clawdentity 0.0.2 → 0.0.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clawdentity",
-  "version": "0.0.2",
+  "version": "0.0.4",
   "type": "module",
   "publishConfig": {
     "access": "public"
@@ -21,24 +21,29 @@
     "postinstall.mjs",
     "skill-bundle"
   ],
+  "dependencies": {
+    "commander": "^13.1.0",
+    "jsqr": "^1.4.0",
+    "pngjs": "^7.0.0",
+    "qrcode": "^1.5.4",
+    "ws": "^8.19.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.18.11",
+    "@types/pngjs": "^6.0.5",
+    "@types/qrcode": "^1.5.6",
+    "@clawdentity/connector": "0.0.0",
+    "@clawdentity/protocol": "0.0.0",
+    "@clawdentity/sdk": "0.0.0"
+  },
   "scripts": {
-    "build": "pnpm run sync:skill-bundle && tsup",
+    "build": "pnpm -F @clawdentity/openclaw-skill build && pnpm run sync:skill-bundle && pnpm run verify:skill-bundle && tsup",
     "format": "biome format .",
     "lint": "biome lint .",
-    "prepack": "pnpm run build",
     "postinstall": "node ./postinstall.mjs",
     "sync:skill-bundle": "node ./scripts/sync-skill-bundle.mjs",
+    "verify:skill-bundle": "node ./scripts/verify-skill-bundle.mjs",
     "test": "vitest run",
     "typecheck": "tsc --noEmit"
-  },
-  "dependencies": {
-    "commander": "^13.1.0",
-    "ws": "^8.19.0"
-  },
-  "devDependencies": {
-    "@clawdentity/connector": "workspace:*",
-    "@clawdentity/protocol": "workspace:*",
-    "@clawdentity/sdk": "workspace:*",
-    "@types/node": "^22.18.11"
   }
-}
+}

package/skill-bundle/AGENTS.md

@@ -5,7 +5,8 @@
 
 ## Rules
 - Treat this folder as generated release input; do not hand-edit bundled files.
-- Regenerate by running `pnpm -F clawdentity run sync:skill-bundle` after changes in `apps/openclaw-skill`.
+- Keep `openclaw-skill/` generated-only and gitignored; commit only this `AGENTS.md`.
+- Regenerate by running `pnpm -F @clawdentity/openclaw-skill build && pnpm -F clawdentity run sync:skill-bundle`.
 - Required bundled files:
   - `openclaw-skill/skill/SKILL.md`
   - `openclaw-skill/skill/references/*`

package/skill-bundle/openclaw-skill/skill/SKILL.md

@@ -61,7 +61,8 @@ Use these commands as the default execution path for skill utilization:
 - Initialize local CLI config:
   - `clawdentity config init`
   - `clawdentity config init --registry-url <registry-url>` (supports first-run registry URL override)
-  - or set env before init: `CLAWDENTITY_REGISTRY=<registry-url>` (supports env-based first-run override)
+  - or set env before init: `CLAWDENTITY_REGISTRY_URL=<registry-url>` (primary global override)
+  - compatible alias: `CLAWDENTITY_REGISTRY=<registry-url>`
 - Configure registry URL and API key when missing:
   - `clawdentity config set registryUrl <registry-url>`
 - Complete registry onboarding when API key is missing:
@@ -82,27 +83,28 @@ Use these commands as the default execution path for skill utilization:
   - `clawdentity openclaw doctor`
   - `clawdentity openclaw relay test --peer <alias>`
 
-Pairing bootstrap for trust policy is API-based in the current release (no dedicated pairing CLI command yet):
+Pairing bootstrap uses CLI commands in the current release:
 
 - Owner/initiator starts pairing on initiator proxy:
-  - `POST /pair/start`
-  - Requires `Authorization: Claw <AIT>` and `x-claw-owner-pat`
-  - Body: `{"agentDid":"<responder-agent-did>"}`
+  - `clawdentity pair start <initiator-agent-name> --proxy-url <initiator-proxy-url> --qr`
+  - Optionally pass explicit owner PAT: `--owner-pat <token>`
 - Responder confirms on responder proxy:
-  - `POST /pair/confirm`
-  - Requires `Authorization: Claw <AIT>`
-  - Body: `{"pairingCode":"<code-from-start>"}`
+  - `clawdentity pair confirm <responder-agent-name> --qr-file <ticket-qr-file> --proxy-url <responder-proxy-url>`
+  - optional global proxy URL env fallback: `CLAWDENTITY_PROXY_URL=<proxy-url>`
 
 Successful confirm establishes mutual trust for the two agent DIDs. After confirm, both directions are allowed for trusted delivery.
 
 1. Confirm prerequisites with the human.
 - Confirm `clawdentity` CLI is installed and runnable.
 - Confirm local agent name.
-- Confirm OpenClaw peer relay invite code (`clawd1_...`).
-- If API key is missing, request registry onboarding invite code (`clw_inv_...`) first.
+- Confirm API key exists locally or registry onboarding invite code (`clw_inv_...`) is available.
+- Confirm OpenClaw peer relay invite code (`clawd1_...`) is available for setup.
+- Do not request API key and registry invite code in the same prompt.
+- Do not request registry invite code and peer relay invite code in the same prompt.
 - Only ask for API key when neither local API key nor registry onboarding invite code is available.
 - Confirm OpenClaw state directory path if non-default.
 - Confirm OpenClaw base URL if local endpoint is non-default.
+- Confirm each side proxy URL for pairing command execution.
 
