beam-protocol-sdk 0.3.0 → 0.5.1

package/dist/frames.js

@@ -0,0 +1,133 @@
+import { randomUUID, createPrivateKey, sign } from 'node:crypto';
+import { BeamIdentity } from './identity.js';
+export const MAX_FRAME_SIZE = 4 * 1024; // 4KB hard limit
+export const REPLAY_WINDOW_MS = 5 * 60 * 1000; // 5 minutes
+export function createIntentFrame(options, identity) {
+    const frame = {
+        v: '1',
+        intent: options.intent,
+        from: options.from,
+        to: options.to,
+        payload: options.payload ?? {},
+        nonce: randomUUID(),
+        timestamp: new Date().toISOString()
+    };
+    return signFrame(frame, identity.export().privateKeyBase64);
+}
+export function signFrame(frame, privateKeyBase64) {
+    const signedPayload = JSON.stringify({
+        type: 'intent',
+        from: frame.from,
+        to: frame.to,
+        intent: frame.intent,
+        payload: frame.payload,
+        timestamp: frame.timestamp,
+        nonce: frame.nonce,
+    });
+    const privateKey = createPrivateKey({
+        key: Buffer.from(privateKeyBase64, 'base64'),
+        format: 'der',
+        type: 'pkcs8',
+    });
+    frame.signature = sign(null, Buffer.from(signedPayload, 'utf8'), privateKey).toString('base64');
+    return frame;
+}
+export function createResultFrame(options, identity) {
+    const frame = {
+        v: '1',
+        success: options.success,
+        nonce: options.nonce,
+        timestamp: new Date().toISOString(),
+        ...(options.payload !== undefined && { payload: options.payload }),
+        ...(options.error !== undefined && { error: options.error }),
+        ...(options.errorCode !== undefined && { errorCode: options.errorCode }),
+        ...(options.latency !== undefined && { latency: options.latency })
+    };
+    frame.signature = identity.sign(canonicalizeFrame(frame));
+    return frame;
+}
+export function validateIntentFrame(frame, senderPublicKey) {
+    if (!frame || typeof frame !== 'object') {
+        return { valid: false, error: 'Frame must be an object' };
+    }
+    const f = frame;
+    if (f['v'] !== '1')
+        return { valid: false, error: 'Invalid protocol version' };
+    if (typeof f['intent'] !== 'string' || !f['intent'])
+        return { valid: false, error: 'Missing or empty intent' };
+    if (typeof f['from'] !== 'string' || !BeamIdentity.parseBeamId(f['from'])) {
+        return { valid: false, error: 'Invalid from Beam ID' };
+    }
+    if (typeof f['to'] !== 'string' || !BeamIdentity.parseBeamId(f['to'])) {
+        return { valid: false, error: 'Invalid to Beam ID' };
+    }
+    if (typeof f['nonce'] !== 'string' || !f['nonce'])
+        return { valid: false, error: 'Missing nonce' };
+    if (typeof f['timestamp'] !== 'string')
+        return { valid: false, error: 'Missing timestamp' };
+    if (!f['payload'] || typeof f['payload'] !== 'object' || Array.isArray(f['payload'])) {
+        return { valid: false, error: 'Payload must be an object' };
+    }
+    const size = Buffer.byteLength(JSON.stringify(frame), 'utf8');
+    if (size > MAX_FRAME_SIZE) {
+        return { valid: false, error: `Frame size ${size} exceeds limit of ${MAX_FRAME_SIZE} bytes` };
+    }
+    const frameTime = new Date(f['timestamp']).getTime();
+    if (isNaN(frameTime))
+        return { valid: false, error: 'Invalid timestamp format' };
+    if (Math.abs(Date.now() - frameTime) > REPLAY_WINDOW_MS) {
+        return { valid: false, error: 'Frame timestamp outside replay window (±5 minutes)' };
+    }
+    if (typeof f['signature'] !== 'string')
+        return { valid: false, error: 'Missing signature' };
+    const signedPayload = JSON.stringify({
+        type: 'intent',
+        from: f['from'],
+        to: f['to'],
+        intent: f['intent'],
+        payload: f['payload'],
+        timestamp: f['timestamp'],
+        nonce: f['nonce'],
+    });
+    if (!BeamIdentity.verify(signedPayload, f['signature'], senderPublicKey)) {
+        return { valid: false, error: 'Signature verification failed' };
+    }
+    return { valid: true };
+}
+export function validateResultFrame(frame, senderPublicKey) {
+    if (!frame || typeof frame !== 'object') {
+        return { valid: false, error: 'Frame must be an object' };
+    }
+    const f = frame;
+    if (f['v'] !== '1')
+        return { valid: false, error: 'Invalid protocol version' };
+    if (typeof f['success'] !== 'boolean')
+        return { valid: false, error: 'Missing success boolean' };
+    if (typeof f['nonce'] !== 'string' || !f['nonce'])
+        return { valid: false, error: 'Missing nonce' };
+    if (typeof f['timestamp'] !== 'string')
+        return { valid: false, error: 'Missing timestamp' };
+    if (typeof f['signature'] !== 'string')
+        return { valid: false, error: 'Missing signature' };
+    const { signature, ...unsigned } = f;
+    if (!BeamIdentity.verify(canonicalizeFrame(unsigned), signature, senderPublicKey)) {
+        return { valid: false, error: 'Signature verification failed' };
+    }
+    return { valid: true };
+}
+export function canonicalizeFrame(frame) {
+    return JSON.stringify(deepSortKeys(frame));
+}
+function deepSortKeys(value) {
+    if (Array.isArray(value))
+        return value.map(deepSortKeys);
+    if (value !== null && typeof value === 'object') {
+        const sorted = {};
+        for (const key of Object.keys(value).sort()) {
+            sorted[key] = deepSortKeys(value[key]);
+        }
+        return sorted;
+    }
+    return value;
+}
+//# sourceMappingURL=frames.js.map

