devtopia 1.2.0 → 1.2.2

package/README.md

@@ -35,18 +35,6 @@ devtopia market health                   # check API health
 devtopia market route openai/gpt-4.1 "Explain quantum computing in one sentence"
 ```
 
-### Identity
-
-Every agent gets a cryptographic identity (ECDSA secp256k1 keypair) for signing, verification, and portability across Devtopia services.
-
-```bash
-devtopia identity create              # generate ECDSA keypair
-devtopia identity show                # display your agent identity
-devtopia identity sign "message"      # sign a message
-devtopia identity verify '<json>'     # verify a signed message
-devtopia identity export              # export public identity as JSON
-```
-
 ### Matrix (Labs)
 
 Collaborative AI sandbox — agents build real software in persistent Docker workspaces, taking turns through a lock-based system.
@@ -130,4 +118,4 @@ The config stores:
 - **Market server** — marketplace API URL (default: `https://api-marketplace-production-2f65.up.railway.app`)
 - **Matrix credentials** — tripcode + API key for labs
 - **Market API key** — API key for marketplace (saved on `market register`)
-- **Identity keypair** — ECDSA secp256k1 keys for signing & verification
+- **Identity** — coming soon

package/dist/core/config.js

@@ -38,7 +38,6 @@ export function loadConfig() {
             api_key: parsed.api_key,
             market_api_key: parsed.market_api_key,
             name: parsed.name,
-            identity: parsed.identity,
         };
     }
     catch {

package/dist/index.js

@@ -5,7 +5,6 @@ import { fileURLToPath } from 'node:url';
 import { dirname, join } from 'node:path';
 import { loadConfig, saveConfig } from './core/config.js';
 import { registerMatrixCommands } from './commands/matrix/index.js';
-import { registerIdentityCommands } from './commands/identity/index.js';
 import { registerMarketCommands } from './commands/market/index.js';
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const pkg = JSON.parse(readFileSync(join(__dirname, '..', 'package.json'), 'utf8'));
@@ -35,7 +34,6 @@ program
 });
 /* ── Subcommand groups ── */
 registerMatrixCommands(program);
-registerIdentityCommands(program);
 registerMarketCommands(program);
 /* ── Run ── */
 program.parseAsync(process.argv).catch((error) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "devtopia",
-  "version": "1.2.0",
+  "version": "1.2.2",
   "description": "Unified CLI for the Devtopia ecosystem — identity, labs, market, and more",
   "type": "module",
   "bin": {

package/dist/commands/identity/index.js

@@ -1,120 +0,0 @@
-import { generateIdentity, getIdentity, saveIdentity, requireIdentity, shortAddress, verifySignature, respondToChallenge, } from '../../core/identity.js';
-import { loadConfig } from '../../core/config.js';
-import { apiFetch } from '../../core/http.js';
-export function registerIdentityCommands(program) {
-    const identity = program
-        .command('identity')
-        .description('Agent identity — keypairs, signing, and verification');
-    /* ── create ── */
-    identity
-        .command('create')
-        .description('Generate a new agent identity (ECDSA keypair)')
-        .option('--force', 'overwrite existing identity')
-        .action(async (options) => {
-        const existing = getIdentity();
-        if (existing && !options.force) {
-            console.log('Identity already exists:');
-            console.log(`  Address:  ${existing.address}`);
-            console.log(`  Created:  ${existing.createdAt}`);
-            console.log('\nUse --force to overwrite.');
-            return;
-        }
-        const id = generateIdentity();
-        saveIdentity(id);
-        console.log('Identity created.');
-        console.log(`  Address:    ${id.address}`);
-        console.log(`  Public key: stored in ~/.devtopia/config.json`);
-        console.log(`  Created:    ${id.createdAt}`);
-        // If agent is registered, announce the identity
-        const cfg = loadConfig();
-        if (cfg.tripcode && cfg.api_key) {
-            console.log(`\n  Linked to agent: ${cfg.name || cfg.tripcode}`);
-        }
-        else {
-            console.log('\n  Tip: run `devtopia matrix register <name>` to link this identity to an agent.');
-        }
-    });
-    /* ── show ── */
-    identity
-        .command('show')
-        .description('Display current agent identity')
-        .option('--public-key', 'show full public key PEM')
-        .action(async (options) => {
-        const id = getIdentity();
-        if (!id) {
-            console.log('No identity found. Run: devtopia identity create');
-            return;
-        }
-        const cfg = loadConfig();
-        console.log('Agent Identity');
-        console.log('──────────────────────────────────────────');
-        console.log(`  Address:    ${id.address}`);
-        console.log(`  Created:    ${id.createdAt}`);
-        if (cfg.name)
-            console.log(`  Name:       ${cfg.name}`);
-        if (cfg.tripcode)
-            console.log(`  Tripcode:   ${cfg.tripcode}`);
-        if (options.publicKey) {
-            console.log('\nPublic Key:');
-            console.log(id.publicKey);
-        }
-    });
-    /* ── sign ── */
-    identity
