tether-name 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Commit 451
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,210 @@
+# tether-name
+
+Official Node.js SDK for [tether.name](https://tether.name) — cryptographic identity verification for AI agents. Tether lets AI agents prove their identity using RSA-2048 signatures, enabling trusted agent-to-agent communication.
+
+## Installation
+
+```bash
+npm install tether-name
+```
+
+Requires Node.js 18+ (uses native `fetch` and `crypto` modules).
+
+## Quick Start
+
+```typescript
+import { TetherClient } from 'tether-name';
+
+const client = new TetherClient({
+  credentialId: 'rgUOzbqar8z0Ag9RZH5I',
+  privateKeyPath: '/path/to/your/private-key.der'
+});
+
+// One-call verification
+const result = await client.verify();
+console.log(result.verified);    // true
+console.log(result.agentName);   // "Jawnnybot"
+console.log(result.verifyUrl);   // "https://tether.name/check?challenge=..."
+```
+
+## Step-by-Step Usage
+
+For more control over the verification process:
+
+```typescript
+import { TetherClient } from 'tether-name';
+
+const client = new TetherClient({
+  credentialId: 'rgUOzbqar8z0Ag9RZH5I',
+  privateKeyPem: `-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA...
+-----END RSA PRIVATE KEY-----`
+});
+
+try {
+  // 1. Request a challenge from Tether
+  const challenge = await client.requestChallenge();
+  
+  // 2. Sign the challenge with your private key
+  const proof = client.sign(challenge);
+  
+  // 3. Submit the proof for verification
+  const result = await client.submitProof(challenge, proof);
+  
+  if (result.verified) {
+    console.log(`✅ Verified as ${result.agentName}`);
+    console.log(`📝 Public verification: ${result.verifyUrl}`);
+  } else {
+    console.log(`❌ Verification failed: ${result.error}`);
+  }
+} catch (error) {
+  console.error('Verification error:', error.message);
+}
+```
+
+## Configuration Options
+
+### Constructor Options
+
+```typescript
+interface TetherClientConfig {
+  // Credential ID (required)
+  credentialId?: string;           // Or use TETHER_CREDENTIAL_ID env var
+  
+  // Private key (choose one)
+  privateKeyPath?: string;         // Path to DER or PEM file
+  privateKeyPem?: string;          // PEM string directly
+  privateKeyBuffer?: Buffer;       // DER buffer directly
+  
+  // Optional
+  baseUrl?: string;               // API base URL (defaults to https://api.tether.name)
+}
+```
+
+### Key Format Support
+
+The SDK supports both DER and PEM private key formats:
+
+```typescript
+// From file path (auto-detects format)
+const client1 = new TetherClient({
+  credentialId: 'your-id',
+  privateKeyPath: '/path/to/key.der'    // or .pem
+});
+
+// From PEM string
+const client2 = new TetherClient({
+  credentialId: 'your-id',
+  privateKeyPem: '-----BEGIN RSA PRIVATE KEY-----\n...'
+});
+
+// From DER buffer
+const derBuffer = fs.readFileSync('/path/to/key.der');
+const client3 = new TetherClient({
+  credentialId: 'your-id',
+  privateKeyBuffer: derBuffer
+});
+```
+
+## Environment Variables
+
+Set these environment variables to avoid hardcoding credentials:
+
+```bash
+export TETHER_CREDENTIAL_ID="your-credential-id"
+export TETHER_PRIVATE_KEY_PATH="/path/to/your/private-key.der"
+```
+
+Then initialize without parameters:
+
+```typescript
+const client = new TetherClient({});  // Uses env vars
+```
+
+## API Reference
+
+### `TetherClient`
+
+#### `constructor(config: TetherClientConfig)`
+
+Creates a new Tether client instance.
+
+#### `async verify(): Promise<VerificationResult>`
+
+Performs complete verification in one call. Requests challenge, signs it, and submits proof.
+
+**Throws:** `TetherVerificationError` if verification fails.
+
+#### `async requestChallenge(): Promise<string>`
+
+Requests a new challenge from the Tether API.
+
+**Returns:** Challenge string to be signed.
+
+#### `sign(challenge: string): string`
+
+Signs a challenge using the configured private key.
+
+**Returns:** URL-safe base64 signature (no padding).
+
+#### `async submitProof(challenge: string, proof: string): Promise<VerificationResult>`
+
+Submits signed proof to verify the challenge.
+
+### Types
+
+```typescript
+interface VerificationResult {
+  verified: boolean;           // Whether verification succeeded
+  agentName?: string;          // Registered agent name
+  verifyUrl?: string;          // Public verification URL
+  email?: string;              // Registered email
+  registeredSince?: string;    // ISO date of registration
+  error?: string;              // Error message if failed
+  challenge?: string;          // The verified challenge
+}
+```
+
+### Errors
+
+- `TetherError` - Base error class
+- `TetherVerificationError` - Verification failed
+- `TetherAPIError` - API request failed
+
+## Getting Your Credentials
+
+1. Visit [tether.name](https://tether.name)
+2. Register your agent and get a credential ID
+3. Generate an RSA-2048 private key:
+
+```bash
+# Generate private key
+openssl genrsa -out private-key.pem 2048
+
+# Convert to DER format (optional)
+openssl rsa -in private-key.pem -outform DER -out private-key.der
+```
+
+## Requirements
+
+- Node.js 18+ (uses native `fetch`)
+- RSA-2048 private key
+- Zero runtime dependencies (uses only Node.js built-ins)
+
+## Security Notes
+
+- Keep your private key secure and never commit it to version control
+- Use environment variables or secure key management
+- The SDK uses SHA256withRSA signatures with URL-safe base64 encoding
+- All verification happens server-side at tether.name
+
+## License
+
+MIT License - see [LICENSE](LICENSE) file for details.
