npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@datacules/agent-identity-store-authmd

v0.13.0

Published

auth.md registration CredentialStore for @datacules/agent-identity — ID-JAG, verified-email, and anonymous flows with OTP claim ceremony

Readme

@datacules/agent-identity-store-authmd

auth.md-compatible CredentialStore for @datacules/agent-identity. Registers your agent with downstream services using the auth.md protocol, supporting three registration flows: ID-JAG assertion, verified-email + OTP claim ceremony, and anonymous + optional upgrade ceremony.

Install

npm install @datacules/agent-identity-store-authmd @datacules/agent-identity

Quick start

import { createRouterWithConfig } from '@datacules/agent-identity';
import { AgentAuthMdStore } from '@datacules/agent-identity-store-authmd';

const store = new AgentAuthMdStore({
  configs: [
    {
      ref:               'example-api',
      kind:              'fixed',
      name:              'Example Service',
      scope:             'read write',
      status:            'active',
      resourceServerUrl: 'https://api.example.com',
      methodPreference:  ['id-jag', 'anonymous'],
      idJagProvider: {
        async mintForAudience(audience) {
          // Return a signed ID-JAG JWT for the given audience URL
          return myIdJagSigner.sign({ aud: audience });
        },
      },
    },
  ],
});

const router = createRouterWithConfig({ store, rules: myRules });
const resolved = await router.resolveAsync(ctx);
// resolved.ref is the access_token obtained from the service

Registration flows

| Flow | When used | Result | |---|---|---|
| id-jag | Service supports ID-JAG assertions | status: 'active' credential with access_token | | verified-email | Service requires verified email + OTP | Returns null until completeClaimCeremony() | | anonymous | No identity required | status: 'unclaimed' credential; upgrade with claim ceremony |

OTP claim ceremony

// After findByRef() with verified-email or anonymous:
await store.startClaimCeremony('example-api');     // triggers OTP email/SMS
const cred = await store.completeClaimCeremony('example-api', '123456');
// cred.status === 'active', cred.claimedAt is set

Caching

Tokens are cached until expiryBufferMs before expiry (default 30 s). Invalidate manually:

store.invalidateCache('example-api'); // single ref
store.flushCache();                   // all refs

Revocation

revokeByIdentity() clears the full cache when a logout+jwt is received at your revocation_uri. Wire it up via the core RevocationHandler:

import { RevocationHandler, RevocationListener } from '@datacules/agent-identity';

const listener = new RevocationListener({
  handler: new RevocationHandler(store),
  verifier: myJwtVerifier,
});

// In your Express route:
app.post('/agent/auth/revoke', async (req, res) => {
  const result = await listener.handleRequest(req.body, req.headers);
  res.status(result.httpStatus).json(result.body);
});

Error handling

findByRef() never throws. It returns null on any:

  • Non-2xx HTTP response from discovery or registration endpoints
  • Network error / DNS failure
  • Missing idJagProvider when id-jag method is selected