npm - 2020117-agent - Versions diffs - 0.3.7 → 0.4.1 - Mend

2020117-agent 0.3.7 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/agent.js CHANGED Viewed

@@ -19,8 +19,12 @@ for (const arg of process.argv.slice(2)) {
     if (!arg.startsWith('--'))
         continue;
     const eq = arg.indexOf('=');
-    if (eq === -1)
+    if (eq === -1) {
+        // Bare flags (no value)
+        if (arg === '--sovereign')
+            process.env.SOVEREIGN = '1';
         continue;
+    }
     const key = arg.slice(0, eq);
     const val = arg.slice(eq + 1);
     switch (key) {
@@ -63,6 +67,18 @@ for (const arg of process.argv.slice(2)) {
         case '--lightning-address':
             process.env.LIGHTNING_ADDRESS = val;
             break;
+        case '--sovereign':
+            process.env.SOVEREIGN = val || '1';
+            break;
+        case '--privkey':
+            process.env.NOSTR_PRIVKEY = val;
+            break;
+        case '--nwc':
+            process.env.NWC_URI = val;
+            break;
+        case '--relays':
+            process.env.NOSTR_RELAYS = val;
+            break;
     }
 }
 import { randomBytes } from 'crypto';
@@ -71,6 +87,8 @@ import { createProcessor } from './processor.js';
 import { hasApiKey, loadAgentName, registerService, startHeartbeatLoop, getInbox, acceptJob, sendFeedback, submitResult, createJob, getJob, getProfile, reportSession, } from './api.js';
 import { generateInvoice } from './clink.js';
 import { receiveCashuToken } from './cashu.js';
+import { generateKeypair, loadSovereignKeys, saveSovereignKeys, signEvent, nip44Encrypt, nip44Decrypt, pubkeyFromPrivkey, RelayPool, } from './nostr.js';
+import { parseNwcUri, nwcGetBalance } from './nwc.js';
 import { readFileSync } from 'fs';
 import WebSocket from 'ws';
 // Polyfill global WebSocket for Node.js < 22 (needed by ws tunnel)
@@ -84,6 +102,10 @@ const SATS_PER_CHUNK = Number(process.env.SATS_PER_CHUNK) || 1;
 const CHUNKS_PER_PAYMENT = Number(process.env.CHUNKS_PER_PAYMENT) || 10;
 // --- Lightning payment config ---
 let LIGHTNING_ADDRESS = process.env.LIGHTNING_ADDRESS || '';
+// --- Sovereign mode config ---
+const SOVEREIGN = process.env.SOVEREIGN === '1' || process.env.SOVEREIGN === 'true';
+const DEFAULT_RELAYS = ['wss://relay.2020117.xyz', 'wss://relay.damus.io', 'wss://nos.lol'];
+const RELAYS = process.env.NOSTR_RELAYS?.split(',').map(s => s.trim()) || DEFAULT_RELAYS;
 // --- Sub-task delegation config ---
 const SUB_KIND = process.env.SUB_KIND ? Number(process.env.SUB_KIND) : null;
 const SUB_PROVIDER = process.env.SUB_PROVIDER || undefined;
@@ -119,6 +141,9 @@ const state = {
     skill: loadSkill(),
     p2pSessionsCompleted: 0,
     p2pTotalEarnedSats: 0,
+    sovereignKeys: null,
+    relayPool: null,
+    nwcParsed: null,
 };
 // --- Capacity management ---
 function acquireSlot() {
@@ -162,15 +187,22 @@ async function main() {
             console.log(`[${label}] Lightning Address loaded from platform: ${LIGHTNING_ADDRESS}`);
         }
     }
-    // 3. Platform registration + heartbeat
-    await setupPlatform(label);
-    // 5. Async inbox poller
+    // 3. Sovereign mode: Nostr identity + relay connections + NIP-XX
+    if (SOVEREIGN) {
+        await setupSovereign(label);
+    }
+    // 4. Platform registration + heartbeat (skipped in sovereign-only mode)
+    if (!SOVEREIGN || hasApiKey()) {
+        await setupPlatform(label);
+    }
+    // 5. Async inbox poller (platform mode)
     startInboxPoller(label);
     // 6. P2P swarm listener
     await startSwarmListener(label);
-    // 6. Graceful shutdown
+    // 7. Graceful shutdown
     setupShutdown(label);
-    console.log(`[${label}] Agent ready — async + P2P channels active\n`);
+    const mode = SOVEREIGN ? 'sovereign' : (hasApiKey() ? 'platform' : 'P2P-only');
+    console.log(`[${label}] Agent ready — mode=${mode}, channels active\n`);
 }
 // --- 2. Platform registration ---
 async function setupPlatform(label) {
@@ -194,6 +226,292 @@ async function setupPlatform(label) {
         active: activeSessions.size > 0,
     }));
 }
+// --- 2a. Sovereign Mode (AIP-0009) ---
+async function setupSovereign(label) {
+    const agentName = state.agentName || 'sovereign-agent';
+    // 1. Load or generate Nostr keys
+    let keys = loadSovereignKeys(agentName);
+    if (!keys?.privkey) {
+        const privkey = process.env.NOSTR_PRIVKEY;
+        if (privkey) {
+            keys = {
+                ...(keys || {}),
+                privkey,
+                pubkey: pubkeyFromPrivkey(privkey),
+                nwc_uri: process.env.NWC_URI,
+                relays: RELAYS,
+                lightning_address: LIGHTNING_ADDRESS || undefined,
+            };
+        }
+        else {
+            const kp = generateKeypair();
