create-agent 0.0.10 → 0.0.11

package/.claude/settings.local.json

@@ -17,7 +17,9 @@
       "Bash(gh api:*)",
       "WebFetch(domain:ai-sdk.dev)",
       "WebFetch(domain:github.com)",
-      "Bash(git fetch:*)"
+      "Bash(git fetch:*)",
+      "Bash(gh repo fork:*)",
+      "Bash(node /home/melvin/agi/create-agent/bin/create-agent.js:*)"
     ]
   }
 }

package/README.md

@@ -1,115 +1,201 @@
-# create-agent 🤖
+# create-agent
 
 [![npm version](https://img.shields.io/npm/v/create-agent.svg)](https://www.npmjs.com/package/create-agent)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
+[![Node.js](https://img.shields.io/badge/Node.js-18+-339933.svg)](https://nodejs.org/)
 
-A command-line tool to generate Agent keypairs with various encodings.
+> **Your AI agent has no identity.** It can't prove who it is. It can't sign anything. It can't be trusted.
+>
+> Fix that in one command.
 
-## Installation 📦
+```bash
+npx create-agent
+```
+
+Instantly generates a cryptographic identity with a [W3C DID document](https://www.w3.org/TR/did-core/) — the emerging standard for autonomous agent identity.
+
+---
+
+## Why create-agent?
+
+AI agents and autonomous systems need verifiable identities. Traditional auth (API keys, OAuth) wasn't designed for machine-to-machine trust. **create-agent** provides:
+
+- **Cryptographic Identity** — Schnorr keypairs on secp256k1
+- **W3C Standards** — DID documents for interoperability
+- **Decentralized** — No central authority, works with Nostr relays
+- **Zero Config** — One command, instant identity
+
+---
+
+## Installation
 
 ```bash
+# Run directly (no install)
+npx create-agent
+
+# Or install globally
 npm install -g create-agent
+
+# Or as a dependency
+npm install create-agent
 ```
 
-Or simply run:
+---
 
-```bash
-npm create agent
+## CLI Output
+
+The tool outputs a spec-compliant DID document to `stdout`:
+
+```json
+{
+  "@context": [
+    "https://w3id.org/did",
+    "https://w3id.org/nostr/context"
+  ],
+  "id": "did:nostr:dd82687ee5a352c6d6de337bce53f150ca1567f3861475c74e7da62695931d23",
+  "type": "DIDNostr",
+  "verificationMethod": [
+    {
+      "id": "did:nostr:dd82687ee5a352c6d6de337bce53f150ca1567f3861475c74e7da62695931d23#key1",
+      "type": "Multikey",
+      "controller": "did:nostr:dd82687ee5a352c6d6de337bce53f150ca1567f3861475c74e7da62695931d23",
+      "publicKeyMultibase": "fe70102dd82687ee5a352c6d6de337bce53f150ca1567f3861475c74e7da62695931d23"
+    }
+  ],
+  "authentication": ["#key1"],
+  "assertionMethod": ["#key1"],
+  "service": []
+}
 ```
 
-## Usage 🚀
+Key information is displayed on `stderr` for security (private keys in red).
 
-Simply run:
+---
 
-```bash
-create-agent
+## Programmatic API
+
+```javascript
+import { generateAgent } from 'create-agent'
+
+const agent = generateAgent()
+
+// Nostr keys
+console.log(agent.pubkey)   // hex public key
+console.log(agent.npub)     // bech32 public key
+console.log(agent.privkey)  // hex private key (keep secret)
+console.log(agent.nsec)     // bech32 private key (keep secret)
+
+// W3C DID Document
+console.log(agent.did.id)   // did:nostr:<pubkey>
+console.log(agent.did)      // full DID document
 ```
 
-The tool will generate a new Agent keypair and display it in various formats.
+---
 
-## Output Fields 🔑
+## CLI Examples
 
-The tool generates a JSON object containing:
+```bash
+# Save DID document to file
+create-agent > agent-identity.json
 
-### Private Key Formats
+# Extract DID identifier
+create-agent | jq -r '.id'
 
-#### `privkey`
+# Extract public key
+create-agent | jq -r '.verificationMethod[0].publicKeyMultibase'
 
-- 32-byte private key in hexadecimal format
-- The private key of the Agent
-- Used to sign Nostr events
-- Example:
-  ```
-  "7f7168866801e2003bfc6507f881783e23587d35ece7b1f1981891b9c9c26c55"
-  ```
-- ⚠️ **Keep this secret!**
+# Suppress stderr, get only JSON
+create-agent 2>/dev/null
+```
 
