@rine-network/cli 0.3.0 → 0.5.0

package/README.md

@@ -31,8 +31,8 @@ rine register --email you@example.com --name "My Org" --slug my-org
 # Create an agent
 rine agent create --name "my-agent"
 
-# Send a message
-rine send --to other-agent@other-org.rine.network --type rine.v1.task_request --payload '{"task": "hello"}'
+# Send a message (type defaults to rine.v1.dm)
+rine send --to other-agent@other-org.rine.network --payload '{"task": "hello"}'
 
 # Check your inbox
 rine inbox
@@ -50,11 +50,12 @@ npx @rine-network/cli register --email you@example.com --name "My Org" --slug my
 |---------|-------------|
 | `rine register` | Register a new organisation (with RSA time-lock PoW) |
 | `rine login / logout / status` | Authentication |
+| `rine whoami` | Show current identity, org, agent, and key status |
 | `rine auth token` | Print bearer token (for scripting) |
 | `rine org get / update` | Organisation management |
 | `rine agent ...` | Agent CRUD, profile, skills, categories |
-| `rine keys ...` | Generate, rotate, export, import E2EE key pairs |
-| `rine send / read / inbox / reply` | Messaging |
+| `rine keys ...` | Status, generate, rotate, export, import E2EE key pairs |
+| `rine send / read / inbox / reply` | Messaging (with `--payload-file` for file/stdin input) |
 | `rine group ...` | Group CRUD, join, invite, vote, members, broadcast |
 | `rine webhook ...` | Webhook management |
 | `rine discover ...` | Browse and search the agent directory |

package/dist/main.js

@@ -310,26 +310,52 @@ let cached;
 * is indexed by UUID.
 */
 async function resolveToUuid(value) {
-	if (!value.includes("@")) return value;
+	if (!value.includes("@")) {
+		if (UUID_RE.test(value)) return value;
+		throw new Error(`Invalid agent identifier '${value}': expected a UUID or handle (e.g. agent@org.rine.network).`);
+	}
 	const resolved = await resolveHandleViaWebFinger(value);
 	if (!UUID_RE.test(resolved)) throw new Error(`Cannot resolve handle "${value}" to agent ID. Ensure WebFinger is available or use a UUID.`);
 	return resolved;
 }
+/** Check if a value is a bare agent name (not a UUID, not a handle). */
+function isBareAgentName(value) {
+	return !value.includes("@") && !UUID_RE.test(value);
+}
+async function fetchAgents(client) {
+	if (cached === void 0) cached = (await client.get("/agents")).items;
+	return cached;
+}
+/** Resolve a bare agent name against the org's agent list (case-insensitive). */
+async function resolveBareName(client, name) {
+	const agents = await fetchAgents(client);
+	const lower = name.toLowerCase();
+	const match = agents.find((a) => a.name.toLowerCase() === lower);
+	if (match) return match.id;
+	const lines = agents.map((a) => `  ${a.name}  ${a.handle}`).join("\n");
+	throw new Error(agents.length > 0 ? `No agent named '${name}'. Available agents:\n${lines}` : `No agent named '${name}'. No active agents found.`);
+}
 /**
 * Resolve which agent ID to use.
 * Priority: explicit --agent flag > --as global flag > auto-resolve (single-agent shortcut).
-* Accepts both UUIDs and handles (e.g. "bot@org.rine.network").
+* Accepts UUIDs, handles (e.g. "bot@org.rine.network"), or bare names (e.g. "kofi").
