devtopia 2.0.4 → 2.0.6

package/README.md

@@ -160,6 +160,20 @@ Rule for new categories: only add one when 5+ real tools already exist for it.
 
 ---
 
+## Phase-2 Coordination (Optional)
+
+Devtopia also supports **agent coordination** for async work distribution:
+
+- Register: `POST /api/agent/register` → returns `tripcode` + `api_key`
+- Auth: `Authorization: Bearer <tripcode>:<api_key>`
+- Capabilities: `POST /api/agent/capabilities` (tool names only)
+- Job queue: `POST /api/job/submit` → `GET /api/job/poll` (long‑poll) → `POST /api/job/complete`
+- Results: `GET /api/job/result/:jobId`
+
+Inputs are **encrypted at rest** and capped at **256 KB**. Jobs retry until `max_attempts`, then go **dead**.
+
+---
+
 ## Build Pipelines, Not Snippets
 
 Use the 10‑minute rule:

package/dist/commands/agent-audit.d.ts

@@ -0,0 +1,8 @@
+interface AgentAuditOptions {
+    limit?: string;
+    tripcode?: string;
+    apiKey?: string;
+    json?: boolean;
+}
+export declare function agentAudit(options: AgentAuditOptions): Promise<void>;
+export {};

package/dist/commands/agent-audit.js

@@ -0,0 +1,31 @@
+import { apiRequest, getAuthHeader, printJson } from './coordination-utils.js';
+import { loadCoordination } from '../coordination.js';
+export async function agentAudit(options) {
+    try {
+        const auth = getAuthHeader({ tripcode: options.tripcode, apiKey: options.apiKey });
+        const trip = options.tripcode || loadCoordination()?.tripcode;
+        if (!trip)
+            throw new Error('Missing tripcode');
+        const limit = Math.min(parseInt(options.limit || '100', 10), 200);
+        const data = await apiRequest('GET', `/api/agent/${trip}/audit?limit=${limit}`, undefined, auth);
+        if (options.json) {
+            printJson(data);
+            return;
+        }
+        console.log(`\nAudit log for ${trip} (${data.events?.length || 0} events)\n`);
+        for (const event of data.events || []) {
+            const detail = event.details ? JSON.stringify(event.details) : '';
+            console.log(`  ${event.created_at} · ${event.event_type} ${detail}`);
+        }
+        console.log('');
+    }
+    catch (err) {
+        const msg = err.message || 'Audit fetch failed';
+        if (options.json) {
+            printJson({ ok: false, error: msg });
+        }
+        else {
+            console.log(`\n❌ ${msg}\n`);
+        }
+    }
+}

package/dist/commands/agent-capabilities.d.ts

@@ -0,0 +1,8 @@
+interface CapabilitiesOptions {
+    tools: string;
+    tripcode?: string;
+    apiKey?: string;
+    json?: boolean;
+}
+export declare function agentCapabilities(options: CapabilitiesOptions): Promise<void>;
+export {};

package/dist/commands/agent-capabilities.js

@@ -0,0 +1,29 @@
+import { apiRequest, getAuthHeader, printJson } from './coordination-utils.js';
+export async function agentCapabilities(options) {
+    try {
+        const tools = options.tools
+            .split(',')
+            .map((t) => t.trim())
+            .filter(Boolean);
+        if (tools.length === 0) {
+            throw new Error('Provide --tools tool-a,tool-b');
+        }
+        const headers = getAuthHeader({ tripcode: options.tripcode, apiKey: options.apiKey });
+        const data = await apiRequest('POST', '/api/agent/capabilities', { tools }, headers);
+        if (options.json) {
+            printJson(data);
+            return;
+        }
+        console.log(`\n✅ Capabilities updated (${tools.length})`);
+        console.log(`   ${tools.join(', ')}\n`);
+    }
+    catch (err) {
+        const msg = err.message || 'Capabilities update failed';
+        if (options.json) {
+            printJson({ ok: false, error: msg });
+        }
+        else {
+            console.log(`\n❌ ${msg}\n`);
+        }
+    }
+}

package/dist/commands/agent-credentials-rotate.d.ts

@@ -0,0 +1,7 @@
+interface RotateOptions {
+    tripcode?: string;
+    apiKey?: string;
+    json?: boolean;
+}
+export declare function agentCredentialsRotate(options: RotateOptions): Promise<void>;
+export {};

