clawdentity 0.0.16 → 0.0.18

package/dist/bin.js

@@ -17084,7 +17084,8 @@ var FILE_MODE = 384;
 var ENV_KEY_MAP = {
   registryUrl: "CLAWDENTITY_REGISTRY_URL",
   proxyUrl: "CLAWDENTITY_PROXY_URL",
-  apiKey: "CLAWDENTITY_API_KEY"
+  apiKey: "CLAWDENTITY_API_KEY",
+  humanName: "CLAWDENTITY_HUMAN_NAME"
 };
 var LEGACY_ENV_KEY_MAP = {
   registryUrl: ["CLAWDENTITY_REGISTRY"]
@@ -17111,6 +17112,9 @@ var normalizeConfig = (raw) => {
   if (typeof raw.apiKey === "string" && raw.apiKey.length > 0) {
     config2.apiKey = raw.apiKey;
   }
+  if (typeof raw.humanName === "string" && raw.humanName.length > 0) {
+    config2.humanName = raw.humanName;
+  }
   return config2;
 };
 var getConfigDir = () => join2(homedir(), CONFIG_DIR);
@@ -18536,7 +18540,8 @@ var logger5 = createLogger({ service: "cli", module: "config" });
 var VALID_KEYS = [
   "registryUrl",
   "proxyUrl",
-  "apiKey"
+  "apiKey",
+  "humanName"
 ];
 var isValidConfigKey = (value) => {
   return VALID_KEYS.includes(value);
@@ -18651,7 +18656,7 @@ var createConfigCommand = (dependencies = {}) => {
 
 // src/commands/connector.ts
 import { execFile as execFileCallback } from "child_process";
-import { mkdir as mkdir4, readFile as readFile3, rm, writeFile as writeFile4 } from "fs/promises";
+import { mkdir as mkdir4, readFile as readFile4, rm, writeFile as writeFile4 } from "fs/promises";
 import { homedir as homedir2 } from "os";
 import { dirname as dirname3, join as join5 } from "path";
 import { fileURLToPath } from "url";
@@ -19320,7 +19325,7 @@ var ConnectorClient = class {
 
 // ../../packages/connector/src/runtime.ts
 import { randomBytes as randomBytes2 } from "crypto";
-import { mkdir as mkdir3, rename as rename2, writeFile as writeFile3 } from "fs/promises";
+import { mkdir as mkdir3, readFile as readFile3, rename as rename2, writeFile as writeFile3 } from "fs/promises";
 import {
   createServer
 } from "http";
@@ -19497,6 +19502,63 @@ async function writeRegistryAuthAtomic(input) {
 `, "utf8");
   await rename2(tmpPath, targetPath);
 }
+function parseRegistryAuthFromDisk(payload) {
+  if (!isRecord5(payload)) {
+    return void 0;
+  }
+  const tokenType = payload.tokenType;
+  const accessToken = payload.accessToken;
+  const accessExpiresAt = payload.accessExpiresAt;
+  const refreshToken = payload.refreshToken;
+  const refreshExpiresAt = payload.refreshExpiresAt;
+  if (tokenType !== "Bearer" || typeof accessToken !== "string" || typeof accessExpiresAt !== "string" || typeof refreshToken !== "string" || typeof refreshExpiresAt !== "string") {
+    return void 0;
+  }
+  return {
+    tokenType,
+    accessToken,
+    accessExpiresAt,
+    refreshToken,
+    refreshExpiresAt
+  };
+}
+async function readRegistryAuthFromDisk(input) {
+  const authPath = join4(
+    input.configDir,
+    AGENTS_DIR_NAME2,
+    input.agentName,
+    REGISTRY_AUTH_FILENAME
+  );
+  let raw;
+  try {
+    raw = await readFile3(authPath, "utf8");
+  } catch (error48) {
+    if (error48 && typeof error48 === "object" && "code" in error48 && error48.code === "ENOENT") {
+      return void 0;
+    }
+    input.logger.warn("connector.runtime.registry_auth_read_failed", {
+      authPath,
+      reason: error48 instanceof Error ? error48.message : "unknown"
+    });
+    return void 0;
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    input.logger.warn("connector.runtime.registry_auth_invalid_json", {
+      authPath
+    });
+    return void 0;
+  }
+  const auth = parseRegistryAuthFromDisk(parsed);
+  if (auth === void 0) {
+    input.logger.warn("connector.runtime.registry_auth_invalid_shape", {
+      authPath
+    });
+  }
+  return auth;
+}
 async function readRequestJson(req) {
   const chunks = [];
   let totalBytes = 0;
@@ -19560,7 +19622,25 @@ async function startConnectorRuntime(input) {
