@tjamescouch/agentchat 0.11.0 → 0.12.0

package/bin/agentchat.js

@@ -48,6 +48,10 @@ import {
   DEFAULT_RATINGS_PATH,
   DEFAULT_RATING
 } from '../lib/reputation.js';
+import {
+  ServerDirectory,
+  DEFAULT_DIRECTORY_PATH
+} from '../lib/server-directory.js';
 
 program
   .name('agentchat')
@@ -504,6 +508,39 @@ program
     }
   });
 
+// Verify agent identity command
+program
+  .command('verify <server> <agent>')
+  .description('Verify another agent\'s identity via challenge-response')
+  .option('-i, --identity <file>', 'Path to identity file (required)', DEFAULT_IDENTITY_PATH)
+  .action(async (server, agent, options) => {
+    try {
+      const client = new AgentChatClient({ server, identity: options.identity });
+      await client.connect();
+
+      console.log(`Verifying identity of ${agent}...`);
+
+      const result = await client.verify(agent);
+
+      if (result.verified) {
+        console.log('Identity verified!');
+        console.log(`  Agent: ${result.agent}`);
+        console.log(`  Public Key:`);
+        console.log(result.pubkey.split('\n').map(line => `    ${line}`).join('\n'));
+      } else {
+        console.log('Verification failed!');
+        console.log(`  Target: ${result.target}`);
+        console.log(`  Reason: ${result.reason}`);
+      }
+
+      client.disconnect();
+      process.exit(result.verified ? 0 : 1);
+    } catch (err) {
+      console.error('Error:', err.message);
+      process.exit(1);
+    }
+  });
+
 // Identity management command
 program
   .command('identity')
@@ -511,6 +548,8 @@ program
   .option('-g, --generate', 'Generate new keypair')
   .option('-s, --show', 'Show current identity')
   .option('-e, --export', 'Export public key for sharing (JSON to stdout)')
+  .option('-r, --rotate', 'Rotate to new keypair (signs new key with old key)')
+  .option('--verify-chain', 'Verify the rotation chain')
   .option('-f, --file <path>', 'Identity file path', DEFAULT_IDENTITY_PATH)
   .option('-n, --name <name>', 'Agent name (for --generate)', `agent-${process.pid}`)
   .option('--force', 'Overwrite existing identity')
@@ -551,6 +590,54 @@ program
         const identity = await Identity.load(options.file);
         console.log(JSON.stringify(identity.export(), null, 2));
 
+      } else if (options.rotate) {
+        // Rotate to new keypair
+        const identity = await Identity.load(options.file);
+        const oldAgentId = identity.getAgentId();
+        const oldFingerprint = identity.getFingerprint();
+
+        console.log('Rotating identity...');
+        console.log(`  Old Agent ID: ${oldAgentId}`);
+        console.log(`  Old Fingerprint: ${oldFingerprint}`);
+
+        const record = identity.rotate();
+        await identity.save(options.file);
+
+        console.log('');
+        console.log('Rotation complete:');
+        console.log(`  New Agent ID: ${identity.getAgentId()}`);
+        console.log(`  New Fingerprint: ${identity.getFingerprint()}`);
+        console.log(`  Total rotations: ${identity.rotations.length}`);
+        console.log('');
+        console.log('The new key has been signed by the old key for chain of custody.');
+        console.log('Share the rotation record to prove key continuity.');
+
+      } else if (options.verifyChain) {
+        // Verify rotation chain
+        const identity = await Identity.load(options.file);
+
+        if (identity.rotations.length === 0) {
+          console.log('No rotations to verify (original identity).');
+          console.log(`  Agent ID: ${identity.getAgentId()}`);
+          process.exit(0);
+        }
+
+        console.log(`Verifying rotation chain (${identity.rotations.length} rotation(s))...`);
+        const result = identity.verifyRotationChain();
+
+        if (result.valid) {
+          console.log('Chain verified successfully!');
+          console.log(`  Original Agent ID: ${identity.getOriginalAgentId()}`);
+          console.log(`  Current Agent ID: ${identity.getAgentId()}`);
+          console.log(`  Rotations: ${identity.rotations.length}`);
+        } else {
+          console.error('Chain verification FAILED:');
+          for (const error of result.errors) {
+            console.error(`  - ${error}`);
+          }
+          process.exit(1);
+        }
+
       } else {
         // Default: show if exists, otherwise show help
         const exists = await Identity.exists(options.file);
@@ -1117,6 +1204,91 @@ program
     }
   });
 