package/dist/frames.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"frames.js","sourceRoot":"","sources":["../src/frames.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,IAAI,EAAE,MAAM,aAAa,CAAA;AAEhE,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AAE5C,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,GAAG,IAAI,CAAA,CAAE,iBAAiB;AACzD,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAA,CAAE,YAAY;AAE3D,MAAM,UAAU,iBAAiB,CAC/B,OAKC,EACD,QAAsB;IAEtB,MAAM,KAAK,GAAgB;QACzB,CAAC,EAAE,GAAG;QACN,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,EAAE;QAC9B,KAAK,EAAE,UAAU,EAAE;QACnB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAA;IACD,OAAO,SAAS,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,gBAAgB,CAAC,CAAA;AAC7D,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAkB,EAAE,gBAAwB;IACpE,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC;QACnC,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,KAAK,EAAE,KAAK,CAAC,KAAK;KACnB,CAAC,CAAA;IACF,MAAM,UAAU,GAAG,gBAAgB,CAAC;QAClC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC;QAC5C,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,OAAO;KACd,CAAC,CAAA;IACF,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IAC/F,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,OAOC,EACD,QAAsB;IAEtB,MAAM,KAAK,GAAgB;QACzB,CAAC,EAAE,GAAG;QACN,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,GAAG,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC;QAClE,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,SAAS,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC;QAC5D,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC;QACxE,GAAG,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC;KACnE,CAAA;IACD,KAAK,CAAC,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,KAA2C,CAAC,CAAC,CAAA;IAC/F,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,KAAc,EACd,eAAuB;IAEvB,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAA;IAC3D,CAAC;IACD,MAAM,CAAC,GAAG,KAAgC,CAAA;IAE1C,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,GAAG;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAA;IAC9E,IAAI,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAA;IAC9G,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,QAAQ,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;QAC1E,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAA;IACxD,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACtE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAA;IACtD,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAA;IAClG,IAAI,OAAO,CAAC,CAAC,WAAW,CAAC,KAAK,QAAQ;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAA;IAC3F,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,CAAC,SAAS,CAAC,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QACrF,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAA;IAC7D,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,CAAA;IAC7D,IAAI,IAAI,GAAG,cAAc,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,IAAI,qBAAqB,cAAc,QAAQ,EAAE,CAAA;IAC/F,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,WAAW,CAAW,CAAC,CAAC,OAAO,EAAE,CAAA;IAC9D,IAAI,KAAK,CAAC,SAAS,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAA;IAChF,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,GAAG,gBAAgB,EAAE,CAAC;QACxD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,oDAAoD,EAAE,CAAA;IACtF,CAAC;IAED,IAAI,OAAO,CAAC,CAAC,WAAW,CAAC,KAAK,QAAQ;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAA;IAC3F,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC;QACnC,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC;QACX,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC;QACnB,OAAO,EAAE,CAAC,CAAC,SAAS,CAAC;QACrB,SAAS,EAAE,CAAC,CAAC,WAAW,CAAC;QACzB,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC;KAClB,CAAC,CAAA;IACF,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC,WAAW,CAAW,EAAE,eAAe,CAAC,EAAE,CAAC;QACnF,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAA;IACjE,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;AACxB,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,KAAc,EACd,eAAuB;IAEvB,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAA;IAC3D,CAAC;IACD,MAAM,CAAC,GAAG,KAAgC,CAAA;IAE1C,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,GAAG;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAA;IAC9E,IAAI,OAAO,CAAC,CAAC,SAAS,CAAC,KAAK,SAAS;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAA;IAChG,IAAI,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAA;IAClG,IAAI,OAAO,CAAC,CAAC,WAAW,CAAC,KAAK,QAAQ;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAA;IAC3F,IAAI,OAAO,CAAC,CAAC,WAAW,CAAC,KAAK,QAAQ;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAA;IAE3F,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,CAAC,CAAA;IACpC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,EAAE,SAAmB,EAAE,eAAe,CAAC,EAAE,CAAC;QAC5F,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAA;IACjE,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;AACxB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,KAA8B;IAC9D,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAA;AAC5C,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;IACxD,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,MAAM,GAA4B,EAAE,CAAA;QAC1C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,KAAe,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YACtD,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAE,KAAiC,CAAC,GAAG,CAAC,CAAC,CAAA;QACrE,CAAC;QACD,OAAO,MAAM,CAAA;IACf,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC"}

