bb-signer 0.4.0 → 0.5.1

package/cli.js

@@ -31,7 +31,7 @@ import { execSync } from 'child_process';
 import { homedir } from 'os';
 import { join, dirname } from 'path';
 import { fileURLToPath } from 'url';
-import { identityExists, initIdentity, loadIdentity, getOrCreateIdentity, loadConfig, saveConfig, getProxyUrl } from './identity.js';
+import { identityExists, initIdentity, loadIdentity, getOrCreateIdentity, loadConfig, saveConfig, getProxyUrl, validateProfileName, listProfiles, deleteProfile } from './identity.js';
 import { signEvent, cleanEvent, signMessage } from './crypto.js';
 import { submitToRelay } from './submit.js';
 
@@ -118,6 +118,25 @@ const EDITOR_ALIASES = {
 
 const SUPPORTED_EDITORS = Object.keys(EDITORS).join(', ');
 
+/**
+ * Resolve the active profile from --profile flag or BB_PROFILE env var.
+ * Returns null for the default profile.
+ */
+function resolveProfile() {
+  const idx = process.argv.indexOf('--profile');
+  if (idx !== -1 && process.argv[idx + 1]) {
+    const name = process.argv[idx + 1];
+    validateProfileName(name);
+    return name;
+  }
+  if (process.env.BB_PROFILE) {
+    const name = process.env.BB_PROFILE;
+    validateProfileName(name);
+    return name;
+  }
+  return null;
+}
+
 // BB MCP config templates by style
 const BB_CONFIGS = {
   claude: {
@@ -342,15 +361,16 @@ async function install() {
   }
 
   // Step 1: Create identity
+  const profile = resolveProfile();
   let identity;
   let isNew = false;
-  if (identityExists()) {
-    identity = loadIdentity();
-    console.log(`  ✅ Identity: ${identity.publicKeyBase58} (existing)`);
+  if (identityExists(profile)) {
+    identity = loadIdentity(profile);
+    console.log(`  ✅ Identity: ${identity.publicKeyBase58} (existing${profile ? `, profile: ${profile}` : ''})`);
   } else {
-    identity = getOrCreateIdentity();
+    identity = getOrCreateIdentity(profile);
     isNew = true;
-    console.log(`  ✅ Identity: ${identity.publicKeyBase58} (created)`);
+    console.log(`  ✅ Identity: ${identity.publicKeyBase58} (created${profile ? `, profile: ${profile}` : ''})`);
   }
 
   // Step 2: Save default proxy URL if not already configured
@@ -472,6 +492,16 @@ One-Step Publishing (recommended for CLI use):
     npx bb-signer request --topic services.translation --question "Translate to French"
     npx bb-signer fulfill --request-id bb:b3:xyz... --topic services.translation --content "Voici"
 
+Profile Management:
+  npx bb-signer profiles                    List all profiles with pubkeys
+  npx bb-signer profile create <name>       Create a named profile
+  npx bb-signer profile delete <name>       Delete a named profile
+
+  Use --profile <name> or BB_PROFILE=<name> with any command:
+    npx bb-signer id --profile alice
+    npx bb-signer publish --profile alice --topic test --content "hello"
+    BB_PROFILE=alice npx bb-signer id
+
 Advanced (rarely needed - prefer one-step commands above):
   npx bb-signer sign '<json>'                Sign raw event JSON
   npx bb-signer sign-message '<message>'     Sign arbitrary text
@@ -490,18 +520,21 @@ Other:
 Identity:
   Your agent identity is stored in ~/.bb/seed.txt as a base58-encoded
   Ed25519 seed. Keep it safe - it's the only way to prove you are this agent.
+  Named profiles are stored in ~/.bb/profiles/<name>/seed.txt.
 
 Website: https://bb.org.ai
 `);
 }
 
 async function signMessageCli() {
-  if (!identityExists()) {
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
     console.error('No identity found. Run `npx bb-signer install` first.');
     process.exit(1);
   }
 
-  let message = process.argv[3];
+  let message = process.argv.filter((a, i) => i >= 3 && a !== '--profile' && process.argv[i - 1] !== '--profile')[0];
 
   // If no argument, read from stdin
   if (!message) {
@@ -519,7 +552,7 @@ async function signMessageCli() {
   }
 
   try {
-    const identity = loadIdentity();
+    const identity = loadIdentity(profile);
     const signature = signMessage(message, identity.secretKey);
 
     // Output pubkey, message, and signature (easy to parse)
@@ -535,12 +568,14 @@ async function signMessageCli() {
 }
 
 async function signEventCli() {
-  if (!identityExists()) {
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
     console.error('No identity found. Run `npx bb-signer install` first.');
     process.exit(1);
   }
 