     parseRequiredString(input.credentials.secretKey, "secretKey")
   );
   let currentAuth = toInitialAuthBundle(input.credentials);
+  const syncAuthFromDisk = async () => {
+    const diskAuth = await readRegistryAuthFromDisk({
+      configDir: input.configDir,
+      agentName: input.agentName,
+      logger: logger12
+    });
+    if (!diskAuth) {
+      return;
+    }
+    if (diskAuth.accessToken === currentAuth.accessToken && diskAuth.accessExpiresAt === currentAuth.accessExpiresAt && diskAuth.refreshToken === currentAuth.refreshToken && diskAuth.refreshExpiresAt === currentAuth.refreshExpiresAt) {
+      return;
+    }
+    currentAuth = diskAuth;
+    logger12.info("connector.runtime.registry_auth_synced", {
+      agentName: input.agentName
+    });
+  };
   const refreshCurrentAuthIfNeeded = async () => {
+    await syncAuthFromDisk();
     if (!shouldRefreshAccessToken(currentAuth, Date.now())) {
       return;
     }
@@ -19604,6 +19684,7 @@ async function startConnectorRuntime(input) {
   const statusPath = DEFAULT_CONNECTOR_STATUS_PATH;
   const outboundUrl = new URL(outboundPath, outboundBaseUrl).toString();
   const relayToPeer = async (request) => {
+    await syncAuthFromDisk();
     const peerUrl = new URL(request.peerProxyUrl);
     const body = JSON.stringify(request.payload ?? {});
     const refreshKey = `${REFRESH_SINGLE_FLIGHT_PREFIX}:${input.configDir}:${input.agentName}`;
@@ -19648,7 +19729,10 @@ async function startConnectorRuntime(input) {
     await executeWithAgentAuthRefreshRetry({
       key: refreshKey,
       shouldRetry: isRetryableRelayAuthError,
-      getAuth: async () => currentAuth,
+      getAuth: async () => {
+        await syncAuthFromDisk();
+        return currentAuth;
+      },
       persistAuth: async (nextAuth) => {
         currentAuth = nextAuth;
         await writeRegistryAuthAtomic({
@@ -20395,7 +20479,7 @@ async function uninstallConnectorServiceForAgent(agentName, commandOptions = {},
 async function startConnectorForAgent(agentName, commandOptions = {}, dependencies = {}) {
   const resolveConfigImpl = dependencies.resolveConfigImpl ?? resolveConfig;
   const getConfigDirImpl = dependencies.getConfigDirImpl ?? getConfigDir;
-  const readFileImpl = dependencies.readFileImpl ?? ((path, encoding) => readFile3(path, encoding));
+  const readFileImpl = dependencies.readFileImpl ?? ((path, encoding) => readFile4(path, encoding));
   const fetchImpl = dependencies.fetchImpl ?? globalThis.fetch;
   const loadConnectorModule = dependencies.loadConnectorModule ?? loadDefaultConnectorModule;
   const configDir = getConfigDirImpl();
@@ -20783,11 +20867,20 @@ function parseInviteRedeemResponse(payload) {
   }
   const apiKeyId = parseNonEmptyString7(apiKeySource.id);
   const apiKeyName = parseNonEmptyString7(apiKeySource.name);
+  const humanSource = isRecord7(payload.human) ? payload.human : void 0;
+  const humanName = parseNonEmptyString7(humanSource?.displayName);
   const proxyUrl = parseNonEmptyString7(payload.proxyUrl);
+  if (humanName.length === 0) {
+    throw createCliError5(
+      "CLI_INVITE_REDEEM_INVALID_RESPONSE",
+      "Invite redeem response is invalid"
+    );
+  }
   return {
     apiKeyToken,
     apiKeyId: apiKeyId.length > 0 ? apiKeyId : void 0,
     apiKeyName: apiKeyName.length > 0 ? apiKeyName : void 0,
+    humanName,
     proxyUrl
   };
 }
@@ -20842,6 +20935,14 @@ async function redeemInvite(code, options, dependencies = {}) {
       "Invite code is required"
     );
   }
+  const displayName = parseNonEmptyString7(options.displayName);
+  if (displayName.length === 0) {
+    throw createCliError5(
+      "CLI_INVITE_REDEEM_DISPLAY_NAME_REQUIRED",
+      "Display name is required. Pass --display-name <name>."
