npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@solidus-network/agent-identity

v0.1.1

Published

Portable, verifiable, revocable identity for AI agents — did:solidus DIDs (W3C DID Method Registry: submitted, under review), BBS+ selective-disclosure credentials, and ERC-8004 passport anchoring. Testnet-grade; external audit pending.

Readme

@solidus-network/agent-identity

Portable, verifiable, revocable identity for AI agents:

  1. a did:solidus DID scoped to the agent (not the operator),
  2. an ERC-8004 Identity Registry passport (ERC-721) anchored to that DID on an L2,
  3. BBS+ selective-disclosure credentials (owner-binding, capability-scope, spend-mandate),
  4. offline hot-path verification via the sibling @solidus-network/agent-identity-verify package.

Solidus integrates ERC-8004 (an open EIP backed by MetaMask, Google, Coinbase, OriginTrail and the EF) — Solidus is the credential issuer behind the passport, not the passport standard. Operator KYC is inherited from verify.solidus.network; this SDK consumes it, it never performs KYC.

Status — read this first

  • Solidus L1 is testnet-only. DIDs resolve as did:solidus:testnet:<addr>. There is no mainnet. The testnet resets daily — DIDs and credentials created on it are wiped at the next reset, so treat everything below as a live sandbox, not durable storage.
  • The hosted issuance backend (agents.solidus.network) is not yet publicly deployed. The client methods that talk to it (registerOperator, createAgent, issueCredential, createMandate, exportAgentKey) will not connect yet — see What works today for everything that already runs against public endpoints, including creating an agent DID directly on the testnet.
  • did:solidus is submitted to the W3C DID Method Registry and under review — not yet registered.
  • BBS+ signing is testnet-grade. External audit pending (NLnet NGI Zero, H2 2026 target). Do not protect production-grade value with it yet.
  • ERC-8004 anchoring targets Base Sepolia during development. No passport has been anchored yet — that path goes live with the hosted backend.

Install

npm i @solidus-network/agent-identity

What works today (no backend)

Everything in this section runs right now, against public endpoints only.

Resolve any did:solidus DID

import { createAgentIdentity } from '@solidus-network/agent-identity'

const solidus = createAgentIdentity({ baseUrl: 'https://agents.solidus.network' })
const doc = await solidus.resolveDid('did:solidus:testnet:<addr>')
// → { id, controller, active } | null

Or from any machine with nothing but curl:

curl -s -X POST https://rpc.solidus.network \
  -H 'content-type: application/json' \
  -d '{"jsonrpc":"2.0","id":1,"method":"solidus_didResolve","params":["did:solidus:testnet:<addr>"]}'

Create an agent DID directly on the testnet (fee-exempt)

Until the hosted backend is live, create the DID with @solidus-network/sdk. Install it and the key library explicitly (both are dependencies of this package, but package managers with isolated node_modules — pnpm, Yarn PnP — won't let you import transitive dependencies). Pin @noble/ed25519 to v2 — the example uses the v2 API, which is what these packages ship with; v3 renamed it:

npm i @solidus-network/sdk @noble/ed25519@2

DidCreate is fee-exempt on the Solidus testnet for a fresh key — no funding, no faucet:

import * as ed from '@noble/ed25519'
import { createSdk } from '@solidus-network/sdk'

const priv = Buffer.from(ed.utils.randomPrivateKey()).toString('hex')
const pub = Buffer.from(await ed.getPublicKeyAsync(priv)).toString('hex')

const sdk = createSdk({ mode: 'testnet', rpcUrl: 'https://rpc.solidus.network', signerPrivateKey: priv })
const did = await sdk.did.create(pub)      // → { id: 'did:solidus:testnet:…', … }
const doc = await sdk.did.resolve(did.id)  // full W3C DID document
await sdk.did.deactivate(did.id, priv)     // revocable — resolves to null afterwards

(Keep the private key: deactivation requires the signer. On sdk 0.6.1+, an immediate deactivate after create retries a stale-nonce failure automatically; on 0.6.0, if it fails with invalid nonce, retry after a couple of seconds.)

Verify credentials offline

Selective-disclosure proof verification runs entirely offline — see @solidus-network/agent-identity-verify for the gateway/middleware verifier, and this package's deriveCredentialProof and buildAgentAuthHeader / buildMandateHeader exports for the holder side.

Quickstart — hosted backend (not yet publicly deployed)

Once agents.solidus.network is live, the full flow is:

import { createAgentIdentity } from '@solidus-network/agent-identity'

const solidus = createAgentIdentity({ baseUrl: 'https://agents.solidus.network' })

// One-time: register as an operator. Agent creation requires a KYC
// credential ref from verify.solidus.network (assurance inherited, not re-run).
await solidus.registerOperator({
  kyc: { credentialRef: 'urn:solidus:credential:…', assuranceLevel: 'substantial' },
})

const agent = await solidus.createAgent({ capabilities: ['browse'] })
// → { did: 'did:solidus:testnet:…', status: 'active', custody: 'managed', … }

Key custody

  • managed (default) — the backend mints a fresh Ed25519 keypair for the agent and escrows it encrypted. Export it any time:

    const { privateKey } = await solidus.exportAgentKey(agent.id)
  • byo — you hold the key. The DidCreate transaction is built and signed locally; only the signed transaction is relayed. The chain enforces that the transaction signer owns the registered key, so the backend physically cannot register a key it doesn't hold:

    const agent = await solidus.createAgent({ custody: 'byo', signerPrivateKey })

Trust boundary

This package is open source end-to-end and holds no issuer keys. Credential signing (BBS+ issuer, did:solidus issuer, ERC-8004 relayer) happens only in the Solidus backend — trust in a credential is trust in the issuer key, not in this code.

License

Apache-2.0