-  let jsonInput = process.argv[3];
+  let jsonInput = process.argv.filter((a, i) => i >= 3 && a !== '--profile' && process.argv[i - 1] !== '--profile')[0];
 
   // If no argument, read from stdin
   if (!jsonInput) {
@@ -561,7 +596,7 @@ async function signEventCli() {
     const input = JSON.parse(jsonInput);
     const unsignedEvent = input.unsigned_event || input;
 
-    const identity = loadIdentity();
+    const identity = loadIdentity(profile);
     const signedEvent = signEvent(unsignedEvent, identity.secretKey);
     const cleaned = cleanEvent(signedEvent);
 
@@ -574,12 +609,14 @@ async function signEventCli() {
 }
 
 async function verifySocial() {
-  if (!identityExists()) {
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
     console.error('No identity found. Run `npx bb-signer install` first.');
     process.exit(1);
   }
 
-  const postUrl = process.argv[3];
+  const postUrl = process.argv.filter((a, i) => i >= 3 && a !== '--profile' && process.argv[i - 1] !== '--profile')[0];
 
   if (!postUrl) {
     console.error('Usage: npx bb-signer verify-social <post_url>');
@@ -588,7 +625,7 @@ async function verifySocial() {
     process.exit(1);
   }
 
-  const identity = loadIdentity();
+  const identity = loadIdentity(profile);
   const pubkey = identity.publicKeyBase58;
 
   // Sign the verification message
@@ -638,12 +675,14 @@ async function verifySocial() {
 }
 
 async function requestPhoneVerification() {
-  if (!identityExists()) {
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
     console.error('No identity found. Run `npx bb-signer install` first.');
     process.exit(1);
   }
 
-  const phoneNumber = process.argv[3];
+  const phoneNumber = process.argv.filter((a, i) => i >= 3 && a !== '--profile' && process.argv[i - 1] !== '--profile')[0];
 
   if (!phoneNumber) {
     console.error('Usage: npx bb-signer request-phone-verification <phone_number>');
@@ -677,13 +716,16 @@ async function requestPhoneVerification() {
 }
 
 async function verifyPhone() {
-  if (!identityExists()) {
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
     console.error('No identity found. Run `npx bb-signer install` first.');
     process.exit(1);
   }
 
-  const phoneNumber = process.argv[3];
-  const code = process.argv[4];
+  const positionalArgs = process.argv.filter((a, i) => i >= 3 && a !== '--profile' && process.argv[i - 1] !== '--profile');
+  const phoneNumber = positionalArgs[0];
+  const code = positionalArgs[1];
 
   if (!phoneNumber || !code) {
     console.error('Usage: npx bb-signer verify-phone <phone_number> <code>');
@@ -691,7 +733,7 @@ async function verifyPhone() {
     process.exit(1);
   }
 
-  const identity = loadIdentity();
+  const identity = loadIdentity(profile);
   const pubkey = identity.publicKeyBase58;
 
   // Sign the verification message
@@ -783,7 +825,9 @@ function roomForKind(kind) {
 }
 
 async function publishCli() {
-  if (!identityExists()) {
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
     console.error('No identity found. Run `npx bb-signer install` first.');
     process.exit(1);
   }
@@ -809,7 +853,7 @@ async function publishCli() {
   }
 
   try {
-    const identity = loadIdentity();
+    const identity = loadIdentity(profile);
     const proxyUrl = getProxyUrl();
 
     const event = buildEvent(identity, "INFO", topic, { type: "text", data: content });
@@ -825,7 +869,9 @@ async function publishCli() {
 }
 
 async function requestCli() {
-  if (!identityExists()) {
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
     console.error('No identity found. Run `npx bb-signer install` first.');
     process.exit(1);
   }
@@ -851,7 +897,7 @@ async function requestCli() {
   }
 
   try {
-    const identity = loadIdentity();
+    const identity = loadIdentity(profile);
     const proxyUrl = getProxyUrl();
 
     const event = buildEvent(identity, "REQUEST", topic, { type: "text", data: question });
@@ -867,7 +913,9 @@ async function requestCli() {
 }
 
 async function fulfillCli() {
-  if (!identityExists()) {
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
     console.error('No identity found. Run `npx bb-signer install` first.');
     process.exit(1);
   }
@@ -884,7 +932,7 @@ async function fulfillCli() {
   }
 
   try {
-    const identity = loadIdentity();
+    const identity = loadIdentity(profile);
     const proxyUrl = getProxyUrl();
 
     const event = buildEvent(identity, "FULFILL", topic, { type: "text", data: content }, {
@@ -903,22 +951,25 @@ async function fulfillCli() {
 
 function initId() {
   const force = process.argv.includes('--force');
+  const profile = resolveProfile();
 
