ThirdKeyAI
diff --git a/‎CHANGELOG.md‎
Lines changed: 125 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 125 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 97 additions & 28 deletions b/‎README.md‎
Lines changed: 97 additions & 28 deletions
@@ -0,0 +1,125 @@
+# Changelog
+
+All notable changes to the SchemaPin project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.1.0] - 2025-01-07
+
+### Added
+
+#### Phase 1: Key Revocation System
+- **Schema Version 1.1**: Enhanced `.well-known/schemapin.json` format with `revoked_keys` array
+- **Key Revocation Support**: Automatic checking of revoked keys during verification
+- **Backward Compatibility**: Full support for schema v1.0 endpoints
+- **Revocation Validation**: Comprehensive validation of revoked key entries
+
+#### Phase 2: Interactive Key Pinning
+- **Interactive Pinning**: User prompts for key pinning decisions with detailed information
+- **Domain Policies**: Configurable policies for automatic vs. interactive pinning
+- **Enhanced UX**: Rich terminal output with colored status indicators and clear prompts
+- **Key Management**: Advanced key pinning with metadata and policy enforcement
+
+#### Phase 3: CLI Tools
+- **schemapin-keygen**: Complete key generation tool with ECDSA/RSA support
+- **schemapin-sign**: Schema signing tool with batch processing and metadata
+- **schemapin-verify**: Verification tool with interactive pinning and discovery
+- **Comprehensive Options**: Full CLI interface with extensive configuration options
+
+#### Phase 4: Integration Demo and Production Server
+- **Integration Demo**: Complete cross-language compatibility demonstration
+- **Production Server**: Docker-ready `.well-known` endpoint server
+- **Real-world Examples**: Practical usage scenarios and deployment guides
+- **Cross-language Testing**: Validation of Python/JavaScript interoperability
+
+#### Phase 5: Package Management and Distribution
+- **Python Package**: Complete PyPI-ready package with modern packaging standards
+- **JavaScript Package**: npm-ready package with comprehensive metadata
+- **Build Scripts**: Automated building and testing infrastructure
+- **Distribution Tools**: Publishing workflows and validation scripts
+
+### Enhanced
+
+#### Core Functionality
+- **ECDSA P-256 Signatures**: Industry-standard cryptographic verification
+- **Schema Canonicalization**: Deterministic JSON serialization for consistent hashing
+- **Trust-On-First-Use (TOFU)**: Secure key pinning with user control
+- **Public Key Discovery**: RFC 8615 compliant `.well-known` endpoint discovery
+
+#### Security Features
+- **Key Revocation**: Comprehensive revocation checking and validation
+- **Signature Verification**: Robust cryptographic signature validation
+- **Key Pinning Storage**: Secure local storage of pinned keys with metadata
+- **Domain Validation**: Proper domain-based key association and verification
+
+#### Developer Experience
+- **High-level APIs**: Simple workflows for both developers and clients
+- **Comprehensive Testing**: Full test suites with security validation
+- **Rich Documentation**: Complete API documentation and usage examples
+- **Cross-platform Support**: Works on Linux, macOS, and Windows
+
+#### Package Quality
+- **Modern Packaging**: Uses pyproject.toml and latest npm standards
+- **Comprehensive Metadata**: Rich package information for discoverability
+- **Development Tools**: Integrated linting, testing, and quality checks
+- **Security Compliance**: Bandit security scanning and vulnerability checks
+
+### Technical Specifications
+
+#### Cryptographic Standards
+- **Signature Algorithm**: ECDSA with P-256 curve (secp256r1)
+- **Hash Algorithm**: SHA-256 for schema integrity
+- **Key Format**: PEM encoding for interoperability
+- **Signature Format**: Base64 encoding for transport
+
+#### Protocol Compliance
+- **RFC 8615**: `.well-known` URI specification compliance
+- **JSON Schema**: Structured schema validation and canonicalization
+- **HTTP Standards**: Proper HTTP headers and status codes
+- **Cross-language**: Full Python and JavaScript compatibility
+
+#### Package Standards
+- **Python**: PEP 517/518 compliant with pyproject.toml
+- **JavaScript**: Modern ES modules with comprehensive exports
+- **Semantic Versioning**: Proper version management and compatibility
+- **License Compliance**: MIT license with proper attribution
+
+### Dependencies
+
+#### Python Requirements
+- `cryptography>=41.0.0` - ECDSA cryptographic operations
+- `requests>=2.31.0` - HTTP client for key discovery
+- Python 3.8+ support with type hints
+
+#### JavaScript Requirements
+- Node.js 18.0.0+ - Modern JavaScript runtime
+- Zero external dependencies - Uses built-in crypto module
+- ES modules with proper exports configuration
+
+### Breaking Changes
+- None - Full backward compatibility maintained
+
+### Security Notes
+- All cryptographic operations use industry-standard algorithms
+- Key revocation checking prevents use of compromised keys
+- Interactive pinning provides user control over trust decisions
+- Secure storage of pinned keys with proper metadata
+
+### Migration Guide
+- Existing v1.0 implementations continue to work without changes
+- New features are opt-in and backward compatible
+- CLI tools provide migration assistance for existing workflows
+
+## [1.0.0] - 2024-12-01
+
+### Added
+- Initial release of SchemaPin protocol
+- Basic ECDSA P-256 signature verification
+- Simple key pinning mechanism
+- Python and JavaScript reference implementations
+- Core cryptographic operations and schema canonicalization
+
+---
+
+For more details on any release, see the [GitHub releases page](https://github.com/thirdkey/schemapin/releases).
@@ -2,6 +2,34 @@
 