+    );
+  }
+  const apiKeyName = parseNonEmptyString7(options.apiKeyName);
   const runtime = await resolveInviteRuntime(options.registryUrl, dependencies);
   const response = await executeInviteRequest({
     fetchImpl: runtime.fetchImpl,
@@ -20851,7 +20952,11 @@ async function redeemInvite(code, options, dependencies = {}) {
       headers: {
         "content-type": "application/json"
       },
-      body: JSON.stringify({ code: inviteCode })
+      body: JSON.stringify({
+        code: inviteCode,
+        displayName,
+        apiKeyName: apiKeyName.length > 0 ? apiKeyName : void 0
+      })
     }
   });
   const responseBody = await parseJsonResponse5(response);
@@ -20871,12 +20976,13 @@ async function redeemInvite(code, options, dependencies = {}) {
     registryUrl: runtime.registryUrl
   };
 }
-async function persistRedeemConfig(registryUrl, apiKeyToken, proxyUrl, dependencies = {}) {
+async function persistRedeemConfig(registryUrl, apiKeyToken, proxyUrl, humanName, dependencies = {}) {
   const setConfigValueImpl = dependencies.setConfigValueImpl ?? setConfigValue;
   try {
     await setConfigValueImpl("registryUrl", registryUrl);
     await setConfigValueImpl("apiKey", apiKeyToken);
     await setConfigValueImpl("proxyUrl", proxyUrl);
+    await setConfigValueImpl("humanName", humanName);
   } catch (error48) {
     logger7.warn("cli.invite_redeem_config_persist_failed", {
       errorName: error48 instanceof Error ? error48.name : "unknown"
@@ -20910,7 +21016,10 @@ var createInviteCommand = (dependencies = {}) => {
       }
     )
   );
-  inviteCommand.command("redeem <code>").description("Redeem a registry invite code and store PAT locally").option("--registry-url <url>", "Override registry URL").action(
+  inviteCommand.command("redeem <code>").description("Redeem a registry invite code and store PAT locally").requiredOption(
+    "--display-name <name>",
+    "Human display name used for onboarding"
+  ).option("--api-key-name <name>", "Optional API key label").option("--registry-url <url>", "Override registry URL").action(
     withErrorHandling(
       "invite redeem",
       async (code, options) => {
@@ -20918,9 +21027,11 @@ var createInviteCommand = (dependencies = {}) => {
         logger7.info("cli.invite_redeemed", {
           apiKeyId: result.apiKeyId,
           apiKeyName: result.apiKeyName,
+          humanName: result.humanName,
           registryUrl: result.registryUrl
         });
         writeStdoutLine("Invite redeemed");
+        writeStdoutLine(`Human name: ${result.humanName}`);
         if (result.apiKeyName) {
           writeStdoutLine(`API key name: ${result.apiKeyName}`);
         }
@@ -20930,6 +21041,7 @@ var createInviteCommand = (dependencies = {}) => {
           result.registryUrl,
           result.apiKeyToken,
           result.proxyUrl,
+          result.humanName,
           dependencies
         );
         writeStdoutLine("API key saved to local config");
@@ -20943,7 +21055,7 @@ var createInviteCommand = (dependencies = {}) => {
 import { spawn } from "child_process";
 import { randomBytes as randomBytes3 } from "crypto";
 import { existsSync } from "fs";
-import { chmod as chmod3, copyFile, mkdir as mkdir5, readFile as readFile4, writeFile as writeFile5 } from "fs/promises";
+import { chmod as chmod3, copyFile, mkdir as mkdir5, readFile as readFile5, writeFile as writeFile5 } from "fs/promises";
 import { homedir as homedir3 } from "os";
 import { dirname as dirname4, join as join6, resolve as resolvePath } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
@@ -21034,11 +21146,11 @@ function parseNonEmptyString8(value, label) {
   }
   return trimmed;
 }
-function parseOptionalName(value) {
+function parseOptionalProfileName(value, label) {
   if (value === void 0) {
     return void 0;
   }
-  return parseNonEmptyString8(value, "name");
