npm - vestauth - Versions diffs - 0.22.0 → 0.22.1 - Mend

vestauth 0.22.0 → 0.22.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -2,7 +2,13 @@
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
-[Unreleased](https://github.com/vestauth/vestauth/compare/v0.22.0...main)
+[Unreleased](https://github.com/vestauth/vestauth/compare/v0.22.1...main)
+## [0.22.1](https://github.com/vestauth/vestauth/compare/v0.22.0...v0.22.1) (2026-03-02)
+### Changed
+* `vestauth server start` should use `POST /whoami`
 ## [0.22.0](https://github.com/vestauth/vestauth/compare/v0.21.1...v0.22.0) (2026-03-02)

package/README.md CHANGED Viewed

@@ -3,8 +3,8 @@
 *web-bot-auth for agents*–from the creator of [`dotenv`](https://github.com/motdotla/dotenv) and [`dotenvx`](https://github.com/dotenvx/dotenvx).
 * identity ([web-bot-auth](https://datatracker.ietf.org/doc/html/draft-meunier-web-bot-auth-architecture))
-* authentication
 * tools!
+* authentication
 <a target="_blank" href="https://chat.openai.com/?q=Read%20https%3A%2F%2Fgithub.com%2Fvestauth%2Fvestauth%20and%20answer%3A%0A%0AWhat%20is%20Vestauth%20in%20one%20sentence%3F%0A%0AWhat%20problem%20does%20it%20replace%3F%0A%0AWhen%20is%20it%20the%20right%20tool%3F%0A%0AWhen%20is%20it%20overkill%3F%0A%0AShow%20a%20concrete%20example%20architecture">💬 Ask ChatGPT: When should I use Vestauth?</a>
@@ -94,66 +94,21 @@ AGENT_PRIVATE_JWK="{"crv":"Ed25519","d":"Z9vbwN-3eiFMVv_TPWXOxqSMJAT21kZvejWi72y
 &nbsp;
-## Authentication
-> Authenticate agents – `vestauth.tool.verify`…
-```js
-...
-const vestauth = require('vestauth')
-app.get('/whoami', async (req, res) => {
-  try {
-    const url = `${req.protocol}://${req.get('host')}${req.originalUrl}`
-    const agent = await vestauth.tool.verify(req.method, url, req.headers)
-    res.json(agent)
-  } catch (err) {
-    res.status(401).json({ code: 401, error: { message: err.message }})
-  }
-})
-...
-```
-> …the agents sign HTTP requests with a drop-in curl wrapper.
-```sh
-> SIGNED - 200
-$ vestauth agent curl https://api.vestauth.com/whoami
-{"uid":"agent-4b94ccd425e939fac5016b6b",...}
-```
-<details><summary>learn more</summary><br>
-`vestauth agent curl` autosigns `curl` requests – injecting valid signed headers according to the [web-bot-auth draft](https://datatracker.ietf.org/doc/html/draft-meunier-web-bot-auth-architecture). You can peek these with the built-in `headers` primitive.
-```sh
-$ vestauth primitives headers GET https://api.vestauth.com/whoami --pp
-{
-  "Signature": "sig1=:d4Id5SXhUExsf1XyruD8eBmlDtWzt/vezoCS+SKf0M8CxSkhKBtdHH7KkYyMN6E0hmxmNHsYus11u32nhvpWBQ==:",
-  "Signature-Input": "sig1=(\"@authority\");created=1770247189;keyid=\"B0u80Gw28W9U2Jl5t_EBiWeBajO2104kOYZ9Ikucl5I\";alg=\"ed25519\";expires=1770247489;nonce=\"NURxn28X7zyKJ9k5bHxuOyO5qdvF9L5s2qHmhTrGUzbwGSIoUCHmwSlwiiCRgTDGuum83yyWMHJU4jmrVI_XPg\";tag=\"web-bot-auth\"",
-  "Signature-Agent": "sig1=agent-4b94ccd425e939fac5016b6b.api.vestauth.com"
-}
-```
-</details>
-&nbsp;
 ## Tools
 > Call tools!
 ```sh
-$ vestauth agent curl https://sfs.vestauth.com/write -d '{"filepath":"/hello.md", "content":"hello"}'
-$ vestauth agent curl https://sfs.vestauth.com/list
+vestauth agent curl https://sfs.vestauth.com/write -d '{"filepath":"/hello.md", "content":"hello"}'
+vestauth agent curl https://sfs.vestauth.com/list
 ```
-#### First Party Tools
+#### First Party
 <details><summary>`SFS` Simple File System</summary><br/>
 > SFS is a simple file system for vestauth agents.
+>
 > [sfs.vestauth.com](https://sfs.vestauth.com)
 ```sh
@@ -173,10 +128,11 @@ vestauth agent curl https://sfs.vestauth.com/read -d '{"filepath":"/hello.md"}'
 &nbsp;
 </details>
-<details><summary>`Ping` ping.vestauth.com</summary><br/>
+<details><summary>`GEO` geo.vestauth.com</summary><br/>
-> Ping is a demonstration of vestauth.