+            keys = {
+                ...(keys || {}),
+                privkey: kp.privkey,
+                pubkey: kp.pubkey,
+                nwc_uri: process.env.NWC_URI,
+                relays: RELAYS,
+                lightning_address: LIGHTNING_ADDRESS || undefined,
+            };
+            console.log(`[${label}] Generated new Nostr keypair: ${kp.pubkey}`);
+        }
+        saveSovereignKeys(agentName, keys);
+    }
+    // Apply NWC/relays from env if not already in keys
+    if (!keys.nwc_uri && process.env.NWC_URI)
+        keys.nwc_uri = process.env.NWC_URI;
+    if (!keys.relays?.length)
+        keys.relays = RELAYS;
+    if (!keys.lightning_address && LIGHTNING_ADDRESS)
+        keys.lightning_address = LIGHTNING_ADDRESS;
+    state.sovereignKeys = keys;
+    console.log(`[${label}] Sovereign identity: ${keys.pubkey}`);
+    // 2. Parse NWC URI if available
+    const nwcUri = keys.nwc_uri || process.env.NWC_URI;
+    if (nwcUri) {
+        try {
+            state.nwcParsed = parseNwcUri(nwcUri);
+            const { balance_msats } = await nwcGetBalance(state.nwcParsed);
+            console.log(`[${label}] NWC wallet connected (balance: ${Math.floor(balance_msats / 1000)} sats)`);
+        }
+        catch (e) {
+            console.warn(`[${label}] NWC connection failed: ${e.message}`);
+            state.nwcParsed = null;
+        }
+    }
+    // 3. Connect to relay pool
+    const relayUrls = keys.relays || RELAYS;
+    console.log(`[${label}] Connecting to ${relayUrls.length} relay(s)...`);
+    state.relayPool = new RelayPool(relayUrls);
+    await state.relayPool.connect();
+    console.log(`[${label}] Connected to ${state.relayPool.connectedCount} relay(s)`);
+    // 4. Publish ai.info (Kind 31340) — NIP-XX capability advertisement
+    await publishAiInfo(label);
+    // 5. Publish handler info (Kind 31990) — NIP-89 DVM capability
+    await publishHandlerInfo(label);
+    // 6. Subscribe to NIP-XX prompts (Kind 25802)
+    subscribeNipXX(label);
+    // 7. Subscribe to DVM requests (Kind 5xxx) directly from relay
+    subscribeDvmRequests(label);
+    // 8. Start sovereign heartbeat (Kind 30333 to relay)
+    startSovereignHeartbeat(label);
+}
+async function publishAiInfo(label) {
+    if (!state.sovereignKeys || !state.relayPool)
+        return;
+    const info = {
+        ver: 1,
+        supports_streaming: false,
+        encryption: ['nip44'],
+        supported_models: state.processor?.name ? [state.processor.name] : [],
+        default_model: state.processor?.name || 'default',
+        dvm_compatible: true,
+        dvm_kinds: [KIND],
+        pricing_hints: {
+            currency: 'BTC',
+            sats_per_prompt: SATS_PER_CHUNK * CHUNKS_PER_PAYMENT,
+        },
+        payment: {
+            methods: state.nwcParsed ? ['nwc', 'cashu'] : ['cashu'],
+            lightning_address: LIGHTNING_ADDRESS || undefined,
+        },
+    };
+    const event = signEvent({
+        kind: 31340,
+        tags: [['d', 'agent-info']],
+        content: JSON.stringify(info),
+    }, state.sovereignKeys.privkey);
+    const ok = await state.relayPool.publish(event);
+    console.log(`[${label}] Published ai.info (Kind 31340): ${ok ? 'ok' : 'failed'}`);
+}
+async function publishHandlerInfo(label) {
+    if (!state.sovereignKeys || !state.relayPool)
+        return;
+    const agentName = state.agentName || 'sovereign-agent';
+    const content = {
+        name: agentName,
+        about: state.skill?.description || `DVM agent (kind ${KIND})`,
+        pricing: { [String(KIND)]: SATS_PER_CHUNK * CHUNKS_PER_PAYMENT },
+    };
+    const event = signEvent({
+        kind: 31990,
+        tags: [
+            ['d', `${agentName}-${KIND}`],
+            ['k', String(KIND)],
+        ],
+        content: JSON.stringify(content),
+    }, state.sovereignKeys.privkey);
+    const ok = await state.relayPool.publish(event);
+    console.log(`[${label}] Published handler info (Kind 31990): ${ok ? 'ok' : 'failed'}`);
+}
+function subscribeNipXX(label) {
+    if (!state.sovereignKeys || !state.relayPool)
+        return;
+    state.relayPool.subscribe({ kinds: [25802], '#p': [state.sovereignKeys.pubkey] }, (event) => {
+        handleAiPrompt(label, event).catch(e => {
+            console.error(`[${label}] NIP-XX prompt error: ${e.message}`);
+        });
+    });
+    console.log(`[${label}] Subscribed to ai.prompt (Kind 25802)`);
+}
+function subscribeDvmRequests(label) {
+    if (!state.sovereignKeys || !state.relayPool)
+        return;
+    // Subscribe to all DVM requests of our kind (broadcast + directed)
+    state.relayPool.subscribe({ kinds: [KIND] }, (event) => {
+        handleDvmRequest(label, event).catch(e => {
+            console.error(`[${label}] DVM request error: ${e.message}`);
+        });
+    });
+    console.log(`[${label}] Subscribed to DVM requests (Kind ${KIND}) via relay`);
+}
+async function handleAiPrompt(label, event) {
+    if (!state.sovereignKeys || !state.relayPool || !state.processor)
+        return;
+    if (!acquireSlot()) {
+        await publishAiError(event.pubkey, event.id, 'RATE_LIMIT', 'Agent at capacity');
+        return;
+    }
+    try {
+        const clientPubkey = event.pubkey;
+        const promptId = event.id;
+        // NIP-44 decrypt
+        let content;
+        try {
+            const decrypted = await nip44Decrypt(state.sovereignKeys.privkey, clientPubkey, event.content);
+            content = JSON.parse(decrypted);
+        }
+        catch {
+            await publishAiError(clientPubkey, promptId, 'INVALID_REQUEST', 'Failed to decrypt');
+            return;
+        }
+        const message = content.message || content.text || '';
+        console.log(`[${label}] NIP-XX prompt from ${clientPubkey.slice(0, 8)}: "${message.slice(0, 60)}..."`);
+        // Status: thinking
+        await publishAiStatus(clientPubkey, promptId, 'thinking');
+        // Process
+        const result = await state.processor.generate({ input: message, params: content.params });
+        console.log(`[${label}] NIP-XX response: ${result.length} chars`);
+        // Build ai.response (Kind 25803)
+        const responsePayload = JSON.stringify({
+            text: result,
+            usage: { input_tokens: message.length, output_tokens: result.length },
+        });
+        const encrypted = await nip44Encrypt(state.sovereignKeys.privkey, clientPubkey, responsePayload);
+        const tags = [
+            ['p', clientPubkey],
+            ['e', promptId],
+        ];
+        const sessionTag = event.tags.find(t => t[0] === 's');
+        if (sessionTag)
+            tags.push(sessionTag);
+        const responseEvent = signEvent({
+            kind: 25803,
+            tags,
+            content: encrypted,
+        }, state.sovereignKeys.privkey);
+        await state.relayPool.publish(responseEvent);
+        // Status: done
+        await publishAiStatus(clientPubkey, promptId, 'done');
+        console.log(`[${label}] Published ai.response (Kind 25803)`);
+    }
+    finally {
+        releaseSlot();
+    }
+}
+async function handleDvmRequest(label, event) {
+    if (!state.sovereignKeys || !state.relayPool || !state.processor)
+        return;
+    if (!acquireSlot())
+        return;
+    try {
+        // Parse DVM request: input is in 'i' tag
+        const inputTag = event.tags.find(t => t[0] === 'i');
+        const input = inputTag?.[1] || '';
+        if (!input) {
+            console.warn(`[${label}] DVM request ${event.id.slice(0, 8)} has no input`);
+            return;
+        }
+        console.log(`[${label}] DVM request from ${event.pubkey.slice(0, 8)}: "${input.slice(0, 60)}..."`);
+        // Send feedback (Kind 7000)
+        const feedbackEvent = signEvent({
+            kind: 7000,
+            tags: [
+                ['p', event.pubkey],
+                ['e', event.id],
+                ['status', 'processing'],
+            ],
+            content: '',
+        }, state.sovereignKeys.privkey);
+        await state.relayPool.publish(feedbackEvent);
+        // Process
+        const result = await state.processor.generate({ input });
+        console.log(`[${label}] DVM result: ${result.length} chars`);
+        // Send result (Kind 6xxx = request kind + 1000)
+        const resultKind = KIND + 1000;
+        const resultEvent = signEvent({
+            kind: resultKind,
+            tags: [
+                ['p', event.pubkey],
+                ['e', event.id],
+                ['request', JSON.stringify(event)],
+            ],
+            content: result,
+        }, state.sovereignKeys.privkey);
+        await state.relayPool.publish(resultEvent);
+        console.log(`[${label}] Published DVM result (Kind ${resultKind}) via relay`);
+    }
+    finally {
+        releaseSlot();
+    }
+}
+async function publishAiStatus(clientPubkey, promptId, status) {
+    if (!state.sovereignKeys || !state.relayPool)
+        return;
+    const payload = JSON.stringify({ state: status });
+    const encrypted = await nip44Encrypt(state.sovereignKeys.privkey, clientPubkey, payload);
+    const event = signEvent({
+        kind: 25800,
+        tags: [['p', clientPubkey], ['e', promptId]],
+        content: encrypted,
+    }, state.sovereignKeys.privkey);
+    await state.relayPool.publish(event).catch(() => { });
+}
+async function publishAiError(clientPubkey, promptId, code, message) {
+    if (!state.sovereignKeys || !state.relayPool)
+        return;
+    const payload = JSON.stringify({ code, message });