+
+## Links
+
+- 🌐 [Tether Website](https://tether.name)
+- 📘 [Documentation](https://tether.name/docs)
+- 🐛 [Issues](https://github.com/Commit451/tether-name-node/issues)
+- 📦 [npm Package](https://www.npmjs.com/package/tether-name)

package/dist/index.d.mts

@@ -0,0 +1,133 @@
+import { KeyObject } from 'crypto';
+
+/**
+ * Configuration options for TetherClient
+ */
+interface TetherClientConfig {
+    /** The credential ID for the agent */
+    credentialId?: string;
+    /** Path to the private key file (DER or PEM format) */
+    privateKeyPath?: string;
+    /** Private key as a string (PEM format) */
+    privateKeyPem?: string;
+    /** Private key as a Buffer (DER format) */
+    privateKeyBuffer?: Buffer;
+    /** Base URL for the Tether API (defaults to https://api.tether.name) */
+    baseUrl?: string;
+}
+/**
+ * Response from the challenge request endpoint
+ */
+interface ChallengeResponse {
+    code: string;
+}
+/**
+ * Request payload for challenge verification
+ */
+interface VerificationRequest {
+    challenge: string;
+    proof: string;
+    credentialId: string;
+}
+/**
+ * Response from the challenge verification endpoint
+ */
+interface VerificationResponse {
+    valid: boolean;
+    verifyUrl?: string;
+    agentName?: string;
+    email?: string;
+    registeredSince?: string;
+    error?: string;
+}
+/**
+ * Result of a tether verification attempt
+ */
+interface VerificationResult {
+    /** Whether the verification was successful */
+    verified: boolean;
+    /** The agent's registered name */
+    agentName?: string;
+    /** Public verification URL */
+    verifyUrl?: string;
+    /** The agent's registered email */
+    email?: string;
+    /** ISO date string of when the agent was registered */
+    registeredSince?: string;
+    /** Error message if verification failed */
+    error?: string;
+    /** The challenge that was verified */
+    challenge?: string;
+}
+/**
+ * Supported private key formats
+ */
+type KeyFormat = 'pem' | 'der';
+
+/**
+ * TetherClient - Official SDK for tether.name agent identity verification
+ */
+declare class TetherClient {
+    private readonly credentialId;
+    private readonly privateKey;
+    private readonly baseUrl;
+    constructor(config: TetherClientConfig);
+    /**
+     * Request a challenge from the Tether API
+     */
+    requestChallenge(): Promise<string>;
+    /**
+     * Sign a challenge string
+     */
+    sign(challenge: string): string;
+    /**
+     * Submit proof for a challenge
+     */
+    submitProof(challenge: string, proof: string): Promise<VerificationResult>;
+    /**
+     * Perform complete verification in one call
+     */
+    verify(): Promise<VerificationResult>;
+}
+
+/**
+ * Base error class for all Tether-related errors
+ */
+declare class TetherError extends Error {
+    readonly cause?: Error | undefined;
+    constructor(message: string, cause?: Error | undefined);
+}
+/**
+ * Error thrown when verification fails
+ */
+declare class TetherVerificationError extends TetherError {
+    constructor(message: string, cause?: Error);
+}
+/**
+ * Error thrown when API requests fail
+ */
+declare class TetherAPIError extends TetherError {
+    readonly status?: number | undefined;
+    readonly response?: string | undefined;
+    constructor(message: string, status?: number | undefined, response?: string | undefined, cause?: Error);
+}
+
+/**
+ * Loads a private key from various sources
+ */
+declare function loadPrivateKey(options: {
+    keyPath?: string;
+    keyPem?: string;
+    keyBuffer?: Buffer;
+}): KeyObject;
+/**
+ * Signs a challenge string using RSA-SHA256
+ * Returns URL-safe base64 encoded signature (no padding)
+ */
+declare function signChallenge(privateKey: KeyObject, challenge: string): string;
+/**
+ * Utility function to detect key format from file extension or content
+ */
+declare function detectKeyFormat(keyPath: string): KeyFormat;
+
+export { type ChallengeResponse, type KeyFormat, TetherAPIError, TetherClient, type TetherClientConfig, TetherError, TetherVerificationError, type VerificationRequest, type VerificationResponse, type VerificationResult, detectKeyFormat, loadPrivateKey, signChallenge };

package/dist/index.d.ts

@@ -0,0 +1,133 @@
+import { KeyObject } from 'crypto';
+
+/**
+ * Configuration options for TetherClient
+ */
+interface TetherClientConfig {
+    /** The credential ID for the agent */
+    credentialId?: string;
+    /** Path to the private key file (DER or PEM format) */
+    privateKeyPath?: string;
+    /** Private key as a string (PEM format) */
+    privateKeyPem?: string;
+    /** Private key as a Buffer (DER format) */
+    privateKeyBuffer?: Buffer;
+    /** Base URL for the Tether API (defaults to https://api.tether.name) */
+    baseUrl?: string;
+}
+/**
+ * Response from the challenge request endpoint
+ */
+interface ChallengeResponse {
+    code: string;
+}
+/**
+ * Request payload for challenge verification
+ */
+interface VerificationRequest {
+    challenge: string;
+    proof: string;
+    credentialId: string;
+}
+/**
+ * Response from the challenge verification endpoint
+ */
+interface VerificationResponse {
+    valid: boolean;
+    verifyUrl?: string;
+    agentName?: string;
+    email?: string;
+    registeredSince?: string;
+    error?: string;
+}
+/**
+ * Result of a tether verification attempt
+ */
+interface VerificationResult {
+    /** Whether the verification was successful */
+    verified: boolean;
+    /** The agent's registered name */
+    agentName?: string;
+    /** Public verification URL */
+    verifyUrl?: string;
+    /** The agent's registered email */
+    email?: string;
+    /** ISO date string of when the agent was registered */
+    registeredSince?: string;
+    /** Error message if verification failed */
+    error?: string;
+    /** The challenge that was verified */
+    challenge?: string;
+}
+/**
+ * Supported private key formats
+ */
+type KeyFormat = 'pem' | 'der';
+
+/**
+ * TetherClient - Official SDK for tether.name agent identity verification
+ */
+declare class TetherClient {
+    private readonly credentialId;
+    private readonly privateKey;
+    private readonly baseUrl;
+    constructor(config: TetherClientConfig);
+    /**
+     * Request a challenge from the Tether API
+     */
+    requestChallenge(): Promise<string>;
+    /**
+     * Sign a challenge string
+     */
+    sign(challenge: string): string;
+    /**
+     * Submit proof for a challenge
+     */
+    submitProof(challenge: string, proof: string): Promise<VerificationResult>;
+    /**
+     * Perform complete verification in one call
+     */
+    verify(): Promise<VerificationResult>;
+}
+
+/**
+ * Base error class for all Tether-related errors
+ */
+declare class TetherError extends Error {
+    readonly cause?: Error | undefined;
+    constructor(message: string, cause?: Error | undefined);
+}
+/**
+ * Error thrown when verification fails
+ */
+declare class TetherVerificationError extends TetherError {
+    constructor(message: string, cause?: Error);
+}
+/**
+ * Error thrown when API requests fail
+ */
