npm - vestauth - Versions diffs - 0.21.1 → 0.22.1 - Mend

vestauth 0.21.1 → 0.22.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md +14 -2
package/README.md +111 -28
package/package.json +1 -1
package/src/cli/actions/agent/curl.js +52 -1
package/src/server/index.js +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -2,7 +2,19 @@
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
-[Unreleased](https://github.com/vestauth/vestauth/compare/v0.21.1...main)
+[Unreleased](https://github.com/vestauth/vestauth/compare/v0.22.1...main)
+## [0.22.1](https://github.com/vestauth/vestauth/compare/v0.22.0...v0.22.1) (2026-03-02)
+### Changed
+* `vestauth server start` should use `POST /whoami`
+## [0.22.0](https://github.com/vestauth/vestauth/compare/v0.21.1...v0.22.0) (2026-03-02)
+### Changed
+* `agent curl` now by default prepends `-X POST` and `-H "Content-Type: application/json"` ([#45](https://github.com/vestauth/vestauth/pull/45))
 ## [0.21.1](https://github.com/vestauth/vestauth/compare/v0.21.0...v0.21.1) (2026-02-25)
@@ -94,7 +106,7 @@ All notable changes to this project will be documented in this file. See [standa
 ### Changed
-* Move from `*.agents.vestauth.com` FQDN to `*.api.vestaut.com` to prepare way for custom `--hostname` for internal enterprise use cases.
+* Move from `*.agents.vestauth.com` FQDN to `*.api.vestauth.com` to prepare way for custom `--hostname` for internal enterprise use cases.
 ## [0.12.1](https://github.com/vestauth/vestauth/compare/v0.12.0...v0.12.1) (2026-02-17)

