agent-bootstrap 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Jeletor
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,145 @@
+# agent-bootstrap
+
+One command to bootstrap an AI agent with Nostr identity, Lightning wallet, ai.wot trust, and DVM service announcement.
+
+The "create-react-app" for the agent economy.
+
+## What it does
+
+```
+agent-bootstrap init --name "My Agent" --nwc "nostr+walletconnect://..." --dvm
+```
+
+In one command:
+1. 🔑 **Generates Nostr keys** (nsec/npub) with secure file permissions (600)
+2. 👤 **Publishes profile** to 4 relays (damus, nos.lol, primal, snort)
+3. ⚡ **Configures Lightning wallet** via NWC (Nostr Wallet Connect)
+4. 🤝 **Sets up ai.wot trust** — ready to receive attestations
+5. 🤖 **Registers as a DVM** (kind 31990 service announcement)
+
+## Install
+
+```bash
+npm install -g agent-bootstrap
+```
+
+## Usage
+
+### Bootstrap a new agent
+
+```bash
+# Minimal — just identity
+agent-bootstrap init --name "My Agent"
+
+# With wallet
+agent-bootstrap init --name "My Agent" --nwc "nostr+walletconnect://relay.example?secret=..."
+
+# Full stack — identity + wallet + DVM
+agent-bootstrap init --name "My Agent" \
+  --about "A helpful AI agent" \
+  --nwc "nostr+walletconnect://relay.example?secret=..." \
+  --dvm \
+  --dvm-price 21
+
+# Custom relays
+agent-bootstrap init --name "My Agent" \
+  --relays "wss://relay.damus.io,wss://nos.lol"
+
+# Generate keys without publishing
+agent-bootstrap init --name "My Agent" --skip-publish
+```
+
+### Check status
+
+```bash
+agent-bootstrap status ./agent-identity
+```
+
+### Verify everything works
+
+```bash
+agent-bootstrap verify ./agent-identity
+```
+
+Checks:
+- ✅ Keys exist and are valid
+- ✅ Key file permissions are secure (600)
+- ✅ Profile found on relays
+- ✅ Wallet config present
+- ✅ Trust score reachable via ai.wot API
+
+### JSON output
+
+```bash
+agent-bootstrap init --name "My Agent" --json
+agent-bootstrap status ./agent-identity --json
+```
+
+## What it creates
+
+```
+agent-identity/
+├── nostr-keys.json          # Nostr keypair (600 permissions)
+├── wallet-config.json       # NWC connection (600 permissions)
+└── bootstrap-manifest.json  # Full bootstrap record
+```
+
+## Programmatic API
+
+```javascript
+const { bootstrap, status, verify, generateKeys } = require('agent-bootstrap');
+
+// Generate keys only
+const keys = generateKeys();
+console.log(keys.npub, keys.pubkey);
+
+// Full bootstrap
+const result = await bootstrap({
+  name: 'My Agent',
+  about: 'A helpful AI',
+  nwcUrl: 'nostr+walletconnect://...',
+  dir: './my-agent',
+  relays: ['wss://relay.damus.io', 'wss://nos.lol'],
+  dvm: true,
+  dvmKind: 5050,
+  dvmPrice: 21,
+});
+
+// Check status
+const s = await status('./my-agent');
+
+// Verify
+const v = await verify('./my-agent');
+console.log(`${v.passed}/${v.total} checks passed`);
+```
+
+## The Agent Economy Stack
+
+agent-bootstrap is the entry point. Once bootstrapped, your agent can use:
+
+| Package | Purpose |
+|---------|---------|
+| [ai-wot](https://github.com/jeletor/ai-wot) | Trust — earn reputation through attestations |
+| [agent-discovery](https://github.com/jeletor/agent-discovery) | Discovery — publish and find agent services |
+| [lightning-agent](https://github.com/jeletor/lightning-agent) | Payments — send and receive Lightning |
+| [login-with-lightning](https://github.com/jeletor/login-with-lightning) | Auth — LNURL-auth for agents |
+| [lightning-toll](https://github.com/jeletor/lightning-toll) | Monetize — L402 paywalls for APIs |
+| [agent-escrow](https://github.com/jeletor/agent-escrow) | Escrow — safe agent-to-agent transactions |
+| [agent-test-kit](https://github.com/jeletor/agent-test-kit) | Testing — mock relays and wallets |
+
+The flow: **bootstrap** → discover → trust → pay → deliver → attest → repeat.
