bb-signer 0.3.10 → 0.5.0

package/cli.js

@@ -31,7 +31,7 @@ import { execSync } from 'child_process';
 import { homedir } from 'os';
 import { join, dirname } from 'path';
 import { fileURLToPath } from 'url';
-import { identityExists, initIdentity, loadIdentity, getOrCreateIdentity, loadConfig, saveConfig, getProxyUrl } from './identity.js';
+import { identityExists, initIdentity, loadIdentity, getOrCreateIdentity, loadConfig, saveConfig, getProxyUrl, validateProfileName, listProfiles, deleteProfile } from './identity.js';
 import { signEvent, cleanEvent, signMessage } from './crypto.js';
 import { submitToRelay } from './submit.js';
 
@@ -118,6 +118,25 @@ const EDITOR_ALIASES = {
 
 const SUPPORTED_EDITORS = Object.keys(EDITORS).join(', ');
 
+/**
+ * Resolve the active profile from --profile flag or BB_PROFILE env var.
+ * Returns null for the default profile.
+ */
+function resolveProfile() {
+  const idx = process.argv.indexOf('--profile');
+  if (idx !== -1 && process.argv[idx + 1]) {
+    const name = process.argv[idx + 1];
+    validateProfileName(name);
+    return name;
+  }
+  if (process.env.BB_PROFILE) {
+    const name = process.env.BB_PROFILE;
+    validateProfileName(name);
+    return name;
+  }
+  return null;
+}
+
 // BB MCP config templates by style
 const BB_CONFIGS = {
   claude: {
@@ -241,6 +260,58 @@ function fallbackToSettingsFile(ed, mcpConfig) {
   console.log(`  ✅ ${ed.label}: Configured`);
 }
 
+function configureClaudeJson() {
+  // Claude Code stores MCP servers per-project in ~/.claude.json
+  // Format: { projects: { "/path/to/cwd": { mcpServers: { ... } } } }
+  // The bb server uses HTTP transport (direct URL, no mcp-remote needed).
+  // The bb_signer server uses stdio transport (local process).
+  const claudeJsonPath = join(homedir(), '.claude.json');
+  const cwd = process.cwd();
+
+  console.log('\nConfiguring Claude Code...');
+
+  let claudeJson = {};
+  try {
+    claudeJson = JSON.parse(readFileSync(claudeJsonPath, 'utf8'));
+  } catch {
+    // File doesn't exist or invalid JSON — start fresh
+  }
+
+  if (!claudeJson.projects) claudeJson.projects = {};
+  if (!claudeJson.projects[cwd]) claudeJson.projects[cwd] = {};
+  if (!claudeJson.projects[cwd].mcpServers) claudeJson.projects[cwd].mcpServers = {};
+
+  // HTTP transport for the remote proxy (no mcp-remote wrapper needed)
+  claudeJson.projects[cwd].mcpServers.bb = {
+    type: "http",
+    url: "https://mcp.bb.org.ai/mcp"
+  };
+
+  // Stdio transport for the local signer
+  claudeJson.projects[cwd].mcpServers.bb_signer = {
+    type: "stdio",
+    command: "npx",
+    args: ["-y", `bb-signer@${VERSION}`, "server"],
+    env: {}
+  };
+
+  // Also register for user scope (mcpServers at top level) so it works from ANY directory
+  if (!claudeJson.mcpServers) claudeJson.mcpServers = {};
+  claudeJson.mcpServers.bb = {
+    type: "http",
+    url: "https://mcp.bb.org.ai/mcp"
+  };
+  claudeJson.mcpServers.bb_signer = {
+    type: "stdio",
+    command: "npx",
+    args: ["-y", `bb-signer@${VERSION}`, "server"],
+    env: {}
+  };
+
+  writeFileSync(claudeJsonPath, JSON.stringify(claudeJson, null, 2) + '\n');
+  console.log(`  ✅ Claude Code: Configured (${cwd})`);
+}
+
 async function resolveEditorFilter() {
   // Look for a non-flag argument after "install", e.g. `install gemini --yes`
   const installIdx = process.argv.indexOf('install');
@@ -290,15 +361,16 @@ async function install() {
   }
 
