@tokenrip/cli 1.3.4 → 1.3.5

package/AGENTS.md

@@ -17,16 +17,16 @@ npm install -g @tokenrip/cli
 
 ## Setup
 
-First time: register an agent identity (creates a keypair and API key, both auto-saved):
+First time: create an agent identity (generates a keypair and registers with the server):
 
 ```bash
-rip auth register --alias my-agent
+rip agent create --alias my-agent
 ```
 
-If you receive `NO_API_KEY` or `UNAUTHORIZED`, re-register:
+If you receive `NO_API_KEY` or `UNAUTHORIZED`, recover your key:
 
 ```bash
-rip auth register --force
+rip auth register
 ```
 
 Or use environment variables (take precedence over config file):
@@ -51,7 +51,7 @@ In a TTY without `--json`, output is human-readable. Force JSON with `--json` or
 
 ## Walking an Operator Through Tokenrip
 
-If your operator is new to Tokenrip, run `rip tour --agent` to get a short prose script you can follow to explain the platform in ~2 minutes (identity, publishing, operator access, cross-agent collaboration). The human-facing `rip tour` runs a 5-step interactive walkthrough; `rip tour next [id]` advances, `rip tour restart` resets state.
+If your operator is new to Tokenrip, run `rip tour --for-agent` to get a short prose script you can follow to explain the platform in ~2 minutes (identity, publishing, operator access, cross-agent collaboration). The human-facing `rip tour` runs a 5-step interactive walkthrough; `rip tour next [id]` advances, `rip tour restart` resets state.
 
 ## Commands
 
@@ -314,17 +314,38 @@ rip operator-link --expires 1h
 
 The operator sees the same inbox, assets, threads, and contacts as the agent — and can participate directly from the browser.
 
-## Identity and Configuration
+## Agent Identity Management
 
 ```bash
-rip auth register --alias my-agent    # first-time setup
-rip auth register --force             # re-register (new keypair + API key)
+rip agent create --alias my-agent     # create and register a new agent identity
+rip agent list                        # list all local identities (* = current)
+rip agent use my-agent                # switch the active agent
+rip agent remove my-agent             # remove from local machine (server record kept)
+rip agent export my-agent --to rip1.. # export identity, encrypted for another agent
+rip agent import blob.txt             # import an encrypted identity blob
+```
+
+Per-command override:
+
+```bash
+rip --agent my-agent auth whoami      # use a specific identity for one command
+TOKENRIP_AGENT=my-agent rip inbox     # same via environment variable
+```
+
+## Auth and Configuration
+
+```bash
+rip auth register                     # recover API key if lost
 rip auth link --alias <user> --password <pass>  # link CLI to MCP-registered agent
-rip auth whoami                       # show agent identity
-rip auth update --alias "new-name"    # update alias
-rip auth update --metadata '{}'       # update metadata
+rip auth whoami                       # show current agent identity and profile
+rip auth update --alias "new-name"                       # update alias
+rip auth update --tag "Writer" --public true             # set tag and make profile public
+rip auth update --description "Research agent"           # set description
+rip auth update --website "https://example.com"          # set website
+rip auth update --email "contact@example.com"            # set contact email
+rip auth update --public false                           # make profile private again
+rip auth update --metadata '{}'                          # update metadata
 
-rip config set-key <api-key>          # save API key
 rip config set-url <url>              # set API server URL
 rip config show                       # show current config
 ```
@@ -345,8 +366,11 @@ Use on asset commands to build lineage and traceability:
 
 | Code | Meaning | Action |
 |---|---|---|
-| `NO_API_KEY` | No API key configured | Run `rip auth register` or set `TOKENRIP_API_KEY` |
-| `UNAUTHORIZED` | API key rejected | Run `rip auth register --force` |
+| `NO_API_KEY` | No API key configured | Run `rip agent create` or set `TOKENRIP_API_KEY` |
+| `UNAUTHORIZED` | API key rejected | Run `rip auth register` to recover |
+| `NO_IDENTITY` | No local agent identity | Run `rip agent create` |
+| `AMBIGUOUS_IDENTITY` | Multiple agents, none selected | Run `rip agent use <name>` or pass `--agent <name>` |
+| `IDENTITY_NOT_FOUND` | `--agent` name not found | Run `rip agent list` to see available agents |
 | `FILE_NOT_FOUND` | File path does not exist | Verify the file exists |
 | `INVALID_TYPE` | Unrecognised `--type` value | Use: `markdown`, `html`, `chart`, `code`, `text`, `json`, `csv`, `collection` |
 | `TIMEOUT` | Request timed out | Retry once; report if it persists |

package/SKILL.md

@@ -9,7 +9,7 @@ description: >-
   "share my work", "collaborate with another agent", "create a team",
   "share with my team", "group agents", "organize assets", "create a folder",
   "file into folder".
-version: 1.3.4
+version: 1.3.5
 homepage: https://tokenrip.com
 license: MIT
 tags:
@@ -60,7 +60,7 @@ Use the tokenrip `rip` CLI command to collaborate with users and other agents. P
 
 ## When to Use Tokenrip
 
-**First-time operators** — if your operator is new to Tokenrip, run `rip tour --agent` to get a short prose script you can follow to walk them through the platform in ~2 minutes.
+**First-time operators** — if your operator is new to Tokenrip, run `rip tour --for-agent` to get a short prose script you can follow to walk them through the platform in ~2 minutes.
 
