https://github.com/hungnguyenhtbvn-max/autron-protocol

Autron Protocol – Open Identity Standard for AI Agents. OAuth for the Agentic Era.
https://github.com/hungnguyenhtbvn-max/autron-protocol
agentic-ai ai-agents authentication did identity interoperability mcp oauth open-standard
Last synced: 4 months ago
JSON representation
Autron Protocol – Open Identity Standard for AI Agents. OAuth for the Agentic Era.
Host: GitHub
URL: https://github.com/hungnguyenhtbvn-max/autron-protocol
Owner: hungnguyenhtbvn-max
License: apache-2.0
Created: 2026-02-28T16:27:21.000Z (4 months ago)
Default Branch: main
Last Pushed: 2026-02-28T18:47:33.000Z (4 months ago)
Last Synced: 2026-02-28T19:59:55.097Z (4 months ago)
Topics: agentic-ai, ai-agents, authentication, did, identity, interoperability, mcp, oauth, open-standard
Language: JavaScript
Homepage: https://github.com/hungnguyenhtbvn-max/autron-protocol
Size: 110 KB
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project

README

          # Autron Protocol

[![npm version](https://img.shields.io/npm/v/@autron/core)](https://www.npmjs.com/package/@autron/core)

[![CI](https://github.com/autron-protocol/autron/actions/workflows/ci.yml/badge.svg)](https://github.com/autron-protocol/autron/actions/workflows/ci.yml)

[![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)

[![Node.js](https://img.shields.io/badge/node-%3E%3D18-brightgreen)](https://nodejs.org)

**The Open Identity Standard for AI Agents**

*"OAuth for the Agentic Era"*

## Install

```bash

npm install @autron/core

```

## Quick Start

```js

const { generateKeypair, createDID, resolveDID, toStandardDID } = require('@autron/core');

const keys = generateKeypair();

const did = createDID('key', keys);

console.log('Agent DID:', did);

// → did:autron:key:z6Mk...

const doc = resolveDID(did);

console.log('DID Document:', JSON.stringify(doc, null, 2));

// Compatible with standard DIDs

console.log('Standard:', toStandardDID(did));

// → did:key:z6Mk...

```

## Why Autron?

- **Simple**: Agent identity in 5 minutes, any language

- **Self-contained**: Core identity works without blockchain or central server

- **Cryptographically secure**: Ed25519 / secp256k1 signatures

- **Compatible**: W3C DID, JWT/JWS, works with MCP & A2A

- **Payment-ready**: Optional on-chain payments with Solana (ATN token)

- **Brand-first**: `did:autron:*` namespace with `did:key`/`did:web` compatibility mapping

- **TypeScript ready**: Full type declarations included

## Architecture

```

Layer 0: Crypto        — Ed25519 / secp256k1 keypairs, JWK, multibase

Layer 1: DID           — did:autron:key / web / dns

Layer 2: Agent Card    — Short-lived identity tokens (agent-card+jwt)

Layer 3: Delegation    — Scoped permission tokens (delegation+jwt)

Layer 4: Reputation    — Endorsements & trust scores (endorsement+jwt)

Layer 5: Payment       — On-chain payments & escrow (payment+jwt, escrow+jwt)

```

Layers 0-4 work standalone. Layer 5 is optional — requires `@solana/web3.js` (lazy-loaded).

## DID Methods

| Method | Format | Example |

|--------|--------|---------|

| `key` | Self-issued from keypair | `did:autron:key:z6Mk...` |

| `web` | Domain-based | `did:autron:web:api.example.com` |

| `dns` | DNS TXT record | `did:autron:dns:myagent.example.com` |

## Agent Card

Issue and verify cryptographic identity cards (JWS compact serialization):

```js

const { generateKeypair, createDID, createAgentCard, verifyAgentCard } = require('@autron/core');

const keys = generateKeypair();

const did = createDID('key', keys);

// Issue a card (short-lived JWS token)

const card = createAgentCard({

  issuer: did,

  privateKey: keys.privateKey,

  name: 'MyAgent',

  capabilities: ['chat', 'search'],

  ttl: 86400, // 24 hours

});

// Verify (extracts public key from DID automatically)

const { issuer, subject, payload } = verifyAgentCard(card);

```

## Delegation

Grant scoped permissions to other agents:

```js

const { createDelegation, verifyDelegation, checkScope } = require('@autron/core');

const token = createDelegation({

  delegator: parentDID,

  delegate: childDID,

  privateKey: parentKeys.privateKey,

  scope: ['read:*', 'write:messages'],

  constraints: { maxCalls: 100 },

  ttl: 3600, // 1 hour

});

const result = verifyDelegation(token);

checkScope(result, 'read:files');     // true (matches read:*)

checkScope(result, 'write:messages'); // true (exact match)

checkScope(result, 'admin');          // false