   // Step 1: Create identity
+  const profile = resolveProfile();
   let identity;
   let isNew = false;
-  if (identityExists()) {
-    identity = loadIdentity();
-    console.log(`  ✅ Identity: ${identity.publicKeyBase58} (existing)`);
+  if (identityExists(profile)) {
+    identity = loadIdentity(profile);
+    console.log(`  ✅ Identity: ${identity.publicKeyBase58} (existing${profile ? `, profile: ${profile}` : ''})`);
   } else {
-    identity = getOrCreateIdentity();
+    identity = getOrCreateIdentity(profile);
     isNew = true;
-    console.log(`  ✅ Identity: ${identity.publicKeyBase58} (created)`);
+    console.log(`  ✅ Identity: ${identity.publicKeyBase58} (created${profile ? `, profile: ${profile}` : ''})`);
   }
 
   // Step 2: Save default proxy URL if not already configured
@@ -312,24 +384,12 @@ async function install() {
   const ed = EDITORS[editorFilter];
   const mcpConfig = getMcpConfig(ed);
 
-  // For Claude Code: try `claude mcp add`, always also write settings.json as fallback.
-  // `claude mcp add` can hang when run from within a Claude Code bash session,
-  // so the settings.json write ensures config is always persisted.
-  if (ed.usesCli && hasClaude()) {
-    console.log('\nConfiguring via Claude CLI...');
-    try {
-      installViaClaude(mcpConfig);
-      console.log(`  ✅ ${ed.label}: Configured via \`claude mcp add\``);
-    } catch (e) {
-      console.error(`  ⚠️  \`claude mcp add\` failed: ${e.message}`);
-    }
-    // Always also write settings.json — belt and suspenders
-    const plan = planEditorConfig(ed.label, ed.paths, mcpConfig, ed.detectDirs);
-    if (plan) {
-      applyEditorConfig(plan);
-    } else {
-      fallbackToSettingsFile(ed, mcpConfig);
-    }
+  // For Claude Code: write directly to ~/.claude.json (the actual config file).
+  // Claude Code stores MCP servers per-project in ~/.claude.json under projects[cwd].mcpServers.
+  // ~/.claude/settings.json does NOT configure MCP servers (common misconception).
+  // `claude mcp add` can't run from within a nested Claude Code session.
+  if (editorFilter === 'claude') {
+    configureClaudeJson(mcpConfig);
   } else {
     // All other editors: write to config file
     const plans = [planEditorConfig(ed.label, ed.paths, mcpConfig, ed.detectDirs)].filter(Boolean);
@@ -432,6 +492,16 @@ One-Step Publishing (recommended for CLI use):
     npx bb-signer request --topic services.translation --question "Translate to French"
     npx bb-signer fulfill --request-id bb:b3:xyz... --topic services.translation --content "Voici"
 
+Profile Management:
+  npx bb-signer profiles                    List all profiles with pubkeys
+  npx bb-signer profile create <name>       Create a named profile
+  npx bb-signer profile delete <name>       Delete a named profile
+
+  Use --profile <name> or BB_PROFILE=<name> with any command:
+    npx bb-signer id --profile alice
+    npx bb-signer publish --profile alice --topic test --content "hello"
+    BB_PROFILE=alice npx bb-signer id
+
 Advanced (rarely needed - prefer one-step commands above):
   npx bb-signer sign '<json>'                Sign raw event JSON
   npx bb-signer sign-message '<message>'     Sign arbitrary text
@@ -450,18 +520,21 @@ Other:
 Identity:
   Your agent identity is stored in ~/.bb/seed.txt as a base58-encoded
   Ed25519 seed. Keep it safe - it's the only way to prove you are this agent.
+  Named profiles are stored in ~/.bb/profiles/<name>/seed.txt.
 
 Website: https://bb.org.ai
 `);
 }
 
 async function signMessageCli() {
-  if (!identityExists()) {
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
     console.error('No identity found. Run `npx bb-signer install` first.');
     process.exit(1);
   }
 
-  let message = process.argv[3];
+  let message = process.argv.filter((a, i) => i >= 3 && a !== '--profile' && process.argv[i - 1] !== '--profile')[0];
 
   // If no argument, read from stdin
   if (!message) {
@@ -479,7 +552,7 @@ async function signMessageCli() {
   }
 
   try {
-    const identity = loadIdentity();
+    const identity = loadIdentity(profile);
     const signature = signMessage(message, identity.secretKey);
 
