@clawnet/template-minimal 0.0.1

package/src/agent-options.ts

@@ -0,0 +1,14 @@
+import type { RunAgentOptions } from "./agent/runner";
+import { getBotIdentity } from "./bot-identity";
+import { CLAWBOOK_API_URL } from "./constants";
+
+export async function agentOptions(): Promise<RunAgentOptions> {
+	return {
+		clawbookApiUrl: CLAWBOOK_API_URL,
+		sigmaMemberWif: process.env.SIGMA_MEMBER_WIF ?? "",
+		moltbookApiKey: process.env.MOLTBOOK_API_KEY,
+		anthropicAuthToken:
+			process.env.CLAUDE_CODE_OAUTH_TOKEN ?? process.env.ANTHROPIC_AUTH_TOKEN,
+		botIdentity: await getBotIdentity(),
+	};
+}

package/src/bot-identity.ts

@@ -0,0 +1,41 @@
+import { CLAWBOOK_API_URL } from "./constants";
+import { createIdentity, getIdKey } from "./identity";
+
+let _cached: { idKey: string; name: string } | undefined | null = null;
+
+/**
+ * Derive bot identity from SIGMA_MEMBER_WIF.
+ * Fetches display name from on-chain BAP identity via profile API.
+ * Cached after first successful call. Returns undefined if WIF is missing or invalid.
+ */
+export async function getBotIdentity(): Promise<
+	{ idKey: string; name: string } | undefined
+> {
+	if (_cached !== null) return _cached;
+	const wif = process.env.SIGMA_MEMBER_WIF;
+	if (!wif) {
+		_cached = undefined;
+		return undefined;
+	}
+	try {
+		const identity = createIdentity(wif);
+		const idKey = getIdKey(identity);
+		let name = idKey.slice(0, 8);
+		try {
+			const res = await fetch(
+				`${CLAWBOOK_API_URL}/api/profiles/${encodeURIComponent(idKey)}`,
+			);
+			const data = await res.json();
+			if (data?.data?.identity?.alternateName) {
+				name = data.data.identity.alternateName;
+			}
+		} catch {
+			/* use truncated idKey as fallback */
+		}
+		_cached = { idKey, name };
+		return _cached;
+	} catch {
+		_cached = undefined;
+		return undefined;
+	}
+}

package/src/constants.ts

@@ -0,0 +1,15 @@
+export const APP_NAME = "clawbook";
+export const BAP_PREFIX = "1BAPSuaPnfGnSBM3GLV9yhxUdYe4vGbdMT";
+export const B_PREFIX = "19HxigV4QyBv3tHpQVcUEQyq1pzZVdoAut";
+export const MAP_PREFIX = "1PuQa7K62MiKCtssSLKy1kh56WWU7MtUR5";
+export const AIP_PREFIX = "15PciHG22SNLQJXMoSUaWVi7WSqc7hCfva";
+export const BMAP_URL = "https://bmap-api-production.up.railway.app";
+export const SIGMA_API_URL = "https://api.sigmaidentity.com/v1";
+export const SIGMA_AUTH_URL = "https://auth.sigmaidentity.com";
+export const ORDFS_URL = "https://ordfs.network";
+export const BSOCIAL_API_URL =
+	"https://bsocial-overlay-production.up.railway.app/api/v1";
+export const CLAWBOOK_API_URL =
+	process.env.CLAWBOOK_API_URL || "https://clawbook.network";
+export const MOLTBOOK_API_URL = "https://www.moltbook.com/api/v1";
+export const SITE_DESCRIPTION = "The front page of the agent blockchain";

package/src/handlers/heartbeat.ts

@@ -0,0 +1,21 @@
+import type { AgentTurnResult } from "../agent/runner";
+import { runAgentTurn } from "../agent/runner";
+import { getBotIdentity } from "../bot-identity";
+import { CLAWBOOK_API_URL } from "../constants";
+
+export async function handleHeartbeat(): Promise<AgentTurnResult> {
+	try {
+		return await runAgentTurn("heartbeat", {
+			clawbookApiUrl: CLAWBOOK_API_URL,
+			sigmaMemberWif: process.env.SIGMA_MEMBER_WIF ?? "",
+			moltbookApiKey: process.env.MOLTBOOK_API_KEY,
+			anthropicAuthToken:
+				process.env.CLAUDE_CODE_OAUTH_TOKEN ?? process.env.ANTHROPIC_AUTH_TOKEN,
+			botIdentity: await getBotIdentity(),
+		});
+	} catch (err) {
+		const msg = err instanceof Error ? err.message : String(err);
+		console.error(`[heartbeat] error: ${msg}`);
+		return { success: false, summary: "", actions: [], error: msg };
+	}
+}

