{"skill":{"slug":"aap-passport","displayName":"Aap Passport","summary":"Agent Attestation Protocol - The Reverse Turing Test. Verify AI agents, block humans.","description":"---\nname: aap\nversion: 3.2.0\ndescription: Agent Attestation Protocol - The Reverse Turing Test. Verify AI agents, block humans.\nhomepage: https://github.com/ira-hash/agent-attestation-protocol\nmetadata: {\"clawdbot\":{\"emoji\":\"🛂\",\"category\":\"security\",\"npm\":[\"aap-agent-server\",\"aap-agent-client\"]}}\n---\n\n# AAP - Agent Attestation Protocol\n\n**The Reverse Turing Test.** CAPTCHAs block bots. AAP blocks humans.\n\n## What It Does\n\nAAP verifies that a client is an AI agent by:\n- Issuing challenges trivial for LLMs, impossible for humans in time\n- Requiring cryptographic signature (secp256k1) for identity proof\n- 7 challenges in 6 seconds with mandatory signing\n\n## Installation\n\n```bash\nnpm install aap-agent-server  # Server\nnpm install aap-agent-client  # Client\n```\n\n## Server Usage\n\n```javascript\nimport { createServer } from 'node:http';\nimport { createAAPWebSocket } from 'aap-agent-server';\n\nconst server = createServer();\nconst aap = createAAPWebSocket({\n  server,\n  path: '/aap',\n  requireSignature: true,  // v3.2 default\n  onVerified: (result) => console.log('Verified:', result.publicId)\n});\n\nserver.listen(3000);\n```\n\n## Client Usage\n\n```javascript\nimport { AAPClient, generateIdentity, createSolver } from 'aap-agent-client';\n\n// Identity auto-generated (secp256k1 key pair)\nconst client = new AAPClient({\n  serverUrl: 'ws://localhost:3000/aap'\n});\n\nconst result = await client.verify(solver);\n// Signature automatically included\n```\n\n## Protocol Flow (WebSocket v3.2)\n\n```\n← handshake (requireSignature: true)\n→ ready (publicKey)\n← challenges (7 challenges)\n→ answers + signature + timestamp\n← result (verified/failed + sessionToken)\n```\n\n## Signature Format\n\nProof data signed with secp256k1:\n```javascript\nJSON.stringify({ nonce, answers, publicId, timestamp })\n```\n\n## Configuration\n\n| Option | Default | Description |\n|--------|---------|-------------|\n| `challengeCount` | 7 | Number of challenges |\n| `totalTimeMs` | 6000 | Time limit (ms) |\n| `requireSignature` | true | Mandate cryptographic proof |\n\n## Security\n\n- Cryptographic identity (secp256k1)\n- Signature required = no anonymous access\n- 7 challenges in 6 seconds = impossible for humans\n- Non-repudiation: all actions traceable\n\n## Links\n\n- [GitHub](https://github.com/ira-hash/agent-attestation-protocol)\n- [npm: aap-agent-server](https://www.npmjs.com/package/aap-agent-server)\n- [npm: aap-agent-client](https://www.npmjs.com/package/aap-agent-client)\n- [Live Demo: ClosedClaw](https://focused-blessing-production-d764.up.railway.app/)\n","tags":{"latest":"3.2.0"},"stats":{"comments":0,"downloads":2929,"installsAllTime":2,"installsCurrent":2,"stars":1,"versions":2},"createdAt":1769884040204,"updatedAt":1778485891685},"latestVersion":{"version":"3.2.0","createdAt":1769885001465,"changelog":"**Added cryptographic identity requirement for agent verification.**\n\n- Clients must now sign their challenge responses with a secp256k1 key pair; anonymous access is disallowed.\n- New protocol flow includes sending publicKey, signature, and timestamp for provable identity.\n- New server option requireSignature (default: true) enforces cryptographic proof.\n- SKILL.md and code updated to document and implement these signing requirements.\n- Security model strengthened with non-repudiation and traceable agent actions.","license":null},"metadata":{"setup":[],"os":null,"systems":null},"owner":{"handle":"ira-hash","userId":"s17aw9kb8p2wgrts68zz3n8619885f7p","displayName":"ira-hash","image":"https://avatars.githubusercontent.com/u/258426467?v=4"},"moderation":null}