@zerobase-labs/passport-sdk 0.1.0 → 0.1.1

package/README.md

@@ -24,7 +24,7 @@ yarn add @zerobase-labs/passport-sdk
 import { AgentPassportClient } from '@zerobase-labs/passport-sdk';
 
 const passport = new AgentPassportClient({
-  baseUrl: 'https://passport-api.onrender.com',
+  baseUrl: 'https://agent-passport.onrender.com',
   appId: 'your-app-id',
   appKey: 'ap_live_...',
 });
@@ -41,7 +41,7 @@ if (result.valid && result.risk?.recommendedAction === 'allow') {
 import { AgentClient } from '@zerobase-labs/passport-sdk';
 
 const agent = new AgentClient({
-  baseUrl: 'https://passport-api.onrender.com',
+  baseUrl: 'https://agent-passport.onrender.com',
 });
 
 // Register once

package/dist/index.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/client.ts","../src/agent.ts"],"sourcesContent":["// ============================================================================\r\n// Agent Passport SDK — Main entry point\r\n// ============================================================================\r\n\r\n// Clients\r\nexport { AgentPassportClient } from './client.js';\r\nexport { AgentClient } from './agent.js';\r\n\r\n// Error classes\r\nexport {\r\n  PassportError,\r\n  PassportNetworkError,\r\n  PassportAuthError,\r\n  PassportRateLimitError,\r\n  PassportValidationError,\r\n} from './errors.js';\r\n\r\n// Types\r\nexport type {\r\n  AgentPassportClientOptions,\r\n  AgentClientOptions,\r\n  VerifyResult,\r\n  IntrospectResult,\r\n  RevokeResult,\r\n  RiskAction,\r\n  RiskAssessment,\r\n  RegisterAgentParams,\r\n  RegisterAgentResult,\r\n  ChallengeResult,\r\n  AuthenticateParams,\r\n  AuthenticateResult,\r\n  ExchangeTokenParams,\r\n} from './types.js';\r\n","// ============================================================================\r\n// Agent Passport SDK — Error Classes\r\n// ============================================================================\r\n\r\n/**\r\n * Base error class for all Agent Passport SDK errors.\r\n * Extends the native Error with HTTP status code and structured error info.\r\n */\r\nexport class PassportError extends Error {\r\n  /** Machine-readable error code (e.g. INVALID_TOKEN, RATE_LIMITED) */\r\n  public readonly code: string;\r\n  /** HTTP status code returned by the API */\r\n  public readonly statusCode: number;\r\n  /** Seconds to wait before retrying (present on 429 responses) */\r\n  public readonly retryAfter?: number;\r\n  /** Server-assigned request ID for debugging */\r\n  public readonly requestId?: string;\r\n  /** Additional error details from the API */\r\n  public readonly details?: Record<string, unknown>;\r\n\r\n  constructor(\r\n    code: string,\r\n    message: string,\r\n    statusCode: number,\r\n    options?: {\r\n      retryAfter?: number;\r\n      requestId?: string;\r\n      details?: Record<string, unknown>;\r\n    },\r\n  ) {\r\n    super(message);\r\n    this.name = 'PassportError';\r\n    this.code = code;\r\n    this.statusCode = statusCode;\r\n    this.retryAfter = options?.retryAfter;\r\n    this.requestId = options?.requestId;\r\n    this.details = options?.details;\r\n  }\r\n}\r\n\r\n/**\r\n * Thrown when the SDK cannot reach the Agent Passport API\r\n * (DNS failure, connection refused, timeout, etc.)\r\n */\r\nexport class PassportNetworkError extends PassportError {\r\n  constructor(message: string, options?: { cause?: Error }) {\r\n    super('NETWORK_ERROR', message, 0, {});\r\n    this.name = 'PassportNetworkError';\r\n    if (options?.cause) {\r\n      this.cause = options.cause;\r\n    }\r\n  }\r\n}\r\n\r\n/**\r\n * Thrown on 401 or 403 responses — invalid or missing credentials.\r\n */\r\nexport class PassportAuthError extends PassportError {\r\n  constructor(\r\n    code: string,\r\n    message: string,\r\n    statusCode: number,\r\n    options?: { requestId?: string; details?: Record<string, unknown> },\r\n  ) {\r\n    super(code, message, statusCode, options);\r\n    this.name = 'PassportAuthError';\r\n  }\r\n}\r\n\r\n/**\r\n * Thrown on 429 responses — too many requests.\r\n * Check `retryAfter` for the number of seconds to wait.\r\n */\r\nexport class PassportRateLimitError extends PassportError {\r\n  constructor(\r\n    message: string,\r\n    retryAfter: number,\r\n    options?: { requestId?: string },\r\n  ) {\r\n    super('RATE_LIMITED', message, 429, {\r\n      retryAfter,\r\n      requestId: options?.requestId,\r\n    });\r\n    this.name = 'PassportRateLimitError';\r\n  }\r\n}\r\n\r\n/**\r\n * Thrown on 400 responses — request validation failed.\r\n */\r\nexport class PassportValidationError extends PassportError {\r\n  constructor(\r\n    message: string,\r\n    options?: {\r\n      requestId?: string;\r\n      details?: Record<string, unknown>;\r\n    },\r\n  ) {\r\n    super('VALIDATION_ERROR', message, 400, options);\r\n    this.name = 'PassportValidationError';\r\n  }\r\n}\r\n","// ============================================================================\r\n// Agent Passport SDK — AgentPassportClient (for apps verifying agents)\r\n// ============================================================================\r\n\r\nimport {\r\n  PassportError,\r\n  PassportNetworkError,\r\n  PassportAuthError,\r\n  PassportRateLimitError,\r\n  PassportValidationError,\r\n} from './errors.js';\r\nimport type {\r\n  AgentPassportClientOptions,\r\n  VerifyResult,\r\n  IntrospectResult,\r\n  RevokeResult,\r\n} from './types.js';\r\n\r\nconst DEFAULT_TIMEOUT_MS = 10_000;\r\nconst DEFAULT_MAX_RETRIES = 3;\r\nconst BASE_BACKOFF_MS = 1_000;\r\n\r\n/**\r\n * Client for **apps** that want to verify agent identity tokens.\r\n *\r\n * @example\r\n * ```ts\r\n * import { AgentPassportClient } from '@zerobase-labs/passport-sdk';\r\n *\r\n * const passport = new AgentPassportClient({\r\n *   baseUrl: 'https://passport-api.onrender.com',\r\n *   appId: 'your-app-id',\r\n *   appKey: 'ap_live_...',\r\n * });\r\n *\r\n * const result = await passport.verify(token);\r\n * if (result.valid && result.risk?.action === 'allow') {\r\n *   // Agent is who they say they are ✓\r\n * }\r\n * ```\r\n */\r\nexport class AgentPassportClient {\r\n  private readonly baseUrl: string;\r\n  private readonly appId: string;\r\n  private readonly appKey: string;\r\n  private readonly timeoutMs: number;\r\n  private readonly maxRetries: number;\r\n  private readonly fetchImpl: typeof globalThis.fetch;\r\n\r\n  constructor(options: AgentPassportClientOptions) {\r\n    if (!options.baseUrl) throw new Error('baseUrl is required');\r\n    if (!options.appId) throw new Error('appId is required');\r\n    if (!options.appKey) throw new Error('appKey is required');\r\n\r\n    this.baseUrl = options.baseUrl.replace(/\\/$/, '');\r\n    this.appId = options.appId;\r\n    this.appKey = options.appKey;\r\n    this.timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\r\n    this.maxRetries = options.maxRetries ?? DEFAULT_MAX_RETRIES;\r\n    this.fetchImpl = options.fetch ?? globalThis.fetch;\r\n  }\r\n\r\n  // =========================================================================\r\n  // Public API\r\n  // =========================================================================\r\n\r\n  /**\r\n   * Verify an agent's identity token.\r\n   *\r\n   * @param token - The JWT identity token presented by the agent\r\n   * @returns Verification result including agent info and risk assessment\r\n   *\r\n   * @example\r\n   * ```ts\r\n   * const result = await passport.verify(token);\r\n   * if (result.valid) {\r\n   *   console.log(`Agent ${result.handle} verified, risk: ${result.risk?.score}`);\r\n   * }\r\n   * ```\r\n   */\r\n  async verify(token: string): Promise<VerifyResult> {\r\n    const raw = await this.requestWithRetry<VerifyResult>('POST', '/v1/tokens/verify', {\r\n      token,\r\n    });\r\n\r\n    // The API returns `recommendedAction`; also expose it as `action` for convenience\r\n    if (raw.risk) {\r\n      const ra = raw.risk.recommendedAction ?? raw.risk.action;\r\n      (raw.risk as { action: string; recommendedAction: string }).action = ra;\r\n      (raw.risk as { action: string; recommendedAction: string }).recommendedAction = ra;\r\n    }\r\n\r\n    return raw;\r\n  }\r\n\r\n  /**\r\n   * Introspect an agent's identity token (RFC 7662).\r\n   *\r\n   * @param token - The JWT identity token to introspect\r\n   * @returns Token introspection result\r\n   */\r\n  async introspect(token: string): Promise<IntrospectResult> {\r\n    return this.requestWithRetry<IntrospectResult>(\r\n      'POST',\r\n      '/v1/tokens/introspect',\r\n      { token },\r\n    );\r\n  }\r\n\r\n  /**\r\n   * Revoke an agent's identity token before it expires.\r\n   *\r\n   * @param token - The JWT identity token to revoke\r\n   * @returns Revocation result with the token's JTI\r\n   */\r\n  async revoke(token: string): Promise<RevokeResult> {\r\n    return this.requestWithRetry<RevokeResult>('POST', '/v1/tokens/revoke', {\r\n      token,\r\n    });\r\n  }\r\n\r\n  // =========================================================================\r\n  // Internal HTTP\r\n  // =========================================================================\r\n\r\n  private async requestWithRetry<T>(\r\n    method: string,\r\n    path: string,\r\n    body: unknown,\r\n  ): Promise<T> {\r\n    let lastError: Error | undefined;\r\n\r\n    for (let attempt = 0; attempt <= this.maxRetries; attempt++) {\r\n      try {\r\n        return await this.request<T>(method, path, body);\r\n      } catch (err) {\r\n        lastError = err as Error;\r\n\r\n        // Only retry on 429 (rate limit) responses\r\n        if (err instanceof PassportRateLimitError && attempt < this.maxRetries) {\r\n          const backoffMs = err.retryAfter\r\n            ? err.retryAfter * 1_000\r\n            : BASE_BACKOFF_MS * Math.pow(2, attempt);\r\n          await sleep(backoffMs);\r\n          continue;\r\n        }\r\n\r\n        throw err;\r\n      }\r\n    }\r\n\r\n    // Should not reach here, but just in case\r\n    throw lastError ?? new Error('Request failed after retries');\r\n  }\r\n\r\n  private async request<T>(\r\n    method: string,\r\n    path: string,\r\n    body: unknown,\r\n  ): Promise<T> {\r\n    const url = `${this.baseUrl}${path}`;\r\n    const controller = new AbortController();\r\n    const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);\r\n\r\n    try {\r\n      const response = await this.fetchImpl(url, {\r\n        method,\r\n        headers: {\r\n          'Content-Type': 'application/json',\r\n          'X-App-Id': this.appId,\r\n          'X-App-Key': this.appKey,\r\n        },\r\n        body: JSON.stringify(body),\r\n        signal: controller.signal,\r\n      });\r\n\r\n      clearTimeout(timeoutId);\r\n\r\n      if (response.ok) {\r\n        return (await response.json()) as T;\r\n      }\r\n\r\n      // Parse error body\r\n      let errorBody: { error?: string; reason?: string; details?: Record<string, unknown>; request_id?: string } = {};\r\n      try {\r\n        errorBody = (await response.json()) as typeof errorBody;\r\n      } catch {\r\n        // Non-JSON error response — use status text\r\n      }\r\n\r\n      const code = errorBody.error ?? `HTTP_${response.status}`;\r\n      const message = errorBody.reason ?? errorBody.error ?? response.statusText;\r\n      const requestId = errorBody.request_id;\r\n\r\n      if (response.status === 429) {\r\n        const retryAfter = Number(response.headers.get('Retry-After')) || 1;\r\n        throw new PassportRateLimitError(message, retryAfter, { requestId });\r\n      }\r\n\r\n      if (response.status === 401 || response.status === 403) {\r\n        throw new PassportAuthError(code, message, response.status, {\r\n          requestId,\r\n          details: errorBody.details,\r\n        });\r\n      }\r\n\r\n      if (response.status === 400) {\r\n        throw new PassportValidationError(message, {\r\n          requestId,\r\n          details: errorBody.details,\r\n        });\r\n      }\r\n\r\n      throw new PassportError(code, message, response.status, {\r\n        requestId,\r\n        details: errorBody.details,\r\n      });\r\n    } catch (err) {\r\n      clearTimeout(timeoutId);\r\n\r\n      // Re-throw SDK errors as-is\r\n      if (err instanceof PassportError) {\r\n        throw err;\r\n      }\r\n\r\n      // Wrap native errors\r\n      if (err instanceof DOMException && err.name === 'AbortError') {\r\n        throw new PassportNetworkError(\r\n          `Request to ${url} timed out after ${this.timeoutMs}ms`,\r\n          { cause: err },\r\n        );\r\n      }\r\n\r\n      throw new PassportNetworkError(\r\n        `Failed to connect to ${url}: ${(err as Error).message}`,\r\n        { cause: err as Error },\r\n      );\r\n    }\r\n  }\r\n}\r\n\r\n// ---------------------------------------------------------------------------\r\n// Helpers\r\n// ---------------------------------------------------------------------------\r\n\r\nfunction sleep(ms: number): Promise<void> {\r\n  return new Promise((resolve) => setTimeout(resolve, ms));\r\n}\r\n","// ============================================================================\r\n// Agent Passport SDK — AgentClient (for agents authenticating themselves)\r\n// ============================================================================\r\n\r\nimport {\r\n  PassportError,\r\n  PassportNetworkError,\r\n  PassportRateLimitError,\r\n  PassportValidationError,\r\n  PassportAuthError,\r\n} from './errors.js';\r\nimport type {\r\n  AgentClientOptions,\r\n  RegisterAgentParams,\r\n  RegisterAgentResult,\r\n  ChallengeResult,\r\n  AuthenticateParams,\r\n  AuthenticateResult,\r\n  ExchangeTokenParams,\r\n} from './types.js';\r\n\r\nconst DEFAULT_TIMEOUT_MS = 10_000;\r\nconst DEFAULT_MAX_RETRIES = 3;\r\nconst BASE_BACKOFF_MS = 1_000;\r\n\r\n/**\r\n * Client for **AI agents** that want to authenticate with Agent Passport.\r\n *\r\n * **SECURITY**: Private keys never enter this SDK. The `authenticate()` method\r\n * takes a `sign` callback — your code does the signing and only the signature\r\n * is sent to the API.\r\n *\r\n * @example\r\n * ```ts\r\n * import { AgentClient } from '@zerobase-labs/passport-sdk';\r\n *\r\n * const agent = new AgentClient({\r\n *   baseUrl: 'https://passport-api.onrender.com',\r\n * });\r\n *\r\n * // Register a new agent\r\n * const { agentId } = await agent.register({\r\n *   handle: 'my-cool-agent',\r\n *   publicKeyB64: '...',\r\n * });\r\n *\r\n * // Authenticate (challenge → sign → token)\r\n * const { token, expiresAt } = await agent.authenticate({\r\n *   agentId,\r\n *   sign: async (nonce) => {\r\n *     // Sign with your private key — it never leaves your code\r\n *     return mySignFunction(nonce, privateKey);\r\n *   },\r\n * });\r\n * ```\r\n */\r\nexport class AgentClient {\r\n  private readonly baseUrl: string;\r\n  private readonly timeoutMs: number;\r\n  private readonly maxRetries: number;\r\n  private readonly fetchImpl: typeof globalThis.fetch;\r\n\r\n  constructor(options: AgentClientOptions) {\r\n    if (!options.baseUrl) throw new Error('baseUrl is required');\r\n\r\n    this.baseUrl = options.baseUrl.replace(/\\/$/, '');\r\n    this.timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\r\n    this.maxRetries = options.maxRetries ?? DEFAULT_MAX_RETRIES;\r\n    this.fetchImpl = options.fetch ?? globalThis.fetch;\r\n  }\r\n\r\n  // =========================================================================\r\n  // Public API\r\n  // =========================================================================\r\n\r\n  /**\r\n   * Register a new agent with Agent Passport.