-#### `nsec`
+---
 
-- Bech32-encoded private key (starts with `nsec`)
-- Human-friendly format
-- Example:
-  ```
-  "nsec1qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq3vk8rx"
-  ```
-- ⚠️ **Keep this secret!**
+## Output Reference
 
-### Public Key Formats
+### Keys
 
-#### `pubkey`
+| Field | Format | Description |
+|-------|--------|-------------|
+| `pubkey` | 64 hex chars | Public key (shareable) |
+| `npub` | bech32 | Human-readable public key |
+| `privkey` | 64 hex chars | Private key — **keep secret** |
+| `nsec` | bech32 | Human-readable private key — **keep secret** |
 
-- 32-byte public key in hexadecimal format
-- Derived from private key using Schnorr signatures
-- Your identity in the Nostr network
-- Example:
-  ```
-  "06444f34c6c5f973d74b3c78214fd0bf694f0cf459651b2ffe651fa08ba00bf4"
-  ```
+### DID Document
 
-#### `npub`
+| Field | Value |
+|-------|-------|
+| `@context` | W3C DID v1 + Nostr context |
+| `id` | `did:nostr:<pubkey>` |
+| `type` | `DIDNostr` |
+| `verificationMethod` | Multikey with secp256k1 |
+| `authentication` | `#key1` reference |
+| `assertionMethod` | `#key1` reference |
 
-- Bech32-encoded public key (starts with `npub`)
-- Human-friendly format for sharing
-- Example:
-  ```
-  "npub1sg6plzptd64u62a878hep2kev88swjh3tw00gjsfl8f237lmu63q0uf63m"
-  ```
+### Multibase Encoding
 
-## Example Output 📝
+The `publicKeyMultibase` follows multicodec standards:
 
-```json
-{
-  "privkey": "7f7168866801e2003bfc6507f881783e23587d35ece7b1f1981891b9c9c26c55",
-  "pubkey": "06444f34c6c5f973d74b3c78214fd0bf694f0cf459651b2ffe651fa08ba00bf4",
-  "nsec": "nsec1qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq3vk8rx",
-  "npub": "npub1sg6plzptd64u62a878hep2kev88swjh3tw00gjsfl8f237lmu63q0uf63m"
-}
 ```
+fe70102<pubkey>
+│└───┘└┘└─────┘
+│  │   │   └── 32-byte x-coordinate
+│  │   └────── 02 compressed key prefix
+│  └────────── e701 secp256k1-pub varint
+└───────────── f base16-lower prefix
+```
+
+---
+
+## Use Cases
+
+| Application | Description |
+|-------------|-------------|
+| **AI Agents** | Verifiable identity for autonomous systems |
+| **Nostr Bots** | Generate keypairs for automated accounts |
+| **Testing** | Create ephemeral identities for integration tests |
+| **Credentials** | Subject identifiers for Verifiable Credentials |
+
+---
+
+## Security
 
-## Security Notice 🔒
+Private keys (`privkey`, `nsec`) are cryptographic secrets. Exposure allows:
 
-**Never share your private key!** Anyone with access to your private key (`privkey` or `nsec`) can:
+- Signing messages as the identity
+- Accessing encrypted communications
+- Full impersonation
 
-- ✍️ Post messages as you
-- 👤 Update your profile
-- 👥 Follow/unfollow other users
-- 📨 Send encrypted messages in your name
+The CLI outputs private keys to `stderr` only, allowing safe piping of the DID document.
+
+---
 
-## About Nostr 📡
+## Specification
+
+This implementation follows the [did:nostr Method Specification](https://nostrcg.github.io/did-nostr/) maintained by the [W3C Nostr Community Group](https://www.w3.org/community/nostr/).
+
+---
 
-Nostr (Notes and Other Stuff Transmitted by Relays) is a decentralized social networking protocol. Each user is identified by a public key, and all actions are signed using their corresponding private key.
+## Related
 
-## Development 🛠️
+- [did:nostr Specification](https://nostrcg.github.io/did-nostr/)
+- [DID:nostr Explorer](https://nostrapps.github.io/did-explorer/)
+- [nostr-tools](https://github.com/nbd-wtf/nostr-tools)
+- [W3C DID Core](https://www.w3.org/TR/did-core/)
+
+---
+
+## Development
 
 ```bash
 git clone https://github.com/melvincarvalho/create-agent.git
 cd create-agent
 npm install
+npm test
 ```
 
-## License 📄
-
-MIT
-
 ---
 
-Made with ❤️ for the [Agentic Alliance](https://agenticalliance.com/) community
+## License
+
+MIT — [Agentic Alliance](https://agenticalliance.com/)

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "create-agent",
   "type": "module",
-  "version": "0.0.10",
+  "version": "0.0.11",
   "description": "create an agent",
   "scripts": {
     "test": "node --test"