+
+## Dependencies
+
+- `nostr-tools` — Nostr key generation and event signing
+- `ws` — WebSocket for relay connections
+
+Zero other dependencies.
+
+## License
+
+MIT
+
+## Author
+
+Built by [Jeletor](https://jeletor.com) 🌀

package/package.json

@@ -0,0 +1,29 @@
+{
+  "name": "agent-bootstrap",
+  "version": "0.1.0",
+  "description": "One command to bootstrap an AI agent with Nostr identity, Lightning wallet, ai.wot trust, DVM announcement, and monitoring",
+  "main": "src/index.cjs",
+  "bin": {
+    "agent-bootstrap": "src/cli.cjs"
+  },
+  "scripts": {
+    "test": "node test/run.cjs"
+  },
+  "keywords": [
+    "ai",
+    "agent",
+    "nostr",
+    "lightning",
+    "bootstrap",
+    "identity",
+    "wallet",
+    "trust",
+    "dvm"
+  ],
+  "author": "Jeletor <jeletor@jeletor.com>",
+  "license": "MIT",
+  "dependencies": {
+    "nostr-tools": "^2.11.0",
+    "ws": "^8.18.0"
+  }
+}

package/src/cli.cjs

@@ -0,0 +1,191 @@
+#!/usr/bin/env node
+// agent-bootstrap CLI — one command to set up an AI agent on Nostr + Lightning
+
+const { bootstrap, status, verify } = require('./index.cjs');
+const path = require('path');
+const fs = require('fs');
+
+const HELP = `
+agent-bootstrap — Set up an AI agent with identity, wallet, trust, and services
+
+Usage:
+  agent-bootstrap init [options]     Bootstrap a new agent
+  agent-bootstrap status [dir]       Check bootstrap status
+  agent-bootstrap verify [dir]       Verify all components work
+  agent-bootstrap help               Show this help
+
+Init options:
+  --name <name>         Agent display name (required)
+  --about <bio>         Agent bio/description
+  --nwc <url>           NWC connection string (for Lightning wallet)
+  --dir <path>          Output directory (default: ./agent-identity)
+  --relays <urls>       Comma-separated relay URLs
+  --dvm                 Register as a DVM (kind 5050 text generation)
+  --dvm-kind <kind>     DVM kind number (default: 5050)
+  --dvm-price <sats>    DVM price in sats (default: 21)
+  --skip-publish        Generate keys but don't publish to relays
+  --json                Output results as JSON
+
+Examples:
+  agent-bootstrap init --name "My Agent" --about "A helpful AI"
+  agent-bootstrap init --name "My Agent" --nwc "nostr+walletconnect://..." --dvm
+  agent-bootstrap status ./agent-identity
+  agent-bootstrap verify ./agent-identity
+`;
+
+async function main() {
+  const args = process.argv.slice(2);
+  const cmd = args[0];
+
+  if (!cmd || cmd === 'help' || cmd === '--help' || cmd === '-h') {
+    console.log(HELP);
+    process.exit(0);
+  }
+
+  // Parse flags
+  function getFlag(name) {
+    const idx = args.indexOf('--' + name);
+    if (idx === -1) return undefined;
+    return args[idx + 1];
+  }
+  function hasFlag(name) {
+    return args.includes('--' + name);
+  }
+
+  if (cmd === 'init') {
+    const name = getFlag('name');
+    if (!name) {
+      console.error('Error: --name is required');
+      process.exit(1);
+    }
+
+    const opts = {
+      name,
+      about: getFlag('about') || `${name} — AI agent on Nostr`,
+      nwcUrl: getFlag('nwc'),
+      dir: getFlag('dir') || './agent-identity',
+      relays: getFlag('relays')
+        ? getFlag('relays').split(',').map(s => s.trim())
+        : ['wss://relay.damus.io', 'wss://nos.lol', 'wss://relay.primal.net', 'wss://relay.snort.social'],
+      dvm: hasFlag('dvm'),
+      dvmKind: parseInt(getFlag('dvm-kind') || '5050', 10),
+      dvmPrice: parseInt(getFlag('dvm-price') || '21', 10),
+      skipPublish: hasFlag('skip-publish'),
+      json: hasFlag('json'),
+    };
+
+    try {
+      const result = await bootstrap(opts);
+      if (opts.json) {
+        console.log(JSON.stringify(result, null, 2));
+      } else {
+        printResult(result);
+      }
+    } catch (err) {
+      console.error('Bootstrap failed:', err.message);
+      process.exit(1);
+    }
+  } else if (cmd === 'status') {
+    const dir = args[1] || './agent-identity';
+    const result = await status(dir);
+    if (hasFlag('json')) {
+      console.log(JSON.stringify(result, null, 2));
+    } else {
+      printStatus(result);
+    }
+  } else if (cmd === 'verify') {
+    const dir = args[1] || './agent-identity';
+    const result = await verify(dir);
+    if (hasFlag('json')) {
+      console.log(JSON.stringify(result, null, 2));
+    } else {
+      printVerify(result);
+    }
+  } else {
+    console.error(`Unknown command: ${cmd}`);
+    console.log(HELP);
+    process.exit(1);
+  }
+}
+
+function printResult(r) {
+  console.log('');
+  console.log('╔══════════════════════════════════════════════════════╗');
+  console.log('║   agent-bootstrap — Setup Complete                   ║');
+  console.log('╚══════════════════════════════════════════════════════╝');
+  console.log('');
+  console.log('  🔑 Identity');
+  console.log(`     Name:    ${r.identity.name}`);
+  console.log(`     npub:    ${r.identity.npub}`);
+  console.log(`     Pubkey:  ${r.identity.pubkeyHex}`);
+  console.log(`     Keys:    ${r.identity.keysFile}`);
+  console.log('');
+
+  if (r.profile) {
+    console.log('  👤 Profile');
+    console.log(`     Published to ${r.profile.relays} relay(s)`);
+    console.log('');
+  }
+
+  if (r.wallet) {
+    console.log('  ⚡ Wallet');
+    console.log(`     NWC:     Connected`);
+    console.log(`     Config:  ${r.wallet.configFile}`);
+    console.log('');
+  }
+
+  if (r.trust) {
+    console.log('  🤝 Trust (ai.wot)');
+    console.log(`     Ready for attestations`);
+    console.log(`     Score:   https://wot.jeletor.cc/v1/score/${r.identity.pubkeyHex}`);
+    console.log('');
+  }
+
+  if (r.dvm) {
+    console.log('  🤖 DVM');
+    console.log(`     Kind:    ${r.dvm.kind}`);
+    console.log(`     Price:   ${r.dvm.price} sats`);
+    console.log(`     Published to ${r.dvm.relays} relay(s)`);
+    console.log('');
+  }
+
+  console.log('  📁 Files saved to: ' + r.dir);
+  console.log('');
+  console.log('  Next steps:');
+  console.log('    1. Keep your keys file safe (it contains your secret key)');
+  if (!r.wallet) {
+    console.log('    2. Connect a wallet: agent-bootstrap init --nwc "nostr+walletconnect://..."');
+  }
+  console.log('    3. Start receiving attestations: share your npub with other agents');
+  console.log('    4. Check your trust score: curl https://wot.jeletor.cc/v1/score/' + r.identity.pubkeyHex);
+  console.log('');
+}
+
+function printStatus(s) {
+  console.log('');
+  console.log('  Agent Status: ' + s.dir);
+  console.log('  ─────────────────────────────');
+  console.log(`  🔑 Identity:  ${s.identity ? '✅ ' + s.identity.npub : '❌ Not found'}`);
+  console.log(`  👤 Profile:   ${s.profile ? '✅ Published' : '❌ Not published'}`);
+  console.log(`  ⚡ Wallet:    ${s.wallet ? '✅ Configured' : '❌ Not configured'}`);
+  console.log(`  🤖 DVM:       ${s.dvm ? '✅ Registered' : '⬜ Not registered'}`);
+  console.log('');
+}
+
+function printVerify(v) {
+  console.log('');
+  console.log('  Verification Results');
+  console.log('  ─────────────────────────────');
+  for (const check of v.checks) {
+    const icon = check.ok ? '✅' : '❌';
+    console.log(`  ${icon} ${check.name}: ${check.message}`);
+  }
+  console.log('');
+  console.log(`  ${v.passed}/${v.total} checks passed`);
+  console.log('');
+}
+
+main().catch(err => {
+  console.error('Fatal:', err.message);
+  process.exit(1);
+});

package/src/index.cjs

@@ -0,0 +1,352 @@
+// agent-bootstrap — core library
+// Generates Nostr identity, publishes profile, configures wallet, registers DVM, sets up ai.wot
+
+const crypto = require('crypto');
+const fs = require('fs');
+const path = require('path');
+
+// ─── Key Generation ─────────────────────────────────────────────
+
+function generateKeys() {
+  const { generateSecretKey, getPublicKey } = require('nostr-tools/pure');
+  const { nip19 } = require('nostr-tools');
+
+  const secretKey = generateSecretKey();
+  const pubkey = getPublicKey(secretKey);
+  const secretKeyHex = Buffer.from(secretKey).toString('hex');
+  const nsec = nip19.nsecEncode(secretKey);
+  const npub = nip19.npubEncode(pubkey);
+
+  return { secretKey, secretKeyHex, pubkey, nsec, npub };
+}
+
+// ─── Profile Publishing ─────────────────────────────────────────
+
+async function publishProfile(keys, opts) {
+  const { Relay, useWebSocketImplementation } = require('nostr-tools/relay');
+  const { finalizeEvent } = require('nostr-tools/pure');
+  const WebSocket = require('ws');
+  useWebSocketImplementation(WebSocket);
+
+  const metadata = {
+    name: opts.name,
+    about: opts.about || '',
+    picture: opts.picture || '',
+    nip05: opts.nip05 || '',
+  };
+
+  if (opts.lightningAddress) {
+    metadata.lud16 = opts.lightningAddress;
+  }
+
+  const event = finalizeEvent({
+    kind: 0,
+    created_at: Math.floor(Date.now() / 1000),
+    tags: [],
+    content: JSON.stringify(metadata),
+  }, keys.secretKey);
+
+  let published = 0;
+  for (const url of opts.relays) {
+    try {
+      const relay = await Relay.connect(url);
+      await relay.publish(event);
+      relay.close();
+      published++;
+    } catch (e) {
+      // relay failed, continue
+    }
+  }
+
+  return { eventId: event.id, published, total: opts.relays.length };
+}
+
+// ─── DVM Announcement ───────────────────────────────────────────
+
+async function publishDVMAnnouncement(keys, opts) {
+  const { Relay, useWebSocketImplementation } = require('nostr-tools/relay');
+  const { finalizeEvent } = require('nostr-tools/pure');
+  const WebSocket = require('ws');
+  useWebSocketImplementation(WebSocket);
+
+  const kind = opts.dvmKind || 5050;
+  const price = opts.dvmPrice || 21;
+
+  // Kind 31990 — DVM service announcement (parameterized replaceable)
+  const event = finalizeEvent({
+    kind: 31990,
+    created_at: Math.floor(Date.now() / 1000),
+    tags: [
+      ['d', `${opts.name}-dvm`],
+      ['k', String(kind)],
+      ['t', 'ai'],
+      ['t', 'agent'],
+      ['amount', String(price * 1000), 'msats'], // amount in msats
+    ],
+    content: JSON.stringify({
+      name: `${opts.name} DVM`,
+      about: opts.about || `${opts.name} — AI agent DVM service`,
+      kind,
+      price: { amount: price, unit: 'sats' },
+    }),
+  }, keys.secretKey);
+
+  let published = 0;
+  for (const url of opts.relays) {
+    try {
+      const relay = await Relay.connect(url);
+      await relay.publish(event);
+      relay.close();
+      published++;
+    } catch (e) {
+      // relay failed, continue
+    }
+  }
+
+  return { eventId: event.id, kind, price, published, total: opts.relays.length };
+}
+
+// ─── File Management ────────────────────────────────────────────
+
+function saveKeys(dir, keys) {
+  const keysFile = path.join(dir, 'nostr-keys.json');
+  const data = {
+    publicKeyHex: keys.pubkey,
