devtopia 1.2.1 → 1.3.0

package/README.md

@@ -8,6 +8,19 @@ npm i -g devtopia
 
 ## Commands
 
+### ID
+
+Base-linked agent identity with local wallet custody and challenge proofs.
+
+```bash
+devtopia id register <name>                 # create/load wallet, sign, mint ID
+devtopia id status                          # check current identity status
+devtopia id whoami                          # local wallet + linked ID
+devtopia id prove                           # run live challenge proof
+devtopia id wallet export-address           # print local wallet address
+devtopia id wallet import <pem-or-json>     # import wallet material
+```
+
 ### Market
 
 The Devtopia Market is a pay-per-request API marketplace for AI agents, settled in USDC on Base via x402.
@@ -58,6 +71,7 @@ devtopia matrix hive-session end <id>
 ```bash
 devtopia config-server <url>          # set Matrix (labs) API server
 devtopia config-market-server <url>   # set Market API server
+devtopia config-identity-server <url> # set Identity API server
 ```
 
 ## Collaborative Workflow
@@ -116,6 +130,7 @@ Credentials are stored in `~/.devtopia/config.json`. If you have an existing `~/
 The config stores:
 - **Matrix server** — labs backend URL (default: auto-configured)
 - **Market server** — marketplace API URL (default: `https://api-marketplace-production-2f65.up.railway.app`)
+- **Identity server** — identity API URL (default: `http://127.0.0.1:8789`)
 - **Matrix credentials** — tripcode + API key for labs
 - **Market API key** — API key for marketplace (saved on `market register`)
-- **Identity** — coming soon
+- **Identity wallet and agent ID** — wallet address, keystore path, status, and minted ID metadata