\r\n   *\r\n   * @param params - Agent handle and Ed25519 public key (base64)\r\n   * @returns Object containing the new agent's ID\r\n   */\r\n  async register(params: RegisterAgentParams): Promise<RegisterAgentResult> {\r\n    return this.requestWithRetry<RegisterAgentResult>(\r\n      'POST',\r\n      '/v1/agents/register',\r\n      {\r\n        handle: params.handle,\r\n        publicKeyB64: params.publicKeyB64,\r\n      },\r\n    );\r\n  }\r\n\r\n  /**\r\n   * Full authentication flow: request challenge → sign nonce → exchange for token.\r\n   *\r\n   * **SECURITY**: The `sign` callback keeps private keys out of the SDK.\r\n   * You provide the signing logic; the SDK handles the protocol.\r\n   *\r\n   * @param params - Agent ID + async sign callback\r\n   * @returns JWT identity token and its expiration time\r\n   */\r\n  async authenticate(params: AuthenticateParams): Promise<AuthenticateResult> {\r\n    // Step 1: Request challenge\r\n    const challenge = await this.getChallenge(params.agentId);\r\n\r\n    // Step 2: Sign the nonce with the user-provided callback\r\n    const signatureB64 = await params.sign(challenge.nonce);\r\n\r\n    // Step 3: Exchange signature for token\r\n    return this.exchangeToken({\r\n      agentId: params.agentId,\r\n      challengeId: challenge.challengeId,\r\n      signatureB64,\r\n    });\r\n  }\r\n\r\n  /**\r\n   * Request a challenge nonce for a specific agent.\r\n   *\r\n   * @param agentId - The agent's UUID\r\n   * @returns Challenge ID, nonce, and expiration time\r\n   */\r\n  async getChallenge(agentId: string): Promise<ChallengeResult> {\r\n    return this.requestWithRetry<ChallengeResult>(\r\n      'POST',\r\n      `/v1/agents/${agentId}/challenge`,\r\n    );\r\n  }\r\n\r\n  /**\r\n   * Exchange a signed challenge for an identity token.\r\n   *\r\n   * @param params - Agent ID, challenge ID, and base64-encoded signature\r\n   * @returns JWT identity token and its expiration time\r\n   */\r\n  async exchangeToken(params: ExchangeTokenParams): Promise<AuthenticateResult> {\r\n    return this.requestWithRetry<AuthenticateResult>(\r\n      'POST',\r\n      `/v1/agents/${params.agentId}/identity-token`,\r\n      {\r\n        challengeId: params.challengeId,\r\n        signatureB64: params.signatureB64,\r\n        scopes: params.scopes ?? [],\r\n      },\r\n    );\r\n  }\r\n\r\n  // =========================================================================\r\n  // Internal HTTP\r\n  // =========================================================================\r\n\r\n  private async requestWithRetry<T>(\r\n    method: string,\r\n    path: string,\r\n    body?: unknown,\r\n  ): Promise<T> {\r\n    let lastError: Error | undefined;\r\n\r\n    for (let attempt = 0; attempt <= this.maxRetries; attempt++) {\r\n      try {\r\n        return await this.request<T>(method, path, body);\r\n      } catch (err) {\r\n        lastError = err as Error;\r\n\r\n        if (err instanceof PassportRateLimitError && attempt < this.maxRetries) {\r\n          const backoffMs = err.retryAfter\r\n            ? err.retryAfter * 1_000\r\n            : BASE_BACKOFF_MS * Math.pow(2, attempt);\r\n          await sleep(backoffMs);\r\n          continue;\r\n        }\r\n\r\n        throw err;\r\n      }\r\n    }\r\n\r\n    throw lastError ?? new Error('Request failed after retries');\r\n  }\r\n\r\n  private async request<T>(\r\n    method: string,\r\n    path: string,\r\n    body?: unknown,\r\n  ): Promise<T> {\r\n    const url = `${this.baseUrl}${path}`;\r\n    const controller = new AbortController();\r\n    const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);\r\n\r\n    try {\r\n      const init: RequestInit = {\r\n        method,\r\n        headers: { 'Content-Type': 'application/json' },\r\n        signal: controller.signal,\r\n      };\r\n\r\n      if (body !== undefined) {\r\n        init.body = JSON.stringify(body);\r\n      }\r\n\r\n      const response = await this.fetchImpl(url, init);\r\n\r\n      clearTimeout(timeoutId);\r\n\r\n      if (response.ok) {\r\n        return (await response.json()) as T;\r\n      }\r\n\r\n      let errorBody: {\r\n        error?: string;\r\n        reason?: string;\r\n        details?: Record<string, unknown>;\r\n        request_id?: string;\r\n      } = {};\r\n      try {\r\n        errorBody = (await response.json()) as typeof errorBody;\r\n      } catch {\r\n        // Non-JSON response\r\n      }\r\n\r\n      const code = errorBody.error ?? `HTTP_${response.status}`;\r\n      const message = errorBody.reason ?? errorBody.error ?? response.statusText;\r\n      const requestId = errorBody.request_id;\r\n\r\n      if (response.status === 429) {\r\n        const retryAfter = Number(response.headers.get('Retry-After')) || 1;\r\n        throw new PassportRateLimitError(message, retryAfter, { requestId });\r\n      }\r\n\r\n      if (response.status === 401 || response.status === 403) {\r\n        throw new PassportAuthError(code, message, response.status, {\r\n          requestId,\r\n          details: errorBody.details,\r\n        });\r\n      }\r\n\r\n      if (response.status === 400) {\r\n        throw new PassportValidationError(message, {\r\n          requestId,\r\n          details: errorBody.details,\r\n        });\r\n      }\r\n\r\n      throw new PassportError(code, message, response.status, {\r\n        requestId,\r\n        details: errorBody.details,\r\n      });\r\n    } catch (err) {\r\n      clearTimeout(timeoutId);\r\n\r\n      if (err instanceof PassportError) {\r\n        throw err;\r\n      }\r\n\r\n      if (err instanceof DOMException && err.name === 'AbortError') {\r\n        throw new PassportNetworkError(\r\n          `Request to ${url} timed out after ${this.timeoutMs}ms`,\r\n          { cause: err },\r\n        );\r\n      }\r\n\r\n      throw new PassportNetworkError(\r\n        `Failed to connect to ${url}: ${(err as Error).message}`,\r\n        { cause: err as Error },\r\n      );\r\n    }\r\n  }\r\n}\r\n\r\n// ---------------------------------------------------------------------------\r\n// Helpers\r\n// ---------------------------------------------------------------------------\r\n\r\nfunction sleep(ms: number): Promise<void> {\r\n  return new Promise((resolve) => setTimeout(resolve, ms));\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACQO,IAAM,gBAAN,cAA4B,MAAM;AAAA;AAAA,EAEvB;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA,EAEhB,YACE,MACA,SACA,YACA,SAKA;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,aAAa,SAAS;AAC3B,SAAK,YAAY,SAAS;AAC1B,SAAK,UAAU,SAAS;AAAA,EAC1B;AACF;AAMO,IAAM,uBAAN,cAAmC,cAAc;AAAA,EACtD,YAAY,SAAiB,SAA6B;AACxD,UAAM,iBAAiB,SAAS,GAAG,CAAC,CAAC;AACrC,SAAK,OAAO;AACZ,QAAI,SAAS,OAAO;AAClB,WAAK,QAAQ,QAAQ;AAAA,IACvB;AAAA,EACF;AACF;AAKO,IAAM,oBAAN,cAAgC,cAAc;AAAA,EACnD,YACE,MACA,SACA,YACA,SACA;AACA,UAAM,MAAM,SAAS,YAAY,OAAO;AACxC,SAAK,OAAO;AAAA,EACd;AACF;AAMO,IAAM,yBAAN,cAAqC,cAAc;AAAA,EACxD,YACE,SACA,YACA,SACA;AACA,UAAM,gBAAgB,SAAS,KAAK;AAAA,MAClC;AAAA,MACA,WAAW,SAAS;AAAA,IACtB,CAAC;AACD,SAAK,OAAO;AAAA,EACd;AACF;AAKO,IAAM,0BAAN,cAAsC,cAAc;AAAA,EACzD,YACE,SACA,SAIA;AACA,UAAM,oBAAoB,SAAS,KAAK,OAAO;AAC/C,SAAK,OAAO;AAAA,EACd;AACF;;;ACnFA,IAAM,qBAAqB;AAC3B,IAAM,sBAAsB;AAC5B,IAAM,kBAAkB;AAqBjB,IAAM,sBAAN,MAA0B;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,SAAqC;AAC/C,QAAI,CAAC,QAAQ,QAAS,OAAM,IAAI,MAAM,qBAAqB;AAC3D,QAAI,CAAC,QAAQ,MAAO,OAAM,IAAI,MAAM,mBAAmB;AACvD,QAAI,CAAC,QAAQ,OAAQ,OAAM,IAAI,MAAM,oBAAoB;AAEzD,SAAK,UAAU,QAAQ,QAAQ,QAAQ,OAAO,EAAE;AAChD,SAAK,QAAQ,QAAQ;AACrB,SAAK,SAAS,QAAQ;AACtB,SAAK,YAAY,QAAQ,aAAa;AACtC,SAAK,aAAa,QAAQ,cAAc;AACxC,SAAK,YAAY,QAAQ,SAAS,WAAW;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoBA,MAAM,OAAO,OAAsC;AACjD,UAAM,MAAM,MAAM,KAAK,iBAA+B,QAAQ,qBAAqB;AAAA,MACjF;AAAA,IACF,CAAC;AAGD,QAAI,IAAI,MAAM;AACZ,YAAM,KAAK,IAAI,KAAK,qBAAqB,IAAI,KAAK;AAClD,MAAC,IAAI,KAAuD,SAAS;AACrE,MAAC,IAAI,KAAuD,oBAAoB;AAAA,IAClF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,WAAW,OAA0C;AACzD,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,MACA,EAAE,MAAM;AAAA,IACV;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,OAAO,OAAsC;AACjD,WAAO,KAAK,iBAA+B,QAAQ,qBAAqB;AAAA,MACtE;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,iBACZ,QACA,MACA,MACY;AACZ,QAAI;AAEJ,aAAS,UAAU,GAAG,WAAW,KAAK,YAAY,WAAW;AAC3D,UAAI;AACF,eAAO,MAAM,KAAK,QAAW,QAAQ,MAAM,IAAI;AAAA,MACjD,SAAS,KAAK;AACZ,oBAAY;AAGZ,YAAI,eAAe,0BAA0B,UAAU,KAAK,YAAY;AACtE,gBAAM,YAAY,IAAI,aAClB,IAAI,aAAa,MACjB,kBAAkB,KAAK,IAAI,GAAG,OAAO;AACzC,gBAAM,MAAM,SAAS;AACrB;AAAA,QACF;AAEA,cAAM;AAAA,MACR;AAAA,IACF;AAGA,UAAM,aAAa,IAAI,MAAM,8BAA8B;AAAA,EAC7D;AAAA,EAEA,MAAc,QACZ,QACA,MACA,MACY;AACZ,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAClC,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,SAAS;AAErE,QAAI;AACF,YAAM,WAAW,MAAM,KAAK,UAAU,KAAK;AAAA,QACzC;AAAA,QACA,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,YAAY,KAAK;AAAA,UACjB,aAAa,KAAK;AAAA,QACpB;AAAA,QACA,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,QAAQ,WAAW;AAAA,MACrB,CAAC;AAED,mBAAa,SAAS;AAEtB,UAAI,SAAS,IAAI;AACf,eAAQ,MAAM,SAAS,KAAK;AAAA,MAC9B;AAGA,UAAI,YAAyG,CAAC;AAC9G,UAAI;AACF,oBAAa,MAAM,SAAS,KAAK;AAAA,MACnC,QAAQ;AAAA,MAER;AAEA,YAAM,OAAO,UAAU,SAAS,QAAQ,SAAS,MAAM;AACvD,YAAM,UAAU,UAAU,UAAU,UAAU,SAAS,SAAS;AAChE,YAAM,YAAY,UAAU;AAE5B,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,aAAa,OAAO,SAAS,QAAQ,IAAI,aAAa,CAAC,KAAK;AAClE,cAAM,IAAI,uBAAuB,SAAS,YAAY,EAAE,UAAU,CAAC;AAAA,MACrE;AAEA,UAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,cAAM,IAAI,kBAAkB,MAAM,SAAS,SAAS,QAAQ;AAAA,UAC1D;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,IAAI,wBAAwB,SAAS;AAAA,UACzC;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,YAAM,IAAI,cAAc,MAAM,SAAS,SAAS,QAAQ;AAAA,QACtD;AAAA,QACA,SAAS,UAAU;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,mBAAa,SAAS;AAGtB,UAAI,eAAe,eAAe;AAChC,cAAM;AAAA,MACR;AAGA,UAAI,eAAe,gBAAgB,IAAI,SAAS,cAAc;AAC5D,cAAM,IAAI;AAAA,UACR,cAAc,GAAG,oBAAoB,KAAK,SAAS;AAAA,UACnD,EAAE,OAAO,IAAI;AAAA,QACf;AAAA,MACF;AAEA,YAAM,IAAI;AAAA,QACR,wBAAwB,GAAG,KAAM,IAAc,OAAO;AAAA,QACtD,EAAE,OAAO,IAAa;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AACF;AAMA,SAAS,MAAM,IAA2B;AACxC,SAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AACzD;;;AClOA,IAAMA,sBAAqB;AAC3B,IAAMC,uBAAsB;AAC5B,IAAMC,mBAAkB;AAiCjB,IAAM,cAAN,MAAkB;AAAA,EACN;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,SAA6B;AACvC,QAAI,CAAC,QAAQ,QAAS,OAAM,IAAI,MAAM,qBAAqB;AAE3D,SAAK,UAAU,QAAQ,QAAQ,QAAQ,OAAO,EAAE;AAChD,SAAK,YAAY,QAAQ,aAAaF;AACtC,SAAK,aAAa,QAAQ,cAAcC;AACxC,SAAK,YAAY,QAAQ,SAAS,WAAW;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,SAAS,QAA2D;AACxE,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,QACE,QAAQ,OAAO;AAAA,QACf,cAAc,OAAO;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,aAAa,QAAyD;AAE1E,UAAM,YAAY,MAAM,KAAK,aAAa,OAAO,OAAO;AAGxD,UAAM,eAAe,MAAM,OAAO,KAAK,UAAU,KAAK;AAGtD,WAAO,KAAK,cAAc;AAAA,MACxB,SAAS,OAAO;AAAA,MAChB,aAAa,UAAU;AAAA,MACvB;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,aAAa,SAA2C;AAC5D,WAAO,KAAK;AAAA,MACV;AAAA,MACA,cAAc,OAAO;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,cAAc,QAA0D;AAC5E,WAAO,KAAK;AAAA,MACV;AAAA,MACA,cAAc,OAAO,OAAO;AAAA,MAC5B;AAAA,QACE,aAAa,OAAO;AAAA,QACpB,cAAc,OAAO;AAAA,QACrB,QAAQ,OAAO,UAAU,CAAC;AAAA,MAC5B;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,iBACZ,QACA,MACA,MACY;AACZ,QAAI;AAEJ,aAAS,UAAU,GAAG,WAAW,KAAK,YAAY,WAAW;AAC3D,UAAI;AACF,eAAO,MAAM,KAAK,QAAW,QAAQ,MAAM,IAAI;AAAA,MACjD,SAAS,KAAK;AACZ,oBAAY;AAEZ,YAAI,eAAe,0BAA0B,UAAU,KAAK,YAAY;AACtE,gBAAM,YAAY,IAAI,aAClB,IAAI,aAAa,MACjBC,mBAAkB,KAAK,IAAI,GAAG,OAAO;AACzC,gBAAMC,OAAM,SAAS;AACrB;AAAA,QACF;AAEA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,MAAM,8BAA8B;AAAA,EAC7D;AAAA,EAEA,MAAc,QACZ,QACA,MACA,MACY;AACZ,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAClC,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,SAAS;AAErE,QAAI;AACF,YAAM,OAAoB;AAAA,QACxB;AAAA,QACA,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C,QAAQ,WAAW;AAAA,MACrB;AAEA,UAAI,SAAS,QAAW;AACtB,aAAK,OAAO,KAAK,UAAU,IAAI;AAAA,MACjC;AAEA,YAAM,WAAW,MAAM,KAAK,UAAU,KAAK,IAAI;AAE/C,mBAAa,SAAS;AAEtB,UAAI,SAAS,IAAI;AACf,eAAQ,MAAM,SAAS,KAAK;AAAA,MAC9B;AAEA,UAAI,YAKA,CAAC;AACL,UAAI;AACF,oBAAa,MAAM,SAAS,KAAK;AAAA,MACnC,QAAQ;AAAA,MAER;AAEA,YAAM,OAAO,UAAU,SAAS,QAAQ,SAAS,MAAM;AACvD,YAAM,UAAU,UAAU,UAAU,UAAU,SAAS,SAAS;AAChE,YAAM,YAAY,UAAU;AAE5B,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,aAAa,OAAO,SAAS,QAAQ,IAAI,aAAa,CAAC,KAAK;AAClE,cAAM,IAAI,uBAAuB,SAAS,YAAY,EAAE,UAAU,CAAC;AAAA,MACrE;AAEA,UAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,cAAM,IAAI,kBAAkB,MAAM,SAAS,SAAS,QAAQ;AAAA,UAC1D;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,IAAI,wBAAwB,SAAS;AAAA,UACzC;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,YAAM,IAAI,cAAc,MAAM,SAAS,SAAS,QAAQ;AAAA,QACtD;AAAA,QACA,SAAS,UAAU;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,mBAAa,SAAS;AAEtB,UAAI,eAAe,eAAe;AAChC,cAAM;AAAA,MACR;AAEA,UAAI,eAAe,gBAAgB,IAAI,SAAS,cAAc;AAC5D,cAAM,IAAI;AAAA,UACR,cAAc,GAAG,oBAAoB,KAAK,SAAS;AAAA,UACnD,EAAE,OAAO,IAAI;AAAA,QACf;AAAA,MACF;AAEA,YAAM,IAAI;AAAA,QACR,wBAAwB,GAAG,KAAM,IAAc,OAAO;AAAA,QACtD,EAAE,OAAO,IAAa;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AACF;AAMA,SAASA,OAAM,IAA2B;AACxC,SAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AACzD;","names":["DEFAULT_TIMEOUT_MS","DEFAULT_MAX_RETRIES","BASE_BACKOFF_MS","sleep"]}