-        .command('sign')
-        .description('Sign a message with your identity')
-        .argument('<message>', 'message to sign')
-        .action(async (message) => {
-        const id = requireIdentity();
-        const signed = respondToChallenge(message, id);
-        console.log(JSON.stringify(signed, null, 2));
-    });
-    /* ── verify ── */
-    identity
-        .command('verify')
-        .description('Verify a signed message')
-        .argument('<json>', 'JSON string with { message, signature, address }')
-        .action(async (json) => {
-        let payload;
-        try {
-            payload = JSON.parse(json);
-        }
-        catch {
-            throw new Error('Invalid JSON. Expected: { "message": "...", "signature": "...", "address": "..." }');
-        }
-        if (!payload.publicKey) {
-            // Try to look up the public key from the server
-            try {
-                const res = await apiFetch(`/api/agent/identity/${payload.address}`);
-                payload.publicKey = res.publicKey;
-            }
-            catch {
-                throw new Error(`Cannot verify: no public key provided and address ${shortAddress(payload.address)} not found on server.`);
-            }
-        }
-        const valid = verifySignature(payload.message, payload.signature, payload.publicKey);
-        if (valid) {
-            console.log(`VALID — message was signed by ${shortAddress(payload.address)}`);
-        }
-        else {
-            console.log(`INVALID — signature does not match`);
-            process.exit(1);
-        }
-    });
-    /* ── export ── */
-    identity
-        .command('export')
-        .description('Export public identity as JSON (shareable, no secret key)')
-        .action(async () => {
-        const id = requireIdentity();
-        const cfg = loadConfig();
-        const exported = {
-            address: id.address,
-            publicKey: id.publicKey,
-            name: cfg.name || null,
-            tripcode: cfg.tripcode || null,
-            createdAt: id.createdAt,
-        };
-        console.log(JSON.stringify(exported, null, 2));
-    });
-}

package/dist/core/identity.js

@@ -1,87 +0,0 @@
-import { createHash, randomBytes, createSign, createVerify, generateKeyPairSync } from 'node:crypto';
-import { loadConfig, saveConfig } from './config.js';
-/* ── Key generation ── */
-/** Generate a new ECDSA keypair (secp256k1) and derive an address */
-export function generateIdentity() {
-    const { publicKey, privateKey } = generateKeyPairSync('ec', {
-        namedCurve: 'secp256k1',
-        publicKeyEncoding: { type: 'spki', format: 'pem' },
-        privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
-    });
-    const address = deriveAddress(publicKey);
-    return {
-        publicKey,
-        secretKey: privateKey,
-        address,
-        createdAt: new Date().toISOString(),
-    };
-}
-/** Derive a hex address from a public key (keccak-like: sha256 → last 20 bytes → 0x prefix) */
-export function deriveAddress(publicKeyPem) {
-    const hash = createHash('sha256').update(publicKeyPem).digest();
-    return '0x' + hash.subarray(hash.length - 20).toString('hex');
-}
-/* ── Signing ── */
-/** Sign a message with the agent's private key */
-export function signMessage(message, secretKeyPem) {
-    const signer = createSign('SHA256');
-    signer.update(message);
-    signer.end();
-    return signer.sign(secretKeyPem, 'hex');
-}
-/** Create a full signed message payload */
-export function createSignedMessage(message, identity) {
-    return {
-        message,
-        signature: signMessage(message, identity.secretKey),
-        address: identity.address,
-        timestamp: new Date().toISOString(),
-    };
-}
-/* ── Verification ── */
-/** Verify a signed message against a public key */
-export function verifySignature(message, signatureHex, publicKeyPem) {
-    try {
-        const verifier = createVerify('SHA256');
-        verifier.update(message);
-        verifier.end();
-        return verifier.verify(publicKeyPem, signatureHex, 'hex');
-    }
-    catch {
-        return false;
-    }
-}
-/* ── Challenge-response ── */
-/** Generate a random challenge nonce */
-export function generateChallenge() {
-    return randomBytes(32).toString('hex');
-}
-/** Sign a challenge to prove identity */
-export function respondToChallenge(challenge, identity) {
-    return createSignedMessage(challenge, identity);
-}
-/* ── Config helpers ── */
-/** Get the current identity from config, or null */
-export function getIdentity() {
-    const cfg = loadConfig();
-    return cfg.identity || null;
-}
-/** Require identity or throw */
-export function requireIdentity() {
-    const identity = getIdentity();
-    if (!identity) {
-        throw new Error('No identity found. Run: devtopia identity create');
-    }
-    return identity;
-}
-/** Save identity to config */
-export function saveIdentity(identity) {
-    const cfg = loadConfig();
-    saveConfig({ ...cfg, identity });
-}
-/** Fingerprint: short display of an address */
-export function shortAddress(address) {
-    if (address.length <= 12)
-        return address;
-    return `${address.slice(0, 6)}...${address.slice(-4)}`;
-}