vercel-ai-attesso 1.0.1

package/README.md

@@ -0,0 +1,182 @@
+# vercel-ai-attesso
+
+Vercel AI SDK provider for hardware-secured agent wallets. No app required.
+
+```bash
+npm install vercel-ai-attesso ai zod
+```
+
+## One-Liner Integration
+
+```typescript
+import { generateText } from 'ai';
+import { attesso } from 'vercel-ai-attesso';
+
+const result = await generateText({
+  model: openai('gpt-4o'),
+  tools: attesso.tools(),
+  prompt: 'Book me a flight to NYC under $500',
+});
+```
+
+That's it. Your AI agent now has a wallet.
+
+## What This Does
+
+When you add `attesso.tools()` to your Vercel AI SDK agent, it gains these capabilities:
+
+| Tool | Description |
+|------|-------------|
+| `attesso_pay` | Execute a payment against a user's pre-authorized mandate |
+| `attesso_get_mandate` | Check spending limits and available funds |
+| `attesso_get_passport` | Get identity token for merchant verification |
+| `attesso_capture` | Capture a previously authorized payment |
+| `attesso_cancel` | Cancel an auth and release funds |
+| `attesso_check_balance` | Quick balance check |
+
+## Configuration
+
+```typescript
+// Pre-configure mandate and merchant for tighter control
+const tools = attesso.tools({
+  mandateId: 'mandate_xyz',           // Pre-selected mandate
+  merchant: 'United Airlines',        // Lock to single merchant
+  maxAmountPerTransaction: 50000,     // $500 cap per transaction
+});
+```
+
+## Environment Variables
+
+```bash
+ATTESSO_API_KEY=your_api_key_here
+```
+
+## How It Works
+
+```
+┌─────────────────────────────────────────────────────────────────┐
+│  Your AI Agent (Vercel AI SDK)                                  │
+│  ┌───────────────────────────────────────────────────────────┐  │
+│  │  generateText({                                           │  │
+│  │    model: openai('gpt-4o'),                               │  │
+│  │    tools: attesso.tools(),  ◄─── Hardware-secured wallet  │  │
+│  │    prompt: 'Book a flight...'                             │  │
+│  │  })                                                       │  │
+│  └───────────────────────────────────────────────────────────┘  │
+│                              │                                  │
+│                              ▼                                  │
+│  ┌───────────────────────────────────────────────────────────┐  │
+│  │  Attesso API                                              │  │
+│  │  • Mandate validation (user pre-approved with passkey)    │  │
+│  │  • Hardware attestation (WebAuthn / Secure Enclave)       │  │
+│  │  • Payment execution via Stripe                           │  │
+│  │  • Reputation & fraud monitoring                          │  │
+│  └───────────────────────────────────────────────────────────┘  │
+└─────────────────────────────────────────────────────────────────┘
+```
+
+## How Users Authorize Spending
+
+Users create mandates in your web dashboard using WebAuthn passkeys:
+
+1. User clicks "Create Mandate"
+2. Browser prompts for passkey authentication:
+   - **Native**: FaceID/TouchID on Mac, iPhone, Android
+   - **Cross-device**: QR code scanned with phone (desktops without biometrics)
+3. Device's Secure Enclave signs the mandate
+4. Your agent receives the mandateId
+
+```typescript
+// Frontend: Create mandate with passkey
+const authOptions = await fetch('/api/auth/webauthn/authenticate/options', {
+  method: 'POST',
+}).then(r => r.json());
+
+// User does FaceID/TouchID or scans QR with phone
+const assertion = await navigator.credentials.get({
+  publicKey: authOptions,
+});
+
+const mandate = await fetch('/api/mandates', {
+  method: 'POST',
+  body: JSON.stringify({
+    botId: 'bot_travel_agent',
+    maxAmount: 50000,
+    webAuthnAssertion: assertion,
+  }),
+}).then(r => r.json());
+
+// Pass mandateId to your AI agent
+```
+
+## Auth/Capture Flow
+
+For purchases where the final price isn't known upfront:
+
+```typescript
+const result = await generateText({
+  model: openai('gpt-4o'),
+  tools: attesso.tools({ mandateId }),
+  prompt: `
+    Search for flights to NYC.
+    When you find the best option, capture it with the exact price.
+    If nothing suitable, cancel the authorization.
+  `,
+});
+```
+
+The agent will:
+1. Use `attesso_get_mandate` to check available funds
+2. Search for flights (using your other tools)
+3. Use `attesso_pay` to authorize the best price
+4. Use `attesso_capture` or `attesso_cancel` based on results
+
+## Passport Tokens
+
+Get a cryptographic proof of spending power for merchant verification:
+
+```typescript
+const tools = attesso.tools();
+// Agent calls attesso_get_passport to get JWT
+// JWT contains: solvency proof, reputation score, mandate limits
+// Merchant can verify locally without calling Attesso
+```
+
+## Why This Exists
+
+AI agents need to spend money. Giving them your credit card is a bad idea.
+
+Attesso provides:
+- **WebAuthn passkeys** - Hardware-backed auth, no app required
+- **Cross-device support** - QR code for desktops without biometrics
+- **User-controlled limits** - Pre-authorized mandates with caps
+- **Instant revocation** - Cancel any mandate immediately
+- **Full audit trail** - Every transaction logged
+
+## Hardware Security by Device
+
+| Device | Security | Auth Method |
+|--------|----------|-------------|
+| iPhone/iPad | Secure Enclave | FaceID/TouchID |
+| Mac (Touch ID) | Secure Enclave | TouchID |
+| Mac (no Touch ID) | Phone via QR | Phone's Secure Enclave |
+| Windows (Hello) | TPM 2.0 | Windows Hello |
+| Windows (no Hello) | Phone via QR | Requires Bluetooth + manual selection |
+| Android | TEE/StrongBox | Fingerprint/Face |
+
+**Windows Note:** Without Windows Hello, users see USB security key prompt first. They must click Cancel and select "iPhone/Android" for QR code.
+
+## Requirements
+
+- Node.js 18+
+- Vercel AI SDK 3.0+
+- Zod 3.0+
+
+## Links
+
+- Website: https://attesso.com
+- Support: info@attesso.com
+
+## License
+
+MIT