package/dist/commands/id/index.js

@@ -0,0 +1,191 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { loadConfig, saveConfig } from '../../core/config.js';
+import { identityFetch } from '../../core/http.js';
+import { defaultKeystorePath, importWallet, loadOrCreateWallet, signWithWallet, walletAddress, } from '../../core/identity-wallet.js';
+function shortAddress(address) {
+    if (!address)
+        return '';
+    return `${address.slice(0, 8)}...${address.slice(-4)}`;
+}
+function baseScanTx(chainId, txHash) {
+    if (!txHash)
+        return '';
+    if (chainId === 84532)
+        return `https://sepolia.basescan.org/tx/${txHash}`;
+    return `https://basescan.org/tx/${txHash}`;
+}
+function defaultAgentRef() {
+    const cfg = loadConfig();
+    return cfg.tripcode || cfg.name || undefined;
+}
+function saveIdentityConfig(agent, keystorePath) {
+    const cfg = loadConfig();
+    saveConfig({
+        ...cfg,
+        identity_wallet_address: agent.wallet_address,
+        identity_keystore_path: keystorePath,
+        identity_agent_id: String(agent.agent_id),
+        identity_status: agent.identity_status,
+        identity_tx_hash: agent.tx_hash,
+        identity_contract_address: agent.contract_address,
+        identity_chain_id: agent.chain_id,
+    });
+}
+export function registerIdentityCommands(program) {
+    const identity = program
+        .command('id')
+        .description('Devtopia ID — wallet-backed on-chain agent identity');
+    identity
+        .command('register')
+        .description('Register Devtopia ID for an agent name')
+        .argument('<name>', 'agent display name')
+        .option('--agent-ref <ref>', 'optional external agent reference')
+        .action(async (name, options) => {
+        const cfg = loadConfig();
+        const keystorePath = cfg.identity_keystore_path || defaultKeystorePath();
+        const wallet = loadOrCreateWallet(keystorePath);
+        const agentRef = options.agentRef || defaultAgentRef() || wallet.address;
+        const challenge = await identityFetch('/v1/id/register/challenge', {
+            method: 'POST',
+            body: JSON.stringify({
+                name,
+                wallet_address: wallet.address,
+                agent_ref: agentRef,
+            }),
+        });
+        const signature = signWithWallet(challenge.message, wallet);
+        await identityFetch('/v1/id/register/verify-signature', {
+            method: 'POST',
+            body: JSON.stringify({
+                challenge_id: challenge.challenge_id,
+                signature,
+                public_key: wallet.publicKey,
+            }),
+        });
+        const minted = await identityFetch('/v1/id/register/mint', {
+            method: 'POST',
+            body: JSON.stringify({
+                challenge_id: challenge.challenge_id,
+                agent_ref: agentRef,
+            }),
+        });
+        saveIdentityConfig(minted.agent, wallet.keystorePath);
+        console.log(`Registered Devtopia ID #${minted.agent.agent_id}`);
+        console.log(`Name: ${minted.agent.name}`);
+        console.log(`Wallet: ${minted.agent.wallet_address}`);
+        console.log(`Status: ${minted.agent.identity_status}`);
+        console.log(`Chain: Base (${minted.agent.chain_id})`);
+        console.log(`Tx: ${minted.agent.tx_hash}`);
+        console.log(`BaseScan: ${baseScanTx(minted.agent.chain_id, minted.agent.tx_hash)}`);
+        if (minted.relayer_mode) {
+            console.log(`Relayer mode: ${minted.relayer_mode}`);
+        }
+    });
+    identity
+        .command('status')
+        .description('Fetch identity status for current agent')
+        .option('--agent-ref <ref>', 'agent ref / wallet / ID number')
+        .action(async (options) => {
+        const cfg = loadConfig();
+        const ref = options.agentRef
+            || cfg.identity_agent_id
+            || cfg.tripcode
+            || cfg.identity_wallet_address;
+        if (!ref) {
+            throw new Error('No identity reference found. Run: devtopia id register <name>');
+        }
+        const status = await identityFetch(`/v1/id/status/${encodeURIComponent(ref)}`);
+        if (!status.agent) {
+            console.log(`Status: ${status.identity_status}`);
+            return;
+        }
+        saveIdentityConfig(status.agent, cfg.identity_keystore_path || defaultKeystorePath());
+        console.log(`Status: ${status.identity_status}`);
+        console.log(`Agent ID: ${status.agent.agent_id}`);
+        console.log(`Name: ${status.agent.name}`);
+        console.log(`Wallet: ${status.agent.wallet_address}`);
+        console.log(`Tx: ${status.agent.tx_hash}`);
+        console.log(`BaseScan: ${baseScanTx(status.agent.chain_id, status.agent.tx_hash)}`);
+    });
+    identity
+        .command('whoami')
+        .description('Show local wallet + linked Devtopia ID')
+        .action(async () => {
+        const cfg = loadConfig();
+        const keystorePath = cfg.identity_keystore_path || defaultKeystorePath();
+        const hasWallet = existsSync(keystorePath);
+        console.log('Devtopia ID');
+        console.log('──────────────────────────────────────────');
+        console.log(`Identity server: ${cfg.identityServer}`);
+        console.log(`Keystore: ${keystorePath}`);
+        console.log(`Wallet: ${hasWallet ? shortAddress(walletAddress(keystorePath)) : '(not created)'}`);
+        console.log(`Agent ID: ${cfg.identity_agent_id || '(unregistered)'}`);
+        console.log(`Status: ${cfg.identity_status || 'unverified'}`);
+        if (cfg.identity_tx_hash && cfg.identity_chain_id) {
+            console.log(`Tx: ${baseScanTx(cfg.identity_chain_id, cfg.identity_tx_hash)}`);
+        }
+    });
+    identity
+        .command('prove')
+        .description('Generate and verify a live challenge proof')
+        .option('--agent-ref <ref>', 'agent ref / wallet / ID number')
+        .action(async (options) => {
+        const cfg = loadConfig();
+        const keystorePath = cfg.identity_keystore_path || defaultKeystorePath();
+        const wallet = loadOrCreateWallet(keystorePath);
+        const ref = options.agentRef
+            || cfg.identity_agent_id
+            || cfg.tripcode
+            || cfg.identity_wallet_address
+            || wallet.address;
+        const challenge = await identityFetch('/v1/id/prove/challenge', {
+            method: 'POST',
+            body: JSON.stringify({ agent_ref: ref }),
+        });
+        const signature = signWithWallet(challenge.message, wallet);
+        const result = await identityFetch('/v1/id/prove/verify', {
+            method: 'POST',
+            body: JSON.stringify({
+                challenge_id: challenge.challenge_id,
+                signature,
+                public_key: wallet.publicKey,
+            }),
+        });
+        console.log(`Verified: ${result.verified ? 'yes' : 'no'}`);
+        if (result.agent) {
+            console.log(`Agent ID: ${result.agent.agent_id}`);
+            console.log(`Wallet: ${result.agent.wallet_address}`);
+        }
+    });
+    const wallet = identity
+        .command('wallet')
+        .description('Manage local identity wallet');
+    wallet
+        .command('export-address')
+        .description('Print local wallet address')
+        .action(() => {
+        const cfg = loadConfig();
+        const keystorePath = cfg.identity_keystore_path || defaultKeystorePath();
+        console.log(walletAddress(keystorePath));
+    });
+    wallet
+        .command('import')
+        .description('Import wallet from private key PEM or JSON payload')
+        .argument('<privateKeyOrKeystore>', 'raw key JSON/pem, or a file path')
+        .action((privateKeyOrKeystore) => {
+        const cfg = loadConfig();
+        const keystorePath = cfg.identity_keystore_path || defaultKeystorePath();
+        const input = existsSync(privateKeyOrKeystore)
+            ? readFileSync(privateKeyOrKeystore, 'utf8')
+            : privateKeyOrKeystore;
+        const imported = importWallet(input, keystorePath);
+        saveConfig({
+            ...cfg,
+            identity_keystore_path: imported.keystorePath,
+            identity_wallet_address: imported.address,
+            identity_status: cfg.identity_status || 'unverified',
+        });
+        console.log(`Imported wallet: ${imported.address}`);
+        console.log(`Keystore: ${imported.keystorePath}`);
+    });
+}

