workos/auth.md — reverse-engineered prompt

Build me a small TypeScript reference app that demonstrates agentic registration for auth.md. I want two local pieces, an agent provider that can mint identity assertions for a user, and an agent service that reads an AUTH.md style recipe and lets an agent register, claim, exchange, use, and revoke credentials.

The service should have a simple home page that walks through the three flows interactively. One flow uses an ID JAG from the provider, one uses a verified email claim with a user code and verification link, and one starts anonymous then lets the user claim it later. Include the discovery metadata endpoints, the identity endpoint, claim endpoints, token exchange, revocation, and a protected sample API so I can see the access token working.

Keep it easy to run locally with one install command and one dev command. Add clear README instructions and sample AUTH.md text so someone can understand the protocol by running the demo. Look up current OAuth docs online if needed.