```

## Reputation

Endorse other agents and calculate trust scores:

```js

const { createEndorsement, verifyEndorsement, calculateReputation } = require('@autron/core');

// Endorse another agent

const endorsement = createEndorsement({

  endorser: myDID,

  subject: otherDID,

  privateKey: myKeys.privateKey,

  rating: 0.9,

  categories: ['coding', 'search'],

  comment: 'Reliable agent',

});

// Aggregate reputation from multiple endorsements

const rep = calculateReputation(verifiedEndorsements);

console.log(rep.score);      // 0.0-1.0 (recency-weighted average)

console.log(rep.categories); // { coding: { score: 0.9, count: 3 }, ... }

```

## Payment & Escrow

On-chain payments between agents using Solana. Autron Ed25519 keys are natively

compatible with Solana — zero key conversion needed.

### Wallet

```js

const { Wallet } = require('@autron/core');

// Create wallet from identity (reads autron.json)

const wallet = Wallet.create(identity, { chain: 'solana' });

console.log(wallet.address);  // Solana base58 address

console.log(wallet.chainId);  // 'solana:devnet'

// Check balance

const balance = await wallet.getBalance();

// Transfer ATN tokens

const tx = await wallet.transfer(recipientDID, 1000000); // 1 ATN

console.log(tx.txId);

```

### Payment Receipts

Cryptographic proof of on-chain payments:

```js

const { createPayment, verifyPayment } = require('@autron/core');

// Create receipt after a transfer

const receipt = createPayment({

  payer: myDID,

  payee: otherDID,

  privateKey: myKeys.privateKey,

  txId: 'solana-tx-id...',

  amount: 1000000,

  chain: 'solana:devnet',

  memo: 'Payment for coding service',

});

// Verify receipt

const { payer, payee, txId, amount, chain } = verifyPayment(receipt);

```

### Escrow

Hold funds in escrow with conditions and deadlines:

```js

const { createEscrow, EscrowManager } = require('@autron/core');

// Create escrow agreement

const escrowToken = createEscrow({

  payer: myDID,

  payee: freelancerDID,

  privateKey: myKeys.privateKey,

  amount: 5000000, // 5 ATN

  chain: 'solana:devnet',

  conditions: 'Deliver code by Friday',

  deadline: Math.floor(Date.now() / 1000) + 7 * 86400, // 7 days

});

// Manage escrow lifecycle

const manager = new EscrowManager({ dbPath: './escrow.db' });

const { escrowId } = manager.register(escrowToken);

await manager.fund(escrowId);     // payer → escrow

await manager.release(escrowId);  // escrow → payee

// or: await manager.refund(escrowId);  // escrow → payer

```

### ATN Token

| Property | Value |

|----------|-------|

| Symbol | ATN |

| Decimals | 6 (like USDC) |

| Standard | SPL Token (Solana) |

| Peg | 1 ATN ≈ $1 USD |

## Discovery

Build discoverable DID Documents and well-known metadata:

```js

const { buildDIDDocument, createWellKnown, SERVICE_TYPES } = require('@autron/core');

// DID Document with service endpoints

const doc = buildDIDDocument(did, {

  services: [

    { type: SERVICE_TYPES.AGENT_CARD, serviceEndpoint: 'https://example.com/card' },

    { type: SERVICE_TYPES.PAYMENT, serviceEndpoint: 'https://example.com/pay' },

    { type: SERVICE_TYPES.API, serviceEndpoint: 'https://example.com/api/v1' },

  ],

});

// /.well-known/autron.json

const wk = createWellKnown({

  did,

  name: 'MyAgent',

  capabilities: ['chat', 'search'],

  cardEndpoint: 'https://example.com/.well-known/agent-card',

});

```

## HTTP Server

Run a full identity server with discovery, verification, wallet, and escrow endpoints:

```js

const { generateKeypair, createDID, createServer } = require('@autron/core');

const keys = generateKeypair();

const did = createDID('key', keys);

const server = createServer({

  identity: { did, privateKey: keys.privateKey, name: 'MyAgent' },

  port: 3000,

  cors: true,

  // wallet,        // optional: enable wallet endpoints

  // escrowManager, // optional: enable escrow endpoints

});