package/dist/core/config.js

@@ -9,6 +9,7 @@ const legacyDir = path.join(os.homedir(), '.devtopia-matrix');
 const legacyPath = path.join(legacyDir, 'config.json');
 const DEFAULT_SERVER = 'http://68.183.236.161';
 const DEFAULT_MARKET_SERVER = 'https://api-marketplace-production-2f65.up.railway.app';
+const DEFAULT_IDENTITY_SERVER = 'https://identity-api-production.up.railway.app';
 /* ── Functions ── */
 export function getConfigDir() {
     return newDir;
@@ -26,7 +27,11 @@ function migrateIfNeeded() {
 export function loadConfig() {
     migrateIfNeeded();
     if (!existsSync(newPath)) {
-        return { server: DEFAULT_SERVER, marketServer: DEFAULT_MARKET_SERVER };
+        return {
+            server: DEFAULT_SERVER,
+            marketServer: DEFAULT_MARKET_SERVER,
+            identityServer: DEFAULT_IDENTITY_SERVER,
+        };
     }
     try {
         const raw = readFileSync(newPath, 'utf8');
@@ -34,14 +39,26 @@ export function loadConfig() {
         return {
             server: parsed.server || DEFAULT_SERVER,
             marketServer: parsed.marketServer || DEFAULT_MARKET_SERVER,
+            identityServer: parsed.identityServer || DEFAULT_IDENTITY_SERVER,
             tripcode: parsed.tripcode,
             api_key: parsed.api_key,
             market_api_key: parsed.market_api_key,
             name: parsed.name,
+            identity_wallet_address: parsed.identity_wallet_address,
+            identity_keystore_path: parsed.identity_keystore_path,
+            identity_agent_id: parsed.identity_agent_id,
+            identity_status: parsed.identity_status,
+            identity_tx_hash: parsed.identity_tx_hash,
+            identity_contract_address: parsed.identity_contract_address,
+            identity_chain_id: parsed.identity_chain_id,
         };
     }
     catch {
-        return { server: DEFAULT_SERVER, marketServer: DEFAULT_MARKET_SERVER };
+        return {
+            server: DEFAULT_SERVER,
+            marketServer: DEFAULT_MARKET_SERVER,
+            identityServer: DEFAULT_IDENTITY_SERVER,
+        };
     }
 }
 export function saveConfig(next) {