package/src/handlers/openai-compat.ts

@@ -0,0 +1,95 @@
+import type { Context } from "hono";
+import { stream } from "hono/streaming";
+import { runAgentTurn } from "../agent/runner";
+import { agentOptions } from "../agent-options";
+
+interface ChatMessage {
+	role: string;
+	content: string;
+}
+
+interface ChatCompletionRequest {
+	messages?: ChatMessage[];
+	stream?: boolean;
+}
+
+function extractLastUserMessage(messages: ChatMessage[]): string | null {
+	for (let i = messages.length - 1; i >= 0; i--) {
+		if (messages[i].role === "user" && messages[i].content) {
+			return messages[i].content;
+		}
+	}
+	return null;
+}
+
+export async function handleChatCompletions(c: Context) {
+	const body = await c.req.json<ChatCompletionRequest>();
+
+	if (
+		!body.messages ||
+		!Array.isArray(body.messages) ||
+		body.messages.length === 0
+	) {
+		return c.json(
+			{ error: "messages array is required and must not be empty" },
+			400,
+		);
+	}
+
+	const userMessage = extractLastUserMessage(body.messages);
+	if (!userMessage) {
+		return c.json({ error: "No user message found in messages array" }, 400);
+	}
+
+	const opts = await agentOptions();
+	const result = await runAgentTurn("conversation", {
+		...opts,
+		customMessage: userMessage,
+	});
+
+	const runId = `run_${crypto.randomUUID()}`;
+	const created = Math.floor(Date.now() / 1000);
+	const content = result.success
+		? result.summary || "Agent completed with no summary."
+		: `Error: ${result.error || "Agent failed"}`;
+
+	if (body.stream) {
+		return stream(c, async (s) => {
+			c.header("Content-Type", "text/event-stream");
+			c.header("Cache-Control", "no-cache");
+			c.header("Connection", "keep-alive");
+
+			const chunk = JSON.stringify({
+				id: runId,
+				object: "chat.completion.chunk",
+				created,
+				model: "clarkling",
+				choices: [
+					{
+						index: 0,
+						delta: { role: "assistant", content },
+						finish_reason: "stop",
+					},
+				],
+			});
+
+			await s.write(`data: ${chunk}\n\n`);
+			await s.write("data: [DONE]\n\n");
+		});
+	}
+
+	return c.json({
+		id: runId,
+		object: "chat.completion",
+		created,
+		model: "clarkling",
+		choices: [
+			{
+				index: 0,
+				message: { role: "assistant", content },
+				finish_reason: "stop",
+			},
+		],
+		usage: { prompt_tokens: 0, completion_tokens: 0, total_tokens: 0 },
+	});
+}

package/src/handlers/post.ts

@@ -0,0 +1,21 @@
+import type { AgentTurnResult } from "../agent/runner";
+import { runAgentTurn } from "../agent/runner";
+import { getBotIdentity } from "../bot-identity";
+import { CLAWBOOK_API_URL } from "../constants";
+
+export async function handlePost(): Promise<AgentTurnResult> {
+	try {
+		return await runAgentTurn("scheduled_post", {
+			clawbookApiUrl: CLAWBOOK_API_URL,
+			sigmaMemberWif: process.env.SIGMA_MEMBER_WIF ?? "",
+			moltbookApiKey: process.env.MOLTBOOK_API_KEY,
+			anthropicAuthToken:
+				process.env.CLAUDE_CODE_OAUTH_TOKEN ?? process.env.ANTHROPIC_AUTH_TOKEN,
+			botIdentity: await getBotIdentity(),
+		});
+	} catch (err) {
+		const msg = err instanceof Error ? err.message : String(err);
+		console.error(`[post] error: ${msg}`);
+		return { success: false, summary: "", actions: [], error: msg };
+	}
+}

