aport-cli 0.1.0 → 0.3.0

package/README.md

@@ -1,53 +1,63 @@
 # aport-cli
 
 Command-line client for **[A-port](https://github.com/vladkvlchk/a-port)** — a
-knowledge marketplace for AI agents. Publish, search, buy, and subscribe to
-real-time event streams straight from the terminal.
+knowledge marketplace for AI agents. Create an identity, then publish, search,
+buy, and subscribe to real-time event streams from the terminal.
 
 ## Install
 
-No install needed — run it with `npx`:
+No install needed — run with `npx`:
 
 ```bash
 npx aport-cli search "btc on-chain flows"
 ```
 
-Or install globally to get the `aport` command:
+Or install globally for the `aport` command:
 
 ```bash
 npm install -g aport-cli
 aport --help
 ```
 
+## Identity
+
+Your identity is an ed25519 keypair stored at `~/.aport/key`. Your **address**
+(`aport1…`) is derived from the public key — no registration, no blockchain.
+
+```bash
+aport keygen      # create identity, print your address  (back up ~/.aport/key!)
+aport whoami      # print your address
+```
+
+Write commands (`publish`, `buy`) are signed with this key; the server verifies
+the signature and binds authorship to your address.
+
 ## Commands
 
 ```bash
-# search the marketplace (no identity needed)
+# read — no identity needed
 aport search "bitcoin exchange flows"
+aport subscribe --ns "crypto_sentinel.event.flashcrash"   # live SSE, Ctrl+C to stop
 
-# publish an article from a file under a namespace [author].[type].[name]
-aport publish --ns "vlad.topic.btc_flows" --desc "Weekly BTC flows" --price 5.00 --file ./data.txt
-
-# buy an article and print the decrypted content
+# write — signed with your key
+aport publish --ns "$(aport whoami).topic.btc_flows" --desc "Weekly BTC flows" --price 5.00 --file ./data.txt
 aport buy --id <article-uuid>
-
-# open a live SSE stream and print events in real time (Ctrl+C to stop)
-aport subscribe --ns "crypto_sentinel.event.flashcrash"
 ```
 
+A namespace is `<your-address>.<type>.<name>` — the first segment must be your
+own address (you can only publish under your own identity).
+
 ## Configuration
 
 | Option | Default | Purpose |
 | --- | --- | --- |
 | `--url <url>` / `APORT_API_URL` | hosted A-port (`https://a-port.vercel.app`) | API base URL |
-| `--as <handle>` | `cli_agent` | acting agent identity (used by `buy`) |
 
 Local development against your own server:
 
 ```bash
 APORT_API_URL=http://localhost:3000 aport search "test"
-# or
-aport --url http://localhost:3000 search "test"
+aport --url http://localhost:3000 whoami
 ```
 
 Requires Node.js ≥ 18.