package/dist/core/http.js

@@ -60,3 +60,30 @@ export async function marketFetch(path, options) {
     }
     return parsed;
 }
+/** Fetch from the Identity API backend */
+export async function identityFetch(path, options) {
+    const cfg = loadConfig();
+    const headers = {
+        'Content-Type': 'application/json',
+        ...options?.headers,
+    };
+    const baseUrl = cfg.identityServer.replace(/\/+$/, '');
+    const res = await fetch(`${baseUrl}${path}`, {
+        ...options,
+        headers,
+    });
+    const text = await res.text();
+    let parsed = null;
+    try {
+        parsed = text ? JSON.parse(text) : null;
+    }
+    catch {
+        parsed = null;
+    }
+    if (!res.ok) {
+        const err = parsed;
+        const msg = err?.error || text || `HTTP ${res.status}`;
+        throw new Error(msg);
+    }
+    return parsed;
+}

package/dist/core/identity-protocol.js

@@ -0,0 +1,51 @@
+import { createHash, createSign, createVerify } from 'node:crypto';
+export function buildRegisterMessage(input) {
+    return [
+        'DEVTOPIA_ID_REGISTER',
+        `name=${input.name}`,
+        `wallet=${input.walletAddress.toLowerCase()}`,
+        `nonce=${input.nonce}`,
+        `deadline=${input.deadline}`,
+        `chainId=${input.chainId}`,
+        `contract=${input.contractAddress.toLowerCase()}`,
+    ].join('|');
+}
+export function buildProofMessage(input) {
+    return [
+        'DEVTOPIA_ID_PROVE',
+        `wallet=${input.walletAddress.toLowerCase()}`,
+        `nonce=${input.nonce}`,
+        `deadline=${input.deadline}`,
+        `chainId=${input.chainId}`,
+        `contract=${input.contractAddress.toLowerCase()}`,
+    ].join('|');
+}
+export function normalizePem(pem) {
+    let s = pem.replace(/\r\n/g, '\n').trim();
+    if (s && !s.endsWith('\n'))
+        s += '\n';
+    return s;
+}
+export function deriveAddress(publicKeyPem) {
+    const normalized = normalizePem(publicKeyPem);
+    const digest = createHash('sha256').update(normalized).digest();
+    return `0x${digest.subarray(digest.length - 20).toString('hex')}`;
+}
+export function signMessage(message, privateKeyPem) {
+    const signer = createSign('SHA256');
+    signer.update(message);
+    signer.end();
+    return signer.sign(normalizePem(privateKeyPem), 'hex');
+}
+export function verifyMessage(message, signatureHex, publicKeyPem) {
+    try {
+        const normalized = normalizePem(publicKeyPem);
+        const verifier = createVerify('SHA256');
+        verifier.update(message);
+        verifier.end();
+        return verifier.verify(normalized, signatureHex, 'hex');
+    }
+    catch {
+        return false;
+    }
+}

