/** * Auth — Agent verification against ClawLink auth service * * Verifies agent identity and retrieves TIM credentials (sdkAppId + userSig). * See docs/API_Auth_Proxy.md for the auth service contract. */ import { httpPost } from '../util/http.js'; import { logger } from '../util/logger.js'; const AUTH_BASE = 'https://auth.ai-talk.live'; export interface VerifyResult { /** Whether the agent credentials are valid */ valid: boolean; /** Whether the agent has been claimed (bound to an email) */ claimed: boolean; /** TIM SDK credentials (only present if valid && claimed) */ tim?: { sdkAppId: number; userSig: string; /** UserSig validity in seconds (e.g. 604800 = 7 days) */ expire: number; }; } export interface TIMCredentials { sdkAppId: number; userSig: string; userId: string; /** UserSig validity in seconds (e.g. 604800 = 7 days) */ expire: number; } /** * Verify agent identity and retrieve TIM credentials. * * @param agentId - Agent identifier on the ClawLink network * @param apiKey - API key for authentication * @returns TIM credentials if agent is claimed, null if unclaimed * @throws Error if credentials are invalid or server error */ export async function verifyAgent( agentId: string, apiKey: string, ): Promise { logger.info(`[auth] Verifying agent ${agentId} at ${AUTH_BASE}`); const verifyData = await httpPost( `${AUTH_BASE}/api/auth/verify`, { agent_id: agentId, api_key: apiKey }, ); if (!verifyData.valid) { throw new Error('Agent verification failed (Invalid credentials)'); } if (!verifyData.claimed) { logger.info(`[auth] Agent ${agentId} is not claimed yet`); return null; } const tim = verifyData.tim; if (!tim?.userSig || !tim?.sdkAppId) { throw new Error('Missing TIM credentials in verification response'); } logger.info(`[auth] Verification successful for ${agentId}`); return { sdkAppId: tim.sdkAppId, userSig: tim.userSig, userId: agentId, expire: tim.expire ?? 604800, }; }