+declare class TetherAPIError extends TetherError {
+    readonly status?: number | undefined;
+    readonly response?: string | undefined;
+    constructor(message: string, status?: number | undefined, response?: string | undefined, cause?: Error);
+}
+
+/**
+ * Loads a private key from various sources
+ */
+declare function loadPrivateKey(options: {
+    keyPath?: string;
+    keyPem?: string;
+    keyBuffer?: Buffer;
+}): KeyObject;
+/**
+ * Signs a challenge string using RSA-SHA256
+ * Returns URL-safe base64 encoded signature (no padding)
+ */
+declare function signChallenge(privateKey: KeyObject, challenge: string): string;
+/**
+ * Utility function to detect key format from file extension or content
+ */
+declare function detectKeyFormat(keyPath: string): KeyFormat;
+
+export { type ChallengeResponse, type KeyFormat, TetherAPIError, TetherClient, type TetherClientConfig, TetherError, TetherVerificationError, type VerificationRequest, type VerificationResponse, type VerificationResult, detectKeyFormat, loadPrivateKey, signChallenge };

package/dist/index.js

@@ -0,0 +1,271 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  TetherAPIError: () => TetherAPIError,
+  TetherClient: () => TetherClient,
+  TetherError: () => TetherError,
+  TetherVerificationError: () => TetherVerificationError,
+  detectKeyFormat: () => detectKeyFormat,
+  loadPrivateKey: () => loadPrivateKey,
+  signChallenge: () => signChallenge
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/errors.ts
+var TetherError = class _TetherError extends Error {
+  constructor(message, cause) {
+    super(message);
+    this.cause = cause;
+    this.name = "TetherError";
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, _TetherError);
+    }
+  }
+};
+var TetherVerificationError = class extends TetherError {
+  constructor(message, cause) {
+    super(message, cause);
+    this.name = "TetherVerificationError";
+  }
+};
+var TetherAPIError = class extends TetherError {
+  constructor(message, status, response, cause) {
+    super(message, cause);
+    this.status = status;
+    this.response = response;
+    this.name = "TetherAPIError";
+  }
+};
+
+// src/crypto.ts
+var import_crypto = require("crypto");
+var import_fs = require("fs");
+function loadPrivateKey(options) {
+  const { keyPath, keyPem, keyBuffer } = options;
+  try {
+    if (keyPem) {
+      return (0, import_crypto.createPrivateKey)(keyPem);
+    }
+    if (keyBuffer) {
+      return (0, import_crypto.createPrivateKey)({
+        key: keyBuffer,
+        format: "der",
+        type: "pkcs1"
+      });
+    }
+    if (keyPath) {
+      const keyData = (0, import_fs.readFileSync)(keyPath);
+      if (keyPath.endsWith(".pem") || keyData.toString().includes("-----BEGIN")) {
+        return (0, import_crypto.createPrivateKey)(keyData);
+      } else {
+        return (0, import_crypto.createPrivateKey)({
+          key: keyData,
+          format: "der",
+          type: "pkcs1"
+        });
+      }
+    }
+    throw new TetherError("No private key provided");
+  } catch (error) {
+    if (error instanceof TetherError) {
+      throw error;
+    }
+    throw new TetherError(
+      `Failed to load private key: ${error instanceof Error ? error.message : String(error)}`,
+      error instanceof Error ? error : void 0
+    );
+  }
+}
+function signChallenge(privateKey, challenge) {
+  try {
+    const sign = (0, import_crypto.createSign)("SHA256");
+    sign.update(challenge);
+    sign.end();
+    const signature = sign.sign(privateKey);
+    return signature.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+  } catch (error) {
+    throw new TetherError(
+      `Failed to sign challenge: ${error instanceof Error ? error.message : String(error)}`,
+      error instanceof Error ? error : void 0
+    );
+  }
+}
+function detectKeyFormat(keyPath) {
+  if (keyPath.endsWith(".pem")) {
+    return "pem";
+  }
+  if (keyPath.endsWith(".der")) {
+    return "der";
+  }
+  try {
+    const keyData = (0, import_fs.readFileSync)(keyPath, { encoding: "utf8", flag: "r" });
+    if (keyData.includes("-----BEGIN")) {
+      return "pem";
+    }
+  } catch {
+  }
+  return "der";
+}
+
+// src/client.ts
+var TetherClient = class {
+  credentialId;
+  privateKey;
+  baseUrl;
+  constructor(config) {
+    this.credentialId = config.credentialId || process.env.TETHER_CREDENTIAL_ID || "";
+    if (!this.credentialId) {
+      throw new TetherError("Credential ID is required. Provide it in config or set TETHER_CREDENTIAL_ID environment variable.");
+    }
+    const keyPath = config.privateKeyPath || process.env.TETHER_PRIVATE_KEY_PATH;
+    this.privateKey = loadPrivateKey({
+      keyPath,
+      keyPem: config.privateKeyPem,
+      keyBuffer: config.privateKeyBuffer
+    });
+    this.baseUrl = config.baseUrl || "https://api.tether.name";
+  }
+  /**
+   * Request a challenge from the Tether API
+   */
+  async requestChallenge() {
+    try {
+      const response = await fetch(`${this.baseUrl}/challenge`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        }
+      });
+      if (!response.ok) {
+        const errorText = await response.text().catch(() => "Unknown error");
+        throw new TetherAPIError(
+          `Challenge request failed: ${response.status} ${response.statusText}`,
+          response.status,
+          errorText
+        );
+      }
+      const data = await response.json();
+      if (!data.code) {
+        throw new TetherAPIError("Invalid challenge response: missing code");
+      }
+      return data.code;
+    } catch (error) {
+      if (error instanceof TetherError) {
+        throw error;
+      }
+      throw new TetherAPIError(
+        `Failed to request challenge: ${error instanceof Error ? error.message : String(error)}`,
+        void 0,
+        void 0,
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+  /**
+   * Sign a challenge string
+   */
+  sign(challenge) {
+    return signChallenge(this.privateKey, challenge);
+  }
+  /**
+   * Submit proof for a challenge
+   */
+  async submitProof(challenge, proof) {
+    try {
+      const payload = {
+        challenge,
+        proof,
+        credentialId: this.credentialId
+      };
+      const response = await fetch(`${this.baseUrl}/challenge/verify`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify(payload)
+      });
+      if (!response.ok) {
+        const errorText = await response.text().catch(() => "Unknown error");
+        throw new TetherAPIError(
+          `Verification failed: ${response.status} ${response.statusText}`,
+          response.status,
+          errorText
+        );
+      }
+      const data = await response.json();
+      return {
+        verified: data.valid,
+        agentName: data.agentName,
+        verifyUrl: data.verifyUrl,
+        email: data.email,
+        registeredSince: data.registeredSince,
+        error: data.error,
+        challenge
+      };
+    } catch (error) {
+      if (error instanceof TetherError) {
+        throw error;
+      }
+      throw new TetherAPIError(
+        `Failed to submit proof: ${error instanceof Error ? error.message : String(error)}`,