+// Discover command - find public AgentChat servers
+program
+  .command('discover')
+  .description('Discover available AgentChat servers')
+  .option('--add <url>', 'Add a server to the directory')
+  .option('--remove <url>', 'Remove a server from the directory')
+  .option('--name <name>', 'Server name (for --add)')
+  .option('--description <desc>', 'Server description (for --add)')
+  .option('--region <region>', 'Server region (for --add)')
+  .option('--online', 'Only show online servers')
+  .option('--json', 'Output as JSON')
+  .option('--no-check', 'List servers without health check')
+  .option('--directory <path>', 'Custom directory file path', DEFAULT_DIRECTORY_PATH)
+  .action(async (options) => {
+    try {
+      const directory = new ServerDirectory({ directoryPath: options.directory });
+      await directory.load();
+
+      // Add server
+      if (options.add) {
+        await directory.addServer({
+          url: options.add,
+          name: options.name || options.add,
+          description: options.description || '',
+          region: options.region || 'unknown'
+        });
+        console.log(`Added server: ${options.add}`);
+        process.exit(0);
+      }
+
+      // Remove server
+      if (options.remove) {
+        await directory.removeServer(options.remove);
+        console.log(`Removed server: ${options.remove}`);
+        process.exit(0);
+      }
+
+      // List/discover servers
+      let servers;
+      if (options.check === false) {
+        servers = directory.list().map(s => ({ ...s, status: 'unknown' }));
+      } else {
+        console.error('Checking server status...');
+        servers = await directory.discover({ onlineOnly: options.online });
+      }
+
+      if (options.json) {
+        console.log(JSON.stringify(servers, null, 2));
+      } else {
+        if (servers.length === 0) {
+          console.log('No servers found.');
+        } else {
+          console.log(`\nFound ${servers.length} server(s):\n`);
+          for (const server of servers) {
+            const statusIcon = server.status === 'online' ? '\u2713' :
+                              server.status === 'offline' ? '\u2717' : '?';
+            console.log(`  ${statusIcon} ${server.name}`);
+            console.log(`    URL: ${server.url}`);
+            console.log(`    Status: ${server.status}`);
+            if (server.description) {
+              console.log(`    Description: ${server.description}`);
+            }
+            if (server.region) {
+              console.log(`    Region: ${server.region}`);
+            }
+            if (server.health) {
+              console.log(`    Agents: ${server.health.agents?.connected || 0}`);
+              console.log(`    Uptime: ${server.health.uptime_seconds || 0}s`);
+            }
+            if (server.error) {
+              console.log(`    Error: ${server.error}`);
+            }
+            console.log('');
+          }
+        }
+        console.log(`Directory: ${options.directory}`);
+      }
+
+      process.exit(0);
+    } catch (err) {
+      console.error('Error:', err.message);
+      process.exit(1);
+    }
+  });
+
 // Deploy command
 program
   .command('deploy')

package/lib/client.js

@@ -10,7 +10,8 @@ import {
   ServerMessageType,
   createMessage,
   serialize,
-  parse
+  parse,
+  generateNonce
 } from './protocol.js';
 import { Identity } from './identity.js';
 import {
@@ -532,6 +533,118 @@ export class AgentChatClient extends EventEmitter {
     });
   }
 
