vestauth 0.8.5 → 0.8.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +13 -1
- package/README.md +2 -2
- package/package.json +1 -1
- package/src/cli/actions/agent/curl.js +3 -0
- package/src/lib/api/postRegister.js +1 -1
- package/src/lib/api/postVerify.js +0 -45
package/CHANGELOG.md
CHANGED
|
@@ -2,7 +2,19 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
|
|
4
4
|
|
|
5
|
-
[Unreleased](https://github.com/vestauth/vestauth/compare/v0.8.
|
|
5
|
+
[Unreleased](https://github.com/vestauth/vestauth/compare/v0.8.7...main)
|
|
6
|
+
|
|
7
|
+
## [0.8.7](https://github.com/vestauth/vestauth/compare/v0.8.6...v0.8.7) (2026-02-06)
|
|
8
|
+
|
|
9
|
+
### Changed
|
|
10
|
+
|
|
11
|
+
* Clean up some cruft
|
|
12
|
+
|
|
13
|
+
## [0.8.6](https://github.com/vestauth/vestauth/compare/v0.8.5...v0.8.6) (2026-02-06)
|
|
14
|
+
|
|
15
|
+
### Changed
|
|
16
|
+
|
|
17
|
+
* Add `debug` logs to `agent curl`
|
|
6
18
|
|
|
7
19
|
## [0.8.5](https://github.com/vestauth/vestauth/compare/v0.8.4...v0.8.5) (2026-02-06)
|
|
8
20
|
|
package/README.md
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
|
|
5
5
|
> [1 minute demo 📺](https://www.youtube.com/watch?v=cHARyULr_qk)
|
|
6
6
|
>
|
|
7
|
-
> Vestauth gives agents a cryptographic identity and a simple way to authenticate HTTP requests. Most agent systems rely on API keys, bearer tokens, or username/passwords. These approaches are difficult to rotate, easy to leak, and hard to attribute to a specific agent. Vestauth replaces shared secrets with public/private key cryptography. Agents sign requests using a private key, and providers verify those requests using the agent's public key. [[1](#compare)]
|
|
7
|
+
> Vestauth gives agents a cryptographic identity and a simple way to authenticate HTTP requests. Most agent systems rely on API keys, bearer tokens, or username/passwords. These approaches are difficult to rotate, easy to leak, and hard to attribute to a specific agent. Vestauth replaces shared secrets with public/private key cryptography. Agents sign requests using a private key, and providers verify those requests using the agent's public key. It's elegant and the future. [[1](#compare)]
|
|
8
8
|
>
|
|
9
9
|
> *Scott Motte–creator of `dotenv` and `dotenvx`*
|
|
10
10
|
|
|
@@ -20,7 +20,7 @@ npm i -g vestauth
|
|
|
20
20
|
vestauth agent init
|
|
21
21
|
|
|
22
22
|
vestauth agent curl https://api.vestauth.com/whoami
|
|
23
|
-
vestauth agent curl -X POST https://ping.vestauth.com
|
|
23
|
+
vestauth agent curl -X POST https://ping.vestauth.com/ping
|
|
24
24
|
```
|
|
25
25
|
|
|
26
26
|
<details><summary>with curl 🌐 </summary><br>
|
package/package.json
CHANGED
|
@@ -26,6 +26,9 @@ async function curl () {
|
|
|
26
26
|
|
|
27
27
|
const { stdout, exitCode } = await execute.execa(injected[0], injected.slice(1), {})
|
|
28
28
|
|
|
29
|
+
logger.debug(`exitCode: ${exitCode}`)
|
|
30
|
+
logger.debug(`stdout: ${stdout}`)
|
|
31
|
+
|
|
29
32
|
if (exitCode !== 0) {
|
|
30
33
|
logger.debug(`received exitCode ${exitCode}`)
|
|
31
34
|
throw new Errors({ exitCode }).commandFailed()
|
|
@@ -13,7 +13,7 @@ class PostRegister {
|
|
|
13
13
|
const publicJwk = this.publicJwk
|
|
14
14
|
|
|
15
15
|
const httpMethod = 'POST'
|
|
16
|
-
const headers = await agentHeaders(httpMethod, url, '
|
|
16
|
+
const headers = await agentHeaders(httpMethod, url, 'REQUESTING')
|
|
17
17
|
headers['Content-Type'] = 'application/json'
|
|
18
18
|
|
|
19
19
|
const resp = await http(url, {
|
|
@@ -1,45 +0,0 @@
|
|
|
1
|
-
const { http } = require('../helpers/http')
|
|
2
|
-
const buildApiError = require('../helpers/buildApiError')
|
|
3
|
-
|
|
4
|
-
class PostVerify {
|
|
5
|
-
constructor (hostname, httpMethod, uri, signature, signatureInput) {
|
|
6
|
-
this.hostname = hostname || 'https://api.vestauth.com'
|
|
7
|
-
this.httpMethod = httpMethod
|
|
8
|
-
this.uri = uri
|
|
9
|
-
this.signature = signature
|
|
10
|
-
this.signatureInput = signatureInput
|
|
11
|
-
}
|
|
12
|
-
|
|
13
|
-
async run () {
|
|
14
|
-
const url = `${this.hostname}/verify`
|
|
15
|
-
const httpMethod = this.httpMethod
|
|
16
|
-
const uri = this.uri
|
|
17
|
-
const signature = this.signature
|
|
18
|
-
const signatureInput = this.signatureInput
|
|
19
|
-
|
|
20
|
-
const headers = {
|
|
21
|
-
'Content-Type': 'application/json'
|
|
22
|
-
}
|
|
23
|
-
|
|
24
|
-
const resp = await http(url, {
|
|
25
|
-
method: 'POST',
|
|
26
|
-
headers,
|
|
27
|
-
body: JSON.stringify({
|
|
28
|
-
http_method: httpMethod,
|
|
29
|
-
uri,
|
|
30
|
-
signature,
|
|
31
|
-
signature_input: signatureInput
|
|
32
|
-
})
|
|
33
|
-
})
|
|
34
|
-
|
|
35
|
-
if (resp.statusCode >= 400) {
|
|
36
|
-
const json = await resp.body.json()
|
|
37
|
-
throw buildApiError(resp.statusCode, json)
|
|
38
|
-
}
|
|
39
|
-
|
|
40
|
-
const json = await resp.body.json()
|
|
41
|
-
return json
|
|
42
|
-
}
|
|
43
|
-
}
|
|
44
|
-
|
|
45
|
-
module.exports = PostVerify
|