+        void 0,
+        void 0,
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+  /**
+   * Perform complete verification in one call
+   */
+  async verify() {
+    try {
+      const challenge = await this.requestChallenge();
+      const proof = this.sign(challenge);
+      const result = await this.submitProof(challenge, proof);
+      if (!result.verified) {
+        throw new TetherVerificationError(
+          result.error || "Verification failed for unknown reason"
+        );
+      }
+      return result;
+    } catch (error) {
+      if (error instanceof TetherError) {
+        throw error;
+      }
+      throw new TetherVerificationError(
+        `Verification failed: ${error instanceof Error ? error.message : String(error)}`,
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  TetherAPIError,
+  TetherClient,
+  TetherError,
+  TetherVerificationError,
+  detectKeyFormat,
+  loadPrivateKey,
+  signChallenge
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/crypto.ts","../src/client.ts"],"sourcesContent":["/**\n * Tether Name SDK - Official Node.js library for tether.name agent identity verification\n * \n * @example\n * ```typescript\n * import { TetherClient } from 'tether-name';\n * \n * const client = new TetherClient({\n *   credentialId: 'your-credential-id',\n *   privateKeyPath: '/path/to/key.der'\n * });\n * \n * const result = await client.verify();\n * console.log(result.verified, result.agentName);\n * ```\n */\n\n// Main exports\nexport { TetherClient } from './client.js';\n\n// Types\nexport type {\n  TetherClientConfig,\n  ChallengeResponse,\n  VerificationRequest,\n  VerificationResponse,\n  VerificationResult,\n  KeyFormat\n} from './types.js';\n\n// Errors\nexport {\n  TetherError,\n  TetherAPIError,\n  TetherVerificationError\n} from './errors.js';\n\n// Crypto utilities (for advanced use cases)\nexport {\n  loadPrivateKey,\n  signChallenge,\n  detectKeyFormat\n} from './crypto.js';","/**\n * Base error class for all Tether-related errors\n */\nexport class TetherError extends Error {\n  constructor(message: string, public readonly cause?: Error) {\n    super(message);\n    this.name = 'TetherError';\n    \n    // Maintain proper stack trace for where our error was thrown (only available on V8)\n    if (Error.captureStackTrace) {\n      Error.captureStackTrace(this, TetherError);\n    }\n  }\n}\n\n/**\n * Error thrown when verification fails\n */\nexport class TetherVerificationError extends TetherError {\n  constructor(message: string, cause?: Error) {\n    super(message, cause);\n    this.name = 'TetherVerificationError';\n  }\n}\n\n/**\n * Error thrown when API requests fail\n */\nexport class TetherAPIError extends TetherError {\n  constructor(\n    message: string,\n    public readonly status?: number,\n    public readonly response?: string,\n    cause?: Error\n  ) {\n    super(message, cause);\n    this.name = 'TetherAPIError';\n  }\n}","import { createSign, createPrivateKey, KeyObject } from 'crypto';\nimport { readFileSync } from 'fs';\nimport { TetherError } from './errors.js';\nimport type { KeyFormat } from './types.js';\n\n/**\n * Loads a private key from various sources\n */\nexport function loadPrivateKey(options: {\n  keyPath?: string;\n  keyPem?: string;\n  keyBuffer?: Buffer;\n}): KeyObject {\n  const { keyPath, keyPem, keyBuffer } = options;\n\n  try {\n    if (keyPem) {\n      // PEM string provided directly\n      return createPrivateKey(keyPem);\n    }\n    \n    if (keyBuffer) {\n      // DER buffer provided directly\n      return createPrivateKey({\n        key: keyBuffer,\n        format: 'der',\n        type: 'pkcs1'\n      });\n    }\n    \n    if (keyPath) {\n      // Read from file - detect format by extension or content\n      const keyData = readFileSync(keyPath);\n      \n      // Try to detect format\n      if (keyPath.endsWith('.pem') || keyData.toString().includes('-----BEGIN')) {\n        // PEM format\n        return createPrivateKey(keyData);\n      } else {\n        // Assume DER format\n        return createPrivateKey({\n          key: keyData,\n          format: 'der',\n          type: 'pkcs1'\n        });\n      }\n    }\n    \n    throw new TetherError('No private key provided');\n  } catch (error) {\n    if (error instanceof TetherError) {\n      throw error;\n    }\n    throw new TetherError(\n      `Failed to load private key: ${error instanceof Error ? error.message : String(error)}`,\n      error instanceof Error ? error : undefined\n    );\n  }\n}\n\n/**\n * Signs a challenge string using RSA-SHA256\n * Returns URL-safe base64 encoded signature (no padding)\n */\nexport function signChallenge(privateKey: KeyObject, challenge: string): string {\n  try {\n    const sign = createSign('SHA256');\n    sign.update(challenge);\n    sign.end();\n    \n    const signature = sign.sign(privateKey);\n    \n    // Convert to URL-safe base64 without padding\n    return signature\n      .toString('base64')\n      .replace(/\\+/g, '-')\n      .replace(/\\//g, '_')\n      .replace(/=/g, '');\n  } catch (error) {\n    throw new TetherError(\n      `Failed to sign challenge: ${error instanceof Error ? error.message : String(error)}`,\n      error instanceof Error ? error : undefined\n    );\n  }\n}\n\n/**\n * Utility function to detect key format from file extension or content\n */\nexport function detectKeyFormat(keyPath: string): KeyFormat {\n  if (keyPath.endsWith('.pem')) {\n    return 'pem';\n  }\n  if (keyPath.endsWith('.der')) {\n    return 'der';\n  }\n  \n  // Try to read a small portion to detect format\n  try {\n    const keyData = readFileSync(keyPath, { encoding: 'utf8', flag: 'r' });\n    if (keyData.includes('-----BEGIN')) {\n      return 'pem';\n    }\n  } catch {\n    // If we can't read as text, it's probably DER\n  }\n  \n  return 'der';\n}","import { KeyObject } from 'crypto';\nimport { TetherError, TetherAPIError, TetherVerificationError } from './errors.js';\nimport { loadPrivateKey, signChallenge } from './crypto.js';\nimport type {\n  TetherClientConfig,\n  ChallengeResponse,\n  VerificationRequest,\n  VerificationResponse,\n  VerificationResult\n} from './types.js';\n\n/**\n * TetherClient - Official SDK for tether.name agent identity verification\n */\nexport class TetherClient {\n  private readonly credentialId: string;\n  private readonly privateKey: KeyObject;\n  private readonly baseUrl: string;\n\n  constructor(config: TetherClientConfig) {\n    // Get credential ID from config or environment\n    this.credentialId = config.credentialId || process.env.TETHER_CREDENTIAL_ID || '';\n    if (!this.credentialId) {\n      throw new TetherError('Credential ID is required. Provide it in config or set TETHER_CREDENTIAL_ID environment variable.');\n    }\n\n    // Load private key\n    const keyPath = config.privateKeyPath || process.env.TETHER_PRIVATE_KEY_PATH;\n    this.privateKey = loadPrivateKey({\n      keyPath,\n      keyPem: config.privateKeyPem,\n      keyBuffer: config.privateKeyBuffer\n    });\n\n    // Set base URL\n    this.baseUrl = config.baseUrl || 