+  // ===== IDENTITY VERIFICATION METHODS =====
+
+  /**
+   * Request identity verification from another agent
+   * Sends a challenge nonce that the target must sign to prove they control their identity
+   * @param {string} target - Target agent to verify (@id)
+   * @returns {Promise<object>} Verification result with pubkey if successful
+   */
+  async verify(target) {
+    const targetAgent = target.startsWith('@') ? target : `@${target}`;
+    const nonce = generateNonce();
+
+    const msg = {
+      type: ClientMessageType.VERIFY_REQUEST,
+      target: targetAgent,
+      nonce
+    };
+
+    this._send(msg);
+
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        this.removeListener('verify_success', onSuccess);
+        this.removeListener('verify_failed', onFailed);
+        this.removeListener('error', onError);
+        reject(new Error('Verification timeout'));
+      }, 35000); // Slightly longer than server timeout
+
+      const onSuccess = (response) => {
+        if (response.agent === targetAgent || response.target === targetAgent) {
+          clearTimeout(timeout);
+          this.removeListener('verify_failed', onFailed);
+          this.removeListener('error', onError);
+          resolve({
+            verified: true,
+            agent: response.agent,
+            pubkey: response.pubkey,
+            request_id: response.request_id
+          });
+        }
+      };
+
+      const onFailed = (response) => {
+        if (response.target === targetAgent) {
+          clearTimeout(timeout);
+          this.removeListener('verify_success', onSuccess);
+          this.removeListener('error', onError);
+          resolve({
+            verified: false,
+            target: response.target,
+            reason: response.reason,
+            request_id: response.request_id
+          });
+        }
+      };
+
+      const onError = (err) => {
+        clearTimeout(timeout);
+        this.removeListener('verify_success', onSuccess);
+        this.removeListener('verify_failed', onFailed);
+        reject(new Error(err.message));
+      };
+
+      this.on('verify_success', onSuccess);
+      this.on('verify_failed', onFailed);
+      this.once('error', onError);
+    });
+  }
+
+  /**
+   * Respond to a verification request by signing the nonce
+   * This is typically called automatically when a VERIFY_REQUEST is received
+   * @param {string} requestId - The verification request ID
+   * @param {string} nonce - The nonce to sign
+   */
+  async respondToVerification(requestId, nonce) {
+    if (!this._identity || !this._identity.privkey) {
+      throw new Error('Responding to verification requires persistent identity.');
+    }
+
+    const sig = this._identity.sign(nonce);
+
+    const msg = {
+      type: ClientMessageType.VERIFY_RESPONSE,
+      request_id: requestId,
+      nonce,
+      sig
+    };
+
+    this._send(msg);
+  }
+
+  /**
+   * Enable automatic verification response
+   * When enabled, the client will automatically respond to VERIFY_REQUEST messages
+   * @param {boolean} enabled - Whether to enable auto-response
+   */
+  enableAutoVerification(enabled = true) {
+    if (enabled) {
+      this._autoVerifyHandler = (msg) => {
+        if (msg.request_id && msg.nonce && msg.from) {
+          this.respondToVerification(msg.request_id, msg.nonce)
+            .catch(err => this.emit('error', { message: `Auto-verification failed: ${err.message}` }));
+        }
+      };
+      this.on('verify_request', this._autoVerifyHandler);
+    } else if (this._autoVerifyHandler) {
+      this.removeListener('verify_request', this._autoVerifyHandler);
+      this._autoVerifyHandler = null;
+    }
+  }
+
   _send(msg) {
     if (this.ws && this.ws.readyState === WebSocket.OPEN) {
       this.ws.send(serialize(msg));
@@ -630,6 +743,23 @@ export class AgentChatClient extends EventEmitter {
         this.emit('search_results', msg);
         this.emit('message', msg);
         break;
+
+      // Identity verification messages
+      case ServerMessageType.VERIFY_REQUEST:
+        this.emit('verify_request', msg);
+        break;
+
+      case ServerMessageType.VERIFY_RESPONSE:
+        this.emit('verify_response', msg);
+        break;
+
+      case ServerMessageType.VERIFY_SUCCESS:
+        this.emit('verify_success', msg);
+        break;
+
+      case ServerMessageType.VERIFY_FAILED:
+        this.emit('verify_failed', msg);
+        break;
     }
   }
 }