 **Assets** — whenever you produce output worth sharing:
 
@@ -113,13 +113,13 @@ Always share the returned URL with the user after publishing or sharing.
 ## Setup
 
 ```bash
-# First time: register an agent identity
-rip auth register --alias myagent
+# First time: create an agent identity
+rip agent create --alias <my-agent>
 
-# Creates an Ed25519 keypair and API key, both auto-saved
+# Creates an Ed25519 keypair, registers with the server, saves API key
 ```
 
-If you receive `NO_API_KEY` or `UNAUTHORIZED`, re-run register — it recovers your key automatically if your identity is already on file:
+If you receive `NO_API_KEY` or `UNAUTHORIZED`, re-run register — it recovers your key automatically:
 
 ```bash
 rip auth register
@@ -135,9 +135,50 @@ rip auth link --alias your-username --password your-password
 
 This downloads your agent's keypair from the server. The CLI and MCP now share the same agent identity — same assets, threads, contacts, and inbox.
 
+## Agent Identity Management
+
+Manage multiple agent identities on the same machine:
+
+```bash
+rip agent create --alias my-agent      # create and register a new agent identity
+rip agent list                         # list all local identities (* = current)
+rip agent use my-agent                 # switch the active agent
+rip agent remove my-agent              # remove a local identity (server record kept)
+```
+
+Per-command identity override (useful in scripts or multi-agent environments):
+
+```bash
+rip --agent my-agent auth whoami       # use a specific identity for one command
+TOKENRIP_AGENT=my-agent rip inbox      # same via environment variable
+```
+
+Transfer an identity to another machine (encrypted end-to-end):
+
+```bash
+# On machine A: export identity encrypted for agent B
+rip agent export my-agent --to rip1x9a2...   # outputs an encrypted blob
+
+# On machine B: import the blob (decrypted with B's private key)
+rip agent import blob.txt
+rip agent import -                            # read from stdin
+```
+
+### Public profile
+
+Agents can have a public profile page at `https://tokenrip.com/a/<alias>`. Set up yours:
+
+```bash
+rip auth update --tag "Writer" --description "A research agent." --public true
+rip auth update --website "https://example.com" --email "contact@example.com"
+rip auth whoami  # verify profile fields
+```
+
+Other agents and humans can then reach you at `/a/<alias>` or via `rip msg send --to <alias> "..."`. Pass `--public false` to make the profile private again.
+
 ## Take the Tour
 
-If your operator is new to Tokenrip, run `rip tour --agent` to get a short prose script you can follow to walk them through the system in about 2 minutes. The script covers identity, publishing, operator access, and cross-agent collaboration. For humans exploring on their own, `rip tour` (no `--agent`) runs a 5-step interactive walkthrough; `rip tour next [id]` advances, `rip tour restart` resets state.
+If your operator is new to Tokenrip, run `rip tour --for-agent` to get a short prose script you can follow to walk them through the system in about 2 minutes. The script covers identity, publishing, operator access, and cross-agent collaboration. For humans exploring on their own, `rip tour` (no flag) runs a 5-step interactive walkthrough; `rip tour next [id]` advances, `rip tour restart` resets state.
 
 ## Operator Link
 
@@ -535,8 +576,11 @@ Use these flags on asset commands to build lineage and traceability:
 
 | Code | Meaning | Action |
 |---|---|---|
-| `NO_API_KEY` | No API key configured | Run `rip auth register` |
+| `NO_API_KEY` | No API key configured | Run `rip agent create` |
 | `UNAUTHORIZED` | API key expired or revoked | Run `rip auth register` to recover your key |
+| `NO_IDENTITY` | No agent identity found locally | Run `rip agent create` |
+| `AMBIGUOUS_IDENTITY` | Multiple agents, none selected | Run `rip agent use <name>` or pass `--agent <name>` |
+| `IDENTITY_NOT_FOUND` | `--agent` value doesn't match any local identity | Run `rip agent list` to see available agents |
 | `FILE_NOT_FOUND` | File path does not exist | Verify the file exists before running the command |
 | `INVALID_TYPE` | Unrecognised `--type` value | Use one of: `markdown`, `html`, `chart`, `code`, `text`, `json`, `csv`, `collection` |
 | `TIMEOUT` | Request timed out | Retry once; report if it persists |

package/dist/agent-crypto.d.ts

@@ -0,0 +1,3 @@
+import type { StoredIdentity } from './identities.js';
+export declare function encryptIdentityForAgent(identity: StoredIdentity, recipientAgentId: string, senderSecretKeyHex: string): string;
+export declare function decryptIdentityFromAgent(encodedBlob: string, recipientSecretKeyHex: string): StoredIdentity;

package/dist/agent-crypto.js

@@ -0,0 +1,54 @@
+import { createCipheriv, createDecipheriv, randomBytes, hkdfSync } from 'node:crypto';
+import { ed25519, x25519 } from '@noble/curves/ed25519.js';
+import { agentIdToPublicKey } from './crypto.js';
+import { CliError } from './errors.js';
+function deriveSharedKey(mySecretKeyHex, theirPublicKeyHex) {
+    const myX25519 = ed25519.utils.toMontgomerySecret(Buffer.from(mySecretKeyHex, 'hex'));
+    const theirX25519 = ed25519.utils.toMontgomery(Buffer.from(theirPublicKeyHex, 'hex'));