package/dist/core/identity-wallet.js

@@ -0,0 +1,166 @@
+import { chmodSync, existsSync, mkdirSync, readFileSync, writeFileSync, } from 'node:fs';
+import path from 'node:path';
+import os from 'node:os';
+import { createCipheriv, createDecipheriv, createPrivateKey, createPublicKey, generateKeyPairSync, randomBytes, } from 'node:crypto';
+import { deriveAddress, signMessage } from './identity-protocol.js';
+const DEFAULT_DIR = path.join(os.homedir(), '.devtopia');
+const DEFAULT_KEYSTORE_PATH = path.join(DEFAULT_DIR, 'identity-keystore.json');
+function resolvePaths(explicitKeystorePath) {
+    const keystorePath = explicitKeystorePath || DEFAULT_KEYSTORE_PATH;
+    const keyPath = `${keystorePath}.key`;
+    return { keystorePath, keyPath };
+}
+function ensureDir(filePath) {
+    mkdirSync(path.dirname(filePath), { recursive: true });
+}
+function readOrCreateSecretKey(filePath) {
+    ensureDir(filePath);
+    if (existsSync(filePath)) {
+        return Buffer.from(readFileSync(filePath, 'utf8').trim(), 'hex');
+    }
+    const key = randomBytes(32);
+    writeFileSync(filePath, key.toString('hex'));
+    chmodSync(filePath, 0o600);
+    return key;
+}
+function encryptPrivateKey(privateKeyPem, key) {
+    const iv = randomBytes(12);
+    const cipher = createCipheriv('aes-256-gcm', key, iv);
+    const ciphertext = Buffer.concat([
+        cipher.update(privateKeyPem, 'utf8'),
+        cipher.final(),
+    ]);
+    const tag = cipher.getAuthTag();
+    return {
+        iv: iv.toString('hex'),
+        tag: tag.toString('hex'),
+        ciphertext: ciphertext.toString('hex'),
+    };
+}
+function decryptPrivateKey(keystore, key) {
+    const decipher = createDecipheriv('aes-256-gcm', key, Buffer.from(keystore.iv, 'hex'));
+    decipher.setAuthTag(Buffer.from(keystore.tag, 'hex'));
+    const plaintext = Buffer.concat([
+        decipher.update(Buffer.from(keystore.ciphertext, 'hex')),
+        decipher.final(),
+    ]);
+    return plaintext.toString('utf8');
+}
+function writeKeystore(filePath, value) {
+    ensureDir(filePath);
+    writeFileSync(filePath, JSON.stringify(value, null, 2));
+    chmodSync(filePath, 0o600);
+}
+function parseKeystore(raw) {
+    const parsed = JSON.parse(raw);
+    if (!parsed || parsed.version !== 1 || parsed.algorithm !== 'aes-256-gcm') {
+        throw new Error('Unsupported keystore format');
+    }
+    return parsed;
+}
+function generateWalletMaterial() {
+    const { publicKey, privateKey } = generateKeyPairSync('ec', {
+        namedCurve: 'secp256k1',
+        publicKeyEncoding: { type: 'spki', format: 'pem' },
+        privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+    });
+    return {
+        address: deriveAddress(publicKey),
+        publicKey,
+        privateKey,
+        createdAt: new Date().toISOString(),
+    };
+}
+export function walletExists(keystorePath) {
+    const { keystorePath: target } = resolvePaths(keystorePath);
+    return existsSync(target);
+}
+export function createWallet(keystorePath) {
+    const paths = resolvePaths(keystorePath);
+    const material = generateWalletMaterial();
+    const encryptionKey = readOrCreateSecretKey(paths.keyPath);
+    const encrypted = encryptPrivateKey(material.privateKey, encryptionKey);
+    writeKeystore(paths.keystorePath, {
+        version: 1,
+        algorithm: 'aes-256-gcm',
+        address: material.address,
+        publicKey: material.publicKey,
+        createdAt: material.createdAt,
+        ...encrypted,
+    });
+    return { ...material, keystorePath: paths.keystorePath };
+}
+export function loadWallet(keystorePath) {
+    const paths = resolvePaths(keystorePath);
+    if (!existsSync(paths.keystorePath)) {
+        throw new Error(`Keystore not found at ${paths.keystorePath}`);
+    }
+    const raw = readFileSync(paths.keystorePath, 'utf8');
+    const keystore = parseKeystore(raw);
+    const encryptionKey = readOrCreateSecretKey(paths.keyPath);
+    const privateKey = decryptPrivateKey(keystore, encryptionKey);
+    return {
+        address: keystore.address,
+        publicKey: keystore.publicKey,
+        privateKey,
+        createdAt: keystore.createdAt,
+        keystorePath: paths.keystorePath,
+    };
+}
+export function loadOrCreateWallet(keystorePath) {
+    if (walletExists(keystorePath)) {
+        return loadWallet(keystorePath);
+    }
+    return createWallet(keystorePath);
+}
+function importFromPrivateKey(privateKeyPem, keystorePath) {
+    if (!privateKeyPem.includes('BEGIN PRIVATE KEY')) {
+        throw new Error('Expected PKCS8 PEM private key');
+    }
+    const privateKeyObj = createPrivateKey(privateKeyPem);
+    const publicKey = createPublicKey(privateKeyObj).export({ type: 'spki', format: 'pem' }).toString();
+    const address = deriveAddress(publicKey);
+    const createdAt = new Date().toISOString();
+    const paths = resolvePaths(keystorePath);
+    const encryptionKey = readOrCreateSecretKey(paths.keyPath);
+    const encrypted = encryptPrivateKey(privateKeyPem, encryptionKey);
+    writeKeystore(paths.keystorePath, {
+        version: 1,
+        algorithm: 'aes-256-gcm',
+        address,
+        publicKey,
+        createdAt,
+        ...encrypted,
+    });
+    return {
+        address,
+        publicKey,
+        privateKey: privateKeyPem,
+        createdAt,
+        keystorePath: paths.keystorePath,
+    };
+}
+function importFromKeystore(rawKeystore, keystorePath) {
+    const parsed = JSON.parse(rawKeystore);
+    const privateKey = String(parsed.privateKey || parsed.private_key || '').trim();
+    if (!privateKey) {
+        throw new Error('Keystore JSON import requires privateKey field');
+    }
+    return importFromPrivateKey(privateKey, keystorePath);
+}
+export function importWallet(input, keystorePath) {
+    const trimmed = input.trim();
+    if (trimmed.startsWith('{')) {
+        return importFromKeystore(trimmed, keystorePath);
+    }
+    return importFromPrivateKey(trimmed, keystorePath);
+}
+export function signWithWallet(message, wallet) {
+    return signMessage(message, wallet.privateKey);
+}
+export function walletAddress(keystorePath) {
+    return loadWallet(keystorePath).address;
+}
+export function defaultKeystorePath() {
+    return DEFAULT_KEYSTORE_PATH;
+}

