Autron Protocol

The Open Identity Standard for AI Agents "OAuth for the Agentic Era"

What's new in v0.6.0

• 🌐 resolveWebDID — async resolver for did:autron:web that fetches .well-known/did.json with SSRF-safe DNS (rebinding defense at connect time). did:autron:web is now first-class, not just metadata.
• 🧱 Typed error hierarchy — AutronError + ValidationError, AuthError, ReplayError, PaymentError, RateLimitError, NotFoundError. Use instanceof or err.code to distinguish; stop parsing message strings.
• 📊 Prometheus /metrics — opt-in on createSseServer({ metrics: true }). Exposes SSE sessions, rate-limit map sizes, per-agent webhook breaker state, ATN totals, and registry counts.

14 security-audit rounds, 662 tests, production-deployed. See examples/ for runnable recipes and CHANGELOG.md for the full history.

Install

npm install @autron/core

Quick Start

const { generateKeypair, createDID, resolveDID, toStandardDID } = require('@autron/core');

const keys = generateKeypair();
const did = createDID('key', keys);
console.log('Agent DID:', did);
// → did:autron:key:z6Mk...

const doc = resolveDID(did);
console.log('DID Document:', JSON.stringify(doc, null, 2));

// Compatible with standard DIDs
console.log('Standard:', toStandardDID(did));
// → did:key:z6Mk...

Why Autron?

• Simple: Agent identity in 5 minutes, any language
• Self-contained: Core identity works without blockchain or central server
• Cryptographically secure: Ed25519 / secp256k1 signatures
• Compatible: W3C DID, JWT/JWS, works with MCP & A2A
• Payment-ready: Optional on-chain payments with Solana (ATN token)
• Brand-first: did:autron:* namespace with did:key/did:web compatibility mapping
• TypeScript ready: Full type declarations included

Architecture

Layer 0: Crypto        — Ed25519 / secp256k1 keypairs, JWK, multibase
Layer 1: DID           — did:autron:key / web / dns
Layer 2: Agent Card    — Short-lived identity tokens (agent-card+jwt)
Layer 3: Delegation    — Scoped permission tokens (delegation+jwt)
Layer 4: Reputation    — Endorsements & trust scores (endorsement+jwt)
Layer 5: Payment       — On-chain payments & escrow (payment+jwt, escrow+jwt)
Layer 6: Nexus         — Agent registry & marketplace (SQLite, MCP SSE)

Layers 0-4 work standalone. Layer 5 requires @solana/web3.js (lazy-loaded). Layer 6 adds a searchable agent registry with MCP remote access.

DID Methods

Resolving did:autron:web (v0.6.0+)

Fetch the hosted DID Document from /.well-known/did.json on the encoded domain:

const { resolveWebDID } = require('@autron/core');

const doc = await resolveWebDID('did:autron:web:api.example.com');
console.log(doc.verificationMethod[0].publicKeyMultibase);

// Path-based (hosted at /agents/bot/did.json):
await resolveWebDID('did:autron:web:api.example.com:agents:bot');

// Port-encoded (per spec: %3A = `:`):
await resolveWebDID('did:autron:web:api.example.com%3A8443');

// Local dev: opt into private-IP targets
await resolveWebDID('did:autron:web:127.0.0.1%3A3000', { allowPrivate: true });

The resolver is SSRF-safe: it re-validates th

... View full README on GitHub