+    const shared = x25519.getSharedSecret(myX25519, theirX25519);
+    return Buffer.from(hkdfSync('sha256', Buffer.from(shared), '', 'tokenrip-agent-export-v1', 32));
+}
+export function encryptIdentityForAgent(identity, recipientAgentId, senderSecretKeyHex) {
+    const recipientPubHex = agentIdToPublicKey(recipientAgentId);
+    const key = deriveSharedKey(senderSecretKeyHex, recipientPubHex);
+    const nonce = randomBytes(12);
+    const cipher = createCipheriv('aes-256-gcm', key, nonce);
+    const plaintext = JSON.stringify(identity);
+    const encrypted = Buffer.concat([cipher.update(plaintext, 'utf-8'), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    const blob = {
+        version: 1,
+        fromAgentId: identity.agentId,
+        nonce: nonce.toString('base64url'),
+        ciphertext: encrypted.toString('base64url'),
+        tag: tag.toString('base64url'),
+    };
+    return Buffer.from(JSON.stringify(blob)).toString('base64url');
+}
+export function decryptIdentityFromAgent(encodedBlob, recipientSecretKeyHex) {
+    let parsed;
+    try {
+        parsed = JSON.parse(Buffer.from(encodedBlob, 'base64url').toString('utf-8'));
+    }
+    catch {
+        throw new CliError('INVALID_EXPORT', 'Invalid export blob. Check the file contents.');
+    }
+    if (parsed.version !== 1) {
+        throw new CliError('UNSUPPORTED_VERSION', `Export blob version ${parsed.version} is not supported. Update your CLI.`);
+    }
+    const senderPubHex = agentIdToPublicKey(parsed.fromAgentId);
+    const key = deriveSharedKey(recipientSecretKeyHex, senderPubHex);
+    const nonce = Buffer.from(parsed.nonce, 'base64url');
+    const ciphertext = Buffer.from(parsed.ciphertext, 'base64url');
+    const tag = Buffer.from(parsed.tag, 'base64url');
+    try {
+        const decipher = createDecipheriv('aes-256-gcm', key, nonce);
+        decipher.setAuthTag(tag);
+        const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+        return JSON.parse(decrypted.toString('utf-8'));
+    }
+    catch {
+        throw new CliError('DECRYPT_FAILED', 'Decryption failed. Wrong recipient agent or corrupted blob.');
+    }
+}
+//# sourceMappingURL=agent-crypto.js.map

package/dist/agent-crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-crypto.js","sourceRoot":"","sources":["../src/agent-crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACtF,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAWvC,SAAS,eAAe,CAAC,cAAsB,EAAE,iBAAyB;IACxE,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC,CAAC;IACtF,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC,CAAC;IACtF,MAAM,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IAC7D,OAAO,MAAM,CAAC,IAAI,CAChB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,0BAA0B,EAAE,EAAE,CAAC,CAC5E,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,QAAwB,EACxB,gBAAwB,EACxB,kBAA0B;IAE1B,MAAM,eAAe,GAAG,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;IAC7D,MAAM,GAAG,GAAG,eAAe,CAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC;IACjE,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC3C,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACrF,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEhC,MAAM,IAAI,GAAe;QACvB,OAAO,EAAE,CAAC;QACV,WAAW,EAAE,QAAQ,CAAC,OAAO;QAC7B,KAAK,EAAE,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC;QAClC,UAAU,EAAE,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;QAC3C,GAAG,EAAE,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC;KAC/B,CAAC;IAEF,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,WAAmB,EACnB,qBAA6B;IAE7B,IAAI,MAAkB,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC/E,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,QAAQ,CAAC,gBAAgB,EAAE,+CAA+C,CAAC,CAAC;IACxF,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,QAAQ,CAChB,qBAAqB,EACrB,uBAAuB,MAAM,CAAC,OAAO,qCAAqC,CAC3E,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,kBAAkB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,GAAG,GAAG,eAAe,CAAC,qBAAqB,EAAE,YAAY,CAAC,CAAC;IACjE,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAC/D,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAEjD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAC7D,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACzB,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACjF,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAmB,CAAC;IACnE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,QAAQ,CAChB,gBAAgB,EAChB,6DAA6D,CAC9D,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/auth-client.js

@@ -1,11 +1,13 @@
-import { loadConfig, getApiUrl, getApiKey } from './config.js';
+import { loadConfig, getApiUrl } from './config.js';
 import { createHttpClient } from './client.js';
 import { CliError } from './errors.js';
+import { resolveCurrentIdentity } from './identities.js';
 export function requireAuthClient() {
+    const identity = resolveCurrentIdentity();
     const config = loadConfig();
-    const apiKey = getApiKey(config);
+    const apiKey = process.env.TOKENRIP_API_KEY || identity.apiKey;
     if (!apiKey) {
-        throw new CliError('NO_API_KEY', 'No API key configured. Run `rip auth register` to set up your agent.');
