@newtype-ai/nit 0.4.8 → 0.4.10

package/dist/cli.js

@@ -1,7 +1,10 @@
 #!/usr/bin/env node
 // nit — version control for agent cards
 import {
+  authSet,
+  authShow,
   branch,
+  broadcast,
   checkout,
   commit,
   diff,
@@ -9,13 +12,20 @@ import {
   init,
   log,
   loginPayload,
+  pull,
   push,
   remote,
   remoteAdd,
   remoteSetUrl,
+  reset,
+  rpcInfo,
+  rpcSetUrl,
+  show,
   sign,
+  signTx,
   status
-} from "./chunk-7LNGTHKO.js";
+} from "./chunk-WHSQICPU.js";
+import "./chunk-M6SR6QMR.js";
 
 // src/update-check.ts
 import { execSync } from "child_process";
@@ -28,7 +38,7 @@ var FETCH_TIMEOUT_MS = 3e3;
 var REGISTRY_URL = "https://registry.npmjs.org/@newtype-ai/nit/latest";
 function getCurrentVersion() {
   try {
-    return "0.4.8";
+    return "0.4.10";
   } catch {
     return "0.0.0";
   }
@@ -149,6 +159,27 @@ async function main() {
       case "remote":
         await cmdRemote(args);
         break;
+      case "sign-tx":
+        await cmdSignTx(args);
+        break;
+      case "broadcast":
+        await cmdBroadcast(args);
+        break;
+      case "rpc":
+        await cmdRpc(args);
+        break;
+      case "auth":
+        await cmdAuth(args);
+        break;
+      case "reset":
+        await cmdReset(args);
+        break;
+      case "show":
+        await cmdShow(args);
+        break;
+      case "pull":
+        await cmdPull(args);
+        break;
       case "help":
       case "--help":
       case "-h":
@@ -359,6 +390,167 @@ async function cmdSign(args) {
   const signature = await sign(message);
   console.log(signature);
 }
+async function cmdSignTx(args) {
+  const chainIndex = args.indexOf("--chain");
+  if (chainIndex === -1 || !args[chainIndex + 1]) {
+    console.error("Usage: nit sign-tx --chain <evm|solana> <hex-data>");
+    process.exit(1);
+  }
+  const chain = args[chainIndex + 1];
+  if (chain !== "evm" && chain !== "solana") {
+    console.error(`Unknown chain: ${chain}. Use 'evm' or 'solana'.`);
+    process.exit(1);
+  }
+  const data = args.filter((_, i) => i !== chainIndex && i !== chainIndex + 1)[0];
+  if (!data) {
+    console.error("Usage: nit sign-tx --chain <evm|solana> <hex-data>");
+    process.exit(1);
+  }
+  const result = await signTx(chain, data);
+  console.log(JSON.stringify(result, null, 2));
+}
+async function cmdBroadcast(args) {
+  const chainIndex = args.indexOf("--chain");
+  if (chainIndex === -1 || !args[chainIndex + 1]) {
+    console.error("Usage: nit broadcast --chain <evm|solana> <signed-tx>");
+    process.exit(1);
+  }
+  const chain = args[chainIndex + 1];
+  if (chain !== "evm" && chain !== "solana") {
+    console.error(`Unknown chain: ${chain}. Use 'evm' or 'solana'.`);
+    process.exit(1);
+  }
+  const signedTx = args.filter((_, i) => i !== chainIndex && i !== chainIndex + 1)[0];
+  if (!signedTx) {
+    console.error("Usage: nit broadcast --chain <evm|solana> <signed-tx>");
+    process.exit(1);
+  }
+  const result = await broadcast(chain, signedTx);
+  console.log(`${green("+")} ${result.txHash}`);
+  console.log(dim(`  \u2192 ${result.rpcUrl}`));
+}
+async function cmdRpc(args) {
+  if (args[0] === "set-url") {
+    const chain = args[1];
+    const url = args[2];
+    if (!chain || !url) {
+      console.error("Usage: nit rpc set-url <chain> <url>");
+      process.exit(1);
+    }
+    await rpcSetUrl(chain, url);
+    console.log(`Set RPC URL for '${chain}' to ${url}`);
+    return;
+  }
+  if (args[0]) {
+    console.error(`nit rpc: unknown subcommand '${args[0]}'`);
+    console.error("Usage: nit rpc [set-url <chain> <url>]");
+    process.exit(1);
+  }
+  const info = await rpcInfo();
+  const chains = Object.keys(info);
+  if (chains.length === 0) {
+    console.log(dim("No RPC endpoints configured."));
+    console.log(dim("Run: nit rpc set-url <chain> <url>"));
+    return;
+  }
+  for (const [chain, config] of Object.entries(info)) {
+    console.log(`  ${bold(chain)}: ${config.url}`);
+  }
+}
+async function cmdReset(args) {
+  const target = args[0];
+  const result = await reset(target);
+  console.log(`Reset to ${dim(result.hash.slice(0, 8))}`);
+}
+async function cmdShow(args) {
+  const target = args[0];
+  const s = await show(target);
+  const date = new Date(s.timestamp * 1e3).toISOString().slice(0, 19);