'https://api.tether.name';\n  }\n\n  /**\n   * Request a challenge from the Tether API\n   */\n  async requestChallenge(): Promise<string> {\n    try {\n      const response = await fetch(`${this.baseUrl}/challenge`, {\n        method: 'POST',\n        headers: {\n          'Content-Type': 'application/json'\n        }\n      });\n\n      if (!response.ok) {\n        const errorText = await response.text().catch(() => 'Unknown error');\n        throw new TetherAPIError(\n          `Challenge request failed: ${response.status} ${response.statusText}`,\n          response.status,\n          errorText\n        );\n      }\n\n      const data = await response.json() as ChallengeResponse;\n      \n      if (!data.code) {\n        throw new TetherAPIError('Invalid challenge response: missing code');\n      }\n\n      return data.code;\n    } catch (error) {\n      if (error instanceof TetherError) {\n        throw error;\n      }\n      throw new TetherAPIError(\n        `Failed to request challenge: ${error instanceof Error ? error.message : String(error)}`,\n        undefined,\n        undefined,\n        error instanceof Error ? error : undefined\n      );\n    }\n  }\n\n  /**\n   * Sign a challenge string\n   */\n  sign(challenge: string): string {\n    return signChallenge(this.privateKey, challenge);\n  }\n\n  /**\n   * Submit proof for a challenge\n   */\n  async submitProof(challenge: string, proof: string): Promise<VerificationResult> {\n    try {\n      const payload: VerificationRequest = {\n        challenge,\n        proof,\n        credentialId: this.credentialId\n      };\n\n      const response = await fetch(`${this.baseUrl}/challenge/verify`, {\n        method: 'POST',\n        headers: {\n          'Content-Type': 'application/json'\n        },\n        body: JSON.stringify(payload)\n      });\n\n      if (!response.ok) {\n        const errorText = await response.text().catch(() => 'Unknown error');\n        throw new TetherAPIError(\n          `Verification failed: ${response.status} ${response.statusText}`,\n          response.status,\n          errorText\n        );\n      }\n\n      const data = await response.json() as VerificationResponse;\n\n      // Convert API response to our result format\n      return {\n        verified: data.valid,\n        agentName: data.agentName,\n        verifyUrl: data.verifyUrl,\n        email: data.email,\n        registeredSince: data.registeredSince,\n        error: data.error,\n        challenge\n      };\n    } catch (error) {\n      if (error instanceof TetherError) {\n        throw error;\n      }\n      throw new TetherAPIError(\n        `Failed to submit proof: ${error instanceof Error ? error.message : String(error)}`,\n        undefined,\n        undefined,\n        error instanceof Error ? error : undefined\n      );\n    }\n  }\n\n  /**\n   * Perform complete verification in one call\n   */\n  async verify(): Promise<VerificationResult> {\n    try {\n      const challenge = await this.requestChallenge();\n      const proof = this.sign(challenge);\n      const result = await this.submitProof(challenge, proof);\n\n      if (!result.verified) {\n        throw new TetherVerificationError(\n          result.error || 'Verification failed for unknown reason'\n        );\n      }\n\n      return result;\n    } catch (error) {\n      if (error instanceof TetherError) {\n        throw error;\n      }\n      throw new TetherVerificationError(\n        `Verification failed: ${error instanceof Error ? error.message : String(error)}`,\n        error instanceof Error ? error : undefined\n      );\n    }\n  }\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACGO,IAAM,cAAN,MAAM,qBAAoB,MAAM;AAAA,EACrC,YAAY,SAAiC,OAAe;AAC1D,UAAM,OAAO;AAD8B;AAE3C,SAAK,OAAO;AAGZ,QAAI,MAAM,mBAAmB;AAC3B,YAAM,kBAAkB,MAAM,YAAW;AAAA,IAC3C;AAAA,EACF;AACF;AAKO,IAAM,0BAAN,cAAsC,YAAY;AAAA,EACvD,YAAY,SAAiB,OAAe;AAC1C,UAAM,SAAS,KAAK;AACpB,SAAK,OAAO;AAAA,EACd;AACF;AAKO,IAAM,iBAAN,cAA6B,YAAY;AAAA,EAC9C,YACE,SACgB,QACA,UAChB,OACA;AACA,UAAM,SAAS,KAAK;AAJJ;AACA;AAIhB,SAAK,OAAO;AAAA,EACd;AACF;;;ACtCA,oBAAwD;AACxD,gBAA6B;AAOtB,SAAS,eAAe,SAIjB;AACZ,QAAM,EAAE,SAAS,QAAQ,UAAU,IAAI;AAEvC,MAAI;AACF,QAAI,QAAQ;AAEV,iBAAO,gCAAiB,MAAM;AAAA,IAChC;AAEA,QAAI,WAAW;AAEb,iBAAO,gCAAiB;AAAA,QACtB,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAEA,QAAI,SAAS;AAEX,YAAM,cAAU,wBAAa,OAAO;AAGpC,UAAI,QAAQ,SAAS,MAAM,KAAK,QAAQ,SAAS,EAAE,SAAS,YAAY,GAAG;AAEzE,mBAAO,gCAAiB,OAAO;AAAA,MACjC,OAAO;AAEL,mBAAO,gCAAiB;AAAA,UACtB,KAAK;AAAA,UACL,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,IACF;AAEA,UAAM,IAAI,YAAY,yBAAyB;AAAA,EACjD,SAAS,OAAO;AACd,QAAI,iBAAiB,aAAa;AAChC,YAAM;AAAA,IACR;AACA,UAAM,IAAI;AAAA,MACR,+BAA+B,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,MACrF,iBAAiB,QAAQ,QAAQ;AAAA,IACnC;AAAA,EACF;AACF;AAMO,SAAS,cAAc,YAAuB,WAA2B;AAC9E,MAAI;AACF,UAAM,WAAO,0BAAW,QAAQ;AAChC,SAAK,OAAO,SAAS;AACrB,SAAK,IAAI;AAET,UAAM,YAAY,KAAK,KAAK,UAAU;AAGtC,WAAO,UACJ,SAAS,QAAQ,EACjB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,MAAM,EAAE;AAAA,EACrB,SAAS,OAAO;AACd,UAAM,IAAI;AAAA,MACR,6BAA6B,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,MACnF,iBAAiB,QAAQ,QAAQ;AAAA,IACnC;AAAA,EACF;AACF;AAKO,SAAS,gBAAgB,SAA4B;AAC1D,MAAI,QAAQ,SAAS,MAAM,GAAG;AAC5B,WAAO;AAAA,EACT;AACA,MAAI,QAAQ,SAAS,MAAM,GAAG;AAC5B,WAAO;AAAA,EACT;AAGA,MAAI;AACF,UAAM,cAAU,wBAAa,SAAS,EAAE,UAAU,QAAQ,MAAM,IAAI,CAAC;AACrE,QAAI,QAAQ,SAAS,YAAY,GAAG;AAClC,aAAO;AAAA,IACT;AAAA,EACF,QAAQ;AAAA,EAER;AAEA,SAAO;AACT;;;AC9FO,IAAM,eAAN,MAAmB;AAAA,EACP;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,QAA4B;AAEtC,SAAK,eAAe,OAAO,gBAAgB,QAAQ,IAAI,wBAAwB;AAC/E,QAAI,CAAC,KAAK,cAAc;AACtB,YAAM,IAAI,YAAY,mGAAmG;AAAA,IAC3H;AAGA,UAAM,UAAU,OAAO,kBAAkB,QAAQ,IAAI;AACrD,SAAK,aAAa,eAAe;AAAA,MAC/B;AAAA,MACA,QAAQ,OAAO;AAAA,MACf,WAAW,OAAO;AAAA,IACpB,CAAC;AAGD,SAAK,UAAU,OAAO,WAAW;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAoC;AACxC,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,GAAG,KAAK,OAAO,cAAc;AAAA,QACxD,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,MACF,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,YAAY,MAAM,SAAS,KAAK,EAAE,MAAM,MAAM,eAAe;AACnE,cAAM,IAAI;AAAA,UACR,6BAA6B,SAAS,MAAM,IAAI,SAAS,UAAU;AAAA,UACnE,SAAS;AAAA,UACT;AAAA,QACF;AAAA,MACF;AAEA,YAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,UAAI,CAAC,KAAK,MAAM;AACd,cAAM,IAAI,eAAe,0CAA0C;AAAA,MACrE;AAEA,aAAO,KAAK;AAAA,IACd,SAAS,OAAO;AACd,UAAI,iBAAiB,aAAa;AAChC,cAAM;AAAA,MACR;AACA,YAAM,IAAI;AAAA,QACR,gCAAgC,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,QACtF;AAAA,QACA;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,KAAK,WAA2B;AAC9B,WAAO,cAAc,KAAK,YAAY,SAAS;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAY,WAAmB,OAA4C;AAC/E,QAAI;AACF,YAAM,UAA+B;AAAA,QACnC;AAAA,QACA;AAAA,QACA,cAAc,KAAK;AAAA,MACrB;AAEA,YAAM,WAAW,MAAM,MAAM,GAAG,KAAK,OAAO,qBAAqB;AAAA,QAC/D,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA,MAAM,KAAK,UAAU,OAAO;AAAA,MAC9B,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,YAAY,MAAM,SAAS,KAAK,EAAE,MAAM,MAAM,eAAe;AACnE,cAAM,IAAI;AAAA,UACR,wBAAwB,SAAS,MAAM,IAAI,SAAS,UAAU;AAAA,UAC9D,SAAS;AAAA,UACT;AAAA,QACF;AAAA,MACF;AAEA,YAAM,OAAO,MAAM,SAAS,KAAK;AAGjC,aAAO;AAAA,QACL,UAAU,KAAK;AAAA,QACf,WAAW,KAAK;AAAA,QAChB,WAAW,KAAK;AAAA,QAChB,OAAO,KAAK;AAAA,QACZ,iBAAiB,KAAK;AAAA,QACtB,OAAO,KAAK;AAAA,QACZ;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,aAAa;AAChC,cAAM;AAAA,MACR;AACA,YAAM,IAAI;AAAA,QACR,2BAA2B,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,QACjF;AAAA,QACA;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAsC;AAC1C,QAAI;AACF,YAAM,YAAY,MAAM,KAAK,iBAAiB;AAC9C,YAAM,QAAQ,KAAK,KAAK,SAAS;AACjC,YAAM,SAAS,MAAM,KAAK,YAAY,WAAW,KAAK;AAEtD,UAAI,CAAC,OAAO,UAAU;AACpB,cAAM,IAAI;AAAA,UACR,OAAO,SAAS;AAAA,QAClB;AAAA,MACF;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,aAAa;AAChC,cAAM;AAAA,MACR;AACA,YAAM,IAAI;AAAA,QACR,wBAAwB,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,QAC9E,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AACF;","names":[]}