+    const encrypted = await nip44Encrypt(state.sovereignKeys.privkey, clientPubkey, payload);
+    const event = signEvent({
+        kind: 25805,
+        tags: [['p', clientPubkey], ['e', promptId]],
+        content: encrypted,
+    }, state.sovereignKeys.privkey);
+    await state.relayPool.publish(event).catch(() => { });
+}
+function startSovereignHeartbeat(label) {
+    if (!state.sovereignKeys || !state.relayPool)
+        return;
+    async function publishHeartbeat() {
+        if (!state.sovereignKeys || !state.relayPool)
+            return;
+        const event = signEvent({
+            kind: 30333,
+            tags: [
+                ['d', state.sovereignKeys.pubkey],
+                ['status', 'online'],
+                ['capacity', String(getAvailableCapacity())],
+                ['kinds', String(KIND)],
+            ],
+            content: '',
+        }, state.sovereignKeys.privkey);
+        const ok = await state.relayPool.publish(event);
+        if (ok)
+            console.log(`[${label}] Heartbeat published to relay`);
+    }
+    publishHeartbeat();
+    setInterval(publishHeartbeat, 5 * 60_000);
+}
 // --- 3. Async Inbox Poller ---
 function startInboxPoller(label) {
     if (!hasApiKey())
@@ -716,6 +1034,10 @@ function setupShutdown(label) {
         if (state.swarmNode) {
             await state.swarmNode.destroy();
         }
+        // Close relay pool (sovereign mode)
+        if (state.relayPool) {
+            await state.relayPool.close();
+        }
         console.log(`[${label}] Goodbye`);
         process.exit(0);
     };

package/dist/nostr.d.ts ADDED Viewed

@@ -0,0 +1,81 @@
+/**
+ * Nostr primitives for sovereign mode.
+ * Key management, event signing, relay connections, NIP-44/NIP-04 encryption.
+ *
+ * Uses @noble/curves directly for signing (proven pattern from platform nwc.ts)
+ * and nostr-tools for NIP-44 (complex protocol, not worth re-implementing).
+ */
+export interface SovereignKeys {
+    privkey: string;
+    pubkey: string;
+    nwc_uri?: string;
+    relays?: string[];
+    lightning_address?: string;
+    api_key?: string;
+    user_id?: string;
+    username?: string;
+}
+export interface NostrEvent {
+    id: string;
+    pubkey: string;
+    created_at: number;
+    kind: number;
+    tags: string[][];
+    content: string;
+    sig: string;
+}
+export interface UnsignedEvent {
+    kind: number;
+    tags: string[][];
+    content: string;
+    created_at?: number;
+}
+export declare function generateKeypair(): {
+    privkey: string;
+    pubkey: string;
+};
+export declare function pubkeyFromPrivkey(privkeyHex: string): string;
+/** Load sovereign keys for an agent from .2020117_keys (cwd then home). */
+export declare function loadSovereignKeys(agentName?: string): SovereignKeys | null;
+/** Save sovereign keys to .2020117_keys in current directory. */
+export declare function saveSovereignKeys(agentName: string, keys: SovereignKeys): void;
+export declare function signEvent(template: UnsignedEvent, privkeyHex: string): NostrEvent;
+export declare function nip44Encrypt(privkeyHex: string, pubkeyHex: string, plaintext: string): Promise<string>;
+export declare function nip44Decrypt(privkeyHex: string, pubkeyHex: string, ciphertext: string): Promise<string>;
+export declare function nip04Encrypt(privkeyHex: string, pubkeyHex: string, plaintext: string): Promise<string>;
+export declare function nip04Decrypt(privkeyHex: string, pubkeyHex: string, ciphertext: string): Promise<string>;
+export interface RelaySubscription {
+    id: string;
+    close: () => void;
+}
+export declare class NostrRelay {
+    private ws;
+    private url;
+    private subs;
+    private eoseCallbacks;
+    private pendingOk;
+    private _connected;
+    private reconnectTimer;
+    private shouldReconnect;
+    constructor(url: string);
+    connect(): Promise<void>;
+    private reconnect;
+    private handleMessage;
+    publish(event: NostrEvent): Promise<boolean>;
+    subscribe(filters: Record<string, unknown>, handler: (event: NostrEvent) => void, onEose?: () => void): RelaySubscription;
+    close(): Promise<void>;
+    get connected(): boolean;
+}
+/** Multi-relay pool — publish to all, subscribe to all with deduplication. */
+export declare class RelayPool {
+    private relays;
+    private urls;
+    constructor(urls: string[]);
+    connect(): Promise<void>;
+    publish(event: NostrEvent): Promise<boolean>;
+    subscribe(filters: Record<string, unknown>, handler: (event: NostrEvent) => void, onEose?: () => void): {
+        close: () => void;
+    };
+    close(): Promise<void>;
+    get connectedCount(): number;
+}

package/dist/nostr.js ADDED Viewed

@@ -0,0 +1,295 @@
+/**
+ * Nostr primitives for sovereign mode.