+  console.log(`${bold("commit")} ${yellow(s.hash.slice(0, 8))}`);
+  console.log(`Author: ${s.author}`);
+  console.log(`Date:   ${date}`);
+  if (s.parent) {
+    console.log(`Parent: ${dim(s.parent.slice(0, 8))}`);
+  }
+  console.log();
+  console.log(`    ${s.message}`);
+  console.log();
+  console.log(JSON.stringify(s.cardJson, null, 2));
+}
+async function cmdPull(args) {
+  const all = args.includes("--all");
+  const results = await pull({ all });
+  for (const r of results) {
+    if (r.updated) {
+      console.log(`${green("\u2713")} ${r.branch} \u2190 ${dim(r.commitHash.slice(0, 8))}`);
+    } else {
+      console.log(`${dim("\u2014")} ${r.branch} ${dim("(up to date)")}`);
+    }
+  }
+}
+async function cmdAuth(args) {
+  const subcommand = args[0];
+  if (subcommand === "set") {
+    const domain = args[1];
+    if (!domain) {
+      console.error("Usage: nit auth set <domain> --provider <google|github|x> --account <email>");
+      process.exit(1);
+    }
+    const providerIndex = args.indexOf("--provider");
+    if (providerIndex === -1 || !args[providerIndex + 1]) {
+      console.error("Missing --provider. Usage: nit auth set <domain> --provider <google|github|x> --account <email>");
+      process.exit(1);
+    }
+    const provider = args[providerIndex + 1];
+    const validProviders = ["google", "github", "x"];
+    if (!validProviders.includes(provider)) {
+      console.error(`Unknown provider: ${provider}. Use: google, github, x`);
+      process.exit(1);
+    }
+    const accountIndex = args.indexOf("--account");
+    if (accountIndex === -1 || !args[accountIndex + 1]) {
+      console.error("Missing --account. Usage: nit auth set <domain> --provider <google|github|x> --account <email>");
+      process.exit(1);
+    }
+    const account = args[accountIndex + 1];
+    const result = await authSet(domain, provider, account);
+    if (result.createdBranch) {
+      console.log(`Created branch '${green(result.branch)}'`);
+    }
+    if (result.switchedBranch) {
+      console.log(`Switched to branch '${green(result.switchedBranch)}'`);
+    }
+    console.log(`${green("\u2713")} Auth configured for ${bold(domain)}: ${result.provider} (${result.account})`);
+    console.log(dim(`  Updated SKILL.md: ${result.skillId}/SKILL.md`));
+    return;
+  }
+  if (subcommand === "show") {
+    const domain = args[1];
+    const results = await authShow(domain);
+    if (results.length === 0) {
+      if (domain) {
+        console.log(dim(`No auth configured for '${domain}'.`));
+      } else {
+        console.log(dim("No branches with auth configured."));
+      }
+      return;
+    }
+    for (const r of results) {
+      if (r.auth) {
+        console.log(`  ${bold(r.branch)}: ${r.auth.provider} (${r.auth.account})`);
+      } else {
+        console.log(`  ${bold(r.branch)}: ${dim("(no auth)")}`);
+      }
+    }
+    return;
+  }
+  if (subcommand) {
+    console.error(`nit auth: unknown subcommand '${subcommand}'`);
+  }
+  console.error("Usage: nit auth set <domain> --provider <google|github|x> --account <email>");
+  console.error("       nit auth show [domain]");
+  process.exit(1);
+}
 function printUsage() {
   console.log(`
 ${bold("nit")} \u2014 version control for agent cards
@@ -374,11 +566,21 @@ ${bold("Commands:")}
   branch [name]      List branches or create a new one
   checkout <branch>  Switch branch (overwrites agent-card.json)
   push [--all]       Push branch(es) to remote
+  pull [--all]       Pull branch(es) from remote
+  reset [target]     Restore agent-card.json from HEAD or target
+  show [target]      Show commit metadata and card content
   sign "message"     Sign a message with your Ed25519 key
   sign --login <dom> Switch to domain branch + generate login payload
   remote             Show remote info
   remote add <n> <u> Add a new remote
   remote set-url <n> <u>  Change remote URL
+  sign-tx --chain <c> <data>  Sign tx data (evm: hash, solana: message)
+  broadcast --chain <c> <tx>  Send signed tx to RPC endpoint
+  rpc                Show configured RPC endpoints
+  rpc set-url <c> <url>  Set RPC endpoint for a chain
+  auth set <dom> --provider <p> --account <a>
+                     Configure OAuth auth for a branch
+  auth show [dom]    Show auth config for branch(es)
 