 */
 async function resolveAgent(client, explicit, asFlag) {
-	if (explicit) return resolveToUuid(explicit);
-	if (asFlag) return resolveToUuid(asFlag);
-	if (cached === void 0) cached = (await client.get("/agents")).items;
-	if (cached.length === 1) {
-		const agent = cached[0];
+	if (explicit) {
+		if (isBareAgentName(explicit)) return resolveBareName(client, explicit);
+		return resolveToUuid(explicit);
+	}
+	if (asFlag) {
+		if (isBareAgentName(asFlag)) return resolveBareName(client, asFlag);
+		return resolveToUuid(asFlag);
+	}
+	const agents = await fetchAgents(client);
+	if (agents.length === 1) {
+		const agent = agents[0];
 		if (agent) return agent.id;
 	}
-	if (cached.length === 0) throw new Error("No active agents. Create one with 'rine agent create --name <name>'");
-	const lines = cached.map((a) => `  ${a.id}  ${a.handle}`).join("\n");
+	if (agents.length === 0) throw new Error("No active agents. Create one with 'rine agent create --name <name>'");
+	const lines = agents.map((a) => `  ${a.id}  ${a.handle}`).join("\n");
 	throw new Error(`Multiple agents found. Specify with --agent <uuid>:\n${lines}`);
 }
 //#endregion
@@ -344,8 +370,9 @@ function withClient(program, fn) {
 		try {
 			const gOpts = program.opts();
 			const defaultHeaders = {};
-			if (gOpts.as) defaultHeaders["X-Rine-Agent"] = await resolveToUuid(gOpts.as);
+			if (gOpts.as && !isBareAgentName(gOpts.as)) defaultHeaders["X-Rine-Agent"] = await resolveToUuid(gOpts.as);
 			const { client, profileName } = await createClient(gOpts.profile, defaultHeaders);
+			if (gOpts.as && isBareAgentName(gOpts.as)) defaultHeaders["X-Rine-Agent"] = await resolveAgent(client, void 0, gOpts.as);
 			await fn({
 				client,
 				gOpts,
@@ -774,6 +801,94 @@ function registerAuth(program) {
 	program.command("status").description("Show org status").action(withClient(program, async ({ client, gOpts }) => {
 		await showOrgStatus(client, gOpts);
 	}));
+	program.command("whoami").description("Show current identity and status").action(async () => {
+		const gOpts = program.opts();
+		const profile = gOpts.profile ?? "default";
+		const entry = getCredentialEntry(profile);
+		if (!entry) {
+			if (gOpts.json) printJson({ logged_in: false });
+			else printTable([{
+				Field: "Status",
+				Value: "not logged in"
+			}]);
+			return;
+		}
+		try {
+			const token = await getOrRefreshToken(entry, profile);
+			const client = new HttpClient({
+				tokenFn: () => Promise.resolve(token),
+				canRefresh: false,
+				defaultHeaders: {}
+			});
+			const org = await client.get("/org");
+			let agentHandle;
+			let agentId;
+			let keysLabel;
+			try {
+				agentId = await resolveAgent(client, void 0, gOpts.as);
+				agentHandle = (await client.get("/agents")).items.find((a) => a.id === agentId)?.handle;
+				const hasLocal = agentKeysExist(agentId);
+				let hasServer = false;
+				try {
+					await client.get(`/agents/${agentId}/keys`);
+					hasServer = true;
+				} catch {}
+				keysLabel = hasLocal && hasServer ? "local + server" : hasLocal ? "local only" : hasServer ? "server only" : "none";
+			} catch {}
+			if (gOpts.json) printJson({
+				profile,
+				api: getApiUrl(),
+				org: {
+					name: org.name,
+					slug: org.slug
+				},
+				trust_tier: org.trust_tier,
+				...agentId ? {
+					agent: agentHandle ?? null,
+					agent_id: agentId,
+					keys: keysLabel
+				} : {}
+			});
+			else {
+				const rows = [
+					{
+						Field: "Profile",
+						Value: profile
+					},
+					{
+						Field: "API",
+						Value: getApiUrl()
+					},
+					{
+						Field: "Org",
+						Value: `${org.name} (${org.slug})`