+{"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/client.ts","../src/agent.ts"],"sourcesContent":["// ============================================================================\r\n// Agent Passport SDK — Main entry point\r\n// ============================================================================\r\n\r\n// Clients\r\nexport { AgentPassportClient } from './client.js';\r\nexport { AgentClient } from './agent.js';\r\n\r\n// Error classes\r\nexport {\r\n  PassportError,\r\n  PassportNetworkError,\r\n  PassportAuthError,\r\n  PassportRateLimitError,\r\n  PassportValidationError,\r\n} from './errors.js';\r\n\r\n// Types\r\nexport type {\r\n  AgentPassportClientOptions,\r\n  AgentClientOptions,\r\n  VerifyResult,\r\n  IntrospectResult,\r\n  RevokeResult,\r\n  RiskAction,\r\n  RiskAssessment,\r\n  HumanVerificationInfo,\r\n  HumanVerificationSummary,\r\n  RegisterAgentParams,\r\n  RegisterAgentResult,\r\n  ChallengeResult,\r\n  AuthenticateParams,\r\n  AuthenticateResult,\r\n  ExchangeTokenParams,\r\n} from './types.js';\r\n","// ============================================================================\r\n// Agent Passport SDK — Error Classes\r\n// ============================================================================\r\n\r\n/**\r\n * Base error class for all Agent Passport SDK errors.\r\n * Extends the native Error with HTTP status code and structured error info.\r\n */\r\nexport class PassportError extends Error {\r\n  /** Machine-readable error code (e.g. INVALID_TOKEN, RATE_LIMITED) */\r\n  public readonly code: string;\r\n  /** HTTP status code returned by the API */\r\n  public readonly statusCode: number;\r\n  /** Seconds to wait before retrying (present on 429 responses) */\r\n  public readonly retryAfter?: number;\r\n  /** Server-assigned request ID for debugging */\r\n  public readonly requestId?: string;\r\n  /** Additional error details from the API */\r\n  public readonly details?: Record<string, unknown>;\r\n\r\n  constructor(\r\n    code: string,\r\n    message: string,\r\n    statusCode: number,\r\n    options?: {\r\n      retryAfter?: number;\r\n      requestId?: string;\r\n      details?: Record<string, unknown>;\r\n    },\r\n  ) {\r\n    super(message);\r\n    this.name = 'PassportError';\r\n    this.code = code;\r\n    this.statusCode = statusCode;\r\n    this.retryAfter = options?.retryAfter;\r\n    this.requestId = options?.requestId;\r\n    this.details = options?.details;\r\n  }\r\n}\r\n\r\n/**\r\n * Thrown when the SDK cannot reach the Agent Passport API\r\n * (DNS failure, connection refused, timeout, etc.)\r\n */\r\nexport class PassportNetworkError extends PassportError {\r\n  constructor(message: string, options?: { cause?: Error }) {\r\n    super('NETWORK_ERROR', message, 0, {});\r\n    this.name = 'PassportNetworkError';\r\n    if (options?.cause) {\r\n      this.cause = options.cause;\r\n    }\r\n  }\r\n}\r\n\r\n/**\r\n * Thrown on 401 or 403 responses — invalid or missing credentials.\r\n */\r\nexport class PassportAuthError extends PassportError {\r\n  constructor(\r\n    code: string,\r\n    message: string,\r\n    statusCode: number,\r\n    options?: { requestId?: string; details?: Record<string, unknown> },\r\n  ) {\r\n    super(code, message, statusCode, options);\r\n    this.name = 'PassportAuthError';\r\n  }\r\n}\r\n\r\n/**\r\n * Thrown on 429 responses — too many requests.\r\n * Check `retryAfter` for the number of seconds to wait.\r\n */\r\nexport class PassportRateLimitError extends PassportError {\r\n  constructor(\r\n    message: string,\r\n    retryAfter: number,\r\n    options?: { requestId?: string },\r\n  ) {\r\n    super('RATE_LIMITED', message, 429, {\r\n      retryAfter,\r\n      requestId: options?.requestId,\r\n    });\r\n    this.name = 'PassportRateLimitError';\r\n  }\r\n}\r\n\r\n/**\r\n * Thrown on 400 responses — request validation failed.\r\n */\r\nexport class PassportValidationError extends PassportError {\r\n  constructor(\r\n    message: string,\r\n    options?: {\r\n      requestId?: string;\r\n      details?: Record<string, unknown>;\r\n    },\r\n  ) {\r\n    super('VALIDATION_ERROR', message, 400, options);\r\n    this.name = 'PassportValidationError';\r\n  }\r\n}\r\n","// ============================================================================\r\n// Agent Passport SDK — AgentPassportClient (for apps verifying agents)\r\n// ============================================================================\r\n\r\nimport {\r\n  PassportError,\r\n  PassportNetworkError,\r\n  PassportAuthError,\r\n  PassportRateLimitError,\r\n  PassportValidationError,\r\n} from './errors.js';\r\nimport type {\r\n  AgentPassportClientOptions,\r\n  VerifyResult,\r\n  IntrospectResult,\r\n  RevokeResult,\r\n} from './types.js';\r\n\r\nconst DEFAULT_TIMEOUT_MS = 10_000;\r\nconst DEFAULT_MAX_RETRIES = 3;\r\nconst BASE_BACKOFF_MS = 1_000;\r\n\r\n/**\r\n * Client for **apps** that want to verify agent identity tokens.\r\n *\r\n * @example\r\n * ```ts\r\n * import { AgentPassportClient } from '@zerobase-labs/passport-sdk';\r\n *\r\n * const passport = new AgentPassportClient({\r\n *   baseUrl: 'https://agent-passport.onrender.com',\r\n *   appId: 'your-app-id',\r\n *   appKey: 'ap_live_...',\r\n * });\r\n *\r\n * const result = await passport.verify(token);\r\n * if (result.valid && result.risk?.action === 'allow') {\r\n *   // Agent is who they say they are ✓\r\n * }\r\n * ```\r\n */\r\nexport class AgentPassportClient {\r\n  private readonly baseUrl: string;\r\n  private readonly appId: string;\r\n  private readonly appKey: string;\r\n  private readonly timeoutMs: number;\r\n  private readonly maxRetries: number;\r\n  private readonly fetchImpl: typeof globalThis.fetch;\r\n\r\n  constructor(options: AgentPassportClientOptions) {\r\n    if (!options.baseUrl) throw new Error('baseUrl is required');\r\n    if (!options.appId) throw new Error('appId is required');\r\n    if (!options.appKey) throw new Error('appKey is required');\r\n\r\n    this.baseUrl = options.baseUrl.replace(/\\/$/, '');\r\n    this.appId = options.appId;\r\n    this.appKey = options.appKey;\r\n    this.timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\r\n    this.maxRetries = options.maxRetries ?? DEFAULT_MAX_RETRIES;\r\n    this.fetchImpl = options.fetch ?? globalThis.fetch;\r\n  }\r\n\r\n  // =========================================================================\r\n  // Public API\r\n  // =========================================================================\r\n\r\n  /**\r\n   * Verify an agent's identity token.\r\n   *\r\n   * @param token - The JWT identity token presented by the agent\r\n   * @returns Verification result including agent info and risk assessment\r\n   *\r\n   * @example\r\n   * ```ts\r\n   * const result = await passport.verify(token);\r\n   * if (result.valid) {\r\n   *   console.log(`Agent ${result.handle} verified, risk: ${result.risk?.score}`);\r\n   * }\r\n   * ```\r\n   */\r\n  async verify(token: string): Promise<VerifyResult> {\r\n    const raw = await this.requestWithRetry<VerifyResult>('POST', '/v1/tokens/verify', {\r\n      token,\r\n    });\r\n\r\n    // The API returns `recommendedAction`; also expose it as `action` for convenience\r\n    if (raw.risk) {\r\n      const ra = raw.risk.recommendedAction ?? raw.risk.action;\r\n      (raw.risk as { action: string; recommendedAction: string }).action = ra;\r\n      (raw.risk as { action: string; recommendedAction: string }).recommendedAction = ra;\r\n    }\r\n\r\n    return raw;\r\n  }\r\n\r\n  /**\r\n   * Introspect an agent's identity token (RFC 7662).\r\n   *\r\n   * @param token - The JWT identity token to introspect\r\n   * @returns Token introspection result\r\n   */\r\n  async introspect(token: string): Promise<IntrospectResult> {\r\n    return this.requestWithRetry<IntrospectResult>(\r\n      'POST',\r\n      '/v1/tokens/introspect',\r\n      { token },\r\n    );\r\n  }\r\n\r\n  /**\r\n   * Revoke an agent's identity token before it expires.\r\n   *\r\n   * @param token - The JWT identity token to revoke\r\n   * @returns Revocation result with the token's JTI\r\n   */\r\n  async revoke(token: string): Promise<RevokeResult> {\r\n    return this.requestWithRetry<RevokeResult>('POST', '/v1/tokens/revoke', {\r\n      token,\r\n    });\r\n  }\r\n\r\n  // =========================================================================\r\n  // Internal HTTP\r\n  // =========================================================================\r\n\r\n  private async requestWithRetry<T>(\r\n    method: string,\r\n    path: string,\r\n    body: unknown,\r\n  ): Promise<T> {\r\n    let lastError: Error | undefined;\r\n\r\n    for (let attempt = 0; attempt <= this.maxRetries; attempt++) {\r\n      try {\r\n        return await this.request<T>(method, path, body);\r\n      } catch (err) {\r\n        lastError = err as Error;\r\n\r\n        // Only retry on 429 (rate limit) responses\r\n        if (err instanceof PassportRateLimitError && attempt < this.maxRetries) {\r\n          const backoffMs = err.retryAfter\r\n            ? err.retryAfter * 1_000\r\n            : BASE_BACKOFF_MS * Math.pow(2, attempt);\r\n          await sleep(backoffMs);\r\n          continue;\r\n        }\r\n\r\n        throw err;\r\n      }\r\n    }\r\n\r\n    // Should not reach here, but just in case\r\n    throw lastError ?? new Error('Request failed after retries');\r\n  }\r\n\r\n  private async request<T>(\r\n    method: string,\r\n    path: string,\r\n    body: unknown,\r\n  ): Promise<T> {\r\n    const url = `${this.baseUrl}${path}`;\r\n    const controller = new AbortController();\r\n    const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);\r\n\r\n    try {\r\n      const response = await this.fetchImpl(url, {\r\n        method,\r\n        headers: {\r\n          'Content-Type': 'application/json',\r\n          'X-App-Id': this.appId,\r\n          'X-App-Key': this.appKey,\r\n        },\r\n        body: JSON.stringify(body),\r\n        signal: controller.signal,\r\n      });\r\n\r\n      clearTimeout(timeoutId);\r\n\r\n      if (response.ok) {\r\n        return (await response.json()) as T;\r\n      }\r\n\r\n      // Parse error body\r\n      let errorBody: { error?: string; reason?: string; details?: Record<string, unknown>; request_id?: string } = {};\r\n      try {\r\n        errorBody = (await response.json()) as typeof errorBody;\r\n      } catch {\r\n        // Non-JSON error response — use status text\r\n      }\r\n\r\n      const code = errorBody.error ?? `HTTP_${response.status}`;\r\n      const message = errorBody.reason ?? errorBody.error ?? response.statusText;\r\n      const requestId = errorBody.request_id;\r\n\r\n      if (response.status === 429) {\r\n        const retryAfter = Number(response.headers.get('Retry-After')) || 1;\r\n        throw new PassportRateLimitError(message, retryAfter, { requestId });\r\n      }\r\n\r\n      if (response.status === 401 || response.status === 403) {\r\n        throw new PassportAuthError(code, message, response.status, {\r\n          requestId,\r\n          details: errorBody.details,\r\n        });\r\n      }\r\n\r\n      if (response.status === 400) {\r\n        throw new PassportValidationError(message, {\r\n          requestId,\r\n          details: errorBody.details,\r\n        });\r\n      }\r\n\r\n      throw new PassportError(code, message, response.status, {\r\n        requestId,\r\n        details: errorBody.details,\r\n      });\r\n    } catch (err) {\r\n      clearTimeout(timeoutId);\r\n\r\n      // Re-throw SDK errors as-is\r\n      if (err instanceof PassportError) {\r\n        throw err;\r\n      }\r\n\r\n      // Wrap native errors\r\n      if (err instanceof DOMException && err.name === 'AbortError') {\r\n        throw new PassportNetworkError(\r\n          `Request to ${url} timed out after ${this.timeoutMs}ms`,\r\n          { cause: err },\r\n        );\r\n      }\r\n\r\n      throw new PassportNetworkError(\r\n        `Failed to connect to ${url}: ${(err as Error).message}`,\r\n        { cause: err as Error },\r\n      );\r\n    }\r\n  }\r\n}\r\n\r\n// ---------------------------------------------------------------------------\r\n// Helpers\r\n// ---------------------------------------------------------------------------\r\n\r\nfunction sleep(ms: number): Promise<void> {\r\n  return new Promise((resolve) => setTimeout(resolve, ms));\r\n}\r\n","// ============================================================================\r\n// Agent Passport SDK — AgentClient (for agents authenticating themselves)\r\n// ============================================================================\r\n\r\nimport {\r\n  PassportError,\r\n  PassportNetworkError,\r\n  PassportRateLimitError,\r\n  PassportValidationError,\r\n  PassportAuthError,\r\n} from './errors.js';\r\nimport type {\r\n  AgentClientOptions,\r\n  RegisterAgentParams,\r\n  RegisterAgentResult,\r\n  ChallengeResult,\r\n  AuthenticateParams,\r\n  AuthenticateResult,\r\n  ExchangeTokenParams,\r\n} from './types.js';\r\n\r\nconst DEFAULT_TIMEOUT_MS = 10_000;\r\nconst DEFAULT_MAX_RETRIES = 3;\r\nconst BASE_BACKOFF_MS = 1_000;\r\n\r\n/**\r\n * Client for **AI agents** that want to authenticate with Agent Passport.\r\n *\r\n * **SECURITY**: Private keys never enter this SDK. The `authenticate()` method\r\n * takes a `sign` callback — your code does the signing and only the signature\r\n * is sent to the API.\r\n *\r\n * @example\r\n * ```ts\r\n * import { AgentClient } from '@zerobase-labs/passport-sdk';\r\n *\r\n * const agent = new AgentClient({\r\n *   baseUrl: 'https://agent-passport.onrender.com',\r\n * });\r\n *\r\n * // Register a new agent\r\n * const { agentId } = await agent.register({\r\n *   handle: 'my-cool-agent',\r\n *   publicKeyB64: '...',\r\n * });\r\n *\r\n * // Authenticate (challenge → sign → token)\r\n * const { token, expiresAt } = await agent.authenticate({\r\n *   agentId,\r\n *   sign: async (nonce) => {\r\n *     // Sign with your private key — it never leaves your code\r\n *     return mySignFunction(nonce, privateKey);\r\n *   },\r\n * });\r\n * ```\r\n */\r\nexport class AgentClient {\r\n  private readonly baseUrl: string;\r\n  private readonly timeoutMs: number;\r\n  private readonly maxRetries: number;\r\n  private readonly fetchImpl: typeof globalThis.fetch;\r\n\r\n  constructor(options: AgentClientOptions) {\r\n    if (!options.baseUrl) throw new Error('baseUrl is required');\r\n\r\n    this.baseUrl = options.baseUrl.replace(/\\/$/, '');\r\n    this.timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\r\n    this.maxRetries = options.maxRetries ?? DEFAULT_MAX_RETRIES;\r\n    this.fetchImpl = options.fetch ?? globalThis.fetch;\r\n  }\r\n\r\n  // =========================================================================\r\n  // Public API\r\n  // =========================================================================\r\n\r\n  /**\r\n   * Register a new agent with Agent Passport.\r\n   *\r\n   * @param params - Agent handle and Ed25519 public key (base64)\r\n   * @returns Object containing the new agent's ID\r\n   */\r\n  async register(params: RegisterAgentParams): Promise<RegisterAgentResult> {\r\n    return this.requestWithRetry<RegisterAgentResult>(\r\n      'POST',\r\n      '/v1/agents/register',\r\n      {\r\n        handle: params.handle,\r\n        publicKeyB64: params.publicKeyB64,\r\n      },\r\n    );\r\n  }\r\n\r\n  /**\r\n   * Full authentication flow: request challenge → sign nonce → exchange for token.\r\n   *\r\n   * **SECURITY**: The `sign` callback keeps private keys out of the SDK.\r\n   * You provide the signing logic; the SDK handles the protocol.