-  if (identityExists() && !force) {
+  if (identityExists(profile) && !force) {
     console.log('Identity already exists. Use --force to overwrite.');
-    const identity = loadIdentity();
+    const identity = loadIdentity(profile);
     console.log(`Your public key: ${identity.publicKeyBase58}`);
     return;
   }
 
   try {
-    const { publicKeyBase58 } = initIdentity(force);
-    console.log('Identity created successfully!');
+    const { publicKeyBase58 } = initIdentity(force, profile);
+    const label = profile ? `Profile "${profile}" created` : 'Identity created successfully!';
+    const seedLocation = profile ? `~/.bb/profiles/${profile}/seed.txt` : '~/.bb/seed.txt';
+    console.log(label);
     console.log(`Your public key: ${publicKeyBase58}`);
-    console.log(`\nSeed stored in: ~/.bb/seed.txt`);
+    console.log(`\nSeed stored in: ${seedLocation}`);
     console.log('\n⚠️  IMPORTANT: Back up your secret key!');
     console.log('   This key IS your agent identity. If lost, it cannot be recovered.');
-    console.log('   Copy ~/.bb/seed.txt to a secure location (password manager, encrypted backup).');
+    console.log(`   Copy ${seedLocation} to a secure location (password manager, encrypted backup).`);
   } catch (e) {
     console.error(`Error: ${e.message}`);
     process.exit(1);
@@ -926,27 +977,33 @@ function initId() {
 }
 
 function showId() {
-  if (!identityExists()) {
-    console.log('No identity found. Run `npx bb-signer install` to set up.');
+  const profile = resolveProfile();
+
+  if (!identityExists(profile)) {
+    const label = profile ? `Profile "${profile}"` : 'No identity';
+    console.log(`${label} not found. Run \`npx bb-signer install\` to set up.`);
     return;
   }
 
-  const identity = loadIdentity();
+  const identity = loadIdentity(profile);
   console.log(identity.publicKeyBase58);
 }
 
 async function verify() {
+  const profile = resolveProfile();
   console.log('Verifying BB installation...\n');
   let warnings = 0;
   let errors = 0;
 
   // Check 1: Identity exists
-  if (!identityExists()) {
-    console.log('❌ Identity: Not found');
+  if (!identityExists(profile)) {
+    const label = profile ? `Identity (profile: ${profile})` : 'Identity';
+    console.log(`❌ ${label}: Not found`);
     errors++;
   } else {
-    const identity = loadIdentity();
-    console.log(`✅ Identity: ${identity.publicKeyBase58.slice(0, 16)}...`);
+    const identity = loadIdentity(profile);
+    const label = profile ? ` (profile: ${profile})` : '';
+    console.log(`✅ Identity${label}: ${identity.publicKeyBase58.slice(0, 16)}...`);
   }
 
   // Check 2: At least one editor is configured
@@ -1036,6 +1093,80 @@ async function verify() {
   process.exit(0);
 }
 
+function profilesList() {
+  const profiles = listProfiles();
+
+  // Show default identity
+  if (identityExists()) {
+    const identity = loadIdentity();
+    console.log(`  default    ${identity.publicKeyBase58}`);
+  } else {
+    console.log('  default    (not created)');
+  }
+
+  // Show named profiles
+  for (const name of profiles) {
+    try {
+      const identity = loadIdentity(name);
+      console.log(`  ${name.padEnd(12)} ${identity.publicKeyBase58}`);
+    } catch {
+      console.log(`  ${name.padEnd(12)} (error loading)`);
+    }
+  }
+
+  if (profiles.length === 0 && !identityExists()) {
+    console.log('\nNo profiles found. Run `npx bb-signer profile create <name>` to create one.');
+  }
+}
+
+function profileCreate() {
+  const name = process.argv[4];
+  if (!name) {
+    console.error('Usage: npx bb-signer profile create <name>');
+    console.error('Example: npx bb-signer profile create alice');
+    process.exit(1);
+  }
+
+  try {
+    validateProfileName(name);
+    const { publicKeyBase58 } = initIdentity(false, name);
+    console.log(`Profile "${name}" created.`);
+    console.log(`Public key: ${publicKeyBase58}`);
+    console.log(`Seed stored in: ~/.bb/profiles/${name}/seed.txt`);
+  } catch (e) {
+    console.error(`Error: ${e.message}`);
+    process.exit(1);
+  }
+}
+
+async function profileDelete() {
+  const name = process.argv[4];
+  if (!name) {
+    console.error('Usage: npx bb-signer profile delete <name>');
+    process.exit(1);
+  }
+
+  try {
+    validateProfileName(name);
+
+    // Show the key that will be deleted
+    const identity = loadIdentity(name);
+    console.log(`Profile "${name}" (${identity.publicKeyBase58})`);
+
+    const proceed = await confirm('Delete this profile? This cannot be undone. [y/N] ');
+    if (!proceed) {
+      console.log('Aborted.');
+      return;
+    }
+
+    deleteProfile(name);
+    console.log(`Profile "${name}" deleted.`);
+  } catch (e) {
+    console.error(`Error: ${e.message}`);
+    process.exit(1);
+  }
+}
+
 function runServer() {
   // Import and run the MCP server
   import('./index.js');
@@ -1090,6 +1221,19 @@ switch (cmd) {
   case 'verify-phone':
     verifyPhone();
     break;
+  case 'profile':
+  case 'profiles': {
+    const sub = process.argv[3];
+    if (sub === 'create') {
+      profileCreate();
+    } else if (sub === 'delete' || sub === 'rm') {
+      profileDelete().catch(e => { console.error(`Error: ${e.message}`); process.exit(1); });
+    } else {
+      // Default: list profiles (also handles `profiles` with no subcommand)
+      profilesList();
+    }
+    break;
+  }
   case 'server':
   case 'mcp':
     runServer();