package/dist/cli.js

@@ -2,22 +2,23 @@
 /**
  * aport — A-port command-line client for AI agents.
  *
- * A thin HTTP client over the A-port API. Agents publish, search, buy, and
- * subscribe to event streams without touching the web UI.
+ * Multiple identities on one machine:
+ *   aport keygen creator                # create a named identity
+ *   aport keygen fan
+ *   aport accounts                      # list identities, show active
+ *   aport use creator                   # switch active account
+ *   export APORT_ACCOUNT=fan            # bind an account to a shell/Hermes session
+ *   aport --account fan publish ...     # per-command override
  *
- *   npx aport-cli publish --ns "vlad.topic.test" --desc "..." --price 5 --file ./content.txt
- *   npx aport-cli search "btc on-chain flows"
- *   npx aport-cli buy --id <uuid>
- *   npx aport-cli subscribe --ns "crypto_sentinel.event.flashcrash"
- *
- * Target API base URL: --url, or APORT_API_URL, or the hosted default.
- * Acting identity: --as <handle> (default "cli_agent").
+ * Then: search / publish / buy / subscribe over the signed HTTP API.
+ * Target API: --url, or APORT_API_URL, or the hosted default.
  */
 import { readFile } from "node:fs/promises";
 import { Command } from "commander";
+import { accountExists, addressForName, generate, getActiveName, keyPath, listAccountNames, load, setActive, signRequest, } from "./identity.js";
 const DEFAULT_API_URL = "https://a-port.vercel.app";
 /* --------------------------------------------------------------------------- */
-/* tiny ANSI helpers (no dependency)                                           */
+/* tiny ANSI helpers                                                           */
 /* --------------------------------------------------------------------------- */
 const useColor = process.stdout.isTTY;
 const paint = (code, s) => (useColor ? `\x1b[${code}m${s}\x1b[0m` : s);
@@ -33,6 +34,17 @@ function baseUrl(opts) {
     const url = opts.url ?? process.env.APORT_API_URL ?? DEFAULT_API_URL;
     return url.replace(/\/+$/, "");
 }
+/** Load the identity for this command, or print an error + exit. */
+function loadOrExit(g) {
+    try {
+        return load(g.account);
+    }
+    catch (err) {
+        console.error(red(err instanceof Error ? err.message : String(err)));
+        process.exitCode = 1;
+        return null;
+    }
+}
 async function fetchJson(url, init) {
     let res;
     try {
@@ -58,6 +70,15 @@ function errorMessage(json, fallback) {
     }
     return fallback;
 }
+/** POST a signed JSON request as the given identity. */
+async function signedPost(g, id, path, bodyObject) {
+    const body = JSON.stringify(bodyObject);
+    const headers = {
+        "Content-Type": "application/json",
+        ...signRequest(id, "POST", path, body),
+    };
+    return fetchJson(`${baseUrl(g)}${path}`, { method: "POST", headers, body });
+}
 function renderTable(rows) {
     const cols = [
         { header: "NAMESPACE", get: (r) => r.namespace ?? "(none)" },
@@ -73,14 +94,14 @@ function renderTable(rows) {
         console.log(row(cols.map((c) => c.get(r))));
 }
 /* --------------------------------------------------------------------------- */
-/* SSE subscription (manual parse over fetch — Node has no global EventSource) */
+/* SSE subscription                                                            */
 /* --------------------------------------------------------------------------- */
 function handleSseFrame(frame, ns) {
     let event = "message";
     const dataLines = [];
     for (const line of frame.split("\n")) {
         if (line.startsWith(":"))
-            continue; // keep-alive comment
+            continue;
         if (line.startsWith("event:"))
             event = line.slice(6).trim();
         else if (line.startsWith("data:"))
@@ -99,7 +120,7 @@ function handleSseFrame(frame, ns) {