+  return parseNonEmptyString8(value, label);
 }
 function parsePeerAlias(value) {
   const alias = parseNonEmptyString8(value, "peer alias");
@@ -21212,7 +21324,7 @@ function resolveTransformPeersPath(openclawDir) {
   return join6(openclawDir, "hooks", "transforms", RELAY_PEERS_FILE_NAME);
 }
 async function readJsonFile(filePath) {
-  const raw = await readFile4(filePath, "utf8");
+  const raw = await readFile5(filePath, "utf8");
   try {
     return JSON.parse(raw);
   } catch {
@@ -21230,7 +21342,7 @@ async function ensureLocalAgentCredentials(homeDir, agentName) {
   for (const filePath of requiredFiles) {
     let content;
     try {
-      content = await readFile4(filePath, "utf8");
+      content = await readFile5(filePath, "utf8");
     } catch (error48) {
       if (getErrorCode2(error48) === "ENOENT") {
         throw createCliError6(
@@ -21295,12 +21407,13 @@ async function loadPeersConfig(peersPath) {
     }
     const did = parseAgentDid2(value.did, `Peer ${normalizedAlias} did`);
     const proxyUrl = parseProxyUrl(value.proxyUrl);
-    const name = parseOptionalName(value.name);
-    if (name === void 0) {
+    const agentName = parseOptionalProfileName(value.agentName, "agentName");
+    const humanName = parseOptionalProfileName(value.humanName, "humanName");
+    if (agentName === void 0 && humanName === void 0) {
       peers[normalizedAlias] = { did, proxyUrl };
       continue;
     }
-    peers[normalizedAlias] = { did, proxyUrl, name };
+    peers[normalizedAlias] = { did, proxyUrl, agentName, humanName };
   }
   return { peers };
 }
@@ -21524,7 +21637,7 @@ function resolveConnectorPidPath(homeDir, agentName) {
 }
 async function readConnectorPidFile(pidPath) {
   try {
-    const raw = (await readFile4(pidPath, "utf8")).trim();
+    const raw = (await readFile5(pidPath, "utf8")).trim();
     if (raw.length === 0) {
       return void 0;
     }
@@ -22039,7 +22152,7 @@ async function runOpenclawDoctor(options = {}) {
   const selectedAgentPath = resolveOpenclawAgentNamePath(homeDir);
   let selectedAgentName;
   try {
-    const selectedAgentRaw = await readFile4(selectedAgentPath, "utf8");
+    const selectedAgentRaw = await readFile5(selectedAgentPath, "utf8");
     selectedAgentName = assertValidAgentName(selectedAgentRaw.trim());
     checks.push(
       toDoctorCheck({
@@ -22162,9 +22275,9 @@ async function runOpenclawDoctor(options = {}) {
   const relayTransformRuntimePath = resolveTransformRuntimePath(openclawDir);
   const relayTransformPeersPath = resolveTransformPeersPath(openclawDir);
   try {
-    const transformContents = await readFile4(transformTargetPath, "utf8");
-    const runtimeContents = await readFile4(relayTransformRuntimePath, "utf8");
-    const peersSnapshotContents = await readFile4(
+    const transformContents = await readFile5(transformTargetPath, "utf8");
+    const runtimeContents = await readFile5(relayTransformRuntimePath, "utf8");
+    const peersSnapshotContents = await readFile5(
       relayTransformPeersPath,
       "utf8"
     );
@@ -22873,7 +22986,7 @@ import {
   chmod as chmod4,
   mkdir as mkdir6,
   readdir,
-  readFile as readFile5,
+  readFile as readFile6,
   unlink as unlink2,
   writeFile as writeFile6
 } from "fs/promises";
@@ -22899,6 +23012,7 @@ var FILE_MODE4 = 384;
 var PEER_ALIAS_PATTERN2 = /^[a-zA-Z0-9._-]+$/;
 var DEFAULT_STATUS_WAIT_SECONDS = 300;
 var DEFAULT_STATUS_POLL_INTERVAL_SECONDS = 3;
+var MAX_PROFILE_NAME_LENGTH = 64;
 var isRecord9 = (value) => {
   return typeof value === "object" && value !== null;
 };
@@ -22915,6 +23029,49 @@ function parseNonEmptyString9(value) {
   }
   return value.trim();
 }
+function hasControlChars2(value) {
+  for (let index = 0; index < value.length; index += 1) {
+    const code = value.charCodeAt(index);
+    if (code <= 31 || code === 127) {
+      return true;
+    }
+  }
+  return false;
+}