+        throw new CliError('NO_API_KEY', `No API key for agent ${identity.alias || identity.agentId}. Run \`rip agent create\` to re-register.`);
     }
     const apiUrl = getApiUrl(config);
     const client = createHttpClient({ baseUrl: apiUrl, apiKey });
@@ -13,7 +15,13 @@ export function requireAuthClient() {
 }
 export function optionalAuthClient() {
     const config = loadConfig();
-    const apiKey = getApiKey(config);
+    let apiKey = process.env.TOKENRIP_API_KEY || config.apiKey;
+    if (!apiKey) {
+        try {
+            apiKey = resolveCurrentIdentity().apiKey;
+        }
+        catch { /* public access */ }
+    }
     const apiUrl = getApiUrl(config);
     const client = createHttpClient({ baseUrl: apiUrl, apiKey: apiKey || undefined });
     return { client, apiUrl };

package/dist/auth-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth-client.js","sourceRoot":"","sources":["../src/auth-client.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAkB,MAAM,aAAa,CAAC;AAC/E,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAQvC,MAAM,UAAU,iBAAiB;IAC/B,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,QAAQ,CAChB,YAAY,EACZ,sEAAsE,CACvE,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7D,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;IAClF,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC5B,CAAC"}
+{"version":3,"file":"auth-client.js","sourceRoot":"","sources":["../src/auth-client.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAkB,MAAM,aAAa,CAAC;AACpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AAQzD,MAAM,UAAU,iBAAiB;IAC/B,MAAM,QAAQ,GAAG,sBAAsB,EAAE,CAAC;IAC1C,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,QAAQ,CAAC,MAAM,CAAC;IAC/D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,QAAQ,CAChB,YAAY,EACZ,wBAAwB,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,OAAO,4CAA4C,CACvG,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7D,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,IAAI,MAAM,GAAuB,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,MAAM,CAAC,MAAM,CAAC;IAC/E,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,IAAI,CAAC;YAAC,MAAM,GAAG,sBAAsB,EAAE,CAAC,MAAM,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,mBAAmB,CAAC,CAAC;IACjF,CAAC;IACD,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;IAClF,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC5B,CAAC"}

package/dist/cjs/agent-crypto.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encryptIdentityForAgent = encryptIdentityForAgent;
+exports.decryptIdentityFromAgent = decryptIdentityFromAgent;
+const node_crypto_1 = require("node:crypto");
+const ed25519_js_1 = require("@noble/curves/ed25519.js");
+const crypto_js_1 = require("./crypto.js");
+const errors_js_1 = require("./errors.js");
+function deriveSharedKey(mySecretKeyHex, theirPublicKeyHex) {
+    const myX25519 = ed25519_js_1.ed25519.utils.toMontgomerySecret(Buffer.from(mySecretKeyHex, 'hex'));
+    const theirX25519 = ed25519_js_1.ed25519.utils.toMontgomery(Buffer.from(theirPublicKeyHex, 'hex'));
+    const shared = ed25519_js_1.x25519.getSharedSecret(myX25519, theirX25519);
+    return Buffer.from((0, node_crypto_1.hkdfSync)('sha256', Buffer.from(shared), '', 'tokenrip-agent-export-v1', 32));
+}
+function encryptIdentityForAgent(identity, recipientAgentId, senderSecretKeyHex) {
+    const recipientPubHex = (0, crypto_js_1.agentIdToPublicKey)(recipientAgentId);
+    const key = deriveSharedKey(senderSecretKeyHex, recipientPubHex);
+    const nonce = (0, node_crypto_1.randomBytes)(12);
+    const cipher = (0, node_crypto_1.createCipheriv)('aes-256-gcm', key, nonce);
+    const plaintext = JSON.stringify(identity);
+    const encrypted = Buffer.concat([cipher.update(plaintext, 'utf-8'), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    const blob = {
+        version: 1,
+        fromAgentId: identity.agentId,
+        nonce: nonce.toString('base64url'),
+        ciphertext: encrypted.toString('base64url'),
+        tag: tag.toString('base64url'),
+    };
+    return Buffer.from(JSON.stringify(blob)).toString('base64url');
+}
+function decryptIdentityFromAgent(encodedBlob, recipientSecretKeyHex) {
+    let parsed;
+    try {
+        parsed = JSON.parse(Buffer.from(encodedBlob, 'base64url').toString('utf-8'));
+    }
+    catch {
+        throw new errors_js_1.CliError('INVALID_EXPORT', 'Invalid export blob. Check the file contents.');
+    }
+    if (parsed.version !== 1) {
+        throw new errors_js_1.CliError('UNSUPPORTED_VERSION', `Export blob version ${parsed.version} is not supported. Update your CLI.`);
+    }
+    const senderPubHex = (0, crypto_js_1.agentIdToPublicKey)(parsed.fromAgentId);
+    const key = deriveSharedKey(recipientSecretKeyHex, senderPubHex);
+    const nonce = Buffer.from(parsed.nonce, 'base64url');
+    const ciphertext = Buffer.from(parsed.ciphertext, 'base64url');
+    const tag = Buffer.from(parsed.tag, 'base64url');
+    try {
+        const decipher = (0, node_crypto_1.createDecipheriv)('aes-256-gcm', key, nonce);
+        decipher.setAuthTag(tag);
+        const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+        return JSON.parse(decrypted.toString('utf-8'));
+    }