package/dist/identity.d.ts

@@ -0,0 +1,20 @@
+import type { BeamIdString, BeamIdentityConfig, BeamIdentityData } from './types.js';
+export declare class BeamIdentity {
+    readonly beamId: BeamIdString;
+    readonly publicKeyBase64: string;
+    private readonly _privateKey;
+    private readonly _publicKey;
+    private constructor();
+    static generate(config: BeamIdentityConfig): BeamIdentity;
+    static fromData(data: BeamIdentityData): BeamIdentity;
+    export(): BeamIdentityData;
+    sign(data: string): string;
+    static verify(data: string, signatureBase64: string, publicKeyBase64: string): boolean;
+    static parseBeamId(beamId: string): {
+        agent: string;
+        org?: string;
+        kind: 'consumer' | 'organization';
+    } | null;
+    static generateNonce(): string;
+}
+//# sourceMappingURL=identity.d.ts.map

package/dist/identity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../src/identity.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,YAAY,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAA;AAMpF,qBAAa,YAAY;IACvB,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAA;IAC7B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAW;IACvC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAW;IAEtC,OAAO;IAOP,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,kBAAkB,GAAG,YAAY;IAezD,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,gBAAgB,GAAG,YAAY;IAcrD,MAAM,IAAI,gBAAgB;IAQ1B,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;IAK1B,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO;IAkBtF,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,UAAU,GAAG,cAAc,CAAA;KAAE,GAAG,IAAI;IAc7G,MAAM,CAAC,aAAa,IAAI,MAAM;CAG/B"}

package/dist/identity.js

@@ -0,0 +1,81 @@
+import { generateKeyPairSync, sign, verify, createPrivateKey, createPublicKey, randomUUID } from 'node:crypto';
+const AGENT_RE = /^[a-z0-9_-]+$/;
+const CONSUMER_BEAM_ID_RE = /^([a-z0-9_-]+)@beam\.directory$/;
+const ORG_BEAM_ID_RE = /^([a-z0-9_-]+)@([a-z0-9_-]+)\.beam\.directory$/;
+export class BeamIdentity {
+    beamId;
+    publicKeyBase64;
+    _privateKey;
+    _publicKey;
+    constructor(beamId, privateKey, publicKey) {
+        this.beamId = beamId;
+        this._privateKey = privateKey;
+        this._publicKey = publicKey;
+        this.publicKeyBase64 = publicKey.export({ type: 'spki', format: 'der' }).toString('base64');
+    }
+    static generate(config) {
+        if (!AGENT_RE.test(config.agentName)) {
+            throw new Error('agentName must match [a-z0-9_-]+');
+        }
+        if (config.orgName && !AGENT_RE.test(config.orgName)) {
+            throw new Error('orgName must match [a-z0-9_-]+');
+        }
+        const { privateKey, publicKey } = generateKeyPairSync('ed25519');
+        const beamId = config.orgName
+            ? `${config.agentName}@${config.orgName}.beam.directory`
+            : `${config.agentName}@beam.directory`;
+        return new BeamIdentity(beamId, privateKey, publicKey);
+    }
+    static fromData(data) {
+        const privateKey = createPrivateKey({
+            key: Buffer.from(data.privateKeyBase64, 'base64'),
+            format: 'der',
+            type: 'pkcs8'
+        });
+        const publicKey = createPublicKey({
+            key: Buffer.from(data.publicKeyBase64, 'base64'),
+            format: 'der',
+            type: 'spki'
+        });
+        return new BeamIdentity(data.beamId, privateKey, publicKey);
+    }
+    export() {
+        return {
+            beamId: this.beamId,
+            publicKeyBase64: this.publicKeyBase64,
+            privateKeyBase64: this._privateKey.export({ type: 'pkcs8', format: 'der' }).toString('base64')
+        };
+    }
+    sign(data) {
+        const signature = sign(null, Buffer.from(data, 'utf8'), this._privateKey);
+        return signature.toString('base64');
+    }
+    static verify(data, signatureBase64, publicKeyBase64) {
+        try {
+            const publicKey = createPublicKey({
+                key: Buffer.from(publicKeyBase64, 'base64'),
+                format: 'der',
+                type: 'spki'
+            });
+            return verify(null, Buffer.from(data, 'utf8'), publicKey, Buffer.from(signatureBase64, 'base64'));
+        }
+        catch {
+            return false;
+        }
+    }
+    static parseBeamId(beamId) {
+        const consumerMatch = beamId.match(CONSUMER_BEAM_ID_RE);
+        if (consumerMatch) {
+            return { agent: consumerMatch[1], kind: 'consumer' };
+        }
+        const orgMatch = beamId.match(ORG_BEAM_ID_RE);
+        if (orgMatch) {
+            return { agent: orgMatch[1], org: orgMatch[2], kind: 'organization' };
+        }
+        return null;
+    }
+    static generateNonce() {
+        return randomUUID();
+    }
+}
+//# sourceMappingURL=identity.js.map

