@signedby/sdk

v0.1.0-beta.9

Published

13 hours ago

SIGNEDBYME SDK - Human-Controlled Identity for Autonomous Agents

0High
0Medium
0Low

1privacy-lion

signedby identity zk-proofs zero-knowledge nostr bitcoin lightning authentication oidc did

SIGNEDBYME TypeScript SDK

Human-Controlled Identity for Autonomous Agents

What is SIGNEDBYME?

SIGNEDBYME is the identity layer for autonomous agents. Agents prove membership in enterprise-authorized groups using Groth16 zero-knowledge proofs — without revealing which agent they are. The enterprise gets a boolean: authorized. No identity revealed.

This SDK enables agents to generate cryptographic identity, produce zero-knowledge proofs, and authenticate to enterprises via NOSTR and OIDC.

Installation

npm install @signedby/sdk
# or
yarn add @signedby/sdk

Quick Start

import { 
  AgentIdentity, 
  EncryptedFileStorage, 
  MembershipProver, 
  NostrClient 
} from '@signedby/sdk';

// Initialize secure storage
const storage = new EncryptedFileStorage('./agent_data');

// Create agent identity (one-time setup)
const identity = new AgentIdentity(storage);
const state = await identity.initialize();

console.log(`Agent npub: ${state.agentNpub}`);
console.log(`Leaf commitment: ${state.leafCommitment}`);

// Generate Groth16 proof for authentication
const prover = MembershipProver.fromCircuitsDir('./circuits');

const leafSecret = identity.getLeafSecret();
const witness = await loadWitness(storage, 'acme');

const proof = await prover.generateProof(leafSecret, witness);
console.log(`Proof generated in ${proof.proofTimeMs}ms`);

// Publish proof to NOSTR
const client = await NostrClient.connect(identity);
await client.publishProofEvent(proofData);

Features

DID Generation: secp256k1 keypair in secure storage (OS keyring, Keychain, DPAPI), never extractable
Groth16 ZK Proofs: BN254 curve, ~101K constraints, <3s on ARM64 via native Rust core (napi-rs)
Bitcoin-Backed: Identity fused with Lightning payment at creation via NWC (NIP-47)
NOSTR Integration: Publish kinds 28101 (proof), 28102 (delegation ack), 28103 (revocation ack); poll for kinds 28200/28250/28251; NIP-42 relay authentication; decentralized audit trail on public relays
Witness Caching: Merkle path cached locally, auto-refresh when root rotates out of 30-root window

Modules

| Export | Purpose | |--------|---------| | AgentIdentity | DID generation, leaf_secret derivation | | EncryptedFileStorage | Encrypted storage with OS keyring (ChaCha20-Poly1305) | | MembershipProver | Groth16 proof generation via native Rust | | NostrClient | NOSTR relay client with NIP-42 auth | | EnrollmentBootstrap | Three-gate genesis flow | | DelegationValidator | Delegation validation (kind 28250/28251) | | NwcWallet | NWC wallet integration (NIP-47) |

SDK Lifecycle

One-Time Initialization

Generate DID in secure storage
Derive leaf_secret (5 BN254 field elements)
Compute leaf_commitment = Poseidon2(leaf_secret)
Load Groth16 proving key (~88MB)
Initialize NWC wallet for Lightning

Enrollment per Enterprise

Three-gate genesis flow — runs once per enterprise:

Gate 1: Email + token verification via kind 28202
Gate 2: Human signs kind 28250 delegation
Gate 3: Leaf appended to Merkle tree

Authentication

Generate Groth16 proof from leaf_secret + cached witness
Publish kind 28101 to NOSTR
Enterprise validates and calls API
Agent receives OIDC id_token

Requirements

Node.js 18+
Native libraries bundled for supported platforms

Supported Platforms

Linux x64 (glibc)
Linux ARM64 (glibc)
macOS x64 (Intel)
macOS ARM64 (Apple Silicon)
Windows x64

Documentation

License

SSAL-1.0 (SIGNEDBYME Source-Available License)