package/dist/index.d.ts

@@ -0,0 +1 @@
+export { AttessoToolsConfig, attesso, attessoSchemas, createAttessoTools } from '@attesso/sdk/vercel';

package/dist/index.js

@@ -0,0 +1,7 @@
+// src/index.ts
+import { attesso, createAttessoTools, attessoSchemas } from "@attesso/sdk/vercel";
+export {
+  attesso,
+  attessoSchemas,
+  createAttessoTools
+};

package/package.json

@@ -0,0 +1,62 @@
+{
+  "name": "vercel-ai-attesso",
+  "version": "1.0.1",
+  "description": "Vercel AI SDK provider for hardware-secured agent wallets",
+  "type": "module",
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsup src/index.ts --format esm --dts --clean",
+    "dev": "tsup src/index.ts --format esm --dts --watch",
+    "typecheck": "tsc --noEmit"
+  },
+  "keywords": [
+    "vercel",
+    "ai-sdk",
+    "openai",
+    "agents",
+    "payments",
+    "wallets",
+    "attesso",
+    "ai",
+    "tools"
+  ],
+  "author": "Attesso",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/attesso/vercel-ai-attesso.git"
+  },
+  "homepage": "https://github.com/attesso/vercel-ai-attesso#readme",
+  "bugs": {
+    "url": "https://github.com/attesso/vercel-ai-attesso/issues"
+  },
+  "deprecated": "Use @attesso/sdk/vercel instead. This package is now a re-export.",
+  "dependencies": {
+    "@attesso/sdk": "^1.0.2"
+  },
+  "peerDependencies": {
+    "ai": ">=3.0.0",
+    "zod": ">=3.0.0"
+  },
+  "devDependencies": {
+    "ai": "^3.0.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.3.0",
+    "zod": "^3.22.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}