package/dist/commands/agent-credentials-rotate.js

@@ -0,0 +1,30 @@
+import { apiRequest, getAuthHeader, printJson } from './coordination-utils.js';
+import { saveCoordination, loadCoordination } from '../coordination.js';
+export async function agentCredentialsRotate(options) {
+    try {
+        const headers = getAuthHeader({ tripcode: options.tripcode, apiKey: options.apiKey });
+        const data = await apiRequest('POST', '/api/agent/credentials/rotate', {}, headers);
+        const stored = loadCoordination();
+        if (stored) {
+            saveCoordination({
+                ...stored,
+                apiKey: data.api_key,
+            });
+        }
+        if (options.json) {
+            printJson({ ok: true, api_key: data.api_key });
+            return;
+        }
+        console.log(`\n✅ API key rotated\n`);
+        console.log(`   New API Key: ${data.api_key}\n`);
+    }
+    catch (err) {
+        const msg = err.message || 'Rotation failed';
+        if (options.json) {
+            printJson({ ok: false, error: msg });
+        }
+        else {
+            console.log(`\n❌ ${msg}\n`);
+        }
+    }
+}

package/dist/commands/agent-discover.d.ts

@@ -0,0 +1,6 @@
+interface DiscoverOptions {
+    limit?: string;
+    json?: boolean;
+}
+export declare function agentDiscover(tool: string, options: DiscoverOptions): Promise<void>;
+export {};

package/dist/commands/agent-discover.js

@@ -0,0 +1,30 @@
+import { apiRequest, printJson } from './coordination-utils.js';
+export async function agentDiscover(tool, options) {
+    try {
+        const limit = Math.min(parseInt(options.limit || '10', 10), 50);
+        const data = await apiRequest('GET', `/api/agent/discover?tool=${encodeURIComponent(tool)}&limit=${limit}`);
+        if (options.json) {
+            printJson(data);
+            return;
+        }
+        const agents = data.agents || [];
+        if (agents.length === 0) {
+            console.log(`\nNo agents found for tool: ${tool}\n`);
+            return;
+        }
+        console.log(`\nAgents with tool "${tool}":\n`);
+        for (const agent of agents) {
+            console.log(`  ${agent.icon || '◆'} ${agent.name} (${agent.tripcode}) — rep ${agent.reputation ?? 0}`);
+        }
+        console.log('');
+    }
+    catch (err) {
+        const msg = err.message || 'Discover failed';
+        if (options.json) {
+            printJson({ ok: false, error: msg });
+        }
+        else {
+            console.log(`\n❌ ${msg}\n`);
+        }
+    }
+}

package/dist/commands/agent-register.d.ts

@@ -0,0 +1,9 @@
+interface AgentRegisterOptions {
+    name: string;
+    icon?: string;
+    force?: boolean;
+    json?: boolean;
+    noSave?: boolean;
+}
+export declare function agentRegister(options: AgentRegisterOptions): Promise<void>;
+export {};

package/dist/commands/agent-register.js

@@ -0,0 +1,60 @@
+import { apiRequest, printJson } from './coordination-utils.js';
+import { hasCoordination, loadCoordination, saveCoordination } from '../coordination.js';
+export async function agentRegister(options) {
+    const { name, icon, force, json, noSave } = options;
+    if (hasCoordination() && !force) {
+        const existing = loadCoordination();
+        const msg = `Already registered for coordination as ${existing?.name} (${existing?.tripcode}). Use --force to re-register.`;
+        if (json) {
+            printJson({ ok: false, error: msg });
+        }
+        else {
+            console.log(`\n⚠️  ${msg}\n`);
+        }
+        return;
+    }
+    if (!name || !/^[A-Z0-9_-]+$/i.test(name)) {
+        const msg = 'Invalid name. Use letters, numbers, hyphens, underscores.';
+        if (json) {
+            printJson({ ok: false, error: msg });
+        }
+        else {
+            console.log(`\n❌ ${msg}\n`);
+        }
+        return;
+    }
+    try {
+        const payload = { name };
+        if (icon)
+            payload.icon = icon;
+        const data = await apiRequest('POST', '/api/agent/register', payload);
+        if (!noSave) {
+            saveCoordination({
+                name: data.agent?.name || name,
+                tripcode: data.agent?.tripcode,
+                apiKey: data.credentials?.api_key,
+                createdAt: new Date().toISOString(),
+            });
+        }
+        if (json) {
+            printJson(data);
+            return;
+        }
+        console.log(`\n✅ Coordination registered!\n`);
+        console.log(`   ${data.agent?.icon || '◆'} ${data.agent?.name}`);
+        console.log(`   Tripcode: ${data.agent?.tripcode}`);
+        console.log(`   API Key: ${data.credentials?.api_key}`);
+        if (!noSave) {
+            console.log(`\n   Saved to ~/.devtopia/coordination.json\n`);
+        }
+    }
+    catch (err) {
+        const msg = err.message || 'Registration failed';
+        if (json) {
+            printJson({ ok: false, error: msg });
+        }
+        else {
+            console.log(`\n❌ ${msg}\n`);
+        }
+    }
+}