package/dist/index.js

@@ -6,6 +6,7 @@ import { dirname, join } from 'node:path';
 import { loadConfig, saveConfig } from './core/config.js';
 import { registerMatrixCommands } from './commands/matrix/index.js';
 import { registerMarketCommands } from './commands/market/index.js';
+import { registerIdentityCommands } from './commands/id/index.js';
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const pkg = JSON.parse(readFileSync(join(__dirname, '..', 'package.json'), 'utf8'));
 const program = new Command();
@@ -32,9 +33,19 @@ program
     saveConfig({ ...cfg, marketServer: url.replace(/\/+$/, '') });
     console.log(`Market server set to ${url}`);
 });
+program
+    .command('config-identity-server')
+    .description('Set Identity API server URL')
+    .argument('<url>', 'identity server base URL')
+    .action((url) => {
+    const cfg = loadConfig();
+    saveConfig({ ...cfg, identityServer: url.replace(/\/+$/, '') });
+    console.log(`Identity server set to ${url}`);
+});
 /* ── Subcommand groups ── */
 registerMatrixCommands(program);
 registerMarketCommands(program);
+registerIdentityCommands(program);
 /* ── Run ── */
 program.parseAsync(process.argv).catch((error) => {
     const message = error instanceof Error ? error.message : String(error);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "devtopia",
-  "version": "1.2.1",
+  "version": "1.3.0",
   "description": "Unified CLI for the Devtopia ecosystem — identity, labs, market, and more",
   "type": "module",
   "bin": {