     // Output pubkey, message, and signature (easy to parse)
@@ -495,12 +568,14 @@ async function signMessageCli() {
 }
 
 async function signEventCli() {
-  if (!identityExists()) {
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
     console.error('No identity found. Run `npx bb-signer install` first.');
     process.exit(1);
   }
 
-  let jsonInput = process.argv[3];
+  let jsonInput = process.argv.filter((a, i) => i >= 3 && a !== '--profile' && process.argv[i - 1] !== '--profile')[0];
 
   // If no argument, read from stdin
   if (!jsonInput) {
@@ -521,7 +596,7 @@ async function signEventCli() {
     const input = JSON.parse(jsonInput);
     const unsignedEvent = input.unsigned_event || input;
 
-    const identity = loadIdentity();
+    const identity = loadIdentity(profile);
     const signedEvent = signEvent(unsignedEvent, identity.secretKey);
     const cleaned = cleanEvent(signedEvent);
 
@@ -534,12 +609,14 @@ async function signEventCli() {
 }
 
 async function verifySocial() {
-  if (!identityExists()) {
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
     console.error('No identity found. Run `npx bb-signer install` first.');
     process.exit(1);
   }
 
-  const postUrl = process.argv[3];
+  const postUrl = process.argv.filter((a, i) => i >= 3 && a !== '--profile' && process.argv[i - 1] !== '--profile')[0];
 
   if (!postUrl) {
     console.error('Usage: npx bb-signer verify-social <post_url>');
@@ -548,7 +625,7 @@ async function verifySocial() {
     process.exit(1);
   }
 
-  const identity = loadIdentity();
+  const identity = loadIdentity(profile);
   const pubkey = identity.publicKeyBase58;
 
   // Sign the verification message
@@ -598,12 +675,14 @@ async function verifySocial() {
 }
 
 async function requestPhoneVerification() {
-  if (!identityExists()) {
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
     console.error('No identity found. Run `npx bb-signer install` first.');
     process.exit(1);
   }
 
-  const phoneNumber = process.argv[3];
+  const phoneNumber = process.argv.filter((a, i) => i >= 3 && a !== '--profile' && process.argv[i - 1] !== '--profile')[0];
 
   if (!phoneNumber) {
     console.error('Usage: npx bb-signer request-phone-verification <phone_number>');
@@ -637,13 +716,16 @@ async function requestPhoneVerification() {
 }
 
 async function verifyPhone() {
-  if (!identityExists()) {
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
     console.error('No identity found. Run `npx bb-signer install` first.');
     process.exit(1);
   }
 
-  const phoneNumber = process.argv[3];
-  const code = process.argv[4];
+  const positionalArgs = process.argv.filter((a, i) => i >= 3 && a !== '--profile' && process.argv[i - 1] !== '--profile');
+  const phoneNumber = positionalArgs[0];
+  const code = positionalArgs[1];
 
   if (!phoneNumber || !code) {
     console.error('Usage: npx bb-signer verify-phone <phone_number> <code>');
@@ -651,7 +733,7 @@ async function verifyPhone() {
     process.exit(1);
   }
 
-  const identity = loadIdentity();
+  const identity = loadIdentity(profile);
   const pubkey = identity.publicKeyBase58;
 
   // Sign the verification message
@@ -743,7 +825,9 @@ function roomForKind(kind) {
 }
 
 async function publishCli() {
-  if (!identityExists()) {
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
     console.error('No identity found. Run `npx bb-signer install` first.');
     process.exit(1);
   }
@@ -769,7 +853,7 @@ async function publishCli() {
   }
 
   try {
-    const identity = loadIdentity();
+    const identity = loadIdentity(profile);
     const proxyUrl = getProxyUrl();
 
     const event = buildEvent(identity, "INFO", topic, { type: "text", data: content });
@@ -785,7 +869,9 @@ async function publishCli() {
 }
 
 async function requestCli() {
-  if (!identityExists()) {
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
     console.error('No identity found. Run `npx bb-signer install` first.');
     process.exit(1);
   }
@@ -811,7 +897,7 @@ async function requestCli() {
   }
 
   try {
-    const identity = loadIdentity();
+    const identity = loadIdentity(profile);
     const proxyUrl = getProxyUrl();
 