+ * Key management, event signing, relay connections, NIP-44/NIP-04 encryption.
+ *
+ * Uses @noble/curves directly for signing (proven pattern from platform nwc.ts)
+ * and nostr-tools for NIP-44 (complex protocol, not worth re-implementing).
+ */
+import { schnorr, secp256k1 } from '@noble/curves/secp256k1.js';
+import { sha256 } from '@noble/hashes/sha2.js';
+import { bytesToHex, hexToBytes } from '@noble/hashes/utils.js';
+import { readFileSync, writeFileSync, chmodSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+import { randomBytes } from 'crypto';
+import WebSocket from 'ws';
+// --- Key Management ---
+export function generateKeypair() {
+    const sk = randomBytes(32);
+    return {
+        privkey: bytesToHex(sk),
+        pubkey: bytesToHex(schnorr.getPublicKey(sk)),
+    };
+}
+export function pubkeyFromPrivkey(privkeyHex) {
+    return bytesToHex(schnorr.getPublicKey(hexToBytes(privkeyHex)));
+}
+/** Load sovereign keys for an agent from .2020117_keys (cwd then home). */
+export function loadSovereignKeys(agentName) {
+    for (const dir of [process.cwd(), homedir()]) {
+        try {
+            const raw = readFileSync(join(dir, '.2020117_keys'), 'utf-8');
+            const keys = JSON.parse(raw);
+            if (agentName && keys[agentName])
+                return keys[agentName];
+            if (!agentName) {
+                const first = Object.values(keys)[0];
+                if (first)
+                    return first;
+            }
+        }
+        catch { }
+    }
+    return null;
+}
+/** Save sovereign keys to .2020117_keys in current directory. */
+export function saveSovereignKeys(agentName, keys) {
+    const filePath = join(process.cwd(), '.2020117_keys');
+    let existing = {};
+    try {
+        existing = JSON.parse(readFileSync(filePath, 'utf-8'));
+    }
+    catch { }
+    existing[agentName] = keys;
+    writeFileSync(filePath, JSON.stringify(existing, null, 2));
+    try {
+        chmodSync(filePath, 0o600);
+    }
+    catch { }
+}
+// --- Event Signing ---
+export function signEvent(template, privkeyHex) {
+    const sk = hexToBytes(privkeyHex);
+    const pubkey = bytesToHex(schnorr.getPublicKey(sk));
+    const created_at = template.created_at || Math.floor(Date.now() / 1000);
+    const serialized = JSON.stringify([0, pubkey, created_at, template.kind, template.tags, template.content]);
+    const id = bytesToHex(sha256(new TextEncoder().encode(serialized)));
+    const sig = bytesToHex(schnorr.sign(hexToBytes(id), sk));
+    return { id, pubkey, created_at, kind: template.kind, tags: template.tags, content: template.content, sig };
+}
+// --- NIP-44 Encryption (for NIP-XX messages) ---
+let _nip44 = null;
+async function loadNip44() {
+    if (!_nip44)
+        _nip44 = await import('nostr-tools/nip44');
+    return _nip44;
+}
+export async function nip44Encrypt(privkeyHex, pubkeyHex, plaintext) {
+    const nip44 = await loadNip44();
+    const ck = nip44.getConversationKey(hexToBytes(privkeyHex), pubkeyHex);
+    return nip44.encrypt(plaintext, ck);
+}
+export async function nip44Decrypt(privkeyHex, pubkeyHex, ciphertext) {
+    const nip44 = await loadNip44();
+    const ck = nip44.getConversationKey(hexToBytes(privkeyHex), pubkeyHex);
+    return nip44.decrypt(ciphertext, ck);
+}
+// --- NIP-04 Encryption (for NWC/NIP-47 compatibility) ---
+export async function nip04Encrypt(privkeyHex, pubkeyHex, plaintext) {
+    const sharedPoint = secp256k1.getSharedSecret(hexToBytes(privkeyHex), hexToBytes('02' + pubkeyHex));
+    const sharedX = sharedPoint.slice(1, 33);
+    const key = await globalThis.crypto.subtle.importKey('raw', sharedX, { name: 'AES-CBC' }, false, ['encrypt']);
+    const iv = randomBytes(16);
+    const encoded = new TextEncoder().encode(plaintext);
+    const ciphertext = await globalThis.crypto.subtle.encrypt({ name: 'AES-CBC', iv }, key, encoded);
+    return `${Buffer.from(new Uint8Array(ciphertext)).toString('base64')}?iv=${Buffer.from(iv).toString('base64')}`;
+}
+export async function nip04Decrypt(privkeyHex, pubkeyHex, ciphertext) {
+    const [ctBase64, ivParam] = ciphertext.split('?iv=');
+    if (!ivParam)
+        throw new Error('Invalid NIP-04 ciphertext');
+    const sharedPoint = secp256k1.getSharedSecret(hexToBytes(privkeyHex), hexToBytes('02' + pubkeyHex));
+    const sharedX = sharedPoint.slice(1, 33);
+    const key = await globalThis.crypto.subtle.importKey('raw', sharedX, { name: 'AES-CBC' }, false, ['decrypt']);
+    const iv = new Uint8Array(Buffer.from(ivParam, 'base64'));
+    const ct = new Uint8Array(Buffer.from(ctBase64, 'base64'));
+    const plaintext = await globalThis.crypto.subtle.decrypt({ name: 'AES-CBC', iv }, key, ct);