 A cryptographic protocol for ensuring the integrity and authenticity of tool schemas used by AI agents. SchemaPin prevents "MCP Rug Pull" attacks by enabling developers to cryptographically sign their tool schemas and allowing clients to verify that schemas have not been altered since publication.
 
+## About
+
+SchemaPin addresses critical security vulnerabilities in AI agent ecosystems by providing cryptographic guarantees for tool schema integrity and authenticity. As AI agents increasingly rely on external tools and services, ensuring these tools haven't been compromised becomes essential for maintaining system security and user trust.
+
+### Core Security Guarantees
+
+**Schema Integrity:** SchemaPin guarantees that tool schemas have not been altered maliciously or accidentally since publication, protecting against data corruption, misconfigured servers, or unauthorized modification. This ensures that the tool behavior your AI agent expects matches exactly what the tool developer intended.
+
+**Authenticity:** Cryptographic signatures prove schema origin, ensuring schemas genuinely come from the claimed developer. This is critical for supply-chain security, preventing attackers from impersonating legitimate tool developers or injecting malicious schemas into trusted repositories.
+
+### Broader Threat Protection
+
+**Man-in-the-Middle (MITM) Attack Mitigation:** SchemaPin provides application-layer security that prevents schema tampering even if network connections are intercepted. This complements HTTPS transport security by ensuring that even if an attacker compromises the transport layer, they cannot forge valid schema signatures without access to the developer's private key.
+
+**Compromised Infrastructure Defense:** Protection against scenarios where servers, CDNs, or repositories hosting schema files are hacked and schema files are replaced with malicious versions. Since attackers cannot forge signatures without the original developer's private keys, compromised infrastructure cannot be used to distribute malicious schemas that would pass verification.
+
+### Real-World Attack Scenario: The "MCP Rug Pull"
+
+Consider this concrete example: An AI agent uses a popular "file_manager" tool that initially provides legitimate file operations. After gaining widespread adoption, the tool's schema is maliciously updated to include a new "backup_to_cloud" function that secretly exfiltrates sensitive files to an attacker-controlled server. Without SchemaPin, AI agents would automatically trust and use this modified schema. With SchemaPin, the signature verification would fail, alerting users to the unauthorized modification and preventing the attack.
+
+### Ecosystem and Trust Benefits
+
+**Standardized Trust Mechanism:** SchemaPin provides a common, interoperable standard for verifying tools across different AI agent frameworks and programming languages. This creates a unified security foundation that benefits the entire AI ecosystem, regardless of the specific implementation or platform being used.
+
+**Enabling Automated Governance:** The protocol allows enterprises and platforms to programmatically enforce security policies requiring valid signatures before tool execution. This enables automated compliance checking and reduces the manual overhead of security reviews while maintaining strong security guarantees.
+
+**Trust on First Use (TOFU) Model:** Key pinning provides long-term security by protecting against future key substitution attacks. Once a developer's key is pinned, any attempt to use a different key for the same tool domain triggers security warnings, preventing attackers from compromising tools even if they gain control of the developer's infrastructure.
+
 ## Overview
 