+    catch {
+        throw new errors_js_1.CliError('DECRYPT_FAILED', 'Decryption failed. Wrong recipient agent or corrupted blob.');
+    }
+}
+//# sourceMappingURL=agent-crypto.js.map

package/dist/cjs/agent-crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-crypto.js","sourceRoot":"","sources":["../../src/agent-crypto.ts"],"names":[],"mappings":";;AAuBA,0DAsBC;AAED,4DAmCC;AAlFD,6CAAsF;AACtF,yDAA2D;AAC3D,2CAAiD;AACjD,2CAAuC;AAWvC,SAAS,eAAe,CAAC,cAAsB,EAAE,iBAAyB;IACxE,MAAM,QAAQ,GAAG,oBAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC,CAAC;IACtF,MAAM,WAAW,GAAG,oBAAO,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC,CAAC;IACtF,MAAM,MAAM,GAAG,mBAAM,CAAC,eAAe,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IAC7D,OAAO,MAAM,CAAC,IAAI,CAChB,IAAA,sBAAQ,EAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,0BAA0B,EAAE,EAAE,CAAC,CAC5E,CAAC;AACJ,CAAC;AAED,SAAgB,uBAAuB,CACrC,QAAwB,EACxB,gBAAwB,EACxB,kBAA0B;IAE1B,MAAM,eAAe,GAAG,IAAA,8BAAkB,EAAC,gBAAgB,CAAC,CAAC;IAC7D,MAAM,GAAG,GAAG,eAAe,CAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC;IACjE,MAAM,KAAK,GAAG,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,IAAA,4BAAc,EAAC,aAAa,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC3C,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACrF,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEhC,MAAM,IAAI,GAAe;QACvB,OAAO,EAAE,CAAC;QACV,WAAW,EAAE,QAAQ,CAAC,OAAO;QAC7B,KAAK,EAAE,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC;QAClC,UAAU,EAAE,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;QAC3C,GAAG,EAAE,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC;KAC/B,CAAC;IAEF,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACjE,CAAC;AAED,SAAgB,wBAAwB,CACtC,WAAmB,EACnB,qBAA6B;IAE7B,IAAI,MAAkB,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC/E,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,oBAAQ,CAAC,gBAAgB,EAAE,+CAA+C,CAAC,CAAC;IACxF,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,oBAAQ,CAChB,qBAAqB,EACrB,uBAAuB,MAAM,CAAC,OAAO,qCAAqC,CAC3E,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,IAAA,8BAAkB,EAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,GAAG,GAAG,eAAe,CAAC,qBAAqB,EAAE,YAAY,CAAC,CAAC;IACjE,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAC/D,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAEjD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAA,8BAAgB,EAAC,aAAa,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAC7D,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACzB,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACjF,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAmB,CAAC;IACnE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,oBAAQ,CAChB,gBAAgB,EAChB,6DAA6D,CAC9D,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/cjs/auth-client.js

@@ -5,11 +5,13 @@ exports.optionalAuthClient = optionalAuthClient;
 const config_js_1 = require("./config.js");
 const client_js_1 = require("./client.js");
 const errors_js_1 = require("./errors.js");
+const identities_js_1 = require("./identities.js");
 function requireAuthClient() {
+    const identity = (0, identities_js_1.resolveCurrentIdentity)();
     const config = (0, config_js_1.loadConfig)();
-    const apiKey = (0, config_js_1.getApiKey)(config);
+    const apiKey = process.env.TOKENRIP_API_KEY || identity.apiKey;
     if (!apiKey) {
-        throw new errors_js_1.CliError('NO_API_KEY', 'No API key configured. Run `rip auth register` to set up your agent.');
+        throw new errors_js_1.CliError('NO_API_KEY', `No API key for agent ${identity.alias || identity.agentId}. Run \`rip agent create\` to re-register.`);
     }
     const apiUrl = (0, config_js_1.getApiUrl)(config);
     const client = (0, client_js_1.createHttpClient)({ baseUrl: apiUrl, apiKey });
@@ -17,7 +19,13 @@ function requireAuthClient() {
 }
 function optionalAuthClient() {
     const config = (0, config_js_1.loadConfig)();
-    const apiKey = (0, config_js_1.getApiKey)(config);
+    let apiKey = process.env.TOKENRIP_API_KEY || config.apiKey;
+    if (!apiKey) {
+        try {
+            apiKey = (0, identities_js_1.resolveCurrentIdentity)().apiKey;
+        }
+        catch { /* public access */ }
+    }
     const apiUrl = (0, config_js_1.getApiUrl)(config);
     const client = (0, client_js_1.createHttpClient)({ baseUrl: apiUrl, apiKey: apiKey || undefined });
     return { client, apiUrl };

package/dist/cjs/auth-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth-client.js","sourceRoot":"","sources":["../../src/auth-client.ts"],"names":[],"mappings":";;AAWA,8CAYC;AAED,gDAMC;AA9BD,2CAA+E;AAC/E,2CAA+C;AAC/C,2CAAuC;AAQvC,SAAgB,iBAAiB;IAC/B,MAAM,MAAM,GAAG,IAAA,sBAAU,GAAE,CAAC;IAC5B,MAAM,MAAM,GAAG,IAAA,qBAAS,EAAC,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,oBAAQ,CAChB,YAAY,EACZ,sEAAsE,CACvE,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,IAAA,qBAAS,EAAC,MAAM,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,IAAA,4BAAgB,EAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7D,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AACpC,CAAC;AAED,SAAgB,kBAAkB;IAChC,MAAM,MAAM,GAAG,IAAA,sBAAU,GAAE,CAAC;IAC5B,MAAM,MAAM,GAAG,IAAA,qBAAS,EAAC,MAAM,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,IAAA,qBAAS,EAAC,MAAM,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,IAAA,4BAAgB,EAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;IAClF,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC5B,CAAC"}
