This file provides context for AI coding assistants working with this repository.
A secure authentication and data encryption protocol for AI agents, merchants and merchant vendors.
Tech Stack: Node.js, TypeScript, Python
The project uses npm for JavaScript/TypeScript and pip for Python. Key commands:
- JavaScript/TypeScript:
npm install npm run build - Python:
pip install -r requirements.txt
- Clone the repository
- For JavaScript/TypeScript SDK:
cd sdk/javascript # or sdk/typescript npm install - For Python SDK:
cd sdk/python pip install -r requirements.txt
- Create a new branch for your changes
- Make your code changes
- Run linters:
- JavaScript/TypeScript:
npm run lint - Python:
make lint
- JavaScript/TypeScript:
- Run tests (see "Running Tests" section)
- Commit your changes and create a pull request
- JavaScript/TypeScript:
npm test - Python:
make test
📁 examples/
📄 voice_assistant_travel.json
📁 schema/
📁 2025-08-27/
📄 schema.json
📄 schema.ts
📁 2025-11-12/
📄 schema.json
📄 schema.ts
📁 sdk/
📁 javascript/
📁 src/
📁 tests/
📄 .prettierignore
📄 .prettierrc
📄 README.md
📄 eslint.config.js
📄 package-lock.json
📄 package.json
📁 python/
📁 src/
📁 tests/
📄 .flake8
📄 Makefile
📄 README.md
📄 pyproject.toml
📄 requirements-dev.txt
📄 requirements.txt
📄 setup.py
📁 typescript/
📁 src/
📁 tests/
📄 .prettierignore
📄 .prettierrc
📄 README.md
📄 eslint.config.js
📄 package-lock.json
📄 package.json
📄 tsconfig.json
📄 .gitignore
📄 LICENSE
📄 README.md
📄 SECURITY.md
- Use JWS+JWE for authentication and confidentiality
- Support both RSA and Elliptic Curve (P-256/384/521) keys
- Implement JSON Web Key Sets (JWKS) for key distribution
- Follow the schema versions in the
schema/directory - Implement SDK functionality in the respective language directories under
sdk/
- Mixing up schema versions - always refer to the correct schema version
- Forgetting to update all SDK implementations when making changes
- Not properly handling key generation and management
- Neglecting to validate inputs according to the schema
Must Follow:
- ❌ NEVER hardcode secrets, API keys, or credentials
- ❌ NEVER log sensitive data (PII, tokens, passwords)
- ❌ NEVER commit .env files or secrets
- ✅ Use environment variables for all secrets
- ✅ Validate and sanitize all user inputs
- ✅ Follow the principle of least privilege
Additional Security Considerations:
- Ensure proper key management and rotation
- Implement secure key generation practices as outlined in the README
- Use strong encryption algorithms and key sizes
- Regularly update dependencies to patch security vulnerabilities
- Run linters:
- JavaScript/TypeScript:
npm run lint - Python:
make lint
- JavaScript/TypeScript:
- Run tests:
- JavaScript/TypeScript:
npm test - Python:
make test
- JavaScript/TypeScript:
- Ensure all new code is properly documented
- Verify that no sensitive information is being committed
- Check that all changes comply with the current schema version
- Use the
debugpackage for Node.js/TypeScript debugging - For Python, use the built-in
loggingmodule - Set up proper error handling and logging in all SDK implementations
- Use breakpoints in your IDE for step-through debugging
- For JavaScript/TypeScript:
- Use
npm install <package>to add new dependencies - Update
package.jsonandpackage-lock.jsonwhen adding/updating dependencies
- Use
- For Python:
- Use
pip install <package>and updaterequirements.txt - Consider using a virtual environment for isolation
- Use
- Write unit tests for all new functionality
- Implement integration tests to ensure proper interaction between components
- Use mocking for external dependencies
- Aim for high test coverage, especially for critical security-related functions
- Multi-language SDK support (JavaScript, TypeScript, Python)
- Versioned schema approach for backwards compatibility
- Use of industry-standard cryptographic practices (JWS, JWE, JWKS)
- Separation of concerns between schema definition and SDK implementation
Generated by Forter AI Platform