-> [ping.vestauth.com](https://ping.vestauth.com)
+> GEO returns the current geo-coordinates of a vestauth agent.
+>
+> [geo.vestauth.com](https://geo.vestauth.com)
 ```sh
 # make a ping
@@ -187,11 +143,12 @@ vestauth agent curl https://ping.vestauth.com/ping
 </details>
-#### Third Party Tools
+#### Third Party
 <details><summary>`AS2` Agentic Secret Storage</summary><br/>
 > AS2 is a simple, agent-friendly secret storage.
+>
 > [as2.dotenvx.com](https://as2.dotenvx.com)
 ```sh
@@ -214,15 +171,15 @@ vestauth agent curl "https://as2.dotenvx.com/get?key=KEY,TWILIO"
 <details><summary>`Docle` Check if email address is real</summary><br>
 > Check if an email address is real before you hit send. Verifies syntax, DNS, MX records, SMTP mailbox existence, and cross-references multiple providers. All in real time, no signup required.
->
-> [learn more](https://github.com/treadiehq/docle)
+>
+> [github.com/treadiehq/docle](https://github.com/treadiehq/docle)
 ```sh
 # verify an email
 vestauth agent curl https://docle.co/api/verify -d '{"emails":["test@example.com"]}'
 # check your usage
-vestauth agent curl https://docle.co/api/agent/usage -X GET
+vestauth agent curl https://docle.co/api/agent/usage
 ```
 &nbsp;
@@ -238,12 +195,60 @@ vestauth agent curl https://docle.co/api/agent/usage -X GET
 * Human-in-the-loop - coming
 * Rotate NPM Tokens - coming
 * Rotate GitHub Tokens - coming
-* Working on a tool? Tell us and wel'll list it.
+* Working on a tool? Tell us and we'll list it.
 </details>
 &nbsp;
+## Authentication
+> Build your own tools. Authenticate them with a single line of code – `vestauth.tool.verify`…
+```js
+...
+const vestauth = require('vestauth')
+app.post('/whoami', async (req, res) => {
+  try {
+    const url = `${req.protocol}://${req.get('host')}${req.originalUrl}`
+    const agent = await vestauth.tool.verify(req.method, url, req.headers)
+    res.json(agent)
+  } catch (err) {
+    res.status(401).json({ code: 401, error: { message: err.message }})
+  }
+})
+...
+```
+> …the agents sign HTTP requests with a drop-in curl wrapper.
+```sh
+> SIGNED - 200
+$ vestauth agent curl https://api.vestauth.com/whoami
+{"uid":"agent-4b94ccd425e939fac5016b6b",...}
+```
+<details><summary>learn more</summary><br>
+`vestauth agent curl` autosigns `curl` requests – injecting valid signed headers according to the [web-bot-auth draft](https://datatracker.ietf.org/doc/html/draft-meunier-web-bot-auth-architecture). You can peek these with the built-in `headers` primitive.
+```sh
+$ vestauth primitives headers GET https://api.vestauth.com/whoami --pp
+{
+  "Signature": "sig1=:d4Id5SXhUExsf1XyruD8eBmlDtWzt/vezoCS+SKf0M8CxSkhKBtdHH7KkYyMN6E0hmxmNHsYus11u32nhvpWBQ==:",
+  "Signature-Input": "sig1=(\"@authority\");created=1770247189;keyid=\"B0u80Gw28W9U2Jl5t_EBiWeBajO2104kOYZ9Ikucl5I\";alg=\"ed25519\";expires=1770247489;nonce=\"NURxn28X7zyKJ9k5bHxuOyO5qdvF9L5s2qHmhTrGUzbwGSIoUCHmwSlwiiCRgTDGuum83yyWMHJU4jmrVI_XPg\";tag=\"web-bot-auth\"",
+  "Signature-Agent": "sig1=agent-4b94ccd425e939fac5016b6b.api.vestauth.com"
+}
+```
+</details>
+Vestauth handles usage, payments, and spam protection for your tool!
+&nbsp;
 ## Self-hosting
 > Run your own Vestauth server.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "vestauth",
-  "version": "0.22.0",
+  "version": "0.22.1",
   "description": "web-bot-auth for agents–from the creator of dotenvx",
   "keywords": [
     "vestauth",

package/src/server/index.js CHANGED Viewed

@@ -105,7 +105,7 @@ app.get('/.well-known/http-message-signatures-directory', async (req, res) => {
   return res.json({ keys })
 })
-app.get('/whoami', async (req, res) => {
+app.post('/whoami', async (req, res) => {
   try {
     const url = `${req.protocol}://${req.get('host')}${req.originalUrl}`
     const attrs = {