package/dist/index.mjs

@@ -0,0 +1,238 @@
+// src/errors.ts
+var TetherError = class _TetherError extends Error {
+  constructor(message, cause) {
+    super(message);
+    this.cause = cause;
+    this.name = "TetherError";
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, _TetherError);
+    }
+  }
+};
+var TetherVerificationError = class extends TetherError {
+  constructor(message, cause) {
+    super(message, cause);
+    this.name = "TetherVerificationError";
+  }
+};
+var TetherAPIError = class extends TetherError {
+  constructor(message, status, response, cause) {
+    super(message, cause);
+    this.status = status;
+    this.response = response;
+    this.name = "TetherAPIError";
+  }
+};
+
+// src/crypto.ts
+import { createSign, createPrivateKey } from "crypto";
+import { readFileSync } from "fs";
+function loadPrivateKey(options) {
+  const { keyPath, keyPem, keyBuffer } = options;
+  try {
+    if (keyPem) {
+      return createPrivateKey(keyPem);
+    }
+    if (keyBuffer) {
+      return createPrivateKey({
+        key: keyBuffer,
+        format: "der",
+        type: "pkcs1"
+      });
+    }
+    if (keyPath) {
+      const keyData = readFileSync(keyPath);
+      if (keyPath.endsWith(".pem") || keyData.toString().includes("-----BEGIN")) {
+        return createPrivateKey(keyData);
+      } else {
+        return createPrivateKey({
+          key: keyData,
+          format: "der",
+          type: "pkcs1"
+        });
+      }
+    }
+    throw new TetherError("No private key provided");
+  } catch (error) {
+    if (error instanceof TetherError) {
+      throw error;
+    }
+    throw new TetherError(
+      `Failed to load private key: ${error instanceof Error ? error.message : String(error)}`,
+      error instanceof Error ? error : void 0
+    );
+  }
+}
+function signChallenge(privateKey, challenge) {
+  try {
+    const sign = createSign("SHA256");
+    sign.update(challenge);
+    sign.end();
+    const signature = sign.sign(privateKey);
+    return signature.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+  } catch (error) {
+    throw new TetherError(
+      `Failed to sign challenge: ${error instanceof Error ? error.message : String(error)}`,
+      error instanceof Error ? error : void 0
+    );
+  }
+}
+function detectKeyFormat(keyPath) {
+  if (keyPath.endsWith(".pem")) {
+    return "pem";
+  }
+  if (keyPath.endsWith(".der")) {
+    return "der";
+  }
+  try {
+    const keyData = readFileSync(keyPath, { encoding: "utf8", flag: "r" });
+    if (keyData.includes("-----BEGIN")) {
+      return "pem";
+    }
+  } catch {
+  }
+  return "der";
+}
+
+// src/client.ts
+var TetherClient = class {
+  credentialId;
+  privateKey;
+  baseUrl;
+  constructor(config) {
+    this.credentialId = config.credentialId || process.env.TETHER_CREDENTIAL_ID || "";
+    if (!this.credentialId) {
+      throw new TetherError("Credential ID is required. Provide it in config or set TETHER_CREDENTIAL_ID environment variable.");
+    }
+    const keyPath = config.privateKeyPath || process.env.TETHER_PRIVATE_KEY_PATH;
+    this.privateKey = loadPrivateKey({
+      keyPath,
+      keyPem: config.privateKeyPem,
+      keyBuffer: config.privateKeyBuffer
+    });
+    this.baseUrl = config.baseUrl || "https://api.tether.name";
+  }
+  /**
+   * Request a challenge from the Tether API
+   */
+  async requestChallenge() {
+    try {
+      const response = await fetch(`${this.baseUrl}/challenge`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        }
+      });
+      if (!response.ok) {
+        const errorText = await response.text().catch(() => "Unknown error");
+        throw new TetherAPIError(
+          `Challenge request failed: ${response.status} ${response.statusText}`,
+          response.status,
+          errorText
+        );
+      }
+      const data = await response.json();
+      if (!data.code) {
+        throw new TetherAPIError("Invalid challenge response: missing code");
+      }
+      return data.code;
+    } catch (error) {
+      if (error instanceof TetherError) {
+        throw error;
+      }
+      throw new TetherAPIError(
+        `Failed to request challenge: ${error instanceof Error ? error.message : String(error)}`,
+        void 0,
+        void 0,
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+  /**
+   * Sign a challenge string
+   */
+  sign(challenge) {
+    return signChallenge(this.privateKey, challenge);
+  }
+  /**
+   * Submit proof for a challenge
+   */
+  async submitProof(challenge, proof) {
+    try {
+      const payload = {
+        challenge,
+        proof,
+        credentialId: this.credentialId
+      };
+      const response = await fetch(`${this.baseUrl}/challenge/verify`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify(payload)
+      });
+      if (!response.ok) {
+        const errorText = await response.text().catch(() => "Unknown error");
+        throw new TetherAPIError(
+          `Verification failed: ${response.status} ${response.statusText}`,
+          response.status,
+          errorText
+        );
+      }
+      const data = await response.json();
+      return {
+        verified: data.valid,
+        agentName: data.agentName,
+        verifyUrl: data.verifyUrl,
+        email: data.email,
+        registeredSince: data.registeredSince,
+        error: data.error,
+        challenge
+      };
+    } catch (error) {
+      if (error instanceof TetherError) {
+        throw error;
+      }
+      throw new TetherAPIError(
+        `Failed to submit proof: ${error instanceof Error ? error.message : String(error)}`,
+        void 0,
+        void 0,
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+  /**
+   * Perform complete verification in one call
+   */
+  async verify() {
+    try {
+      const challenge = await this.requestChallenge();
+      const proof = this.sign(challenge);
+      const result = await this.submitProof(challenge, proof);
+      if (!result.verified) {
+        throw new TetherVerificationError(
+          result.error || "Verification failed for unknown reason"
+        );
+      }
+      return result;
+    } catch (error) {
+      if (error instanceof TetherError) {
+        throw error;
+      }
+      throw new TetherVerificationError(