 ${bold("Examples:")}
   nit init

package/dist/index.d.ts

@@ -32,12 +32,19 @@ interface NitRemoteConfig {
     /** Legacy field — push auth is now via Ed25519 keypair */
     credential?: string;
 }
+/** RPC endpoint configuration for a specific chain. */
+interface NitRpcConfig {
+    /** JSON-RPC endpoint URL */
+    url: string;
+}
 /** Full .nit/config file contents. */
 interface NitConfig {
     /** Keyed by remote name (e.g. "origin") */
     remotes: Record<string, NitRemoteConfig>;
     /** Discovered skills directory path */
     skillsDir?: string;
+    /** RPC endpoints keyed by chain name (e.g. "evm", "solana") */
+    rpc?: Record<string, NitRpcConfig>;
 }
 /** A2A-compatible agent card. */
 interface AgentCard {
@@ -124,6 +131,33 @@ interface StatusResult {
         behind: number;
     }>;
 }
+/** Result of signing transaction data. */
+interface SignTxResult {
+    /** Chain that was signed for */
+    chain: 'evm' | 'solana';
+    /** The signature (EVM: "0x{r}{s}{v}" 130 hex chars, Solana: base64 64-byte Ed25519) */
+    signature: string;
+    /** EVM only: recovery parameter (0 or 1) for agent to compute chain-specific v */
+    recovery?: number;
+    /** The signer address */
+    address: string;
+}
+/** Result of broadcasting a signed transaction. */
+interface BroadcastResult {
+    /** Chain that was broadcast to */
+    chain: 'evm' | 'solana';
+    /** Transaction hash (EVM) or signature (Solana) */
+    txHash: string;
+    /** RPC endpoint used */
+    rpcUrl: string;
+}
+/** OAuth provider for per-branch authentication config. */
+type AuthProvider = 'google' | 'github' | 'x';
+/** Per-branch authentication configuration stored in SKILL.md frontmatter. */
+interface AuthConfig {
+    provider: AuthProvider;
+    account: string;
+}
 /** Result of generating a login payload for app authentication. */
 interface LoginPayload {
     agent_id: string;
@@ -225,6 +259,28 @@ declare function getWalletAddresses(nitDir: string): Promise<WalletAddresses>;
  * For EVM transaction signing.
  */
 declare function loadSecp256k1RawKeyPair(nitDir: string): Promise<Uint8Array>;
+/**
+ * Sign a 32-byte hash with the agent's derived secp256k1 private key.
+ * Returns ECDSA signature with recovery parameter.
+ *
+ * The caller (agent) provides a pre-hashed message (e.g. keccak256 of
+ * an RLP-encoded EVM transaction). nit signs it and returns (r, s, recovery).
+ * The agent computes chain-specific v = chainId * 2 + 35 + recovery (EIP-155).
+ */
+declare function signEvmHash(nitDir: string, hash: Uint8Array): Promise<{
+    r: string;
+    s: string;
+    v: number;
+    recovery: number;
+    signature: string;
+}>;
+/**
+ * Sign raw bytes with the agent's Ed25519 private key.
+ * Returns 64-byte signature as Uint8Array.
+ *
+ * For Solana transactions: the caller provides the serialized message bytes.
+ */
+declare function signSolanaBytes(nitDir: string, message: Uint8Array): Promise<Uint8Array>;
 