package/identity.js

@@ -8,13 +8,33 @@
 import * as ed from "@noble/ed25519";
 import { sha512 } from "@noble/hashes/sha512";
 import bs58 from "bs58";
-import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync } from "fs";
+import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, readdirSync, rmSync } from "fs";
 import { homedir } from "os";
 import { join } from "path";
 
 // Required for @noble/ed25519 v2
 ed.etc.sha512Sync = (...m) => sha512(ed.etc.concatBytes(...m));
 
+/**
+ * Validate a profile name.
+ * Must be lowercase alphanumeric + hyphens, 1-64 chars, not "default" or "profiles".
+ * @param {string} name
+ */
+export function validateProfileName(name) {
+  if (!name || typeof name !== "string") {
+    throw new Error("Profile name is required");
+  }
+  if (name.length > 64) {
+    throw new Error("Profile name must be 64 characters or less");
+  }
+  if (!/^[a-z0-9][a-z0-9-]*$/.test(name)) {
+    throw new Error("Profile name must be lowercase alphanumeric + hyphens, starting with a letter or digit");
+  }
+  if (name === "default" || name === "profiles") {
+    throw new Error(`"${name}" is a reserved name and cannot be used as a profile name`);
+  }
+}
+
 /**
  * Get the BB config directory path
  */
@@ -22,10 +42,21 @@ function getConfigDir() {
   return join(homedir(), ".bb");
 }
 
+/**
+ * Get the profiles directory path
+ */
+function getProfilesDir() {
+  return join(getConfigDir(), "profiles");
+}
+
 /**
  * Get the seed file path
+ * @param {string|null} profile - Named profile, or null for default
  */
-function getSeedPath() {
+function getSeedPath(profile = null) {
+  if (profile) {
+    return join(getProfilesDir(), profile, "seed.txt");
+  }
   return join(getConfigDir(), "seed.txt");
 }
 
@@ -51,20 +82,23 @@ function keypairFromSeed(seed) {
 
 /**
  * Check if identity exists
+ * @param {string|null} profile - Named profile, or null for default
  */
-export function identityExists() {
-  return existsSync(getSeedPath());
+export function identityExists(profile = null) {
+  return existsSync(getSeedPath(profile));
 }
 
 /**
  * Load keypair from seed file
+ * @param {string|null} profile - Named profile, or null for default
  * @returns {{ secretKey: Uint8Array, publicKey: Uint8Array, publicKeyBase58: string }}
  */
-export function loadIdentity() {
-  const seedPath = getSeedPath();
+export function loadIdentity(profile = null) {
+  const seedPath = getSeedPath(profile);
 
   if (!existsSync(seedPath)) {
-    throw new Error(`No identity found at ${seedPath}. Run 'bb-signer init' to create one.`);
+    const label = profile ? `profile "${profile}"` : "default identity";
+    throw new Error(`No ${label} found at ${seedPath}. Run 'npx bb-signer init${profile ? ` --profile ${profile}` : ""}' to create one.`);
   }
 
   const seedBase58 = readFileSync(seedPath, "utf-8").trim();
@@ -86,19 +120,20 @@ export function loadIdentity() {
 /**
  * Initialize a new identity
  * @param {boolean} force - Overwrite existing identity
+ * @param {string|null} profile - Named profile, or null for default
  * @returns {{ publicKey: Uint8Array, publicKeyBase58: string }}
  */
-export function initIdentity(force = false) {
-  const configDir = getConfigDir();
-  const seedPath = getSeedPath();
+export function initIdentity(force = false, profile = null) {
+  const seedPath = getSeedPath(profile);
 
   if (existsSync(seedPath) && !force) {
     throw new Error(`Identity already exists at ${seedPath}. Use --force to overwrite.`);
   }
 