\r\n   *\r\n   * @param params - Agent ID + async sign callback\r\n   * @returns JWT identity token and its expiration time\r\n   */\r\n  async authenticate(params: AuthenticateParams): Promise<AuthenticateResult> {\r\n    // Step 1: Request challenge\r\n    const challenge = await this.getChallenge(params.agentId);\r\n\r\n    // Step 2: Sign the nonce with the user-provided callback\r\n    const signatureB64 = await params.sign(challenge.nonce);\r\n\r\n    // Step 3: Exchange signature for token\r\n    return this.exchangeToken({\r\n      agentId: params.agentId,\r\n      challengeId: challenge.challengeId,\r\n      signatureB64,\r\n    });\r\n  }\r\n\r\n  /**\r\n   * Request a challenge nonce for a specific agent.\r\n   *\r\n   * @param agentId - The agent's UUID\r\n   * @returns Challenge ID, nonce, and expiration time\r\n   */\r\n  async getChallenge(agentId: string): Promise<ChallengeResult> {\r\n    return this.requestWithRetry<ChallengeResult>(\r\n      'POST',\r\n      `/v1/agents/${agentId}/challenge`,\r\n    );\r\n  }\r\n\r\n  /**\r\n   * Exchange a signed challenge for an identity token.\r\n   *\r\n   * @param params - Agent ID, challenge ID, and base64-encoded signature\r\n   * @returns JWT identity token and its expiration time\r\n   */\r\n  async exchangeToken(params: ExchangeTokenParams): Promise<AuthenticateResult> {\r\n    return this.requestWithRetry<AuthenticateResult>(\r\n      'POST',\r\n      `/v1/agents/${params.agentId}/identity-token`,\r\n      {\r\n        challengeId: params.challengeId,\r\n        signatureB64: params.signatureB64,\r\n        scopes: params.scopes ?? [],\r\n      },\r\n    );\r\n  }\r\n\r\n  // =========================================================================\r\n  // Internal HTTP\r\n  // =========================================================================\r\n\r\n  private async requestWithRetry<T>(\r\n    method: string,\r\n    path: string,\r\n    body?: unknown,\r\n  ): Promise<T> {\r\n    let lastError: Error | undefined;\r\n\r\n    for (let attempt = 0; attempt <= this.maxRetries; attempt++) {\r\n      try {\r\n        return await this.request<T>(method, path, body);\r\n      } catch (err) {\r\n        lastError = err as Error;\r\n\r\n        if (err instanceof PassportRateLimitError && attempt < this.maxRetries) {\r\n          const backoffMs = err.retryAfter\r\n            ? err.retryAfter * 1_000\r\n            : BASE_BACKOFF_MS * Math.pow(2, attempt);\r\n          await sleep(backoffMs);\r\n          continue;\r\n        }\r\n\r\n        throw err;\r\n      }\r\n    }\r\n\r\n    throw lastError ?? new Error('Request failed after retries');\r\n  }\r\n\r\n  private async request<T>(\r\n    method: string,\r\n    path: string,\r\n    body?: unknown,\r\n  ): Promise<T> {\r\n    const url = `${this.baseUrl}${path}`;\r\n    const controller = new AbortController();\r\n    const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);\r\n\r\n    try {\r\n      const init: RequestInit = {\r\n        method,\r\n        headers: { 'Content-Type': 'application/json' },\r\n        signal: controller.signal,\r\n      };\r\n\r\n      if (body !== undefined) {\r\n        init.body = JSON.stringify(body);\r\n      }\r\n\r\n      const response = await this.fetchImpl(url, init);\r\n\r\n      clearTimeout(timeoutId);\r\n\r\n      if (response.ok) {\r\n        return (await response.json()) as T;\r\n      }\r\n\r\n      let errorBody: {\r\n        error?: string;\r\n        reason?: string;\r\n        details?: Record<string, unknown>;\r\n        request_id?: string;\r\n      } = {};\r\n      try {\r\n        errorBody = (await response.json()) as typeof errorBody;\r\n      } catch {\r\n        // Non-JSON response\r\n      }\r\n\r\n      const code = errorBody.error ?? `HTTP_${response.status}`;\r\n      const message = errorBody.reason ?? errorBody.error ?? response.statusText;\r\n      const requestId = errorBody.request_id;\r\n\r\n      if (response.status === 429) {\r\n        const retryAfter = Number(response.headers.get('Retry-After')) || 1;\r\n        throw new PassportRateLimitError(message, retryAfter, { requestId });\r\n      }\r\n\r\n      if (response.status === 401 || response.status === 403) {\r\n        throw new PassportAuthError(code, message, response.status, {\r\n          requestId,\r\n          details: errorBody.details,\r\n        });\r\n      }\r\n\r\n      if (response.status === 400) {\r\n        throw new PassportValidationError(message, {\r\n          requestId,\r\n          details: errorBody.details,\r\n        });\r\n      }\r\n\r\n      throw new PassportError(code, message, response.status, {\r\n        requestId,\r\n        details: errorBody.details,\r\n      });\r\n    } catch (err) {\r\n      clearTimeout(timeoutId);\r\n\r\n      if (err instanceof PassportError) {\r\n        throw err;\r\n      }\r\n\r\n      if (err instanceof DOMException && err.name === 'AbortError') {\r\n        throw new PassportNetworkError(\r\n          `Request to ${url} timed out after ${this.timeoutMs}ms`,\r\n          { cause: err },\r\n        );\r\n      }\r\n\r\n      throw new PassportNetworkError(\r\n        `Failed to connect to ${url}: ${(err as Error).message}`,\r\n        { cause: err as Error },\r\n      );\r\n    }\r\n  }\r\n}\r\n\r\n// ---------------------------------------------------------------------------\r\n// Helpers\r\n// ---------------------------------------------------------------------------\r\n\r\nfunction sleep(ms: number): Promise<void> {\r\n  return new Promise((resolve) => setTimeout(resolve, ms));\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACQO,IAAM,gBAAN,cAA4B,MAAM;AAAA;AAAA,EAEvB;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA,EAEhB,YACE,MACA,SACA,YACA,SAKA;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,aAAa,SAAS;AAC3B,SAAK,YAAY,SAAS;AAC1B,SAAK,UAAU,SAAS;AAAA,EAC1B;AACF;AAMO,IAAM,uBAAN,cAAmC,cAAc;AAAA,EACtD,YAAY,SAAiB,SAA6B;AACxD,UAAM,iBAAiB,SAAS,GAAG,CAAC,CAAC;AACrC,SAAK,OAAO;AACZ,QAAI,SAAS,OAAO;AAClB,WAAK,QAAQ,QAAQ;AAAA,IACvB;AAAA,EACF;AACF;AAKO,IAAM,oBAAN,cAAgC,cAAc;AAAA,EACnD,YACE,MACA,SACA,YACA,SACA;AACA,UAAM,MAAM,SAAS,YAAY,OAAO;AACxC,SAAK,OAAO;AAAA,EACd;AACF;AAMO,IAAM,yBAAN,cAAqC,cAAc;AAAA,EACxD,YACE,SACA,YACA,SACA;AACA,UAAM,gBAAgB,SAAS,KAAK;AAAA,MAClC;AAAA,MACA,WAAW,SAAS;AAAA,IACtB,CAAC;AACD,SAAK,OAAO;AAAA,EACd;AACF;AAKO,IAAM,0BAAN,cAAsC,cAAc;AAAA,EACzD,YACE,SACA,SAIA;AACA,UAAM,oBAAoB,SAAS,KAAK,OAAO;AAC/C,SAAK,OAAO;AAAA,EACd;AACF;;;ACnFA,IAAM,qBAAqB;AAC3B,IAAM,sBAAsB;AAC5B,IAAM,kBAAkB;AAqBjB,IAAM,sBAAN,MAA0B;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,SAAqC;AAC/C,QAAI,CAAC,QAAQ,QAAS,OAAM,IAAI,MAAM,qBAAqB;AAC3D,QAAI,CAAC,QAAQ,MAAO,OAAM,IAAI,MAAM,mBAAmB;AACvD,QAAI,CAAC,QAAQ,OAAQ,OAAM,IAAI,MAAM,oBAAoB;AAEzD,SAAK,UAAU,QAAQ,QAAQ,QAAQ,OAAO,EAAE;AAChD,SAAK,QAAQ,QAAQ;AACrB,SAAK,SAAS,QAAQ;AACtB,SAAK,YAAY,QAAQ,aAAa;AACtC,SAAK,aAAa,QAAQ,cAAc;AACxC,SAAK,YAAY,QAAQ,SAAS,WAAW;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoBA,MAAM,OAAO,OAAsC;AACjD,UAAM,MAAM,MAAM,KAAK,iBAA+B,QAAQ,qBAAqB;AAAA,MACjF;AAAA,IACF,CAAC;AAGD,QAAI,IAAI,MAAM;AACZ,YAAM,KAAK,IAAI,KAAK,qBAAqB,IAAI,KAAK;AAClD,MAAC,IAAI,KAAuD,SAAS;AACrE,MAAC,IAAI,KAAuD,oBAAoB;AAAA,IAClF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,WAAW,OAA0C;AACzD,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,MACA,EAAE,MAAM;AAAA,IACV;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,OAAO,OAAsC;AACjD,WAAO,KAAK,iBAA+B,QAAQ,qBAAqB;AAAA,MACtE;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,iBACZ,QACA,MACA,MACY;AACZ,QAAI;AAEJ,aAAS,UAAU,GAAG,WAAW,KAAK,YAAY,WAAW;AAC3D,UAAI;AACF,eAAO,MAAM,KAAK,QAAW,QAAQ,MAAM,IAAI;AAAA,MACjD,SAAS,KAAK;AACZ,oBAAY;AAGZ,YAAI,eAAe,0BAA0B,UAAU,KAAK,YAAY;AACtE,gBAAM,YAAY,IAAI,aAClB,IAAI,aAAa,MACjB,kBAAkB,KAAK,IAAI,GAAG,OAAO;AACzC,gBAAM,MAAM,SAAS;AACrB;AAAA,QACF;AAEA,cAAM;AAAA,MACR;AAAA,IACF;AAGA,UAAM,aAAa,IAAI,MAAM,8BAA8B;AAAA,EAC7D;AAAA,EAEA,MAAc,QACZ,QACA,MACA,MACY;AACZ,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAClC,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,SAAS;AAErE,QAAI;AACF,YAAM,WAAW,MAAM,KAAK,UAAU,KAAK;AAAA,QACzC;AAAA,QACA,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,YAAY,KAAK;AAAA,UACjB,aAAa,KAAK;AAAA,QACpB;AAAA,QACA,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,QAAQ,WAAW;AAAA,MACrB,CAAC;AAED,mBAAa,SAAS;AAEtB,UAAI,SAAS,IAAI;AACf,eAAQ,MAAM,SAAS,KAAK;AAAA,MAC9B;AAGA,UAAI,YAAyG,CAAC;AAC9G,UAAI;AACF,oBAAa,MAAM,SAAS,KAAK;AAAA,MACnC,QAAQ;AAAA,MAER;AAEA,YAAM,OAAO,UAAU,SAAS,QAAQ,SAAS,MAAM;AACvD,YAAM,UAAU,UAAU,UAAU,UAAU,SAAS,SAAS;AAChE,YAAM,YAAY,UAAU;AAE5B,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,aAAa,OAAO,SAAS,QAAQ,IAAI,aAAa,CAAC,KAAK;AAClE,cAAM,IAAI,uBAAuB,SAAS,YAAY,EAAE,UAAU,CAAC;AAAA,MACrE;AAEA,UAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,cAAM,IAAI,kBAAkB,MAAM,SAAS,SAAS,QAAQ;AAAA,UAC1D;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,IAAI,wBAAwB,SAAS;AAAA,UACzC;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,YAAM,IAAI,cAAc,MAAM,SAAS,SAAS,QAAQ;AAAA,QACtD;AAAA,QACA,SAAS,UAAU;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,mBAAa,SAAS;AAGtB,UAAI,eAAe,eAAe;AAChC,cAAM;AAAA,MACR;AAGA,UAAI,eAAe,gBAAgB,IAAI,SAAS,cAAc;AAC5D,cAAM,IAAI;AAAA,UACR,cAAc,GAAG,oBAAoB,KAAK,SAAS;AAAA,UACnD,EAAE,OAAO,IAAI;AAAA,QACf;AAAA,MACF;AAEA,YAAM,IAAI;AAAA,QACR,wBAAwB,GAAG,KAAM,IAAc,OAAO;AAAA,QACtD,EAAE,OAAO,IAAa;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AACF;AAMA,SAAS,MAAM,IAA2B;AACxC,SAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AACzD;;;AClOA,IAAMA,sBAAqB;AAC3B,IAAMC,uBAAsB;AAC5B,IAAMC,mBAAkB;AAiCjB,IAAM,cAAN,MAAkB;AAAA,EACN;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,SAA6B;AACvC,QAAI,CAAC,QAAQ,QAAS,OAAM,IAAI,MAAM,qBAAqB;AAE3D,SAAK,UAAU,QAAQ,QAAQ,QAAQ,OAAO,EAAE;AAChD,SAAK,YAAY,QAAQ,aAAaF;AACtC,SAAK,aAAa,QAAQ,cAAcC;AACxC,SAAK,YAAY,QAAQ,SAAS,WAAW;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,SAAS,QAA2D;AACxE,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,QACE,QAAQ,OAAO;AAAA,QACf,cAAc,OAAO;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,aAAa,QAAyD;AAE1E,UAAM,YAAY,MAAM,KAAK,aAAa,OAAO,OAAO;AAGxD,UAAM,eAAe,MAAM,OAAO,KAAK,UAAU,KAAK;AAGtD,WAAO,KAAK,cAAc;AAAA,MACxB,SAAS,OAAO;AAAA,MAChB,aAAa,UAAU;AAAA,MACvB;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,aAAa,SAA2C;AAC5D,WAAO,KAAK;AAAA,MACV;AAAA,MACA,cAAc,OAAO;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,cAAc,QAA0D;AAC5E,WAAO,KAAK;AAAA,MACV;AAAA,MACA,cAAc,OAAO,OAAO;AAAA,MAC5B;AAAA,QACE,aAAa,OAAO;AAAA,QACpB,cAAc,OAAO;AAAA,QACrB,QAAQ,OAAO,UAAU,CAAC;AAAA,MAC5B;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,iBACZ,QACA,MACA,MACY;AACZ,QAAI;AAEJ,aAAS,UAAU,GAAG,WAAW,KAAK,YAAY,WAAW;AAC3D,UAAI;AACF,eAAO,MAAM,KAAK,QAAW,QAAQ,MAAM,IAAI;AAAA,MACjD,SAAS,KAAK;AACZ,oBAAY;AAEZ,YAAI,eAAe,0BAA0B,UAAU,KAAK,YAAY;AACtE,gBAAM,YAAY,IAAI,aAClB,IAAI,aAAa,MACjBC,mBAAkB,KAAK,IAAI,GAAG,OAAO;AACzC,gBAAMC,OAAM,SAAS;AACrB;AAAA,QACF;AAEA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,MAAM,8BAA8B;AAAA,EAC7D;AAAA,EAEA,MAAc,QACZ,QACA,MACA,MACY;AACZ,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAClC,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,SAAS;AAErE,QAAI;AACF,YAAM,OAAoB;AAAA,QACxB;AAAA,QACA,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C,QAAQ,WAAW;AAAA,MACrB;AAEA,UAAI,SAAS,QAAW;AACtB,aAAK,OAAO,KAAK,UAAU,IAAI;AAAA,MACjC;AAEA,YAAM,WAAW,MAAM,KAAK,UAAU,KAAK,IAAI;AAE/C,mBAAa,SAAS;AAEtB,UAAI,SAAS,IAAI;AACf,eAAQ,MAAM,SAAS,KAAK;AAAA,MAC9B;AAEA,UAAI,YAKA,CAAC;AACL,UAAI;AACF,oBAAa,MAAM,SAAS,KAAK;AAAA,MACnC,QAAQ;AAAA,MAER;AAEA,YAAM,OAAO,UAAU,SAAS,QAAQ,SAAS,MAAM;AACvD,YAAM,UAAU,UAAU,UAAU,UAAU,SAAS,SAAS;AAChE,YAAM,YAAY,UAAU;AAE5B,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,aAAa,OAAO,SAAS,QAAQ,IAAI,aAAa,CAAC,KAAK;AAClE,cAAM,IAAI,uBAAuB,SAAS,YAAY,EAAE,UAAU,CAAC;AAAA,MACrE;AAEA,UAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,cAAM,IAAI,kBAAkB,MAAM,SAAS,SAAS,QAAQ;AAAA,UAC1D;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,IAAI,wBAAwB,SAAS;AAAA,UACzC;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,YAAM,IAAI,cAAc,MAAM,SAAS,SAAS,QAAQ;AAAA,QACtD;AAAA,QACA,SAAS,UAAU;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,mBAAa,SAAS;AAEtB,UAAI,eAAe,eAAe;AAChC,cAAM;AAAA,MACR;AAEA,UAAI,eAAe,gBAAgB,IAAI,SAAS,cAAc;AAC5D,cAAM,IAAI;AAAA,UACR,cAAc,GAAG,oBAAoB,KAAK,SAAS;AAAA,UACnD,EAAE,OAAO,IAAI;AAAA,QACf;AAAA,MACF;AAEA,YAAM,IAAI;AAAA,QACR,wBAAwB,GAAG,KAAM,IAAc,OAAO;AAAA,QACtD,EAAE,OAAO,IAAa;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AACF;AAMA,SAASA,OAAM,IAA2B;AACxC,SAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AACzD;","names":["DEFAULT_TIMEOUT_MS","DEFAULT_MAX_RETRIES","BASE_BACKOFF_MS","sleep"]}

package/dist/index.d.mts

@@ -10,6 +10,27 @@ interface RiskAssessment {
     recommendedAction: RiskAction;
     reasons: string[];
 }
+interface HumanVerificationInfo {
+    id: string;
+    /** Provider name (e.g. "github", "mercle", "email") */
+    provider: string;
+    /** User ID from the external provider */
+    providerId: string;
+    /** Human-readable display name (optional) */
+    displayName: string | null;
+    /** When the verification was created */
+    verifiedAt: string;
+    /** When the verification expires (null = never) */
+    expiresAt: string | null;
+    /** Current status: "active", "expired", or "revoked" */
+    status: string;
+}
+interface HumanVerificationSummary {
+    /** True if the agent has at least one active human verification */
+    verified: boolean;
+    /** List of active human verifications */
+    verifications: HumanVerificationInfo[];
+}
 interface VerifyResult {
     valid: boolean;
     /** Present when valid === true */
@@ -24,6 +45,8 @@ interface VerifyResult {
     reason?: string;
     /** Risk assessment (may be absent if risk engine unavailable) */
     risk?: RiskAssessment;
+    /** Human verification status (present when valid === true) */
+    humanVerification?: HumanVerificationSummary;
 }
 interface IntrospectResult {
     active: boolean;
@@ -77,7 +100,7 @@ interface ExchangeTokenParams {
     scopes?: string[];
 }
 interface AgentPassportClientOptions {
-    /** Base URL of the Agent Passport API (e.g. https://passport-api.onrender.com) */
+    /** Base URL of the Agent Passport API (e.g. https://agent-passport.onrender.com) */
     baseUrl: string;
     /** Your App ID (from the portal) */
     appId: string;
@@ -109,7 +132,7 @@ interface AgentClientOptions {
  * import { AgentPassportClient } from '@zerobase-labs/passport-sdk';
  *
  * const passport = new AgentPassportClient({
- *   baseUrl: 'https://passport-api.onrender.com',
+ *   baseUrl: 'https://agent-passport.onrender.com',
  *   appId: 'your-app-id',
  *   appKey: 'ap_live_...',
  * });
@@ -173,7 +196,7 @@ declare class AgentPassportClient {
  * import { AgentClient } from '@zerobase-labs/passport-sdk';
  *
  * const agent = new AgentClient({
- *   baseUrl: 'https://passport-api.onrender.com',