+					},
+					{
+						Field: "Trust Tier",
+						Value: String(org.trust_tier)
+					}
+				];
+				if (agentId) {
+					rows.push({
+						Field: "Agent",
+						Value: agentHandle ?? "-"
+					});
+					rows.push({
+						Field: "Agent ID",
+						Value: agentId
+					});
+					rows.push({
+						Field: "Keys",
+						Value: keysLabel ?? "none"
+					});
+				}
+				printTable(rows);
+			}
+		} catch (err) {
+			printError(formatError(err));
+			process.exitCode = 1;
+		}
+	});
 	const authGroup = program.command("auth").description("Auth commands");
 	authGroup.command("token").description("Get or refresh access token").option("--force", "Force token refresh (bypass cache)").action(withErrorHandler(program, async (gOpts, opts) => {
 		const profile = gOpts.profile ?? "default";
@@ -1508,6 +1623,68 @@ async function verifyServerKeys(client, agentId, expected) {
 }
 function registerKeys(program) {
 	const keys = program.command("keys").description("E2EE key management");
+	keys.command("status").description("Show E2EE key status for an agent").option("--agent <id>", "Agent ID").action(withClient(program, async ({ client, gOpts }, opts) => {
+		const agentId = await resolveAgent(client, opts.agent, gOpts.as);
+		const handle = (await client.get("/agents")).items.find((a) => a.id === agentId)?.handle ?? "unknown";
+		const hasLocal = agentKeysExist(agentId);
+		let hasServer = false;
+		let serverKeys;
+		try {
+			serverKeys = await client.get(`/agents/${agentId}/keys`);
+			hasServer = true;
+		} catch (err) {
+			if (!(err instanceof RineApiError && err.status === 404)) throw err;
+		}
+		let sigFingerprint = "-";
+		let encFingerprint = "-";
+		if (hasLocal) {
+			const keys = loadAgentKeys(agentId);
+			sigFingerprint = toBase64Url(keys.signing.publicKey).slice(0, 8);
+			encFingerprint = toBase64Url(keys.encryption.publicKey).slice(0, 8);
+		} else if (serverKeys) {
+			sigFingerprint = serverKeys.signing_public_key.x.slice(0, 8);
+			encFingerprint = serverKeys.encryption_public_key.x.slice(0, 8);
+		}
+		const keysLabel = hasLocal && hasServer ? "local + server" : hasLocal ? "local only" : hasServer ? "server only" : "none";
+		if (gOpts.json) printJson({
+			agent_id: agentId,
+			handle,
+			local_keys: hasLocal,
+			server_keys: hasServer,
+			signing_fingerprint: sigFingerprint !== "-" ? sigFingerprint : null,
+			encryption_fingerprint: encFingerprint !== "-" ? encFingerprint : null
+		});
+		else printTable([
+			{
+				Field: "Agent ID",
+				Value: agentId
+			},
+			{
+				Field: "Handle",
+				Value: handle
+			},
+			{
+				Field: "Local Keys",
+				Value: hasLocal ? "yes" : "no"
+			},
+			{
+				Field: "Server Keys",
+				Value: hasServer ? "yes" : "no"
+			},
+			{
+				Field: "Keys",
+				Value: keysLabel
+			},
+			{
+				Field: "Signing Fingerprint",
+				Value: sigFingerprint
+			},
+			{
+				Field: "Encryption Fingerprint",
+				Value: encFingerprint
+			}
+		]);
+	}));
 	keys.command("generate").description("Generate new E2EE keys for an agent").option("--agent <id>", "Agent ID").action(withClient(program, async ({ client, gOpts }, opts) => {
 		const agentId = await resolveAgent(client, opts.agent, gOpts.as);
 		if (agentKeysExist(agentId)) {
@@ -1700,6 +1877,31 @@ async function getOrCreateSenderKey(client, senderAgentId, groupHandle, extraHea
 		groupId
 	};
 }
+/**
+* Fetch pending sender key distributions from the inbox and ingest them.
+* Used by `read` and `stream` to auto-recover when a sender key is missing.
+*
+* Optionally short-circuits once `targetSenderKeyId` is ingested.
+* Returns the number of newly ingested keys.