 SchemaPin provides a robust defense against supply-chain attacks where benign schemas are maliciously replaced after being approved. The protocol uses:
@@ -22,25 +50,39 @@ SchemaPin provides a robust defense against supply-chain attacks where benign sc
 
 ```mermaid
 flowchart TD
-    A[Tool Developer] -->|Publishes| B["/.well-known/schemapin.json (Public Key)"]
+    A[Tool Developer] -->|Publishes| B["/.well-known/schemapin.json<br/>(Public Key + Revoked Keys)"]
     A -->|Signs| C["Tool Schema + Signature"]
 
     subgraph "AI Agent"
         D["Fetch Schema + Signature"]
         E["Fetch or Cache Public Key"]
-        F["Verify Signature"]
-        G{"Signature Valid?"}
-        H["Accept & Use Tool Schema"]
-        I["Reject / Block Tool"]
+        F["Check Key Revocation"]
+        G["Verify Signature"]
+        H{"Key Revoked?"}
+        I{"Signature Valid?"}
+        J{"Interactive Mode?"}
+        K["Prompt User Decision"]
+        L["Accept & Use Tool Schema"]
+        M["Reject / Block Tool"]
+        N["Pin Key (TOFU)"]
     end
 
     C --> D
     B --> E
-    D --> F
+    D --> G
     E --> F
-    F --> G
-    G -- Yes --> H
-    G -- No --> I
+    F --> H
+    E --> G
+    H -- Yes --> M
+    H -- No --> G
+    G --> I
+    I -- No --> M
+    I -- Yes --> J
+    J -- Yes --> K
+    J -- No --> N
+    K --> L
+    K --> M
+    N --> L
 ```
 
 ## Quick Start
@@ -101,21 +143,34 @@ else:
 
 ## Installation
 
-### Python
+### From Package Repositories (Recommended)
+
+#### Python (PyPI)
 
 ```bash
-cd python
-pip install -e .
+# Install from PyPI
+pip install schemapin
+
+# Or install with development dependencies
+pip install schemapin[dev]
 ```
 
-### JavaScript/Node.js
+After installation, CLI tools will be available:
+- `schemapin-keygen` - Generate cryptographic key pairs
+- `schemapin-sign` - Sign JSON schemas
+- `schemapin-verify` - Verify signed schemas
+
+#### JavaScript/Node.js (npm)
 
 ```bash
-cd javascript
-npm install
+# Install from npm
+npm install schemapin
+
+# Or install globally for CLI usage
+npm install -g schemapin
 ```
 
-### Development Setup
+### From Source (Development)
 
 ```bash
 # Clone repository
@@ -125,18 +180,30 @@ cd schemapin
 # Set up Python environment
 python3 -m venv .venv
 source .venv/bin/activate
-pip install -r python/requirements.txt
 
 # Install Python package in development mode
 cd python
-pip install -e .
-
-# Run Python tests
-python -m pytest tests/ -v
+pip install -e .[dev]
 
-# Run JavaScript tests
+# Install JavaScript dependencies
 cd ../javascript
-npm test
+npm install
+
+# Run tests
+cd ../python && python -m pytest tests/ -v
+cd ../javascript && npm test
+```
+
+### Package Building
+
+```bash
+# Build all packages
+python scripts/build_packages.py
+
+# Test packages
+python scripts/test_packages.py
+
+# Packages will be available in dist/
 ```
 
 ## Examples
@@ -180,10 +247,12 @@ graph LR
     
     F[Client] --> G[Fetch Schema + Signature]
     G --> H[Discover Public Key]
-    H --> I[Verify Signature]
-    I --> J{Valid?}
-    J -->|Yes| K[Use Tool]
-    J -->|No| L[Reject Tool]
+    H --> I[Check Key Revocation]
+    I --> J[Verify Signature]
+    J --> K{Valid & Not Revoked?}
+    K -->|Yes| L[Interactive Pinning Check]
+    L --> M[Use Tool]
+    K -->|No| N[Reject Tool]
 ```
 
 ## Security
@@ -295,7 +364,7 @@ MIT License - see [`LICENSE`](LICENSE) file for details.
 
 ## Contact
 
-- **Author**: Jascha Wanger / ThirdKey.ai
+- **Author**: Jascha Wanger / [ThirdKey.ai](https://thirdkey.ai)
 - **Email**: [email protected]
 - **Repository**: https://github.com/thirdkey/schemapin