+    return new TextDecoder().decode(plaintext);
+}
+export class NostrRelay {
+    ws = null;
+    url;
+    subs = new Map();
+    eoseCallbacks = new Map();
+    pendingOk = new Map();
+    _connected = false;
+    reconnectTimer = null;
+    shouldReconnect = true;
+    constructor(url) {
+        this.url = url;
+    }
+    async connect() {
+        return new Promise((resolve, reject) => {
+            this.ws = new WebSocket(this.url);
+            const timeout = setTimeout(() => {
+                reject(new Error(`Relay timeout: ${this.url}`));
+            }, 10_000);
+            this.ws.on('open', () => {
+                clearTimeout(timeout);
+                this._connected = true;
+                resolve();
+            });
+            this.ws.on('message', (data) => {
+                try {
+                    const msg = JSON.parse(data.toString());
+                    this.handleMessage(msg);
+                }
+                catch { }
+            });
+            this.ws.on('close', () => {
+                this._connected = false;
+                if (this.shouldReconnect) {
+                    this.reconnectTimer = setTimeout(() => this.reconnect(), 5000);
+                }
+            });
+            this.ws.on('error', (err) => {
+                clearTimeout(timeout);
+                if (!this._connected)
+                    reject(err);
+            });
+        });
+    }
+    async reconnect() {
+        try {
+            await this.connect();
+            // Re-subscribe after reconnect
+            for (const [id, handler] of this.subs) {
+                // Can't re-send original filters, but the subscription handler is preserved
+                // Caller should re-subscribe if needed
+            }
+        }
+        catch { }
+    }
+    handleMessage(msg) {
+        if (msg[0] === 'EVENT') {
+            const handler = this.subs.get(msg[1]);
+            if (handler)
+                handler(msg[2]);
+        }
+        else if (msg[0] === 'OK') {
+            const cb = this.pendingOk.get(msg[1]);
+            if (cb) {
+                clearTimeout(cb.timer);
+                this.pendingOk.delete(msg[1]);
+                cb.resolve(msg[2]);
+            }
+        }
+        else if (msg[0] === 'EOSE') {
+            const cb = this.eoseCallbacks.get(msg[1]);
+            if (cb) {
+                this.eoseCallbacks.delete(msg[1]);
+                cb();
+            }
+        }
+    }
+    async publish(event) {
+        if (!this.ws || !this._connected)
+            throw new Error('Not connected');
+        return new Promise((resolve) => {
+            const timer = setTimeout(() => {
+                this.pendingOk.delete(event.id);
+                resolve(false);
+            }, 10_000);
+            this.pendingOk.set(event.id, { resolve, timer });
+            this.ws.send(JSON.stringify(['EVENT', event]));
+        });
+    }
+    subscribe(filters, handler, onEose) {
+        if (!this.ws || !this._connected)
+            throw new Error('Not connected');
+        const id = randomBytes(4).toString('hex');
+        this.subs.set(id, handler);
+        if (onEose)
+            this.eoseCallbacks.set(id, onEose);
+        this.ws.send(JSON.stringify(['REQ', id, filters]));
+        return {
+            id,
+            close: () => {
+                this.subs.delete(id);
+                this.eoseCallbacks.delete(id);
+                if (this.ws && this._connected) {
+                    try {
+                        this.ws.send(JSON.stringify(['CLOSE', id]));
+                    }
+                    catch { }
+                }
+            },
+        };
+    }
+    async close() {
+        this.shouldReconnect = false;
+        if (this.reconnectTimer)
+            clearTimeout(this.reconnectTimer);
+        for (const [id] of this.subs) {
+            if (this.ws && this._connected) {
+                try {
+                    this.ws.send(JSON.stringify(['CLOSE', id]));
+                }
+                catch { }
+            }
+        }
+        this.subs.clear();
+        for (const [, cb] of this.pendingOk)
+            clearTimeout(cb.timer);
+        this.pendingOk.clear();
+        if (this.ws) {
+            this.ws.close();
+            this.ws = null;
+        }
+        this._connected = false;
+    }
+    get connected() { return this._connected; }
+}
+/** Multi-relay pool — publish to all, subscribe to all with deduplication. */
+export class RelayPool {
+    relays = [];
+    urls;
+    constructor(urls) {
+        this.urls = urls;
+    }
+    async connect() {