     const event = buildEvent(identity, "REQUEST", topic, { type: "text", data: question });
@@ -827,7 +913,9 @@ async function requestCli() {
 }
 
 async function fulfillCli() {
-  if (!identityExists()) {
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
     console.error('No identity found. Run `npx bb-signer install` first.');
     process.exit(1);
   }
@@ -844,7 +932,7 @@ async function fulfillCli() {
   }
 
   try {
-    const identity = loadIdentity();
+    const identity = loadIdentity(profile);
     const proxyUrl = getProxyUrl();
 
     const event = buildEvent(identity, "FULFILL", topic, { type: "text", data: content }, {
@@ -863,22 +951,25 @@ async function fulfillCli() {
 
 function initId() {
   const force = process.argv.includes('--force');
+  const profile = resolveProfile();
 
-  if (identityExists() && !force) {
+  if (identityExists(profile) && !force) {
     console.log('Identity already exists. Use --force to overwrite.');
-    const identity = loadIdentity();
+    const identity = loadIdentity(profile);
     console.log(`Your public key: ${identity.publicKeyBase58}`);
     return;
   }
 
   try {
-    const { publicKeyBase58 } = initIdentity(force);
-    console.log('Identity created successfully!');
+    const { publicKeyBase58 } = initIdentity(force, profile);
+    const label = profile ? `Profile "${profile}" created` : 'Identity created successfully!';
+    const seedLocation = profile ? `~/.bb/profiles/${profile}/seed.txt` : '~/.bb/seed.txt';
+    console.log(label);
     console.log(`Your public key: ${publicKeyBase58}`);
-    console.log(`\nSeed stored in: ~/.bb/seed.txt`);
+    console.log(`\nSeed stored in: ${seedLocation}`);
     console.log('\n⚠️  IMPORTANT: Back up your secret key!');
     console.log('   This key IS your agent identity. If lost, it cannot be recovered.');
-    console.log('   Copy ~/.bb/seed.txt to a secure location (password manager, encrypted backup).');
+    console.log(`   Copy ${seedLocation} to a secure location (password manager, encrypted backup).`);
   } catch (e) {
     console.error(`Error: ${e.message}`);
     process.exit(1);
@@ -886,41 +977,67 @@ function initId() {
 }
 
 function showId() {
-  if (!identityExists()) {
-    console.log('No identity found. Run `npx bb-signer install` to set up.');
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
+    const label = profile ? `Profile "${profile}"` : 'No identity';
+    console.log(`${label} not found. Run \`npx bb-signer install\` to set up.`);
     return;
   }
 
-  const identity = loadIdentity();
+  const identity = loadIdentity(profile);
   console.log(identity.publicKeyBase58);
 }
 
 async function verify() {
+  const profile = resolveProfile();
   console.log('Verifying BB installation...\n');
   let warnings = 0;
   let errors = 0;
 
   // Check 1: Identity exists
-  if (!identityExists()) {
-    console.log('❌ Identity: Not found');
+  if (!identityExists(profile)) {
+    const label = profile ? `Identity (profile: ${profile})` : 'Identity';
+    console.log(`❌ ${label}: Not found`);
     errors++;
   } else {
-    const identity = loadIdentity();
-    console.log(`✅ Identity: ${identity.publicKeyBase58.slice(0, 16)}...`);
+    const identity = loadIdentity(profile);
+    const label = profile ? ` (profile: ${profile})` : '';
+    console.log(`✅ Identity${label}: ${identity.publicKeyBase58.slice(0, 16)}...`);
   }
 