+ *   baseUrl: 'https://agent-passport.onrender.com',
  * });
  *
  * // Register a new agent
@@ -291,4 +314,4 @@ declare class PassportValidationError extends PassportError {
     });
 }
 
-export { AgentClient, type AgentClientOptions, AgentPassportClient, type AgentPassportClientOptions, type AuthenticateParams, type AuthenticateResult, type ChallengeResult, type ExchangeTokenParams, type IntrospectResult, PassportAuthError, PassportError, PassportNetworkError, PassportRateLimitError, PassportValidationError, type RegisterAgentParams, type RegisterAgentResult, type RevokeResult, type RiskAction, type RiskAssessment, type VerifyResult };
+export { AgentClient, type AgentClientOptions, AgentPassportClient, type AgentPassportClientOptions, type AuthenticateParams, type AuthenticateResult, type ChallengeResult, type ExchangeTokenParams, type HumanVerificationInfo, type HumanVerificationSummary, type IntrospectResult, PassportAuthError, PassportError, PassportNetworkError, PassportRateLimitError, PassportValidationError, type RegisterAgentParams, type RegisterAgentResult, type RevokeResult, type RiskAction, type RiskAssessment, type VerifyResult };

package/dist/index.d.ts

@@ -10,6 +10,27 @@ interface RiskAssessment {
     recommendedAction: RiskAction;
     reasons: string[];
 }
+interface HumanVerificationInfo {
+    id: string;
+    /** Provider name (e.g. "github", "mercle", "email") */
+    provider: string;
+    /** User ID from the external provider */
+    providerId: string;
+    /** Human-readable display name (optional) */
+    displayName: string | null;
+    /** When the verification was created */
+    verifiedAt: string;
+    /** When the verification expires (null = never) */
+    expiresAt: string | null;
+    /** Current status: "active", "expired", or "revoked" */
+    status: string;
+}
+interface HumanVerificationSummary {
+    /** True if the agent has at least one active human verification */
+    verified: boolean;
+    /** List of active human verifications */
+    verifications: HumanVerificationInfo[];
+}
 interface VerifyResult {
     valid: boolean;
     /** Present when valid === true */
@@ -24,6 +45,8 @@ interface VerifyResult {
     reason?: string;
     /** Risk assessment (may be absent if risk engine unavailable) */
     risk?: RiskAssessment;
+    /** Human verification status (present when valid === true) */
+    humanVerification?: HumanVerificationSummary;
 }
 interface IntrospectResult {
     active: boolean;
@@ -77,7 +100,7 @@ interface ExchangeTokenParams {
     scopes?: string[];
 }
 interface AgentPassportClientOptions {
-    /** Base URL of the Agent Passport API (e.g. https://passport-api.onrender.com) */
+    /** Base URL of the Agent Passport API (e.g. https://agent-passport.onrender.com) */
     baseUrl: string;
     /** Your App ID (from the portal) */
     appId: string;
@@ -109,7 +132,7 @@ interface AgentClientOptions {
  * import { AgentPassportClient } from '@zerobase-labs/passport-sdk';
  *
  * const passport = new AgentPassportClient({
- *   baseUrl: 'https://passport-api.onrender.com',
+ *   baseUrl: 'https://agent-passport.onrender.com',
  *   appId: 'your-app-id',
  *   appKey: 'ap_live_...',
  * });
@@ -173,7 +196,7 @@ declare class AgentPassportClient {
  * import { AgentClient } from '@zerobase-labs/passport-sdk';
  *
  * const agent = new AgentClient({
- *   baseUrl: 'https://passport-api.onrender.com',
+ *   baseUrl: 'https://agent-passport.onrender.com',
  * });
  *
  * // Register a new agent
@@ -291,4 +314,4 @@ declare class PassportValidationError extends PassportError {
     });
 }
 
-export { AgentClient, type AgentClientOptions, AgentPassportClient, type AgentPassportClientOptions, type AuthenticateParams, type AuthenticateResult, type ChallengeResult, type ExchangeTokenParams, type IntrospectResult, PassportAuthError, PassportError, PassportNetworkError, PassportRateLimitError, PassportValidationError, type RegisterAgentParams, type RegisterAgentResult, type RevokeResult, type RiskAction, type RiskAssessment, type VerifyResult };
+export { AgentClient, type AgentClientOptions, AgentPassportClient, type AgentPassportClientOptions, type AuthenticateParams, type AuthenticateResult, type ChallengeResult, type ExchangeTokenParams, type HumanVerificationInfo, type HumanVerificationSummary, type IntrospectResult, PassportAuthError, PassportError, PassportNetworkError, PassportRateLimitError, PassportValidationError, type RegisterAgentParams, type RegisterAgentResult, type RevokeResult, type RiskAction, type RiskAssessment, type VerifyResult };

package/dist/index.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/errors.ts","../src/client.ts","../src/agent.ts"],"sourcesContent":["// ============================================================================\r\n// Agent Passport SDK — Error Classes\r\n// ============================================================================\r\n\r\n/**\r\n * Base error class for all Agent Passport SDK errors.\r\n * Extends the native Error with HTTP status code and structured error info.\r\n */\r\nexport class PassportError extends Error {\r\n  /** Machine-readable error code (e.g. INVALID_TOKEN, RATE_LIMITED) */\r\n  public readonly code: string;\r\n  /** HTTP status code returned by the API */\r\n  public readonly statusCode: number;\r\n  /** Seconds to wait before retrying (present on 429 responses) */\r\n  public readonly retryAfter?: number;\r\n  /** Server-assigned request ID for debugging */\r\n  public readonly requestId?: string;\r\n  /** Additional error details from the API */\r\n  public readonly details?: Record<string, unknown>;\r\n\r\n  constructor(\r\n    code: string,\r\n    message: string,\r\n    statusCode: number,\r\n    options?: {\r\n      retryAfter?: number;\r\n      requestId?: string;\r\n      details?: Record<string, unknown>;\r\n    },\r\n  ) {\r\n    super(message);\r\n    this.name = 'PassportError';\r\n    this.code = code;\r\n    this.statusCode = statusCode;\r\n    this.retryAfter = options?.retryAfter;\r\n    this.requestId = options?.requestId;\r\n    this.details = options?.details;\r\n  }\r\n}\r\n\r\n/**\r\n * Thrown when the SDK cannot reach the Agent Passport API\r\n * (DNS failure, connection refused, timeout, etc.)\r\n */\r\nexport class PassportNetworkError extends PassportError {\r\n  constructor(message: string, options?: { cause?: Error }) {\r\n    super('NETWORK_ERROR', message, 0, {});\r\n    this.name = 'PassportNetworkError';\r\n    if (options?.cause) {\r\n      this.cause = options.cause;\r\n    }\r\n  }\r\n}\r\n\r\n/**\r\n * Thrown on 401 or 403 responses — invalid or missing credentials.\r\n */\r\nexport class PassportAuthError extends PassportError {\r\n  constructor(\r\n    code: string,\r\n    message: string,\r\n    statusCode: number,\r\n    options?: { requestId?: string; details?: Record<string, unknown> },\r\n  ) {\r\n    super(code, message, statusCode, options);\r\n    this.name = 'PassportAuthError';\r\n  }\r\n}\r\n\r\n/**\r\n * Thrown on 429 responses — too many requests.\r\n * Check `retryAfter` for the number of seconds to wait.\r\n */\r\nexport class PassportRateLimitError extends PassportError {\r\n  constructor(\r\n    message: string,\r\n    retryAfter: number,\r\n    options?: { requestId?: string },\r\n  ) {\r\n    super('RATE_LIMITED', message, 429, {\r\n      retryAfter,\r\n      requestId: options?.requestId,\r\n    });\r\n    this.name = 'PassportRateLimitError';\r\n  }\r\n}\r\n\r\n/**\r\n * Thrown on 400 responses — request validation failed.\r\n */\r\nexport class PassportValidationError extends PassportError {\r\n  constructor(\r\n    message: string,\r\n    options?: {\r\n      requestId?: string;\r\n      details?: Record<string, unknown>;\r\n    },\r\n  ) {\r\n    super('VALIDATION_ERROR', message, 400, options);\r\n    this.name = 'PassportValidationError';\r\n  }\r\n}\r\n","// ============================================================================\r\n// Agent Passport SDK — AgentPassportClient (for apps verifying agents)\r\n// ============================================================================\r\n\r\nimport {\r\n  PassportError,\r\n  PassportNetworkError,\r\n  PassportAuthError,\r\n  PassportRateLimitError,\r\n  PassportValidationError,\r\n} from './errors.js';\r\nimport type {\r\n  AgentPassportClientOptions,\r\n  VerifyResult,\r\n  IntrospectResult,\r\n  RevokeResult,\r\n} from './types.js';\r\n\r\nconst DEFAULT_TIMEOUT_MS = 10_000;\r\nconst DEFAULT_MAX_RETRIES = 3;\r\nconst BASE_BACKOFF_MS = 1_000;\r\n\r\n/**\r\n * Client for **apps** that want to verify agent identity tokens.\r\n *\r\n * @example\r\n * ```ts\r\n * import { AgentPassportClient } from '@zerobase-labs/passport-sdk';\r\n *\r\n * const passport = new AgentPassportClient({\r\n *   baseUrl: 'https://passport-api.onrender.com',\r\n *   appId: 'your-app-id',\r\n *   appKey: 'ap_live_...',\r\n * });\r\n *\r\n * const result = await passport.verify(token);\r\n * if (result.valid && result.risk?.action === 'allow') {\r\n *   // Agent is who they say they are ✓\r\n * }\r\n * ```\r\n */\r\nexport class AgentPassportClient {\r\n  private readonly baseUrl: string;\r\n  private readonly appId: string;\r\n  private readonly appKey: string;\r\n  private readonly timeoutMs: number;\r\n  private readonly maxRetries: number;\r\n  private readonly fetchImpl: typeof globalThis.fetch;\r\n\r\n  constructor(options: AgentPassportClientOptions) {\r\n    if (!options.baseUrl) throw new Error('baseUrl is required');\r\n    if (!options.appId) throw new Error('appId is required');\r\n    if (!options.appKey) throw new Error('appKey is required');\r\n\r\n    this.baseUrl = options.baseUrl.replace(/\\/$/, '');\r\n    this.appId = options.appId;\r\n    this.appKey = options.appKey;\r\n    this.timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\r\n    this.maxRetries = options.maxRetries ?? DEFAULT_MAX_RETRIES;\r\n    this.fetchImpl = options.fetch ?? globalThis.fetch;\r\n  }\r\n\r\n  // =========================================================================\r\n  // Public API\r\n  // =========================================================================\r\n\r\n  /**\r\n   * Verify an agent's identity token.\r\n   *\r\n   * @param token - The JWT identity token presented by the agent\r\n   * @returns Verification result including agent info and risk assessment\r\n   *\r\n   * @example\r\n   * ```ts\r\n   * const result = await passport.verify(token);\r\n   * if (result.valid) {\r\n   *   console.log(`Agent ${result.handle} verified, risk: ${result.risk?.score}`);\r\n   * }\r\n   * ```\r\n   */\r\n  async verify(token: string): Promise<VerifyResult> {\r\n    const raw = await this.requestWithRetry<VerifyResult>('POST', '/v1/tokens/verify', {\r\n      token,\r\n    });\r\n\r\n    // The API returns `recommendedAction`; also expose it as `action` for convenience\r\n    if (raw.risk) {\r\n      const ra = raw.risk.recommendedAction ?? raw.risk.action;\r\n      (raw.risk as { action: string; recommendedAction: string }).action = ra;\r\n      (raw.risk as { action: string; recommendedAction: string }).recommendedAction = ra;\r\n    }\r\n\r\n    return raw;\r\n  }\r\n\r\n  /**\r\n   * Introspect an agent's identity token (RFC 7662).\r\n   *\r\n   * @param token - The JWT identity token to introspect\r\n   * @returns Token introspection result\r\n   */\r\n  async introspect(token: string): Promise<IntrospectResult> {\r\n    return this.requestWithRetry<IntrospectResult>(\r\n      'POST',\r\n      '/v1/tokens/introspect',\r\n      { token },\r\n    );\r\n  }\r\n\r\n  /**\r\n   * Revoke an agent's identity token before it expires.\r\n   *\r\n   * @param token - The JWT identity token to revoke\r\n   * @returns Revocation result with the token's JTI\r\n   */\r\n  async revoke(token: string): Promise<RevokeResult> {\r\n    return this.requestWithRetry<RevokeResult>('POST', '/v1/tokens/revoke', {\r\n      token,\r\n    });\r\n  }\r\n\r\n  // =========================================================================\r\n  // Internal HTTP\r\n  // =========================================================================\r\n\r\n  private async requestWithRetry<T>(\r\n    method: string,\r\n    path: string,\r\n    body: unknown,\r\n  ): Promise<T> {\r\n    let lastError: Error | undefined;\r\n\r\n    for (let attempt = 0; attempt <= this.maxRetries; attempt++) {\r\n      try {\r\n        return await this.request<T>(method, path, body);\r\n      } catch (err) {\r\n        lastError = err as Error;\r\n\r\n        // Only retry on 429 (rate limit) responses\r\n        if (err instanceof PassportRateLimitError && attempt < this.maxRetries) {\r\n          const backoffMs = err.retryAfter\r\n            ? err.retryAfter * 1_000\r\n            : BASE_BACKOFF_MS * Math.pow(2, attempt);\r\n          await sleep(backoffMs);\r\n          continue;\r\n        }\r\n\r\n        throw err;\r\n      }\r\n    }\r\n\r\n    // Should not reach here, but just in case\r\n    throw lastError ?? new Error('Request failed after retries');\r\n  }\r\n\r\n  private async request<T>(\r\n    method: string,\r\n    path: string,\r\n    body: unknown,\r\n  ): Promise<T> {\r\n    const url = `${this.baseUrl}${path}`;\r\n    const controller = new AbortController();\r\n    const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);\r\n\r\n    try {\r\n      const response = await this.fetchImpl(url, {\r\n        method,\r\n        headers: {\r\n          'Content-Type': 'application/json',\r\n          'X-App-Id': this.appId,\r\n          'X-App-Key': this.appKey,\r\n        },\r\n        body: JSON.stringify(body),\r\n        signal: controller.signal,\r\n      });\r\n\r\n      clearTimeout(timeoutId);\r\n\r\n      if (response.ok) {\r\n        return (await response.json()) as T;\r\n      }\r\n\r\n      // Parse error body\r\n      let errorBody: { error?: string; reason?: string; details?: Record<string, unknown>; request_id?: string } = {};\r\n      try {\r\n        errorBody = (await response.json()) as typeof errorBody;\r\n      } catch {\r\n        // Non-JSON error response — use status text\r\n      }\r\n\r\n      const code = errorBody.error ?? `HTTP_${response.status}`;\r\n      const message = errorBody.reason ?? errorBody.error ?? response.statusText;\r\n      const requestId = errorBody.request_id;\r\n\r\n      if (response.status === 429) {\r\n        const retryAfter = Number(response.headers.get('Retry-After')) || 1;\r\n        throw new PassportRateLimitError(message, retryAfter, { requestId });\r\n      }\r\n\r\n      if (response.status === 401 || response.status === 403) {\r\n        throw new PassportAuthError(code, message, response.status, {\r\n          requestId,\r\n          details: errorBody.details,\r\n        });\r\n      }\r\n\r\n      if (response.status === 400) {\r\n        throw new PassportValidationError(message, {\r\n          requestId,\r\n          details: errorBody.details,\r\n        });\r\n      }\r\n\r\n      throw new PassportError(code, message, response.status, {\r\n        requestId,\r\n        details: errorBody.details,\r\n      });\r\n    } catch (err) {\r\n      clearTimeout(timeoutId);\r\n\r\n      // Re-throw SDK errors as-is\r\n      if (err instanceof PassportError) {\r\n        throw err;\r\n      }\r\n\r\n      // Wrap native errors\r\n      if (err instanceof DOMException && err.name === 'AbortError') {\r\n        throw new PassportNetworkError(\r\n          `Request to ${url} timed out after ${this.timeoutMs}ms`,\r\n          { cause: err },\r\n        );\r\n      }\r\n\r\n      throw new PassportNetworkError(\r\n        `Failed to connect to ${url}: ${(err as Error).message}`,\r\n        { cause: err as Error },\r\n      );\r\n    }\r\n  }\r\n}\r\n\r\n// ---------------------------------------------------------------------------\r\n// Helpers\r\n// ---------------------------------------------------------------------------\r\n\r\nfunction sleep(ms: number): Promise<void> {\r\n  return new Promise((resolve) => setTimeout(resolve, ms));\r\n}\r\n","// ============================================================================\r\n// Agent Passport SDK — AgentClient (for agents authenticating themselves)\r\n// ============================================================================\r\n\r\nimport {\r\n  PassportError,\r\n  PassportNetworkError,\r\n  PassportRateLimitError,\r\n  PassportValidationError,\r\n  PassportAuthError,\r\n} from './errors.js';\r\nimport type {\r\n  AgentClientOptions,\r\n  RegisterAgentParams,\r\n  RegisterAgentResult,\r\n  ChallengeResult,\r\n  AuthenticateParams,\r\n  AuthenticateResult,\r\n  ExchangeTokenParams,\r\n} from './types.js';\r\n\r\nconst DEFAULT_TIMEOUT_MS = 10_000;\r\nconst DEFAULT_MAX_RETRIES = 3;\r\nconst BASE_BACKOFF_MS = 1_000;\r\n\r\n/**\r\n * Client for **AI agents** that want to authenticate with Agent Passport.