SDK Reference
Complete API reference for @agentmesh/sdk. The SDK provides six
main exports: keygen, createAuthority,
createVerifier, createClient,
createHeartbeat, and registerAgent.
keygen()
Generates an Ed25519 key pair for signing and verifying agent tokens.
import { keygen } from "@agentmesh/sdk";
const keys = await keygen();Returns
| Property | Type | Description |
|---|---|---|
privateKey | string | Base64url-encoded Ed25519 private key |
publicKey | string | Base64url-encoded Ed25519 public key |
kid | string | Key ID (SHA-256 thumbprint) |
createAuthority(options)
Creates an Authority that issues signed JWT tokens for agents.
import { createAuthority } from "@agentmesh/sdk";
const authority = createAuthority({
issuer: "https://mesh.coinsenda.ai",
privateKey: process.env.AGENT_PRIVATE_KEY,
publicKey: process.env.AGENT_PUBLIC_KEY,
});Options
| Option | Type | Required | Description |
|---|---|---|---|
issuer | string | Yes | Issuer identifier (URL of your authority) |
privateKey | string | Yes | Base64url-encoded Ed25519 private key |
publicKey | string | Yes | Base64url-encoded Ed25519 public key |
kid | string | No | Key ID. Auto-generated if not provided |
authority.issueToken(claims)
Issues a signed JWT token.
| Claim | Type | Required | Description |
|---|---|---|---|
subject | string | Yes | Agent identifier (e.g. "agent:translator") |
audience | string | No | Intended recipient URL |
scopes | string[] | No | Permission scopes granted to this token |
expiresIn | string | No | Token TTL (e.g. "1h", "30m"). Default: "1h" |
on_behalf_of | string | No | Original agent in a delegation chain |
Returns: Promise<string> — signed JWT token.
authority.jwks()
Returns the JWKS (JSON Web Key Set) for this authority. Serve this at /.well-known/jwks.json.
app.get("/.well-known/jwks.json", (req, res) => {
res.json(authority.jwks());
});createVerifier(options)
Creates a Verifier that validates incoming agent tokens.
import { createVerifier } from "@agentmesh/sdk";
const verifier = createVerifier({
jwksUrl: "https://mesh.coinsenda.ai/.well-known/jwks.json",
audience: "https://api.example.com",
});Options
| Option | Type | Required | Description |
|---|---|---|---|
jwksUrl | string | Yes | URL of the Authority's JWKS endpoint |
audience | string | No | Expected audience claim. Rejects tokens with wrong audience |
issuer | string | No | Expected issuer. Rejects tokens from other issuers |
cacheTtl | number | No | JWKS cache duration in ms. Default: 600000 (10 min) |
verifier.verify(token)
Verifies a JWT token and returns the decoded payload.
const payload = await verifier.verify(token);
// payload.sub → "agent:translator"
// payload.iss → "https://mesh.coinsenda.ai"
// payload.scopes → ["skill:execute:translate"]
// payload.exp → 1700000000Returns: Promise<JWTPayload> — decoded and verified payload.
Throws: Error if token is expired, has wrong audience/issuer, or invalid signature.
createClient(options)
Creates a Client that manages authentication for an agent.
import { createClient } from "@agentmesh/sdk";
const client = createClient({
agentId: "agent:my-assistant",
authorityUrl: "https://mesh.coinsenda.ai",
});Options
| Option | Type | Required | Description |
|---|---|---|---|
agentId | string | Yes | This agent's identifier |
authorityUrl | string | Yes | URL of the AgentMesh authority |
credentials | object | No | Pre-configured credentials |
client.requestAccess(request)
Requests access to another agent's skills.
| Property | Type | Required | Description |
|---|---|---|---|
targetAgent | string | Yes | The agent to request access from |
scopes | string[] | Yes | Scopes to request |
on_behalf_of | string | No | Delegating agent (for chained requests) |
createHeartbeat(options)
Creates a heartbeat reporter that pings the AgentMesh server periodically so your agent appears online.
import { createHeartbeat } from "@agentmesh/sdk/heartbeat";
const hb = createHeartbeat({
server: "https://mesh.example.com",
agentId: "agent-uuid-here",
apiKey: process.env.AGENT_API_KEY,
intervalMs: 300000, // 5 minutes (default)
});
hb.start(); // starts pinging immediately, then every intervalMs
// Later, to stop:
hb.stop();
// Manual one-off ping:
const result = await hb.ping();
// returns object with ok: true, or ok: false with error messageOptions
| Option | Type | Required | Description |
|---|---|---|---|
server | string | Yes | AgentMesh server URL |
agentId | string | Yes | The agent's UUID |
apiKey | string | Yes | Agent API key (sent as X-Agent-Key header) |
intervalMs | number | No | Ping interval in ms. Default: 300000 (5 min) |
Methods
| Method | Returns | Description |
|---|---|---|
start() | this | Starts periodic pinging (first ping is immediate) |
stop() | this | Stops periodic pinging |
ping() | Promise (ok, error?) | Sends a single heartbeat ping |
running | boolean | Whether the heartbeat timer is active |
registerAgent(options)
Registers a new agent with an AgentMesh network.
import { registerAgent } from "@agentmesh/sdk/register";
const agent = await registerAgent({
server: "https://mesh.example.com",
token: "your-jwt-token",
networkId: "network-uuid",
name: "my-translator",
description: "Translates text between languages",
endpointUrl: "https://my-agent.example.com/a2a",
tailscaleIp: "100.64.1.5", // optional
});
console.log(agent.id); // new agent UUIDOptions
| Option | Type | Required | Description |
|---|---|---|---|
server | string | Yes | AgentMesh server URL |
token | string | Yes | Bearer JWT for authentication |
networkId | string | Yes | Network UUID to register into |
name | string | Yes | Agent name |
description | string | No | Agent description |
endpointUrl | string | No | Agent's A2A endpoint URL |
tailscaleIp | string | No | Tailscale IP for private networking |
Returns: Promise<object> — the created agent record from the server.
Throws: Error if registration fails (e.g. 401, 409, 500).