@attestproto/core (Node.js)

Reference Node.js implementation of the Agent Work Attestation Protocol v0.1.

Spec: ../../spec/SPEC.md. Cross-language interoperable with the Python reference (../python/) — Python-signed attestations verify under Node.js and vice-versa.

Install (local)

cd ~/mediator/lib/node
npm install
npm test

Library use

import {
  SPEC_VERSION, sha256Hex, generateKeypair, fingerprint,
  buildAttestationId, signAttestation, verifyAttestation,
} from '@attestproto/core';

const { signingKey, verifyKey } = generateKeypair();
const att = {
  version: SPEC_VERSION,
  attestation_id: buildAttestationId(),
  agent: { id: 'asst_demo', platform: 'mcp', model: 'claude-opus-4-7', operator: 'https://demo.com' },
  task: { type: 'demo.task', spec_hash: sha256Hex('spec') },
  input:  { hash: sha256Hex('in'),  size_bytes: 2, redaction_policy: 'none' },
  output: { hash: sha256Hex('out'), verdict: 'success', redaction_policy: 'none' },
  tool_calls: [],
  timestamps: {
    task_started:        new Date().toISOString(),
    task_completed:      new Date().toISOString(),
    attestation_emitted: new Date().toISOString(),
  },
  signature: { alg: 'ed25519', key_id: fingerprint(verifyKey) },
};
signAttestation(att, signingKey);
verifyAttestation(att, verifyKey);  // throws on failure

CLI

node src/cli.js keygen ./keys
node src/cli.js sign att.json ./keys/signing_key.hex --in-place
node src/cli.js verify att.json ./keys/verify_key.hex   # exit 0 = OK, 1 = FAIL
node src/cli.js canonicalize att.json
node src/cli.js hash some-payload.bin

Cross-language interop demo

# Sign with Python:
~/mediator/lib/python/.venv/bin/attestproto sign --in-place att.json ./keys/signing_key.hex

# Verify with Node.js:
node ~/mediator/lib/node/src/cli.js verify att.json ./keys/verify_key.hex
# OK

This is the load-bearing demo: a Python-built agent's attestation verifies under any Node.js consumer with no platform-specific assumptions.

Tests

npm test

13 tests cover: id format, sign+verify roundtrip, tamper detection, wrong-key rejection, version policy, canonical-form field-reorder defeat, Ed25519 determinism, delegation_parent, Merkle envelope, co-signatures + tag-canonical ordering.

Production gaps

• JSON Schema enforcement against attestation-v0.1.schema.json (Python lib has it; port via ajv).
• Multi-modal key resolver (DNS / DID / HTTPS / fingerprint).
• Verifier-side reputation aggregation.

License

MIT.