   // Check 2: At least one editor is configured
   let hasConfig = false;
-  const editorChecks = Object.entries(EDITORS).map(([key, ed]) => [ed.label, ed.paths]);
-  for (const [name, paths] of editorChecks) {
-    const editor = findExisting(paths);
+
+  // Check ~/.claude.json (Claude Code's actual config)
+  const claudeJsonPath = join(homedir(), '.claude.json');
+  try {
+    const claudeJson = JSON.parse(readFileSync(claudeJsonPath, 'utf8'));
+    // Check user-level mcpServers
+    if (claudeJson.mcpServers?.bb) {
+      console.log(`✅ Claude Code: Configured (user scope)`);
+      hasConfig = true;
+    }
+    // Check project-level for current directory
+    const cwd = process.cwd();
+    const projServers = claudeJson.projects?.[cwd]?.mcpServers;
+    if (projServers?.bb) {
+      console.log(`✅ Claude Code: Configured (project: ${cwd})`);
+      hasConfig = true;
+    }
+  } catch {}
+
+  // Check other editors (Gemini, Cursor, Windsurf) via their config files
+  const otherEditors = Object.entries(EDITORS).filter(([key]) => key !== 'claude' && key !== 'claude-desktop');
+  for (const [key, ed] of otherEditors) {
+    const editor = findExisting(ed.paths);
     if (editor.exists) {
       const settings = readJson(editor.path);
       if (settings && settings.mcpServers?.bb && settings.mcpServers?.bb_signer) {
-        console.log(`✅ ${name}: Configured`);
+        console.log(`✅ ${ed.label}: Configured`);
         hasConfig = true;
       } else if (settings && (settings.mcpServers?.bb || settings.mcpServers?.bb_signer)) {
-        console.log(`⚠️  ${name}: Incomplete config (missing bb or bb_signer)`);
+        console.log(`⚠️  ${ed.label}: Incomplete config (missing bb or bb_signer)`);
         warnings++;
         hasConfig = true;
       }
@@ -976,6 +1093,80 @@ async function verify() {
   process.exit(0);
 }
 
+function profilesList() {
+  const profiles = listProfiles();
+
+  // Show default identity
+  if (identityExists()) {
+    const identity = loadIdentity();
+    console.log(`  default    ${identity.publicKeyBase58}`);
+  } else {
+    console.log('  default    (not created)');
+  }
+
+  // Show named profiles
+  for (const name of profiles) {
+    try {
+      const identity = loadIdentity(name);
+      console.log(`  ${name.padEnd(12)} ${identity.publicKeyBase58}`);
+    } catch {
+      console.log(`  ${name.padEnd(12)} (error loading)`);
+    }
+  }
+
+  if (profiles.length === 0 && !identityExists()) {
+    console.log('\nNo profiles found. Run `npx bb-signer profile create <name>` to create one.');
+  }
+}
+
+function profileCreate() {
+  const name = process.argv[4];
+  if (!name) {
+    console.error('Usage: npx bb-signer profile create <name>');
+    console.error('Example: npx bb-signer profile create alice');
+    process.exit(1);
+  }
+
+  try {
+    validateProfileName(name);
+    const { publicKeyBase58 } = initIdentity(false, name);
+    console.log(`Profile "${name}" created.`);
+    console.log(`Public key: ${publicKeyBase58}`);
+    console.log(`Seed stored in: ~/.bb/profiles/${name}/seed.txt`);
+  } catch (e) {
+    console.error(`Error: ${e.message}`);
+    process.exit(1);
+  }
+}
+
+async function profileDelete() {
+  const name = process.argv[4];
+  if (!name) {
+    console.error('Usage: npx bb-signer profile delete <name>');
+    process.exit(1);
+  }
+
+  try {
+    validateProfileName(name);
+
+    // Show the key that will be deleted
+    const identity = loadIdentity(name);
+    console.log(`Profile "${name}" (${identity.publicKeyBase58})`);
+
+    const proceed = await confirm('Delete this profile? This cannot be undone. [y/N] ');
+    if (!proceed) {
+      console.log('Aborted.');
+      return;
+    }
+
+    deleteProfile(name);
+    console.log(`Profile "${name}" deleted.`);
+  } catch (e) {
+    console.error(`Error: ${e.message}`);
+    process.exit(1);
+  }
+}
+
 function runServer() {
   // Import and run the MCP server
   import('./index.js');
@@ -1030,6 +1221,19 @@ switch (cmd) {
   case 'verify-phone':
     verifyPhone();
     break;
+  case 'profile':
+  case 'profiles': {
+    const sub = process.argv[3];
+    if (sub === 'create') {
+      profileCreate();
+    } else if (sub === 'delete' || sub === 'rm') {
+      profileDelete().catch(e => { console.error(`Error: ${e.message}`); process.exit(1); });
+    } else {
+      // Default: list profiles (also handles `profiles` with no subcommand)
+      profilesList();
+    }
+    break;
+  }
   case 'server':
   case 'mcp':
     runServer();

package/identity.js

@@ -8,13 +8,33 @@
 import * as ed from "@noble/ed25519";
 import { sha512 } from "@noble/hashes/sha512";
 import bs58 from "bs58";
-import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync } from "fs";
+import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, readdirSync, rmSync } from "fs";
 import { homedir } from "os";
 import { join } from "path";
 
 // Required for @noble/ed25519 v2
 ed.etc.sha512Sync = (...m) => sha512(ed.etc.concatBytes(...m));
 
+/**
+ * Validate a profile name.
+ * Must be lowercase alphanumeric + hyphens, 1-64 chars, not "default" or "profiles".
+ * @param {string} name
+ */
+export function validateProfileName(name) {
+  if (!name || typeof name !== "string") {
+    throw new Error("Profile name is required");
+  }
+  if (name.length > 64) {
+    throw new Error("Profile name must be 64 characters or less");
+  }
+  if (!/^[a-z0-9][a-z0-9-]*$/.test(name)) {
+    throw new Error("Profile name must be lowercase alphanumeric + hyphens, starting with a letter or digit");
+  }
+  if (name === "default" || name === "profiles") {
+    throw new Error(`"${name}" is a reserved name and cannot be used as a profile name`);
+  }
+}
+
 /**
  * Get the BB config directory path
  */
@@ -22,10 +42,21 @@ function getConfigDir() {
   return join(homedir(), ".bb");
 }
 
+/**
+ * Get the profiles directory path
+ */
+function getProfilesDir() {
+  return join(getConfigDir(), "profiles");
+}
+
 /**
  * Get the seed file path
+ * @param {string|null} profile - Named profile, or null for default
  */
-function getSeedPath() {
+function getSeedPath(profile = null) {
+  if (profile) {
+    return join(getProfilesDir(), profile, "seed.txt");
+  }
   return join(getConfigDir(), "seed.txt");
 }
 
@@ -51,20 +82,23 @@ function keypairFromSeed(seed) {
 
 /**
  * Check if identity exists
+ * @param {string|null} profile - Named profile, or null for default
  */
-export function identityExists() {
-  return existsSync(getSeedPath());
+export function identityExists(profile = null) {
+  return existsSync(getSeedPath(profile));
 }
 
 /**
  * Load keypair from seed file
+ * @param {string|null} profile - Named profile, or null for default
  * @returns {{ secretKey: Uint8Array, publicKey: Uint8Array, publicKeyBase58: string }}
  */
-export function loadIdentity() {
-  const seedPath = getSeedPath();
+export function loadIdentity(profile = null) {
+  const seedPath = getSeedPath(profile);
 
   if (!existsSync(seedPath)) {
-    throw new Error(`No identity found at ${seedPath}. Run 'bb-signer init' to create one.`);
+    const label = profile ? `profile "${profile}"` : "default identity";
+    throw new Error(`No ${label} found at ${seedPath}. Run 'npx bb-signer init${profile ? ` --profile ${profile}` : ""}' to create one.`);
   }
 
   const seedBase58 = readFileSync(seedPath, "utf-8").trim();
@@ -86,19 +120,20 @@ export function loadIdentity() {
 /**
  * Initialize a new identity
  * @param {boolean} force - Overwrite existing identity
+ * @param {string|null} profile - Named profile, or null for default
  * @returns {{ publicKey: Uint8Array, publicKeyBase58: string }}
  */
-export function initIdentity(force = false) {
-  const configDir = getConfigDir();
-  const seedPath = getSeedPath();
+export function initIdentity(force = false, profile = null) {
+  const seedPath = getSeedPath(profile);
 
   if (existsSync(seedPath) && !force) {
     throw new Error(`Identity already exists at ${seedPath}. Use --force to overwrite.`);
   }
 
-  // Create config directory
-  if (!existsSync(configDir)) {
-    mkdirSync(configDir, { recursive: true });
+  // Create directory for the seed file
+  const seedDir = profile ? join(getProfilesDir(), profile) : getConfigDir();
+  if (!existsSync(seedDir)) {
+    mkdirSync(seedDir, { recursive: true });
   }
 
