.set("cursor", cursor);
+    if (options.limit) params.set("limit", String(options.limit));
+    if (options.waitSeconds !== void 0) params.set("wait", String(options.waitSeconds));
+    const url = `${this.baseUrl}/api/v1/events?${params.toString()}`;
+    const response = await fetch(url, {
+      method: "GET",
+      headers: this.buildHeaders()
+    });
+    if (!response.ok) {
+      const body = await response.text().catch(() => "");
+      throw new GatewayError(
+        `getEvents failed: ${response.status} ${response.statusText}`,
+        response.status,
+        body
+      );
+    }
+    const result = await response.json();
+    if (result.cursor && this.stateStore) {
+      await this.stateStore.set("events.cursor", result.cursor);
+    }
+    return result;
+  }
+  /**
+   * Acknowledge an event (mark as processed).
+   *
+   * NOTE: The /events/:id/ack endpoint may not be implemented on the API server yet.
+   */
+  async ackEvent(eventId) {
+    const url = `${this.baseUrl}/api/v1/events/${encodeURIComponent(eventId)}/ack`;
+    const response = await fetch(url, {
+      method: "POST",
+      headers: this.buildHeaders()
+    });
+    if (!response.ok) {
+      const body = await response.text().catch(() => "");
+      throw new GatewayError(
+        `ackEvent failed: ${response.status} ${response.statusText}`,
+        response.status,
+        body
+      );
+    }
+    return await response.json();
+  }
+  /**
+   * Validate an API key against the Gateway.
+   *
+   * @param apiKey       API key to validate
+   * @param projectId    Optional project scope
+   * @param requiredScopes Scopes the caller needs — callers should pass the
+   *                       scopes relevant to their context (e.g. MCP passes
+   *                       ['mcp:tools:*', 'mcp:memory:*']).
+   */
+  async validateApiKey(apiKey, projectId, requiredScopes) {
+    const url = `${this.baseUrl}/api/mcp/api-keys/validate`;
+    const body = { projectId };
+    if (requiredScopes && requiredScopes.length > 0) {
+      body.requiredScopes = requiredScopes;
+    }
+    const response = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-API-Key": apiKey
+      },
+      body: JSON.stringify(body)
+    });
+    if (!response.ok) {
+      return { valid: false };
+    }
+    return await response.json();
+  }
+  buildHeaders() {
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.apiKey) {
+      headers["X-API-Key"] = this.apiKey;
+    }
+    if (this.sessionToken) {
+      headers["Authorization"] = `Bearer ${this.sessionToken}`;
+    }
+    return headers;
+  }
+};
+var GatewayError = class extends Error {
+  constructor(message, statusCode, responseBody) {
+    super(message);
+    this.statusCode = statusCode;
+    this.responseBody = responseBody;
+    this.name = "GatewayError";
+  }
+};
+// src/auth/auth-provider.ts
+var AuthProvider = class {
+  stateStore;
+  gatewayClient;
+  constructor(stateStore, gatewayClient) {
+    this.stateStore = stateStore;
+    this.gatewayClient = gatewayClient;
+  }
+  /**
+   * Authenticate with an API key. Validates against the Gateway and
+   * persists the result in the StateStore.
+   *
+   * @returns The validation result
+   */
+  async login(apiKey, apiUrl, projectId) {
+    const result = await this.gatewayClient.validateApiKey(apiKey, projectId);
+    if (result.valid) {
+      const authState = {
+        apiKey,
+        apiUrl,
+        userId: result.userId,
+        projectId: result.projectId || projectId,
+        scopes: result.scopes,
+        authenticatedAt: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      await this.stateStore.set("auth", authState);
+    }
+    return result;
+  }
+  /**
+   * Get the current auth state from the StateStore.
+   * Returns undefined if not authenticated.
+   */
+  async getAuthState() {
+    return this.stateStore.get("auth");
+  }
+  /**
+   * Check if we have stored auth credentials
+   */
+  async isAuthenticated() {
+    const auth = await this.getAuthState();
+    return auth !== void 0 && auth.apiKey !== void 0;
+  }
+  /**
+   * Clear auth state (logout)
+   */
+  async logout() {
+    await this.stateStore.delete("auth");
+  }
+  /**
+   * Get the stored API key, or undefined if not authenticated
+   */
+  async getApiKey() {
+    const auth = await this.getAuthState();
+    return auth?.apiKey;
+  }
+  /**
+   * Get the stored API URL, or undefined if not authenticated
+   */
+  async getApiUrl() {
+    const auth = await this.getAuthState();
+    return auth?.apiUrl;
+  }
+};
 // src/registry/action-registry.ts
 var import_ajv = __toESM(require("ajv"));
 var import_ajv_formats = __toESM(require("ajv-formats"));
@@ -4897,12 +5198,16 @@ var version = "0.0.1";
   AgentDIDManager,
   AgentManager,
   AllowAllAbac,
+  AuthProvider,
   ConstraintEvaluator,
   DeviceEnrollManager,
   DisclosureConfigManager,
   DummyCreds,
   DummyVpVerifier,
   FilesystemKeyStorage,
+  GatewayClient,
+  GatewayError,
+  JsonStateStore,
   KeyManager,
   KeyRotationManager,
   MemoryKeyStorage,