SdJwt.Net.AgentTrust.Core 1.0.6

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. .NET Standard 2.1 This package targets .NET Standard 2.1. The package is compatible with this framework or higher. 
dotnet add package SdJwt.Net.AgentTrust.Core --version 1.0.6
                    


                    

                
NuGet\Install-Package SdJwt.Net.AgentTrust.Core -Version 1.0.6
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="SdJwt.Net.AgentTrust.Core" Version="1.0.6" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="SdJwt.Net.AgentTrust.Core" Version="1.0.6" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="SdJwt.Net.AgentTrust.Core" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add SdJwt.Net.AgentTrust.Core --version 1.0.6
                    


                    

                
#r "nuget: SdJwt.Net.AgentTrust.Core, 1.0.6"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package SdJwt.Net.AgentTrust.Core@1.0.6
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=SdJwt.Net.AgentTrust.Core&version=1.0.6
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=SdJwt.Net.AgentTrust.Core&version=1.0.6
                    


                            Install as a Cake Tool

SdJwt.Net.AgentTrust.Core

Core primitives for issuing and verifying SD-JWT capability tokens used in agent-to-tool and agent-to-agent trust flows.

Install

dotnet add package SdJwt.Net.AgentTrust.Core

What This Package Provides

  • CapabilityTokenIssuer for minting SD-JWT capability tokens.
  • CapabilityTokenVerifier for validating signature, audience, expiry, and replay constraints.
  • IKeyCustodyProvider and InMemoryKeyCustodyProvider for signing key access.
  • INonceStore and MemoryNonceStore for replay prevention.
  • IReceiptWriter and LoggingReceiptWriter for allow/deny audit receipts.
  • Capability data models (CapabilityClaim, CapabilityContext, CapabilityLimits).

Quick Start

using Microsoft.IdentityModel.Tokens;
using SdJwt.Net.AgentTrust.Core;
using System.Security.Cryptography;

var signingBytes = RandomNumberGenerator.GetBytes(32);
var signingKey = new SymmetricSecurityKey(signingBytes);
var nonceStore = new MemoryNonceStore();

var issuer = new CapabilityTokenIssuer(
    signingKey,
    SecurityAlgorithms.HmacSha256,
    nonceStore);

var minted = issuer.Mint(new CapabilityTokenOptions
{
    Issuer = "agent://assistant-1",
    Audience = "https://tool-api.example.com",
    Capability = new CapabilityClaim
    {
        Tool = "crm",
        Action = "Read",
        Resource = "customer-profile",
        Limits = new CapabilityLimits { MaxResults = 25 }
    },
    Context = new CapabilityContext
    {
        CorrelationId = Guid.NewGuid().ToString("N"),
        WorkflowId = "wf-123"
    },
    Lifetime = TimeSpan.FromMinutes(1)
});

var verifier = new CapabilityTokenVerifier(nonceStore);
var verification = await verifier.VerifyAsync(
    minted.Token,
    new CapabilityVerificationOptions
    {
        ExpectedAudience = "https://tool-api.example.com",
        TrustedIssuers = new Dictionary<string, SecurityKey>
        {
            ["agent://assistant-1"] = signingKey
        }
    });

if (!verification.IsValid)
{
    throw new InvalidOperationException(verification.Error);
}

Core Validation Behavior

  • Requires iss, aud, jti, exp, cap, and ctx claims.
  • Validates signature against issuer key in TrustedIssuers.
  • Enforces audience equality with ExpectedAudience.
  • Rejects expired tokens with configurable ClockSkewTolerance.
  • Enforces replay protection when EnforceReplayPrevention is enabled.
  • Use a hardware-backed key provider through IKeyCustodyProvider.
  • Keep token lifetime short (default is 60 seconds).
  • Store replay nonces in distributed storage for multi-node deployments.
  • Write receipts to durable audit storage via a custom IReceiptWriter.
  • SdJwt.Net.AgentTrust.Policy
  • SdJwt.Net.AgentTrust.AspNetCore
  • SdJwt.Net.AgentTrust.Maf
Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
.NET Core netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.1 is compatible. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (7)

Showing the top 5 NuGet packages that depend on SdJwt.Net.AgentTrust.Core:

Package Downloads
SdJwt.Net.AgentTrust.Policy

Policy engine for agent trust capability authorization and delegation.
SdJwt.Net.AgentTrust.Maf

Middleware-style adapter for applying agent trust capability tokens to agent tool calls.
SdJwt.Net.AgentTrust.AspNetCore

Inbound middleware and authorization integration for agent trust capability tokens.
SdJwt.Net.AgentTrust.OpenTelemetry

OpenTelemetry instrumentation for agent trust capability token operations including traces, metrics, and diagnostic enrichment.
SdJwt.Net.AgentTrust.A2A

Agent-to-Agent (A2A) protocol integration for multi-agent delegation, agent card discovery, and cross-agent trust chain validation.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.6 255 5/10/2026
1.0.5 257 5/9/2026
1.0.4 218 4/30/2026
1.0.3 231 4/28/2026
1.0.3-alpha.0.2 61 4/28/2026
1.0.2 200 3/13/2026