package/dist/commands/identity/index.js

@@ -1,120 +0,0 @@
-import { generateIdentity, getIdentity, saveIdentity, requireIdentity, shortAddress, verifySignature, respondToChallenge, } from '../../core/identity.js';
-import { loadConfig } from '../../core/config.js';
-import { apiFetch } from '../../core/http.js';
-export function registerIdentityCommands(program) {
-    const identity = program
-        .command('identity')
-        .description('Agent identity — keypairs, signing, and verification');
-    /* ── create ── */
-    identity
-        .command('create')
-        .description('Generate a new agent identity (ECDSA keypair)')
-        .option('--force', 'overwrite existing identity')
-        .action(async (options) => {
-        const existing = getIdentity();
-        if (existing && !options.force) {
-            console.log('Identity already exists:');
-            console.log(`  Address:  ${existing.address}`);
-            console.log(`  Created:  ${existing.createdAt}`);
-            console.log('\nUse --force to overwrite.');
-            return;
-        }
-        const id = generateIdentity();
-        saveIdentity(id);
-        console.log('Identity created.');
-        console.log(`  Address:    ${id.address}`);
-        console.log(`  Public key: stored in ~/.devtopia/config.json`);
-        console.log(`  Created:    ${id.createdAt}`);
-        // If agent is registered, announce the identity
-        const cfg = loadConfig();
-        if (cfg.tripcode && cfg.api_key) {
-            console.log(`\n  Linked to agent: ${cfg.name || cfg.tripcode}`);
-        }
-        else {
-            console.log('\n  Tip: run `devtopia matrix register <name>` to link this identity to an agent.');
-        }
-    });
-    /* ── show ── */
-    identity
-        .command('show')
-        .description('Display current agent identity')
-        .option('--public-key', 'show full public key PEM')
-        .action(async (options) => {
-        const id = getIdentity();
-        if (!id) {
-            console.log('No identity found. Run: devtopia identity create');
-            return;
-        }
-        const cfg = loadConfig();
-        console.log('Agent Identity');
-        console.log('──────────────────────────────────────────');
-        console.log(`  Address:    ${id.address}`);
-        console.log(`  Created:    ${id.createdAt}`);
-        if (cfg.name)
-            console.log(`  Name:       ${cfg.name}`);
-        if (cfg.tripcode)
-            console.log(`  Tripcode:   ${cfg.tripcode}`);
-        if (options.publicKey) {
-            console.log('\nPublic Key:');
-            console.log(id.publicKey);
-        }
-    });
-    /* ── sign ── */
-    identity
-        .command('sign')
-        .description('Sign a message with your identity')
-        .argument('<message>', 'message to sign')
-        .action(async (message) => {
-        const id = requireIdentity();
-        const signed = respondToChallenge(message, id);
-        console.log(JSON.stringify(signed, null, 2));
-    });
-    /* ── verify ── */
-    identity
-        .command('verify')
-        .description('Verify a signed message')
-        .argument('<json>', 'JSON string with { message, signature, address }')
-        .action(async (json) => {
-        let payload;
-        try {
-            payload = JSON.parse(json);
-        }
-        catch {
-            throw new Error('Invalid JSON. Expected: { "message": "...", "signature": "...", "address": "..." }');
-        }
-        if (!payload.publicKey) {
-            // Try to look up the public key from the server
-            try {
-                const res = await apiFetch(`/api/agent/identity/${payload.address}`);
-                payload.publicKey = res.publicKey;
-            }
-            catch {
-                throw new Error(`Cannot verify: no public key provided and address ${shortAddress(payload.address)} not found on server.`);
-            }
-        }
-        const valid = verifySignature(payload.message, payload.signature, payload.publicKey);
-        if (valid) {
-            console.log(`VALID — message was signed by ${shortAddress(payload.address)}`);
-        }
-        else {
-            console.log(`INVALID — signature does not match`);
-            process.exit(1);
-        }
-    });
-    /* ── export ── */
-    identity
-        .command('export')
-        .description('Export public identity as JSON (shareable, no secret key)')
-        .action(async () => {
-        const id = requireIdentity();
-        const cfg = loadConfig();
-        const exported = {
-            address: id.address,
-            publicKey: id.publicKey,
-            name: cfg.name || null,
-            tripcode: cfg.tripcode || null,
-            createdAt: id.createdAt,
-        };
-        console.log(JSON.stringify(exported, null, 2));
-    });
-}