+function parseProfileName(value, label) {
+  const candidate = parseNonEmptyString9(value);
+  if (candidate.length === 0) {
+    throw createCliError7(
+      "CLI_PAIR_PROFILE_INVALID",
+      `${label} is required for pairing`
+    );
+  }
+  if (candidate.length > MAX_PROFILE_NAME_LENGTH) {
+    throw createCliError7(
+      "CLI_PAIR_PROFILE_INVALID",
+      `${label} must be at most ${MAX_PROFILE_NAME_LENGTH} characters`
+    );
+  }
+  if (hasControlChars2(candidate)) {
+    throw createCliError7(
+      "CLI_PAIR_PROFILE_INVALID",
+      `${label} contains control characters`
+    );
+  }
+  return candidate;
+}
+function parsePeerProfile(payload) {
+  if (!isRecord9(payload)) {
+    throw createCliError7(
+      "CLI_PAIR_PROFILE_INVALID",
+      "Pair profile must be an object"
+    );
+  }
+  return {
+    agentName: parseProfileName(payload.agentName, "agentName"),
+    humanName: parseProfileName(payload.humanName, "humanName")
+  };
+}
 function parsePairingTicket(value) {
   const ticket = parseNonEmptyString9(value);
   if (!ticket.startsWith(PAIRING_TICKET_PREFIX)) {
@@ -23079,10 +23236,19 @@ function parsePeerEntry(value) {
       "Peer entry is invalid"
     );
   }
-  return {
+  const agentNameRaw = parseNonEmptyString9(value.agentName);
+  const humanNameRaw = parseNonEmptyString9(value.humanName);
+  const entry = {
     did,
     proxyUrl
   };
+  if (agentNameRaw.length > 0) {
+    entry.agentName = parseProfileName(agentNameRaw, "agentName");
+  }
+  if (humanNameRaw.length > 0) {
+    entry.humanName = parseProfileName(humanNameRaw, "humanName");
+  }
+  return entry;
 }
 async function loadPeersConfig2(input) {
   const peersPath = resolvePeersConfigPath(input.getConfigDirImpl);
@@ -23165,6 +23331,19 @@ function parsePositiveIntegerOption(input) {
   }
   return parsed;
 }
+function resolveLocalPairProfile(input) {
+  const humanName = parseNonEmptyString9(input.config.humanName);
+  if (humanName.length === 0) {
+    throw createCliError7(
+      "CLI_PAIR_HUMAN_NAME_MISSING",
+      "Human name is missing. Run `clawdentity invite redeem <clw_inv_...> --display-name <name>` or `clawdentity config set humanName <name>`."
+    );
+  }
+  return {
+    agentName: parseProfileName(input.agentName, "agentName"),
+    humanName: parseProfileName(humanName, "humanName")
+  };
+}
 function parseProxyUrl2(candidate) {
   try {
     const parsed = new URL(candidate);
@@ -23315,15 +23494,25 @@ function parsePairStartResponse(payload) {
   const ticket = parsePairingTicket(payload.ticket);
   const initiatorAgentDid = parseNonEmptyString9(payload.initiatorAgentDid);
   const expiresAt = parseNonEmptyString9(payload.expiresAt);
+  let initiatorProfile;
   if (initiatorAgentDid.length === 0 || expiresAt.length === 0) {
     throw createCliError7(
       "CLI_PAIR_START_INVALID_RESPONSE",
       "Pair start response is invalid"
     );
   }
+  try {
+    initiatorProfile = parsePeerProfile(payload.initiatorProfile);
+  } catch {
+    throw createCliError7(
+      "CLI_PAIR_START_INVALID_RESPONSE",
+      "Pair start response is invalid"
+    );
+  }
   return {
     ticket,
     initiatorAgentDid,
+    initiatorProfile,
     expiresAt
   };
 }
@@ -23337,16 +23526,29 @@ function parsePairConfirmResponse(payload) {
   const paired = payload.paired === true;
   const initiatorAgentDid = parseNonEmptyString9(payload.initiatorAgentDid);
   const responderAgentDid = parseNonEmptyString9(payload.responderAgentDid);
+  let initiatorProfile;
+  let responderProfile;
   if (!paired || initiatorAgentDid.length === 0 || responderAgentDid.length === 0) {
     throw createCliError7(
       "CLI_PAIR_CONFIRM_INVALID_RESPONSE",
       "Pair confirm response is invalid"
     );
   }
+  try {
+    initiatorProfile = parsePeerProfile(payload.initiatorProfile);
+    responderProfile = parsePeerProfile(payload.responderProfile);