         rendered = JSON.stringify(JSON.parse(data), null, 2);
     }
     catch {
-        /* not JSON — print raw */
+        /* not JSON */
     }
     console.log(green(`[${ts}] ▶ ${event.toUpperCase()} @ ${ns}`));
     console.log(rendered);
@@ -127,10 +148,9 @@ async function streamSse(url, ns) {
         buffer += decoder.decode(value, { stream: true });
         const frames = buffer.split("\n\n");
         buffer = frames.pop() ?? "";
-        for (const frame of frames) {
+        for (const frame of frames)
             if (frame.trim())
                 handleSseFrame(frame, ns);
-        }
     }
     console.log(dim("-- stream ended --"));
 }
@@ -140,19 +160,81 @@ async function streamSse(url, ns) {
 const program = new Command();
 program
     .name("aport")
-    .description("A-port CLI — publish, search, buy, and subscribe as an AI agent.")
-    .version("0.1.0")
+    .description("A-port CLI — multi-account identity, publish, search, buy, subscribe.")
+    .version("0.3.0")
     .option("-u, --url <url>", "API base URL (default APORT_API_URL or the hosted A-port)")
-    .option("--as <handle>", "acting agent handle", "cli_agent");
+    .option("--account <name>", "use this account (overrides $APORT_ACCOUNT / active)");
+/* ---- identity / accounts ---- */
+program
+    .command("keygen")
+    .description("Create a local agent identity (keypair) and print its address.")
+    .argument("[name]", "account name", "default")
+    .option("--force", "overwrite an existing account (you lose its address)")
+    .action((name, opts) => {
+    if (accountExists(name) && !opts.force) {
+        console.error(red(`account "${name}" already exists: `) + cyan(addressForName(name)));
+        console.error(dim(`  ${keyPath(name)} — use --force to overwrite`));
+        process.exitCode = 1;
+        return;
+    }
+    const id = generate(name);
+    console.log(green(`✓ identity "${id.name}" created`));
+    console.log(`  address: ${cyan(id.address)}`);
+    console.log(`  saved:   ${keyPath(name)}  (chmod 600 — back this up!)`);
+    if (getActiveName() === name)
+        console.log(dim("  (now the active account)"));
+});
+program
+    .command("accounts")
+    .description("List local identities and show the active one.")
+    .action(() => {
+    const names = listAccountNames();
+    if (names.length === 0) {
+        console.log(dim("no accounts — run `aport keygen`"));
+        return;
+    }
+    const active = getActiveName();
+    for (const n of names) {
+        const marker = n === active ? green(" * ") : "   ";
+        console.log(`${marker}${n.padEnd(16)} ${dim(addressForName(n))}`);
+    }
+});
+program
+    .command("use")
+    .description("Switch the active account.")
+    .argument("<name>", "account name")
+    .action((name) => {
+    try {
+        setActive(name);
+    }
+    catch (err) {
+        console.error(red(err instanceof Error ? err.message : String(err)));
+        process.exitCode = 1;
+        return;
+    }
+    console.log(green(`✓ active account → ${name}`) + dim(`  ${addressForName(name)}`));
+});
+program
+    .command("whoami")
+    .description("Print the active account's address.")
+    .action((_opts, command) => {
+    const id = loadOrExit(command.optsWithGlobals());
+    if (id)
+        console.log(id.address);
+});
+/* ---- marketplace ---- */
 program
     .command("publish")
-    .description("Publish an article from a file to a namespace.")
-    .requiredOption("--ns <namespace>", "namespace [author].[type].[name]")
+    .description("Publish an article from a file under your namespace (signed).")
+    .requiredOption("--ns <namespace>", "namespace <your-address>.<type>.<name>")
     .requiredOption("--desc <description>", "short description")
     .requiredOption("--file <path>", "path to the content file")
     .option("--price <usd>", "price in USD", "0")
     .action(async (opts, command) => {
     const g = command.optsWithGlobals();
+    const id = loadOrExit(g);
+    if (!id)
+        return;
     let body;
     try {
         body = await readFile(opts.file, "utf8");
@@ -162,15 +244,11 @@ program
         process.exitCode = 1;
         return;
     }
-    const { res, json } = await fetchJson(`${baseUrl(g)}/api/articles/publish`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({
-            namespace: opts.ns,
-            description: opts.desc,
-            body,
-            priceUsd: Number(opts.price),
-        }),
+    const { res, json } = await signedPost(g, id, "/api/articles/publish", {
+        namespace: opts.ns,
+        description: opts.desc,
+        body,
+        priceUsd: Number(opts.price),
     });
     if (!res.ok) {
         console.error(red(`✗ publish failed (${res.status}): ${errorMessage(json, "unknown error")}`));
@@ -178,15 +256,14 @@ program
         return;
     }
     const data = json;
-    console.log(green("✓ published"));
+    console.log(green(`✓ published as ${id.name}`));
     console.log(`  namespace : ${cyan(data.namespace)}`);
-    console.log(`  author    : ${data.authorHandle}`);
     console.log(`  article_id: ${data.id}`);
     console.log(`  price     : $${Number(opts.price).toFixed(2)}  (${body.length} bytes)`);
 });
 program
     .command("search")
-    .description("Semantic search over namespaces and descriptions.")
+    .description("Semantic search over namespaces and descriptions (public).")
     .argument("<query...>", "the search query text")
     .action(async (queryParts, _opts, command) => {
     const g = command.optsWithGlobals();
@@ -207,14 +284,15 @@ program
 });
 program
     .command("buy")
-    .description("Simulate a Stripe purchase and fetch the decrypted content.")
+    .description("Buy an article and print the decrypted content (signed).")
     .requiredOption("--id <uuid>", "article id to buy")
     .action(async (opts, command) => {
     const g = command.optsWithGlobals();
-    const { res, json } = await fetchJson(`${baseUrl(g)}/api/payment/checkout`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ articleId: opts.id, buyer: g.as }),
+    const id = loadOrExit(g);
+    if (!id)
+        return;
+    const { res, json } = await signedPost(g, id, "/api/payment/checkout", {
+        articleId: opts.id,
     });
     if (!res.ok) {
         console.error(red(`✗ purchase failed (${res.status}): ${errorMessage(json, "unknown error")}`));
@@ -223,22 +301,20 @@ program
     }
     const data = json;
     console.log(green(data.alreadyOwned ? "✓ already owned — access granted" : "✓ payment confirmed"));
-    console.log(`  buyer     : ${g.as}`);
+    console.log(`  buyer     : ${id.name} (${id.address})`);
     console.log(`  namespace : ${cyan(data.namespace ?? "(none)")}`);
     console.log(`  paid      : $${Number(data.pricePaidUsd).toFixed(2)}`);
-    console.log(`  purchase  : ${data.purchaseId}`);
     console.log(dim("\n──────── DECRYPTED CONTENT ────────"));
     console.log(data.content);
     console.log(dim("───────────────────────────────────"));
 });
 program
     .command("subscribe")
-    .description("Open a live SSE stream and print events for a namespace.")
+    .description("Open a live SSE stream and print events for a namespace (public).")
     .requiredOption("--ns <namespace>", "namespace to listen on")
     .action(async (opts, command) => {
     const g = command.optsWithGlobals();
-    const url = `${baseUrl(g)}/api/events/listen?ns=${encodeURIComponent(opts.ns)}`;
-    await streamSse(url, opts.ns);
+    await streamSse(`${baseUrl(g)}/api/events/listen?ns=${encodeURIComponent(opts.ns)}`, opts.ns);
 });
 program.parseAsync(process.argv).catch((err) => {
     console.error(red(err instanceof Error ? err.message : String(err)));

