@credat/sdk
v0.3.0-alpha.1
Published
Trust layer for AI agents — delegation, verification, and mutual trust using DIDs and Verifiable Credentials
Downloads
125
Maintainers
airkyzzzReadme
Your AI agent just mass-emailed 200 contacts, booked $12,000 in flights, and approved three vendor contracts. You never authorized any of it.
Agents are multiplying. Authorization hasn't kept up. Credat fixes that.
An owner issues scoped credentials to an agent. A service verifies the agent's identity and permissions before acting. Three messages. Cryptographic proof. Done.
~28KB bundled · 2 dependencies · 174 tests · Zero config · Node.js 22+
Quick Start
npm install @credat/sdkimport {
generateKeyPair, createDidWeb, createAgent, delegate,
createChallenge, presentCredentials, verifyPresentation, hasScope
} from '@credat/sdk'
// Owner identity
const ownerKeyPair = generateKeyPair('ES256')
const ownerDid = createDidWeb('alice.example.com')
// Create an agent
const agent = await createAgent({ domain: 'agents.alice.example.com', path: 'assistant' })
// Delegate scoped permissions
const delegation = await delegate({
agent: agent.did,
owner: ownerDid,
ownerKeyPair,
scopes: ['email:read', 'calendar:write', 'travel:book'],
constraints: { maxTransactionValue: 1000 },
validUntil: new Date(Date.now() + 86_400_000).toISOString(),
})
// Service challenges the agent → Agent presents proof → Service verifies
const challenge = createChallenge({ from: 'did:web:airline.example.com' })
const presentation = await presentCredentials({ challenge, delegation: delegation.token, agent })
const result = await verifyPresentation(presentation, {
challenge,
ownerPublicKey: ownerKeyPair.publicKey,
agentPublicKey: agent.keyPair.publicKey,
})
result.valid // true
result.scopes // ['email:read', 'calendar:write', 'travel:book']
hasScope(result, 'travel:book') // trueThe agent proved who it is. The service knows what it can do.
How It Works
An owner delegates permissions to an agent as a signed credential. When a service needs to trust the agent, they run a three-message handshake: challenge, presentation, verification.
┌─────────┐ ┌─────────────┐
│ Owner │ │ Service │
│ (Alice) │ │ (Airline) │
└────┬────┘ └──────┬──────┘
│ │
│ 1. delegate(scopes, constraints) │
│ ──────────────────┐ │
▼ │ │
┌─────────┐ │ │
│ Agent │◄─────────────┘ │
│ (Alice's│ │
│ Asst.) │ 2. challenge (nonce) │
│ │◄──────────────────────────────│
│ │ │
│ │ 3. presentation (proof+VC) │
│ │──────────────────────────────►│
│ │ │
│ │ 4. verified ✓ (scopes) │
│ │◄──────────────────────────────│
└─────────┘ └──────┘Delegation — Owner signs an SD-JWT VC encoding scopes and constraints. Challenge — Service sends a random nonce to the agent. Presentation — Agent signs the nonce and presents the delegation credential. Verification — Service verifies nonce signature, VC signature, scopes, and expiration.
Features
| Feature | Description |
|---------|-------------|
| Agent Identity | Create agent identities with did:web and did:key, auto-generated DID Documents |
| Delegation | Issue scoped delegation credentials (SD-JWT VC) with constraints and expiration |
| Delegation Chains | Agent → sub-agent delegation with scope subsetting and depth limits |
| Handshake | Three-message challenge / presentation / verification protocol |
| Scope Helpers | hasScope, hasAnyScope, hasAllScopes, getAllScopes, validateConstraints |
| Selective Disclosure | Agents reveal only the scopes needed for each interaction |
| Revocation | W3C Status List 2021 for credential revocation |
| Storage | Pluggable storage (in-memory default, SQLite optional) |
| Crypto | ES256 (P-256) and EdDSA (Ed25519) via @noble/curves |
| DIDs | did:web and did:key — create and resolve |
| Type-Safe | Full TypeScript strict mode, discriminated unions, all types exported |
| Dual Build | ESM + CommonJS, tree-shakeable |
Why Credat
- 🔐 Standards-based — W3C DIDs + SD-JWT VC. Not proprietary. Your agents speak the same language as the rest of the identity ecosystem.
- 📦 Two dependencies —
@noble/curvesand@noble/hashes. No blockchain. No cloud service. No vendor lock-in. - 🦺 TypeScript-first — Strict mode, discriminated unions, every type exported. Your IDE catches bugs before you run anything.
- 🔌 Transport-agnostic — HTTP, WebSocket, DIDComm, message queue. Credat handles trust, you handle transport.
- 🎯 Scopes are yours — Credat stores and verifies permission strings. Your domain defines what they mean.
Think of it as the Zod of agent trust — small, typed, standards-based, does one thing well.
Use Cases
- AI Assistants — Your agent books flights and sends emails. Credat proves to the airline API it has permission to act on your behalf.
- Multi-Agent Systems — Agent A calls Agent B's API. The handshake lets them verify each other's identity and scopes before exchanging data.
- Customer Service Bots — A support bot handles refunds up to $500. Delegation constraints enforce the spending limit cryptographically.
- Agent Marketplaces — A platform hosts third-party agents, each scoped to exactly what the user authorized.
Ecosystem
| Integration | Status | |-------------|--------| | Node.js / TypeScript | ✅ Available | | MCP (Model Context Protocol) | 🔨 In Progress | | LangChain / LangGraph | 🔨 In Progress | | OpenAI Agents SDK | 📋 Planned | | Vercel AI SDK | 📋 Planned |
Want an integration? Open an issue or start a discussion.
Specifications
| Specification | Status | |---------------|--------| | SD-JWT VC (draft-14) | Implemented | | W3C Status List 2021 | Implemented | | did:web | Implemented | | did:key | Implemented | | ES256 (P-256) / EdDSA (Ed25519) | Implemented |
Contributing
Credat is young and moving fast. Contributions are welcome — whether it's a bug fix, a new integration, better docs, or just feedback.
git clone https://github.com/credat/credat.git
cd credat
npm install
npm test # 174 tests
npm run build # ESM + CJS + .d.ts
npm run typecheck # TypeScript strict
npm run lint # BiomeWe follow conventional commits. Check out the open issues to get started.
License
Apache 2.0 — free for commercial use.