package/dist/identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.js","sourceRoot":"","sources":["../src/identity.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,IAAI,EACJ,MAAM,EACN,gBAAgB,EAChB,eAAe,EACf,UAAU,EAEX,MAAM,aAAa,CAAA;AAGpB,MAAM,QAAQ,GAAG,eAAe,CAAA;AAChC,MAAM,mBAAmB,GAAG,iCAAiC,CAAA;AAC7D,MAAM,cAAc,GAAG,gDAAgD,CAAA;AAEvE,MAAM,OAAO,YAAY;IACd,MAAM,CAAc;IACpB,eAAe,CAAQ;IACf,WAAW,CAAW;IACtB,UAAU,CAAW;IAEtC,YAAoB,MAAoB,EAAE,UAAqB,EAAE,SAAoB;QACnF,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,WAAW,GAAG,UAAU,CAAA;QAC7B,IAAI,CAAC,UAAU,GAAG,SAAS,CAAA;QAC3B,IAAI,CAAC,eAAe,GAAI,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACzG,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,MAA0B;QACxC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;QACrD,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAA;QACnD,CAAC;QAED,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAA;QAChE,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO;YAC3B,CAAC,CAAC,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,OAAO,iBAAiB;YACxD,CAAC,CAAC,GAAG,MAAM,CAAC,SAAS,iBAAiB,CAAA;QACxC,OAAO,IAAI,YAAY,CAAC,MAAsB,EAAE,UAAU,EAAE,SAAS,CAAC,CAAA;IACxE,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,IAAsB;QACpC,MAAM,UAAU,GAAG,gBAAgB,CAAC;YAClC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC;YACjD,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SACd,CAAC,CAAA;QACF,MAAM,SAAS,GAAG,eAAe,CAAC;YAChC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC;YAChD,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC,CAAA;QACF,OAAO,IAAI,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,CAAA;IAC7D,CAAC;IAED,MAAM;QACJ,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,gBAAgB,EAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;SAC3G,CAAA;IACH,CAAC;IAED,IAAI,CAAC,IAAY;QACf,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,IAAI,CAAC,WAAW,CAAC,CAAA;QACzE,OAAQ,SAAoB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACjD,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,IAAY,EAAE,eAAuB,EAAE,eAAuB;QAC1E,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,eAAe,CAAC;gBAChC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC;gBAC3C,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,MAAM;aACb,CAAC,CAAA;YACF,OAAO,MAAM,CACX,IAAI,EACJ,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,EACzB,SAAS,EACT,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CACvC,CAAA;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED,MAAM,CAAC,WAAW,CAAC,MAAc;QAC/B,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QACvD,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAA;QACtD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;QAC7C,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,CAAA;QACvE,CAAC;QAED,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,CAAC,aAAa;QAClB,OAAO,UAAU,EAAE,CAAA;IACrB,CAAC;CACF"}

package/dist/index.d.ts

@@ -0,0 +1,9 @@
+export { BeamIdentity } from './identity.js';
+export { BeamDirectory, BeamDirectoryError } from './directory.js';
+export { BeamClient, BeamThread } from './client.js';
+export { BeamDID, BeamCredentialsClient, CredentialVerifier } from './did.js';
+export { createIntentFrame, createResultFrame, signFrame, validateIntentFrame, validateResultFrame, canonicalizeFrame, MAX_FRAME_SIZE, REPLAY_WINDOW_MS } from './frames.js';
+export type { AgentProfile, AgentRegistration, AgentRecord, AgentSearchQuery, BeamClientConfig, BeamIdentityConfig, BeamIdentityData, BeamIdString, BrowseFilters, BrowseResult, Delegation, DirectoryConfig, DirectoryStats, DomainVerification, IntentFrame, KeyRotationResult, Report, ResultFrame, VerificationTier, } from './types.js';
+export type { DIDDocument, VerificationMethod, ServiceEndpoint, VerifiableCredential, CredentialSubject, Proof, } from './did.js';
+export * from './key-management.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AAC5C,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAA;AAClE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACpD,OAAO,EAAE,OAAO,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAA;AAC7E,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,SAAS,EACT,mBAAmB,EACnB,mBAAmB,EACnB,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EACjB,MAAM,aAAa,CAAA;AACpB,YAAY,EACV,YAAY,EACZ,iBAAiB,EACjB,WAAW,EACX,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,gBAAgB,EAChB,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,UAAU,EACV,eAAe,EACf,cAAc,EACd,kBAAkB,EAClB,WAAW,EACX,iBAAiB,EACjB,MAAM,EACN,WAAW,EACX,gBAAgB,GACjB,MAAM,YAAY,CAAA;AACnB,YAAY,EACV,WAAW,EACX,kBAAkB,EAClB,eAAe,EACf,oBAAoB,EACpB,iBAAiB,EACjB,KAAK,GACN,MAAM,UAAU,CAAA;AACjB,cAAc,qBAAqB,CAAA"}

