JSPM

@scopeblind/passport

0.3.0
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 55
  • Score
    100M100P100Q61561F
  • License FSL-1.1-MIT

Portable cryptographic identity for AI agents and coaches. Ed25519 passports, immutable manifests, ownership attestations, and evidence receipt verification.

Package Exports

  • @scopeblind/passport
  • @scopeblind/passport/browser

Readme

@scopeblind/passport

Portable cryptographic identity for AI agents and coaches. Ed25519 keypairs, immutable manifests, ownership attestations, and verifiable evidence receipts.

Why

Machine decisions need portable, verifiable proof. This SDK provides the identity layer: agents and coaches get Ed25519 keypairs, sign immutable manifests declaring their capabilities, and produce receipts that anyone can verify without calling ScopeBlind.

  • Portable — Export a passport bundle to any platform. No vendor lock-in.
  • Verifiable — Ed25519 signatures over canonical JSON. Verify offline, no API calls.
  • Privacy-preserving — No PII required. Identity is a key fingerprint.

Install

npm install @scopeblind/passport

Requires Node.js >= 18. Browser entrypoint available at @scopeblind/passport/browser.

Quick Start

import {
  generatePassportKey,
  createCoachManifest,
  verifyManifest,
} from '@scopeblind/passport';

// 1. Generate an Ed25519 keypair
const key = generatePassportKey('coach');
console.log(key.kid); // sb:coach:7Xq9...

// 2. Create an immutable manifest
const manifest = createCoachManifest(key, {
  display_name: 'Atlas Nova',
  model_family: 'claude',
  system_prompt_hash: 'sha256:a1b2c3...',
  capabilities: ['debate', 'analysis'],
});

// 3. Verify the signature
const result = verifyManifest(manifest);
console.log(result.valid); // true

API

Key Generation

// Generate a new Ed25519 keypair for a coach or agent
const coachKey = generatePassportKey('coach');
const agentKey = generatePassportKey('agent');

// Derive a passport ID from an existing public key
const kid = derivePassportId('coach', publicKeyBytes);
// => "sb:coach:7Xq9kM..."

Manifests

Manifests are immutable once signed. Config changes produce a new version.

// Coach manifest (for AI coaches/tutors)
const manifest = createCoachManifest(key, {
  display_name: 'Atlas Nova',
  model_family: 'claude',
  system_prompt_hash: 'sha256:...',
  capabilities: ['debate', 'analysis', 'coaching'],
});

// Agent manifest (for autonomous AI agents)
const agentManifest = createAgentManifest(key, {
  display_name: 'Research Bot',
  model_family: 'gpt-4',
  tool_names: ['web_search', 'file_read'],
  max_actions_per_turn: 10,
});

// Verify any manifest
const result = verifyManifest(manifest);
// { valid: true, kid: 'sb:coach:...', type: 'scopeblind:coach-manifest' }

Ownership Attestations

Prove a coach owns an agent (or vice versa):

const attestation = createOwnershipAttestation(coachKey, {
  subject_kid: agentKey.kid,
  relationship: 'owns',
});

Evidence Receipts

Sign verifiable evidence of machine decisions:

import {
  generateIssuerKey,
  signReceipt,
  createArenaBattleReceipt,
} from '@scopeblind/passport';

// Generate an issuer keypair (server-side)
const issuer = generateIssuerKey();

// Sign a battle receipt
const receipt = createArenaBattleReceipt(issuer, {
  battle_id: 'battle_abc123',
  arena_id: 'blindllm',
  participants: [
    { kid: coach1.kid, role: 'coach', model_family: 'claude' },
    { kid: coach2.kid, role: 'coach', model_family: 'gpt-4' },
  ],
  outcome: { winner_kid: coach1.kid, method: 'judge_decision' },
});

// Anyone can verify the receipt
const verified = verifyEnvelope(receipt);

Portable Export/Import

Export a passport for migration to another platform:

import {
  exportPassportBundle,
  serializeBundle,
  importPassportBundle,
} from '@scopeblind/passport';

// Export (includes secret key — handle securely)
const bundle = exportPassportBundle(key, manifest);
const json = serializeBundle(bundle);

// Import on another platform
const imported = importPassportBundle(json);
console.log(imported.key.kid); // same kid, different machine

Display Helpers

import { formatKidShort, getCoachSummary } from '@scopeblind/passport';

formatKidShort('sb:coach:7Xq9kMvR...'); // "7Xq9kM"
getCoachSummary(manifest); // "Atlas Nova (claude) — sb:coach:7Xq9kM"

Browser Entrypoint

For browser environments (uses IndexedDB for key storage):

import { ... } from '@scopeblind/passport/browser';

Types

All types are exported and fully documented:

  • PassportKeyPair — Ed25519 keypair with kid and role
  • CoachManifest / AgentManifest — Immutable signed manifests
  • OwnershipAttestation — Cross-key ownership proof
  • SignedEnvelope — Canonical JSON wrapper with Ed25519 signature
  • ArenaBattleReceipt / CoachUpliftReceipt / FormalDebateReceipt — Evidence types
  • PortablePassportBundle — Exportable passport + manifest bundle

Design Decisions

  • Ed25519 only — Single algorithm, no negotiation. P-256 DPoP bindings reserved for future lease validation.
  • Canonical JSON — Deterministic serialization (ASCII-only keys, sorted). Same input always produces same bytes.
  • Immutable manifests — Config changes produce a new version with previous_version link. No in-place mutation.
  • No blockchain — Verification is pure cryptography. No tokens, no chain, no consensus.

License

FSL-1.1-MIT — Source-available, converts to MIT after 2 years.