 2. Confirm skill artifact exists in workspace skills directory.
 - Ensure `~/.openclaw/workspace/skills/clawdentity-openclaw-relay/relay-to-peer.mjs` exists.
@@ -131,6 +133,11 @@ Successful confirm establishes mutual trust for the two agent DIDs. After confir
 - Use `--openclaw-dir <path>` when state directory is non-default.
 - Use `--openclaw-base-url <url>` when local OpenClaw HTTP endpoint is non-default.
 - Use `--peer-alias <alias>` only when alias override is required.
+- Optional relay echo tuning:
+  - `--echo-enabled <true|false>`
+  - `--echo-channel <channel>`
+  - `--echo-to <target>`
+  - `--echo-max-length <number>`
 
 7. Verify setup outputs.
 - Confirm setup reports:
@@ -139,6 +146,7 @@ Successful confirm establishes mutual trust for the two agent DIDs. After confir
   - updated OpenClaw config path
   - installed transform path
   - OpenClaw base URL
+  - relay echo config (enabled/channel/target/max length)
   - relay runtime config path
 - Confirm `~/.clawdentity/openclaw-agent-name` is set to the local agent name.
 
@@ -147,9 +155,11 @@ Successful confirm establishes mutual trust for the two agent DIDs. After confir
 - Optional: run `clawdentity connector service install <agent-name>` for persistent autostart.
 
 9. Complete trust pairing bootstrap.
-- Run pairing start (`POST /pair/start`) from the owner/initiator side.
-- Share returned one-time `pairingCode` with responder side.
-- Run pairing confirm (`POST /pair/confirm`) from responder side.
+- Run pairing start from owner/initiator side:
+  - `clawdentity pair start <initiator-agent-name> --proxy-url <initiator-proxy-url> --qr`
+- Share the one-time QR image with responder side.
+- Run pairing confirm from responder side:
+  - `clawdentity pair confirm <responder-agent-name> --qr-file <ticket-qr-file> --proxy-url <responder-proxy-url>`
 - Confirm pairing success before relay test.
 
 10. Validate with user-style relay test.
@@ -165,6 +175,7 @@ Ask the human only when required inputs are missing:
 - Missing peer relay invite code (`clawd1_...`).
 - Missing registry onboarding invite code (`clw_inv_...`) when API key is absent.
 - Missing Clawdentity API key only when registry onboarding invite code is unavailable.
+- Missing initiator/responder proxy URLs for pairing commands.
 - Unclear OpenClaw state directory.
 - Non-default OpenClaw base URL.
 - Local connector runtime or peer network route is unknown or unreachable from agent runtime.

package/skill-bundle/openclaw-skill/skill/references/clawdentity-protocol.md

@@ -67,35 +67,37 @@ Rules:
 
 Relay delivery policy is trust-pair based on proxy side. Pairing must be completed before first cross-agent delivery.
 
-Current pairing contract is API-based (no dedicated CLI pairing command):
+Current pairing contract is ticket-based with CLI support:
 
 1. Initiator owner starts pairing:
-   - `POST /pair/start`
+   - CLI: `clawdentity pair start <agent-name> --proxy-url <url> --qr`
+   - proxy route: `POST /pair/start`
    - headers:
      - `Authorization: Claw <AIT>`
      - `x-claw-owner-pat: <owner-pat>`
-   - body:
+   - body (optional):
 
 ```json
 {
-  "agentDid": "did:claw:agent:01RESPONDER..."
+  "ttlSeconds": 300
 }
 ```
 
 2. Responder confirms pairing:
-   - `POST /pair/confirm`
+   - CLI: `clawdentity pair confirm <agent-name> --qr-file <path> --proxy-url <url>`
+   - proxy route: `POST /pair/confirm`
    - headers:
      - `Authorization: Claw <AIT>`
    - body:
 
 ```json
 {
-  "pairingCode": "01PAIRCODE..."
+  "ticket": "clwpair1_..."
 }
 ```
 
 Rules:
-- `pairingCode` is one-time and expires.
+- `ticket` is one-time and expires (default 5 minutes, max 15 minutes).
 - Confirm establishes mutual trust for the initiator/responder pair.
 - Same-agent sender/recipient is allowed by policy without explicit pair entry.
 
@@ -122,19 +124,28 @@ Relay resolves local agent name in this order:
 
 ## Local OpenClaw Base URL Contract
 
-`~/.clawdentity/openclaw-relay.json` stores the OpenClaw upstream base URL used by local proxy runtime fallback:
+`~/.clawdentity/openclaw-relay.json` stores OpenClaw runtime defaults for relay components:
 
 ```json
 {
   "openclawBaseUrl": "http://127.0.0.1:18789",
+  "echo": {
+    "enabled": true,
+    "channel": "last",
+    "maxLength": 500
+  },
   "updatedAt": "2026-02-15T20:00:00.000Z"
 }
 ```
 
 Rules:
 - `openclawBaseUrl` must be absolute `http` or `https`.
+- `echo.enabled` defaults to `true`.
+- `echo.channel` defaults to `last`.
+- `echo.to` is optional; when omitted OpenClaw uses last-route delivery target.
+- `echo.maxLength` must be an integer from `50` to `2000` (default `500`).
 - `updatedAt` is ISO-8601 UTC timestamp.
-- Proxy runtime precedence is: `OPENCLAW_BASE_URL` env first, then `openclaw-relay.json`, then built-in default.
+- OpenClaw base URL precedence for local runtimes is: `OPENCLAW_BASE_URL` env first, then `openclaw-relay.json`, then built-in default.
 
 ## Connector Handoff Contract