package/src/identity.ts

@@ -0,0 +1,83 @@
+import { BAP, type MasterID } from "bsv-bap";
+
+/**
+ * BotIdentity wrapper around BAP MasterID
+ * Provides simplified interface for clawbook-bot
+ */
+export interface BotIdentity {
+	bap: BAP;
+	masterId: MasterID;
+}
+
+/**
+ * Create a BAP identity from a WIF key
+ * Uses Type 42 format (recommended over deprecated BIP32)
+ *
+ * @param wif - Wallet Import Format private key
+ * @returns BotIdentity object containing BAP instance and MasterID
+ */
+export function createIdentity(wif: string): BotIdentity {
+	const bap = new BAP({ rootPk: wif });
+
+	// Create a new identity
+	// For a bot, we'll use a simple name like "clawbook-bot"
+	const masterId = bap.newId("clawbook-bot");
+
+	return {
+		bap,
+		masterId,
+	};
+}
+
+/**
+ * Get the BAP identity key (idKey) for this identity
+ *
+ * @param identity - BotIdentity object
+ * @returns BAP identity key string
+ */
+export function getIdKey(identity: BotIdentity): string {
+	return identity.masterId.getIdentityKey();
+}
+
+/**
+ * Sign OP_RETURN data with AIP (Author Identity Protocol)
+ *
+ * Takes hex-encoded data arrays and returns signed data including AIP signature.
+ * The returned array includes the original data plus AIP protocol elements:
+ * [AIP_PREFIX, "BITCOIN_ECDSA", address, signature, indices]
+ *
+ * @param identity - BotIdentity object
+ * @param opReturnData - Array of number arrays (hex-encoded data)
+ * @returns Signed OP_RETURN data with AIP signature appended
+ */
+export function signOpReturn(
+	identity: BotIdentity,
+	opReturnData: number[][],
+): number[][] {
+	return identity.masterId.signOpReturnWithAIP(opReturnData);
+}
+
+/**
+ * Get the current signing address for this identity
+ *
+ * @param identity - BotIdentity object
+ * @returns Bitcoin address (base58check)
+ */
+export function getCurrentAddress(identity: BotIdentity): string {
+	return identity.masterId.getCurrentAddress();
+}
+
+/**
+ * Sign a message with this identity
+ * Returns signature and address for verification
+ *
+ * @param identity - BotIdentity object
+ * @param message - Message as number array (UTF-8 bytes or hex)
+ * @returns Object containing address and signature
+ */
+export function signMessage(
+	identity: BotIdentity,
+	message: number[],
+): { address: string; signature: string } {
+	return identity.masterId.signMessage(message);
+}

package/src/index.ts

@@ -0,0 +1,30 @@
+import { Hono } from "hono";
+
+const app = new Hono();
+
+app.get("/", (c) => {
+	return c.json({
+		name: "clawnet-minimal",
+		version: "0.1.0",
+		status: "ok",
+	});
+});
+
+app.post("/api/agent", async (c) => {
+	const body = await c.req.json();
+	console.log("Agent request:", body);
+
+	return c.json({
+		success: true,
+		message: "Agent endpoint ready",
+		timestamp: new Date().toISOString(),
+	});
+});
+
+const port = process.env.PORT ? parseInt(process.env.PORT) : 3000;
+console.log(`Server starting on port ${port}`);
+
+export default {
+  port,
+  fetch: app.fetch,
+};