+  } catch {
+    throw createCliError7(
+      "CLI_PAIR_CONFIRM_INVALID_RESPONSE",
+      "Pair confirm response is invalid"
+    );
+  }
   return {
     paired,
     initiatorAgentDid,
-    responderAgentDid
+    responderAgentDid,
+    initiatorProfile,
+    responderProfile
   };
 }
 function parsePairStatusResponse(payload) {
@@ -23367,6 +23569,7 @@ function parsePairStatusResponse(payload) {
   const responderAgentDid = parseNonEmptyString9(payload.responderAgentDid);
   const expiresAt = parseNonEmptyString9(payload.expiresAt);
   const confirmedAt = parseNonEmptyString9(payload.confirmedAt);
+  let initiatorProfile;
   if (initiatorAgentDid.length === 0 || expiresAt.length === 0) {
     throw createCliError7(
       "CLI_PAIR_STATUS_INVALID_RESPONSE",
@@ -23379,16 +23582,43 @@ function parsePairStatusResponse(payload) {
       "Pair status response is invalid"
     );
   }
+  try {
+    initiatorProfile = parsePeerProfile(payload.initiatorProfile);
+  } catch {
+    throw createCliError7(
+      "CLI_PAIR_STATUS_INVALID_RESPONSE",
+      "Pair status response is invalid"
+    );
+  }
+  let responderProfile;
+  if (payload.responderProfile !== void 0) {
+    try {
+      responderProfile = parsePeerProfile(payload.responderProfile);
+    } catch {
+      throw createCliError7(
+        "CLI_PAIR_STATUS_INVALID_RESPONSE",
+        "Pair status response is invalid"
+      );
+    }
+  }
+  if (statusRaw === "confirmed" && responderProfile === void 0) {
+    throw createCliError7(
+      "CLI_PAIR_STATUS_INVALID_RESPONSE",
+      "Pair status response is invalid"
+    );
+  }
   return {
     status: statusRaw,
     initiatorAgentDid,
+    initiatorProfile,
     responderAgentDid: responderAgentDid.length > 0 ? responderAgentDid : void 0,
+    responderProfile,
     expiresAt,
     confirmedAt: confirmedAt.length > 0 ? confirmedAt : void 0
   };
 }
 async function readAgentProofMaterial(agentName, dependencies) {
-  const readFileImpl = dependencies.readFileImpl ?? readFile5;
+  const readFileImpl = dependencies.readFileImpl ?? readFile6;
   const getConfigDirImpl = dependencies.getConfigDirImpl ?? getConfigDir;
   const normalizedAgentName = assertValidAgentName(agentName);
   const agentDir = join7(
@@ -23571,7 +23801,7 @@ function resolveConfirmTicketSource(options) {
 }
 async function persistPairedPeer(input) {
   const getConfigDirImpl = input.dependencies.getConfigDirImpl ?? getConfigDir;
-  const readFileImpl = input.dependencies.readFileImpl ?? readFile5;
+  const readFileImpl = input.dependencies.readFileImpl ?? readFile6;
   const mkdirImpl = input.dependencies.mkdirImpl ?? mkdir6;
   const writeFileImpl = input.dependencies.writeFileImpl ?? writeFile6;
   const chmodImpl = input.dependencies.chmodImpl ?? chmod4;
@@ -23587,7 +23817,9 @@ async function persistPairedPeer(input) {
   });
   peersConfig.peers[alias] = {
     did: input.peerDid,
-    proxyUrl: peerProxyUrl
+    proxyUrl: peerProxyUrl,
+    agentName: input.peerProfile.agentName,
+    humanName: input.peerProfile.humanName
   };
   await savePeersConfig2({
     config: peersConfig,
@@ -23609,13 +23841,19 @@ async function startPairing(agentName, options, dependencies = {}) {
     config: config2,
     fetchImpl
   });
+  const normalizedAgentName = assertValidAgentName(agentName);
+  const initiatorProfile = resolveLocalPairProfile({
+    config: config2,
+    agentName: normalizedAgentName
+  });
   const { ait, secretKey } = await readAgentProofMaterial(
-    agentName,
+    normalizedAgentName,
     dependencies
   );
   const requestUrl = toProxyRequestUrl(proxyUrl, PAIR_START_PATH);
   const requestBody = JSON.stringify({
-    ttlSeconds
+    ttlSeconds,
+    initiatorProfile
   });
   const bodyBytes = new TextEncoder().encode(requestBody);
   const timestampSeconds = nowSecondsImpl();
@@ -23669,9 +23907,14 @@ async function confirmPairing(agentName, options, dependencies = {}) {
