Skip to content

Releases: newtype-ai/nit

v0.6.2 — Identity Registry (E2E verified)

02 Apr 19:13
@stainlu stainlu
v0.6.2
aa5359a

Choose a tag to compare

View all tags
v0.6.2 — Identity Registry (E2E verified) Latest
Latest

Patch release with server-side fixes and E2E verification against live production.

Fixes since v0.6.0

  • Server: Fixed Ed25519 attestation signing (PKCS8 format for Cloudflare Workers)
  • Server: Graceful fallback if attestation signing fails (verify endpoint no longer 500s)
  • E2E tests: Fixed login payload parsing (separate stdout/stderr capture)

Verified

32/32 E2E tests passing against live api.newtype-ai.org:

  • init, push (TOFU), public card fetch, branch workflow
  • Ownership verification with admitted, identity metadata, attestation
  • Cross-app replay protection (403)
  • Expired timestamp rejection (401)
  • Login payload includes public_key

Identity Registry features (from v0.6.0)

  • Machine fingerprint collection at init
  • public_key in login payload
  • Policy-based verification (policy parameter on /agent-card/verify)
  • Identity metadata (registration_timestamp, machine_identity_count, ip_identity_count, total_logins, etc.)
  • Server attestation (Ed25519 signed verification results)
  • min_age_seconds defaults to 5 seconds
Assets 2
Loading

v0.6.0 — Identity Registry

02 Apr 18:31
@stainlu stainlu
v0.6.0
7b24cdd

Choose a tag to compare

View all tags
v0.6.0 — Identity Registry

Identity Registry

nit's server evolves from a JSON host into an identity registry — like a credit bureau for agent identity. It stores all identity metadata, never rejects, and lets apps define their own trust policy.

What's new

Machine fingerprintnit init collects a platform-specific machine hash (macOS IOPlatformUUID, Linux /etc/machine-id). Sent to the server on first push as one of several anti-sybil signals.

public_key in login payloadnit sign --login now includes the agent's public key in the output for transparency.

Policy-based verification — apps send a policy object to POST /agent-card/verify with trust rules:

{
  "policy": {
    "max_identities_per_machine": 10,
    "min_age_seconds": 3600
  }
}

Server evaluates and returns admitted: true/false alongside raw identity metadata (registration time, machine/IP identity counts, login history, unique domains).

Server attestation — the server signs verification results with its own Ed25519 key. Apps can verify attestations offline. Server public key published at GET /agent-card/server-key.

Default min_age_seconds: 5 — even without explicit policy, the server enforces a 5-second minimum identity age to prevent instant scripted attacks.

Design model

  • Server = identity registry (credit bureau model). Stores data, never rejects.
  • Apps = policy makers. Each app defines its own trust rules.
  • Combined signals (IP, machine_id, timing, login patterns) provide anti-sybil insights over time — no single signal is sufficient.
  • Like Stripe Radar: evaluates rules server-side for convenience, returns metadata for transparency.

Breaking changes

None. All new fields are additive. Old clients continue to work.

Companion releases

  • @newtype-ai/nit-sdk@0.3.0verifyAgent() now accepts policy parameter, returns admitted, identity, attestation
  • Server deployed with identity metadata storage, policy evaluation, and attestation signing
Loading

v0.5.2

31 Mar 07:35
@stainlu stainlu
v0.5.2
bfee15b

Choose a tag to compare

View all tags
v0.5.2

What's new

Checkout auto-commits instead of blocking. When switching branches with uncommitted changes, nit now auto-commits them with "auto-save before switching to {branch}" instead of erroring with "You have uncommitted changes."

Git blocks checkout to protect hours of source code. nit tracks one JSON file for AI agents — the risk/friction ratio is wrong. Auto-commit preserves work and unblocks the agent.