package/README.md CHANGED Viewed

@@ -3,8 +3,8 @@
 *web-bot-auth for agents*–from the creator of [`dotenv`](https://github.com/motdotla/dotenv) and [`dotenvx`](https://github.com/dotenvx/dotenvx).
 * identity ([web-bot-auth](https://datatracker.ietf.org/doc/html/draft-meunier-web-bot-auth-architecture))
-* authentication
 * tools!
+* authentication
 <a target="_blank" href="https://chat.openai.com/?q=Read%20https%3A%2F%2Fgithub.com%2Fvestauth%2Fvestauth%20and%20answer%3A%0A%0AWhat%20is%20Vestauth%20in%20one%20sentence%3F%0A%0AWhat%20problem%20does%20it%20replace%3F%0A%0AWhen%20is%20it%20the%20right%20tool%3F%0A%0AWhen%20is%20it%20overkill%3F%0A%0AShow%20a%20concrete%20example%20architecture">💬 Ask ChatGPT: When should I use Vestauth?</a>
@@ -94,15 +94,122 @@ AGENT_PRIVATE_JWK="{"crv":"Ed25519","d":"Z9vbwN-3eiFMVv_TPWXOxqSMJAT21kZvejWi72y
 &nbsp;
+## Tools
+> Call tools!
+```sh
+vestauth agent curl https://sfs.vestauth.com/write -d '{"filepath":"/hello.md", "content":"hello"}'
+vestauth agent curl https://sfs.vestauth.com/list
+```
+#### First Party
+<details><summary>`SFS` Simple File System</summary><br/>
+> SFS is a simple file system for vestauth agents.
+>
+> [sfs.vestauth.com](https://sfs.vestauth.com)
+```sh
+# write a file
+vestauth agent curl https://sfs.vestauth.com/write -d '{"filepath":"/hello.md", "content":"hello"}'
+# delete a file
+vestauth agent curl https://sfs.vestauth.com/delete -d '{"filepath":"/hello.md"}'
+# list files
+vestauth agent curl https://sfs.vestauth.com/list
+# read a file
+vestauth agent curl https://sfs.vestauth.com/read -d '{"filepath":"/hello.md"}'
+```
+&nbsp;
+</details>
+<details><summary>`GEO` geo.vestauth.com</summary><br/>
+> GEO returns the current geo-coordinates of a vestauth agent.
+>
+> [geo.vestauth.com](https://geo.vestauth.com)
+```sh
+# make a ping
+vestauth agent curl https://ping.vestauth.com/ping
+```
+&nbsp;
+</details>
+#### Third Party
+<details><summary>`AS2` Agentic Secret Storage</summary><br/>
+> AS2 is a simple, agent-friendly secret storage.
+>
+> [as2.dotenvx.com](https://as2.dotenvx.com)
+```sh
+# set a secret
+vestauth agent curl https://as2.dotenvx.com/set -d '{"KEY":"value"}'
+# get all secrets
+vestauth agent curl "https://as2.dotenvx.com/get"
+# get single secret
+vestauth agent curl "https://as2.dotenvx.com/get?key=KEY"
+# get multiple secrets
+vestauth agent curl "https://as2.dotenvx.com/get?key=KEY,TWILIO"
+```
+&nbsp;
+</details>
+<details><summary>`Docle` Check if email address is real</summary><br>
+> Check if an email address is real before you hit send. Verifies syntax, DNS, MX records, SMTP mailbox existence, and cross-references multiple providers. All in real time, no signup required.
+>
+> [github.com/treadiehq/docle](https://github.com/treadiehq/docle)
+```sh
+# verify an email
+vestauth agent curl https://docle.co/api/verify -d '{"emails":["test@example.com"]}'
+# check your usage
+vestauth agent curl https://docle.co/api/agent/usage
+```
+&nbsp;
+</details>
+<details><summary>more coming soon</summary><br/>
+* Geo IP - coming soon
+* Send/Receive Email - coming
+* Send/Receive SMS - coming
+* Send/Receive Telegram - coming
+* Send/Receive WhatsApp - coming
+* Human-in-the-loop - coming
+* Rotate NPM Tokens - coming
+* Rotate GitHub Tokens - coming
+* Working on a tool? Tell us and we'll list it.
+</details>
+&nbsp;
 ## Authentication
-> Authenticate agents – `vestauth.tool.verify`…
+> Build your own tools. Authenticate them with a single line of code – `vestauth.tool.verify`…
 ```js
 ...
 const vestauth = require('vestauth')
-app.get('/whoami', async (req, res) => {
+app.post('/whoami', async (req, res) => {
   try {
     const url = `${req.protocol}://${req.get('host')}${req.originalUrl}`
     const agent = await vestauth.tool.verify(req.method, url, req.headers)
@@ -138,31 +245,7 @@ $ vestauth primitives headers GET https://api.vestauth.com/whoami --pp
 </details>
-&nbsp;
-## Tools
-> Call tools!
-```sh
-$ vestauth agent curl -X POST https://as2.dotenvx.com/set -d '{"KEY":"value"}'
-$ vestauth agent curl https://as2.dotenvx.com/get
-```
-#### List of tools
-* Ping - https://ping.vestauth.com
-* Agentic Secret Storage - https://as2.dotenvx.com
-* Geo IP - coming soon
-* Filesystem - coming soon
-* Send/Receive Email - coming
-* Send/Receive SMS - coming
-* Send/Receive Telegram - coming
-* Send/Receive WhatsApp - coming
-* Human-in-the-loop - coming
-* Rotate NPM Tokens - coming
-* Rotate GitHub Tokens - coming
-* Working on a tool? Tell us and wel'll list it.
+Vestauth handles usage, payments, and spam protection for your tool!
 &nbsp;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "vestauth",
-  "version": "0.21.1",
+  "version": "0.22.1",
   "description": "web-bot-auth for agents–from the creator of dotenvx",
   "keywords": [
     "vestauth",

package/src/cli/actions/agent/curl.js CHANGED Viewed

@@ -5,6 +5,53 @@ const Errors = require('./../../../lib/helpers/errors')
 const findUrl = require('./../../../lib/helpers/findUrl')
 const catchAndLog = require('./../../../lib/helpers/catchAndLog')
+function requestMethodFromArgs (args) {
+  for (let i = 0; i < args.length; i++) {
+    const arg = args[i]
+    if (arg === '-X' || arg === '--request') {
+      const method = args[i + 1]
+      if (method) return method.toUpperCase()
+      continue
+    }
+    if (arg.startsWith('--request=')) {
+      return arg.slice('--request='.length).toUpperCase()
+    }
+    if (arg.startsWith('-X') && arg.length > 2) {
+      return arg.slice(2).toUpperCase()
+    }
+  }
+  return null
+}
+function hasContentTypeHeader (args) {
+  for (let i = 0; i < args.length; i++) {
+    const arg = args[i]
+    if (arg === '-H' || arg === '--header') {
+      const header = args[i + 1] || ''
+      if (header.toLowerCase().startsWith('content-type:')) return true
+      continue
+    }
+    if (arg.startsWith('--header=')) {
+      const header = arg.slice('--header='.length)
+      if (header.toLowerCase().startsWith('content-type:')) return true
+      continue
+    }
+    if (arg.startsWith('-H') && arg.length > 2) {
+      const header = arg.slice(2)
+      if (header.toLowerCase().startsWith('content-type:')) return true
+    }
+  }
+  return false
+}
 async function curl () {
   try {
     const commandArgs = this.args
@@ -13,14 +60,18 @@ async function curl () {
     const options = this.opts()
     logger.debug(`options: ${JSON.stringify(options)}`)
-    const httpMethod = 'GET'
+    const httpMethod = requestMethodFromArgs(commandArgs) || 'POST'
     const url = findUrl(commandArgs)
     const headers = await agent.headers(httpMethod, url)
+    const includeRequestMethod = requestMethodFromArgs(commandArgs) === null
+    const includeContentType = !hasContentTypeHeader(commandArgs)
     const injected = [
       'curl',
       '-H', `Signature: ${headers.Signature}`,
       '-H', `Signature-Input: ${headers['Signature-Input']}`,
       '-H', `Signature-Agent: ${headers['Signature-Agent']}`,
+      ...(includeRequestMethod ? ['-X', 'POST'] : []),
+      ...(includeContentType ? ['-H', 'Content-Type: application/json'] : []),
       ...commandArgs
     ]

package/src/server/index.js CHANGED Viewed

@@ -105,7 +105,7 @@ app.get('/.well-known/http-message-signatures-directory', async (req, res) => {
   return res.json({ keys })
 })
-app.get('/whoami', async (req, res) => {
+app.post('/whoami', async (req, res) => {
   try {
     const url = `${req.protocol}://${req.get('host')}${req.originalUrl}`
     const attrs = {