 /**
  * Walk up from startDir looking for a .nit/ directory.
@@ -343,5 +399,116 @@ declare function remoteAdd(name: string, url: string, options?: {
 declare function remoteSetUrl(name: string, url: string, options?: {
     projectDir?: string;
 }): Promise<void>;
+/**
+ * Sign transaction data with the agent's identity-derived key.
+ *
+ * EVM: pass a 32-byte keccak256 hash (hex). Returns ECDSA signature.
+ * Solana: pass serialized message bytes (hex). Returns Ed25519 signature.
+ */
+declare function signTx(chain: 'evm' | 'solana', data: string, options?: {
+    projectDir?: string;
+}): Promise<SignTxResult>;
+/**
+ * Broadcast a signed transaction to the configured RPC endpoint.
+ */
+declare function broadcast(chain: 'evm' | 'solana', signedTx: string, options?: {
+    projectDir?: string;
+    rpcUrl?: string;
+}): Promise<BroadcastResult>;
+/**
+ * Set the RPC endpoint URL for a chain.
+ */
+declare function rpcSetUrl(chain: string, url: string, options?: {
+    projectDir?: string;
+}): Promise<void>;
+/**
+ * Get all configured RPC endpoints.
+ */
+declare function rpcInfo(options?: {
+    projectDir?: string;
+}): Promise<Record<string, NitRpcConfig>>;
+/**
+ * Restore agent-card.json from a commit, discarding uncommitted changes.
+ *
+ * - No target: restore from HEAD (discard all uncommitted changes)
+ * - Commit hash or branch name: restore card from that commit
+ *
+ * Does NOT move the branch pointer — only overwrites the working card.
+ */
+declare function reset(target?: string, options?: {
+    projectDir?: string;
+}): Promise<{
+    hash: string;
+}>;
+interface ShowResult {
+    hash: string;
+    card: string;
+    parent: string | null;
+    author: string;
+    timestamp: number;
+    message: string;
+    cardJson: AgentCard;
+}
+/**
+ * Show a commit's metadata and card content.
+ *
+ * - No target: show HEAD
+ * - Commit hash or branch name: show that commit
+ */
+declare function show(target?: string, options?: {
+    projectDir?: string;
+}): Promise<ShowResult>;
+interface PullResult {
+    branch: string;
+    commitHash: string;
+    updated: boolean;
+}
+/**
+ * Fetch current branch (or all branches) from the remote and update local state.
+ *
+ * 1. Fetch card JSON from remote
+ * 2. Write card to object store
+ * 3. Create a commit object
+ * 4. Update branch ref + remote-tracking ref
+ * 5. Write card to working copy (current branch only)
+ */
+declare function pull(options?: {
+    projectDir?: string;
+    remoteName?: string;
+    all?: boolean;
+}): Promise<PullResult[]>;
+interface AuthSetResult {
+    branch: string;
+    skillId: string;
+    provider: AuthProvider;
+    account: string;
+    switchedBranch?: string;
+    createdBranch?: boolean;
+}
+interface AuthShowResult {
+    branch: string;
+    auth: AuthConfig | null;
+}
+/**
+ * Configure OAuth authentication for a branch.
+ *
+ * 1. Switches to the target branch (creates if needed)
+ * 2. Updates the branch's SKILL.md with auth frontmatter + consent instructions
+ * 3. Adds skill pointer to agent-card.json if not present
+ *
+ * The SKILL.md tells OpenClaw which OAuth provider and account to use when
+ * the agent encounters a login page. The agent reuses the human's existing
+ * Chrome session (browser-profile = user) and only handles OAuth consent
+ * flows — never enters credentials.
+ */
+declare function authSet(domain: string, provider: AuthProvider, account: string, options?: {
+    projectDir?: string;
+}): Promise<AuthSetResult>;
+/**
+ * Show auth config for a specific branch, or all branches with auth configured.
+ */
+declare function authShow(domain?: string, options?: {
+    projectDir?: string;
+}): Promise<AuthShowResult[]>;
 
-export { type AgentCard, type AgentCardSkill, type DiffResult, type FieldDiff, type InitResult, type LoginPayload, NIT_NAMESPACE, type NitBranch, type NitCommit, type NitConfig, type NitHead, type NitRemoteConfig, type PushResult, type RemoteInfo, type SkillMetadata, type StatusResult, type WalletAddresses$1 as WalletAddresses, base58Encode, branch, checkout, commit, deriveAgentId, diff, diffCards, fetchBranchCard, findNitDir, formatDiff, formatPublicKeyField, getEvmAddress, getSolanaAddress, getWalletAddresses, init, loadAgentId, loadRawKeyPair, loadSecp256k1RawKeyPair, log, loginPayload, parsePublicKeyField, push, remote, remoteAdd, remoteSetUrl, sign, signChallenge, signMessage, status };
+export { type AgentCard, type AgentCardSkill, type AuthConfig, type AuthProvider, type AuthSetResult, type AuthShowResult, type BroadcastResult, type DiffResult, type FieldDiff, type InitResult, type LoginPayload, NIT_NAMESPACE, type NitBranch, type NitCommit, type NitConfig, type NitHead, type NitRemoteConfig, type NitRpcConfig, type PullResult, type PushResult, type RemoteInfo, type ShowResult, type SignTxResult, type SkillMetadata, type StatusResult, type WalletAddresses$1 as WalletAddresses, authSet, authShow, base58Encode, branch, broadcast, checkout, commit, deriveAgentId, diff, diffCards, fetchBranchCard, findNitDir, formatDiff, formatPublicKeyField, getEvmAddress, getSolanaAddress, getWalletAddresses, init, loadAgentId, loadRawKeyPair, loadSecp256k1RawKeyPair, log, loginPayload, parsePublicKeyField, pull, push, remote, remoteAdd, remoteSetUrl, reset, rpcInfo, rpcSetUrl, show, sign, signChallenge, signEvmHash, signMessage, signSolanaBytes, signTx, status };

