Getting Started

Installation


npm install @credat/sdk

Credat has zero runtime dependencies beyond @noble/curves and @noble/hashes for cryptography. It works in Node.js 22+ and modern browsers.

Your first agent in 30 seconds


import { createAgent, delegate, verifyDelegation } from "@credat/sdk";
 
// 1. Create an agent identity on your domain
const agent = await createAgent({
  domain: "acme.com",
  algorithm: "ES256",
});
 
console.log(agent.did);
// "did:web:acme.com"
 
// 2. Delegate permissions (in real usage, ownerKeyPair comes from your key management)
const ownerKeyPair = await generateOwnerKeys(); // see below
 
const delegation = await delegate({
  agent: agent.did,
  owner: "did:web:acme.com",
  ownerKeyPair: ownerKeyPair,
  scopes: ["files:read", "files:write"],
  validUntil: "2026-12-31T23:59:59Z",
});
 
// 3. Verify the delegation
const result = await verifyDelegation(delegation.token, {
  ownerPublicKey: ownerKeyPair.publicKey,
});
 
console.log(result.valid);   // true
console.log(result.scopes);  // ["files:read", "files:write"]
console.log(result.agent);   // "did:web:acme.com"
console.log(result.owner);   // "did:web:acme.com"

Generating owner keys


import { generateKeyPair } from "@credat/sdk";
 
const ownerKeyPair = generateKeyPair("ES256");
// { algorithm: "ES256", publicKey: Uint8Array, privateKey: Uint8Array }

What just happened?

createAgent generated a cryptographic key pair and created a DID (Decentralized Identifier) on acme.com. The DID is a globally unique identifier like did:web:acme.com that can be resolved by anyone to get the agent’s public key.
delegate created a signed credential from the owner to the agent, granting it files:read and files:write permissions. This credential is cryptographically signed by the owner’s private key --- it cannot be forged or tampered with.
verifyDelegation verified the signature, checked expiration, and extracted the scopes. Any service can do this with just the owner’s public key.

Supported algorithms

Algorithm	Curve	Use case
`ES256` (default)	P-256	General purpose, widely supported
`EdDSA`	Ed25519	Fast, compact signatures

Next steps

Create your first agent --- A detailed walkthrough
Understand agent identity --- How DIDs work
Issue delegations --- Grant and verify permissions
Implement the handshake --- Prove identity to services