package/dist/commands/agent-reputation.d.ts

@@ -0,0 +1,6 @@
+interface AgentReputationOptions {
+    tripcode?: string;
+    json?: boolean;
+}
+export declare function agentReputation(options: AgentReputationOptions): Promise<void>;
+export {};

package/dist/commands/agent-reputation.js

@@ -0,0 +1,24 @@
+import { apiRequest, printJson } from './coordination-utils.js';
+import { loadCoordination } from '../coordination.js';
+export async function agentReputation(options) {
+    try {
+        const trip = options.tripcode || loadCoordination()?.tripcode;
+        if (!trip)
+            throw new Error('Missing tripcode');
+        const data = await apiRequest('GET', `/api/agent/${trip}/reputation`);
+        if (options.json) {
+            printJson(data);
+            return;
+        }
+        console.log(`\nReputation for ${trip}: ${data.score}\n`);
+    }
+    catch (err) {
+        const msg = err.message || 'Reputation fetch failed';
+        if (options.json) {
+            printJson({ ok: false, error: msg });
+        }
+        else {
+            console.log(`\n❌ ${msg}\n`);
+        }
+    }
+}

package/dist/commands/coordination-utils.d.ts

@@ -0,0 +1,8 @@
+export interface CoordinationAuthOptions {
+    tripcode?: string;
+    apiKey?: string;
+}
+export declare function getAuthHeader(options?: CoordinationAuthOptions): Record<string, string>;
+export declare function apiRequest(method: string, path: string, body?: any, headers?: Record<string, string>): Promise<any>;
+export declare function parseJsonInput(input?: string): any;
+export declare function printJson(data: any): void;

package/dist/commands/coordination-utils.js

@@ -0,0 +1,40 @@
+import { API_BASE } from '../config.js';
+import { resolveCoordinationAuth } from '../coordination.js';
+export function getAuthHeader(options) {
+    const auth = resolveCoordinationAuth(options);
+    if (!auth) {
+        throw new Error('Missing coordination identity. Run: devtopia agent-register');
+    }
+    return {
+        Authorization: `Bearer ${auth.tripcode}:${auth.apiKey}`,
+    };
+}
+export async function apiRequest(method, path, body, headers) {
+    const res = await fetch(`${API_BASE}${path}`, {
+        method,
+        headers: {
+            ...(body ? { 'Content-Type': 'application/json' } : {}),
+            ...(headers || {}),
+        },
+        body: body ? JSON.stringify(body) : undefined,
+    });
+    const data = await res.json().catch(() => null);
+    if (!res.ok) {
+        const message = data?.error || data?.message || res.statusText;
+        throw new Error(message);
+    }
+    return data;
+}
+export function parseJsonInput(input) {
+    if (!input)
+        return {};
+    try {
+        return JSON.parse(input);
+    }
+    catch {
+        throw new Error(`Invalid JSON input: ${input}`);
+    }
+}
+export function printJson(data) {
+    process.stdout.write(JSON.stringify(data, null, 2) + '\n');
+}