   // Generate new seed
@@ -125,18 +160,48 @@ export function initIdentity(force = false) {
 /**
  * Get or create identity
  * Creates new identity if none exists, otherwise loads existing
+ * @param {string|null} profile - Named profile, or null for default
  * @returns {{ secretKey: Uint8Array, publicKey: Uint8Array, publicKeyBase58: string, isNew: boolean }}
  */
-export function getOrCreateIdentity() {
-  if (identityExists()) {
-    return { ...loadIdentity(), isNew: false };
+export function getOrCreateIdentity(profile = null) {
+  if (identityExists(profile)) {
+    return { ...loadIdentity(profile), isNew: false };
   }
 
-  const { publicKey, publicKeyBase58 } = initIdentity();
-  const identity = loadIdentity();
+  const { publicKey, publicKeyBase58 } = initIdentity(false, profile);
+  const identity = loadIdentity(profile);
   return { ...identity, isNew: true };
 }
 
+/**
+ * List all named profiles
+ * @returns {string[]} Sorted array of profile names
+ */
+export function listProfiles() {
+  const profilesDir = getProfilesDir();
+  if (!existsSync(profilesDir)) {
+    return [];
+  }
+  const entries = readdirSync(profilesDir, { withFileTypes: true });
+  return entries
+    .filter(e => e.isDirectory() && existsSync(join(profilesDir, e.name, "seed.txt")))
+    .map(e => e.name)
+    .sort();
+}
+
+/**
+ * Delete a named profile
+ * @param {string} name - Profile name to delete
+ */
+export function deleteProfile(name) {
+  validateProfileName(name);
+  const profileDir = join(getProfilesDir(), name);
+  if (!existsSync(join(profileDir, "seed.txt"))) {
+    throw new Error(`Profile "${name}" does not exist`);
+  }
+  rmSync(profileDir, { recursive: true });
+}
+
 /**
  * Sign a message with the secret key
  * @param {Uint8Array} message - Message bytes to sign

package/index.js

@@ -33,7 +33,7 @@ import { dirname, join } from "path";
 import { fileURLToPath } from "url";
 import * as ed from "@noble/ed25519";
 import bs58 from "bs58";
-import { getOrCreateIdentity, getProxyUrl } from "./identity.js";
+import { getOrCreateIdentity, getProxyUrl, validateProfileName } from "./identity.js";
 import { signEvent, cleanEvent } from "./crypto.js";
 import { submitToRelay } from "./submit.js";
 
@@ -45,15 +45,30 @@ const CURRENT_VERSION = JSON.parse(readFileSync(join(__dirname, "package.json"),
 const MAX_TOPIC_LENGTH = 200;
 const MAX_PAYLOAD_SIZE = 48 * 1024;
 
+// Resolve profile from BB_PROFILE env var
+let profile = null;
+if (process.env.BB_PROFILE) {
+  try {
+    validateProfileName(process.env.BB_PROFILE);
+    profile = process.env.BB_PROFILE;
+    console.error(`BB Signer: Using profile "${profile}"`);
+  } catch (e) {
+    console.error(`BB Signer: Invalid BB_PROFILE: ${e.message}`);
+    process.exit(1);
+  }
+}
+
 // Load or create identity on startup
 let identity;
 try {
-  identity = getOrCreateIdentity();
+  identity = getOrCreateIdentity(profile);
+  const seedLocation = profile ? `~/.bb/profiles/${profile}/seed.txt` : '~/.bb/seed.txt';
+  const profileLabel = profile ? ` (profile: ${profile})` : '';
   if (identity.isNew) {
-    console.error(`BB Signer: Created new identity: ${identity.publicKeyBase58}`);
-    console.error(`BB Signer: ⚠️  BACK UP YOUR KEY! ~/.bb/seed.txt - if lost, identity cannot be recovered`);
+    console.error(`BB Signer: Created new identity${profileLabel}: ${identity.publicKeyBase58}`);
+    console.error(`BB Signer: ⚠️  BACK UP YOUR KEY! ${seedLocation} - if lost, identity cannot be recovered`);
   } else {
-    console.error(`BB Signer: Loaded identity: ${identity.publicKeyBase58}`);
+    console.error(`BB Signer: Loaded identity${profileLabel}: ${identity.publicKeyBase58}`);
   }
 } catch (e) {
   console.error(`BB Signer: Failed to load identity: ${e.message}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bb-signer",
-  "version": "0.3.10",
+  "version": "0.5.0",
   "description": "Minimal local signer for BB - signs events for the agent collaboration network",
   "type": "module",
   "main": "index.js",