\r\n *\r\n * **SECURITY**: Private keys never enter this SDK. The `authenticate()` method\r\n * takes a `sign` callback — your code does the signing and only the signature\r\n * is sent to the API.\r\n *\r\n * @example\r\n * ```ts\r\n * import { AgentClient } from '@zerobase-labs/passport-sdk';\r\n *\r\n * const agent = new AgentClient({\r\n *   baseUrl: 'https://passport-api.onrender.com',\r\n * });\r\n *\r\n * // Register a new agent\r\n * const { agentId } = await agent.register({\r\n *   handle: 'my-cool-agent',\r\n *   publicKeyB64: '...',\r\n * });\r\n *\r\n * // Authenticate (challenge → sign → token)\r\n * const { token, expiresAt } = await agent.authenticate({\r\n *   agentId,\r\n *   sign: async (nonce) => {\r\n *     // Sign with your private key — it never leaves your code\r\n *     return mySignFunction(nonce, privateKey);\r\n *   },\r\n * });\r\n * ```\r\n */\r\nexport class AgentClient {\r\n  private readonly baseUrl: string;\r\n  private readonly timeoutMs: number;\r\n  private readonly maxRetries: number;\r\n  private readonly fetchImpl: typeof globalThis.fetch;\r\n\r\n  constructor(options: AgentClientOptions) {\r\n    if (!options.baseUrl) throw new Error('baseUrl is required');\r\n\r\n    this.baseUrl = options.baseUrl.replace(/\\/$/, '');\r\n    this.timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\r\n    this.maxRetries = options.maxRetries ?? DEFAULT_MAX_RETRIES;\r\n    this.fetchImpl = options.fetch ?? globalThis.fetch;\r\n  }\r\n\r\n  // =========================================================================\r\n  // Public API\r\n  // =========================================================================\r\n\r\n  /**\r\n   * Register a new agent with Agent Passport.\r\n   *\r\n   * @param params - Agent handle and Ed25519 public key (base64)\r\n   * @returns Object containing the new agent's ID\r\n   */\r\n  async register(params: RegisterAgentParams): Promise<RegisterAgentResult> {\r\n    return this.requestWithRetry<RegisterAgentResult>(\r\n      'POST',\r\n      '/v1/agents/register',\r\n      {\r\n        handle: params.handle,\r\n        publicKeyB64: params.publicKeyB64,\r\n      },\r\n    );\r\n  }\r\n\r\n  /**\r\n   * Full authentication flow: request challenge → sign nonce → exchange for token.\r\n   *\r\n   * **SECURITY**: The `sign` callback keeps private keys out of the SDK.\r\n   * You provide the signing logic; the SDK handles the protocol.\r\n   *\r\n   * @param params - Agent ID + async sign callback\r\n   * @returns JWT identity token and its expiration time\r\n   */\r\n  async authenticate(params: AuthenticateParams): Promise<AuthenticateResult> {\r\n    // Step 1: Request challenge\r\n    const challenge = await this.getChallenge(params.agentId);\r\n\r\n    // Step 2: Sign the nonce with the user-provided callback\r\n    const signatureB64 = await params.sign(challenge.nonce);\r\n\r\n    // Step 3: Exchange signature for token\r\n    return this.exchangeToken({\r\n      agentId: params.agentId,\r\n      challengeId: challenge.challengeId,\r\n      signatureB64,\r\n    });\r\n  }\r\n\r\n  /**\r\n   * Request a challenge nonce for a specific agent.\r\n   *\r\n   * @param agentId - The agent's UUID\r\n   * @returns Challenge ID, nonce, and expiration time\r\n   */\r\n  async getChallenge(agentId: string): Promise<ChallengeResult> {\r\n    return this.requestWithRetry<ChallengeResult>(\r\n      'POST',\r\n      `/v1/agents/${agentId}/challenge`,\r\n    );\r\n  }\r\n\r\n  /**\r\n   * Exchange a signed challenge for an identity token.\r\n   *\r\n   * @param params - Agent ID, challenge ID, and base64-encoded signature\r\n   * @returns JWT identity token and its expiration time\r\n   */\r\n  async exchangeToken(params: ExchangeTokenParams): Promise<AuthenticateResult> {\r\n    return this.requestWithRetry<AuthenticateResult>(\r\n      'POST',\r\n      `/v1/agents/${params.agentId}/identity-token`,\r\n      {\r\n        challengeId: params.challengeId,\r\n        signatureB64: params.signatureB64,\r\n        scopes: params.scopes ?? [],\r\n      },\r\n    );\r\n  }\r\n\r\n  // =========================================================================\r\n  // Internal HTTP\r\n  // =========================================================================\r\n\r\n  private async requestWithRetry<T>(\r\n    method: string,\r\n    path: string,\r\n    body?: unknown,\r\n  ): Promise<T> {\r\n    let lastError: Error | undefined;\r\n\r\n    for (let attempt = 0; attempt <= this.maxRetries; attempt++) {\r\n      try {\r\n        return await this.request<T>(method, path, body);\r\n      } catch (err) {\r\n        lastError = err as Error;\r\n\r\n        if (err instanceof PassportRateLimitError && attempt < this.maxRetries) {\r\n          const backoffMs = err.retryAfter\r\n            ? err.retryAfter * 1_000\r\n            : BASE_BACKOFF_MS * Math.pow(2, attempt);\r\n          await sleep(backoffMs);\r\n          continue;\r\n        }\r\n\r\n        throw err;\r\n      }\r\n    }\r\n\r\n    throw lastError ?? new Error('Request failed after retries');\r\n  }\r\n\r\n  private async request<T>(\r\n    method: string,\r\n    path: string,\r\n    body?: unknown,\r\n  ): Promise<T> {\r\n    const url = `${this.baseUrl}${path}`;\r\n    const controller = new AbortController();\r\n    const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);\r\n\r\n    try {\r\n      const init: RequestInit = {\r\n        method,\r\n        headers: { 'Content-Type': 'application/json' },\r\n        signal: controller.signal,\r\n      };\r\n\r\n      if (body !== undefined) {\r\n        init.body = JSON.stringify(body);\r\n      }\r\n\r\n      const response = await this.fetchImpl(url, init);\r\n\r\n      clearTimeout(timeoutId);\r\n\r\n      if (response.ok) {\r\n        return (await response.json()) as T;\r\n      }\r\n\r\n      let errorBody: {\r\n        error?: string;\r\n        reason?: string;\r\n        details?: Record<string, unknown>;\r\n        request_id?: string;\r\n      } = {};\r\n      try {\r\n        errorBody = (await response.json()) as typeof errorBody;\r\n      } catch {\r\n        // Non-JSON response\r\n      }\r\n\r\n      const code = errorBody.error ?? `HTTP_${response.status}`;\r\n      const message = errorBody.reason ?? errorBody.error ?? response.statusText;\r\n      const requestId = errorBody.request_id;\r\n\r\n      if (response.status === 429) {\r\n        const retryAfter = Number(response.headers.get('Retry-After')) || 1;\r\n        throw new PassportRateLimitError(message, retryAfter, { requestId });\r\n      }\r\n\r\n      if (response.status === 401 || response.status === 403) {\r\n        throw new PassportAuthError(code, message, response.status, {\r\n          requestId,\r\n          details: errorBody.details,\r\n        });\r\n      }\r\n\r\n      if (response.status === 400) {\r\n        throw new PassportValidationError(message, {\r\n          requestId,\r\n          details: errorBody.details,\r\n        });\r\n      }\r\n\r\n      throw new PassportError(code, message, response.status, {\r\n        requestId,\r\n        details: errorBody.details,\r\n      });\r\n    } catch (err) {\r\n      clearTimeout(timeoutId);\r\n\r\n      if (err instanceof PassportError) {\r\n        throw err;\r\n      }\r\n\r\n      if (err instanceof DOMException && err.name === 'AbortError') {\r\n        throw new PassportNetworkError(\r\n          `Request to ${url} timed out after ${this.timeoutMs}ms`,\r\n          { cause: err },\r\n        );\r\n      }\r\n\r\n      throw new PassportNetworkError(\r\n        `Failed to connect to ${url}: ${(err as Error).message}`,\r\n        { cause: err as Error },\r\n      );\r\n    }\r\n  }\r\n}\r\n\r\n// ---------------------------------------------------------------------------\r\n// Helpers\r\n// ---------------------------------------------------------------------------\r\n\r\nfunction sleep(ms: number): Promise<void> {\r\n  return new Promise((resolve) => setTimeout(resolve, ms));\r\n}\r\n"],"mappings":";AAQO,IAAM,gBAAN,cAA4B,MAAM;AAAA;AAAA,EAEvB;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA,EAEhB,YACE,MACA,SACA,YACA,SAKA;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,aAAa,SAAS;AAC3B,SAAK,YAAY,SAAS;AAC1B,SAAK,UAAU,SAAS;AAAA,EAC1B;AACF;AAMO,IAAM,uBAAN,cAAmC,cAAc;AAAA,EACtD,YAAY,SAAiB,SAA6B;AACxD,UAAM,iBAAiB,SAAS,GAAG,CAAC,CAAC;AACrC,SAAK,OAAO;AACZ,QAAI,SAAS,OAAO;AAClB,WAAK,QAAQ,QAAQ;AAAA,IACvB;AAAA,EACF;AACF;AAKO,IAAM,oBAAN,cAAgC,cAAc;AAAA,EACnD,YACE,MACA,SACA,YACA,SACA;AACA,UAAM,MAAM,SAAS,YAAY,OAAO;AACxC,SAAK,OAAO;AAAA,EACd;AACF;AAMO,IAAM,yBAAN,cAAqC,cAAc;AAAA,EACxD,YACE,SACA,YACA,SACA;AACA,UAAM,gBAAgB,SAAS,KAAK;AAAA,MAClC;AAAA,MACA,WAAW,SAAS;AAAA,IACtB,CAAC;AACD,SAAK,OAAO;AAAA,EACd;AACF;AAKO,IAAM,0BAAN,cAAsC,cAAc;AAAA,EACzD,YACE,SACA,SAIA;AACA,UAAM,oBAAoB,SAAS,KAAK,OAAO;AAC/C,SAAK,OAAO;AAAA,EACd;AACF;;;ACnFA,IAAM,qBAAqB;AAC3B,IAAM,sBAAsB;AAC5B,IAAM,kBAAkB;AAqBjB,IAAM,sBAAN,MAA0B;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,SAAqC;AAC/C,QAAI,CAAC,QAAQ,QAAS,OAAM,IAAI,MAAM,qBAAqB;AAC3D,QAAI,CAAC,QAAQ,MAAO,OAAM,IAAI,MAAM,mBAAmB;AACvD,QAAI,CAAC,QAAQ,OAAQ,OAAM,IAAI,MAAM,oBAAoB;AAEzD,SAAK,UAAU,QAAQ,QAAQ,QAAQ,OAAO,EAAE;AAChD,SAAK,QAAQ,QAAQ;AACrB,SAAK,SAAS,QAAQ;AACtB,SAAK,YAAY,QAAQ,aAAa;AACtC,SAAK,aAAa,QAAQ,cAAc;AACxC,SAAK,YAAY,QAAQ,SAAS,WAAW;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoBA,MAAM,OAAO,OAAsC;AACjD,UAAM,MAAM,MAAM,KAAK,iBAA+B,QAAQ,qBAAqB;AAAA,MACjF;AAAA,IACF,CAAC;AAGD,QAAI,IAAI,MAAM;AACZ,YAAM,KAAK,IAAI,KAAK,qBAAqB,IAAI,KAAK;AAClD,MAAC,IAAI,KAAuD,SAAS;AACrE,MAAC,IAAI,KAAuD,oBAAoB;AAAA,IAClF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,WAAW,OAA0C;AACzD,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,MACA,EAAE,MAAM;AAAA,IACV;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,OAAO,OAAsC;AACjD,WAAO,KAAK,iBAA+B,QAAQ,qBAAqB;AAAA,MACtE;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,iBACZ,QACA,MACA,MACY;AACZ,QAAI;AAEJ,aAAS,UAAU,GAAG,WAAW,KAAK,YAAY,WAAW;AAC3D,UAAI;AACF,eAAO,MAAM,KAAK,QAAW,QAAQ,MAAM,IAAI;AAAA,MACjD,SAAS,KAAK;AACZ,oBAAY;AAGZ,YAAI,eAAe,0BAA0B,UAAU,KAAK,YAAY;AACtE,gBAAM,YAAY,IAAI,aAClB,IAAI,aAAa,MACjB,kBAAkB,KAAK,IAAI,GAAG,OAAO;AACzC,gBAAM,MAAM,SAAS;AACrB;AAAA,QACF;AAEA,cAAM;AAAA,MACR;AAAA,IACF;AAGA,UAAM,aAAa,IAAI,MAAM,8BAA8B;AAAA,EAC7D;AAAA,EAEA,MAAc,QACZ,QACA,MACA,MACY;AACZ,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAClC,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,SAAS;AAErE,QAAI;AACF,YAAM,WAAW,MAAM,KAAK,UAAU,KAAK;AAAA,QACzC;AAAA,QACA,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,YAAY,KAAK;AAAA,UACjB,aAAa,KAAK;AAAA,QACpB;AAAA,QACA,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,QAAQ,WAAW;AAAA,MACrB,CAAC;AAED,mBAAa,SAAS;AAEtB,UAAI,SAAS,IAAI;AACf,eAAQ,MAAM,SAAS,KAAK;AAAA,MAC9B;AAGA,UAAI,YAAyG,CAAC;AAC9G,UAAI;AACF,oBAAa,MAAM,SAAS,KAAK;AAAA,MACnC,QAAQ;AAAA,MAER;AAEA,YAAM,OAAO,UAAU,SAAS,QAAQ,SAAS,MAAM;AACvD,YAAM,UAAU,UAAU,UAAU,UAAU,SAAS,SAAS;AAChE,YAAM,YAAY,UAAU;AAE5B,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,aAAa,OAAO,SAAS,QAAQ,IAAI,aAAa,CAAC,KAAK;AAClE,cAAM,IAAI,uBAAuB,SAAS,YAAY,EAAE,UAAU,CAAC;AAAA,MACrE;AAEA,UAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,cAAM,IAAI,kBAAkB,MAAM,SAAS,SAAS,QAAQ;AAAA,UAC1D;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,IAAI,wBAAwB,SAAS;AAAA,UACzC;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,YAAM,IAAI,cAAc,MAAM,SAAS,SAAS,QAAQ;AAAA,QACtD;AAAA,QACA,SAAS,UAAU;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,mBAAa,SAAS;AAGtB,UAAI,eAAe,eAAe;AAChC,cAAM;AAAA,MACR;AAGA,UAAI,eAAe,gBAAgB,IAAI,SAAS,cAAc;AAC5D,cAAM,IAAI;AAAA,UACR,cAAc,GAAG,oBAAoB,KAAK,SAAS;AAAA,UACnD,EAAE,OAAO,IAAI;AAAA,QACf;AAAA,MACF;AAEA,YAAM,IAAI;AAAA,QACR,wBAAwB,GAAG,KAAM,IAAc,OAAO;AAAA,QACtD,EAAE,OAAO,IAAa;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AACF;AAMA,SAAS,MAAM,IAA2B;AACxC,SAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AACzD;;;AClOA,IAAMA,sBAAqB;AAC3B,IAAMC,uBAAsB;AAC5B,IAAMC,mBAAkB;AAiCjB,IAAM,cAAN,MAAkB;AAAA,EACN;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,SAA6B;AACvC,QAAI,CAAC,QAAQ,QAAS,OAAM,IAAI,MAAM,qBAAqB;AAE3D,SAAK,UAAU,QAAQ,QAAQ,QAAQ,OAAO,EAAE;AAChD,SAAK,YAAY,QAAQ,aAAaF;AACtC,SAAK,aAAa,QAAQ,cAAcC;AACxC,SAAK,YAAY,QAAQ,SAAS,WAAW;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,SAAS,QAA2D;AACxE,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,QACE,QAAQ,OAAO;AAAA,QACf,cAAc,OAAO;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,aAAa,QAAyD;AAE1E,UAAM,YAAY,MAAM,KAAK,aAAa,OAAO,OAAO;AAGxD,UAAM,eAAe,MAAM,OAAO,KAAK,UAAU,KAAK;AAGtD,WAAO,KAAK,cAAc;AAAA,MACxB,SAAS,OAAO;AAAA,MAChB,aAAa,UAAU;AAAA,MACvB;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,aAAa,SAA2C;AAC5D,WAAO,KAAK;AAAA,MACV;AAAA,MACA,cAAc,OAAO;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,cAAc,QAA0D;AAC5E,WAAO,KAAK;AAAA,MACV;AAAA,MACA,cAAc,OAAO,OAAO;AAAA,MAC5B;AAAA,QACE,aAAa,OAAO;AAAA,QACpB,cAAc,OAAO;AAAA,QACrB,QAAQ,OAAO,UAAU,CAAC;AAAA,MAC5B;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,iBACZ,QACA,MACA,MACY;AACZ,QAAI;AAEJ,aAAS,UAAU,GAAG,WAAW,KAAK,YAAY,WAAW;AAC3D,UAAI;AACF,eAAO,MAAM,KAAK,QAAW,QAAQ,MAAM,IAAI;AAAA,MACjD,SAAS,KAAK;AACZ,oBAAY;AAEZ,YAAI,eAAe,0BAA0B,UAAU,KAAK,YAAY;AACtE,gBAAM,YAAY,IAAI,aAClB,IAAI,aAAa,MACjBC,mBAAkB,KAAK,IAAI,GAAG,OAAO;AACzC,gBAAMC,OAAM,SAAS;AACrB;AAAA,QACF;AAEA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,MAAM,8BAA8B;AAAA,EAC7D;AAAA,EAEA,MAAc,QACZ,QACA,MACA,MACY;AACZ,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAClC,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,SAAS;AAErE,QAAI;AACF,YAAM,OAAoB;AAAA,QACxB;AAAA,QACA,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C,QAAQ,WAAW;AAAA,MACrB;AAEA,UAAI,SAAS,QAAW;AACtB,aAAK,OAAO,KAAK,UAAU,IAAI;AAAA,MACjC;AAEA,YAAM,WAAW,MAAM,KAAK,UAAU,KAAK,IAAI;AAE/C,mBAAa,SAAS;AAEtB,UAAI,SAAS,IAAI;AACf,eAAQ,MAAM,SAAS,KAAK;AAAA,MAC9B;AAEA,UAAI,YAKA,CAAC;AACL,UAAI;AACF,oBAAa,MAAM,SAAS,KAAK;AAAA,MACnC,QAAQ;AAAA,MAER;AAEA,YAAM,OAAO,UAAU,SAAS,QAAQ,SAAS,MAAM;AACvD,YAAM,UAAU,UAAU,UAAU,UAAU,SAAS,SAAS;AAChE,YAAM,YAAY,UAAU;AAE5B,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,aAAa,OAAO,SAAS,QAAQ,IAAI,aAAa,CAAC,KAAK;AAClE,cAAM,IAAI,uBAAuB,SAAS,YAAY,EAAE,UAAU,CAAC;AAAA,MACrE;AAEA,UAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,cAAM,IAAI,kBAAkB,MAAM,SAAS,SAAS,QAAQ;AAAA,UAC1D;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,IAAI,wBAAwB,SAAS;AAAA,UACzC;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,YAAM,IAAI,cAAc,MAAM,SAAS,SAAS,QAAQ;AAAA,QACtD;AAAA,QACA,SAAS,UAAU;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,mBAAa,SAAS;AAEtB,UAAI,eAAe,eAAe;AAChC,cAAM;AAAA,MACR;AAEA,UAAI,eAAe,gBAAgB,IAAI,SAAS,cAAc;AAC5D,cAAM,IAAI;AAAA,UACR,cAAc,GAAG,oBAAoB,KAAK,SAAS;AAAA,UACnD,EAAE,OAAO,IAAI;AAAA,QACf;AAAA,MACF;AAEA,YAAM,IAAI;AAAA,QACR,wBAAwB,GAAG,KAAM,IAAc,OAAO;AAAA,QACtD,EAAE,OAAO,IAAa;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AACF;AAMA,SAASA,OAAM,IAA2B;AACxC,SAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AACzD;","names":["DEFAULT_TIMEOUT_MS","DEFAULT_MAX_RETRIES","BASE_BACKOFF_MS","sleep"]}
