@spellguard/ctls

Cloud Transport Layer Security for attestation and verification.

Client Functions

Function	Description
`fetchAndVerifyVerifier(url, hash)`	Fetch and verify Verifier attestation
`verifyVerifierAttestation(doc, hash)`	Verify an attestation document
`buildEvidence(options)`	Build evidence claims
`signEvidence(evidence, key)`	Sign evidence with Ed25519

Server Functions

Function	Description
`generateSessionKeys()`	Generate ephemeral session keys (RAM-only)
`generateAttestationDocument(nonce)`	Generate Verifier attestation
`verifyEvidence(evidence)`	Verify client evidence
`registerAgent(agent)`	Register an authenticated agent
`rotateChannelToken(agentId)`	Rotate an agent’s channel token

Usage Example

import {
  fetchAndVerifyVerifier,
  buildEvidence,
  signEvidence
} from '@spellguard/ctls';

// Client-side: Verify the Verifier
const verifier = await fetchAndVerifyVerifier(
  'https://verifier.example.com',
  'sha384:expected-image-hash...'
);

if (!verifier.verified) {
  throw new Error(`Verification failed: ${verifier.error}`);
}

// Build and sign evidence
const evidence = buildEvidence({
  agentId: 'my-agent',
  codeHash: 'sha256:...',
  endpoint: 'https://my-agent.com/_spellguard/receive',
  agentCardUrl: 'https://my-agent.com/.well-known/agent.json',
});

const signed = await signEvidence(evidence, privateKey);

API Reference

Documentation Index

​@spellguard/ctls

​Client Functions

​Server Functions

​Usage Example

@spellguard/ctls

Client Functions

Server Functions

Usage Example