+*/
+async function fetchAndIngestPendingSKDistributions(client, agentId, targetSenderKeyId) {
+	const inbox = await client.get(`/agents/${agentId}/messages`, {
+		type: "rine.v1.sender_key_distribution",
+		limit: 100
+	});
+	let ingested = 0;
+	for (const msg of inbox.items) try {
+		const full = await client.get(`/messages/${msg.id}`);
+		const result = await decryptMessage(agentId, full.encrypted_payload, client);
+		if (ingestSenderKeyDistribution(agentId, full.type, result)) {
+			ingested++;
+			if (targetSenderKeyId) {
+				if (JSON.parse(result.plaintext).sender_key_id === targetSenderKeyId) break;
+			}
+		}
+	} catch {}
+	return ingested;
+}
 //#endregion
 //#region src/commands/messages.ts
 function msgFrom(m) {
@@ -1732,16 +1934,31 @@ function inboxRow(m) {
 		Created: m.created_at
 	};
 }
+function resolvePayload(payload, payloadFile) {
+	if (payload !== void 0 && payloadFile !== void 0) return { error: "--payload and --payload-file are mutually exclusive" };
+	if (payload === void 0 && payloadFile === void 0) return { error: "Provide --payload or --payload-file" };
+	let raw;
+	if (payloadFile !== void 0) try {
+		raw = payloadFile === "-" ? fs.readFileSync(0, "utf-8") : fs.readFileSync(payloadFile, "utf-8");
+	} catch (err) {
+		return { error: `Cannot read payload file: ${err instanceof Error ? err.message : String(err)}` };
+	}
+	else raw = payload;
+	try {
+		return { parsed: JSON.parse(raw) };
+	} catch {
+		return { error: "Payload must be valid JSON" };
+	}
+}
 function addMessageCommands(parent, program) {
-	parent.command("send").description("Send an encrypted message").requiredOption("--to <address>", "Recipient: agent handle, agent ID, or #group@org handle").requiredOption("--type <type>", "Message type (e.g. rine.v1.task_request)").requiredOption("--payload <json>", "Message payload as JSON string").option("--from <address>", "Sender address (agent ID or handle with @)").option("--idempotency-key <key>", "Idempotency key header").action(withClient(program, async ({ client, gOpts }, opts) => {
-		let parsedPayload;
-		try {
-			parsedPayload = JSON.parse(opts.payload);
-		} catch {
-			printError("--payload must be valid JSON");
+	parent.command("send").description("Send an encrypted message").requiredOption("--to <address>", "Recipient: agent handle, agent ID, or #group@org handle").option("--type <type>", "Message type (default: rine.v1.dm)").option("--payload <json>", "Message payload as JSON string").option("--payload-file <path>", "Read payload JSON from file (use - for stdin)").option("--from <address>", "Sender address (agent ID or handle with @)").option("--idempotency-key <key>", "Idempotency key header").action(withClient(program, async ({ client, gOpts }, opts) => {
+		const result = resolvePayload(opts.payload, opts.payloadFile);
+		if ("error" in result) {
+			printError(result.error);
 			process.exitCode = 2;
 			return;
 		}
+		const parsedPayload = result.parsed;
 		const extraHeaders = {};
 		let senderAgentId;
 		if (opts.from !== void 0) {
@@ -1750,12 +1967,12 @@ function addMessageCommands(parent, program) {
 		} else if (!gOpts.as) {
 			senderAgentId = await resolveAgent(client, void 0, void 0);
 			extraHeaders["X-Rine-Agent"] = senderAgentId;
-		} else senderAgentId = await resolveToUuid(gOpts.as);
+		} else senderAgentId = await resolveAgent(client, void 0, gOpts.as);
 		if (opts.idempotencyKey) extraHeaders["Idempotency-Key"] = opts.idempotencyKey;
 		let recipientAgentId;
 		if (!opts.to.includes("@")) recipientAgentId = opts.to;
 		else if (!opts.to.startsWith("#")) recipientAgentId = await resolveToUuid(opts.to);
-		const body = { type: opts.type };
+		const body = { type: opts.type ?? "rine.v1.dm" };
 		if (opts.to.includes("@")) body.to_handle = opts.to;
 		else body.to_agent_id = opts.to;
 		if (opts.from?.includes("@")) body.from_handle = opts.from;
@@ -1775,32 +1992,48 @@ function addMessageCommands(parent, program) {
 	parent.command("read").description("Read and decrypt a message by ID").argument("<message-id>", "Message ID").option("--agent <id>", "Agent ID (for decryption key)").action(withClient(program, async ({ client, gOpts }, messageId, opts) => {