+    secretKeyHex: keys.secretKeyHex,
+    npub: keys.npub,
+    nsec: keys.nsec,
+    createdAt: new Date().toISOString(),
+  };
+  fs.writeFileSync(keysFile, JSON.stringify(data, null, 2));
+  fs.chmodSync(keysFile, 0o600); // owner read/write only
+  return keysFile;
+}
+
+function saveWalletConfig(dir, nwcUrl) {
+  const configFile = path.join(dir, 'wallet-config.json');
+  const data = {
+    nwcUrl,
+    createdAt: new Date().toISOString(),
+  };
+  fs.writeFileSync(configFile, JSON.stringify(data, null, 2));
+  fs.chmodSync(configFile, 0o600);
+  return configFile;
+}
+
+function saveBootstrapManifest(dir, result) {
+  const manifestFile = path.join(dir, 'bootstrap-manifest.json');
+  fs.writeFileSync(manifestFile, JSON.stringify(result, null, 2));
+  return manifestFile;
+}
+
+// ─── Bootstrap ──────────────────────────────────────────────────
+
+async function bootstrap(opts) {
+  const dir = path.resolve(opts.dir || './agent-identity');
+
+  // Create directory
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true });
+  }
+
+  const result = { dir };
+
+  // 1. Generate keys
+  console.log('🔑 Generating Nostr identity...');
+  const keys = generateKeys();
+  const keysFile = saveKeys(dir, keys);
+  result.identity = {
+    name: opts.name,
+    npub: keys.npub,
+    pubkeyHex: keys.pubkey,
+    keysFile,
+  };
+
+  // 2. Publish profile
+  if (!opts.skipPublish) {
+    console.log('👤 Publishing profile to relays...');
+    const profile = await publishProfile(keys, {
+      name: opts.name,
+      about: opts.about,
+      relays: opts.relays,
+      lightningAddress: opts.lightningAddress,
+    });
+    result.profile = { relays: profile.published };
+  }
+
+  // 3. Configure wallet
+  if (opts.nwcUrl) {
+    console.log('⚡ Configuring Lightning wallet...');
+    const configFile = saveWalletConfig(dir, opts.nwcUrl);
+    result.wallet = { configFile };
+  }
+
+  // 4. ai.wot readiness
+  result.trust = {
+    protocol: 'ai.wot',
+    namespace: 'ai.wot',
+    ready: true,
+    scoreUrl: `https://wot.jeletor.cc/v1/score/${keys.pubkey}`,
+  };
+
+  // 5. DVM announcement
+  if (opts.dvm && !opts.skipPublish) {
+    console.log('🤖 Publishing DVM announcement...');
+    const dvm = await publishDVMAnnouncement(keys, {
+      name: opts.name,
+      about: opts.about,
+      dvmKind: opts.dvmKind,
+      dvmPrice: opts.dvmPrice,
+      relays: opts.relays,
+    });
+    result.dvm = { kind: dvm.kind, price: dvm.price, relays: dvm.published };
+  }
+
+  // 6. Save manifest
+  saveBootstrapManifest(dir, result);
+
+  return result;
+}
+
+// ─── Status Check ───────────────────────────────────────────────
+
+async function status(dir) {
+  dir = path.resolve(dir);
+  const result = { dir };
+
+  // Check keys
+  const keysFile = path.join(dir, 'nostr-keys.json');
+  if (fs.existsSync(keysFile)) {
+    const keys = JSON.parse(fs.readFileSync(keysFile, 'utf-8'));
+    result.identity = { npub: keys.npub, pubkeyHex: keys.publicKeyHex };
+  }
+
+  // Check wallet
+  const walletFile = path.join(dir, 'wallet-config.json');
+  if (fs.existsSync(walletFile)) {
+    result.wallet = { configured: true };
+  }
+
+  // Check manifest
+  const manifestFile = path.join(dir, 'bootstrap-manifest.json');
+  if (fs.existsSync(manifestFile)) {
+    const manifest = JSON.parse(fs.readFileSync(manifestFile, 'utf-8'));
+    result.profile = manifest.profile || null;
+    result.dvm = manifest.dvm || null;
+  }
+
+  return result;
+}
+
+// ─── Verify ─────────────────────────────────────────────────────
+
+async function verify(dir) {
+  dir = path.resolve(dir);
+  const checks = [];