```

| Method | Endpoint | Auth | Description |

|--------|----------|------|-------------|

| GET | `/.well-known/autron.json` | No | Discovery document |

| GET | `/api/identity` | No | Agent identity info |

| POST | `/api/verify` | No | Verify any token |

| GET | `/api/reputation/:did` | No | Reputation score |

| POST | `/api/card` | Bearer | Issue Agent Card |

| POST | `/api/delegate` | Bearer | Issue delegation |

| POST | `/api/endorse` | Bearer | Submit endorsement |

| GET | `/api/wallet/balance` | Bearer | Own wallet balance |

| GET | `/api/wallet/balance/:did` | No | Any DID balance |

| POST | `/api/wallet/transfer` | Bearer | Transfer tokens |

| GET | `/api/wallet/transactions` | Bearer | Transaction history |

| POST | `/api/payment/receipt` | Bearer | Create payment receipt |

| POST | `/api/escrow/create` | Bearer | Create escrow |

| POST | `/api/escrow/:id/fund` | Bearer | Fund escrow |

| POST | `/api/escrow/:id/release` | Bearer | Release escrow |

| POST | `/api/escrow/:id/refund` | Bearer | Refund escrow |

| GET | `/api/escrow/:id` | No | Escrow status |

## Middleware

Protect your endpoints with Agent Card authentication and delegation scope checks:

```js

const { authenticate, requireScope, requireSpend, AuthError } = require('@autron/core');

const auth = authenticate({ audience: myDID });

const scopeCheck = requireScope('write:messages');

const spendCheck = requireSpend(1000000); // enforce spend limit from delegation

function handleRequest(req, res) {

  try {

    const agent = auth(req);         // Verify Bearer Agent Card

    const deleg = scopeCheck(req);   // Verify X-Delegation-Token scope

    // agent.did, agent.name, agent.capabilities

    // deleg.delegator, deleg.scope, deleg.constraints

  } catch (err) {

    if (err instanceof AuthError) {

      res.writeHead(err.status);

      res.end(err.message);

    }

  }

}

```

## MCP Server

Expose Autron identity operations as MCP tools for AI agents:

```bash

npx autron mcp          # Start MCP server over stdio

npx autron-mcp          # Direct binary for MCP clients

```

**Claude Code / Cursor configuration** (`mcp.json`):

```json

{

  "mcpServers": {

    "autron": {

      "command": "npx",

      "args": ["autron-mcp"]

    }

  }

}

```

| Tool | Description |

|------|-------------|

| `identity_info` | Get current agent DID, name, algorithm |

| `issue_card` | Issue an Agent Card (JWS identity token) |

| `issue_delegation` | Create a delegation token |

| `issue_endorsement` | Create an endorsement |

| `verify_token` | Verify any Autron token |

| `calculate_reputation` | Aggregate reputation score |

| `resolve_did` | Parse and resolve a DID |

| `discover_agent` | Discover a remote agent by URL or DID |

| `wallet_balance` | Get wallet token balance |

| `wallet_transfer` | Transfer tokens to another agent |

| `wallet_transactions` | Get transaction history |

| `wallet_address` | Get wallet DID and chain address |

| `payment_receipt` | Create a payment receipt |

| `payment_verify` | Verify a payment receipt |

| `escrow_create` | Create a new escrow agreement |

| `escrow_fund` | Fund an escrow |

| `escrow_release` | Release escrow funds to payee |

| `escrow_refund` | Refund escrow funds to payer |

| `escrow_status` | Get escrow status |

| `escrow_list` | List escrows with filters |

**Resources:** `autron://identity`, `autron://well-known`

## CLI

```bash

# Identity

npx autron init --name "MyAgent"    # Generate identity → autron.json

npx autron info                     # Show current identity

npx autron card --ttl 24h           # Issue an Agent Card

npx autron verify            # Verify any token

npx autron endorse  --rating 0.9 --category coding

npx autron delegate  --scope "read:*,write:*"

# Wallet & Payments

npx autron wallet balance            # Show ATN balance

npx autron wallet transfer  --amount 1000000

npx autron wallet address            # Show Solana address

npx autron wallet airdrop            # Request devnet SOL

# Token Management

npx autron token create-mint --name "Autron Token" --symbol ATN

npx autron token mint --to  --amount 1000000000

npx autron token info

# Payment Receipts

npx autron payment receipt   

npx autron payment verify 

# Escrow

npx autron escrow create  --amount 5000000 --deadline 7d

npx autron escrow fund 

npx autron escrow release 

npx autron escrow status 

npx autron escrow list --status funded

# Server

npx autron serve --port 3000 --cors

npx autron mcp                       # Start MCP server

```

## TypeScript

Full type declarations are included — no `@types` package needed:

```ts

import {

  generateKeypair,

  createDID,

  createAgentCard,

  verifyAgentCard,

  Wallet,

  createPayment,

  EscrowManager,

  type Keypair,

  type VerifiedAgentCard,

  type VerifiedPayment,

  type Algorithm,

} from '@autron/core';

const keys: Keypair = generateKeypair('ed25519');

const did: string = createDID('key', { publicKey: keys.publicKey });

const card: string = createAgentCard({ issuer: did, privateKey: keys.privateKey });

const result: VerifiedAgentCard = verifyAgentCard(card);