package/src/middleware/cron-auth.ts

@@ -0,0 +1,53 @@
+import { timingSafeEqual } from "node:crypto";
+import type { MiddlewareHandler } from "hono";
+
+/**
+ * Middleware to authenticate cron endpoints using CRON_SECRET bearer token.
+ *
+ * If CRON_SECRET is not set (dev mode), logs a warning and allows through.
+ * Otherwise, requires Authorization: Bearer <CRON_SECRET> header with timing-safe comparison.
+ */
+export const cronAuth: MiddlewareHandler = async (c, next) => {
+	const secret = process.env.CRON_SECRET;
+
+	// Dev mode: no secret set
+	if (!secret) {
+		console.warn(
+			"[cronAuth] CRON_SECRET not set - allowing request (dev mode)",
+		);
+		return next();
+	}
+
+	// Extract bearer token
+	const authHeader = c.req.header("Authorization");
+	if (!authHeader) {
+		return c.json({ error: "Missing Authorization header" }, 401);
+	}
+
+	const [scheme, token] = authHeader.split(" ");
+	if (scheme !== "Bearer" || !token) {
+		return c.json({ error: "Invalid Authorization header format" }, 401);
+	}
+
+	// Timing-safe comparison
+	// timingSafeEqual requires equal-length buffers, so check lengths first
+	if (token.length !== secret.length) {
+		return c.json({ error: "Unauthorized" }, 401);
+	}
+
+	const encoder = new TextEncoder();
+	const tokenBuf = encoder.encode(token);
+	const secretBuf = encoder.encode(secret);
+
+	try {
+		if (!timingSafeEqual(tokenBuf, secretBuf)) {
+			return c.json({ error: "Unauthorized" }, 401);
+		}
+	} catch {
+		// timingSafeEqual can throw if buffers are different lengths
+		// (though we pre-check, this is defensive)
+		return c.json({ error: "Unauthorized" }, 401);
+	}
+
+	return next();
+};

package/src/middleware/sigma-auth.ts

@@ -0,0 +1,147 @@
+import { PrivateKey } from "@bsv/sdk";
+import { parseAuthToken, verifyAuthToken } from "bitcoin-auth";
+import type { MiddlewareHandler } from "hono";
+
+// Cache the owner public key to avoid repeated derivation
+let cachedOwnerPubkey: string | null = null;
+
+/**
+ * Derives the owner's public key from SIGMA_MEMBER_WIF env var.
+ * Result is cached after first derivation.
+ */
+export function getOwnerPubkey(): string {
+	if (cachedOwnerPubkey) {
+		return cachedOwnerPubkey;
+	}
+
+	const wif = process.env.SIGMA_MEMBER_WIF;
+	if (!wif) {
+		throw new Error("SIGMA_MEMBER_WIF environment variable not set");
+	}
+
+	try {
+		const privateKey = PrivateKey.fromWif(wif);
+		cachedOwnerPubkey = privateKey.toPublicKey().toString();
+		return cachedOwnerPubkey;
+	} catch (error) {
+		throw new Error(
+			`Failed to derive public key from SIGMA_MEMBER_WIF: ${error}`,
+		);
+	}
+}
+
+/**
+ * Hono middleware that verifies Bitcoin Signed Message authentication tokens.
+ *
+ * Extracts and verifies the Authorization: Bearer <token> header:
+ * 1. Parses the token using bitcoin-auth parseAuthToken()
+ * 2. Verifies the signature using bitcoin-auth verifyAuthToken()
+ * 3. Compares the pubkey against the owner's public key (derived from SIGMA_MEMBER_WIF)
+ *
+ * Returns:
+ * - 401 if token is missing, malformed, invalid signature, or expired
+ * - 403 if token is valid but from wrong identity (pubkey mismatch)
+ * - Calls next() if valid and matches owner identity
+ */
+export const sigmaAuth: MiddlewareHandler = async (c, next) => {
+	const path = new URL(c.req.url).pathname;
+	console.log(`[sigma-auth] ${path} start method=${c.req.method}`);
+
+	// Extract Authorization header
+	const authHeader = c.req.header("Authorization");
+	if (!authHeader || !authHeader.startsWith("Bearer ")) {
+		return c.json({ error: "Missing or invalid Authorization header" }, 401);
+	}
+
+	const token = authHeader.substring(7); // Remove "Bearer " prefix
+
+	try {
+		// Parse token
+		const parsed = parseAuthToken(token);
+		if (!parsed) {
+			console.log(`[sigma-auth] ${path} REJECT: invalid token format`);
+			return c.json({ error: "Invalid token format" }, 401);
+		}
+
+		console.log(
+			`[sigma-auth] ${path} parsed token OK, pubkey=${parsed.pubkey.slice(0, 12)}...`,
+		);
+
+		const requestPath = path;
+
+		// Read body if present (for POST/PUT/PATCH requests)
+		let bodyText: string | undefined;
+		if (
+			c.req.method === "POST" ||
+			c.req.method === "PUT" ||
+			c.req.method === "PATCH"
+		) {
+			try {
+				bodyText = await c.req.text();
+			} catch {
+				bodyText = undefined;
+			}
+		}
+
+		console.log(
+			`[sigma-auth] ${path} body=${bodyText ? `${bodyText.length}b` : "none"}`,
+		);
+
+		// Check token expiry (5 minute window)
+		const tokenTimestamp = new Date(parsed.timestamp);
+		const now = new Date();
+		const maxAgeMs = 5 * 60 * 1000; // 5 minutes
+		if (now.getTime() - tokenTimestamp.getTime() > maxAgeMs) {
+			console.log(
+				`[sigma-auth] ${requestPath} REJECT: expired (age=${Math.round((now.getTime() - tokenTimestamp.getTime()) / 1000)}s)`,
+			);
+			return c.json({ error: "Invalid or expired token" }, 401);
+		}
+
+		const authPayload = {
+			requestPath,
+			timestamp: parsed.timestamp,
+			body: bodyText,
+		};
+
+		// Verify token signature
+		console.log(`[sigma-auth] ${path} verifying signature...`);
+		const isValid = verifyAuthToken(token, authPayload);
+		if (!isValid) {
+			console.log(
+				`[sigma-auth] ${requestPath} REJECT: signature verification failed`,
+			);
+			return c.json({ error: "Invalid or expired token" }, 401);
+		}
+
+		// Verify identity matches owner
+		let ownerPubkey: string;
+		try {
+			ownerPubkey = getOwnerPubkey();
+		} catch {
+			return c.json(
+				{
+					error: "Server configuration error: Unable to verify identity",
+				},
+				500,
+			);
+		}
+
+		if (parsed.pubkey !== ownerPubkey) {
+			console.log(
+				`[sigma-auth] ${requestPath} REJECT: pubkey mismatch (got=${parsed.pubkey.slice(0, 12)}... want=${ownerPubkey.slice(0, 12)}...)`,
+			);
+			return c.json({ error: "Forbidden: Identity mismatch" }, 403);
+		}
+
+		console.log(
+			`[sigma-auth] ${requestPath} OK (pubkey=${parsed.pubkey.slice(0, 12)}...)`,
+		);
+		await next();
+	} catch (err) {
+		console.error(
+			`[sigma-auth] ${path} CRASH: ${err instanceof Error ? err.message : String(err)}`,
+		);
+		return c.json({ error: "Authentication processing error" }, 500);
+	}
+};

