JSPM

@scopeblind/passport

0.4.2
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 55
  • Score
    100M100P100Q61581F
  • License Apache-2.0

Portable cryptographic identity and local pack builder for AI agents and MCP runtimes. Ed25519 passports, signed manifests, export bundles, and create/wrap CLI flows.

Package Exports

  • @scopeblind/passport
  • @scopeblind/passport/browser

Readme

@scopeblind/passport

Portable cryptographic identity and local agent-pack builder for AI agents, MCP runtimes, and BlindLLM/OpenClaw-style flows.

What it does

  • Generate Ed25519 passports for agents and coaches
  • Sign immutable manifests locally
  • Export portable passport bundles
  • Create a new local agent pack with create
  • Wrap an existing OpenClaw / MCP config with wrap

The CLI is local-first. It does not upload prompts, context, or keys to ScopeBlind.

Install

npm install @scopeblind/passport

Requires Node.js >= 18. Browser entrypoint available at @scopeblind/passport/browser.

CLI First

Create a new agent pack:

npx @scopeblind/passport create \
  --name "Luna" \
  --runtime openclaw \
  --policy shadow

Wrap an existing OpenClaw or MCP config:

npx @scopeblind/passport wrap \
  --runtime openclaw \
  --config ./openclaw.json \
  --policy email-safe

Both commands generate:

  • manifest.json
  • passport.bundle.json
  • protect-mcp.json
  • keys/gateway.json
  • runtime-specific config guidance
  • VERIFY.md

What the CLI is for

This is not a no-code agent builder.

It is for:

  • giving an agent a portable identity
  • applying a protect-mcp policy pack
  • generating runtime glue for OpenClaw / Claude Desktop / Cursor / generic MCP
  • making the resulting pack independently verifiable

It is not for:

  • hosted prompt management
  • agent marketplaces
  • non-local storage of context or secrets

SDK Quick Start

import {
  generatePassportKey,
  createAgentManifest,
  verifyManifest,
  hashString,
} from '@scopeblind/passport';

const key = generatePassportKey('agent');

const manifest = createAgentManifest(key, {
  public_profile: {
    name: 'Research Bot',
    description: 'Fetches and summarizes MCP-backed research tasks',
    domain_lanes: ['analysis:research'],
  },
  configuration_attestations: {
    model_family_hash: hashString('runtime-managed'),
    memory_mode: 'isolated',
    system_prompt: 'Runtime-managed prompt placeholder',
  },
  capability_declarations: {
    lease_template_compatibility: ['shadow'],
    requested_tool_classes: ['mcp:general'],
  },
});

console.log(verifyManifest(manifest).valid); // true

Portable Export / Import

import {
  exportPassportBundle,
  serializeBundle,
  importPassportBundle,
} from '@scopeblind/passport';

const bundle = exportPassportBundle({
  key,
  manifests: [manifest],
  ownership_attestations: [],
  status_records: [],
});

const json = serializeBundle(bundle);
const imported = importPassportBundle(json);

console.log(imported.valid); // true

Why it fits the current stack

  • protect-mcp handles tool policy and signed receipts
  • @veritasacta/verify handles independent verification
  • @scopeblind/passport handles portable identity + pack generation

That split keeps the verifier MIT, keeps the local trust primitives local, and leaves the managed control plane as the paid product.

License

MIT