+
+  // 1. Keys exist and are valid
+  const keysFile = path.join(dir, 'nostr-keys.json');
+  if (fs.existsSync(keysFile)) {
+    try {
+      const keys = JSON.parse(fs.readFileSync(keysFile, 'utf-8'));
+      if (keys.publicKeyHex && keys.secretKeyHex && keys.publicKeyHex.length === 64) {
+        checks.push({ name: 'Identity', ok: true, message: `Keys valid (${keys.npub.substring(0, 20)}...)` });
+      } else {
+        checks.push({ name: 'Identity', ok: false, message: 'Keys file is malformed' });
+      }
+    } catch (e) {
+      checks.push({ name: 'Identity', ok: false, message: 'Keys file is not valid JSON' });
+    }
+  } else {
+    checks.push({ name: 'Identity', ok: false, message: 'No keys file found' });
+  }
+
+  // 2. Keys file permissions
+  if (fs.existsSync(keysFile)) {
+    const stat = fs.statSync(keysFile);
+    const mode = (stat.mode & 0o777).toString(8);
+    if (mode === '600') {
+      checks.push({ name: 'Key Security', ok: true, message: 'Keys file has correct permissions (600)' });
+    } else {
+      checks.push({ name: 'Key Security', ok: false, message: `Keys file permissions too open: ${mode} (should be 600)` });
+    }
+  }
+
+  // 3. Profile on relays
+  if (fs.existsSync(keysFile)) {
+    try {
+      const keys = JSON.parse(fs.readFileSync(keysFile, 'utf-8'));
+      const { Relay, useWebSocketImplementation } = require('nostr-tools/relay');
+      const WebSocket = require('ws');
+      useWebSocketImplementation(WebSocket);
+
+      let found = false;
+      const relays = ['wss://relay.damus.io', 'wss://nos.lol'];
+      for (const url of relays) {
+        try {
+          const relay = await Relay.connect(url);
+          const events = [];
+          await new Promise((resolve) => {
+            relay.subscribe([{ kinds: [0], authors: [keys.publicKeyHex], limit: 1 }], {
+              onevent(e) { events.push(e); },
+              oneose() { resolve(); },
+            });
+            setTimeout(resolve, 5000);
+          });
+          relay.close();
+          if (events.length > 0) {
+            found = true;
+            const profile = JSON.parse(events[0].content);
+            checks.push({ name: 'Profile', ok: true, message: `Found on ${url}: "${profile.name}"` });
+            break;
+          }
+        } catch (e) {
+          // try next relay
+        }
+      }
+      if (!found) {
+        checks.push({ name: 'Profile', ok: false, message: 'Not found on any relay' });
+      }
+    } catch (e) {
+      checks.push({ name: 'Profile', ok: false, message: e.message });
+    }
+  }
+
+  // 4. Wallet config
+  const walletFile = path.join(dir, 'wallet-config.json');
+  if (fs.existsSync(walletFile)) {
+    try {
+      const wc = JSON.parse(fs.readFileSync(walletFile, 'utf-8'));
+      if (wc.nwcUrl && wc.nwcUrl.startsWith('nostr+walletconnect://')) {
+        checks.push({ name: 'Wallet', ok: true, message: 'NWC config present' });
+      } else {
+        checks.push({ name: 'Wallet', ok: false, message: 'Invalid NWC URL format' });
+      }
+    } catch (e) {
+      checks.push({ name: 'Wallet', ok: false, message: 'Wallet config is not valid JSON' });
+    }
+  } else {
+    checks.push({ name: 'Wallet', ok: false, message: 'No wallet config (optional)' });
+  }
+
+  // 5. Trust score reachable
+  if (fs.existsSync(keysFile)) {
+    try {
+      const keys = JSON.parse(fs.readFileSync(keysFile, 'utf-8'));
+      const resp = await fetch(`https://wot.jeletor.cc/v1/score/${keys.publicKeyHex}`);
+      if (resp.ok) {
+        const data = await resp.json();
