-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcontext7.json
More file actions
57 lines (57 loc) · 2.57 KB
/
context7.json
File metadata and controls
57 lines (57 loc) · 2.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
{
"$schema": "https://context7.com/schema/context7.json",
"url": "https://context7.com/thirdkeyai/agentpin",
"public_key": "pk_Ehy7QXQTu2Keb0e5BNeyx",
"projectTitle": "AgentPin",
"description": "Domain-anchored cryptographic identity protocol for AI agents — ES256 JWT credentials, 12-step verification, TOFU key pinning, revocation checking, delegation chains, and mutual authentication. Implementations in Rust, JavaScript, and Python. Part of the ThirdKey trust stack.",
"folders": [
"SKILL.md",
"README.md",
"AGENTPIN_TECHNICAL_SPECIFICATION.md",
"ROADMAP.md",
"javascript/README.md",
"python/README.md",
"docs/index.md",
"docs/getting-started.md",
"docs/verification-flow.md",
"docs/cli-guide.md",
"docs/trust-bundles.md",
"docs/delegation-chains.md",
"docs/deployment.md",
"docs/security.md",
"docs/troubleshooting.md"
],
"excludeFolders": [
"**/target",
"**/node_modules",
"**/dist",
"**/__pycache__",
"**/*.egg-info",
"**/build",
"**/src",
"**/tests",
"crates"
],
"excludeFiles": [
"**/*.rs",
"**/*.py",
"**/*.ts",
"**/*.js",
"**/*.lock",
"**/*.toml",
"**/*.cfg",
"CHANGELOG.md",
"ROADMAP.md"
],
"rules": [
"AgentPin uses ES256 (ECDSA P-256) exclusively — reject all other JWT algorithms; algorithm validation is inline with no external JWT crate in Rust",
"Credential verification follows a 12-step flow: JWT parsing, algorithm check, signature verification, domain extraction, discovery resolution, domain binding, key matching, TOFU pinning, expiration, revocation, capability validation, delegation chain",
"Discovery documents are published at /.well-known/agent-identity.json; revocation lists at /.well-known/agent-identity-revocations.json",
"TOFU key pinning: on first verification for a domain, the public key (JWK thumbprint) is pinned — subsequent verifications reject different keys for the same domain",
"Delegation chains must narrow capabilities, never widen them; chain depth limits are enforced",
"Prefer short-lived credentials (hours, not days) — issue with TTL via CredentialBuilder (Rust), issueCredential (JS), or issue_credential (Python)",
"Trust bundles package discovery + revocation data for offline/air-gapped environments — use 'agentpin-cli bundle' to create",
"Rust crate is feature-gated: default is offline-capable, 'fetch' feature enables reqwest for online discovery",
"Three crates: agentpin (core library), agentpin-cli (CLI binary), agentpin-server (Axum .well-known server)"
]
}