npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@atrib/directory

v0.1.2

Published

Identity-claim directory SDK for atrib. Publish, lookup, history, and proof-of-absence operations with cryptographic proofs per atrib spec §6.

Downloads

401

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

creatornadercreatornader

Keywords

atribakdtransparency-logidentitywasm

Readme

@atrib/directory

AKD-backed identity-claim directory SDK for atrib. Lets producers publish signed identity claims and capability envelopes; lets verifiers look up + verify those claims with cryptographic proofs.

Implements spec §6 (Public-Key Directory) as a thin TypeScript SDK over an AKD WASM bridge. Per D034: ships the WASM bridge inline. No platform-specific binaries, no native build steps.

import { signClaim, lookup } from '@atrib/directory'

// Producer side: publish your identity claim
const claim = {
  spec_version: 'atrib/1.0',
  claim_subject: {
    display_name: 'My Agent',
    organization: 'My Org',
    url: 'https://my-tool.example.com',
  },
  // ... per spec §6.1 IdentityClaim shape
}
const signed = await signClaim(claim, privateKey)
await fetch('https://directory.atrib.dev/v6/claims', {
  method: 'POST',
  body: JSON.stringify(signed),
})

// Verifier side: look up a claim by creator_key
const result = await lookup({
  endpoint: 'https://directory.atrib.dev/v6',
  creator_key: 'haoZK4D1AXmy_r05GJP4CZGOv0zh0iK1l7ls1FA8oZI',
})
if (result.found) {
  console.log('claim:', result.claim)
  console.log('proof:', result.lookup_proof) // AKD non-membership/membership proof
  console.log('anchor:', result.anchor)      // pointer to the directory_anchor tlog record
}

What the SDK does

Per spec §6.2 (operations) and §6.3 (verifier consultation):

  • signClaim(claim, privateKey): JCS-canonicalize an IdentityClaim and Ed25519-sign it. The claim_subject describes the producer; signature is over the canonical bytes.
  • lookup({ endpoint, creator_key }): POST to the directory's /lookup endpoint, returns LookupResult with the claim (if found), an AKD lookup proof, and a reference to the directory_anchor tlog record per §6.2.4.
  • history({ endpoint, creator_key }): Returns the full append-only history of claims for a creator_key (rotations, revocations).
  • proveAbsence({ endpoint, creator_key }): AKD non-membership proof. Used by verifiers when they need to prove a key was NOT registered at a given epoch.

Capability envelopes (§6.7)

Optional capabilities field on a published claim declares what the signer is authorized to do: tool names, event types, payment limits, counterparty restrictions, expiry. Verifiers cross-check the envelope against records signed by that key and surface in_envelope: false annotations on out-of-envelope records (signal not block).

const claim = {
  // ... base IdentityClaim fields
  capabilities: {
    tool_names: ['search', 'fetch'],
    event_types: ['tool_call'],
    max_amount: { currency: 'USD', value: 100 },
    expires_at: '2027-01-01T00:00:00Z',
  },
}

See spec §6.7 for the full schema.

Trust posture (§6.3 + §8.7)

The directory returns claims, not facts. The SDK does not assert that a claim is true: only that it was signed by the holder of the named creator_key. Verifiers cross-check against the anchored checkpoint root from the tlog (§6.2.4) and surface signals; downstream consumers decide policy.

Install

npm install @atrib/directory

The WASM artifact (~80 kB) ships inside the package. No additional installs.

License

Apache-2.0.