+        checks.push({ name: 'Trust (ai.wot)', ok: true, message: `Score: ${data.score}/100 (${data.attestationCount} attestations)` });
+      } else {
+        checks.push({ name: 'Trust (ai.wot)', ok: false, message: `API returned ${resp.status}` });
+      }
+    } catch (e) {
+      checks.push({ name: 'Trust (ai.wot)', ok: false, message: 'Could not reach wot.jeletor.cc' });
+    }
+  }
+
+  const passed = checks.filter(c => c.ok).length;
+  return { checks, passed, total: checks.length };
+}
+
+module.exports = { bootstrap, status, verify, generateKeys, publishProfile, publishDVMAnnouncement };

package/test/run.cjs

@@ -0,0 +1,189 @@
+// agent-bootstrap tests
+const { generateKeys, bootstrap, status, verify } = require('../src/index.cjs');
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+let passed = 0;
+let failed = 0;
+
+function test(name, fn) {
+  try {
+    fn();
+    console.log(`  ✅ ${name}`);
+    passed++;
+  } catch (e) {
+    console.log(`  ❌ ${name}: ${e.message}`);
+    failed++;
+  }
+}
+
+function assert(cond, msg) {
+  if (!cond) throw new Error(msg || 'Assertion failed');
+}
+
+async function asyncTest(name, fn) {
+  try {
+    await fn();
+    console.log(`  ✅ ${name}`);
+    passed++;
+  } catch (e) {
+    console.log(`  ❌ ${name}: ${e.message}`);
+    failed++;
+  }
+}
+
+// ─── Key Generation ─────────────────────────────────────────────
+
+console.log('\n🔑 Key Generation');
+
+test('generates valid keys', () => {
+  const keys = generateKeys();
+  assert(keys.pubkey && keys.pubkey.length === 64, 'pubkey should be 64 hex chars');
+  assert(keys.secretKeyHex && keys.secretKeyHex.length === 64, 'secretKeyHex should be 64 hex chars');
+  assert(keys.npub.startsWith('npub1'), 'npub should start with npub1');
+  assert(keys.nsec.startsWith('nsec1'), 'nsec should start with nsec1');
+  assert(keys.secretKey instanceof Uint8Array, 'secretKey should be Uint8Array');
+  assert(keys.secretKey.length === 32, 'secretKey should be 32 bytes');
+});
+
+test('generates unique keys each time', () => {
+  const k1 = generateKeys();
+  const k2 = generateKeys();
+  assert(k1.pubkey !== k2.pubkey, 'pubkeys should differ');
+  assert(k1.secretKeyHex !== k2.secretKeyHex, 'secret keys should differ');
+});
+
+// ─── Bootstrap (local, skip publish) ────────────────────────────
+
+console.log('\n🚀 Bootstrap (local)');
+
+const tmpDir = path.join(os.tmpdir(), 'agent-bootstrap-test-' + Date.now());
+
+asyncTest('bootstrap creates identity files', async () => {
+  const result = await bootstrap({
+    name: 'Test Agent',
+    about: 'A test agent',
+    dir: tmpDir,
+    relays: [],
+    skipPublish: true,
+  });
+
+  assert(result.identity, 'should have identity');
+  assert(result.identity.npub.startsWith('npub1'), 'should have valid npub');
+  assert(result.identity.pubkeyHex.length === 64, 'should have valid pubkey');
+  assert(fs.existsSync(path.join(tmpDir, 'nostr-keys.json')), 'keys file should exist');
+  assert(fs.existsSync(path.join(tmpDir, 'bootstrap-manifest.json')), 'manifest should exist');
+}).then(() => {
+
+  return asyncTest('keys file has correct permissions', async () => {
+    const keysFile = path.join(tmpDir, 'nostr-keys.json');
+    const stat = fs.statSync(keysFile);
+    const mode = (stat.mode & 0o777).toString(8);
+    assert(mode === '600', `permissions should be 600, got ${mode}`);
+  });
+
+}).then(() => {
+
+  return asyncTest('keys file contains valid data', async () => {
+    const keysFile = path.join(tmpDir, 'nostr-keys.json');
+    const keys = JSON.parse(fs.readFileSync(keysFile, 'utf-8'));
+    assert(keys.publicKeyHex.length === 64, 'should have pubkey');