+        `Verification failed: ${error instanceof Error ? error.message : String(error)}`,
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+};
+export {
+  TetherAPIError,
+  TetherClient,
+  TetherError,
+  TetherVerificationError,
+  detectKeyFormat,
+  loadPrivateKey,
+  signChallenge
+};
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/errors.ts","../src/crypto.ts","../src/client.ts"],"sourcesContent":["/**\n * Base error class for all Tether-related errors\n */\nexport class TetherError extends Error {\n  constructor(message: string, public readonly cause?: Error) {\n    super(message);\n    this.name = 'TetherError';\n    \n    // Maintain proper stack trace for where our error was thrown (only available on V8)\n    if (Error.captureStackTrace) {\n      Error.captureStackTrace(this, TetherError);\n    }\n  }\n}\n\n/**\n * Error thrown when verification fails\n */\nexport class TetherVerificationError extends TetherError {\n  constructor(message: string, cause?: Error) {\n    super(message, cause);\n    this.name = 'TetherVerificationError';\n  }\n}\n\n/**\n * Error thrown when API requests fail\n */\nexport class TetherAPIError extends TetherError {\n  constructor(\n    message: string,\n    public readonly status?: number,\n    public readonly response?: string,\n    cause?: Error\n  ) {\n    super(message, cause);\n    this.name = 'TetherAPIError';\n  }\n}","import { createSign, createPrivateKey, KeyObject } from 'crypto';\nimport { readFileSync } from 'fs';\nimport { TetherError } from './errors.js';\nimport type { KeyFormat } from './types.js';\n\n/**\n * Loads a private key from various sources\n */\nexport function loadPrivateKey(options: {\n  keyPath?: string;\n  keyPem?: string;\n  keyBuffer?: Buffer;\n}): KeyObject {\n  const { keyPath, keyPem, keyBuffer } = options;\n\n  try {\n    if (keyPem) {\n      // PEM string provided directly\n      return createPrivateKey(keyPem);\n    }\n    \n    if (keyBuffer) {\n      // DER buffer provided directly\n      return createPrivateKey({\n        key: keyBuffer,\n        format: 'der',\n        type: 'pkcs1'\n      });\n    }\n    \n    if (keyPath) {\n      // Read from file - detect format by extension or content\n      const keyData = readFileSync(keyPath);\n      \n      // Try to detect format\n      if (keyPath.endsWith('.pem') || keyData.toString().includes('-----BEGIN')) {\n        // PEM format\n        return createPrivateKey(keyData);\n      } else {\n        // Assume DER format\n        return createPrivateKey({\n          key: keyData,\n          format: 'der',\n          type: 'pkcs1'\n        });\n      }\n    }\n    \n    throw new TetherError('No private key provided');\n  } catch (error) {\n    if (error instanceof TetherError) {\n      throw error;\n    }\n    throw new TetherError(\n      `Failed to load private key: ${error instanceof Error ? error.message : String(error)}`,\n      error instanceof Error ? error : undefined\n    );\n  }\n}\n\n/**\n * Signs a challenge string using RSA-SHA256\n * Returns URL-safe base64 encoded signature (no padding)\n */\nexport function signChallenge(privateKey: KeyObject, challenge: string): string {\n  try {\n    const sign = createSign('SHA256');\n    sign.update(challenge);\n    sign.end();\n    \n    const signature = sign.sign(privateKey);\n    \n    // Convert to URL-safe base64 without padding\n    return signature\n      .toString('base64')\n      .replace(/\\+/g, '-')\n      .replace(/\\//g, '_')\n      .replace(/=/g, '');\n  } catch (error) {\n    throw new TetherError(\n      `Failed to sign challenge: ${error instanceof Error ? error.message : String(error)}`,\n      error instanceof Error ? error : undefined\n    );\n  }\n}\n\n/**\n * Utility function to detect key format from file extension or content\n */\nexport function detectKeyFormat(keyPath: string): KeyFormat {\n  if (keyPath.endsWith('.pem')) {\n    return 'pem';\n  }\n  if (keyPath.endsWith('.der')) {\n    return 'der';\n  }\n  \n  // Try to read a small portion to detect format\n  try {\n    const keyData = readFileSync(keyPath, { encoding: 'utf8', flag: 'r' });\n    if (keyData.includes('-----BEGIN')) {\n      return 'pem';\n    }\n  } catch {\n    // If we can't read as text, it's probably DER\n  }\n  \n  return 'der';\n}","import { KeyObject } from 'crypto';\nimport { TetherError, TetherAPIError, TetherVerificationError } from './errors.js';\nimport { loadPrivateKey, signChallenge } from './crypto.js';\nimport type {\n  TetherClientConfig,\n  ChallengeResponse,\n  VerificationRequest,\n  VerificationResponse,\n  VerificationResult\n} from './types.js';\n\n/**\n * TetherClient - Official SDK for tether.name agent identity verification\n */\nexport class TetherClient {\n  private readonly credentialId: string;\n  private readonly privateKey: KeyObject;\n  private readonly baseUrl: string;\n\n  constructor(config: TetherClientConfig) {\n    // Get credential ID from config or environment\n    this.credentialId = config.credentialId || process.env.TETHER_CREDENTIAL_ID || '';\n    if (!this.credentialId) {\n      throw new TetherError('Credential ID is required. Provide it in config or set TETHER_CREDENTIAL_ID environment variable.');\n    }\n\n    // Load private key\n    const keyPath = config.privateKeyPath || process.env.TETHER_PRIVATE_KEY_PATH;\n    this.privateKey = loadPrivateKey({\n      keyPath,\n      keyPem: config.privateKeyPem,\n      keyBuffer: config.privateKeyBuffer\n    });\n\n    // Set base URL\n    this.baseUrl = config.baseUrl || 'https://api.tether.name';\n  }\n\n  /**\n   * Request a challenge from the Tether API\n   */\n  async requestChallenge(): Promise<string> {\n    try {\n      const response = await fetch(`${this.baseUrl}/challenge`, {\n        method: 'POST',\n        headers: {\n          'Content-Type': 'application/json'\n        }\n      });\n\n      if (!response.ok) {\n        const errorText = await response.text().catch(() => 'Unknown error');\n        throw new TetherAPIError(\n          `Challenge request failed: ${response.status} ${response.statusText}`,\n          response.status,\n          errorText\n        );\n      }\n\n      const data = await response.json() as ChallengeResponse;\n      \n      if (!data.code) {\n        throw new TetherAPIError('Invalid challenge response: missing code');\n      }\n\n      return data.code;\n    } catch (error) {\n      if (error instanceof TetherError) {\n        throw error;\n      }\n      throw new TetherAPIError(\n        `Failed to request challenge: ${error instanceof Error ? error.message : String(error)}`,\n        undefined,\n        undefined,\n        error instanceof Error ? error : undefined\n      );\n    }\n  }\n\n  /**\n   * Sign a challenge string\n   */\n  sign(challenge: string): string {\n    return signChallenge(this.privateKey, challenge);\n  }\n\n  /**\n   * Submit proof for a challenge\n   */\n  async submitProof(challenge: string, proof: string): Promise<VerificationResult> {\n    try {\n      const payload: VerificationRequest = {\n        challenge,\n        proof,\n        credentialId: this.credentialId\n      };\n\n      const response = await fetch(`${this.baseUrl}/challenge/verify`, {\n        method: 'POST',\n        headers: {\n          'Content-Type': 'application/json'\n        },\n        body: JSON.stringify(payload)\n      });\n\n      if (!response.ok) {\n        const errorText = await response.text().catch(() => 'Unknown error');\n        throw new TetherAPIError(\n          `Verification failed: ${response.status} ${response.statusText}`,\n          response.status,\n          errorText\n        );\n      }\n\n      const data = await response.json() as VerificationResponse;\n\n      // Convert API response to our result format\n      return {\n        verified: data.valid,\n        agentName: data.agentName,\n        verifyUrl: data.verifyUrl,\n        email: data.email,\n        registeredSince: data.registeredSince,\n        error: data.error,\n        challenge\n      };\n    } catch (error) {\n      if (error instanceof TetherError) {\n        throw error;\n      }\n      throw new TetherAPIError(\n        `Failed to submit proof: ${error instanceof Error ? error.message : String(error)}`,\n        undefined,\n        undefined,\n        error instanceof Error ? error : undefined\n      );\n    }\n  }\n\n  /**\n   * Perform complete verification in one call\n   */\n  async verify(): Promise<VerificationResult> {\n    try {\n      const challenge = await this.requestChallenge();\n      const proof = this.sign(challenge);\n      const result = await this.submitProof(challenge, proof);\n\n      if (!result.verified) {\n        throw new TetherVerificationError(\n          result.error || 'Verification failed for unknown reason'\n        );\n      }\n\n      return result;\n    } catch (error) {\n      if (error instanceof TetherError) {\n        throw error;\n      }\n      throw new TetherVerificationError(\n        `Verification failed: ${error instanceof Error ? error.message : String(error)}`,\n        error instanceof Error ? error : undefined\n      );\n    }\n  }\n}"],"mappings":";AAGO,IAAM,cAAN,MAAM,qBAAoB,MAAM;AAAA,EACrC,YAAY,SAAiC,OAAe;AAC1D,UAAM,OAAO;AAD8B;AAE3C,SAAK,OAAO;AAGZ,QAAI,MAAM,mBAAmB;AAC3B,YAAM,kBAAkB,MAAM,YAAW;AAAA,IAC3C;AAAA,EACF;AACF;AAKO,IAAM,0BAAN,cAAsC,YAAY;AAAA,EACvD,YAAY,SAAiB,OAAe;AAC1C,UAAM,SAAS,KAAK;AACpB,SAAK,OAAO;AAAA,EACd;AACF;AAKO,IAAM,iBAAN,cAA6B,YAAY;AAAA,EAC9C,YACE,SACgB,QACA,UAChB,OACA;AACA,UAAM,SAAS,KAAK;AAJJ;AACA;AAIhB,SAAK,OAAO;AAAA,EACd;AACF;;;ACtCA,SAAS,YAAY,wBAAmC;AACxD,SAAS,oBAAoB;AAOtB,SAAS,eAAe,SAIjB;AACZ,QAAM,EAAE,SAAS,QAAQ,UAAU,IAAI;AAEvC,MAAI;AACF,QAAI,QAAQ;AAEV,aAAO,iBAAiB,MAAM;AAAA,IAChC;AAEA,QAAI,WAAW;AAEb,aAAO,iBAAiB;AAAA,QACtB,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAEA,QAAI,SAAS;AAEX,YAAM,UAAU,aAAa,OAAO;AAGpC,UAAI,QAAQ,SAAS,MAAM,KAAK,QAAQ,SAAS,EAAE,SAAS,YAAY,GAAG;AAEzE,eAAO,iBAAiB,OAAO;AAAA,MACjC,OAAO;AAEL,eAAO,iBAAiB;AAAA,UACtB,KAAK;AAAA,UACL,QAAQ;AAAA,UACR,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAAA,IACF;AAEA,UAAM,IAAI,YAAY,yBAAyB;AAAA,EACjD,SAAS,OAAO;AACd,QAAI,iBAAiB,aAAa;AAChC,YAAM;AAAA,IACR;AACA,UAAM,IAAI;AAAA,MACR,+BAA+B,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,MACrF,iBAAiB,QAAQ,QAAQ;AAAA,IACnC;AAAA,EACF;AACF;AAMO,SAAS,cAAc,YAAuB,WAA2B;AAC9E,MAAI;AACF,UAAM,OAAO,WAAW,QAAQ;AAChC,SAAK,OAAO,SAAS;AACrB,SAAK,IAAI;AAET,UAAM,YAAY,KAAK,KAAK,UAAU;AAGtC,WAAO,UACJ,SAAS,QAAQ,EACjB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,MAAM,EAAE;AAAA,EACrB,SAAS,OAAO;AACd,UAAM,IAAI;AAAA,MACR,6BAA6B,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,MACnF,iBAAiB,QAAQ,QAAQ;AAAA,IACnC;AAAA,EACF;AACF;AAKO,SAAS,gBAAgB,SAA4B;AAC1D,MAAI,QAAQ,SAAS,MAAM,GAAG;AAC5B,WAAO;AAAA,EACT;AACA,MAAI,QAAQ,SAAS,MAAM,GAAG;AAC5B,WAAO;AAAA,EACT;AAGA,MAAI;AACF,UAAM,UAAU,aAAa,SAAS,EAAE,UAAU,QAAQ,MAAM,IAAI,CAAC;AACrE,QAAI,QAAQ,SAAS,YAAY,GAAG;AAClC,aAAO;AAAA,IACT;AAAA,EACF,QAAQ;AAAA,EAER;AAEA,SAAO;AACT;;;AC9FO,IAAM,eAAN,MAAmB;AAAA,EACP;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,QAA4B;AAEtC,SAAK,eAAe,OAAO,gBAAgB,QAAQ,IAAI,wBAAwB;AAC/E,QAAI,CAAC,KAAK,cAAc;AACtB,YAAM,IAAI,YAAY,mGAAmG;AAAA,IAC3H;AAGA,UAAM,UAAU,OAAO,kBAAkB,QAAQ,IAAI;AACrD,SAAK,aAAa,eAAe;AAAA,MAC/B;AAAA,MACA,QAAQ,OAAO;AAAA,MACf,WAAW,OAAO;AAAA,IACpB,CAAC;AAGD,SAAK,UAAU,OAAO,WAAW;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAoC;AACxC,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,GAAG,KAAK,OAAO,cAAc;AAAA,QACxD,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,MACF,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,YAAY,MAAM,SAAS,KAAK,EAAE,MAAM,MAAM,eAAe;AACnE,cAAM,IAAI;AAAA,UACR,6BAA6B,SAAS,MAAM,IAAI,SAAS,UAAU;AAAA,UACnE,SAAS;AAAA,UACT;AAAA,QACF;AAAA,MACF;AAEA,YAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,UAAI,CAAC,KAAK,MAAM;AACd,cAAM,IAAI,eAAe,0CAA0C;AAAA,MACrE;AAEA,aAAO,KAAK;AAAA,IACd,SAAS,OAAO;AACd,UAAI,iBAAiB,aAAa;AAChC,cAAM;AAAA,MACR;AACA,YAAM,IAAI;AAAA,QACR,gCAAgC,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,QACtF;AAAA,QACA;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,KAAK,WAA2B;AAC9B,WAAO,cAAc,KAAK,YAAY,SAAS;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAY,WAAmB,OAA4C;AAC/E,QAAI;AACF,YAAM,UAA+B;AAAA,QACnC;AAAA,QACA;AAAA,QACA,cAAc,KAAK;AAAA,MACrB;AAEA,YAAM,WAAW,MAAM,MAAM,GAAG,KAAK,OAAO,qBAAqB;AAAA,QAC/D,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA,MAAM,KAAK,UAAU,OAAO;AAAA,MAC9B,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,YAAY,MAAM,SAAS,KAAK,EAAE,MAAM,MAAM,eAAe;AACnE,cAAM,IAAI;AAAA,UACR,wBAAwB,SAAS,MAAM,IAAI,SAAS,UAAU;AAAA,UAC9D,SAAS;AAAA,UACT;AAAA,QACF;AAAA,MACF;AAEA,YAAM,OAAO,MAAM,SAAS,KAAK;AAGjC,aAAO;AAAA,QACL,UAAU,KAAK;AAAA,QACf,WAAW,KAAK;AAAA,QAChB,WAAW,KAAK;AAAA,QAChB,OAAO,KAAK;AAAA,QACZ,iBAAiB,KAAK;AAAA,QACtB,OAAO,KAAK;AAAA,QACZ;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,aAAa;AAChC,cAAM;AAAA,MACR;AACA,YAAM,IAAI;AAAA,QACR,2BAA2B,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,QACjF;AAAA,QACA;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAsC;AAC1C,QAAI;AACF,YAAM,YAAY,MAAM,KAAK,iBAAiB;AAC9C,YAAM,QAAQ,KAAK,KAAK,SAAS;AACjC,YAAM,SAAS,MAAM,KAAK,YAAY,WAAW,KAAK;AAEtD,UAAI,CAAC,OAAO,UAAU;AACpB,cAAM,IAAI;AAAA,UACR,OAAO,SAAS;AAAA,QAClB;AAAA,MACF;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,aAAa;AAChC,cAAM;AAAA,MACR;AACA,YAAM,IAAI;AAAA,QACR,wBAAwB,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,QAC9E,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AACF;","names":[]}

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "tether-name",
+  "version": "1.0.0",
+  "description": "Official Node.js SDK for tether.name - AI agent identity verification",
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "test": "vitest",
+    "test:run": "vitest run",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "tether",
+    "agent",
+    "verification",
+    "identity",
+    "crypto",
+    "rsa"
+  ],
+  "author": "Commit 451",
+  "license": "MIT",
+  "homepage": "https://tether.name",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/tether-name/tether-name-node.git"
+  },
+  "bugs": {
+    "url": "https://github.com/tether-name/tether-name-node/issues"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.0.0",
+    "vitest": "^1.0.0"
+  }
+}