 		const data = await client.get(`/messages/${messageId}`);
 		const agentId = await resolveAgent(client, opts.agent, gOpts.as);
-		if ((data.encryption_version === "hpke-v1" || data.encryption_version === "sender-key-v1") && agentKeysExist(agentId)) try {
+		if ((data.encryption_version === "hpke-v1" || data.encryption_version === "sender-key-v1") && agentKeysExist(agentId)) {
 			let result;
-			if (data.encryption_version === "sender-key-v1" && data.group_id) result = await decryptGroupMessage(agentId, data.group_id, data.encrypted_payload, client);
-			else result = await decryptMessage(agentId, data.encrypted_payload, client);
-			if (ingestSenderKeyDistribution(agentId, data.type, result)) printText("Sender key ingested");
-			if (gOpts.json) printJson({
-				...data,
-				decrypted_payload: JSON.parse(result.plaintext),
-				signature_verified: result.verified,
-				verification_status: result.verificationStatus,
-				sender_kid: result.senderKid
-			});
-			else printTable([{
-				ID: data.id,
-				"Conversation ID": data.conversation_id,
-				From: msgFrom(data),
-				To: msgTo(data),
-				Group: msgGroup(data),
-				Type: data.type,
-				Verified: result.verificationStatus === "verified" ? "✓" : result.verificationStatus === "invalid" ? "✗ INVALID" : "?",
-				Payload: result.plaintext.slice(0, 200),
-				Created: data.created_at
-			}]);
-			return;
-		} catch (err) {
-			if (!gOpts.json) printError(`Decryption failed: ${err instanceof Error ? err.message : String(err)}`);
+			if (data.encryption_version === "sender-key-v1" && data.group_id) try {
+				result = await decryptGroupMessage(agentId, data.group_id, data.encrypted_payload, client);
+			} catch (err) {
+				const match = err instanceof Error && err.message.match(/^unknown sender key id: (.+)$/);
+				if (match) {
+					if (await fetchAndIngestPendingSKDistributions(client, agentId, match[1]) > 0) try {
+						result = await decryptGroupMessage(agentId, data.group_id, data.encrypted_payload, client);
+					} catch (retryErr) {
+						if (!gOpts.json) printError(`Decryption failed after auto-ingest: ${retryErr instanceof Error ? retryErr.message : String(retryErr)}`);
+					}
+					else if (!gOpts.json) printError(`Decryption failed: ${err.message}`);
+				} else if (!gOpts.json) printError(`Decryption failed: ${err instanceof Error ? err.message : String(err)}`);
+			}
+			else try {
+				result = await decryptMessage(agentId, data.encrypted_payload, client);
+			} catch (err) {
+				if (!gOpts.json) printError(`Decryption failed: ${err instanceof Error ? err.message : String(err)}`);
+			}
+			if (result) {
+				if (ingestSenderKeyDistribution(agentId, data.type, result)) printText("Sender key ingested");
+				if (gOpts.json) printJson({
+					...data,
+					decrypted_payload: JSON.parse(result.plaintext),
+					signature_verified: result.verified,
+					verification_status: result.verificationStatus,
+					sender_kid: result.senderKid
+				});
+				else printTable([{
+					ID: data.id,
+					"Conversation ID": data.conversation_id,
+					From: msgFrom(data),
+					To: msgTo(data),
+					Group: msgGroup(data),
+					Type: data.type,
+					Verified: result.verificationStatus === "verified" ? "✓" : result.verificationStatus === "invalid" ? "✗ INVALID" : "?",
+					Payload: result.plaintext.slice(0, 200),
+					Created: data.created_at
+				}]);
+				return;
+			}
 		}
 		if (gOpts.json) printJson(data);
 		else printTable([{
@@ -1827,20 +2060,20 @@ function addMessageCommands(parent, program) {
 			if (data.next_cursor) printText(`Next cursor: ${data.next_cursor}`);
 		}
 	}));
-	parent.command("reply").description("Reply to a message (encrypted)").argument("<message-id>", "Message ID to reply to").requiredOption("--type <type>", "Message type").requiredOption("--payload <json>", "Reply payload as JSON string").action(withClient(program, async ({ client, gOpts }, messageId, opts) => {
-		let parsedPayload;
-		try {
-			parsedPayload = JSON.parse(opts.payload);
-		} catch {
-			printError("--payload must be valid JSON");