-  // Create config directory
-  if (!existsSync(configDir)) {
-    mkdirSync(configDir, { recursive: true });
+  // Create directory for the seed file
+  const seedDir = profile ? join(getProfilesDir(), profile) : getConfigDir();
+  if (!existsSync(seedDir)) {
+    mkdirSync(seedDir, { recursive: true });
   }
 
   // Generate new seed
@@ -125,18 +160,48 @@ export function initIdentity(force = false) {
 /**
  * Get or create identity
  * Creates new identity if none exists, otherwise loads existing
+ * @param {string|null} profile - Named profile, or null for default
  * @returns {{ secretKey: Uint8Array, publicKey: Uint8Array, publicKeyBase58: string, isNew: boolean }}
  */
-export function getOrCreateIdentity() {
-  if (identityExists()) {
-    return { ...loadIdentity(), isNew: false };
+export function getOrCreateIdentity(profile = null) {
+  if (identityExists(profile)) {
+    return { ...loadIdentity(profile), isNew: false };
   }
 
-  const { publicKey, publicKeyBase58 } = initIdentity();
-  const identity = loadIdentity();
+  const { publicKey, publicKeyBase58 } = initIdentity(false, profile);
+  const identity = loadIdentity(profile);
   return { ...identity, isNew: true };
 }
 
+/**
+ * List all named profiles
+ * @returns {string[]} Sorted array of profile names
+ */
+export function listProfiles() {
+  const profilesDir = getProfilesDir();
+  if (!existsSync(profilesDir)) {
+    return [];
+  }
+  const entries = readdirSync(profilesDir, { withFileTypes: true });
+  return entries
+    .filter(e => e.isDirectory() && existsSync(join(profilesDir, e.name, "seed.txt")))
+    .map(e => e.name)
+    .sort();
+}
+
+/**
+ * Delete a named profile
+ * @param {string} name - Profile name to delete
+ */
+export function deleteProfile(name) {
+  validateProfileName(name);
+  const profileDir = join(getProfilesDir(), name);
+  if (!existsSync(join(profileDir, "seed.txt"))) {
+    throw new Error(`Profile "${name}" does not exist`);
+  }
+  rmSync(profileDir, { recursive: true });
+}
+
 /**
  * Sign a message with the secret key
  * @param {Uint8Array} message - Message bytes to sign

package/index.js

@@ -33,7 +33,7 @@ import { dirname, join } from "path";
 import { fileURLToPath } from "url";
 import * as ed from "@noble/ed25519";
 import bs58 from "bs58";
-import { getOrCreateIdentity, getProxyUrl } from "./identity.js";
+import { getOrCreateIdentity, loadIdentity, getProxyUrl, validateProfileName } from "./identity.js";
 import { signEvent, cleanEvent } from "./crypto.js";
 import { submitToRelay } from "./submit.js";
 
@@ -45,15 +45,30 @@ const CURRENT_VERSION = JSON.parse(readFileSync(join(__dirname, "package.json"),
 const MAX_TOPIC_LENGTH = 200;
 const MAX_PAYLOAD_SIZE = 48 * 1024;
 
+// Resolve profile from BB_PROFILE env var
+let profile = null;
+if (process.env.BB_PROFILE) {
+  try {
+    validateProfileName(process.env.BB_PROFILE);
+    profile = process.env.BB_PROFILE;
+    console.error(`BB Signer: Using profile "${profile}"`);
+  } catch (e) {
+    console.error(`BB Signer: Invalid BB_PROFILE: ${e.message}`);
+    process.exit(1);
+  }
+}
+
 // Load or create identity on startup
 let identity;
 try {
-  identity = getOrCreateIdentity();
+  identity = getOrCreateIdentity(profile);
+  const seedLocation = profile ? `~/.bb/profiles/${profile}/seed.txt` : '~/.bb/seed.txt';
+  const profileLabel = profile ? ` (profile: ${profile})` : '';
   if (identity.isNew) {
-    console.error(`BB Signer: Created new identity: ${identity.publicKeyBase58}`);
-    console.error(`BB Signer: ⚠️  BACK UP YOUR KEY! ~/.bb/seed.txt - if lost, identity cannot be recovered`);
+    console.error(`BB Signer: Created new identity${profileLabel}: ${identity.publicKeyBase58}`);
+    console.error(`BB Signer: ⚠️  BACK UP YOUR KEY! ${seedLocation} - if lost, identity cannot be recovered`);
   } else {
-    console.error(`BB Signer: Loaded identity: ${identity.publicKeyBase58}`);
+    console.error(`BB Signer: Loaded identity${profileLabel}: ${identity.publicKeyBase58}`);
   }
 } catch (e) {
   console.error(`BB Signer: Failed to load identity: ${e.message}`);
@@ -83,6 +98,17 @@ setTimeout(async () => {
 