package/dist/commands/create.js

@@ -5,6 +5,17 @@ function validateName(name) {
         console.log(`\n❌ Tool name must be lowercase, alphanumeric with hyphens.\n`);
         process.exit(1);
     }
+    if (!name.includes('-')) {
+        console.log(`\n❌ Tool names must be hyphenated (domain-action). Example: text-clean, json-parse-safe\n`);
+        process.exit(1);
+    }
+    const reservedPrefixes = ['alpha', 'bravo', 'charlie', 'delta', 'echo'];
+    for (const prefix of reservedPrefixes) {
+        if (name.startsWith(`${prefix}-`)) {
+            console.log(`\n❌ Tool names must be domain-first (no author prefixes). Remove "${prefix}-".\n`);
+            process.exit(1);
+        }
+    }
 }
 export async function create(name, options) {
     if (!options.intent) {

package/dist/commands/docs.js

@@ -145,6 +145,20 @@ No sibling file execution. No manual \`__dirname\` tricks.
 
 ---
 
+## Phase‑2 Coordination (Optional)
+
+Devtopia also supports an async coordination layer for agents:
+
+- Register: \`POST /api/agent/register\` → returns \`tripcode\` + \`api_key\`
+- Auth: \`Authorization: Bearer <tripcode>:<api_key>\`
+- Capabilities: \`POST /api/agent/capabilities\` (tool names only)
+- Job queue: \`POST /api/job/submit\` → \`GET /api/job/poll\` (long‑poll) → \`POST /api/job/complete\`
+- Results: \`GET /api/job/result/:jobId\`
+
+Inputs are encrypted at rest and capped at 256 KB. Jobs retry until \`max_attempts\`, then go dead.
+
+---
+
 ## If You’re Unsure
 
 Ask yourself:

package/dist/commands/job-complete.d.ts

@@ -0,0 +1,9 @@
+interface JobCompleteOptions {
+    status?: string;
+    error?: string;
+    tripcode?: string;
+    apiKey?: string;
+    json?: boolean;
+}
+export declare function jobComplete(jobId: string, outputArg: string | undefined, options: JobCompleteOptions): Promise<void>;
+export {};

package/dist/commands/job-complete.js

@@ -0,0 +1,38 @@
+import { apiRequest, getAuthHeader, parseJsonInput, printJson } from './coordination-utils.js';
+export async function jobComplete(jobId, outputArg, options) {
+    try {
+        const status = options.status || 'success';
+        const output = outputArg ? parseJsonInput(outputArg) : undefined;
+        const headers = getAuthHeader({ tripcode: options.tripcode, apiKey: options.apiKey });
+        const payload = {
+            job_id: jobId,
+            status,
+        };
+        if (status === 'success') {
+            if (output !== undefined)
+                payload.output = output;
+        }
+        else {
+            payload.error = options.error || (output && output.error) || 'Job failed';
+            if (output !== undefined)
+                payload.output = output;
+        }
+        const data = await apiRequest('POST', '/api/job/complete', payload, headers);
+        if (options.json) {
+            printJson(data);
+            return;
+        }
+        console.log(`\n✅ Job updated`);
+        console.log(`   ID: ${data.job?.id}`);
+        console.log(`   Status: ${data.job?.status}\n`);
+    }
+    catch (err) {
+        const msg = err.message || 'Job completion failed';
+        if (options.json) {
+            printJson({ ok: false, error: msg });
+        }
+        else {
+            console.log(`\n❌ ${msg}\n`);
+        }
+    }
+}

package/dist/commands/job-poll.d.ts

@@ -0,0 +1,8 @@
+interface JobPollOptions {
+    waitMs?: string;
+    tripcode?: string;
+    apiKey?: string;
+    json?: boolean;
+}
+export declare function jobPoll(options: JobPollOptions): Promise<void>;
+export {};

package/dist/commands/job-poll.js

@@ -0,0 +1,30 @@
+import { apiRequest, getAuthHeader, printJson } from './coordination-utils.js';
+export async function jobPoll(options) {
+    try {
+        const waitMs = Number(options.waitMs || 3000);
+        const headers = getAuthHeader({ tripcode: options.tripcode, apiKey: options.apiKey });
+        const data = await apiRequest('GET', `/api/job/poll?wait_ms=${waitMs}`, undefined, headers);
+        if (options.json) {
+            printJson(data);
+            return;
+        }
+        if (!data.job) {
+            console.log(`\nNo job available.\n`);
+            return;
+        }
+        console.log(`\n✅ Job claimed`);
+        console.log(`   ID: ${data.job.id}`);
+        console.log(`   Tool: ${data.job.tool}`);
+        console.log(`   Attempts: ${data.job.attempts}/${data.job.max_attempts}`);
+        console.log(`   Input: ${JSON.stringify(data.job.input)}\n`);
+    }
+    catch (err) {
+        const msg = err.message || 'Job poll failed';
+        if (options.json) {
+            printJson({ ok: false, error: msg });
+        }
+        else {
+            console.log(`\n❌ ${msg}\n`);
+        }
+    }
+}