+{"version":3,"sources":["../src/errors.ts","../src/client.ts","../src/agent.ts"],"sourcesContent":["// ============================================================================\r\n// Agent Passport SDK — Error Classes\r\n// ============================================================================\r\n\r\n/**\r\n * Base error class for all Agent Passport SDK errors.\r\n * Extends the native Error with HTTP status code and structured error info.\r\n */\r\nexport class PassportError extends Error {\r\n  /** Machine-readable error code (e.g. INVALID_TOKEN, RATE_LIMITED) */\r\n  public readonly code: string;\r\n  /** HTTP status code returned by the API */\r\n  public readonly statusCode: number;\r\n  /** Seconds to wait before retrying (present on 429 responses) */\r\n  public readonly retryAfter?: number;\r\n  /** Server-assigned request ID for debugging */\r\n  public readonly requestId?: string;\r\n  /** Additional error details from the API */\r\n  public readonly details?: Record<string, unknown>;\r\n\r\n  constructor(\r\n    code: string,\r\n    message: string,\r\n    statusCode: number,\r\n    options?: {\r\n      retryAfter?: number;\r\n      requestId?: string;\r\n      details?: Record<string, unknown>;\r\n    },\r\n  ) {\r\n    super(message);\r\n    this.name = 'PassportError';\r\n    this.code = code;\r\n    this.statusCode = statusCode;\r\n    this.retryAfter = options?.retryAfter;\r\n    this.requestId = options?.requestId;\r\n    this.details = options?.details;\r\n  }\r\n}\r\n\r\n/**\r\n * Thrown when the SDK cannot reach the Agent Passport API\r\n * (DNS failure, connection refused, timeout, etc.)\r\n */\r\nexport class PassportNetworkError extends PassportError {\r\n  constructor(message: string, options?: { cause?: Error }) {\r\n    super('NETWORK_ERROR', message, 0, {});\r\n    this.name = 'PassportNetworkError';\r\n    if (options?.cause) {\r\n      this.cause = options.cause;\r\n    }\r\n  }\r\n}\r\n\r\n/**\r\n * Thrown on 401 or 403 responses — invalid or missing credentials.\r\n */\r\nexport class PassportAuthError extends PassportError {\r\n  constructor(\r\n    code: string,\r\n    message: string,\r\n    statusCode: number,\r\n    options?: { requestId?: string; details?: Record<string, unknown> },\r\n  ) {\r\n    super(code, message, statusCode, options);\r\n    this.name = 'PassportAuthError';\r\n  }\r\n}\r\n\r\n/**\r\n * Thrown on 429 responses — too many requests.\r\n * Check `retryAfter` for the number of seconds to wait.\r\n */\r\nexport class PassportRateLimitError extends PassportError {\r\n  constructor(\r\n    message: string,\r\n    retryAfter: number,\r\n    options?: { requestId?: string },\r\n  ) {\r\n    super('RATE_LIMITED', message, 429, {\r\n      retryAfter,\r\n      requestId: options?.requestId,\r\n    });\r\n    this.name = 'PassportRateLimitError';\r\n  }\r\n}\r\n\r\n/**\r\n * Thrown on 400 responses — request validation failed.\r\n */\r\nexport class PassportValidationError extends PassportError {\r\n  constructor(\r\n    message: string,\r\n    options?: {\r\n      requestId?: string;\r\n      details?: Record<string, unknown>;\r\n    },\r\n  ) {\r\n    super('VALIDATION_ERROR', message, 400, options);\r\n    this.name = 'PassportValidationError';\r\n  }\r\n}\r\n","// ============================================================================\r\n// Agent Passport SDK — AgentPassportClient (for apps verifying agents)\r\n// ============================================================================\r\n\r\nimport {\r\n  PassportError,\r\n  PassportNetworkError,\r\n  PassportAuthError,\r\n  PassportRateLimitError,\r\n  PassportValidationError,\r\n} from './errors.js';\r\nimport type {\r\n  AgentPassportClientOptions,\r\n  VerifyResult,\r\n  IntrospectResult,\r\n  RevokeResult,\r\n} from './types.js';\r\n\r\nconst DEFAULT_TIMEOUT_MS = 10_000;\r\nconst DEFAULT_MAX_RETRIES = 3;\r\nconst BASE_BACKOFF_MS = 1_000;\r\n\r\n/**\r\n * Client for **apps** that want to verify agent identity tokens.\r\n *\r\n * @example\r\n * ```ts\r\n * import { AgentPassportClient } from '@zerobase-labs/passport-sdk';\r\n *\r\n * const passport = new AgentPassportClient({\r\n *   baseUrl: 'https://agent-passport.onrender.com',\r\n *   appId: 'your-app-id',\r\n *   appKey: 'ap_live_...',\r\n * });\r\n *\r\n * const result = await passport.verify(token);\r\n * if (result.valid && result.risk?.action === 'allow') {\r\n *   // Agent is who they say they are ✓\r\n * }\r\n * ```\r\n */\r\nexport class AgentPassportClient {\r\n  private readonly baseUrl: string;\r\n  private readonly appId: string;\r\n  private readonly appKey: string;\r\n  private readonly timeoutMs: number;\r\n  private readonly maxRetries: number;\r\n  private readonly fetchImpl: typeof globalThis.fetch;\r\n\r\n  constructor(options: AgentPassportClientOptions) {\r\n    if (!options.baseUrl) throw new Error('baseUrl is required');\r\n    if (!options.appId) throw new Error('appId is required');\r\n    if (!options.appKey) throw new Error('appKey is required');\r\n\r\n    this.baseUrl = options.baseUrl.replace(/\\/$/, '');\r\n    this.appId = options.appId;\r\n    this.appKey = options.appKey;\r\n    this.timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\r\n    this.maxRetries = options.maxRetries ?? DEFAULT_MAX_RETRIES;\r\n    this.fetchImpl = options.fetch ?? globalThis.fetch;\r\n  }\r\n\r\n  // =========================================================================\r\n  // Public API\r\n  // =========================================================================\r\n\r\n  /**\r\n   * Verify an agent's identity token.\r\n   *\r\n   * @param token - The JWT identity token presented by the agent\r\n   * @returns Verification result including agent info and risk assessment\r\n   *\r\n   * @example\r\n   * ```ts\r\n   * const result = await passport.verify(token);\r\n   * if (result.valid) {\r\n   *   console.log(`Agent ${result.handle} verified, risk: ${result.risk?.score}`);\r\n   * }\r\n   * ```\r\n   */\r\n  async verify(token: string): Promise<VerifyResult> {\r\n    const raw = await this.requestWithRetry<VerifyResult>('POST', '/v1/tokens/verify', {\r\n      token,\r\n    });\r\n\r\n    // The API returns `recommendedAction`; also expose it as `action` for convenience\r\n    if (raw.risk) {\r\n      const ra = raw.risk.recommendedAction ?? raw.risk.action;\r\n      (raw.risk as { action: string; recommendedAction: string }).action = ra;\r\n      (raw.risk as { action: string; recommendedAction: string }).recommendedAction = ra;\r\n    }\r\n\r\n    return raw;\r\n  }\r\n\r\n  /**\r\n   * Introspect an agent's identity token (RFC 7662).\r\n   *\r\n   * @param token - The JWT identity token to introspect\r\n   * @returns Token introspection result\r\n   */\r\n  async introspect(token: string): Promise<IntrospectResult> {\r\n    return this.requestWithRetry<IntrospectResult>(\r\n      'POST',\r\n      '/v1/tokens/introspect',\r\n      { token },\r\n    );\r\n  }\r\n\r\n  /**\r\n   * Revoke an agent's identity token before it expires.\r\n   *\r\n   * @param token - The JWT identity token to revoke\r\n   * @returns Revocation result with the token's JTI\r\n   */\r\n  async revoke(token: string): Promise<RevokeResult> {\r\n    return this.requestWithRetry<RevokeResult>('POST', '/v1/tokens/revoke', {\r\n      token,\r\n    });\r\n  }\r\n\r\n  // =========================================================================\r\n  // Internal HTTP\r\n  // =========================================================================\r\n\r\n  private async requestWithRetry<T>(\r\n    method: string,\r\n    path: string,\r\n    body: unknown,\r\n  ): Promise<T> {\r\n    let lastError: Error | undefined;\r\n\r\n    for (let attempt = 0; attempt <= this.maxRetries; attempt++) {\r\n      try {\r\n        return await this.request<T>(method, path, body);\r\n      } catch (err) {\r\n        lastError = err as Error;\r\n\r\n        // Only retry on 429 (rate limit) responses\r\n        if (err instanceof PassportRateLimitError && attempt < this.maxRetries) {\r\n          const backoffMs = err.retryAfter\r\n            ? err.retryAfter * 1_000\r\n            : BASE_BACKOFF_MS * Math.pow(2, attempt);\r\n          await sleep(backoffMs);\r\n          continue;\r\n        }\r\n\r\n        throw err;\r\n      }\r\n    }\r\n\r\n    // Should not reach here, but just in case\r\n    throw lastError ?? new Error('Request failed after retries');\r\n  }\r\n\r\n  private async request<T>(\r\n    method: string,\r\n    path: string,\r\n    body: unknown,\r\n  ): Promise<T> {\r\n    const url = `${this.baseUrl}${path}`;\r\n    const controller = new AbortController();\r\n    const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);\r\n\r\n    try {\r\n      const response = await this.fetchImpl(url, {\r\n        method,\r\n        headers: {\r\n          'Content-Type': 'application/json',\r\n          'X-App-Id': this.appId,\r\n          'X-App-Key': this.appKey,\r\n        },\r\n        body: JSON.stringify(body),\r\n        signal: controller.signal,\r\n      });\r\n\r\n      clearTimeout(timeoutId);\r\n\r\n      if (response.ok) {\r\n        return (await response.json()) as T;\r\n      }\r\n\r\n      // Parse error body\r\n      let errorBody: { error?: string; reason?: string; details?: Record<string, unknown>; request_id?: string } = {};\r\n      try {\r\n        errorBody = (await response.json()) as typeof errorBody;\r\n      } catch {\r\n        // Non-JSON error response — use status text\r\n      }\r\n\r\n      const code = errorBody.error ?? `HTTP_${response.status}`;\r\n      const message = errorBody.reason ?? errorBody.error ?? response.statusText;\r\n      const requestId = errorBody.request_id;\r\n\r\n      if (response.status === 429) {\r\n        const retryAfter = Number(response.headers.get('Retry-After')) || 1;\r\n        throw new PassportRateLimitError(message, retryAfter, { requestId });\r\n      }\r\n\r\n      if (response.status === 401 || response.status === 403) {\r\n        throw new PassportAuthError(code, message, response.status, {\r\n          requestId,\r\n          details: errorBody.details,\r\n        });\r\n      }\r\n\r\n      if (response.status === 400) {\r\n        throw new PassportValidationError(message, {\r\n          requestId,\r\n          details: errorBody.details,\r\n        });\r\n      }\r\n\r\n      throw new PassportError(code, message, response.status, {\r\n        requestId,\r\n        details: errorBody.details,\r\n      });\r\n    } catch (err) {\r\n      clearTimeout(timeoutId);\r\n\r\n      // Re-throw SDK errors as-is\r\n      if (err instanceof PassportError) {\r\n        throw err;\r\n      }\r\n\r\n      // Wrap native errors\r\n      if (err instanceof DOMException && err.name === 'AbortError') {\r\n        throw new PassportNetworkError(\r\n          `Request to ${url} timed out after ${this.timeoutMs}ms`,\r\n          { cause: err },\r\n        );\r\n      }\r\n\r\n      throw new PassportNetworkError(\r\n        `Failed to connect to ${url}: ${(err as Error).message}`,\r\n        { cause: err as Error },\r\n      );\r\n    }\r\n  }\r\n}\r\n\r\n// ---------------------------------------------------------------------------\r\n// Helpers\r\n// ---------------------------------------------------------------------------\r\n\r\nfunction sleep(ms: number): Promise<void> {\r\n  return new Promise((resolve) => setTimeout(resolve, ms));\r\n}\r\n","// ============================================================================\r\n// Agent Passport SDK — AgentClient (for agents authenticating themselves)\r\n// ============================================================================\r\n\r\nimport {\r\n  PassportError,\r\n  PassportNetworkError,\r\n  PassportRateLimitError,\r\n  PassportValidationError,\r\n  PassportAuthError,\r\n} from './errors.js';\r\nimport type {\r\n  AgentClientOptions,\r\n  RegisterAgentParams,\r\n  RegisterAgentResult,\r\n  ChallengeResult,\r\n  AuthenticateParams,\r\n  AuthenticateResult,\r\n  ExchangeTokenParams,\r\n} from './types.js';\r\n\r\nconst DEFAULT_TIMEOUT_MS = 10_000;\r\nconst DEFAULT_MAX_RETRIES = 3;\r\nconst BASE_BACKOFF_MS = 1_000;\r\n\r\n/**\r\n * Client for **AI agents** that want to authenticate with Agent Passport.\r\n *\r\n * **SECURITY**: Private keys never enter this SDK. The `authenticate()` method\r\n * takes a `sign` callback — your code does the signing and only the signature\r\n * is sent to the API.