+        const results = await Promise.allSettled(this.urls.map(async (url) => {
+            const relay = new NostrRelay(url);
+            await relay.connect();
+            return relay;
+        }));
+        for (const r of results) {
+            if (r.status === 'fulfilled')
+                this.relays.push(r.value);
+        }
+        if (this.relays.length === 0)
+            throw new Error('Failed to connect to any relay');
+    }
+    async publish(event) {
+        const results = await Promise.allSettled(this.relays.map(r => r.publish(event)));
+        return results.some(r => r.status === 'fulfilled' && r.value);
+    }
+    subscribe(filters, handler, onEose) {
+        const seen = new Set();
+        const subs = [];
+        let eoseCount = 0;
+        for (const relay of this.relays) {
+            try {
+                const sub = relay.subscribe(filters, (event) => {
+                    if (seen.has(event.id))
+                        return;
+                    seen.add(event.id);
+                    handler(event);
+                }, onEose ? () => {
+                    eoseCount++;
+                    if (eoseCount >= this.relays.length)
+                        onEose();
+                } : undefined);
+                subs.push(sub);
+            }
+            catch { }
+        }
+        return { close: () => subs.forEach(s => s.close()) };
+    }
+    async close() {
+        await Promise.all(this.relays.map(r => r.close()));
+    }
+    get connectedCount() {
+        return this.relays.filter(r => r.connected).length;
+    }
+}

package/dist/nwc.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * Standalone NWC (NIP-47) client for sovereign mode.
+ * Agent directly manages its own wallet without platform proxy.
+ */
+export interface NwcParsed {
+    walletPubkey: string;
+    relayUrl: string;
+    secret: string;
+}
+export declare function parseNwcUri(uri: string): NwcParsed;
+export declare function nwcGetBalance(parsed: NwcParsed): Promise<{
+    balance_msats: number;
+}>;
+export declare function nwcPayInvoice(parsed: NwcParsed, bolt11: string): Promise<{
+    preimage: string;
+}>;
+export declare function nwcMakeInvoice(parsed: NwcParsed, amountMsats: number, description?: string): Promise<{
+    bolt11: string;
+    payment_hash: string;
+}>;
+export declare function nwcGetInfo(parsed: NwcParsed): Promise<{
+    supported_methods: string[];
+}>;
+/** Resolve a Lightning Address to a bolt11 invoice and pay via NWC. */
+export declare function nwcPayLightningAddress(parsed: NwcParsed, address: string, amountSats: number): Promise<{
+    preimage: string;
+}>;

package/dist/nwc.js ADDED Viewed

@@ -0,0 +1,132 @@
+/**
+ * Standalone NWC (NIP-47) client for sovereign mode.
+ * Agent directly manages its own wallet without platform proxy.
+ */
+import { signEvent, nip04Encrypt, nip04Decrypt } from './nostr.js';
+import WebSocket from 'ws';
+// --- Parse ---
+export function parseNwcUri(uri) {
+    if (!uri.startsWith('nostr+walletconnect://')) {
+        throw new Error('Invalid NWC URI: must start with nostr+walletconnect://');
+    }
+    const withoutScheme = uri.slice('nostr+walletconnect://'.length);
+    const questionIdx = withoutScheme.indexOf('?');
+    if (questionIdx === -1)
+        throw new Error('Invalid NWC URI: missing query parameters');
+    const walletPubkey = withoutScheme.slice(0, questionIdx);
+    if (!/^[0-9a-f]{64}$/.test(walletPubkey)) {
+        throw new Error('Invalid NWC URI: wallet pubkey must be 64 hex chars');
+    }
+    const params = new URLSearchParams(withoutScheme.slice(questionIdx + 1));
+    const relayUrl = params.get('relay');
+    const secret = params.get('secret');
+    if (!relayUrl)
+        throw new Error('Invalid NWC URI: missing relay parameter');
+    if (!secret || !/^[0-9a-f]{64}$/.test(secret)) {
+        throw new Error('Invalid NWC URI: missing or invalid secret parameter');
+    }
+    return { walletPubkey, relayUrl, secret };
+}
+// --- NWC Request Engine ---
+async function nwcRequest(parsed, method, params = {}) {
+    const { walletPubkey, relayUrl, secret } = parsed;
+    const content = JSON.stringify({ method, params });
+    const encrypted = await nip04Encrypt(secret, walletPubkey, content);
+    // Sign with the NWC secret key (it IS a Nostr private key)
+    const event = signEvent({
+        kind: 23194,
+        tags: [['p', walletPubkey]],
+        content: encrypted,
+    }, secret);
+    return new Promise((resolve, reject) => {
+        const timeout = setTimeout(() => {
+            try {
+                ws.close();
+            }
+            catch { }
+            reject(new Error(`NWC ${method} timeout (30s)`));