package/dist/index.js

@@ -1,40 +1,56 @@
 // nit — version control for agent cards
 import {
-  NIT_NAMESPACE,
+  authSet,
+  authShow,
   base58Encode,
   branch,
+  broadcast,
   checkout,
   commit,
-  deriveAgentId,
   diff,
   diffCards,
-  fetchBranchCard,
   findNitDir,
   formatDiff,
-  formatPublicKeyField,
   getEvmAddress,
   getSolanaAddress,
   getWalletAddresses,
   init,
-  loadAgentId,
-  loadRawKeyPair,
   loadSecp256k1RawKeyPair,
   log,
   loginPayload,
-  parsePublicKeyField,
+  pull,
   push,
   remote,
   remoteAdd,
   remoteSetUrl,
+  reset,
+  rpcInfo,
+  rpcSetUrl,
+  show,
   sign,
-  signChallenge,
-  signMessage,
+  signEvmHash,
+  signSolanaBytes,
+  signTx,
   status
-} from "./chunk-7LNGTHKO.js";
+} from "./chunk-WHSQICPU.js";
+import {
+  NIT_NAMESPACE,
+  deriveAgentId,
+  fetchBranchCard,
+  formatPublicKeyField,
+  loadAgentId,
+  loadRawKeyPair,
+  parsePublicKeyField,
+  signChallenge,
+  signMessage
+} from "./chunk-M6SR6QMR.js";
 export {
   NIT_NAMESPACE,
+  authSet,
+  authShow,
   base58Encode,
   branch,
+  broadcast,
   checkout,
   commit,
   deriveAgentId,
@@ -54,12 +70,20 @@ export {
   log,
   loginPayload,
   parsePublicKeyField,
+  pull,
   push,
   remote,
   remoteAdd,
   remoteSetUrl,
+  reset,
+  rpcInfo,
+  rpcSetUrl,
+  show,
   sign,
   signChallenge,
+  signEvmHash,
   signMessage,
+  signSolanaBytes,
+  signTx,
   status
 };

package/dist/remote-WZ625MBZ.js

@@ -0,0 +1,15 @@
+// nit — version control for agent cards
+import {
+  deleteRemoteBranch,
+  fetchBranchCard,
+  listRemoteBranches,
+  pushAll,
+  pushBranch
+} from "./chunk-M6SR6QMR.js";
+export {
+  deleteRemoteBranch,
+  fetchBranchCard,
+  listRemoteBranches,
+  pushAll,
+  pushBranch
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@newtype-ai/nit",
-  "version": "0.4.8",
+  "version": "0.4.10",
   "description": "Version control for agent cards",
   "type": "module",
   "bin": {
@@ -42,6 +42,7 @@
   },
   "homepage": "https://github.com/newtype-ai/nit",
   "devDependencies": {
+    "@noble/curves": "^2.0.0",
     "@noble/hashes": "^2.0.1",
     "@types/node": "^25.3.0",
     "tsup": "^8.0.0",

package/scripts/postinstall.js

@@ -1,8 +1,15 @@
 #!/usr/bin/env node
 console.log(`
+  _   _                 _____
+ | \\ |"|       ___     |_ " _|
+<|  \\| |>     |_"_|      | |
+U| |\\  |u      | |      /| |\\
+ |_| \\_|     U/| |\\u   u |_|U
+ ||   \\\\,-.-,_|___|_,-._// \\\\_
+ (_")  (_/ \\_)-' '-(_/(__) (__)
+
   nit — version control for agent cards
 
   Get started:   nit init
   Commands:      nit --help
-  Full playbook: https://github.com/newtype-ai/nit/blob/main/SKILL.md
 `);