   const resolveConfigImpl = dependencies.resolveConfigImpl ?? resolveConfig;
   const nowSecondsImpl = dependencies.nowSecondsImpl ?? (() => Math.floor(Date.now() / 1e3));
   const nonceFactoryImpl = dependencies.nonceFactoryImpl ?? (() => randomBytes4(NONCE_SIZE2).toString("base64url"));
-  const readFileImpl = dependencies.readFileImpl ?? readFile5;
+  const readFileImpl = dependencies.readFileImpl ?? readFile6;
   const qrDecodeImpl = dependencies.qrDecodeImpl ?? decodeTicketFromPng;
   const config2 = await resolveConfigImpl();
+  const normalizedAgentName = assertValidAgentName(agentName);
+  const responderProfile = resolveLocalPairProfile({
+    config: config2,
+    agentName: normalizedAgentName
+  });
   const ticketSource = resolveConfirmTicketSource(options);
   const proxyUrl = await resolveProxyUrl({
     config: config2,
@@ -23701,11 +23944,14 @@ async function confirmPairing(agentName, options, dependencies = {}) {
     ticket = parsePairingTicket(qrDecodeImpl(new Uint8Array(imageBytes)));
   }
   const { ait, secretKey } = await readAgentProofMaterial(
-    agentName,
+    normalizedAgentName,
     dependencies
   );
   const requestUrl = toProxyRequestUrl(proxyUrl, PAIR_CONFIRM_PATH);
-  const requestBody = JSON.stringify({ ticket });
+  const requestBody = JSON.stringify({
+    ticket,
+    responderProfile
+  });
   const bodyBytes = new TextEncoder().encode(requestBody);
   const timestampSeconds = nowSecondsImpl();
   const nonce = nonceFactoryImpl();
@@ -23741,6 +23987,7 @@ async function confirmPairing(agentName, options, dependencies = {}) {
   const peerAlias = await persistPairedPeer({
     ticket,
     peerDid: parsed.initiatorAgentDid,
+    peerProfile: parsed.initiatorProfile,
     dependencies
   });
   if (ticketSource.source === "qr-file" && ticketSource.qrFilePath) {
@@ -23822,15 +24069,23 @@ async function getPairingStatusOnce(agentName, options, dependencies = {}) {
       );
     }
     const peerDid = callerAgentDid === parsed.initiatorAgentDid ? responderAgentDid : callerAgentDid === responderAgentDid ? parsed.initiatorAgentDid : void 0;
+    const peerProfile = callerAgentDid === parsed.initiatorAgentDid ? parsed.responderProfile : callerAgentDid === responderAgentDid ? parsed.initiatorProfile : void 0;
     if (!peerDid) {
       throw createCliError7(
         "CLI_PAIR_STATUS_FORBIDDEN",
         "Local agent is not a participant in the pairing ticket"
       );
     }
+    if (!peerProfile) {
+      throw createCliError7(
+        "CLI_PAIR_STATUS_INVALID_RESPONSE",
+        "Pair status response is invalid"
+      );
+    }
     peerAlias = await persistPairedPeer({
       ticket,
       peerDid,
+      peerProfile,
       dependencies
     });
   }
@@ -23926,6 +24181,12 @@ var createPairCommand = (dependencies = {}) => {
         writeStdoutLine("Pairing ticket created");
         writeStdoutLine(`Ticket: ${result.ticket}`);
         writeStdoutLine(`Initiator Agent DID: ${result.initiatorAgentDid}`);
+        writeStdoutLine(
+          `Initiator Agent Name: ${result.initiatorProfile.agentName}`
+        );
+        writeStdoutLine(
+          `Initiator Human Name: ${result.initiatorProfile.humanName}`
+        );
         writeStdoutLine(`Expires At: ${result.expiresAt}`);
         if (result.qrPath) {
           writeStdoutLine(`QR File: ${result.qrPath}`);
@@ -23968,6 +24229,14 @@ var createPairCommand = (dependencies = {}) => {
               `Responder Agent DID: ${status.responderAgentDid}`
             );
           }
+          if (status.responderProfile) {
+            writeStdoutLine(
+              `Responder Agent Name: ${status.responderProfile.agentName}`
+            );
+            writeStdoutLine(
+              `Responder Human Name: ${status.responderProfile.humanName}`
+            );
+          }