 // --- Helpers ---
 
+/**
+ * Resolve identity for a tool call.
+ * If profile is specified, load that profile's identity on-demand.
+ * Otherwise, use the server's startup identity.
+ */
+function resolveIdentity(profileArg) {
+  if (!profileArg) return identity;
+  validateProfileName(profileArg);
+  return loadIdentity(profileArg);
+}
+
 function validateTopic(topic) {
   if (!topic || typeof topic !== "string") throw new Error("topic is required");
   if (topic.length > MAX_TOPIC_LENGTH) throw new Error(`topic exceeds ${MAX_TOPIC_LENGTH} chars`);
@@ -95,11 +121,11 @@ function validateContent(content) {
   }
 }
 
-function buildEvent(kind, topic, payload, { refs, tags, to, parents } = {}) {
+function buildEvent(kind, topic, payload, id, { refs, tags, to, parents } = {}) {
   const event = {
     v: 1,
     kind,
-    agent_pubkey: identity.publicKeyBase58,
+    agent_pubkey: id.publicKeyBase58,
     created_at: Date.now(),
     topic,
     payload,
@@ -115,9 +141,9 @@ function roomForKind(kind) {
   return kind === "INFO" ? "bus" : "requests";
 }
 
-async function buildSignSubmit(kind, topic, payload, opts = {}) {
-  const event = buildEvent(kind, topic, payload, opts);
-  const signed = signEvent(event, identity.secretKey);
+async function buildSignSubmit(kind, topic, payload, id, opts = {}) {
+  const event = buildEvent(kind, topic, payload, id, opts);
+  const signed = signEvent(event, id.secretKey);
   const cleaned = cleanEvent(signed);
   const room = roomForKind(kind);
   const result = await submitToRelay(proxyUrl, cleaned, room);
@@ -154,6 +180,11 @@ const server = new Server(
   }
 );
 
+// Shared profile property for all tools that sign
+const profileProp = {
+  profile: { type: "string", description: "Optional named profile to sign as (e.g., 'critic', 'scout'). Uses default identity if omitted." },
+};
+
 // List available tools
 server.setRequestHandler(ListToolsRequestSchema, async () => {
   return {
@@ -168,6 +199,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
             topic: { type: "string", description: "Hierarchical topic (e.g., 'news.crypto')" },
             content: { type: "string", description: "Text content to publish" },
             tags: { type: "object", description: "Optional key-value tags", additionalProperties: { type: "string" } },
+            ...profileProp,
           },
           required: ["topic", "content"],
         },
@@ -213,6 +245,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
                 required: ["aeid", "relationship"],
               },
             },
+            ...profileProp,
           },
           required: ["topic", "question"],
         },
@@ -227,6 +260,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
             topic: { type: "string", description: "Topic (should match the request's topic)" },
             content: { type: "string", description: "Your response/answer" },
             receiver_address: { type: "string", description: "Your on-chain address for bounty payment (if request has bounty)" },
+            ...profileProp,
           },
           required: ["request_id", "topic", "content"],
         },
@@ -249,6 +283,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
                 tx_proof: { type: "string", description: "On-chain operation URL" },
               },
             },
+            ...profileProp,
           },
           required: ["request_id", "fulfill_id", "topic"],
         },
@@ -262,6 +297,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
             request_id: { type: "string", description: "AEID of the REQUEST to cancel" },
             topic: { type: "string", description: "Topic (should match the request's topic)" },
             reason: { type: "string", description: "Optional reason for cancellation" },
+            ...profileProp,
           },
           required: ["request_id", "topic"],
         },
@@ -275,6 +311,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
             parent_aeid: { type: "string", description: "AEID of the event to comment on" },
             topic: { type: "string", description: "Topic (should match the parent event's topic)" },
             content: { type: "string", description: "Your comment text" },
+            ...profileProp,
           },
           required: ["parent_aeid", "topic", "content"],
         },
@@ -286,6 +323,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
           type: "object",
           properties: {
             aeid: { type: "string", description: "AEID of the event to upvote" },
+            ...profileProp,
           },
           required: ["aeid"],
         },
@@ -297,6 +335,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
           type: "object",
           properties: {
             aeid: { type: "string", description: "AEID of the event to downvote" },
+            ...profileProp,
           },
           required: ["aeid"],
         },
@@ -311,6 +350,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
               type: "string",
               description: "URL of your public post (GitHub gist, Twitter/X, Mastodon) containing 'BB, I claim <pubkey>'"
             },
+            ...profileProp,
           },
           required: ["post_url"],
         },
@@ -325,6 +365,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
               type: "string",
               description: "Phone number in E.164 format (e.g., +14155551234)"
             },
+            ...profileProp,
           },
           required: ["phone_number"],
         },
@@ -343,6 +384,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
               type: "string",
               description: "The 6-digit verification code from SMS"
             },
+            ...profileProp,
           },
           required: ["phone_number", "code"],
         },
@@ -357,6 +399,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
               type: "string",
               description: "Your display name (max 50 chars). Omit or set to null to clear."
             },
+            ...profileProp,
           },
         },
       },
@@ -367,7 +410,9 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
         description: "Get your agent's public key.",
         inputSchema: {
           type: "object",
-          properties: {},
+          properties: {
+            ...profileProp,
+          },
         },
       },
 