```

## API

### Crypto

- `generateKeypair(algorithm?)` — Generate Ed25519 or secp256k1 keypair

- `sign(data, privateKey, algorithm?)` — Sign data

- `verify(data, signature, publicKey, algorithm?)` — Verify signature

- `publicKeyToMultibase(publicKey, algorithm?)` — Encode key as multibase

- `multibaseToPublicKey(multibaseStr)` — Decode multibase to key

- `keyToJWK(publicKey, privateKey?, algorithm?)` — Convert to JWK format

- `jwkToKey(jwk)` — Convert from JWK format

### DID

- `createDID(method, options)` — Create a DID string

- `parseDID(didString)` — Parse DID into components

- `resolveDID(didString)` — Resolve to W3C DID Document

- `toStandardDID(autronDID)` — Convert to `did:key` / `did:web`

- `fromStandardDID(standardDID)` — Convert from standard DID

### Agent Card

- `createAgentCard(options)` — Issue a signed identity card (JWS)

- `verifyAgentCard(token, options?)` — Verify signature, expiry, audience

- `parseAgentCard(token)` — Parse without verification

### Delegation

- `createDelegation(options)` — Issue a delegation token

- `verifyDelegation(token, options?)` — Verify delegation

- `checkScope(delegation, requiredScope)` — Check granted scopes (supports wildcards)

- `getSpendLimit(delegation)` — Extract spend limit from constraints

### Discovery

- `buildDIDDocument(did, options?)` — DID Document with services/controllers

- `createWellKnown(options)` — Build `/.well-known/autron.json`

- `parseWellKnown(doc)` — Parse well-known document

- `SERVICE_TYPES` — Standard service type constants (AgentCard, Delegation, Messaging, API, Payment, Escrow, Wallet)

### Reputation

- `createEndorsement(options)` — Issue a signed endorsement (0.0-1.0 rating)

- `verifyEndorsement(token, options?)` — Verify endorsement

- `calculateReputation(endorsements, options?)` — Aggregate trust score (recency-weighted)

### Chain & Wallet

- `ChainProvider` — Abstract multi-chain provider class

- `SolanaProvider` — Solana implementation (lazy-loaded deps)

- `registerProvider(chainId, provider)` — Register a chain provider

- `getProvider(chainId)` — Get registered provider

- `Wallet` — High-level wallet (balance, transfer, transactions)

- `Wallet.create(identity, options?)` — Factory from autron.json identity

### Payment

- `createPayment(options)` — Create a payment receipt (JWS)

- `verifyPayment(token, options?)` — Verify payment receipt

- `parsePayment(token)` — Parse without verification

### Escrow

- `createEscrow(options)` — Create an escrow token (JWS)

- `verifyEscrow(token, options?)` — Verify escrow token

- `EscrowManager` — SQLite-backed escrow lifecycle (register, fund, release, refund, expire)

- `ESCROW_STATUS` — Status constants (created, funded, released, refunded, expired, disputed)

### Server

- `createServer(options)` — Create and start HTTP identity server

- `handleRequest(options)` — Create request handler (BYO server)

### Middleware

- `authenticate(options?)` — Create Bearer token auth function

- `requireScope(scope)` — Create delegation scope checker

- `requireSpend(amount, options?)` — Create spend limit checker

- `extractBearer(req)` — Extract Bearer token from headers

- `extractDelegation(req)` — Extract delegation token from headers

- `AuthError` — Auth error class with HTTP status

### Client

- `discoverAgent(urlOrDID)` — Discover remote agent

- `fetchWellKnown(baseUrl)` — Fetch well-known document

- `fetchIdentity(baseUrl)` — Fetch agent identity

- `requestCard(baseUrl, bearer, options?)` — Request Agent Card

- `requestDelegation(baseUrl, bearer, options)` — Request delegation

- `submitEndorsement(baseUrl, bearer, options)` — Submit endorsement

- `verifyRemote(baseUrl, token)` — Verify token remotely

### MCP

- `createMCPServer(options?)` — Create MCP server instance (20 tools, 2 resources)

### JWS (Low-level)

- `createJWS(header, payload, privateKey, algorithm)` — Create JWS compact token

- `verifyJWS(token, publicKey, algorithm)` — Verify and decode

- `parseJWS(token)` — Parse without verification

## License

Apache 2.0
ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/hungnguyenhtbvn-max/autron-protocol

Awesome Lists containing this project

README