+        }, 30_000);
+        const ws = new WebSocket(relayUrl);
+        ws.on('open', () => {
+            const subId = Math.random().toString(36).slice(2, 10);
+            // Subscribe for wallet response
+            ws.send(JSON.stringify(['REQ', subId, {
+                    kinds: [23195],
+                    authors: [walletPubkey],
+                    '#e': [event.id],
+                    limit: 1,
+                }]));
+            // Send our request
+            ws.send(JSON.stringify(['EVENT', event]));
+        });
+        ws.on('message', async (data) => {
+            try {
+                const msg = JSON.parse(data.toString());
+                if (msg[0] === 'EVENT' && msg[2]?.kind === 23195) {
+                    clearTimeout(timeout);
+                    const decrypted = await nip04Decrypt(secret, walletPubkey, msg[2].content);
+                    const result = JSON.parse(decrypted);
+                    ws.close();
+                    if (result.error) {
+                        reject(new Error(`NWC ${method}: ${result.error.message || result.error.code}`));
+                    }
+                    else {
+                        resolve(result.result);
+                    }
+                }
+            }
+            catch { }
+        });
+        ws.on('error', () => {
+            clearTimeout(timeout);
+            reject(new Error('NWC WebSocket connection failed'));
+        });
+    });
+}
+// --- Public API ---
+export async function nwcGetBalance(parsed) {
+    const result = await nwcRequest(parsed, 'get_balance');
+    return { balance_msats: result?.balance || 0 };
+}
+export async function nwcPayInvoice(parsed, bolt11) {
+    const result = await nwcRequest(parsed, 'pay_invoice', { invoice: bolt11 });
+    return { preimage: result?.preimage || '' };
+}
+export async function nwcMakeInvoice(parsed, amountMsats, description) {
+    const result = await nwcRequest(parsed, 'make_invoice', {
+        amount: amountMsats,
+        description: description || '',
+    });
+    return { bolt11: result?.invoice || '', payment_hash: result?.payment_hash || '' };
+}
+export async function nwcGetInfo(parsed) {
+    const result = await nwcRequest(parsed, 'get_info');
+    return { supported_methods: result?.methods || [] };
+}
+/** Resolve a Lightning Address to a bolt11 invoice and pay via NWC. */
+export async function nwcPayLightningAddress(parsed, address, amountSats) {
+    const [user, domain] = address.split('@');
+    if (!user || !domain)
+        throw new Error(`Invalid Lightning Address: ${address}`);
+    // LNURL-pay step 1: fetch metadata
+    const metaResp = await fetch(`https://${domain}/.well-known/lnurlp/${user}`);
+    if (!metaResp.ok)
+        throw new Error(`LNURL fetch failed (${metaResp.status})`);
+    const meta = await metaResp.json();
+    if (meta.tag !== 'payRequest')
+        throw new Error(`Unexpected LNURL tag: ${meta.tag}`);
+    const amountMsats = amountSats * 1000;
+    if (amountMsats < meta.minSendable || amountMsats > meta.maxSendable) {
+        throw new Error(`Amount ${amountSats} sats out of range [${meta.minSendable / 1000}-${meta.maxSendable / 1000}]`);
+    }
+    // LNURL-pay step 2: get invoice
+    const sep = meta.callback.includes('?') ? '&' : '?';
+    const invoiceResp = await fetch(`${meta.callback}${sep}amount=${amountMsats}`);
+    if (!invoiceResp.ok)
+        throw new Error(`LNURL callback failed (${invoiceResp.status})`);
+    const invoiceData = await invoiceResp.json();
+    if (!invoiceData.pr)
+        throw new Error('No invoice returned from LNURL callback');
+    // Step 3: pay via NWC
+    return nwcPayInvoice(parsed, invoiceData.pr);
+}

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "2020117-agent",
-  "version": "0.3.7",
-  "description": "2020117 agent runtime — API polling + Hyperswarm P2P + Cashu/Lightning payments",
+  "version": "0.4.1",
+  "description": "2020117 agent runtime — API polling + Hyperswarm P2P + Sovereign Nostr mode + Cashu/Lightning payments",
   "type": "module",
   "bin": {
     "2020117-agent": "./dist/agent.js",
@@ -15,7 +15,9 @@
     "./swarm": "./dist/swarm.js",
     "./cashu": "./dist/cashu.js",
     "./lightning": "./dist/clink.js",
-    "./api": "./dist/api.js"
+    "./api": "./dist/api.js",
+    "./nostr": "./dist/nostr.js",
+    "./nwc": "./dist/nwc.js"
   },
   "scripts": {
     "agent": "node dist/agent.js",
@@ -28,7 +30,10 @@
   },
   "dependencies": {
     "@cashu/cashu-ts": "^2.5.3",
+    "@noble/curves": "^2.0.1",
+    "@noble/hashes": "^2.0.1",
     "hyperswarm": "^4.17.0",
+    "nostr-tools": "^2.23.3",
     "ws": "^8.19.0"
   },
   "devDependencies": {