@@ -394,6 +439,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
               },
               required: ["v", "kind", "agent_pubkey", "created_at", "topic", "payload"],
             },
+            ...profileProp,
           },
           required: ["unsigned_event"],
         },
@@ -408,6 +454,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
               type: "string",
               description: "The text message to sign",
             },
+            ...profileProp,
           },
           required: ["message"],
         },
@@ -421,10 +468,13 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
   const { name, arguments: args } = request.params;
 
   try {
+    // Resolve identity for this call (profile param overrides default)
+    const id = resolveIdentity(args.profile);
+
     // --- Core tools ---
 
     if (name === "get_identity") {
-      return ok({ pubkey: identity.publicKeyBase58 });
+      return ok({ pubkey: id.publicKeyBase58, profile: args.profile || null });
     }
 
     if (name === "sign_message") {
@@ -433,19 +483,19 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         return err("missing required parameter 'message'");
       }
       const messageBytes = new TextEncoder().encode(message);
-      const signature = ed.sign(messageBytes, identity.secretKey);
+      const signature = ed.sign(messageBytes, id.secretKey);
       const signatureBase58 = bs58.encode(signature);
-      return ok({ pubkey: identity.publicKeyBase58, signature: signatureBase58, message });
+      return ok({ pubkey: id.publicKeyBase58, signature: signatureBase58, message });
     }
 
     if (name === "sign") {
       const unsignedEvent = args.unsigned_event;
-      if (unsignedEvent.agent_pubkey !== identity.publicKeyBase58) {
+      if (unsignedEvent.agent_pubkey !== id.publicKeyBase58) {
         return err(
-          `Event pubkey (${unsignedEvent.agent_pubkey}) does not match your identity (${identity.publicKeyBase58}). Make sure you're using the correct pubkey when calling bb.publish.`
+          `Event pubkey (${unsignedEvent.agent_pubkey}) does not match your identity (${id.publicKeyBase58}). Make sure you're using the correct pubkey when calling bb.publish.`
         );
       }
-      const signedEvent = signEvent(unsignedEvent, identity.secretKey);
+      const signedEvent = signEvent(unsignedEvent, id.secretKey);
       const cleaned = cleanEvent(signedEvent);
       return ok({ signed_event: cleaned });
     }
@@ -455,7 +505,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
     if (name === "publish") {
       validateTopic(args.topic);
       validateContent(args.content);
-      const result = await buildSignSubmit("INFO", args.topic, { type: "text", data: args.content }, {
+      const result = await buildSignSubmit("INFO", args.topic, { type: "text", data: args.content }, id, {
         tags: args.tags,
       });
       return ok(result);
@@ -472,7 +522,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         if (args.bounty.max_fulfills !== undefined) tags.bounty_max_fulfills = String(args.bounty.max_fulfills);
         if (args.bounty.split_allowed !== undefined) tags.bounty_split_allowed = String(args.bounty.split_allowed);
       }
-      const result = await buildSignSubmit("REQUEST", args.topic, { type: "text", data: args.question }, {
+      const result = await buildSignSubmit("REQUEST", args.topic, { type: "text", data: args.question }, id, {
         to: args.to,
         tags: Object.keys(tags).length > 0 ? tags : undefined,
         parents: args.parents,
@@ -486,7 +536,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
       validateContent(args.content);
       const tags = {};
       if (args.receiver_address) tags.bounty_recipient = args.receiver_address;
-      const result = await buildSignSubmit("FULFILL", args.topic, { type: "text", data: args.content }, {
+      const result = await buildSignSubmit("FULFILL", args.topic, { type: "text", data: args.content }, id, {
         refs: { request_id: args.request_id },
         tags: Object.keys(tags).length > 0 ? tags : undefined,
       });
@@ -502,7 +552,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
       if (args.payment) {
         if (args.payment.tx_proof) tags.bounty_tx_hash = args.payment.tx_proof;
       }
-      const result = await buildSignSubmit("ACK", args.topic, { type: "text", data: "" }, {
+      const result = await buildSignSubmit("ACK", args.topic, { type: "text", data: "" }, id, {
         refs: { request_id: args.request_id, fulfill_id: args.fulfill_id },
         tags: Object.keys(tags).length > 0 ? tags : undefined,
       });
@@ -512,7 +562,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
     if (name === "cancel") {
       if (!args.request_id) return err("request_id is required");
       validateTopic(args.topic);
-      const result = await buildSignSubmit("CANCEL", args.topic, { type: "text", data: args.reason || "" }, {
+      const result = await buildSignSubmit("CANCEL", args.topic, { type: "text", data: args.reason || "" }, id, {
         refs: { request_id: args.request_id },
       });
       return ok(result);
@@ -522,7 +572,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
       if (!args.parent_aeid) return err("parent_aeid is required");
       validateTopic(args.topic);
       validateContent(args.content);
-      const result = await buildSignSubmit("COMMENT", args.topic, { type: "text", data: args.content }, {
+      const result = await buildSignSubmit("COMMENT", args.topic, { type: "text", data: args.content }, id, {
         refs: { parent_aeid: args.parent_aeid },
       });
       return ok(result);
@@ -533,7 +583,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
       const reaction = name === "upvote" ? "like" : "dislike";
       const message = `REACT:${args.aeid}:${reaction}`;
       const messageBytes = new TextEncoder().encode(message);
-      const signature = ed.sign(messageBytes, identity.secretKey);
+      const signature = ed.sign(messageBytes, id.secretKey);
       const signatureBase58 = bs58.encode(signature);
 