package/dist/index.js

@@ -0,0 +1,7 @@
+export { BeamIdentity } from './identity.js';
+export { BeamDirectory, BeamDirectoryError } from './directory.js';
+export { BeamClient, BeamThread } from './client.js';
+export { BeamDID, BeamCredentialsClient, CredentialVerifier } from './did.js';
+export { createIntentFrame, createResultFrame, signFrame, validateIntentFrame, validateResultFrame, canonicalizeFrame, MAX_FRAME_SIZE, REPLAY_WINDOW_MS } from './frames.js';
+export * from './key-management.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AAC5C,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAA;AAClE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACpD,OAAO,EAAE,OAAO,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAA;AAC7E,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,SAAS,EACT,mBAAmB,EACnB,mBAAmB,EACnB,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EACjB,MAAM,aAAa,CAAA;AA8BpB,cAAc,qBAAqB,CAAA"}

package/dist/key-management.d.ts

@@ -0,0 +1,54 @@
+export interface ExportedIdentity {
+    version: 1;
+    beamId: string;
+    publicKeyBase64: string;
+    /** Present only if not encrypted */
+    privateKeyBase64?: string;
+    /** Present only if encrypted */
+    encrypted?: {
+        ciphertext: string;
+        iv: string;
+        salt: string;
+        iterations: number;
+    };
+}
+export interface BeamIdentityData {
+    beamId: string;
+    publicKeyBase64: string;
+    privateKeyBase64: string;
+}
+/**
+ * Export a Beam identity as JSON. If password is provided, the private key
+ * is encrypted with AES-256-GCM (PBKDF2 key derivation).
+ */
+export declare function exportIdentity(identity: BeamIdentityData, password?: string): Promise<string>;
+/**
+ * Import a Beam identity from JSON. If the identity was encrypted,
+ * provide the same password used during export.
+ */
+export declare function importIdentity(json: string, password?: string): Promise<BeamIdentityData>;
+/**
+ * Extract the 32-byte Ed25519 seed from a private key and encode as
+ * a 12-word mnemonic. Only the first 128 bits (16 bytes) of the seed
+ * are encoded; remaining 16 bytes are derived via SHA-256 during recovery.
+ *
+ * NOTE: This is a simplified scheme (128-bit entropy → 12 words).
+ * The full 32-byte seed is NOT recoverable from just 12 words —
+ * we hash the 16-byte entropy to get the full seed deterministically.
+ */
+export declare function generateRecoveryPhrase(identity: BeamIdentityData): string;
+/**
+ * Recover a Beam identity from a 12-word recovery phrase.
+ * The entropy is expanded to a 32-byte seed via SHA-256.
+ */
+export declare function recoverFromPhrase(phrase: string, beamId?: string): BeamIdentityData;
+/**
+ * Generate a compact JSON string suitable for QR code encoding.
+ * Contains only the essential data to reconstruct the identity.
+ */
+export declare function toQRData(identity: BeamIdentityData): string;
+/**
+ * Parse a QR code data string back into a BeamIdentityData object.
+ */
+export declare function fromQRData(data: string): BeamIdentityData;
+//# sourceMappingURL=key-management.d.ts.map

package/dist/key-management.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-management.d.ts","sourceRoot":"","sources":["../src/key-management.ts"],"names":[],"mappings":"AAOA,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,CAAC,CAAA;IACV,MAAM,EAAE,MAAM,CAAA;IACd,eAAe,EAAE,MAAM,CAAA;IACvB,oCAAoC;IACpC,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,gCAAgC;IAChC,SAAS,CAAC,EAAE;QACV,UAAU,EAAE,MAAM,CAAA;QAClB,EAAE,EAAE,MAAM,CAAA;QACV,IAAI,EAAE,MAAM,CAAA;QACZ,UAAU,EAAE,MAAM,CAAA;KACnB,CAAA;CACF;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAA;IACd,eAAe,EAAE,MAAM,CAAA;IACvB,gBAAgB,EAAE,MAAM,CAAA;CACzB;AA4BD;;;GAGG;AACH,wBAAsB,cAAc,CAAC,QAAQ,EAAE,gBAAgB,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA6BnG;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CA2B/F;AAID;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,gBAAgB,GAAG,MAAM,CAsBzE;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,gBAAgB,CAuCnF;AAID;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,GAAG,MAAM,CAM3D;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,gBAAgB,CAOzD"}

package/dist/key-management.js

@@ -0,0 +1,172 @@
+/**
+ * Consumer-friendly key management for Beam identities.
+ * Supports encrypted export/import, BIP-39 recovery phrases, and QR data.
+ */
+import { createHash, generateKeyPairSync } from 'node:crypto';
+import { BIP39_ENGLISH } from './bip39-wordlist.js';
+// ─── Helpers ───────────────────────────────────────────────
+const subtle = globalThis.crypto?.subtle;
+async function deriveKey(password, salt) {
+    const enc = new TextEncoder();
+    const keyMaterial = await subtle.importKey('raw', enc.encode(password), 'PBKDF2', false, ['deriveKey']);
+    return subtle.deriveKey({ name: 'PBKDF2', salt, iterations: 600_000, hash: 'SHA-256' }, keyMaterial, { name: 'AES-GCM', length: 256 }, false, ['encrypt', 'decrypt']);
+}
+function toBase64(buf) {
+    return Buffer.from(buf).toString('base64');
+}
+function fromBase64(b64) {
+    return new Uint8Array(Buffer.from(b64, 'base64'));
+}
+// ─── Export / Import ───────────────────────────────────────
+/**
+ * Export a Beam identity as JSON. If password is provided, the private key
+ * is encrypted with AES-256-GCM (PBKDF2 key derivation).
+ */
+export async function exportIdentity(identity, password) {
+    if (!password) {
+        const doc = {
+            version: 1,
+            beamId: identity.beamId,
+            publicKeyBase64: identity.publicKeyBase64,
+            privateKeyBase64: identity.privateKeyBase64,
+        };
+        return JSON.stringify(doc, null, 2);
+    }
+    const salt = globalThis.crypto.getRandomValues(new Uint8Array(16));
+    const iv = globalThis.crypto.getRandomValues(new Uint8Array(12));
+    const key = await deriveKey(password, salt);
+    const plaintext = new TextEncoder().encode(identity.privateKeyBase64);
+    const ciphertext = await subtle.encrypt({ name: 'AES-GCM', iv }, key, plaintext);
+    const doc = {
+        version: 1,
+        beamId: identity.beamId,
+        publicKeyBase64: identity.publicKeyBase64,
+        encrypted: {
+            ciphertext: toBase64(ciphertext),
+            iv: toBase64(iv),
+            salt: toBase64(salt),
+            iterations: 600_000,
+        },
+    };
+    return JSON.stringify(doc, null, 2);
+}
+/**
+ * Import a Beam identity from JSON. If the identity was encrypted,
+ * provide the same password used during export.
+ */
+export async function importIdentity(json, password) {
+    const doc = JSON.parse(json);
+    if (doc.privateKeyBase64 && !doc.encrypted) {
+        return {
+            beamId: doc.beamId,
+            publicKeyBase64: doc.publicKeyBase64,
+            privateKeyBase64: doc.privateKeyBase64,
+        };
+    }
+    if (!doc.encrypted)
+        throw new Error('Identity is encrypted but no encrypted block found');
+    if (!password)
+        throw new Error('Password required to decrypt identity');
+    const { ciphertext, iv, salt, iterations } = doc.encrypted;
+    const key = await deriveKey(password, fromBase64(salt));
+    const decrypted = await subtle.decrypt({ name: 'AES-GCM', iv: fromBase64(iv) }, key, fromBase64(ciphertext));
+    return {
+        beamId: doc.beamId,
+        publicKeyBase64: doc.publicKeyBase64,
+        privateKeyBase64: new TextDecoder().decode(decrypted),
+    };
+}
+// ─── Recovery Phrase (BIP-39 style) ────────────────────────
+/**
+ * Extract the 32-byte Ed25519 seed from a private key and encode as
+ * a 12-word mnemonic. Only the first 128 bits (16 bytes) of the seed
+ * are encoded; remaining 16 bytes are derived via SHA-256 during recovery.
+ *
+ * NOTE: This is a simplified scheme (128-bit entropy → 12 words).
+ * The full 32-byte seed is NOT recoverable from just 12 words —
+ * we hash the 16-byte entropy to get the full seed deterministically.
+ */
+export function generateRecoveryPhrase(identity) {
+    const privKeyDer = Buffer.from(identity.privateKeyBase64, 'base64');
+    // Ed25519 PKCS8 DER: last 32 bytes are the seed
+    const seed = privKeyDer.subarray(privKeyDer.length - 32);
+    // Take first 16 bytes (128 bits) → 12 words (11 bits each, 132 bits, 4 checksum)
+    const entropy = seed.subarray(0, 16);
+    const hash = createHash('sha256').update(entropy).digest();
+    const checksumBits = hash[0] >> 4; // 4 checksum bits for 128-bit entropy
+    // Build bit string
+    let bits = '';
+    for (const byte of entropy)
+        bits += byte.toString(2).padStart(8, '0');
+    bits += checksumBits.toString(2).padStart(4, '0');
+    const words = [];
+    for (let i = 0; i < 132; i += 11) {
+        const idx = parseInt(bits.slice(i, i + 11), 2);
+        words.push(BIP39_ENGLISH[idx]);
+    }
+    return words.join(' ');
+}
+/**
+ * Recover a Beam identity from a 12-word recovery phrase.
+ * The entropy is expanded to a 32-byte seed via SHA-256.
+ */
+export function recoverFromPhrase(phrase, beamId) {
+    const words = phrase.trim().toLowerCase().split(/\s+/);
+    if (words.length !== 12)
+        throw new Error('Recovery phrase must be exactly 12 words');
+    // Words → 132 bits
+    let bits = '';
+    for (const word of words) {
+        const idx = BIP39_ENGLISH.indexOf(word);
+        if (idx === -1)
+            throw new Error(`Unknown word: ${word}`);
+        bits += idx.toString(2).padStart(11, '0');
+    }
+    // Extract 128-bit entropy (first 128 bits)
+    const entropyBits = bits.slice(0, 128);
+    const entropy = new Uint8Array(16);
+    for (let i = 0; i < 16; i++) {
+        entropy[i] = parseInt(entropyBits.slice(i * 8, i * 8 + 8), 2);
+    }
+    // Verify checksum
+    const hash = createHash('sha256').update(entropy).digest();
+    const expectedChecksum = (hash[0] >> 4).toString(2).padStart(4, '0');
+    const actualChecksum = bits.slice(128, 132);
+    if (expectedChecksum !== actualChecksum)
+        throw new Error('Invalid recovery phrase checksum');
+    // Expand entropy to 32-byte seed via SHA-256
+    const seed = createHash('sha256').update(entropy).digest();
+    // Create Ed25519 keypair from seed
+    const { privateKey, publicKey } = generateKeyPairSync('ed25519', { seed });
+    const privDer = privateKey.export({ format: 'der', type: 'pkcs8' });
+    const pubDer = publicKey.export({ format: 'der', type: 'spki' });
+    return {
+        beamId: beamId ?? `recovered-${Date.now()}@beam.directory`,
+        publicKeyBase64: Buffer.from(pubDer).toString('base64'),
+        privateKeyBase64: Buffer.from(privDer).toString('base64'),
+    };
+}
+// ─── QR Code Data ──────────────────────────────────────────
+/**
+ * Generate a compact JSON string suitable for QR code encoding.
+ * Contains only the essential data to reconstruct the identity.
+ */
+export function toQRData(identity) {
+    return JSON.stringify({
+        b: identity.beamId,
+        p: identity.publicKeyBase64,
+        s: identity.privateKeyBase64,
+    });
+}
+/**
+ * Parse a QR code data string back into a BeamIdentityData object.
+ */
+export function fromQRData(data) {
+    const obj = JSON.parse(data);
+    return {
+        beamId: obj.b,
+        publicKeyBase64: obj.p,
+        privateKeyBase64: obj.s,
+    };
+}
+//# sourceMappingURL=key-management.js.map