\r\n *\r\n * @example\r\n * ```ts\r\n * import { AgentClient } from '@zerobase-labs/passport-sdk';\r\n *\r\n * const agent = new AgentClient({\r\n *   baseUrl: 'https://agent-passport.onrender.com',\r\n * });\r\n *\r\n * // Register a new agent\r\n * const { agentId } = await agent.register({\r\n *   handle: 'my-cool-agent',\r\n *   publicKeyB64: '...',\r\n * });\r\n *\r\n * // Authenticate (challenge → sign → token)\r\n * const { token, expiresAt } = await agent.authenticate({\r\n *   agentId,\r\n *   sign: async (nonce) => {\r\n *     // Sign with your private key — it never leaves your code\r\n *     return mySignFunction(nonce, privateKey);\r\n *   },\r\n * });\r\n * ```\r\n */\r\nexport class AgentClient {\r\n  private readonly baseUrl: string;\r\n  private readonly timeoutMs: number;\r\n  private readonly maxRetries: number;\r\n  private readonly fetchImpl: typeof globalThis.fetch;\r\n\r\n  constructor(options: AgentClientOptions) {\r\n    if (!options.baseUrl) throw new Error('baseUrl is required');\r\n\r\n    this.baseUrl = options.baseUrl.replace(/\\/$/, '');\r\n    this.timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\r\n    this.maxRetries = options.maxRetries ?? DEFAULT_MAX_RETRIES;\r\n    this.fetchImpl = options.fetch ?? globalThis.fetch;\r\n  }\r\n\r\n  // =========================================================================\r\n  // Public API\r\n  // =========================================================================\r\n\r\n  /**\r\n   * Register a new agent with Agent Passport.\r\n   *\r\n   * @param params - Agent handle and Ed25519 public key (base64)\r\n   * @returns Object containing the new agent's ID\r\n   */\r\n  async register(params: RegisterAgentParams): Promise<RegisterAgentResult> {\r\n    return this.requestWithRetry<RegisterAgentResult>(\r\n      'POST',\r\n      '/v1/agents/register',\r\n      {\r\n        handle: params.handle,\r\n        publicKeyB64: params.publicKeyB64,\r\n      },\r\n    );\r\n  }\r\n\r\n  /**\r\n   * Full authentication flow: request challenge → sign nonce → exchange for token.\r\n   *\r\n   * **SECURITY**: The `sign` callback keeps private keys out of the SDK.\r\n   * You provide the signing logic; the SDK handles the protocol.\r\n   *\r\n   * @param params - Agent ID + async sign callback\r\n   * @returns JWT identity token and its expiration time\r\n   */\r\n  async authenticate(params: AuthenticateParams): Promise<AuthenticateResult> {\r\n    // Step 1: Request challenge\r\n    const challenge = await this.getChallenge(params.agentId);\r\n\r\n    // Step 2: Sign the nonce with the user-provided callback\r\n    const signatureB64 = await params.sign(challenge.nonce);\r\n\r\n    // Step 3: Exchange signature for token\r\n    return this.exchangeToken({\r\n      agentId: params.agentId,\r\n      challengeId: challenge.challengeId,\r\n      signatureB64,\r\n    });\r\n  }\r\n\r\n  /**\r\n   * Request a challenge nonce for a specific agent.\r\n   *\r\n   * @param agentId - The agent's UUID\r\n   * @returns Challenge ID, nonce, and expiration time\r\n   */\r\n  async getChallenge(agentId: string): Promise<ChallengeResult> {\r\n    return this.requestWithRetry<ChallengeResult>(\r\n      'POST',\r\n      `/v1/agents/${agentId}/challenge`,\r\n    );\r\n  }\r\n\r\n  /**\r\n   * Exchange a signed challenge for an identity token.\r\n   *\r\n   * @param params - Agent ID, challenge ID, and base64-encoded signature\r\n   * @returns JWT identity token and its expiration time\r\n   */\r\n  async exchangeToken(params: ExchangeTokenParams): Promise<AuthenticateResult> {\r\n    return this.requestWithRetry<AuthenticateResult>(\r\n      'POST',\r\n      `/v1/agents/${params.agentId}/identity-token`,\r\n      {\r\n        challengeId: params.challengeId,\r\n        signatureB64: params.signatureB64,\r\n        scopes: params.scopes ?? [],\r\n      },\r\n    );\r\n  }\r\n\r\n  // =========================================================================\r\n  // Internal HTTP\r\n  // =========================================================================\r\n\r\n  private async requestWithRetry<T>(\r\n    method: string,\r\n    path: string,\r\n    body?: unknown,\r\n  ): Promise<T> {\r\n    let lastError: Error | undefined;\r\n\r\n    for (let attempt = 0; attempt <= this.maxRetries; attempt++) {\r\n      try {\r\n        return await this.request<T>(method, path, body);\r\n      } catch (err) {\r\n        lastError = err as Error;\r\n\r\n        if (err instanceof PassportRateLimitError && attempt < this.maxRetries) {\r\n          const backoffMs = err.retryAfter\r\n            ? err.retryAfter * 1_000\r\n            : BASE_BACKOFF_MS * Math.pow(2, attempt);\r\n          await sleep(backoffMs);\r\n          continue;\r\n        }\r\n\r\n        throw err;\r\n      }\r\n    }\r\n\r\n    throw lastError ?? new Error('Request failed after retries');\r\n  }\r\n\r\n  private async request<T>(\r\n    method: string,\r\n    path: string,\r\n    body?: unknown,\r\n  ): Promise<T> {\r\n    const url = `${this.baseUrl}${path}`;\r\n    const controller = new AbortController();\r\n    const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);\r\n\r\n    try {\r\n      const init: RequestInit = {\r\n        method,\r\n        headers: { 'Content-Type': 'application/json' },\r\n        signal: controller.signal,\r\n      };\r\n\r\n      if (body !== undefined) {\r\n        init.body = JSON.stringify(body);\r\n      }\r\n\r\n      const response = await this.fetchImpl(url, init);\r\n\r\n      clearTimeout(timeoutId);\r\n\r\n      if (response.ok) {\r\n        return (await response.json()) as T;\r\n      }\r\n\r\n      let errorBody: {\r\n        error?: string;\r\n        reason?: string;\r\n        details?: Record<string, unknown>;\r\n        request_id?: string;\r\n      } = {};\r\n      try {\r\n        errorBody = (await response.json()) as typeof errorBody;\r\n      } catch {\r\n        // Non-JSON response\r\n      }\r\n\r\n      const code = errorBody.error ?? `HTTP_${response.status}`;\r\n      const message = errorBody.reason ?? errorBody.error ?? response.statusText;\r\n      const requestId = errorBody.request_id;\r\n\r\n      if (response.status === 429) {\r\n        const retryAfter = Number(response.headers.get('Retry-After')) || 1;\r\n        throw new PassportRateLimitError(message, retryAfter, { requestId });\r\n      }\r\n\r\n      if (response.status === 401 || response.status === 403) {\r\n        throw new PassportAuthError(code, message, response.status, {\r\n          requestId,\r\n          details: errorBody.details,\r\n        });\r\n      }\r\n\r\n      if (response.status === 400) {\r\n        throw new PassportValidationError(message, {\r\n          requestId,\r\n          details: errorBody.details,\r\n        });\r\n      }\r\n\r\n      throw new PassportError(code, message, response.status, {\r\n        requestId,\r\n        details: errorBody.details,\r\n      });\r\n    } catch (err) {\r\n      clearTimeout(timeoutId);\r\n\r\n      if (err instanceof PassportError) {\r\n        throw err;\r\n      }\r\n\r\n      if (err instanceof DOMException && err.name === 'AbortError') {\r\n        throw new PassportNetworkError(\r\n          `Request to ${url} timed out after ${this.timeoutMs}ms`,\r\n          { cause: err },\r\n        );\r\n      }\r\n\r\n      throw new PassportNetworkError(\r\n        `Failed to connect to ${url}: ${(err as Error).message}`,\r\n        { cause: err as Error },\r\n      );\r\n    }\r\n  }\r\n}\r\n\r\n// ---------------------------------------------------------------------------\r\n// Helpers\r\n// ---------------------------------------------------------------------------\r\n\r\nfunction sleep(ms: number): Promise<void> {\r\n  return new Promise((resolve) => setTimeout(resolve, ms));\r\n}\r\n"],"mappings":";AAQO,IAAM,gBAAN,cAA4B,MAAM;AAAA;AAAA,EAEvB;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA,EAEhB,YACE,MACA,SACA,YACA,SAKA;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,aAAa,SAAS;AAC3B,SAAK,YAAY,SAAS;AAC1B,SAAK,UAAU,SAAS;AAAA,EAC1B;AACF;AAMO,IAAM,uBAAN,cAAmC,cAAc;AAAA,EACtD,YAAY,SAAiB,SAA6B;AACxD,UAAM,iBAAiB,SAAS,GAAG,CAAC,CAAC;AACrC,SAAK,OAAO;AACZ,QAAI,SAAS,OAAO;AAClB,WAAK,QAAQ,QAAQ;AAAA,IACvB;AAAA,EACF;AACF;AAKO,IAAM,oBAAN,cAAgC,cAAc;AAAA,EACnD,YACE,MACA,SACA,YACA,SACA;AACA,UAAM,MAAM,SAAS,YAAY,OAAO;AACxC,SAAK,OAAO;AAAA,EACd;AACF;AAMO,IAAM,yBAAN,cAAqC,cAAc;AAAA,EACxD,YACE,SACA,YACA,SACA;AACA,UAAM,gBAAgB,SAAS,KAAK;AAAA,MAClC;AAAA,MACA,WAAW,SAAS;AAAA,IACtB,CAAC;AACD,SAAK,OAAO;AAAA,EACd;AACF;AAKO,IAAM,0BAAN,cAAsC,cAAc;AAAA,EACzD,YACE,SACA,SAIA;AACA,UAAM,oBAAoB,SAAS,KAAK,OAAO;AAC/C,SAAK,OAAO;AAAA,EACd;AACF;;;ACnFA,IAAM,qBAAqB;AAC3B,IAAM,sBAAsB;AAC5B,IAAM,kBAAkB;AAqBjB,IAAM,sBAAN,MAA0B;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,SAAqC;AAC/C,QAAI,CAAC,QAAQ,QAAS,OAAM,IAAI,MAAM,qBAAqB;AAC3D,QAAI,CAAC,QAAQ,MAAO,OAAM,IAAI,MAAM,mBAAmB;AACvD,QAAI,CAAC,QAAQ,OAAQ,OAAM,IAAI,MAAM,oBAAoB;AAEzD,SAAK,UAAU,QAAQ,QAAQ,QAAQ,OAAO,EAAE;AAChD,SAAK,QAAQ,QAAQ;AACrB,SAAK,SAAS,QAAQ;AACtB,SAAK,YAAY,QAAQ,aAAa;AACtC,SAAK,aAAa,QAAQ,cAAc;AACxC,SAAK,YAAY,QAAQ,SAAS,WAAW;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoBA,MAAM,OAAO,OAAsC;AACjD,UAAM,MAAM,MAAM,KAAK,iBAA+B,QAAQ,qBAAqB;AAAA,MACjF;AAAA,IACF,CAAC;AAGD,QAAI,IAAI,MAAM;AACZ,YAAM,KAAK,IAAI,KAAK,qBAAqB,IAAI,KAAK;AAClD,MAAC,IAAI,KAAuD,SAAS;AACrE,MAAC,IAAI,KAAuD,oBAAoB;AAAA,IAClF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,WAAW,OAA0C;AACzD,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,MACA,EAAE,MAAM;AAAA,IACV;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,OAAO,OAAsC;AACjD,WAAO,KAAK,iBAA+B,QAAQ,qBAAqB;AAAA,MACtE;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,iBACZ,QACA,MACA,MACY;AACZ,QAAI;AAEJ,aAAS,UAAU,GAAG,WAAW,KAAK,YAAY,WAAW;AAC3D,UAAI;AACF,eAAO,MAAM,KAAK,QAAW,QAAQ,MAAM,IAAI;AAAA,MACjD,SAAS,KAAK;AACZ,oBAAY;AAGZ,YAAI,eAAe,0BAA0B,UAAU,KAAK,YAAY;AACtE,gBAAM,YAAY,IAAI,aAClB,IAAI,aAAa,MACjB,kBAAkB,KAAK,IAAI,GAAG,OAAO;AACzC,gBAAM,MAAM,SAAS;AACrB;AAAA,QACF;AAEA,cAAM;AAAA,MACR;AAAA,IACF;AAGA,UAAM,aAAa,IAAI,MAAM,8BAA8B;AAAA,EAC7D;AAAA,EAEA,MAAc,QACZ,QACA,MACA,MACY;AACZ,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAClC,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,SAAS;AAErE,QAAI;AACF,YAAM,WAAW,MAAM,KAAK,UAAU,KAAK;AAAA,QACzC;AAAA,QACA,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,YAAY,KAAK;AAAA,UACjB,aAAa,KAAK;AAAA,QACpB;AAAA,QACA,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,QAAQ,WAAW;AAAA,MACrB,CAAC;AAED,mBAAa,SAAS;AAEtB,UAAI,SAAS,IAAI;AACf,eAAQ,MAAM,SAAS,KAAK;AAAA,MAC9B;AAGA,UAAI,YAAyG,CAAC;AAC9G,UAAI;AACF,oBAAa,MAAM,SAAS,KAAK;AAAA,MACnC,QAAQ;AAAA,MAER;AAEA,YAAM,OAAO,UAAU,SAAS,QAAQ,SAAS,MAAM;AACvD,YAAM,UAAU,UAAU,UAAU,UAAU,SAAS,SAAS;AAChE,YAAM,YAAY,UAAU;AAE5B,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,aAAa,OAAO,SAAS,QAAQ,IAAI,aAAa,CAAC,KAAK;AAClE,cAAM,IAAI,uBAAuB,SAAS,YAAY,EAAE,UAAU,CAAC;AAAA,MACrE;AAEA,UAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,cAAM,IAAI,kBAAkB,MAAM,SAAS,SAAS,QAAQ;AAAA,UAC1D;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,IAAI,wBAAwB,SAAS;AAAA,UACzC;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,YAAM,IAAI,cAAc,MAAM,SAAS,SAAS,QAAQ;AAAA,QACtD;AAAA,QACA,SAAS,UAAU;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,mBAAa,SAAS;AAGtB,UAAI,eAAe,eAAe;AAChC,cAAM;AAAA,MACR;AAGA,UAAI,eAAe,gBAAgB,IAAI,SAAS,cAAc;AAC5D,cAAM,IAAI;AAAA,UACR,cAAc,GAAG,oBAAoB,KAAK,SAAS;AAAA,UACnD,EAAE,OAAO,IAAI;AAAA,QACf;AAAA,MACF;AAEA,YAAM,IAAI;AAAA,QACR,wBAAwB,GAAG,KAAM,IAAc,OAAO;AAAA,QACtD,EAAE,OAAO,IAAa;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AACF;AAMA,SAAS,MAAM,IAA2B;AACxC,SAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AACzD;;;AClOA,IAAMA,sBAAqB;AAC3B,IAAMC,uBAAsB;AAC5B,IAAMC,mBAAkB;AAiCjB,IAAM,cAAN,MAAkB;AAAA,EACN;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,SAA6B;AACvC,QAAI,CAAC,QAAQ,QAAS,OAAM,IAAI,MAAM,qBAAqB;AAE3D,SAAK,UAAU,QAAQ,QAAQ,QAAQ,OAAO,EAAE;AAChD,SAAK,YAAY,QAAQ,aAAaF;AACtC,SAAK,aAAa,QAAQ,cAAcC;AACxC,SAAK,YAAY,QAAQ,SAAS,WAAW;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,SAAS,QAA2D;AACxE,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,QACE,QAAQ,OAAO;AAAA,QACf,cAAc,OAAO;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,aAAa,QAAyD;AAE1E,UAAM,YAAY,MAAM,KAAK,aAAa,OAAO,OAAO;AAGxD,UAAM,eAAe,MAAM,OAAO,KAAK,UAAU,KAAK;AAGtD,WAAO,KAAK,cAAc;AAAA,MACxB,SAAS,OAAO;AAAA,MAChB,aAAa,UAAU;AAAA,MACvB;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,aAAa,SAA2C;AAC5D,WAAO,KAAK;AAAA,MACV;AAAA,MACA,cAAc,OAAO;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,cAAc,QAA0D;AAC5E,WAAO,KAAK;AAAA,MACV;AAAA,MACA,cAAc,OAAO,OAAO;AAAA,MAC5B;AAAA,QACE,aAAa,OAAO;AAAA,QACpB,cAAc,OAAO;AAAA,QACrB,QAAQ,OAAO,UAAU,CAAC;AAAA,MAC5B;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,iBACZ,QACA,MACA,MACY;AACZ,QAAI;AAEJ,aAAS,UAAU,GAAG,WAAW,KAAK,YAAY,WAAW;AAC3D,UAAI;AACF,eAAO,MAAM,KAAK,QAAW,QAAQ,MAAM,IAAI;AAAA,MACjD,SAAS,KAAK;AACZ,oBAAY;AAEZ,YAAI,eAAe,0BAA0B,UAAU,KAAK,YAAY;AACtE,gBAAM,YAAY,IAAI,aAClB,IAAI,aAAa,MACjBC,mBAAkB,KAAK,IAAI,GAAG,OAAO;AACzC,gBAAMC,OAAM,SAAS;AACrB;AAAA,QACF;AAEA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,MAAM,8BAA8B;AAAA,EAC7D;AAAA,EAEA,MAAc,QACZ,QACA,MACA,MACY;AACZ,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAClC,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,SAAS;AAErE,QAAI;AACF,YAAM,OAAoB;AAAA,QACxB;AAAA,QACA,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C,QAAQ,WAAW;AAAA,MACrB;AAEA,UAAI,SAAS,QAAW;AACtB,aAAK,OAAO,KAAK,UAAU,IAAI;AAAA,MACjC;AAEA,YAAM,WAAW,MAAM,KAAK,UAAU,KAAK,IAAI;AAE/C,mBAAa,SAAS;AAEtB,UAAI,SAAS,IAAI;AACf,eAAQ,MAAM,SAAS,KAAK;AAAA,MAC9B;AAEA,UAAI,YAKA,CAAC;AACL,UAAI;AACF,oBAAa,MAAM,SAAS,KAAK;AAAA,MACnC,QAAQ;AAAA,MAER;AAEA,YAAM,OAAO,UAAU,SAAS,QAAQ,SAAS,MAAM;AACvD,YAAM,UAAU,UAAU,UAAU,UAAU,SAAS,SAAS;AAChE,YAAM,YAAY,UAAU;AAE5B,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,aAAa,OAAO,SAAS,QAAQ,IAAI,aAAa,CAAC,KAAK;AAClE,cAAM,IAAI,uBAAuB,SAAS,YAAY,EAAE,UAAU,CAAC;AAAA,MACrE;AAEA,UAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,cAAM,IAAI,kBAAkB,MAAM,SAAS,SAAS,QAAQ;AAAA,UAC1D;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,IAAI,wBAAwB,SAAS;AAAA,UACzC;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,YAAM,IAAI,cAAc,MAAM,SAAS,SAAS,QAAQ;AAAA,QACtD;AAAA,QACA,SAAS,UAAU;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,mBAAa,SAAS;AAEtB,UAAI,eAAe,eAAe;AAChC,cAAM;AAAA,MACR;AAEA,UAAI,eAAe,gBAAgB,IAAI,SAAS,cAAc;AAC5D,cAAM,IAAI;AAAA,UACR,cAAc,GAAG,oBAAoB,KAAK,SAAS;AAAA,UACnD,EAAE,OAAO,IAAI;AAAA,QACf;AAAA,MACF;AAEA,YAAM,IAAI;AAAA,QACR,wBAAwB,GAAG,KAAM,IAAc,OAAO;AAAA,QACtD,EAAE,OAAO,IAAa;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AACF;AAMA,SAASA,OAAM,IAA2B;AACxC,SAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AACzD;","names":["DEFAULT_TIMEOUT_MS","DEFAULT_MAX_RETRIES","BASE_BACKOFF_MS","sleep"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zerobase-labs/passport-sdk",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "SDK for Agent Passport — OAuth-like identity verification for AI agents",
   "main": "./dist/index.cjs",
   "module": "./dist/index.mjs",