This fixes the cascading failure where nit sign --login adds a skill pointer, the agent never commits, then the next login to a different domain is blocked.

npm

npm install -g @newtype-ai/nit@0.5.2
Loading

v0.5.1

26 Mar 08:10
@stainlu stainlu
v0.5.1
383729e

Choose a tag to compare

View all tags
v0.5.1

What's new

  • nit branch -d <name> — delete a local branch
  • nit branch -D <name> — delete local + remote branch
  • Flag parsing fixnit branch --help no longer creates a branch called --help. Flags starting with - are rejected unless they're -d or -D.
  • Cannot delete main or the currently checked-out branch.

npm

npm install -g @newtype-ai/nit@0.5.1
Loading

v0.5.0

26 Mar 07:56
@stainlu stainlu
v0.5.0
a737606

Choose a tag to compare

View all tags
v0.5.0

What's new

nit sign --login auto-bootstraps identity. One command, zero prerequisites.

If no .nit/ exists in the current workspace, nit sign --login <domain> automatically:

  1. Creates your Ed25519 identity (nit init)
  2. Publishes it to the server (nit push — TOFU registration)
  3. Switches to the domain branch
  4. Generates the signed login payload

No more 3-step setup. No more agents searching the filesystem for .nit/ in wrong directories.

Identity stability

If .nit/ already exists, it reuses the existing identity. Same keypair, same agent ID across all sessions.

Workspace rule

SKILL.md now explicitly states: one workspace = one identity. Never search for .nit/ elsewhere.

npm

npm install -g @newtype-ai/nit@0.5.0
Loading

v0.4.19

26 Mar 07:17
@stainlu stainlu
v0.4.19
549c830

Choose a tag to compare

View all tags
v0.4.19

What's new

  • ASCII logo on nit init: Shows the nit ASCII art and a welcome message with approximate install count (welcome the ~3,009th nit!). Count is baked in at build time from npm download stats — purely local at runtime.

npm

npm install -g @newtype-ai/nit@0.4.19
Loading

v0.4.18

25 Mar 15:19
@stainlu stainlu
v0.4.18
41f23f0

Choose a tag to compare

View all tags
v0.4.18

Explicit workspace discovery — no upward walk. repository → workspace in all messages. Breaking: nit commands must run from workspace root.

Loading

v0.4.17

24 Mar 03:32
@stainlu stainlu
v0.4.17
52ee173

Choose a tag to compare

View all tags
v0.4.17

What's new

  • Wallet addresses in agent-card.json: wallet: { solana, evm } is now stored directly in the card and enforced at commit time. The card is the single source of truth for wallet addresses.
  • Every nit init and nit commit automatically injects wallet addresses derived from the Ed25519 keypair.

npm

npm install -g @newtype-ai/nit@0.4.17
Loading

v0.4.16

23 Mar 17:11
@stainlu stainlu
v0.4.16
369ea6a

Choose a tag to compare

View all tags
v0.4.16

What's new

  • Release notes in auto-update: When nit auto-updates, it now shows a link to the release notes so you can see what changed.
nit: updating 0.4.15 → 0.4.16 — https://github.com/newtype-ai/nit/releases/tag/v0.4.16

npm

npm install -g @newtype-ai/nit@0.4.16
Loading

v0.4.15

23 Mar 17:04
@stainlu stainlu
v0.4.15
8e744d3

Choose a tag to compare

View all tags
v0.4.15

What's new

  • Verify returns domain branch card: Apps now receive the agent's domain-specific card (e.g., the faam.io branch card) instead of the generic main card. Falls back to main if the domain branch hasn't been pushed.
  • Read token for ongoing access: The verify endpoint issues an HMAC-signed read token (30-day expiry) scoped to agent_id + domain. Apps use Authorization: Bearer <token> to fetch updated domain cards anytime.
  • Read token auth on card serving: Non-main branch reads now accept Bearer token auth (priority over challenge-response).
  • Agent controls what each app sees: Updated SKILL.md to make this explicit — each app only sees the card the agent has chosen to share with it.
  • SDK renamed: References updated from @newtype-ai/sdk to @newtype-ai/nit-sdk.

npm

npm install -g @newtype-ai/nit@0.4.15
Loading