package/dist/key-management.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-management.js","sourceRoot":"","sources":["../src/key-management.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,UAAU,EAAqC,mBAAmB,EAAE,MAAM,aAAa,CAAA;AAChG,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAuBnD,8DAA8D;AAE9D,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,MAAM,CAAA;AAExC,KAAK,UAAU,SAAS,CAAC,QAAgB,EAAE,IAAgB;IACzD,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAA;IAC7B,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,WAAW,CAAC,CAAC,CAAA;IACvG,OAAO,MAAM,CAAC,SAAS,CACrB,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAC9D,WAAW,EACX,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,EAChC,KAAK,EACL,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAA;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,GAA6B;IAC7C,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;AAC5C,CAAC;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAA;AACnD,CAAC;AAED,8DAA8D;AAE9D;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,QAA0B,EAAE,QAAiB;IAChF,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,GAAG,GAAqB;YAC5B,OAAO,EAAE,CAAC;YACV,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,eAAe,EAAE,QAAQ,CAAC,eAAe;YACzC,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;SAC5C,CAAA;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;IACrC,CAAC;IAED,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAA;IAClE,MAAM,EAAE,GAAG,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAA;IAChE,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;IAC3C,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAA;IACrE,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,CAAA;IAEhF,MAAM,GAAG,GAAqB;QAC5B,OAAO,EAAE,CAAC;QACV,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,eAAe,EAAE,QAAQ,CAAC,eAAe;QACzC,SAAS,EAAE;YACT,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC;YAChC,EAAE,EAAE,QAAQ,CAAC,EAAE,CAAC;YAChB,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC;YACpB,UAAU,EAAE,OAAO;SACpB;KACF,CAAA;IACD,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;AACrC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAAY,EAAE,QAAiB;IAClE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAqB,CAAA;IAEhD,IAAI,GAAG,CAAC,gBAAgB,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC;QAC3C,OAAO;YACL,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,eAAe,EAAE,GAAG,CAAC,eAAe;YACpC,gBAAgB,EAAE,GAAG,CAAC,gBAAgB;SACvC,CAAA;IACH,CAAC;IAED,IAAI,CAAC,GAAG,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAA;IACzF,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAA;IAEvE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,SAAS,CAAA;IAC1D,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAA;IACvD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,OAAO,CACpC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,CAAC,EAAE,EACvC,GAAG,EACH,UAAU,CAAC,UAAU,CAAC,CACvB,CAAA;IAED,OAAO;QACL,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,eAAe,EAAE,GAAG,CAAC,eAAe;QACpC,gBAAgB,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC;KACtD,CAAA;AACH,CAAC;AAED,8DAA8D;AAE9D;;;;;;;;GAQG;AACH,MAAM,UAAU,sBAAsB,CAAC,QAA0B;IAC/D,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAA;IACnE,gDAAgD;IAChD,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,GAAG,EAAE,CAAC,CAAA;IAExD,iFAAiF;IACjF,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IACpC,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAA;IAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,CAAC,CAAE,IAAI,CAAC,CAAA,CAAC,sCAAsC;IAEzE,mBAAmB;IACnB,IAAI,IAAI,GAAG,EAAE,CAAA;IACb,KAAK,MAAM,IAAI,IAAI,OAAO;QAAE,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IACrE,IAAI,IAAI,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IAEjD,MAAM,KAAK,GAAa,EAAE,CAAA;IAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC;QACjC,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAA;QAC9C,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAE,CAAC,CAAA;IACjC,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;AACxB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAe;IAC/D,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IACtD,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;IAEpF,mBAAmB;IACnB,IAAI,IAAI,GAAG,EAAE,CAAA;IACb,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;QACvC,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAA;QACxD,IAAI,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IAC3C,CAAC;IAED,2CAA2C;IAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IACtC,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAA;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,OAAO,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IAC/D,CAAC;IAED,kBAAkB;IAClB,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAA;IAC1D,MAAM,gBAAgB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAE,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IACrE,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;IAC3C,IAAI,gBAAgB,KAAK,cAAc;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;IAE5F,6CAA6C;IAC7C,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAA;IAE1D,mCAAmC;IACnC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;IAE1E,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;IACnE,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAA;IAEhE,OAAO;QACL,MAAM,EAAE,MAAM,IAAI,aAAa,IAAI,CAAC,GAAG,EAAE,iBAAiB;QAC1D,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACvD,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;KAC1D,CAAA;AACH,CAAC;AAED,8DAA8D;AAE9D;;;GAGG;AACH,MAAM,UAAU,QAAQ,CAAC,QAA0B;IACjD,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,CAAC,EAAE,QAAQ,CAAC,MAAM;QAClB,CAAC,EAAE,QAAQ,CAAC,eAAe;QAC3B,CAAC,EAAE,QAAQ,CAAC,gBAAgB;KAC7B,CAAC,CAAA;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,IAAY;IACrC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAwC,CAAA;IACnE,OAAO;QACL,MAAM,EAAE,GAAG,CAAC,CAAC;QACb,eAAe,EAAE,GAAG,CAAC,CAAC;QACtB,gBAAgB,EAAE,GAAG,CAAC,CAAC;KACxB,CAAA;AACH,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,124 @@
+export type BeamIdString = `${string}@beam.directory` | `${string}@${string}.beam.directory`;
+export type VerificationTier = 'basic' | 'verified' | 'business' | 'enterprise';
+export interface BeamIdentityConfig {
+    agentName: string;
+    orgName?: string;
+}
+export interface BeamIdentityData {
+    beamId: BeamIdString;
+    publicKeyBase64: string;
+    privateKeyBase64: string;
+}
+export interface IntentFrame {
+    v: '1';
+    intent: string;
+    from: BeamIdString;
+    to: BeamIdString;
+    payload: Record<string, unknown>;
+    nonce: string;
+    timestamp: string;
+    signature?: string;
+}
+export interface ResultFrame {
+    v: '1';
+    success: boolean;
+    payload?: Record<string, unknown>;
+    error?: string;
+    errorCode?: string;
+    nonce: string;
+    timestamp: string;
+    latency?: number;
+    signature?: string;
+}
+export interface AgentRegistration {
+    beamId: BeamIdString;
+    displayName: string;
+    capabilities: string[];
+    publicKey: string;
+    org?: string;
+}
+export interface AgentRecord extends AgentRegistration {
+    did?: string;
+    trustScore: number;
+    verified: boolean;
+    createdAt: string;
+    lastSeen: string;
+}
+export interface AgentProfile extends AgentRecord {
+    description?: string;
+    logoUrl?: string;
+    website?: string;
+    verificationTier?: VerificationTier;
+    verificationStatus?: 'pending' | 'verified' | 'failed' | 'unverified';
+    domain?: string;
+    intentsHandled?: number;
+}
+export interface BrowseFilters {
+    capability?: string;
+    tier?: VerificationTier;
+    verified_only?: boolean;
+}
+export interface BrowseResult {
+    page: number;
+    pageSize: number;
+    total: number;
+    agents: AgentProfile[];
+}
+export interface DirectoryStats {
+    totalAgents: number;
+    verifiedAgents: number;
+    intentsProcessed: number;
+    consumerAgents?: number;
+    uptime?: number;
+    waitlistSize?: number;
+    version?: string;
+}
+export interface Delegation {
+    id?: string;
+    sourceBeamId: BeamIdString;
+    targetBeamId: BeamIdString;
+    scope: string;
+    expiresAt?: string;
+    createdAt?: string;
+    status?: string;
+}
+export interface Report {
+    id?: string;
+    reporterBeamId: BeamIdString;
+    targetBeamId: BeamIdString;
+    reason: string;
+    createdAt?: string;
+    status?: string;
+}
+export interface DomainVerification {
+    domain: string;
+    verified: boolean;
+    status?: string;
+    tier?: VerificationTier;
+    txtName?: string;
+    txtValue?: string;
+    expected?: string;
+    records?: string[];
+    checkedAt?: string;
+}
+export interface KeyRotationResult {
+    beamId: BeamIdString;
+    publicKey: string;
+    rotatedAt?: string;
+    previousKey?: string;
+}
+export interface DirectoryConfig {
+    baseUrl: string;
+    apiKey?: string;
+}
+export interface BeamClientConfig {
+    identity: BeamIdentityData;
+    directoryUrl: string;
+}
+export interface AgentSearchQuery {
+    org?: string;
+    capabilities?: string[];
+    minTrustScore?: number;
+    limit?: number;
+}
+//# sourceMappingURL=types.d.ts.map