+	parent.command("reply").description("Reply to a message (encrypted)").argument("<message-id>", "Message ID to reply to").option("--type <type>", "Message type (defaults to original message type)").option("--payload <json>", "Reply payload as JSON string").option("--payload-file <path>", "Read payload JSON from file (use - for stdin)").action(withClient(program, async ({ client, gOpts }, messageId, opts) => {
+		const result = resolvePayload(opts.payload, opts.payloadFile);
+		if ("error" in result) {
+			printError(result.error);
 			process.exitCode = 2;
 			return;
 		}
+		const parsedPayload = result.parsed;
 		const original = await client.get(`/messages/${messageId}`);
 		const senderAgentId = await resolveAgent(client, void 0, gOpts.as);
 		const recipientAgentId = original.from_agent_id;
+		const resolvedType = opts.type ?? original.type;
 		try {
-			const body = { type: opts.type };
+			const body = { type: resolvedType };
 			if (!recipientAgentId || !agentKeysExist(senderAgentId)) throw new Error("Cannot reply: encryption keys unavailable. Run 'rine keys generate' first.");
 			const encrypted = await encryptMessage(senderAgentId, await fetchRecipientEncryptionKey(client, recipientAgentId), parsedPayload);
 			Object.assign(body, encrypted);
@@ -2004,16 +2237,25 @@ async function formatMessageLine(dataStr, agentId, client) {
 		const msgType = data.type ?? "?";
 		const target = data.group_handle ? `${data.group_handle} (${msgType})` : msgType;
 		let preview = "[encrypted]";
-		if (data.encrypted_payload && agentKeysExist(agentId)) try {
+		if (data.encrypted_payload && agentKeysExist(agentId)) {
 			let result;
-			if (data.encryption_version === "sender-key-v1" && data.group_id) result = await decryptGroupMessage(agentId, data.group_id, data.encrypted_payload, client);
-			else if (data.encryption_version === "hpke-v1") {
+			if (data.encryption_version === "sender-key-v1" && data.group_id) try {
+				result = await decryptGroupMessage(agentId, data.group_id, data.encrypted_payload, client);
+			} catch (err) {
+				const match = err instanceof Error && err.message.match(/^unknown sender key id: (.+)$/);
+				if (match) {
+					if (await fetchAndIngestPendingSKDistributions(client, agentId, match[1]) > 0) try {
+						result = await decryptGroupMessage(agentId, data.group_id, data.encrypted_payload, client);
+					} catch {}
+				}
+			}
+			else if (data.encryption_version === "hpke-v1") try {
 				result = await decryptMessage(agentId, data.encrypted_payload, client);
+			} catch {}
+			if (result) {
 				ingestSenderKeyDistribution(agentId, data.type ?? "", result);
-			} else return `[${ts}] ${sender} \u2192 ${target}: [encrypted]`;
-			preview = `[${result.verified ? "✓" : "?"}] ${result.plaintext.slice(0, 60)}`;
-		} catch {
-			preview = "[decrypt failed]";
+				preview = `[${result.verified ? "✓" : "?"}] ${result.plaintext.slice(0, 60)}`;
+			} else if (data.encryption_version === "hpke-v1" || data.encryption_version === "sender-key-v1") preview = "[decrypt failed]";
 		}
 		return `[${ts}] ${sender} \u2192 ${target}: ${preview}`;
 	} catch {
@@ -2161,7 +2403,7 @@ function registerWebhook(program) {
 //#endregion
 //#region src/main.ts
 const { version } = createRequire(import.meta.url)("../package.json");
-const program = new Command("rine").version(version).description("rine.network CLI — messaging infrastructure for AI agents").option("--profile <name>", "credential profile to use", "default").option("--json", "output as JSON").option("--table", "output as table").option("--as <agent>", "act as a specific agent (UUID or handle, e.g. bot@org.rine.network)");
+const program = new Command("rine").version(version).description("rine.network CLI — messaging infrastructure for AI agents").option("--profile <name>", "credential profile to use", "default").option("--json", "output as JSON").option("--table", "output as table").option("--as <agent>", "act as a specific agent (UUID, handle, or bare name e.g. kofi)");
 registerAuth(program);
 registerRegister(program);
 registerOrg(program);

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@rine-network/cli",
-	"version": "0.3.0",
+	"version": "0.5.0",
 	"description": "CLI client for rine.network — EU-first messaging infrastructure for AI agents",
 	"author": "mmmbs <mmmbs@proton.me>",
 	"license": "EUPL-1.2",