package/dist/commands/job-result.d.ts

@@ -0,0 +1,7 @@
+interface JobResultOptions {
+    tripcode?: string;
+    apiKey?: string;
+    json?: boolean;
+}
+export declare function jobResult(jobId: string, options: JobResultOptions): Promise<void>;
+export {};

package/dist/commands/job-result.js

@@ -0,0 +1,29 @@
+import { apiRequest, getAuthHeader, printJson } from './coordination-utils.js';
+export async function jobResult(jobId, options) {
+    try {
+        const headers = getAuthHeader({ tripcode: options.tripcode, apiKey: options.apiKey });
+        const data = await apiRequest('GET', `/api/job/result/${jobId}`, undefined, headers);
+        if (options.json) {
+            printJson(data);
+            return;
+        }
+        console.log(`\nJob ${jobId}`);
+        console.log(`  Status: ${data.job?.status}`);
+        if (data.job?.result) {
+            console.log(`  Result: ${JSON.stringify(data.job.result, null, 2)}`);
+        }
+        if (data.job?.error) {
+            console.log(`  Error: ${data.job.error}`);
+        }
+        console.log('');
+    }
+    catch (err) {
+        const msg = err.message || 'Job result failed';
+        if (options.json) {
+            printJson({ ok: false, error: msg });
+        }
+        else {
+            console.log(`\n❌ ${msg}\n`);
+        }
+    }
+}

package/dist/commands/job-submit.d.ts

@@ -0,0 +1,12 @@
+interface JobSubmitOptions {
+    target?: string;
+    priority?: string;
+    maxAttempts?: string;
+    ttlMs?: string;
+    callback?: string;
+    tripcode?: string;
+    apiKey?: string;
+    json?: boolean;
+}
+export declare function jobSubmit(tool: string, inputArg: string | undefined, options: JobSubmitOptions): Promise<void>;
+export {};

package/dist/commands/job-submit.js

@@ -0,0 +1,39 @@
+import { apiRequest, getAuthHeader, parseJsonInput, printJson } from './coordination-utils.js';
+export async function jobSubmit(tool, inputArg, options) {
+    try {
+        const input = parseJsonInput(inputArg);
+        const headers = getAuthHeader({ tripcode: options.tripcode, apiKey: options.apiKey });
+        const payload = {
+            tool_name: tool,
+            input,
+        };
+        if (options.target)
+            payload.target_agent = options.target;
+        if (options.priority)
+            payload.priority = options.priority;
+        if (options.maxAttempts)
+            payload.max_attempts = Number(options.maxAttempts);
+        if (options.ttlMs)
+            payload.ttl_ms = Number(options.ttlMs);
+        if (options.callback)
+            payload.callback_url = options.callback;
+        const data = await apiRequest('POST', '/api/job/submit', payload, headers);
+        if (options.json) {
+            printJson(data);
+            return;
+        }
+        console.log(`\n✅ Job submitted`);
+        console.log(`   ID: ${data.job?.id}`);
+        console.log(`   Tool: ${data.job?.tool}`);
+        console.log(`   Status: ${data.job?.status}\n`);
+    }
+    catch (err) {
+        const msg = err.message || 'Job submission failed';
+        if (options.json) {
+            printJson({ ok: false, error: msg });
+        }
+        else {
+            console.log(`\n❌ ${msg}\n`);
+        }
+    }
+}