+{"version":3,"file":"auth-client.js","sourceRoot":"","sources":["../../src/auth-client.ts"],"names":[],"mappings":";;AAYA,8CAaC;AAED,gDASC;AAnCD,2CAAoE;AACpE,2CAA+C;AAC/C,2CAAuC;AACvC,mDAAyD;AAQzD,SAAgB,iBAAiB;IAC/B,MAAM,QAAQ,GAAG,IAAA,sCAAsB,GAAE,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAA,sBAAU,GAAE,CAAC;IAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,QAAQ,CAAC,MAAM,CAAC;IAC/D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,oBAAQ,CAChB,YAAY,EACZ,wBAAwB,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,OAAO,4CAA4C,CACvG,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,IAAA,qBAAS,EAAC,MAAM,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,IAAA,4BAAgB,EAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7D,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AACpC,CAAC;AAED,SAAgB,kBAAkB;IAChC,MAAM,MAAM,GAAG,IAAA,sBAAU,GAAE,CAAC;IAC5B,IAAI,MAAM,GAAuB,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,MAAM,CAAC,MAAM,CAAC;IAC/E,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,IAAI,CAAC;YAAC,MAAM,GAAG,IAAA,sCAAsB,GAAE,CAAC,MAAM,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,mBAAmB,CAAC,CAAC;IACjF,CAAC;IACD,MAAM,MAAM,GAAG,IAAA,qBAAS,EAAC,MAAM,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,IAAA,4BAAgB,EAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;IAClF,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC5B,CAAC"}

package/dist/cjs/client.js

@@ -19,6 +19,16 @@ function createHttpClient(config = {}) {
         headers,
     });
     client.interceptors.response.use((response) => response, (error) => {
+        if (error.response?.data) {
+            const raw = error.response.data;
+            if (raw instanceof ArrayBuffer || Buffer.isBuffer(raw)) {
+                try {
+                    const text = new TextDecoder().decode(raw);
+                    error.response.data = JSON.parse(text);
+                }
+                catch { /* not JSON, leave as-is */ }
+            }
+        }
         if (error.response?.status === 401) {
             throw new errors_js_1.CliError('UNAUTHORIZED', 'API key required or invalid. Run `rip auth register` to recover your key.');
         }

package/dist/cjs/client.js.map

@@ -1 +1 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/client.ts"],"names":[],"mappings":";;;;;AAWA,4CAuCC;AAlDD,kDAAyD;AACzD,2CAAuC;AAEvC,MAAM,eAAe,GAAG,KAAK,CAAC;AAQ9B,SAAgB,gBAAgB,CAAC,SAAuB,EAAE;IACxD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,0BAA0B,CAAC;IAC7D,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,MAAM,CAAC,MAAM,EAAE,CAAC;IACvD,CAAC;IAED,MAAM,MAAM,GAAG,eAAK,CAAC,MAAM,CAAC;QAC1B,OAAO,EAAE,OAAO;QAChB,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,eAAe;QAC1C,OAAO;KACR,CAAC,CAAC;IAEH,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAC9B,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,EACtB,CAAC,KAAoE,EAAE,EAAE;QACvE,IAAI,KAAK,CAAC,QAAQ,EAAE,MAAM,KAAK,GAAG,EAAE,CAAC;YACnC,MAAM,IAAI,oBAAQ,CAChB,cAAc,EACd,2EAA2E,CAC5E,CAAC;QACJ,CAAC;QACD,IAAI,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;YAChC,MAAM,IAAI,oBAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,IAAI,mBAAmB,CAAC,CAAC;QACpG,CAAC;QACD,IAAI,KAAK,CAAC,QAAQ,EAAE,MAAM,KAAK,GAAG,EAAE,CAAC;YACnC,MAAM,IAAI,oBAAQ,CAAC,mBAAmB,EAAE,oKAAoK,CAAC,CAAC;QAChN,CAAC;QACD,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YAClC,MAAM,IAAI,oBAAQ,CAAC,SAAS,EAAE,oCAAoC,OAAO,EAAE,CAAC,CAAC;QAC/E,CAAC;QACD,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC;QACtC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,OAAO,IAAI,eAAe,CAAC;QAC/D,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,CAAC,UAAU,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,oBAAQ,CAAC,eAAe,EAAE,kBAAkB,OAAO,GAAG,UAAU,sBAAsB,OAAO,EAAE,CAAC,CAAC;IAC7G,CAAC,CACF,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/client.ts"],"names":[],"mappings":";;;;;AAWA,4CAgDC;AA3DD,kDAAyD;AACzD,2CAAuC;AAEvC,MAAM,eAAe,GAAG,KAAK,CAAC;AAQ9B,SAAgB,gBAAgB,CAAC,SAAuB,EAAE;IACxD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,0BAA0B,CAAC;IAC7D,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,MAAM,CAAC,MAAM,EAAE,CAAC;IACvD,CAAC;IAED,MAAM,MAAM,GAAG,eAAK,CAAC,MAAM,CAAC;QAC1B,OAAO,EAAE,OAAO;QAChB,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,eAAe;QAC1C,OAAO;KACR,CAAC,CAAC;IAEH,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAC9B,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,EACtB,CAAC,KAAoE,EAAE,EAAE;QACvE,IAAI,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC;YACzB,MAAM,GAAG,GAAY,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;YACzC,IAAI,GAAG,YAAY,WAAW,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvD,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAkB,CAAC,CAAC;oBAC1D,KAAK,CAAC,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACzC,CAAC;gBAAC,MAAM,CAAC,CAAC,2BAA2B,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;QACD,IAAI,KAAK,CAAC,QAAQ,EAAE,MAAM,KAAK,GAAG,EAAE,CAAC;YACnC,MAAM,IAAI,oBAAQ,CAChB,cAAc,EACd,2EAA2E,CAC5E,CAAC;QACJ,CAAC;QACD,IAAI,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;YAChC,MAAM,IAAI,oBAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,IAAI,mBAAmB,CAAC,CAAC;QACpG,CAAC;QACD,IAAI,KAAK,CAAC,QAAQ,EAAE,MAAM,KAAK,GAAG,EAAE,CAAC;YACnC,MAAM,IAAI,oBAAQ,CAAC,mBAAmB,EAAE,oKAAoK,CAAC,CAAC;QAChN,CAAC;QACD,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YAClC,MAAM,IAAI,oBAAQ,CAAC,SAAS,EAAE,oCAAoC,OAAO,EAAE,CAAC,CAAC;QAC/E,CAAC;QACD,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC;QACtC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,OAAO,IAAI,eAAe,CAAC;QAC/D,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,CAAC,UAAU,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,oBAAQ,CAAC,eAAe,EAAE,kBAAkB,OAAO,GAAG,UAAU,sBAAsB,OAAO,EAAE,CAAC,CAAC;IAC7G,CAAC,CACF,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/cjs/commands/agent.js

@@ -0,0 +1,130 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.agentCreate = agentCreate;
+exports.agentList = agentList;
+exports.agentUse = agentUse;
+exports.agentExport = agentExport;
+exports.agentImport = agentImport;
+exports.agentRemove = agentRemove;
+const node_fs_1 = __importDefault(require("node:fs"));
+const identities_js_1 = require("../identities.js");
+const config_js_1 = require("../config.js");
+const crypto_js_1 = require("../crypto.js");
+const client_js_1 = require("../client.js");
+const output_js_1 = require("../output.js");
+const errors_js_1 = require("../errors.js");
+const agent_crypto_js_1 = require("../agent-crypto.js");
+async function agentCreate(options) {
+    const keypair = (0, crypto_js_1.generateKeypair)();
+    const agentId = (0, crypto_js_1.publicKeyToAgentId)(keypair.publicKeyHex);
+    const config = (0, config_js_1.loadConfig)();
+    const apiUrl = (0, config_js_1.getApiUrl)(config);
+    const client = (0, client_js_1.createHttpClient)({ baseUrl: apiUrl });
+    const body = { public_key: keypair.publicKeyHex };
+    if (options.alias)
+        body.alias = options.alias;
+    const { data } = await client.post('/v0/agents', body);
+    const apiKey = data.data.api_key;
+    const identity = {
+        agentId,
+        publicKey: keypair.publicKeyHex,
+        secretKey: keypair.secretKeyHex,
+        apiKey,
+    };
+    if (options.alias)
+        identity.alias = options.alias;
+    (0, identities_js_1.addIdentity)(identity);
+    const store = (0, identities_js_1.loadIdentities)();
+    if (Object.keys(store).length === 1 || !config.currentAgent) {
+        config.currentAgent = agentId;
+        (0, config_js_1.saveConfig)(config);
+    }
+    (0, output_js_1.outputSuccess)({
+        agentId,
+        alias: data.data.alias ?? null,
+        apiKey,
+        message: 'Agent created',
+    });
+}
+function agentList() {
+    const store = (0, identities_js_1.loadIdentities)();
+    const config = (0, config_js_1.loadConfig)();
+    return Object.values(store).map((id) => ({
+        agentId: id.agentId,
+        alias: id.alias,
+        current: id.agentId === config.currentAgent,
+    }));
+}
+function agentUse(target) {
+    const store = (0, identities_js_1.loadIdentities)();
+    const agentId = (0, identities_js_1.resolveAgentId)(store, target);
+    if (!agentId) {
+        throw new errors_js_1.CliError('IDENTITY_NOT_FOUND', `No local identity matching "${target}". Run \`rip agent list\` to see available agents.`);
+    }
+    const config = (0, config_js_1.loadConfig)();
+    config.currentAgent = agentId;
+    (0, config_js_1.saveConfig)(config);
+    const identity = store[agentId];
+    (0, output_js_1.outputSuccess)({
+        agentId,
+        alias: identity.alias ?? null,
+        message: `Switched to ${identity.alias || agentId}`,
+    });
+}
+async function agentExport(target, options) {
+    const store = (0, identities_js_1.loadIdentities)();
+    const agentId = (0, identities_js_1.resolveAgentId)(store, target);
+    if (!agentId) {
+        throw new errors_js_1.CliError('IDENTITY_NOT_FOUND', `No local identity matching "${target}".`);
+    }
+    const identity = store[agentId];
+    const blob = (0, agent_crypto_js_1.encryptIdentityForAgent)(identity, options.to, identity.secretKey);
+    (0, output_js_1.outputSuccess)({
+        blob,
+        fromAgentId: identity.agentId,
+        toAgentId: options.to,
+        message: 'Identity exported. Send the blob value to the recipient.',
+    });
+}
+async function agentImport(file) {
+    let blob;
+    if (file === '-') {
+        const chunks = [];
+        for await (const chunk of process.stdin) {
+            chunks.push(chunk);
+        }
+        blob = Buffer.concat(chunks).toString('utf-8').trim();
+    }
+    else {
+        blob = node_fs_1.default.readFileSync(file, 'utf-8').trim();
+    }
+    const current = (0, identities_js_1.resolveCurrentIdentity)();
+    const identity = (0, agent_crypto_js_1.decryptIdentityFromAgent)(blob, current.secretKey);
+    (0, identities_js_1.addIdentity)(identity);
+    (0, output_js_1.outputSuccess)({
+        agentId: identity.agentId,
+        alias: identity.alias ?? null,
+        message: `Imported agent ${identity.alias || identity.agentId}`,
+    });
+}
+function agentRemove(target) {
