uniplex
v1.2.1
Published
The trust layer for AI agents
Downloads
351
Maintainers
standardlogicReadme
Uniplex TypeScript SDK
Implements Uniplex Specification v1.1.0 + Commerce Extension v1.0.0.
The official TypeScript/JavaScript reference SDK for the Uniplex protocol — AI agent trust infrastructure.
Installation
npm install uniplexQuick Start
import { Agent } from 'uniplex';
// Create a self-issued agent
const agent = await Agent.create('my-agent', { permissions: '*' });
// Check authorization
const decision = await agent.authorize('search');
if (decision.allowed) {
console.log('Action authorized!');
}Core Features
| Feature | Spec Reference | Description | |---------|---------------|-------------| | L1/L2/L3 Verification | §7, §8 | Signature, expiry, issuer policy, permission checks | | Delegation Chains | §27 | Attenuation-only delegation with depth limits | | Anonymous Access | §14A | Policy-based anonymous access with anti-downgrade invariant | | Constraint Enforcement (CEL) | §14B | Temporal, scope, rate, cost, approval, and data constraints | | Session Grants | §24 | Signed, scoped, call-limited fast-path tokens | | Proof of Possession | §12 | Binds requests to passport holder (L2+) | | Trust Registry | §18 | Issuer trust resolution and revocation | | MCP Integration | — | MCPAuthorizer + MCPClient for Model Context Protocol | | Failure Modes | §22.1 | Complete reason code registry per spec |
Core Concepts
Passport
Agent identity and permissions:
import { Passport } from 'uniplex';
const passport = await Passport.createSelfIssued('my-agent', {
permissions: 'mcp:*',
duration: 7 * 24 * 60 * 60 * 1000, // 7 days
});
// Verify signature
const valid = await passport.verifySignature();
// Check permissions
passport.hasPermission('mcp:search'); // true
passport.hasPermission('other:action'); // falseGate
Authorization enforcement:
import { Gate, GateRequest, TrustProfile } from 'uniplex';
const gate = new Gate({ profile: TrustProfile.L1 });
const request = GateRequest.create(passport, 'mcp:search', {
target: 'mcp://tools.example.com',
});
const decision = await gate.authorize(request);
if (decision.allowed) {
// Proceed
} else {
console.log(`Denied: ${decision.reasonCode}`);
}Attestation
Signed proof of authorization:
import { Attestation } from 'uniplex';
const attestation = await Attestation.fromDecision(request, decision, {
gateId: 'my-gate',
});
// Verify later
const valid = await attestation.verifySignature();Extensions
Delegation Chains (§27)
import { createDelegatedPassport, verifyDelegationChain } from 'uniplex';
const delegated = await createDelegatedPassport({
parentPassport: parentData,
childAgentId: 'child-agent',
childPublicKey,
permissions: ['search'], // must be subset of parent
expiresAt: parentData.provenance.expiresAt,
issuerPrivateKey: parentPrivKey,
});Constraint Enforcement (§14B)
const decision = await gate.authorize(request, {
constraints: {
'core:scope:domain_allowlist': ['acme.com'],
'core:cost:max_per_action': 5000,
},
costCents: 100,
});
if (decision.obligations?.includes('require_approval')) {
// Action needs human approval before execution
}Session Grants (§24)
import { createSessionGrant } from 'uniplex';
const grant = await createSessionGrant(passport, {
gateId: 'gate_acme',
audience: 'mcp://server',
actions: ['search', 'read'],
maxCalls: 100,
ttlSeconds: 300,
gatePrivateKey,
});
// Fast-path authorization (~1ms)
const decision = await gate.authorize(request, {
sessionGrant: grant,
gatePublicKey,
});Proof of Possession (PoP)
Required for L2+, binds requests to passport holder:
import { ProofOfPossession, PoPVerifier } from 'uniplex';
const pop = await ProofOfPossession.create(
passport.passportId,
'mcp://server',
privateKey
);
const verifier = new PoPVerifier();
const result = await verifier.verify(pop, passportId, audience, publicKey);Trust Registry
Manage verified issuers:
import { MemoryRegistry, TrustTier } from 'uniplex';
const registry = new MemoryRegistry();
registry.registerIssuer({
issuerId: 'acme-corp',
trustTier: TrustTier.VERIFIED,
publicKeys: [],
revoked: false,
});Trust Profiles
| Profile | Use Case | Self-Issued | PoP Required | |---------|----------|-------------|--------------| | L1 | Development | Yes | No | | L2 | Production | No | Yes | | L3 | High-assurance | No | Yes |
Commerce Extension (v1.0.0)
Agent-to-agent commerce with cryptographic metering, settlement, and dispute resolution.
import {
publishCatalog,
createConsumptionAttestation,
aggregateSettlement,
computeSlaCompliance,
computeMerkleRoot,
createMutualAttestation,
arbitrate,
} from 'uniplex/commerce';| Module | Description |
|--------|-------------|
| signing | Ed25519 signatures, content hashing (RFC 4648 §4 base64) |
| fee | Integer-only platform fee computation (ceiling division) |
| catalog | Catalog publishing, verification, version pinning, breaking change detection |
| pop | Commerce Proof-of-Possession for billable actions |
| attestation | Consumption attestation creation and verification |
| settlement | Settlement aggregation, verification, status transitions, SLA compliance |
| digest | Session digest Merkle trees, inclusion proofs |
| discovery | Service discovery query matching and result formatting |
| dispute | Dispute bundle creation and reference arbitration |
| mutual | Agent co-signature on high-value consumption attestations |
License
Apache-2.0