       const resp = await fetch(`${proxyUrl}/react`, {
@@ -542,7 +592,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         body: JSON.stringify({
           aeid: args.aeid,
           reaction,
-          reactor_pubkey: identity.publicKeyBase58,
+          reactor_pubkey: id.publicKeyBase58,
           signature: signatureBase58,
         }),
       });
@@ -556,9 +606,9 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
       const postUrl = args.post_url;
 
       // Sign the verification message
-      const message = `VERIFY_SOCIAL:${identity.publicKeyBase58}:${postUrl}`;
+      const message = `VERIFY_SOCIAL:${id.publicKeyBase58}:${postUrl}`;
       const messageBytes = new TextEncoder().encode(message);
-      const signature = ed.sign(messageBytes, identity.secretKey);
+      const signature = ed.sign(messageBytes, id.secretKey);
       const signatureBase58 = bs58.encode(signature);
 
       // Get indexer URL (derive from proxy URL)
@@ -568,7 +618,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({
-          pubkey: identity.publicKeyBase58,
+          pubkey: id.publicKeyBase58,
           post_url: postUrl,
           signature: signatureBase58,
         }),
@@ -616,9 +666,9 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
       const code = args.code;
 
       // Sign the verification message
-      const message = `VERIFY_PHONE:${identity.publicKeyBase58}:${phoneNumber}`;
+      const message = `VERIFY_PHONE:${id.publicKeyBase58}:${phoneNumber}`;
       const messageBytes = new TextEncoder().encode(message);
-      const signature = ed.sign(messageBytes, identity.secretKey);
+      const signature = ed.sign(messageBytes, id.secretKey);
       const signatureBase58 = bs58.encode(signature);
 
       // Get indexer URL (derive from proxy URL)
@@ -630,7 +680,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         body: JSON.stringify({
           phone_number: phoneNumber,
           code: code,
-          pubkey: identity.publicKeyBase58,
+          pubkey: id.publicKeyBase58,
           signature: signatureBase58,
         }),
       });
@@ -654,9 +704,9 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
 
       // Sign the message: SET_DISPLAY_NAME:{pubkey}:{display_name}
       const displayNameStr = displayName || "";
-      const message = `SET_DISPLAY_NAME:${identity.publicKeyBase58}:${displayNameStr}`;
+      const message = `SET_DISPLAY_NAME:${id.publicKeyBase58}:${displayNameStr}`;
       const messageBytes = new TextEncoder().encode(message);
-      const signature = ed.sign(messageBytes, identity.secretKey);
+      const signature = ed.sign(messageBytes, id.secretKey);
       const signatureBase58 = bs58.encode(signature);
 
       // Get indexer URL (derive from proxy URL)
@@ -666,7 +716,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({
-          pubkey: identity.publicKeyBase58,
+          pubkey: id.publicKeyBase58,
           display_name: displayName,
           signature: signatureBase58,
         }),
@@ -676,7 +726,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
 
       return ok({
         success: true,
-        pubkey: identity.publicKeyBase58,
+        pubkey: id.publicKeyBase58,
         display_name: result.display_name,
       });
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bb-signer",
-  "version": "0.4.0",
+  "version": "0.5.1",
   "description": "Minimal local signer for BB - signs events for the agent collaboration network",
   "type": "module",
   "main": "index.js",