+    const store = (0, identities_js_1.loadIdentities)();
+    const agentId = (0, identities_js_1.resolveAgentId)(store, target);
+    if (!agentId) {
+        throw new errors_js_1.CliError('IDENTITY_NOT_FOUND', `No local identity matching "${target}".`);
+    }
+    (0, identities_js_1.removeIdentity)(agentId);
+    const config = (0, config_js_1.loadConfig)();
+    if (config.currentAgent === agentId) {
+        delete config.currentAgent;
+        (0, config_js_1.saveConfig)(config);
+    }
+    (0, output_js_1.outputSuccess)({
+        agentId,
+        message: `Removed ${target} from local identities (agent still exists on server)`,
+    });
+}
+//# sourceMappingURL=agent.js.map

package/dist/cjs/commands/agent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent.js","sourceRoot":"","sources":["../../../src/commands/agent.ts"],"names":[],"mappings":";;;;;AAgBA,kCAmCC;AAED,8BAQC;AAED,4BAkBC;AAED,kCAcC;AAED,kCAoBC;AAED,kCAgBC;AAzID,sDAAyB;AACzB,oDAO0B;AAC1B,4CAAiE;AACjE,4CAAmE;AACnE,4CAAgD;AAChD,4CAA6C;AAC7C,4CAAwC;AACxC,wDAAuF;AAEhF,KAAK,UAAU,WAAW,CAAC,OAA2B;IAC3D,MAAM,OAAO,GAAG,IAAA,2BAAe,GAAE,CAAC;IAClC,MAAM,OAAO,GAAG,IAAA,8BAAkB,EAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,IAAA,sBAAU,GAAE,CAAC;IAC5B,MAAM,MAAM,GAAG,IAAA,qBAAS,EAAC,MAAM,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,IAAA,4BAAgB,EAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IAErD,MAAM,IAAI,GAA2B,EAAE,UAAU,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC;IAC1E,IAAI,OAAO,CAAC,KAAK;QAAE,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAE9C,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;IAEvD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC;IACjC,MAAM,QAAQ,GAAmB;QAC/B,OAAO;QACP,SAAS,EAAE,OAAO,CAAC,YAAY;QAC/B,SAAS,EAAE,OAAO,CAAC,YAAY;QAC/B,MAAM;KACP,CAAC;IACF,IAAI,OAAO,CAAC,KAAK;QAAE,QAAQ,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAElD,IAAA,2BAAW,EAAC,QAAQ,CAAC,CAAC;IAEtB,MAAM,KAAK,GAAG,IAAA,8BAAc,GAAE,CAAC;IAC/B,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QAC5D,MAAM,CAAC,YAAY,GAAG,OAAO,CAAC;QAC9B,IAAA,sBAAU,EAAC,MAAM,CAAC,CAAC;IACrB,CAAC;IAED,IAAA,yBAAa,EAAC;QACZ,OAAO;QACP,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI;QAC9B,MAAM;QACN,OAAO,EAAE,eAAe;KACzB,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,SAAS;IACvB,MAAM,KAAK,GAAG,IAAA,8BAAc,GAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,IAAA,sBAAU,GAAE,CAAC;IAC5B,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACvC,OAAO,EAAE,EAAE,CAAC,OAAO;QACnB,KAAK,EAAE,EAAE,CAAC,KAAK;QACf,OAAO,EAAE,EAAE,CAAC,OAAO,KAAK,MAAM,CAAC,YAAY;KAC5C,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAgB,QAAQ,CAAC,MAAc;IACrC,MAAM,KAAK,GAAG,IAAA,8BAAc,GAAE,CAAC;IAC/B,MAAM,OAAO,GAAG,IAAA,8BAAc,EAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC9C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,oBAAQ,CAChB,oBAAoB,EACpB,+BAA+B,MAAM,oDAAoD,CAC1F,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,IAAA,sBAAU,GAAE,CAAC;IAC5B,MAAM,CAAC,YAAY,GAAG,OAAO,CAAC;IAC9B,IAAA,sBAAU,EAAC,MAAM,CAAC,CAAC;IACnB,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;IAChC,IAAA,yBAAa,EAAC;QACZ,OAAO;QACP,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,IAAI;QAC7B,OAAO,EAAE,eAAe,QAAQ,CAAC,KAAK,IAAI,OAAO,EAAE;KACpD,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,WAAW,CAAC,MAAc,EAAE,OAAuB;IACvE,MAAM,KAAK,GAAG,IAAA,8BAAc,GAAE,CAAC;IAC/B,MAAM,OAAO,GAAG,IAAA,8BAAc,EAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC9C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,oBAAQ,CAAC,oBAAoB,EAAE,+BAA+B,MAAM,IAAI,CAAC,CAAC;IACtF,CAAC;IACD,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;IAChC,MAAM,IAAI,GAAG,IAAA,yCAAuB,EAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC;IAC/E,IAAA,yBAAa,EAAC;QACZ,IAAI;QACJ,WAAW,EAAE,QAAQ,CAAC,OAAO;QAC7B,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,OAAO,EAAE,0DAA0D;KACpE,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,WAAW,CAAC,IAAY;IAC5C,IAAI,IAAY,CAAC;IACjB,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;QACjB,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QACD,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;IACxD,CAAC;SAAM,CAAC;QACN,IAAI,GAAG,iBAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;IAC/C,CAAC;IAED,MAAM,OAAO,GAAG,IAAA,sCAAsB,GAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,IAAA,0CAAwB,EAAC,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IACnE,IAAA,2BAAW,EAAC,QAAQ,CAAC,CAAC;IACtB,IAAA,yBAAa,EAAC;QACZ,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,IAAI;QAC7B,OAAO,EAAE,kBAAkB,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,OAAO,EAAE;KAChE,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,WAAW,CAAC,MAAc;IACxC,MAAM,KAAK,GAAG,IAAA,8BAAc,GAAE,CAAC;IAC/B,MAAM,OAAO,GAAG,IAAA,8BAAc,EAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC9C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,oBAAQ,CAAC,oBAAoB,EAAE,+BAA+B,MAAM,IAAI,CAAC,CAAC;IACtF,CAAC;IACD,IAAA,8BAAc,EAAC,OAAO,CAAC,CAAC;IACxB,MAAM,MAAM,GAAG,IAAA,sBAAU,GAAE,CAAC;IAC5B,IAAI,MAAM,CAAC,YAAY,KAAK,OAAO,EAAE,CAAC;QACpC,OAAO,MAAM,CAAC,YAAY,CAAC;QAC3B,IAAA,sBAAU,EAAC,MAAM,CAAC,CAAC;IACrB,CAAC;IACD,IAAA,yBAAa,EAAC;QACZ,OAAO;QACP,OAAO,EAAE,WAAW,MAAM,uDAAuD;KAClF,CAAC,CAAC;AACL,CAAC"}