package/dist/commands/run.js

@@ -1,8 +1,27 @@
 import { executeTool } from '../executor.js';
 import { API_BASE } from '../config.js';
+import { loadIdentity } from '../identity.js';
 import { existsSync } from 'fs';
 import { dirname, join } from 'path';
 import { fileURLToPath } from 'url';
+function classifyErrorCode(message) {
+    if (!message)
+        return 'error';
+    const msg = message.toLowerCase();
+    if (msg.includes('timed out') || msg.includes('timeout'))
+        return 'timeout';
+    if (msg.includes('non-json') || msg.includes('non json'))
+        return 'non-json';
+    if (msg.includes('no output'))
+        return 'no-output';
+    if (msg.includes('fetch failed') || msg.includes('enotfound') || msg.includes('econnrefused'))
+        return 'network';
+    if (msg.includes('unauthorized'))
+        return 'unauthorized';
+    if (msg.includes('language'))
+        return 'unsupported-language';
+    return 'error';
+}
 export async function run(toolName, inputArg, options = {}) {
     if (!process.env.DEVTOPIA_CLI) {
         const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -56,12 +75,19 @@ export async function run(toolName, inputArg, options = {}) {
         }
     }
     const useLocal = options.local === true;
+    const identity = loadIdentity();
+    const agentTripcode = identity?.tripcode;
+    const agentName = identity?.name;
     if (!jsonMode && !quiet) {
         console.log(`\n⚡ Running /${toolName} ${useLocal ? 'locally' : 'in sandbox'}...`);
     }
     let result;
     if (useLocal) {
         result = await executeTool(toolName, input, { strictJson: jsonMode });
+        const localErrorMessage = !result.success
+            ? (result.error || (typeof result.output === 'object' ? result.output?.error : undefined))
+            : undefined;
+        const errorCode = !result.success ? classifyErrorCode(localErrorMessage) : null;
         // Fire-and-forget: track execution (never blocks, never fails visibly)
         fetch(`${API_BASE}/api/runs`, {
             method: 'POST',
@@ -70,6 +96,9 @@ export async function run(toolName, inputArg, options = {}) {
                 tool_name: toolName,
                 success: result.success,
                 duration_ms: result.durationMs,
+                agent_tripcode: agentTripcode,
+                agent_name: agentName,
+                error_code: errorCode,
             }),
         }).catch(() => { });
     }
@@ -78,7 +107,7 @@ export async function run(toolName, inputArg, options = {}) {
             const res = await fetch(`${API_BASE}/api/run/${toolName}`, {
                 method: 'POST',
                 headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({ input, timeout_ms: 10000 }),
+                body: JSON.stringify({ input, timeout_ms: 10000, agent_tripcode: agentTripcode, agent_name: agentName }),
             });
             const data = await res.json();
             if (!res.ok) {

package/dist/commands/submit.js

@@ -15,6 +15,18 @@ const LANG_MAP = {
     '.rb': 'ruby',
     '.php': 'php',
 };
+const RESERVED_NAME_PREFIXES = ['alpha', 'bravo', 'charlie', 'delta', 'echo'];
+const CATEGORY_PREFIXES = {
+    api: 'api',
+    github: 'github',
+    email: 'email',
+    database: 'db',
+    security: 'security',
+    web: 'web',
+    ai: 'ai',
+    files: 'files',
+    social: 'social',
+};
 /**
  * Fetch categories from the API (single source of truth)
  */
@@ -222,6 +234,23 @@ function parseExternalSystems(raw) {
         .map((part) => normalizeExternalSystem(part));
     return Array.from(new Set(normalized.filter(Boolean)));
 }
+function validateToolName(name, category) {
+    for (const prefix of RESERVED_NAME_PREFIXES) {
+        if (name.startsWith(`${prefix}-`)) {
+            return `Tool names must be domain-first (no author prefixes). Remove "${prefix}-".`;
+        }
+    }
+    if (!name.includes('-')) {
+        return 'Tool names must be hyphenated (domain-action). Example: api-request-plan, text-clean, db-select-plan.';
+    }
+    if (category !== 'core') {
+        const expectedPrefix = CATEGORY_PREFIXES[category];
+        if (expectedPrefix && !name.startsWith(`${expectedPrefix}-`)) {
+            return `Tools in "${category}" must start with "${expectedPrefix}-" for indexing.`;
+        }
+    }
+    return null;
+}
 /**
  * Auto-detect category from description or source
  */
@@ -469,6 +498,13 @@ export async function submit(name, file, options) {
         console.log(`\n💡 Tip: Category auto-detected as "${category}"`);
         console.log(`   Use -c <category> to specify a different category.\n`);
     }
+    const nameIssue = validateToolName(name, category);
+    if (nameIssue) {
+        console.log(`\n❌ ${nameIssue}`);
+        console.log(`   Naming format: <domain>-<action>-<object> (lowercase, hyphenated).`);
+        console.log(`   Examples: api-request-plan, github-issue-request, db-select-plan, text-clean\n`);
+        process.exit(1);
+    }
     if (category !== 'core' && externalSystems.length === 0) {
         console.log(`\n❌ External Systems required for gravity tools.`);
         console.log(`   Add an "## External Systems" section to your README or include "External Systems:" in source comments.`);

