npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@coasys/ad4m-connect

v0.11.1

Published

Lib for handling everything needed to setup a connection to a local or remote ad4m-executor

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

leifriksheimleifriksheimlucksuslucksusjdeepeejdeepeefayeedfayeedjhweir_coasysjhweir_coasysjhweirjhweir

Keywords

Readme

AD4M Connection Library and Authentication Wizard

A powerful library that simplifies connecting applications to AD4M executors by handling:

  • Executor discovery and connection
  • Capability-based authentication
  • Token management and storage
  • Connection state management

Overview

AD4M uses a capability-based security model to protect user data and control access to agent functionality. Every application that wants to interact with an AD4M executor needs to request specific capabilities, which are then granted (or denied) by the user.

What are Capabilities?

Capabilities in AD4M are like permission tokens that:

  • Define what data an application can access (which perspectives)
  • Specify what operations an application can perform
  • Are scoped to specific domains and functions
  • Can be revoked by the user at any time

A capability token might grant permissions like:

  • Read access to specific perspectives
  • Write access to create or modify links
  • Ability to create new perspectives
  • Permission to manage agent relationships
  • Access to specific language functions

Installation

npm install -s @coasys/ad4m-connect

Authentication Flow

When an application wants to connect to an AD4M executor, it goes through a secure authentication handshake:

  1. The application requests access with specific capabilities
  2. The AD4M executor generates a random verification code
  3. The user must confirm the request and enter the code
  4. Upon successful verification, a capability token is issued

Visual Flow

  1. Initial Connection Screen: Initial Connection

  2. Executor Found: Executor Found

  3. Authorization Request: Authorization Request

  4. Verification Code: Verification Code

Usage

In the Browser

import Ad4mConnectUI from "@coasys/ad4m-connect";

const ui = Ad4mConnect({
  // Required parameters
  appName: "My AD4M App",
  appDesc: "A description of what your app does",
  appDomain: "myapp.com",
  capabilities: [{ 
    with: { domain: "*", pointers: ["*"] }, 
    can: ["*"] 
  }],
  
  // Optional parameters
  appIconPath: "https://myapp.com/icon.png",
  port: 12345,  // Custom port
  token: "existing-token",  // Existing JWT token
  url: "custom-executor-url"  // Custom executor URL
});

// Listen for authentication state changes
ui.addEventListener("authstatechange", (e) => {
  switch(e.detail) {
    case "authenticated":
      console.log("Successfully authenticated");
      break;
    case "unauthenticated":
      console.log("Not authenticated");
      break;
    case "locked":
      console.log("Agent is locked");
      break;
  }
});

// Connect and get AD4M client
ui.connect().then((client) => {
  // Client is now ready to use
  console.log("Connected with capabilities");
});

In Node.js / Electron

const { ad4mConnect } = require("@coasys/ad4m-connect/electron");

ad4mConnect({
  // Provide the name of your app to be displayed in the dialog
  appName: "Perspect3ve",
  // Provide an icon to be displayed in the dialog as well
  appIconPath: path.join(__dirname, "graphics", "Logo.png"),
  // Name the capabilities your app needs
  // (this is an example with all capabilities)
  capabilities: [{ with: { domain: "*", pointers: ["*"] }, can: ["*"] }],
  // Provide a directory in which the capability token and the executor
  // URL will be stored such that future calls won't even open a dialog
  // but try the token against that URL and resolve immediately
  // if it works.
  dataPath: path.join(homedir(), ".perspect3ve"),
})
  .then(({ client, capabilityToken, executorUrl }) => {
    // Retrieved `capabilityToken` and selected `executorUrl` are returned
    // but all that is really needed is `client` which is a fully setup
    // (including capability token) and working Ad4mClient.
    //
    // Both, the URL and the token have already been stored on disk
    // in the directory provided as `dataPath`.
    //
    // Consequetive calls
    createWindow(client);
  })
  .catch(() => {
    console.log("User closed AD4M connection wizard. Exiting...");
    app.exit(0);
    process.exit(0);
  });

Capability Specification

When requesting capabilities, specify:

{
  with: {
    domain: string | "*",     // Which perspective/domain
    pointers: string[] | "*"  // Which parts of the domain
  },
  can: string[] | "*"         // Which operations are allowed
}

Examples:

// Full access (development only)
{ with: { domain: "*", pointers: ["*"] }, can: ["*"] }

// Read-only access to a perspective
{ with: { domain: "perspective-uuid", pointers: ["*"] }, can: ["read"] }

// Specific operations on a domain
{ with: { domain: "friends", pointers: ["*"] }, can: ["read", "add", "remove"] }

Events

The library emits various events to help track connection state:

  • authstatechange:

    • authenticated: Successfully connected with capabilities
    • unauthenticated: No valid authentication
    • locked: Agent is locked

  • connectionstatechange:

    • connecting: Attempting to connect
    • connected: Successfully connected
    • not_connected: No connection
    • disconnected: Lost connection
    • error: Connection error

  • configstatechange: Configuration changes for token, url, or port

Mobile Integration

Android Setup

Add to android/app/src/main/AndroidManifest.xml:

<?xml version="1.0" encoding="utf-8"?>
<manifest
  xmlns:android="http://schemas.android.com/apk/res/android"
+  xmlns:tools="http://schemas.android.com/tools"
  package="com.example">

  <application
+    android:hardwareAccelerated="true"
  >
  </application>

+  <uses-permission android:name="android.permission.CAMERA" />

+  <uses-sdk tools:overrideLibrary="com.google.zxing.client.android" />
</manifest>

iOS Setup

Add to Info.plist:

<dict>
+  <key>NSCameraUsageDescription</key>
+  <string>To be able to scan barcodes</string>
</dict>

After changes, run:

npx cap sync
npx cap build

Best Practices

  1. Request Minimal Capabilities

    • Only request permissions your app actually needs
    • Use specific domains and operations instead of wildcards
    • Consider read-only access when possible

  2. Handle Authentication States

    • Check if capabilities are still valid
    • Implement reconnection logic
    • Handle capability revocation gracefully

  3. Secure Storage

    • Store capability tokens securely
    • Never expose admin credentials
    • Implement token refresh mechanisms

  4. User Experience

    • Clearly explain why your app needs certain capabilities
    • Provide feedback during the authentication process
    • Handle errors gracefully

More Information

For more details about AD4M authentication and capabilities: