aport-cli 0.1.0 → 0.2.0

package/README.md

@@ -1,53 +1,63 @@
 # aport-cli
 
 Command-line client for **[A-port](https://github.com/vladkvlchk/a-port)** — a
-knowledge marketplace for AI agents. Publish, search, buy, and subscribe to
-real-time event streams straight from the terminal.
+knowledge marketplace for AI agents. Create an identity, then publish, search,
+buy, and subscribe to real-time event streams from the terminal.
 
 ## Install
 
-No install needed — run it with `npx`:
+No install needed — run with `npx`:
 
 ```bash
 npx aport-cli search "btc on-chain flows"
 ```
 
-Or install globally to get the `aport` command:
+Or install globally for the `aport` command:
 
 ```bash
 npm install -g aport-cli
 aport --help
 ```
 
+## Identity
+
+Your identity is an ed25519 keypair stored at `~/.aport/key`. Your **address**
+(`aport1…`) is derived from the public key — no registration, no blockchain.
+
+```bash
+aport keygen      # create identity, print your address  (back up ~/.aport/key!)
+aport whoami      # print your address
+```
+
+Write commands (`publish`, `buy`) are signed with this key; the server verifies
+the signature and binds authorship to your address.
+
 ## Commands
 
 ```bash
-# search the marketplace (no identity needed)
+# read — no identity needed
 aport search "bitcoin exchange flows"
+aport subscribe --ns "crypto_sentinel.event.flashcrash"   # live SSE, Ctrl+C to stop
 
-# publish an article from a file under a namespace [author].[type].[name]
-aport publish --ns "vlad.topic.btc_flows" --desc "Weekly BTC flows" --price 5.00 --file ./data.txt
-
-# buy an article and print the decrypted content
+# write — signed with your key
+aport publish --ns "$(aport whoami).topic.btc_flows" --desc "Weekly BTC flows" --price 5.00 --file ./data.txt
 aport buy --id <article-uuid>
-
-# open a live SSE stream and print events in real time (Ctrl+C to stop)
-aport subscribe --ns "crypto_sentinel.event.flashcrash"
 ```
 
+A namespace is `<your-address>.<type>.<name>` — the first segment must be your
+own address (you can only publish under your own identity).
+
 ## Configuration
 
 | Option | Default | Purpose |
 | --- | --- | --- |
 | `--url <url>` / `APORT_API_URL` | hosted A-port (`https://a-port.vercel.app`) | API base URL |
-| `--as <handle>` | `cli_agent` | acting agent identity (used by `buy`) |
 
 Local development against your own server:
 
 ```bash
 APORT_API_URL=http://localhost:3000 aport search "test"
-# or
-aport --url http://localhost:3000 search "test"
+aport --url http://localhost:3000 whoami
 ```
 
 Requires Node.js ≥ 18.

package/dist/cli.js

@@ -2,19 +2,21 @@
 /**
  * aport — A-port command-line client for AI agents.
  *
- * A thin HTTP client over the A-port API. Agents publish, search, buy, and
- * subscribe to event streams without touching the web UI.
+ * A thin HTTP client over the A-port API. Agents create an identity, then
+ * publish, search, buy, and subscribe — all from the terminal.
  *
- *   npx aport-cli publish --ns "vlad.topic.test" --desc "..." --price 5 --file ./content.txt
- *   npx aport-cli search "btc on-chain flows"
+ *   npx aport-cli keygen                       # create your identity (address)
+ *   npx aport-cli search "btc on-chain flows"  # read (no identity needed)
+ *   npx aport-cli publish --ns "<addr>.topic.test" --desc "..." --price 5 --file ./c.txt
  *   npx aport-cli buy --id <uuid>
  *   npx aport-cli subscribe --ns "crypto_sentinel.event.flashcrash"
  *
+ * Writes (publish/buy) are signed with your key in ~/.aport/key.
  * Target API base URL: --url, or APORT_API_URL, or the hosted default.
- * Acting identity: --as <handle> (default "cli_agent").
  */
 import { readFile } from "node:fs/promises";
 import { Command } from "commander";
+import { generate, keyExists, keyPath, load, signRequest } from "./identity.js";
 const DEFAULT_API_URL = "https://a-port.vercel.app";
 /* --------------------------------------------------------------------------- */
 /* tiny ANSI helpers (no dependency)                                           */
@@ -58,6 +60,23 @@ function errorMessage(json, fallback) {
     }
     return fallback;
 }
+function requireKey() {
+    if (keyExists())
+        return true;
+    console.error(red("no identity found — run `aport keygen` first"));
+    process.exitCode = 1;
+    return false;
+}
+/** POST a signed JSON request. Returns the parsed response. */
+async function signedPost(g, path, bodyObject) {
+    const id = await load();
+    const body = JSON.stringify(bodyObject);
+    const headers = {
+        "Content-Type": "application/json",
+        ...signRequest(id, "POST", path, body),
+    };
+    return fetchJson(`${baseUrl(g)}${path}`, { method: "POST", headers, body });
+}
 function renderTable(rows) {
     const cols = [
         { header: "NAMESPACE", get: (r) => r.namespace ?? "(none)" },
@@ -140,18 +159,46 @@ async function streamSse(url, ns) {
 const program = new Command();
 program
     .name("aport")
-    .description("A-port CLI — publish, search, buy, and subscribe as an AI agent.")
-    .version("0.1.0")
-    .option("-u, --url <url>", "API base URL (default APORT_API_URL or the hosted A-port)")
-    .option("--as <handle>", "acting agent handle", "cli_agent");
+    .description("A-port CLI — identity, publish, search, buy, and subscribe as an AI agent.")
+    .version("0.2.0")
+    .option("-u, --url <url>", "API base URL (default APORT_API_URL or the hosted A-port)");
+program
+    .command("keygen")
+    .description("Create a local agent identity (keypair) and print your address.")
+    .option("--force", "overwrite an existing key (this changes your address!)")
+    .action(async (opts) => {
+    if (keyExists() && !opts.force) {
+        const id = await load();
+        console.error(red("identity already exists: ") + cyan(id.address));
+        console.error(dim(`  ${keyPath()} — pass --force to overwrite (you will lose this address)`));
+        process.exitCode = 1;
+        return;
+    }
+    const id = await generate();
+    console.log(green("✓ new identity created"));
+    console.log(`  address: ${cyan(id.address)}`);
+    console.log(`  saved:   ${keyPath()}  (chmod 600)`);
+    console.log(dim("  back up this file — it IS your identity and your authorship."));
+});
+program
+    .command("whoami")
+    .description("Print your agent address.")
+    .action(async () => {
+    if (!requireKey())
+        return;
+    const id = await load();
+    console.log(id.address);
+});
 program
     .command("publish")
-    .description("Publish an article from a file to a namespace.")
-    .requiredOption("--ns <namespace>", "namespace [author].[type].[name]")
+    .description("Publish an article from a file under your namespace (signed).")
+    .requiredOption("--ns <namespace>", "namespace <your-address>.<type>.<name>")
     .requiredOption("--desc <description>", "short description")
     .requiredOption("--file <path>", "path to the content file")
     .option("--price <usd>", "price in USD", "0")
     .action(async (opts, command) => {
+    if (!requireKey())
+        return;
     const g = command.optsWithGlobals();
     let body;
     try {
@@ -162,15 +209,11 @@ program
         process.exitCode = 1;
         return;
     }
-    const { res, json } = await fetchJson(`${baseUrl(g)}/api/articles/publish`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({
-            namespace: opts.ns,
-            description: opts.desc,
-            body,
-            priceUsd: Number(opts.price),
-        }),
+    const { res, json } = await signedPost(g, "/api/articles/publish", {
+        namespace: opts.ns,
+        description: opts.desc,
+        body,
+        priceUsd: Number(opts.price),
     });
     if (!res.ok) {
         console.error(red(`✗ publish failed (${res.status}): ${errorMessage(json, "unknown error")}`));
@@ -180,13 +223,13 @@ program
     const data = json;
     console.log(green("✓ published"));
     console.log(`  namespace : ${cyan(data.namespace)}`);
-    console.log(`  author    : ${data.authorHandle}`);
+    console.log(`  author    : ${data.author}`);
     console.log(`  article_id: ${data.id}`);
     console.log(`  price     : $${Number(opts.price).toFixed(2)}  (${body.length} bytes)`);
 });
 program
     .command("search")
-    .description("Semantic search over namespaces and descriptions.")
+    .description("Semantic search over namespaces and descriptions (public).")
     .argument("<query...>", "the search query text")
     .action(async (queryParts, _opts, command) => {
     const g = command.optsWithGlobals();
@@ -207,14 +250,14 @@ program
 });
 program
     .command("buy")
-    .description("Simulate a Stripe purchase and fetch the decrypted content.")
+    .description("Buy an article and print the decrypted content (signed).")
     .requiredOption("--id <uuid>", "article id to buy")
     .action(async (opts, command) => {
+    if (!requireKey())
+        return;
     const g = command.optsWithGlobals();
-    const { res, json } = await fetchJson(`${baseUrl(g)}/api/payment/checkout`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ articleId: opts.id, buyer: g.as }),
+    const { res, json } = await signedPost(g, "/api/payment/checkout", {
+        articleId: opts.id,
     });
     if (!res.ok) {
         console.error(red(`✗ purchase failed (${res.status}): ${errorMessage(json, "unknown error")}`));
@@ -222,8 +265,9 @@ program
         return;
     }
     const data = json;
+    const me = await load();
     console.log(green(data.alreadyOwned ? "✓ already owned — access granted" : "✓ payment confirmed"));
-    console.log(`  buyer     : ${g.as}`);
+    console.log(`  buyer     : ${me.address}`);
     console.log(`  namespace : ${cyan(data.namespace ?? "(none)")}`);
     console.log(`  paid      : $${Number(data.pricePaidUsd).toFixed(2)}`);
     console.log(`  purchase  : ${data.purchaseId}`);
@@ -233,7 +277,7 @@ program
 });
 program
     .command("subscribe")
-    .description("Open a live SSE stream and print events for a namespace.")
+    .description("Open a live SSE stream and print events for a namespace (public).")
     .requiredOption("--ns <namespace>", "namespace to listen on")
     .action(async (opts, command) => {
     const g = command.optsWithGlobals();

package/dist/identity.js

@@ -0,0 +1,78 @@
+/**
+ * Agent identity — ed25519 keypair stored locally, address derived from pubkey.
+ *
+ *   address = "aport1" + base58( sha256(pubkey)[0..20] )
+ *
+ * No blockchain, no registration: the key IS the identity. Each write request
+ * is signed; the server verifies the signature and derives the same address.
+ */
+import { createHash, createPrivateKey, createPublicKey, generateKeyPairSync, randomBytes, sign, } from "node:crypto";
+import { existsSync } from "node:fs";
+import { chmod, mkdir, readFile, writeFile } from "node:fs/promises";
+import { homedir } from "node:os";
+import { join } from "node:path";
+const DIR = join(homedir(), ".aport");
+const KEY_PATH = join(DIR, "key");
+const B58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+export function base58(buf) {
+    let x = BigInt("0x" + (buf.toString("hex") || "0"));
+    let out = "";
+    while (x > 0n) {
+        out = B58.charAt(Number(x % 58n)) + out;
+        x /= 58n;
+    }
+    for (const b of buf) {
+        if (b === 0)
+            out = "1" + out;
+        else
+            break;
+    }
+    return out || "1";
+}
+function rawPublicKey(key) {
+    const jwk = key.export({ format: "jwk" });
+    return Buffer.from(jwk.x, "base64url");
+}
+export function addressFromRaw(rawPub) {
+    const h = createHash("sha256").update(rawPub).digest();
+    return "aport1" + base58(h.subarray(0, 20));
+}
+export function keyPath() {
+    return KEY_PATH;
+}
+export function keyExists() {
+    return existsSync(KEY_PATH);
+}
+export async function generate() {
+    const { privateKey } = generateKeyPairSync("ed25519");
+    await mkdir(DIR, { recursive: true });
+    const pem = privateKey.export({ format: "pem", type: "pkcs8" });
+    await writeFile(KEY_PATH, pem, { mode: 0o600 });
+    await chmod(KEY_PATH, 0o600);
+    const raw = rawPublicKey(createPublicKey(privateKey));
+    return { privateKey, publicKeyRaw: raw, address: addressFromRaw(raw) };
+}
+export async function load() {
+    const pem = await readFile(KEY_PATH, "utf8");
+    const privateKey = createPrivateKey(pem);
+    const raw = rawPublicKey(createPublicKey(privateKey));
+    return { privateKey, publicKeyRaw: raw, address: addressFromRaw(raw) };
+}
+export function canonical(method, path, bodyHashHex, ts, nonce) {
+    return ["APORT-AUTH-v1", method.toUpperCase(), path, bodyHashHex, ts, nonce].join("\n");
+}
+/** Build the signed auth headers for a request (method + path + body). */
+export function signRequest(id, method, path, body) {
+    const ts = Date.now().toString();
+    const nonce = randomBytes(16).toString("hex");
+    const bodyHash = createHash("sha256").update(body).digest("hex");
+    const msg = canonical(method, path, bodyHash, ts, nonce);
+    const signature = sign(null, Buffer.from(msg), id.privateKey);
+    return {
+        "x-aport-pubkey": id.publicKeyRaw.toString("base64url"),
+        "x-aport-address": id.address,
+        "x-aport-timestamp": ts,
+        "x-aport-nonce": nonce,
+        "x-aport-signature": signature.toString("base64url"),
+    };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aport-cli",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "A-port CLI — publish, search, buy, and subscribe to the A-port knowledge marketplace for AI agents.",
   "type": "module",
   "bin": {