+    assert(keys.secretKeyHex.length === 64, 'should have secret key');
+    assert(keys.npub.startsWith('npub1'), 'should have npub');
+    assert(keys.nsec.startsWith('nsec1'), 'should have nsec');
+    assert(keys.createdAt, 'should have timestamp');
+  });
+
+}).then(() => {
+
+  return asyncTest('manifest records bootstrap result', async () => {
+    const manifest = JSON.parse(fs.readFileSync(path.join(tmpDir, 'bootstrap-manifest.json'), 'utf-8'));
+    assert(manifest.identity, 'manifest should have identity');
+    assert(manifest.trust, 'manifest should have trust config');
+    assert(manifest.trust.protocol === 'ai.wot', 'trust protocol should be ai.wot');
+    assert(!manifest.profile, 'profile should not be set (skipPublish)');
+    assert(!manifest.dvm, 'dvm should not be set');
+  });
+
+}).then(() => {
+
+  // ─── Bootstrap with wallet ────────────────────────────────────
+
+  console.log('\n⚡ Wallet Config');
+  const tmpDir2 = path.join(os.tmpdir(), 'agent-bootstrap-test2-' + Date.now());
+
+  return asyncTest('bootstrap with NWC saves wallet config', async () => {
+    const result = await bootstrap({
+      name: 'Wallet Agent',
+      dir: tmpDir2,
+      relays: [],
+      skipPublish: true,
+      nwcUrl: 'nostr+walletconnect://test-relay?secret=abc123',
+    });
+
+    assert(result.wallet, 'should have wallet');
+    const configFile = path.join(tmpDir2, 'wallet-config.json');
+    assert(fs.existsSync(configFile), 'wallet config should exist');
+    const wc = JSON.parse(fs.readFileSync(configFile, 'utf-8'));
+    assert(wc.nwcUrl === 'nostr+walletconnect://test-relay?secret=abc123', 'should save NWC URL');
+
+    // Permissions
+    const stat = fs.statSync(configFile);
+    const mode = (stat.mode & 0o777).toString(8);
+    assert(mode === '600', `wallet config permissions should be 600, got ${mode}`);
+  });
+
+}).then(() => {
+
+  // ─── Status ───────────────────────────────────────────────────
+
+  console.log('\n📊 Status');
+
+  return asyncTest('status reads existing bootstrap', async () => {
+    const s = await status(tmpDir);
+    assert(s.identity, 'should find identity');
+    assert(s.identity.npub.startsWith('npub1'), 'should have valid npub');
+  });
+
+}).then(() => {
+
+  return asyncTest('status on empty dir returns no identity', async () => {
+    const emptyDir = path.join(os.tmpdir(), 'agent-bootstrap-empty-' + Date.now());
+    fs.mkdirSync(emptyDir, { recursive: true });
+    const s = await status(emptyDir);
+    assert(!s.identity, 'should not find identity');
+  });
+
+}).then(() => {
+
+  // ─── Verify (local only) ─────────────────────────────────────
+
+  console.log('\n✓ Verify');
+
+  return asyncTest('verify checks identity and permissions', async () => {
+    const v = await verify(tmpDir);
+    assert(v.checks.length >= 2, 'should have at least 2 checks');
+    const identityCheck = v.checks.find(c => c.name === 'Identity');
+    assert(identityCheck && identityCheck.ok, 'identity check should pass');
+    const securityCheck = v.checks.find(c => c.name === 'Key Security');
+    assert(securityCheck && securityCheck.ok, 'security check should pass');
+  });
+
+}).then(() => {
+
+  // ─── Cleanup & Summary ───────────────────────────────────────
+
+  console.log(`\n${'─'.repeat(40)}`);
+  console.log(`  ${passed} passed, ${failed} failed, ${passed + failed} total`);
+  if (failed > 0) process.exit(1);
+
+  // Cleanup
+  try {
+    fs.rmSync(tmpDir, { recursive: true });
+  } catch (e) {}
+
+}).catch(err => {
+  console.error('Test error:', err);
+  process.exit(1);
+});