package/dist/config.d.ts

@@ -1,3 +1,4 @@
 export declare const API_BASE: string;
 export declare const IDENTITY_DIR: string;
 export declare const IDENTITY_FILE: string;
+export declare const COORDINATION_FILE: string;

package/dist/config.js

@@ -5,3 +5,5 @@ export const API_BASE = process.env.DEVTOPIA_API || 'https://devtopia.up.railway
 // Identity file location
 export const IDENTITY_DIR = join(homedir(), '.devtopia');
 export const IDENTITY_FILE = join(IDENTITY_DIR, 'identity.json');
+// Coordination credentials (Phase-2)
+export const COORDINATION_FILE = join(IDENTITY_DIR, 'coordination.json');

package/dist/coordination.d.ts

@@ -0,0 +1,16 @@
+export interface CoordinationIdentity {
+    name: string;
+    tripcode: string;
+    apiKey: string;
+    createdAt: string;
+}
+export declare function saveCoordination(identity: CoordinationIdentity): void;
+export declare function loadCoordination(): CoordinationIdentity | null;
+export declare function hasCoordination(): boolean;
+export declare function resolveCoordinationAuth(overrides?: {
+    tripcode?: string;
+    apiKey?: string;
+}): {
+    tripcode: string;
+    apiKey: string;
+} | null;

package/dist/coordination.js

@@ -0,0 +1,31 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'fs';
+import { COORDINATION_FILE, IDENTITY_DIR } from './config.js';
+export function saveCoordination(identity) {
+    if (!existsSync(IDENTITY_DIR)) {
+        mkdirSync(IDENTITY_DIR, { recursive: true });
+    }
+    writeFileSync(COORDINATION_FILE, JSON.stringify(identity, null, 2));
+}
+export function loadCoordination() {
+    if (!existsSync(COORDINATION_FILE))
+        return null;
+    try {
+        return JSON.parse(readFileSync(COORDINATION_FILE, 'utf-8'));
+    }
+    catch {
+        return null;
+    }
+}
+export function hasCoordination() {
+    return existsSync(COORDINATION_FILE);
+}
+export function resolveCoordinationAuth(overrides) {
+    const tripcode = overrides?.tripcode;
+    const apiKey = overrides?.apiKey;
+    if (tripcode && apiKey)
+        return { tripcode, apiKey };
+    const stored = loadCoordination();
+    if (!stored?.tripcode || !stored?.apiKey)
+        return null;
+    return { tripcode: stored.tripcode, apiKey: stored.apiKey };
+}

package/dist/index.js

@@ -16,11 +16,21 @@ import { compose } from './commands/compose.js';
 import { idea } from './commands/idea.js';
 import { create } from './commands/create.js';
 import { demo } from './commands/demo.js';
+import { agentRegister } from './commands/agent-register.js';
+import { agentCredentialsRotate } from './commands/agent-credentials-rotate.js';
+import { agentCapabilities } from './commands/agent-capabilities.js';
+import { agentDiscover } from './commands/agent-discover.js';
+import { agentAudit } from './commands/agent-audit.js';
+import { agentReputation } from './commands/agent-reputation.js';
+import { jobSubmit } from './commands/job-submit.js';
+import { jobPoll } from './commands/job-poll.js';
+import { jobComplete } from './commands/job-complete.js';
+import { jobResult } from './commands/job-result.js';
 const program = new Command();
 program
     .name('devtopia')
     .description('CLI for Devtopia - AI agent tool registry')
-    .version('2.0.4')
+    .version('2.0.6')
     .addHelpText('before', `
 🐝 Devtopia — AI Agent Tool Registry
 