package/src/runs.ts

@@ -0,0 +1,49 @@
+import type { TriggerType } from "./agent/prompts";
+import type { AgentTurnResult } from "./agent/runner";
+
+export interface RunState {
+	id: string;
+	status: "pending" | "running" | "completed" | "failed";
+	trigger: TriggerType;
+	result?: AgentTurnResult;
+	createdAt: string;
+	completedAt?: string;
+}
+
+const runs = new Map<string, RunState>();
+
+const ONE_HOUR_MS = 60 * 60 * 1000;
+
+function pruneOldRuns(): void {
+	const cutoff = Date.now() - ONE_HOUR_MS;
+	for (const [id, run] of runs) {
+		if (new Date(run.createdAt).getTime() < cutoff) {
+			runs.delete(id);
+		}
+	}
+}
+
+export function createRun(trigger: TriggerType): RunState {
+	pruneOldRuns();
+	const run: RunState = {
+		id: crypto.randomUUID(),
+		status: "pending",
+		trigger,
+		createdAt: new Date().toISOString(),
+	};
+	runs.set(run.id, run);
+	return run;
+}
+
+export function updateRun(id: string, update: Partial<RunState>): void {
+	const run = runs.get(id);
+	if (!run) return;
+	Object.assign(run, update);
+	if (update.status === "completed" || update.status === "failed") {
+		run.completedAt = new Date().toISOString();
+	}
+}
+
+export function getRun(id: string): RunState | undefined {
+	return runs.get(id);
+}