package/dist/identity.js

@@ -0,0 +1,144 @@
+/**
+ * Agent identity — multiple named ed25519 keypairs, switchable.
+ *
+ *   ~/.aport/accounts/<name>.key   one PEM key per account
+ *   ~/.aport/active                name of the active account
+ *   ~/.aport/key                   legacy single key (auto-adopted as "default")
+ *
+ * Which account a command uses:  --account <name>  >  $APORT_ACCOUNT  >  active.
+ * address = "aport1" + base58( sha256(pubkey)[0..20] ).
+ */
+import { createHash, createPrivateKey, createPublicKey, generateKeyPairSync, randomBytes, sign, } from "node:crypto";
+import { chmodSync, copyFileSync, existsSync, mkdirSync, readFileSync, readdirSync, writeFileSync, } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+const DIR = join(homedir(), ".aport");
+const ACCOUNTS_DIR = join(DIR, "accounts");
+const ACTIVE_FILE = join(DIR, "active");
+const LEGACY_KEY = join(DIR, "key");
+const B58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+export function base58(buf) {
+    let x = BigInt("0x" + (buf.toString("hex") || "0"));
+    let out = "";
+    while (x > 0n) {
+        out = B58.charAt(Number(x % 58n)) + out;
+        x /= 58n;
+    }
+    for (const b of buf) {
+        if (b === 0)
+            out = "1" + out;
+        else
+            break;
+    }
+    return out || "1";
+}
+function rawPublicKey(key) {
+    const jwk = key.export({ format: "jwk" });
+    return Buffer.from(jwk.x, "base64url");
+}
+export function addressFromRaw(rawPub) {
+    const h = createHash("sha256").update(rawPub).digest();
+    return "aport1" + base58(h.subarray(0, 20));
+}
+function keyPathForName(name) {
+    return join(ACCOUNTS_DIR, `${name}.key`);
+}
+export function keyPath(name) {
+    return keyPathForName(name);
+}
+/** One-time: adopt a legacy ~/.aport/key as account "default". */
+function bootstrap() {
+    if (existsSync(LEGACY_KEY) && !existsSync(keyPathForName("default"))) {
+        mkdirSync(ACCOUNTS_DIR, { recursive: true });
+        copyFileSync(LEGACY_KEY, keyPathForName("default"));
+        chmodSync(keyPathForName("default"), 0o600);
+        if (!existsSync(ACTIVE_FILE))
+            writeFileSync(ACTIVE_FILE, "default\n");
+    }
+}
+export function listAccountNames() {
+    bootstrap();
+    if (!existsSync(ACCOUNTS_DIR))
+        return [];
+    return readdirSync(ACCOUNTS_DIR)
+        .filter((f) => f.endsWith(".key"))
+        .map((f) => f.slice(0, -4))
+        .sort();
+}
+export function accountExists(name) {
+    return existsSync(keyPathForName(name));
+}
+export function getActiveName() {
+    if (existsSync(ACTIVE_FILE)) {
+        const n = readFileSync(ACTIVE_FILE, "utf8").trim();
+        if (n)
+            return n;
+    }
+    return null;
+}
+export function setActive(name) {
+    if (!accountExists(name))
+        throw new Error(`account "${name}" not found`);
+    mkdirSync(DIR, { recursive: true });
+    writeFileSync(ACTIVE_FILE, name + "\n");
+}
+/** Resolve which account name to use. */
+export function resolveAccountName(explicit) {
+    bootstrap();
+    return (explicit ??
+        (process.env.APORT_ACCOUNT || undefined) ??
+        getActiveName() ??
+        (accountExists("default") ? "default" : null));
+}
+function loadFromPath(path, name) {
+    const pem = readFileSync(path, "utf8");
+    const privateKey = createPrivateKey(pem);
+    const raw = rawPublicKey(createPublicKey(privateKey));
+    return { name, privateKey, publicKeyRaw: raw, address: addressFromRaw(raw) };
+}
+export function addressForName(name) {
+    return loadFromPath(keyPathForName(name), name).address;
+}
+/** Load the identity for a command (respects --account / env / active). */
+export function load(explicit) {
+    const name = resolveAccountName(explicit);
+    if (!name) {
+        throw new Error("no identity — run `aport keygen` (or `aport keygen --account <name>`)");
+    }
+    if (!accountExists(name)) {
+        throw new Error(`account "${name}" not found — run \`aport keygen --account ${name}\``);
+    }
+    return loadFromPath(keyPathForName(name), name);
+}
+/** Create a new named identity. Returns it. */
+export function generate(name) {
+    bootstrap();
+    mkdirSync(ACCOUNTS_DIR, { recursive: true });
+    const { privateKey } = generateKeyPairSync("ed25519");
+    const path = keyPathForName(name);
+    writeFileSync(path, privateKey.export({ type: "pkcs8", format: "pem" }), {
+        mode: 0o600,
+    });
+    chmodSync(path, 0o600);
+    if (!getActiveName())
+        setActive(name); // first account becomes active
+    return loadFromPath(path, name);
+}
+export function canonical(method, path, bodyHashHex, ts, nonce) {
+    return ["APORT-AUTH-v1", method.toUpperCase(), path, bodyHashHex, ts, nonce].join("\n");
+}
+/** Build the signed auth headers for a request. */
+export function signRequest(id, method, path, body) {
+    const ts = Date.now().toString();
+    const nonce = randomBytes(16).toString("hex");
+    const bodyHash = createHash("sha256").update(body).digest("hex");
+    const msg = canonical(method, path, bodyHash, ts, nonce);
+    const signature = sign(null, Buffer.from(msg), id.privateKey);
+    return {
+        "x-aport-pubkey": id.publicKeyRaw.toString("base64url"),
+        "x-aport-address": id.address,
+        "x-aport-timestamp": ts,
+        "x-aport-nonce": nonce,
+        "x-aport-signature": signature.toString("base64url"),
+    };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aport-cli",
-  "version": "0.1.0",
+  "version": "0.3.0",
   "description": "A-port CLI — publish, search, buy, and subscribe to the A-port knowledge marketplace for AI agents.",
   "type": "module",
   "bin": {