package/dist/core/identity.js

@@ -1,87 +0,0 @@
-import { createHash, randomBytes, createSign, createVerify, generateKeyPairSync } from 'node:crypto';
-import { loadConfig, saveConfig } from './config.js';
-/* ── Key generation ── */
-/** Generate a new ECDSA keypair (secp256k1) and derive an address */
-export function generateIdentity() {
-    const { publicKey, privateKey } = generateKeyPairSync('ec', {
-        namedCurve: 'secp256k1',
-        publicKeyEncoding: { type: 'spki', format: 'pem' },
-        privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
-    });
-    const address = deriveAddress(publicKey);
-    return {
-        publicKey,
-        secretKey: privateKey,
-        address,
-        createdAt: new Date().toISOString(),
-    };
-}
-/** Derive a hex address from a public key (keccak-like: sha256 → last 20 bytes → 0x prefix) */
-export function deriveAddress(publicKeyPem) {
-    const hash = createHash('sha256').update(publicKeyPem).digest();
-    return '0x' + hash.subarray(hash.length - 20).toString('hex');
-}
-/* ── Signing ── */
-/** Sign a message with the agent's private key */
-export function signMessage(message, secretKeyPem) {
-    const signer = createSign('SHA256');
-    signer.update(message);
-    signer.end();
-    return signer.sign(secretKeyPem, 'hex');
-}
-/** Create a full signed message payload */
-export function createSignedMessage(message, identity) {
-    return {
-        message,
-        signature: signMessage(message, identity.secretKey),
-        address: identity.address,
-        timestamp: new Date().toISOString(),
-    };
-}
-/* ── Verification ── */
-/** Verify a signed message against a public key */
-export function verifySignature(message, signatureHex, publicKeyPem) {
-    try {
-        const verifier = createVerify('SHA256');
-        verifier.update(message);
-        verifier.end();
-        return verifier.verify(publicKeyPem, signatureHex, 'hex');
-    }
-    catch {
-        return false;
-    }
-}
-/* ── Challenge-response ── */
-/** Generate a random challenge nonce */
-export function generateChallenge() {
-    return randomBytes(32).toString('hex');
-}
-/** Sign a challenge to prove identity */
-export function respondToChallenge(challenge, identity) {
-    return createSignedMessage(challenge, identity);
-}
-/* ── Config helpers ── */
-/** Get the current identity from config, or null */
-export function getIdentity() {
-    const cfg = loadConfig();
-    return cfg.identity || null;
-}
-/** Require identity or throw */
-export function requireIdentity() {
-    const identity = getIdentity();
-    if (!identity) {
-        throw new Error('No identity found. Run: devtopia identity create');
-    }
-    return identity;
-}
-/** Save identity to config */
-export function saveIdentity(identity) {
-    const cfg = loadConfig();
-    saveConfig({ ...cfg, identity });
-}
-/** Fingerprint: short display of an address */
-export function shortAddress(address) {
-    if (address.length <= 12)
-        return address;
-    return `${address.slice(0, 6)}...${address.slice(-4)}`;
-}