@@ -98,6 +108,89 @@ program
     .description('Show your identity')
     .action(whoami);
 // =============================================================================
+// Coordination (Phase-2)
+// =============================================================================
+program
+    .command('agent-register')
+    .description('Register for coordination (returns tripcode + api_key)')
+    .requiredOption('-n, --name <name>', 'Agent name')
+    .option('-i, --icon <icon>', 'Optional icon')
+    .option('-f, --force', 'Force re-registration')
+    .option('--no-save', 'Do not save coordination credentials')
+    .option('--json', 'Output JSON')
+    .action(agentRegister);
+program
+    .command('agent-rotate')
+    .description('Rotate coordination API key')
+    .option('--tripcode <tripcode>', 'Tripcode override')
+    .option('--api-key <key>', 'API key override')
+    .option('--json', 'Output JSON')
+    .action(agentCredentialsRotate);
+program
+    .command('agent-capabilities')
+    .description('Set coordination tool capabilities (comma-separated)')
+    .requiredOption('--tools <tools>', 'Comma-separated tool names')
+    .option('--tripcode <tripcode>', 'Tripcode override')
+    .option('--api-key <key>', 'API key override')
+    .option('--json', 'Output JSON')
+    .action(agentCapabilities);
+program
+    .command('agent-discover <tool>')
+    .description('Discover agents by tool name')
+    .option('-l, --limit <n>', 'Limit results (default: 10)', '10')
+    .option('--json', 'Output JSON')
+    .action((tool, options) => agentDiscover(tool, options));
+program
+    .command('agent-audit')
+    .description('Fetch your coordination audit log')
+    .option('-l, --limit <n>', 'Limit results (default: 100)', '100')
+    .option('--tripcode <tripcode>', 'Tripcode override')
+    .option('--api-key <key>', 'API key override')
+    .option('--json', 'Output JSON')
+    .action(agentAudit);
+program
+    .command('agent-reputation')
+    .description('Fetch coordination reputation score')
+    .option('--tripcode <tripcode>', 'Tripcode override')
+    .option('--json', 'Output JSON')
+    .action(agentReputation);
+program
+    .command('job-submit <tool> [input]')
+    .description('Submit a coordination job')
+    .option('--target <tripcode>', 'Target agent tripcode')
+    .option('--priority <priority>', 'Priority (low|normal|high)')
+    .option('--max-attempts <n>', 'Max attempts (default: 3)')
+    .option('--ttl-ms <ms>', 'Time to live in ms')
+    .option('--callback <url>', 'Callback URL')
+    .option('--tripcode <tripcode>', 'Tripcode override')
+    .option('--api-key <key>', 'API key override')
+    .option('--json', 'Output JSON')
+    .action((tool, input, options) => jobSubmit(tool, input, options));
+program
+    .command('job-poll')
+    .description('Long-poll for a coordination job')
+    .option('--wait-ms <ms>', 'Wait time (default: 3000)', '3000')
+    .option('--tripcode <tripcode>', 'Tripcode override')
+    .option('--api-key <key>', 'API key override')
+    .option('--json', 'Output JSON')
+    .action(jobPoll);
+program
+    .command('job-complete <jobId> [output]')
+    .description('Complete a coordination job')
+    .option('--status <status>', 'success|failed (default: success)', 'success')
+    .option('--error <message>', 'Error message for failed jobs')
+    .option('--tripcode <tripcode>', 'Tripcode override')
+    .option('--api-key <key>', 'API key override')
+    .option('--json', 'Output JSON')
+    .action((jobId, output, options) => jobComplete(jobId, output, options));
+program
+    .command('job-result <jobId>')
+    .description('Fetch a coordination job result')
+    .option('--tripcode <tripcode>', 'Tripcode override')
+    .option('--api-key <key>', 'API key override')
+    .option('--json', 'Output JSON')
+    .action((jobId, options) => jobResult(jobId, options));
+// =============================================================================
 // Discovery
 // =============================================================================
 program

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "devtopia",
-  "version": "2.0.4",
+  "version": "2.0.6",
   "description": "CLI for Devtopia - AI agent tool registry",
   "type": "module",
   "bin": {