           if (status.peerAlias) {
             writeStdoutLine(`Peer alias saved: ${status.peerAlias}`);
           }
@@ -23988,7 +24257,19 @@ var createPairCommand = (dependencies = {}) => {
         });
         writeStdoutLine("Pairing confirmed");
         writeStdoutLine(`Initiator Agent DID: ${result.initiatorAgentDid}`);
+        writeStdoutLine(
+          `Initiator Agent Name: ${result.initiatorProfile.agentName}`
+        );
+        writeStdoutLine(
+          `Initiator Human Name: ${result.initiatorProfile.humanName}`
+        );
         writeStdoutLine(`Responder Agent DID: ${result.responderAgentDid}`);
+        writeStdoutLine(
+          `Responder Agent Name: ${result.responderProfile.agentName}`
+        );
+        writeStdoutLine(
+          `Responder Human Name: ${result.responderProfile.humanName}`
+        );
         writeStdoutLine(`Paired: ${result.paired ? "true" : "false"}`);
         if (result.peerAlias) {
           writeStdoutLine(`Peer alias saved: ${result.peerAlias}`);
@@ -24020,9 +24301,23 @@ var createPairCommand = (dependencies = {}) => {
         });
         writeStdoutLine(`Status: ${result.status}`);
         writeStdoutLine(`Initiator Agent DID: ${result.initiatorAgentDid}`);
+        writeStdoutLine(
+          `Initiator Agent Name: ${result.initiatorProfile.agentName}`
+        );
+        writeStdoutLine(
+          `Initiator Human Name: ${result.initiatorProfile.humanName}`
+        );
         if (result.responderAgentDid) {
           writeStdoutLine(`Responder Agent DID: ${result.responderAgentDid}`);
         }
+        if (result.responderProfile) {
+          writeStdoutLine(
+            `Responder Agent Name: ${result.responderProfile.agentName}`
+          );
+          writeStdoutLine(
+            `Responder Human Name: ${result.responderProfile.humanName}`
+          );
+        }
         writeStdoutLine(`Expires At: ${result.expiresAt}`);
         if (result.confirmedAt) {
           writeStdoutLine(`Confirmed At: ${result.confirmedAt}`);
@@ -24041,7 +24336,7 @@ import { Command as Command9 } from "commander";
 
 // src/install-skill-mode.ts
 import { constants, existsSync as existsSync2 } from "fs";
-import { access as access3, copyFile as copyFile2, mkdir as mkdir7, readdir as readdir2, readFile as readFile6 } from "fs/promises";
+import { access as access3, copyFile as copyFile2, mkdir as mkdir7, readdir as readdir2, readFile as readFile7 } from "fs/promises";
 import { createRequire } from "module";
 import { homedir as homedir4 } from "os";
 import { dirname as dirname6, join as join8, relative } from "path";
@@ -24230,10 +24525,10 @@ async function resolveArtifacts(input) {
   );
 }
 async function copyArtifact(input) {
-  const sourceContent = await readFile6(input.sourcePath);
+  const sourceContent = await readFile7(input.sourcePath);
   let existingContent;
   try {
-    existingContent = await readFile6(input.targetPath);
+    existingContent = await readFile7(input.targetPath);
   } catch (error48) {
     if (getErrorCode3(error48) !== "ENOENT") {
       throw error48;
@@ -24365,7 +24660,7 @@ var createSkillCommand = () => {
 };
 
 // src/commands/verify.ts
-import { readFile as readFile7 } from "fs/promises";
+import { readFile as readFile8 } from "fs/promises";
 import { Command as Command10 } from "commander";
 var logger10 = createLogger({ service: "cli", module: "verify" });
 var REGISTRY_KEYS_CACHE_FILE = "registry-keys.json";
@@ -24414,7 +24709,7 @@ var resolveToken = async (tokenOrFile) => {
     throw new VerifyCommandError("invalid token (value is empty)");
   }
   try {
-    const fileContents = await readFile7(input, "utf-8");
+    const fileContents = await readFile8(input, "utf-8");
     const token = fileContents.trim();
     if (token.length === 0) {
       throw new VerifyCommandError(`invalid token (${input} is empty)`);